Re: [Samba] locking limit errors with Peachtree

2005-02-18 Thread Andrew Gaffney
Jeremy Allison wrote:
On Thu, Feb 17, 2005 at 03:40:26PM -0600, Andrew Gaffney wrote:
In the samba domain I admin, one of the computers runs the Peachtree 
accounting software. Today, McAfee antivirus was installed on that box (not 
my doing) and now Peachtree keeps giving Locking table limit reached 
errors. Is this an error from samba, Windows, or Peachtree? Is there a 
limit to the number of file locks samba can grant at one time?
What version of Samba, what server OS platform. A little more info
would help.
Samba 3.0.7 running on Linux with a 2.4 kernel. Samba is acting as a PDC for a 
NT-style domain (non-AD). smb.conf for that share is:

[skylinef]
path = /share/skylinef
valid users = @accounting,rgetter
read only = No
create mask = 0777
directory mask = 0777
Nothing in the global section is relevant (all domain related). The Windows box 
is running XP Pro SP2.

--
Andrew Gaffney
Network Administrator
Skyline Aeronautics, LLC.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] locking limit errors with Peachtree

2005-02-17 Thread Andrew Gaffney
In the samba domain I admin, one of the computers runs the Peachtree accounting 
software. Today, McAfee antivirus was installed on that box (not my doing) and 
now Peachtree keeps giving Locking table limit reached errors. Is this an 
error from samba, Windows, or Peachtree? Is there a limit to the number of file 
locks samba can grant at one time?

--
Andrew Gaffney
Network Administrator
Skyline Aeronautics, LLC.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] domain authentication from a samba server in a samba domain

2004-12-24 Thread Andrew Gaffney
I have a box running 3.0.7 that is running my domain. I added another samba 
server at another location to host a few shares for that building. I 
successfully joined the second machine to the domain and set the 'password 
server' option correctly.

In order to get the second machine to give me anything other than 
NT_STATUS_LOGIN_FAILURE, I have to create a dummy UNIX account for the domain 
user and 'smbpasswd -a' it. After this, it will use domain authentication 
correctly for that user only. I know it is doing domain auth because I set the 
password with 'smbpasswd -a' to something different than the domain password. 
The domain password works and the local one doesn't.

While this is a workaround, I don't want to have to add dummy UNIX accounts on 
the 2nd machine for every domain user that should have access to this particular 
share. How can I set this up so I don't have to do that? I don't really care 
about the permissions on the share (multiple domain users accessing as the same 
UNIX user is okay).

--
Andrew Gaffney
Gentoo Linux Developer
Installer Project
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] forcing filenames to lowercase

2004-12-14 Thread Andrew Gaffney
As a...courtesy...to my boss, I make our web server's htdocs directory available 
to him via a samba share in our domain. As much as I tell him otherwise, he 
continues to create files with spaces in the name (that's another issue) and 
files that are similar to Some Random Pic.JPG and it annoys the hell out of 
me. What I want to do is force the filenames to lowercase on the Samba side. 
This server runs multiple shares (most of the others contain Word, Excel, 
Access, etc. files that I don't care about the naming of), so I'd like to 
restrict it to just this one share. How can I do this? BTW, this is samba 3.0.7.

--
Andrew Gaffney
Gentoo Linux Developer
Installer Project
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] using samba through a VPN

2004-12-02 Thread Andrew Gaffney
Adam Tauno Williams wrote:
The thing to use is a DHCP server that also provides clients with the IP 
address of the PDC through the netbios-name-servers option in the ISC 
DHCP server.
Yep,  whether this is DHCP or not depends on your VPN technology of choise, 
but
you need to get that information (WINS server) down to the client.  Also best
to set the clients node type to be WINS only and not use broadcast, but that is
always true.
How do I do tell the workstations not to broadcast?
--
Andrew Gaffney
Gentoo Linux Developer
Installer Project
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] using samba through a VPN

2004-12-01 Thread Andrew Gaffney
I already have an existing network that is managed by a samba PDC. In the next 
few days, I will be linking another small LAN to the existing one over the 
internet using openvpn. I've been told that samba (through no fault of its own) 
doesn't work very well through a VPN.

For the new network, there will be a box with 2 NICs: one for the internet and 
one for the LAN. This box will use openvpn and iptables to allow the entire LAN 
direct access to the PDC (which provides other services also) through the VPN 
tunnel.

I want the workstations in the new network to be able to logon to the domain and 
access the file shares hosted by the samba PDC in the first network. Will I be 
able to do this? Easily? :)

--
Andrew Gaffney
Gentoo Linux Developer
Installer Project
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] using samba through a VPN

2004-12-01 Thread Andrew Gaffney
Shawn Henderson wrote:
I am running a similiar setup. I have a main office running a T1 with a 
linux firewall and a samba pdc/dhcp server behind it. On my satelite 
office Im running a dsl connection with a dlink router with a samba 
pdc/firewall/dhcp server behind it. (I never trust those little dsl 
routers). I am using openvpn for this. I set the main pdc accross the T1 
as a wins server and point the satelite office to it.. I am able to 
browse both networks and share files with no problem.  The usernames and 
passwords are the same with both servers and I can use cygwin and ultra 
vnc to remotely manage by computer name .

I would worry about speed if you gonna authenticate across the vpn. 
Especially if you plan on using roaming profiles..
This is generally the same answer I've been getting. I'm glad to know that the 
person I originally talked to (before posting) was wrong :) Thanks to everyone 
who responsed on- and off-list.

--
Andrew Gaffney
Gentoo Linux Developer
Installer Project
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] machine accounts not found with 3.0.8

2004-11-12 Thread Andrew Gaffney
Last night, I upgraded from 3.0.7 to 3.0.8. This morning, I got the call that 
most (not all) of the machine couldn't logon to the domain. This was in the logs 
for those workstations that couldn't login:

[2004/11/12 07:04:02, 0, pid=3088, effective(65534, 65534), real(65534, 0)] 
rpc_server/srv_netlog_nt.c:get_md4pw(244)
  get_md4pw: Workstation SKYLINE-MIKEG$: no account in domain

I stopped smbd, downgraded to 3.0.7, and started it back up, and all of the 
workstations were immediately able to log back in. There were no changes to my 
secrets.tdb, smbpasswd, /etc/passwd, or /etc/shadow. Does anyone have any idea 
why this happened?

--
Andrew Gaffney
Network Administrator
Skyline Aeronautics, LLC.
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Printer name changed in samba 3.0.7

2004-10-05 Thread Andrew Gaffney
Cavanaugh, Mike F wrote:
We have a strange problem when using samba 3.0.7 where a printer's name
is changed to the name of the printer driver. We use samba to share out
printers from a fedora core 1 system. On a windows client they initially
show up accurately. When adding the windows driver from a windows client
for a new shared printer the driver files get transferred just fine.
However, the printer name in the Printer and Faxes folder suddenly gets
changed to the name of the printer driver just uploaded after clicking
the final OK in the windows dialog box. The name can be changed back to
its original name and the printer works fine and the properties can be
set. This did not happen in previous versions of samba. Would anyone
know the cause of this?
This isn't just a 3.0.7 thing. I noticed the same thing last night with 3.0.6 
when adding print drivers to the samba PDC from an XP box.

--
Andrew Gaffney
Network Administrator
Skyline Aeronautics, LLC.
636-357-1548
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] printer giving Access Denied

2004-10-04 Thread Andrew Gaffney
I have 2 printer queues setup on my samba 3.0.6 NT4-style PDC. About a month 
ago, one of them stopped working due to an issue with CUPS. After restarting 
CUPS, printing to that share was giving Access Denied. From a windows box, I was 
able to add drivers and set default print settings as a domain administrator but 
I still couldn't print. I created a new printer share pointing at the same CUPS 
printer with the same configuration and the new one worked.

In my smb.conf snippet below, the non-working printer share had the same 
settings as 'jetdirect' but with the printer of 'minimike'. 'jetdirect' has 
never given me a problem and 'minimike' worked from the moment I created the 
share. The current 'minimike' settings are scaled down from what it was when I 
first created it. Can anyone think of a reason why this would happen?

[jetdirect]
printer = jetdirect
comment = Hallway printer
printable = yes
writeable = yes
public = yes
printer admin = @domainadmins
guest ok = yes
[minimike]
printer = hp4200
printable = yes
read only = no
printer admin = @domainadmins
--
Andrew Gaffney
Network Administrator
Skyline Aeronautics, LLC.
636-357-1548
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Avoiding the desktop.ini notepad popup on startup, and other hidden files.

2004-09-23 Thread Andrew Gaffney
Samuel Partida wrote:
Hi there, we had some problems with that issue, i know it is covered and i 
solved it with veto file = /*ktop.ini/ etc...

But now i'm thinking about it again, it's because Windows XP saves  some 
metainformation in some hidden files, one of them is desktop.ini, which is 
very annoying because notepad is opened on every user session, but, there is 
another file, thumbs.db, it becomes visible on remote shares and roaming 
profiles.
The following line is from one of the emails from the thread the other day 
regarding this. I don't recall anyone saying to use 'veto file'.

hide files = /desktop.ini/ntuser.ini/NTUSER.*/
--
Andrew Gaffney
Network Administrator
Skyline Aeronautics, LLC.
636-357-1548
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] (no subject)

2004-07-28 Thread Andrew Gaffney
Proteus (Anton) wrote:
How long am I still going to wait to be unsubscribed?
I've been trying for at least 3 months now!
If, as I suspect your server is running on Linux, I start getting a bad feeling about 
either the OS or your professionalism
Did you follow the directions at the bottom of every email posted to this list? 
Go to http://lists.samba.org/mailman/listinfo/samba, enter your subscribed 
email address in the text box at the bottom of the page and hit the button. 
Click the 'Unsubscribe' button on the next page. Reply to the email that is sent 
to you.

--
Andrew Gaffney
Network Administrator
Skyline Aeronautics, LLC.
636-357-1548
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] best settings for share with databases

2004-07-09 Thread Andrew Gaffney
I have a Slackware box set up with Samba 2.2.4. One of the shares holds a bunch 
of .DAT database (I don't know what kind) files that are used by multiple users 
at once with the PCLaw application, and we've been experiencing some minor 
corruption. What are the ideal settings for a share with databases like this? 
Also, if a newer version handles this kind of thing better, I have no problem 
with upgrading to a 3.0.x version. Thanks for any help.

--
Andrew Gaffney
Network Administrator
Skyline Aeronautics, LLC.
636-357-1548
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] XP Pro is fast and XP Home is slow

2004-07-09 Thread Andrew Gaffney
I run a small network with 3 computers: 2 XP Home, 1 XP Pro. All 3 run a program 
called PCLaw that access a bunch of different databases on a Slackware server 
running Samba. I was running Samba 2.2.4 earlier I just upgraded to 3.0.4. Even 
with the upgrade, the XP Pro machine is nice and fast when accessing and 
manipulating the databases. Both of the XP Home machines are very, very slow. 
They are all on a 100base-T network hooked to the same router. They are all 
running the same version of the PCLaw application. Can anyone think of any ideas 
why the Pro box would be speedy and the Home boxes not? One of the XP Home boxes 
has a 2.4GHz P4 processor, so that is not the problem.

--
Andrew Gaffney
Network Administrator
Skyline Aeronautics, LLC.
636-357-1548
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] iptables and samba

2004-05-27 Thread Andrew Gaffney
azeem ahmad wrote:
hi
i m using the script below
- 

iptables -F
iptables -t nat -F
iptables -P INPUT DROP
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 22   -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 53   -j ACCEPT
iptables -A INPUT -i eth0 -p udp --dport 53   -j ACCEPT
iptables -A INPUT -i eth0 -p udp --dport 137  -j ACCEPT
iptables -A INPUT -i eth0 -p udp --dport 138  -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 139  -j ACCEPT
- 

i have two shares on samba server Soft and linux in these shares there 
are many folders. whenever i run the above script and then i open the 
share it takes atleast 4  minutes to open the share. but it doesnt take 
time while browsing inside share.
mean there is a folder on soft share like soft/adobe/acrobat/acrobat6
when i double click on soft it takes atleast 4 minutes but after that 
when i click on adobe then acrobat then acrobat6 it takes now time it 
just browse them normally. same problem is with the other share named 
linux.
but if i dont run this script then all shares work fine with no delay
this problem only occures first time. mean when i browse the share next 
time it doesnt occur
This is a complete shot in the dark. Windows 2000 (probably) and XP (definately) 
will look for a SMB server on port 445 first by default. Since you have '-j 
DROP', the requests to 445 don't get a response. It takes a little bit to 
timeout and then Windows probably tries to connect again. I bet if you add the 
following iptables rule, the problem will go away:

iptables -A INPUT -i eth0 -p all --dport 445 -j REJECT
--
Andrew Gaffney
Network Administrator
Skyline Aeronautics, LLC.
636-357-1548
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] iptables and samba

2004-05-27 Thread Andrew Gaffney
Tom Skeren wrote:
Andrew Gaffney wrote:
azeem ahmad wrote:
hi
i m using the script below
- 

iptables -F
iptables -t nat -F
iptables -P INPUT DROP
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 22   -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 53   -j ACCEPT
iptables -A INPUT -i eth0 -p udp --dport 53   -j ACCEPT
iptables -A INPUT -i eth0 -p udp --dport 137  -j ACCEPT
iptables -A INPUT -i eth0 -p udp --dport 138  -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 139  -j ACCEPT
- 

i have two shares on samba server Soft and linux in these shares 
there are many folders. whenever i run the above script and then i 
open the share it takes atleast 4  minutes to open the share. but it 
doesnt take time while browsing inside share.
mean there is a folder on soft share like soft/adobe/acrobat/acrobat6
when i double click on soft it takes atleast 4 minutes but after that 
when i click on adobe then acrobat then acrobat6 it takes now time it 
just browse them normally. same problem is with the other share named 
linux.
but if i dont run this script then all shares work fine with no delay
this problem only occures first time. mean when i browse the share 
next time it doesnt occur

This is a complete shot in the dark. Windows 2000 (probably) and XP 
(definately) will look for a SMB server on port 445 first by default. 
Since you have '-j DROP', the requests to 445 don't get a response. It 
takes a little bit to timeout and then Windows probably tries to 
connect again. I bet if you add the following iptables rule, the 
problem will go away:

iptables -A INPUT -i eth0 -p all --dport 445 -j REJECT
If you have Samba 3.x it will share on port 445.
Okay, so you can change that REJECT to ACCEPT.
--
Andrew Gaffney
Network Administrator
Skyline Aeronautics, LLC.
636-357-1548
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Wan shares

2004-05-13 Thread Andrew Gaffney
tms3 wrote:
Here's a puzzler.

I know that in winblowz you can map network drive \\ip addy\share, 
however you cannot do this with smbfs.
Yes you can. Try smbmount '\\netbios name\share' /mnt/point -o ip=IPADDR. 
This will contact the server via IP and then verify that that machine is 
'netbios name'.

OK so I create a local DNS record such that server resolves to this ip 
addy.  Winblowz will mount that way, but smbfs won't.  Oh yeah, this 
share is located at an IP addy at a sattelite office over the internet.  
Is this simply not doable?


--
Andrew Gaffney
Network Administrator
Skyline Aeronautics, LLC.
636-357-1548
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] how to get logon.bat run with Administrator rights in domain logons?

2004-04-02 Thread Andrew Gaffney
Urs Rau wrote:
On win XP Pro workstations it would be so convenient if the domain logon 
script which is stored on the samba pdc could be made to run with 
Administrative (or System) privileges.

I know that I can interactively run another security context by choosing 
run as user but how could I achieve this non-interactively and domain 
wide whilst a limited account is loggin in?
I asked this same question on this list a while back. There is no way to interactively run 
a script as a higher user, otherwise virus writers could take advantage of this (as 
opposed to them currently taking advantage of stupid users and MS's stupid policy of 
making users Administrators by default). The logon.bat runs as the currently logged on user.

--
Andrew Gaffney
Network Administrator
Skyline Aeronautics, LLC.
636-357-1548
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] [OT] Fyodor terminates SCO nmap rights -- how about Samba?

2004-02-27 Thread Andrew Gaffney
Michael Brown wrote:
As you all may know Fyodor of nmap fame has terminated SCO's
rights to distribute namp with its products.  See:
http://www.smh.com.au/articles/2004/02/27/1077676955381.html
Fyodor, whose Nmap (network mapper) security scanner is extremely popular among geeks and 
even featured in the latest film of the Matrix series

Where in Matrix: Revolutions in nmap used? I'm going to have to watch that movie a little 
closer.

--
Andrew Gaffney
Network Administrator
Skyline Aeronautics, LLC.
636-357-1548
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] prevent smbclient from trying 445?

2004-02-20 Thread Andrew Gaffney
David Wuertele wrote:
When I use smbclient to access an IOMEGA NAS server, smbclient tries
to access port 445 for a full five minutes before timing out:
  [2004/02/20 17:48:24, 10] lib/gencache.c:gencache_get(262)
Returning valid cache entry: key = NBT/NAS_120_1#20, value = 192.168.123.161:0, 
timeout = Fri Feb 20 17:53:22 2004
  [2004/02/20 17:48:24, 5] libsmb/namecache.c:namecache_fetch(201)
name nas_120_1#20 found.
  [2004/02/20 17:48:24, 3] lib/util_sock.c:open_socket_out(698)
Connecting to 192.168.123.161 at port 445
  [2004/02/20 17:51:38, 2] lib/util_sock.c:open_socket_out(733)
error connecting to 192.168.123.161:445 (Connection timed out)
Next, smbclient goes on to contact it on port 139, and all works great
right away.
Can I direct smbclient to not use 445?  Anyone have an idea why
smbclient is getting stuck in this tar pit for five minutes?
From 'man smbclient':

 -p port
This  number  is  the TCP port number that will be used when making 
connections to
the server. The standard (well-known) TCP port number for an SMB/CIFS server is
139, which is the default.
--
Andrew Gaffney
Network Administrator
Skyline Aeronautics, LLC.
636-357-1548
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Pop-up messages to domain members?

2004-02-12 Thread Andrew Gaffney
I wrote a small script for doing this very thing and posted it here about a month or two back:

#!/usr/bin/perl

my $msg = shift;
open PIPE, smbstatus |;
foreach $line (PIPE) {
  if($line =~ /\d+\s+(\S+)\s+\S+\s+(\S+)\s+\((.+)\)/) {
system echo '$msg' | smbclient -M $2 -I $3;
  }
}
Michael Brown wrote:
I don't believe you can send a message to a whole domain using smbclient (please someone correct me if I'm wrong), I think you will have to do it one at a time, or write a script:

$ smbclient -M host 
then will prompt for message

Hope this helps.

Michael Brown

On Thu, 12 Feb 2004 15:07:19 +0100
Anders Norrbring [EMAIL PROTECTED] wrote:

Is it possible to send a pop-up message to all connected Windows stations in a
whole domain via one command, or is it necessary to send one message per
command to each station?  It must be a command line utility since X isn't
running on the server.
Anders Norrbring

--
Andrew Gaffney
Network Administrator
Skyline Aeronautics, LLC.
636-357-1548
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Borwser Problem with VMWare on linux host

2004-02-04 Thread Andrew Gaffney
Nouqrat wrote:
Hi 

I use VMWare on linux host (windows 2000 as guest operating system)
and i have some problems to visit the google-site .
can any1 help me 
First of all, this doesn't have *anything* to do with Samba, so it shouldn't have been 
posted to this list. Second, is google.com the only site you have trouble getting to?

--
Andrew Gaffney
Network Administrator
Skyline Aeronautics, LLC.
636-357-1548
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Accessing files with different permissions.

2004-01-28 Thread Andrew Gaffney
Alex wrote:
If a folder has no read or write permissiions for group or other can it 
be accessed by changing the settings in smb.conf?
I am getting access is denied?
Even though Samba runs as root, it still obeys file permissions. You have to modify the 
permissions on the *NIX side before you can access it on the Windows side.

--
Andrew Gaffney
System Administrator
Skyline Aeronautics, LLC.
776 North Bell Avenue
Chesterfield, MO 63005
636-357-1548
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] WARNING. You tried to send a potential virus or unauthorised code

2004-01-27 Thread Andrew Gaffney
Joe Cipale wrote:
TIZIE, Francois wrote:

I guess this email is sent to any subscriber.
As far as I am concerned, I have never sent anything, because until today I did not 
have any time to send responses or requests for help, etc.
Please do consider the content of your email which can sometimes be ambiguous.


Regards

Fran├žois T.
SAP GLOBAL IT FRANCE
SAP Internal IT Support
T   +33 1 55 30 23 57 (internal 2357)
M   +33 6 03 53 03 95 (internal 62357)
F   +33 1 55 30 20 33
mailto:[EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: mardi 27 janvier 2004 12:40
To: [EMAIL PROTECTED]
Subject: [Samba] WARNING. You tried to send a potential virus or unauthorised code
The Star Internet anti-virus service, powered by MessageLabs,
discovered a possible virus or unauthorised code (such as a joke
program or trojan) in an email sent by you.
My guess is that someone in the group is using a winblows machine (i.e.
Outhouse Express) mail client. They have now become infected. The virus
is accessing the address book and sending out spew-o-grams on a routine
basis.
If you look at the McAfee website, this virus that is making the rounds
has the potential to create a 'backdoor' for hackers.
Yeah, but this is one of those viruses that could be *good* to get. Note the part about 
the DOS attack on sco.com

http://vil.nai.com/vil/content/v_100983.htm

--
Andrew Gaffney
System Administrator
Skyline Aeronautics, LLC.
776 North Bell Avenue
Chesterfield, MO 63005
636-357-1548
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] weird NT error codes

2004-01-23 Thread Andrew Gaffney
Andrew Bartlett wrote:
On Thu, 2004-01-22 at 16:28, Andrew Gaffney wrote:

This isn't necessarily a samba problem, but its happening on my domain with a Samba PDC.


Which version?  3.0.1?

Thy 3.0.0 or 3.0.2 (in rc at the moment) as there were some issues that
apparently causes these kind of errors in 3.0.1.
It is 3.0.1 as a matter of fact. I'll try upgrading or downgrading to see if that resolves 
the problem. Would this also cause the problem when trying to view shares from another 
domain member that is a Windows box?

--
Andrew Gaffney
System Administrator
Skyline Aeronautics, LLC.
776 North Bell Avenue
Chesterfield, MO 63005
636-357-1548
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] weird NT error codes

2004-01-23 Thread Andrew Gaffney
Andrew Gaffney wrote:
Andrew Bartlett wrote:

On Thu, 2004-01-22 at 16:28, Andrew Gaffney wrote:

This isn't necessarily a samba problem, but its happening on my 
domain with a Samba PDC.


Which version?  3.0.1?

Thy 3.0.0 or 3.0.2 (in rc at the moment) as there were some issues that
apparently causes these kind of errors in 3.0.1.
It is 3.0.1 as a matter of fact. I'll try upgrading or downgrading to 
see if that resolves the problem. Would this also cause the problem when 
trying to view shares from another domain member that is a Windows box?
Apparently that would since downgrading to 3.0.0 fixed my problem. Just curious, what 
caused this bug?

--
Andrew Gaffney
System Administrator
Skyline Aeronautics, LLC.
776 North Bell Avenue
Chesterfield, MO 63005
636-357-1548
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] weird NT error codes

2004-01-21 Thread Andrew Gaffney
This isn't necessarily a samba problem, but its happening on my domain with a Samba PDC. I 
have 2 computers running XP Pro that I can only connect to intermittently. All 3 of these 
machines are joined to the domain and can access domain resources when logged in as a 
domain user through the Samba PDC. SHIPPING1 always seems to work. SHOP1 and SHOP2 are the 
ones that allow intermittent access. Each box always gives the same error codes. I can't 
access the shares on either of them from another Windows box either when its acting up. 
Also, both SHOP1 (not working) and SHIPPING1 (working) had a fresh install of Windows XP 
with all the same software and network/domain settings on the same day. Below, the user 
I'm using is 'root' which is in the 'Domain Admins' group, although the results are the 
same with any user. I have google'd on those error codes and turned up nothing. Simple 
file sharing is enabled on all 3 machines, also. Can anyone give me any hints?

skyline root # smbclient -L shop1
Password:
session setup failed: NT code 0x8feb6e2d
skyline root # smbclient -L shop2
Password:
session setup failed: NT code 0xd057d1fc
skyline root # smbclient -L shipping1
Password:
Sharename  Type  Comment
-    ---
snip
IPC$   IPC   Remote IPC
print$ Disk  Printer Drivers
snip
--
Andrew Gaffney
System Administrator
Skyline Aeronautics, LLC.
776 North Bell Avenue
Chesterfield, MO 63005
636-357-1548
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] adding printers from netlogon script

2004-01-14 Thread Andrew Gaffney
John H Terpstra wrote:
On Tue, 13 Jan 2004 [EMAIL PROTECTED] wrote:


I don't know the final answer BUT if you have something simmilar to a
cyber-cafe LAN (I mean, users use all the computers, and maybe some
users come back to login with the same name) then you have to install a
printer only once in a computer, loging as the administrator and
installing drivers. Then what users will have to do is JUST add the
printer without installing. I know that it's possible to add a printer
(already installed) in this kind of LAN, because I've seen it (not
because of any Micro$oft KB). SO if you have the printer already
installed you would have only got to put something like this line:
net use \\printerserver\printer
but not this one because I've not really tried and I know it's not this
exact command for sure.


Correct. So long as the drive is already installed users can map printers
on logon.
So, does anyone what the command to just map the printer is? The driver is already 
installed on these computers. This is a JetDirect device that was setup on all the boxes. 
I changed it around so that the computers map to a printer share on my Samba PDC that 
connects to the JetDirect. My command was giving me the Access denied.

--
Andrew Gaffney
System Administrator
Skyline Aeronautics, LLC.
776 North Bell Avenue
Chesterfield, MO 63005
636-357-1548
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] adding printers from netlogon script

2004-01-14 Thread Andrew Gaffney
Uwe Laverenz wrote:
Andrew Gaffney schrieb:

Is there no way to add printers from a netlogon script without the 
user being a Power User or higher?


Of course there is: we do this with the tool con2prt.exe from the 
Zero Admin Kit from M$:

http://www.microsoft.com/windows/zak/

You should install the con2prt.exe somewhere on the Windows client 
machine to a location that is included in $PATH.

In your login script you simply call the programm like this:

con2prt /f /cd \\servername\printername

Possible options for con2prt:

  /?  - displays usage.
  /h  - displays usage.
  /f  - deletes all existing printer connections.
  /c  - connects to \\printserver\share printer.
  /cd - connects to \\printserver\share printer and sets it as the
default printer.
Oh: could you please stop top-posting and full-quoting when writing to 
this mailing list? Thank you.
That looks very interesting. I'll check it out. As for the top-posting, I normally 
bottom-post, but someone started top-posting very early in the thread and I *hate* mixing 
botton- and top-posting. As for the full quoting...I was sending most of the emails late 
at night ;)

--
Andrew Gaffney
System Administrator
Skyline Aeronautics, LLC.
776 North Bell Avenue
Chesterfield, MO 63005
636-357-1548
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] adding printers from netlogon script

2004-01-13 Thread Andrew Gaffney
Kurt Pfeifle wrote:
[Samba] adding printers from netlogon script
Andrew Gaffney agaffney at technaut.darktalker.net
Tue Dec 9 20:10:07 GMT 2003
While this doesn't relate specifically to Samba, I need to do this in 
a netlogon .bat file in a Samba domain. In my network, I have a 
printer hooked to a JetDirect so that it is a TCP/IP printer. Is there 
a way I can automatically have this printer mapped/added when the user 
is logged on?

Test this command from a DOS box:

   rundll32 printui.dll,PrintUIEntry /in /n 
\\printerserver\printersharename

If it works, it can go into the logon script. (Of course printersharename
needs to exist on printerserver and must have printer driver deposited on
the server's [print$]-share for point'n'print download...). And:
   rundll32 printui.dll,PrintUIEntriy /?

will show up a full man page (hehe...)

See also

   http://de.samba.org/samba/docs/man/printing.html#id2931140
I used the above and some other references and pieced togethere a few commands to auto-map 
network printers at logon:

REM rundll32 printui.dll,PrintUIEntry /ia /m Ricoh Aficio 200/250 PCL /h Intel /v 
Windows 2000 /f %windir%\inf\ntprint.inf
rundll32 printui.dll,PrintUIEntry /if /b Hallway Printer /f %windir%\inf\ntprint.inf /r 
\\skyline\jetdirect /m Ricoh Aficio 200/250 PCL

These work just fine...as long as the user is an administrator. If the user logging on is 
a regular user, which most are, it give me Access denied when trying to map the printer, 
on the same computer. These commands are being run from the netlogon.bat script that runs 
at logon. Am I missing something?

--
Andrew Gaffney
System Administrator
Skyline Aeronautics, LLC.
776 North Bell Avenue
Chesterfield, MO 63005
636-357-1548
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] adding printers from netlogon script

2004-01-13 Thread Andrew Gaffney
John H Terpstra wrote:
On Tue, 13 Jan 2004, Andrew Gaffney wrote:


Kurt Pfeifle wrote:

[Samba] adding printers from netlogon script
Andrew Gaffney agaffney at technaut.darktalker.net
Tue Dec 9 20:10:07 GMT 2003
While this doesn't relate specifically to Samba, I need to do this in
a netlogon .bat file in a Samba domain. In my network, I have a
printer hooked to a JetDirect so that it is a TCP/IP printer. Is there
a way I can automatically have this printer mapped/added when the user
is logged on?
Test this command from a DOS box:

  rundll32 printui.dll,PrintUIEntry /in /n
\\printerserver\printersharename
If it works, it can go into the logon script. (Of course printersharename
needs to exist on printerserver and must have printer driver deposited on
the server's [print$]-share for point'n'print download...). And:
  rundll32 printui.dll,PrintUIEntriy /?

will show up a full man page (hehe...)

See also

  http://de.samba.org/samba/docs/man/printing.html#id2931140
I used the above and some other references and pieced togethere a few commands to 
auto-map
network printers at logon:
REM rundll32 printui.dll,PrintUIEntry /ia /m Ricoh Aficio 200/250 PCL /h Intel /v
Windows 2000 /f %windir%\inf\ntprint.inf
rundll32 printui.dll,PrintUIEntry /if /b Hallway Printer /f %windir%\inf\ntprint.inf 
/r
\\skyline\jetdirect /m Ricoh Aficio 200/250 PCL
These work just fine...as long as the user is an administrator. If the user logging on 
is
a regular user, which most are, it give me Access denied when trying to map the 
printer,
on the same computer. These commands are being run from the netlogon.bat script that 
runs
at logon. Am I missing something?


Indeed you are. Windows NT/200x/XP requires you to explicitly give the
user the rights to make changes. If I am not mistaken, you can get around
this by adding the Domain Users group to the Local Power Users group on
each workstation.
What rights does a normal user have by default? Can they map a network drive?

--
Andrew Gaffney
System Administrator
Skyline Aeronautics, LLC.
776 North Bell Avenue
Chesterfield, MO 63005
636-357-1548
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] adding printers from netlogon script

2004-01-13 Thread Andrew Gaffney
John H Terpstra wrote:
On Tue, 13 Jan 2004, Andrew Gaffney wrote:


John H Terpstra wrote:

On Tue, 13 Jan 2004, Andrew Gaffney wrote:



Kurt Pfeifle wrote:


[Samba] adding printers from netlogon script
Andrew Gaffney agaffney at technaut.darktalker.net
Tue Dec 9 20:10:07 GMT 2003
While this doesn't relate specifically to Samba, I need to do this in
a netlogon .bat file in a Samba domain. In my network, I have a
printer hooked to a JetDirect so that it is a TCP/IP printer. Is there
a way I can automatically have this printer mapped/added when the user
is logged on?
Test this command from a DOS box:

 rundll32 printui.dll,PrintUIEntry /in /n
\\printerserver\printersharename
If it works, it can go into the logon script. (Of course printersharename
needs to exist on printerserver and must have printer driver deposited on
the server's [print$]-share for point'n'print download...). And:
 rundll32 printui.dll,PrintUIEntriy /?

will show up a full man page (hehe...)

See also

 http://de.samba.org/samba/docs/man/printing.html#id2931140
I used the above and some other references and pieced togethere a few commands to 
auto-map
network printers at logon:
REM rundll32 printui.dll,PrintUIEntry /ia /m Ricoh Aficio 200/250 PCL /h Intel /v
Windows 2000 /f %windir%\inf\ntprint.inf
rundll32 printui.dll,PrintUIEntry /if /b Hallway Printer /f %windir%\inf\ntprint.inf 
/r
\\skyline\jetdirect /m Ricoh Aficio 200/250 PCL
These work just fine...as long as the user is an administrator. If the user logging on 
is
a regular user, which most are, it give me Access denied when trying to map the 
printer,
on the same computer. These commands are being run from the netlogon.bat script that 
runs
at logon. Am I missing something?


Indeed you are. Windows NT/200x/XP requires you to explicitly give the
user the rights to make changes. If I am not mistaken, you can get around
this by adding the Domain Users group to the Local Power Users group on
each workstation.
What rights does a normal user have by default? Can they map a network drive?


Default rights do not permit the user to change any system settings, not
even the time.
Once logged in an authenticated network user can map a drive if he/she has
access to the target resouce. Since printers require installation of
driver files, this is not permitted by default user settings.
Is there no way to add printers from a netlogon script without the user being a Power User 
or higher?

--
Andrew Gaffney
System Administrator
Skyline Aeronautics, LLC.
776 North Bell Avenue
Chesterfield, MO 63005
636-357-1548
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] adding printers from netlogon script

2004-01-13 Thread Andrew Gaffney
John H Terpstra wrote:
On Tue, 13 Jan 2004, Andrew Gaffney wrote:


John H Terpstra wrote:

On Tue, 13 Jan 2004, Andrew Gaffney wrote:



John H Terpstra wrote:


On Tue, 13 Jan 2004, Andrew Gaffney wrote:




Kurt Pfeifle wrote:



[Samba] adding printers from netlogon script
Andrew Gaffney agaffney at technaut.darktalker.net
Tue Dec 9 20:10:07 GMT 2003
While this doesn't relate specifically to Samba, I need to do this in
a netlogon .bat file in a Samba domain. In my network, I have a
printer hooked to a JetDirect so that it is a TCP/IP printer. Is there
a way I can automatically have this printer mapped/added when the user
is logged on?
Test this command from a DOS box:

rundll32 printui.dll,PrintUIEntry /in /n
\\printerserver\printersharename
If it works, it can go into the logon script. (Of course printersharename
needs to exist on printerserver and must have printer driver deposited on
the server's [print$]-share for point'n'print download...). And:
rundll32 printui.dll,PrintUIEntriy /?

will show up a full man page (hehe...)

See also

http://de.samba.org/samba/docs/man/printing.html#id2931140
I used the above and some other references and pieced togethere a few commands to 
auto-map
network printers at logon:
REM rundll32 printui.dll,PrintUIEntry /ia /m Ricoh Aficio 200/250 PCL /h Intel /v
Windows 2000 /f %windir%\inf\ntprint.inf
rundll32 printui.dll,PrintUIEntry /if /b Hallway Printer /f %windir%\inf\ntprint.inf 
/r
\\skyline\jetdirect /m Ricoh Aficio 200/250 PCL
These work just fine...as long as the user is an administrator. If the user logging on 
is
a regular user, which most are, it give me Access denied when trying to map the 
printer,
on the same computer. These commands are being run from the netlogon.bat script that 
runs
at logon. Am I missing something?


Indeed you are. Windows NT/200x/XP requires you to explicitly give the
user the rights to make changes. If I am not mistaken, you can get around
this by adding the Domain Users group to the Local Power Users group on
each workstation.
What rights does a normal user have by default? Can they map a network drive?


Default rights do not permit the user to change any system settings, not
even the time.
Once logged in an authenticated network user can map a drive if he/she has
access to the target resouce. Since printers require installation of
driver files, this is not permitted by default user settings.
Is there no way to add printers from a netlogon script without the user being a 
Power User
or higher?


That question is best answered by Microsoft. Have you checked the
Microsoft Knowledge Base?
My interpretation of your question is, Is there no way to give users a
privilege they do not have without giving them the privilege they need?
Logically, my answer is - No. No way. But my logic is flawed, so do not
take my answer as gospel.
I hadn't even thought about consulting the MS KB, even though this problem isn't 
technically Samba related and is definately MS related and involves using their tools ;)

--
Andrew Gaffney
System Administrator
Skyline Aeronautics, LLC.
776 North Bell Avenue
Chesterfield, MO 63005
636-357-1548
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] user management tool

2004-01-08 Thread Andrew Gaffney
I guess its been a while since I looked at the Samba Webmin module

John H. wrote:
like samba as a PDC on a windows network?
that's what i'm using it for(for the configuration part).
what else are you looking to do?  it can also easily map things like Domain Power Users and Domain Admins to unix groups.





 --- On Wed 01/07, Andrew Gaffney  [EMAIL PROTECTED]  wrote:
From: Andrew Gaffney [mailto: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
 Cc: [EMAIL PROTECTED]
Date: Wed, 07 Jan 2004 17:44:18 -0600
Subject: Re: [Samba] user management tool
Let me rephrase. This tool would be for management of Samba-based NT-style domains.brbrJohn H. wrote:br webminbr www.webmin.combr has EXCELLENT samba tools for managing users.  it's really nice how it will bind samba users to unix users for you(change unix user, and samba user is changed).  I recently moved a small company over to a linux server and webmin was key for them so they could understand how to do things themselves.  it even has a swat interface to get things just right.brbr-- brAndrew GaffneybrSystem AdministratorbrSkyline Aeronautics, LLC.br776 North Bell AvenuebrChesterfield, MO 63005br636-357-1548brbr

___
No banners. No pop-ups. No kidding.
Introducing My Way - http://www.myway.com



--
Andrew Gaffney
System Administrator
Skyline Aeronautics, LLC.
776 North Bell Avenue
Chesterfield, MO 63005
636-357-1548
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] user management tool

2004-01-07 Thread Andrew Gaffney
There was talk a few weeks ago about the possibility of a Tk-based user management tool 
that never happened. I'm planning on trying to do this myself. What features were to be in 
the one that never materialized? What features might people want in it? To begin, the 
program will only be able to do things that can be done straight through the existing 
command line tools (net, smbpasswd, etc.). Thoughts, questions, comments?

--
Andrew Gaffney
System Administrator
Skyline Aeronautics, LLC.
776 North Bell Avenue
Chesterfield, MO 63005
636-357-1548
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] user management tool

2004-01-07 Thread Andrew Gaffney
Let me rephrase. This tool would be for management of Samba-based NT-style domains.

John H. wrote:
webmin
www.webmin.com
has EXCELLENT samba tools for managing users.  it's really nice how it will bind samba 
users to unix users for you(change unix user, and samba user is changed).  I recently 
moved a small company over to a linux server and webmin was key for them so they could 
understand how to do things themselves.  it even has a swat interface to get things 
just right.
--
Andrew Gaffney
System Administrator
Skyline Aeronautics, LLC.
776 North Bell Avenue
Chesterfield, MO 63005
636-357-1548
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Spam in the list.

2004-01-06 Thread Andrew Gaffney
Brent Ellis wrote:
There is an inordinate amount of spam going to the Samba list lately.  
Is there anything that can be done about that?   
I was wondering about that. It looks like someone is trying to see what does and doesn't 
get through spam filters.

--
Andrew Gaffney
System Administrator
Skyline Aeronautics, LLC.
776 North Bell Avenue
Chesterfield, MO 63005
636-357-1548
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] upgrade from 2.2.x to 3.0.0

2004-01-06 Thread Andrew Gaffney
Andrew Judge wrote:
I upgraded (a side by side migration) from RH 7.3 to RH EN v.3 and one of
the packages was samba acting as a PDC.  Was working beautifully, but now
some XP machines don't see the new server at login.  Password are cached so
not a huge problem.  One machine didn't cache the password.  I deleted the
machine account from the samba PDC, put it into a workgroup.  I then tried
to add it to the domain and I get can not find user as root.  root is
there and valid.  When I use a bad password for root, it says that I am
using a bad password - so it sees the user?  Nothing unusual in the logs and
event viewer.
I migrated by:

1. copying passwd, shadow, group
2. copying smbpasswd
3. creating the ntadmin group
4. modifying the smb.conf file
I ran into this same problem. There is one more thing you need to do:

net groupmap modify ntgroup=Domain Admins unixgroup=ntadmin

--
Andrew Gaffney
System Administrator
Skyline Aeronautics, LLC.
776 North Bell Avenue
Chesterfield, MO 63005
636-357-1548
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] How to apply 3.0.1 Patch???

2004-01-05 Thread Andrew Gaffney
mjynht wrote:
Can somebody tell me how to apply the 3.0.1 patch of samba??? I'm running samba 3.0.0.
Most likely, the patch is to patch the 3.0.0 source to 3.0.1 instead of downloading a new 
3.0.1 tarball. If you don't know how to apply patches, it is probably easier for you to 
just go download the 3.0.1 tarball.

--
Andrew Gaffney
System Administrator
Skyline Aeronautics, LLC.
776 North Bell Avenue
Chesterfield, MO 63005
636-357-1548
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] How to send a domain wide message with smbclient?

2003-12-29 Thread Andrew Gaffney
From a quick glance at the script, it does the same thing as the script that I posted.

Travis L. Bean wrote:
I found a working script to send a domain wide message:
http://www.netsys.com/sunmgr/1998-10/msg00122.html.  This is a modified
version of the /examples/misc/wall.perl included in the Samba 3.x.x
distribution.  The wall.perl script in the Samba distribution appears to
be broken, because it does not send a message unless a host name is
provided.  Perhaps someone on the samba team would be so kind as to view
the differences between these two scripts and incorporate these
modifications into the wall.perl script that is included in the Samba
distribution.  

Thanks, 

Travis

-Original Message-
From: Andrew Gaffney [mailto:[EMAIL PROTECTED] 
Sent: Sunday, December 28, 2003 6:05 AM
To: Travis L. Bean
Cc: [EMAIL PROTECTED]
Subject: Re: [Samba] How to send a domain wide message with smbclient?

Travis L. Bean wrote:

Is there a way to send a message to all users currently logged into a 
Samba domain controller?  The reason why I ask is that I have a Samba 
3.x.x primary/backup domain controller setup and as soon as the system


monitor detects that the primary domain controller is offline I would 
like to execute a command to send a domain wide message telling all 
domain users to save their work to the local machine, log off the pdc 
and log back in to the bdc.  Is there a way to accomplish this with 
smbclient or another open source software solution?


You can send a message with a command such as 'echo Testing |
smbclient -M machine'. I 
don't know if there is a way to send a message to all clients. You could
try to do it 
yourself. If you have any bash/sed/awk or perl abilities, you could
write a script that 
parses the output of 'smbstatus' to determine which clients are
currently logged on to the 
domain. It could then go through a loop and send the message to every
client. In perl:

#!/usr/bin/perl

open PIPE, smbstatus |;
foreach $line (PIPE) {
   if($line =~ /\d+\s+(\S+)\s+\S+\s+(\S+)\s+\((.+)\)/) {
 system echo 'Attention user $1! PDC is down. Please save all work
to local disk, 
logout, and log back in on the BDC.' | smbclient -M $2 -I $3;
   }
}

I ran a brief test on this and it appears to work correctly with 3.0.1.



--
Andrew Gaffney
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] installing gui interfaces for samba

2003-12-29 Thread Andrew Gaffney
kent E. wrote:
i've browse the web and found 'Smb4K - An SMB share browser for KDE'
since this is something similar like a windows sharing this would be
safer for our newbie(unix) users but i have problem installing the
package 

===
checking for Qt... configure: error: Qt (= Qt 3.1 (20021021)) (headers
and libraries) not found. Please check your installation!
For more details about this problem, look at the end of config.log.

i already installed the qt ver 3.1++

[EMAIL PROTECTED] smb4k-0.3.1]# rpm -qa qt
qt-3.1.1-6

You might want to try to find an RPM for your distro for that program. Another good SMB 
browser I've found is Xfsamba.

--
Andrew Gaffney
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] How to send a domain wide message with smbclient?

2003-12-28 Thread Andrew Gaffney
Travis L. Bean wrote:
Is there a way to send a message to all users currently logged into a 
Samba domain controller?  The reason why I ask is that I have a Samba 
3.x.x primary/backup domain controller setup and as soon as the system 
monitor detects that the primary domain controller is offline I would 
like to execute a command to send a domain wide message telling all 
domain users to save their work to the local machine, log off the pdc 
and log back in to the bdc.  Is there a way to accomplish this with 
smbclient or another open source software solution?
You can send a message with a command such as 'echo Testing | smbclient -M machine'. I 
don't know if there is a way to send a message to all clients. You could try to do it 
yourself. If you have any bash/sed/awk or perl abilities, you could write a script that 
parses the output of 'smbstatus' to determine which clients are currently logged on to the 
domain. It could then go through a loop and send the message to every client. In perl:

#!/usr/bin/perl

open PIPE, smbstatus |;
foreach $line (PIPE) {
  if($line =~ /\d+\s+(\S+)\s+\S+\s+(\S+)\s+\((.+)\)/) {
system echo 'Attention user $1! PDC is down. Please save all work to local disk, 
logout, and log back in on the BDC.' | smbclient -M $2 -I $3;
  }
}

I ran a brief test on this and it appears to work correctly with 3.0.1.

--
Andrew Gaffney
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] uncovering groupmap problems

2003-12-21 Thread Andrew Gaffney
Craig White wrote:
Should I delete them first?

net groupmap list
Domain Admins (S-1-5-21-3186189368-1246494298-1334198317-512) - Domain
Admins #NOTE - listed only one for clarity#
# net groupmap modify sid=S-1-5-21-3186189368-1246494298-1334198317-512
unixgroup=root type=domain
[2003/12/21 20:05:22, 0]
passdb/pdb_ldap.c:ldapsam_update_group_mapping_entry(1954)
  ldapsam_update_group_mapping_entry: No group to modify!
Could not update group database
Have you tried using 'ntgroup' instead of 'sid' such as 'net groupmap modify 
ntgroup=Domain Admins unixgroup=root type=domain'?

--
Andrew Gaffney
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] uncovering groupmap problems

2003-12-21 Thread Andrew Gaffney
Craig White wrote:
On Sun, 2003-12-21 at 20:14, Andrew Gaffney wrote:

Craig White wrote:

Should I delete them first?

net groupmap list
Domain Admins (S-1-5-21-3186189368-1246494298-1334198317-512) - Domain
Admins #NOTE - listed only one for clarity#
# net groupmap modify sid=S-1-5-21-3186189368-1246494298-1334198317-512
unixgroup=root type=domain
[2003/12/21 20:05:22, 0]
passdb/pdb_ldap.c:ldapsam_update_group_mapping_entry(1954)
 ldapsam_update_group_mapping_entry: No group to modify!
Could not update group database
Have you tried using 'ntgroup' instead of 'sid' such as 'net groupmap modify 
ntgroup=Domain Admins unixgroup=root type=domain'?

yeah - sorry, sloppy with copy  paste from terminal ;-) tested
again...taken from command line and not shell script...
net groupmap modify sid=S-1-5-21-3186189368-1246494298-1334198317-512
ntgroup=Domain Admins unixgroup=root type=domain
[2003/12/21 20:23:06, 0]
passdb/pdb_ldap.c:ldapsam_update_group_mapping_entry(1954)
  ldapsam_update_group_mapping_entry: No group to modify!
Could not update group database
Try it without the 'sid' parameter completely.

--
Andrew Gaffney
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] enabling remote desktop

2003-12-21 Thread Andrew Gaffney
I have found a bit easier way to do this. Create a file called rdesktop.reg (or whatever 
you feel like calling it):

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server]
fDenyTSConnections=dword:
Then, in your netlogon script, add the line:

regedit /s \\where\the\reg\file\is\rdesktop.reg

Voila, the next time that a user logs in on that XP workstation, Remote Desktop Sharing 
will magically be enabled. Behold the power of Google!

James Harper wrote:
Me too!!!

I've never done this before, but this might be worth a try if nothing
else works:
1. run gpedit.msc on an xp machine and find the policy you want to
enable.
2. search for that policy in the .adm files (c:\windows\inf\*.adm) to
find out the registry setting that should be set. They are just text
files.
3. get a machine with the policy set how you want it and export that
registry entry to a file in your netlogon share
4. in your startup script, import that file into the registry. Not sure
how to do that 'silently' but there is probably a way.
5. enjoy
There may be a problem with persistence though, something else may
override your registry entries. If this is true and you also have to
reboot for the registry entries to take effect, then it won't work.
If you find a better way then please share it as I'd like a tidy
solution too.
Hth.

James



-Original Message-
From: [EMAIL PROTECTED] [mailto:samba-
[EMAIL PROTECTED] On Behalf Of Andrew
Gaffney

Sent: Friday, 19 December 2003 13:36
To: [EMAIL PROTECTED]
Subject: [Samba] enabling remote desktop
Is there a way to automatically enable Remote Desktop from a NETLOGON
script? I want to
enable Remote Desktop on *a lot* of machines, but I don't want to do
it

manually.

--
Andrew Gaffney
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba





--
Andrew Gaffney
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] enabling remote desktop

2003-12-18 Thread Andrew Gaffney
Is there a way to automatically enable Remote Desktop from a NETLOGON script? I want to 
enable Remote Desktop on *a lot* of machines, but I don't want to do it manually.

--
Andrew Gaffney
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Not seeing Samba Server from My Network Places

2003-12-16 Thread Andrew Gaffney
Mike Tutaj wrote:
Using RedHAT 9.0 and Samba that came with it.. Samba states it is up and
running..Here is the current samba.conf file.. I can browse from the linux
box and get into the window shares. Can ping the address of the linux
server.. See the workgroup from windows, but no machine or folders
available..
Is your config file actually named samba.conf? If so, this is where your problem probably 
lies. The config file that samba will look for is called smb.conf.

--
Andrew Gaffney
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] migrating local user profiles to roaming domain profiles

2003-12-16 Thread Andrew Gaffney
I have a network of 2K and XP clients that I am migrating to a domain using Samba 3 as a 
PDC. I have the domain working quite well after quite a bit of tweaking. My problem is 
that I want people to logon to the domain, but I also want them to keep their profiles 
from their local users. How can I go about this?

--
Andrew Gaffney
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] migrating local user profiles to roaming domain profiles

2003-12-16 Thread Andrew Gaffney
Craig Jackson wrote:
On Tue, 2003-12-16 at 22:17, Andrew Gaffney wrote:

I have a network of 2K and XP clients that I am migrating to a domain using Samba 3 as a 
PDC. I have the domain working quite well after quite a bit of tweaking. My problem is 
that I want people to logon to the domain, but I also want them to keep their profiles 
from their local users. How can I go about this?

--
Andrew Gaffney


Here's a nice howto

http://www.badmagicnumber.com/linotes/samba.html
Its entirely possible that I just missed it, but I didn't see any information relevant to 
my question.

--
Andrew Gaffney
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Samba

2003-12-12 Thread Andrew Gaffney
Gillian Hay wrote:
Dear sir/Madam,
 
I understand that SAMBA is used when converting UNIX systems - 
Microsoft systems.   I am currently studying at university and as part of my module, we were given a
 hypothetical situation which we were to solve.This hypothetical company are currently 
using the UNIX operating
system and we were wanting to change them to Microsoft.   We understand that they could lose their work due to
 this change.

Even hypothetical, a company that *WANTS* to switch to MSdoes this not make sense to 
anyone else? ;)

 Could you please inform me of the cost of this transversion for one 
PC and any training that would be required.
Samba is really used to integrate a UNIX system into an existing MS network. If you are 
moving to an all MS network, there is no reason for Samba. You could use Samba if you 
planned a slow transition and wanted to still store your data on UNIX servers and have it 
accessible by people using Windows workstations. The cost of this transition on one PC 
would be about $300 for the Windows license ;) As for training, the only people that would 
need to learn to use Samba are the System Administrators.

--
Andrew Gaffney
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] making file hidden

2003-12-12 Thread Andrew Gaffney
I'm running Samba 3.0.0. I have some files in a directory that is shared by Samba that I 
want to appear hidden to Windows. How can I do this from the Linux side?

--
Andrew Gaffney
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] adding machines to the domain with Samba 3.0.0

2003-12-11 Thread Andrew Gaffney
Is there something special I need to do to let root add computers to the domain in 3.0? 
When I try to add the workstation I get an error about 'user not found' even though I can 
logon to a workstation joined to the domain as 'root'.  I was able to add computers to the 
domain with 2.2.8 with an 'add user command' entry and 'domain admin group = root' in my 
smb.conf I have root in the 'Domain Admins' group:

skyline samba # net groupmap list
System Operators (S-1-5-32-549) - -1
Dispatch (S-1-5-21-12416-2847287174-2328787173-1831) - dispatch
Replicators (S-1-5-32-552) - -1
Guests (S-1-5-32-546) - -1
Mechanics (S-1-5-21-12416-2847287174-2328787173-1827) - mech
Instructors (S-1-5-21-12416-2847287174-2328787173-1837) - instructors
Accounting (S-1-5-21-12416-2847287174-2328787173-1829) - accounting
Domain Admins (S-1-5-21-12416-2847287174-2328787173-512) - domainadmins
Domain Guests (S-1-5-21-12416-2847287174-2328787173-514) - domainguests
Domain Users (S-1-5-21-12416-2847287174-2328787173-513) - domainusers
Power Users (S-1-5-32-547) - -1
Print Operators (S-1-5-32-550) - -1
Administrators (S-1-5-32-544) - domainadmins
Account Operators (S-1-5-32-548) - -1
Backup Operators (S-1-5-32-551) - -1
Users (S-1-5-32-545) - -1
skyline samba # cat /etc/group | grep domainadmins
domainadmins:x:412:root
I tried to use 'User Manager for Domains' to grant 'Domain Admins' the right to 'Add 
workstations to the domain' but I got an error when I hit OK that said something about not 
being able to take away local logon right to the local Administrators group. I tried 
mapping the existing 'Administrators' group to the unix group 'domainadmins' and then 
specifically granting the 'Administrators' group the right to Logon Locally, but I still 
get the error. Can anyone help?

--
Andrew Gaffney
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Re: adding machines to the domain with Samba 3.0.0

2003-12-11 Thread Andrew Gaffney
WinXperts wrote:
domain admins group is not supported in samba 3, you will need to map
windows groups to linux/unix groups using the NET command.
I know. I said that was how I had it working in 2.2.8. Below that, I had the results of 
'net groupmap list' which showed both 'Domain Admins' and 'Administrators' mapped to the 
'domainadmins' group which contained 'root'.

--
Andrew Gaffney
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Re: adding machines to the domain with Samba 3.0.0

2003-12-11 Thread Andrew Gaffney
[EMAIL PROTECTED] wrote:
Try using the following attribute in the smb.conf:


admin users (S)
This is a list of users who will be granted administrative privileges
on the share. This means that they will do all file operations as
the super-user (root).


You should use this option very carefully, as any user in this list
will be able to do anything they like on the share, irrespective
of file permissions.


Default: no admin users


Example: admin users = jason


You may want to use:

admin users = @domainadmins

This will allow any user in the domainadmins group join machines to the
domain.
You've got the wrong option. That option allows the specified users to connect as if they 
were root on that share. It is not the same as the 'domain admin group' option in 2.2.x.

--
Andrew Gaffney
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Windows 2000 password change with smbpasswd - login problem

2003-12-11 Thread Andrew Gaffney
David Wilson wrote:
Hello,

Any ideas on this one ? Hopefully not being too pesky ? :)

---

Hi guys,

How are you ?

My setup is as follows:
Samba-3.0.0 PDC on a Slackware-9.0 box, with mixed N.T. and Windows 2000
clients.
Everything has been running perfectly for months however now, it seems
I've picked up a bit of a weird problem when changing a users password
via smbpasswd. This problem only appears to affect users who log onto
the Samba domain using a Windows 2000 PC.
i.e If I change a password for an N.T. 4.0 user the user merely has to
log out of N.T. and log back on with his new password, everything works
perfectly.
If I change a password for a Windows 2000 user, the user logs off
Windows 2000, tries to login again, but receives and incorrect
username/password error.
Ever come across this before ?
Any assistance would be greatly appreciated.
This is a longshot, but maybe the Win2K box is caching the old password and it sees that 
the new one doesn't match before it even tries to authenticate against the PDC. Can you 
restart the Win2K machine and have the new password work?

--
Andrew Gaffney
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Paradox+Samba

2003-12-11 Thread Andrew Gaffney
[EMAIL PROTECTED] wrote:
Hi all... Last monday i migrated form novell 4.0 to Samba 3.0 PDC. The server
acts as a file server for 30 workstations (Win2000) using an aplicattion
that combines clipper (with .dbf files) and delphi (uses paradox .px and
.db). Its perfomance has been very poor since i changed the server. PLEASE
HELP ME, since its in production and i really don know what to do.
First of all, if you are only doing file sharing, you don't need a PDC setup. Second, I 
assume that your current Samba server is a different box than your old Novell server. If 
this is the case, is the new server a lot less powerful than the old? Is it on a different 
network segment? Are you using a 10base-T NIC where you were using a 100base-T? Also, what 
OS is running on your Samba box?

--
Andrew Gaffney
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] session timeout

2003-12-11 Thread Andrew Gaffney
Andrew Gaffney wrote:
Is there a way to setup my domain so that any client logging onto the 
Samba domain will be logged out after 20 minutes of inactivity? To 
clarify: if I log into the domain on a workstation and then walk away, 
can I have it automatically logoff after 20 minutes?
I've seen this done before using Remote Desktop on a Windows 2000 machine. Can it be done 
using Samba?

--
Andrew Gaffney
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] group mappings pitfalls in samba 3

2003-12-09 Thread Andrew Gaffney
I have recently run across this problem and would like to warn people about it. I had an 
already established domain running under Samba 2.2.8. I then upgraded to 3.0. I removed 
the 'domain admin users = root' line from my smb.conf because certain tools complained 
about it being there. After the upgrade, I followed the Samba 3 HOWTO docs on samba.org. I 
created my domadm, domguests, and domusers groups. I used the command 'net groupmap add 
ntgroup=Domain Admins UNIXgroup=domadm' to map the groups together. This should have had 
the same effect as having the 'domain admin users = root' line in 2.2.8, but whenever I 
would logon to any computer in the domain with the user 'root', the user would be a 
regular restricted user. I got output like this from 'net groupmap list':

System Operators (S-1-5-32-549) - -1
Dispatch (S-1-5-21-12416-2847287174-2328787173-1831) - dispatch
Replicators (S-1-5-32-552) - -1
Guests (S-1-5-32-546) - -1
Domain Users (S-1-5-21-12416-2847287174-2328787173-1833) - domusers
Domain Admins (S-1-5-21-12416-2847287174-2328787173-1825) - domadm
Domain Guests (S-1-5-21-12416-2847287174-2328787173-1835) - domguests
Mechanics (S-1-5-21-12416-2847287174-2328787173-1827) - mech
Instructors (S-1-5-21-12416-2847287174-2328787173-1837) - instructors
Accounting (S-1-5-21-12416-2847287174-2328787173-1829) - accounting
Domain Admins (S-1-5-21-12416-2847287174-2328787173-512) - -1
Domain Guests (S-1-5-21-12416-2847287174-2328787173-514) - -1
Domain Users (S-1-5-21-12416-2847287174-2328787173-513) - -1
Power Users (S-1-5-32-547) - -1
Print Operators (S-1-5-32-550) - -1
Administrators (S-1-5-32-544) - -1
Account Operators (S-1-5-32-548) - -1
Backup Operators (S-1-5-32-551) - -1
Users (S-1-5-32-545) - -1
Apparently, the default groups already existed, but were not used in the mapping. Instead, 
new groups with the same name (but not the same GID) were created and mapped. So, my user 
was in the Domain Admins group but not THE Domain Admins group. I'm not quite sure if this 
is a flaw in the HOWTO or if this only happens when upgrading from 2.2.x. I was able to 
fix this problem by deleting the group mappings and remapping with 'net groupmap modify 
ntgroup=Domain Admins UNIXgroup=domadm'. I just made these changes, but I am not on site 
to test if they worked, but I have a hunch that they did.

--
Andrew Gaffney
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] netlogon script generation

2003-12-09 Thread Andrew Gaffney
Can anyone point me to a doc or a script that shows how to generate netlogon script on the 
 fly and supports users having multiple groups? I tried the Perl script referenced at 
http://us2.samba.org/samba/docs/man/AdvancedNetworkManagement.html but I believe it only 
supports the user being a member of one group.

--
Andrew Gaffney
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] netlogon script generation

2003-12-09 Thread Andrew Gaffney
This was the script I was refering to that didn't work for me. I ended up re-writing 
almost completely from scratch to support multiple groups.

#!/usr/bin/perl

my ($user) = @ARGV;
my $drives = {F = NET USE F: SKYLINE\\SKYLINEF\r\n,
  H = NET USE H: SKYLINE\\SHARE\r\n,
  I = NET USE I: SHIPPING1\\INVENTORY\r\n,
  M = NET USE M: SKYLINE\\SKYLINEM\r\n,
  S = NET USE S: SHIPPING1\\SHOP\r\n,
  Y = NET USE Y: ACCOUNTING\\FLTSCHOOL\r\n,
  Z = NET USE Z: ACCOUNTING\\MAINT\r\n};
my $which = {accounting = F H I M S Y Z, mech = I M S Z, dispatch = M, 
instructors = M};
my $groups = `cat /etc/group | grep ${user} | cut -d ':' -f 1`;
$groups =~ s/\n/\:/sg;

# Start generating logon script
#open LOGON, /usr/local/samba/netlogon/${user}.bat;
open LOGON, /tmp/${user}.bat;
print LOGON [EMAIL PROTECTED] OFF\r\n;
foreach $group (split /:/, $groups) {
  foreach $drive (split / /, $which-{$group}) {
print LOGON $drives-{$drive};
  }
}
close LOGON;
system cat /tmp/${user}.bat | sort -u  /usr/local/samba/netlogon/${user}.bat;
rruegner wrote:
Hi, here is an example start this script with root prexec in the netlogon
share
it will create netlogon bat files for users and groups which can
the orginal file is genlogon.pl
which is part of samba, read the doku, all other stuff is done by netlogon
bat files ( there are several examples in the web )
Best Regards
#!/usr/bin/perl
#
# login.pl
# creation on the fly logon scripts by [EMAIL PROTECTED] inspired by
genlogon.pl
# Log client connection
#($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time);
($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time);
open LOG, /smbmonitor/user/netlogon.txt;
print LOG $mon/$mday/$year $hour:$min:$sec - User $ARGV[0] Group $ARGV[1]\n
from $ARGV[2] in $ARGV[3];
close LOG;
# Start generating logon script for user
open LOGON, /var/lib/samba/netlogon/$ARGV[0].bat;
print LOGON [EMAIL PROTECTED] OFF\r\n echo %USERNAME%\r\n call send.bat\r\n;
# Start generating logon script for machine for different security
monitoring
open LOGON, /var/lib/samba/netlogon/$ARGV[2].bat;
print LOGON [EMAIL PROTECTED] OFF\r\n call chkdir.bat\r\n call listapp.bat 
$ARGV[3]\\smbmonitor\\machines\\$ARGV[2]\\software\\$A$
# Start generating logon script for group
open LOGON, /var/lib/samba/netlogon/$ARGV[1].bat;
print LOGON [EMAIL PROTECTED] OFF\r\n;
# Connect shares for group users
if ($ARGV[1] eq users)
{
print LOGON NET USE X: $ARGV[3]\\files\r\n;
}
# Connect shares for group ntadmin
if ($ARGV[1] eq ntadmin)
{
print LOGON NET USE Y: $ARGV[3]\\smbmonitor\r\n;
}
- Original Message - 
From: Andrew Gaffney [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, December 09, 2003 6:02 PM
Subject: [Samba] netlogon script generation



Can anyone point me to a doc or a script that shows how to generate
netlogon script on the

 fly and supports users having multiple groups? I tried the Perl script
referenced at

http://us2.samba.org/samba/docs/man/AdvancedNetworkManagement.html but I
believe it only

supports the user being a member of one group.

--
Andrew Gaffney
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba






--
Andrew Gaffney
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] netlogon script generation

2003-12-09 Thread Andrew Gaffney
Mike Rambo wrote:
On Tue, 2003-12-09 at 12:02, Andrew Gaffney wrote:

Can anyone point me to a doc or a script that shows how to generate netlogon script on the 
 fly and supports users having multiple groups? I tried the Perl script referenced at 
http://us2.samba.org/samba/docs/man/AdvancedNetworkManagement.html but I believe it only 
supports the user being a member of one group.



Deryk Robosson wrote some scripts that I modified to parse group
membership (based upon /etc/group which may or may not be best). If you
want to try them you can get them at
http://scnc.lsd.k12.mi.us/~mrambo/netlogon-0.2.tar.gz

I had planned on sending the group updates back to Deryk to see if he
wanted to incorporate them into his release but I never got the preexec
stuff to work so I never sent him the updates.
You're welcome to give them a whirl. We are using the scripts daily but
not in the way which was originally envisioned (much to my chagrin). If
you can get the root preexec stuff to work I'd love to know how you do
it. I tried repeatedly, even with some help from Deryk, and asked a
least a couple of different times on this list for help but I can't get
the root preexec to work for nothing.
I got the 'root preexec' to work without a problem:

[netlogon]
comment = The domain logon service
path = /usr/local/samba/netlogon
public = no
writeable = no
root preexec = /etc/samba/genlogon.pl %U
I already posted my script in this thread. It also parses /etc/group to determine what 
groups a specific user is in.

--
Andrew Gaffney
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] adding printers from netlogon script

2003-12-09 Thread Andrew Gaffney
Kurt Pfeifle wrote:
[Samba] adding printers from netlogon script
Andrew Gaffney agaffney at technaut.darktalker.net
Tue Dec 9 20:10:07 GMT 2003
While this doesn't relate specifically to Samba, I need to do this in 
a netlogon .bat file in a Samba domain. In my network, I have a 
printer hooked to a JetDirect so that it is a TCP/IP printer. Is there 
a way I can automatically have this printer mapped/added when the user 
is logged on?

Test this command from a DOS box:

   rundll32 printui.dll,PrintUIEntry /in /n 
\\printerserver\printersharename

If it works, it can go into the logon script. (Of course printersharename
needs to exist on printerserver and must have printer driver deposited on
the server's [print$]-share for point'n'print download...). And:
   rundll32 printui.dll,PrintUIEntriy /?

will show up a full man page (hehe...)

See also

   http://de.samba.org/samba/docs/man/printing.html#id2931140
Will this same method work to add a TCP/IP printer instead of a SMB printer?

--
Andrew Gaffney
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] How does WinXP pass username/password?: NT_STATUS_WRONG_PASSWORD

2003-12-09 Thread Andrew Gaffney
GhodMode wrote:
I have a small network that includes two Linux computers and one Windows
XP Pro computer.
I'm trying to get share my Linux resources properly with the Windows
computer.  If I set it for share level security and set a user name for
each share, along with guest ok, then I can get in as whichever user
I've set... even root.
I've tried a few scenarios with a basic smb.conf and I have plenty of
log output when --debuglevel=2, but I thought it would be more than
everyone would want to see on this list.  The workgroup of the Windows
XP computer is HOME.  The user name and password I use on the Windows
XP computer is the same as an account on the Linux computer.
The log entry which looks most meaningful to me says
NT_STATUS_WRONG_PASSWORD.  So, that makes me wonder what NT is passing,
even when I type the password.
Did you add your user to the Samba passwd db by doing 'smbpasswd -a user'?

--
Andrew Gaffney
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] session timeout

2003-12-09 Thread Andrew Gaffney
Is there a way to setup my domain so that any client logging onto the Samba domain will be 
logged out after 20 minutes of inactivity? To clarify: if I log into the domain on a 
workstation and then walk away, can I have it automatically logoff after 20 minutes?

--
Andrew Gaffney
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Problems using Roaming Profiles on Win2k

2003-12-08 Thread Andrew Gaffney
Rui Santos wrote:
I have set up a Samba 2.2.7a to work as a PDC for my Win2k boxes.
They can join the domain suplied by samba, and all the users
can log on to their domain but, the roaming profiles just won't
work. I'm using win2k SP4 and my smb.conf is as described bellow:
I ran into this same problem when I setup my Samba domain. In my case, my profiles dir had 
the permissions 755, which of course denied write permission to anyone except root. I just 
made my profiles dir 766 which allows the user's profile dirs to be created.

--
Andrew Gaffney
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Re: Machine Accounts

2003-12-07 Thread Andrew Gaffney
Roberto Mason wrote:
I've added the seal registry patch and modified the script to include add
machine script. I also added root to the smbpasswd and enabled the user,
and still I get unknown user or password. There's something still missing.
I seem to remember having this same problem and solving it by rebooting the box that was 
giving me this error. Rebooting really is the universal solution to any problem in Windows :)

--
Andrew Gaffney
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] group policies, domain policies and workstation policies without Active Directory??

2003-12-06 Thread Andrew Gaffney
[EMAIL PROTECTED] wrote:
I have the following situation: a network with 30 Windows NT Server on
different sites, 800 clients with Windows XP; I want to migrate to Samba
instead of Windows 2003 Server, but I have the effort to manage group
policies, domain policies and workstation policies on the XP Clients;
is there a way to solve this without Active Directory e.g. Samba with
LDAP??
Do you really want to apply the XP registry hack to 800 clients? Although, it may no 
longer be necessary if you're using 3.0. Does anyone know?

--
Andrew Gaffney
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] group policies, domain policies and workstation policies without Active Directory??

2003-12-06 Thread Andrew Gaffney
kyle wrote:
On Sat, 06 Dec 2003 15:47:32 -0600
Andrew Gaffney wrote:

[EMAIL PROTECTED] wrote:

I have the following situation: a network with 30 Windows NT Server on
different sites, 800 clients with Windows XP; I want to migrate to Samba
instead of Windows 2003 Server, but I have the effort to manage group
policies, domain policies and workstation policies on the XP Clients;


Do you really want to apply the XP registry hack to 800 clients? Although,
it may no longer be necessary if you're using 3.0. Does anyone know?


what hack are you talking about? (I'm really interested in doing this since
I've posted several questions on this same list before).
My approach was like this :

- Samba 3 server
- Windows XP client machines
- Roaming profiles stored on the server
- The client machines execute a script on logon that tries to load a
specially customized .reg file, but fails doing it because the user that
logs won't have priviledges enough to modify the registry (entries con
hkey_current_user - HKU or similar)
this didn't work... any ideas? :-)
The hack I'm refering to involves turning off the 'Sign or Seal' option in the registry of 
Windows XP because Samba 2.2.x didn't support this feature.

--
Andrew Gaffney
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] setting domain user types on all workstations

2003-12-06 Thread Andrew Gaffney
I have a domain I recently setup with 15 2000/XP clients. I have one account I want to be 
an admin on any workstation I login to, a few accounts I want to be power users, and the 
rest I want to be regular users. Can I automate this or do I have to go around to each 
client and add the domain users in 'Users Accounts' control panel and set their user types?

--
Andrew Gaffney
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] users and groups in a samba domain

2003-12-03 Thread Andrew Gaffney
I'm currently running Samba 2.2.8a as a NT-style domain server. I have a few different 
questions regarding this setup. First, how can I add samba users to groups so that I can 
specify 'DOMAIN\Group' in the permissions for a particular share on an XP machine attached 
to the domain? Also, how can I set account types other than admin and not-admin for use 
when logging in under Windows?

--
Andrew Gaffney
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] users and groups in a samba domain

2003-12-03 Thread Andrew Gaffney
Andrew Gaffney wrote:
I'm currently running Samba 2.2.8a as a NT-style domain server. I have a 
few different questions regarding this setup. First, how can I add samba 
users to groups so that I can specify 'DOMAIN\Group' in the permissions 
for a particular share on an XP machine attached to the domain? Also, 
how can I set account types other than admin and not-admin for use when 
logging in under Windows?
I have a much easier related question. I have 3 UNIX users (testa, testb, testc) which are 
all in the UNIX group 'test'. If I use 'smbpasswd -a' on each of the users to add them to 
samba, can i use 'DOMAIN\test' for permissions somewhere in the domain and have it refer 
to testa, testb, and testc? Does this not work? Is it more difficult that this?

--
Andrew Gaffney
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Connection to a Remote XP Box

2002-11-28 Thread Andrew Gaffney


Joseph A Nagy Jr wrote:


Win98 SE (F)   Disk

  


mount -t smbfs -o username=somename,password=somepass
   //s.o.m.e.i.p/F /chris/
   21287: session request to s.o.m.e.i.p. failed (Called name not present)
   21287: session request to s failed (Called name not present)
   21287: tree connect failed: ERRDOS - ERRnosuchshare (You specified an
   invalid share name)
   SMB connection failed


I think this is a fairly easy problem. The name of the share is not 'F' 
but 'Win98 SE (F)' if I'm not mistaken. That is why you are getting the 
error about no such share.

--
Um, can you repeat the part of the stuff where you
 said all about the things?
   - Homer Simpson

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] RE: SWAT not working, can't authenticate

2002-11-07 Thread Andrew Gaffney
you should just need to do smbpasswd -a root

Wieprecht, Karen M. wrote:

Did you make sure localhost resolves?  Also, depending on your
/etc/resolv.conf,  you may have to fully qualify the host's name including
the DNS domain.   I seem to rember having problems with this, and some
combination of using localhost or hostname.domain.edu or using the actual IP
address of the host cleared up the problem. 

	Karen Wieprecht

-Original Message-
From: Noel Kelly [mailto:nkelly;citrusnetworks.net] 
Sent: Thursday, November 07, 2002 4:48 PM
To: 'Jim Myers'; [EMAIL PROTECTED]
Subject: RE: [Samba] RE: SWAT not working, can't authenticate


I have had this problem before.  Never really got to the bottom of it but if
you want to get on then just add '-a' to your swat command to disable
authentication.

-Original Message-
From: Jim Myers [mailto:myersjj;us.ibm.com]
Sent: 07 November 2002 21:08
To: [EMAIL PROTECTED]
Subject: RE: [Samba] RE: SWAT not working, can't authenticate


I had already done that, so it must be something more subtle...

Jim Myers
IBM Almaden Research Center
B3-239, 408-927-2013




Irving Carrion [EMAIL PROTECTED]
11/07/2002 12:16 PM
 
To: Jim Myers/Almaden/IBM@IBMUS, [EMAIL PROTECTED]
cc: 
Subject:RE: [Samba] RE: SWAT not working, can't 
authenticate

 

Not to sure, but I think you may need to add the root account to Samba.
smbpasswd -a root

-Original Message-
From: [EMAIL PROTECTED] [mailto:samba-admin;lists.samba.org]
On Behalf Of Jim Myers
Sent: Thursday, November 07, 2002 3:08 PM
To: [EMAIL PROTECTED]
Subject: [Samba] RE: SWAT not working, can't authenticate

I have Samba 3.0 alpha20 installed on Linux RedHat 7.3 and all works fine 
except for SWAT.
I have /etc/xinetd.d/swat defined properly (I think) and port 901 is 
active and starts SWAT OK.

When I try to log in to SWAT either locally or from remote browser, the 
authentication fails.
I'm logging in as user=root with the correct password, but the 
authentication still fails.

Is there some special password file that SWAT uses?

Jim Myers
IBM Almaden Research Center
B3-239, 408-927-2013

--
Um, can you repeat the part of the stuff where you
 said all about the things?
   - Homer Simpson

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba



Re: [Samba] Roaming profiles problem - loading failure

2002-11-07 Thread Andrew Gaffney
I got the error again. This is the exact text in Windows:


Windows cannot copy file \\omega\profiles\test\Cookies\index.dat to 
location C:\Documents and Settings\test\Cookies\index.dat. Contact your 
network administrator.

DETAIL - The process cannot access the file because it is being used by 
another process.


I can't seem to find any errors in my logfiles. It looks like its a 
Windows 2000 problem. It happens every few days or so and is usually a 
different file. Anybody have any ideas? I had just logged off as the 
domain user administrator before I tried to logon as the domain user test.


[EMAIL PROTECTED] wrote:
On Tue, Nov 05, 2002 at 08:48:42AM -0600, Andrew Gaffney wrote:


I have been having this same problem. There is nothing in 2.2.6 that 
fixes it. I still have no idea what's causing it.

Peter Polkinghorne wrote:

I have a samba 2.2.4 PDC which acts as the repository of roaming profiles.
Just recently some of our users have experienced failure to load roaming 
profiles.  The clients are on a pair of Windows 2000 terminal servers.
The failure does not seem to be confined to one server and only affects some 
people.

The error given takes place during the loading profile stage:

Windows can not copy:
\\Samba server\profiles\aaa\Application Data\Microsoft\Outlook\FAVF.tmp to
C:\Documents and Settings\aaa.KINGSFORDS\Application 
Data\Microsoft\Outlook\FAVF.tmp

DETAIL - Access is denied



More details please, a packet sniff or log file extract

Jeremy.



--
Um, can you repeat the part of the stuff where you
 said all about the things?
   - Homer Simpson

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba



Re: [Samba] Roaming profiles problem - loading failure

2002-11-07 Thread Andrew Gaffney
would turning off client side caching help with this problem?

Freeman, Peter (ERHS) wrote:

DETAIL - The process cannot access the file because it is 
being used by another process.


This error is different to the Access Denied message as posted earlier in 
this thread.

I've recently (last week) set up a Samba PDC with 2.2.6 and roaming 
profiles.  Clients are all Win2k (SP2  SP3 mix).  We had this error
occasionally when a user logged on concurrently, it happens at random but
as we don't have many users logging on concurrently its not a major 
issue.  I didn't have time to debug it beyond this, but when I get the
chance
I'll check some logs on this if no one has any solutions to this one.


--
Um, can you repeat the part of the stuff where you
 said all about the things?
   - Homer Simpson

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba



[Samba] remote admin of win2k boxes via samba

2002-11-07 Thread Andrew Gaffney
Is there a way to use samba to remotely add users, change passwords, set 
permissions, etc. on a win2k box?

--
Um, can you repeat the part of the stuff where you
 said all about the things?
   - Homer Simpson

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Roaming profiles problem - loading failure

2002-11-05 Thread Andrew Gaffney
I have been having this same problem. There is nothing in 2.2.6 that 
fixes it. I still have no idea what's causing it.

Peter Polkinghorne wrote:
I have a samba 2.2.4 PDC which acts as the repository of roaming profiles.
Just recently some of our users have experienced failure to load roaming 
profiles.  The clients are on a pair of Windows 2000 terminal servers.
The failure does not seem to be confined to one server and only affects some 
people.

The error given takes place during the loading profile stage:

Windows can not copy:
\\Samba server\profiles\aaa\Application Data\Microsoft\Outlook\FAVF.tmp to
C:\Documents and Settings\aaa.KINGSFORDS\Application 
Data\Microsoft\Outlook\FAVF.tmp

DETAIL - Access is denied

Then it says: Windows could not load the profile and is logging you on with a 
temporary profile.

My profiles part of smb.conf is:

# Profiles
[profiles]
path = /home/ntprofile
writeable = yes
create mask = 0600
directory mask = 0700
nt acl support = no
csc policy = disable

... the last 2 lines being added during the day, but with no effect.

I have checked the source file and apart from being 0 length it looks perfectly 
accessible.

Anyone else seen this? Or any hints as to what to do?

I am contemplating upgrading to 2.2.6 - but the WHATSNEW gives no hint that this 
might be a fixed problem.  Of course it might be a problem with the Windows 2000 
servers - not sure what SP level we are at - Windows manager away.




--
Um, can you repeat the part of the stuff where you
 said all about the things?
   - Homer Simpson

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba



Re: [Samba] concerning smbmount

2002-10-29 Thread Andrew Gaffney


Mikhail Lapine wrote:

Hello!

Sorry for a probably stupid question, but 
what is implied under service in the smbmount synopsis
smbmount {service} {mount-point} ... ?
I didn't find anything in man pages!


smbmount //server/sharename /mount-point

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba



Re: AW: [Samba] user root is not accepted anymore

2002-10-22 Thread Andrew Gaffney


[EMAIL PROTECTED] wrote:

Hi,

for me it looks not like a configuration problem.
After a new reinstallation of samba i found the message

  smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User root !

in log.smbd

Any more ideas?




try 'smbpasswd -a root'. Since it said that the user root didn't exist 
in the smbpasswd file, try adding it back

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Unstable Samba PDC

2002-10-15 Thread Andrew Gaffney

I set up Samba 2.2.6rc3 (also tried 2.2.4 and 2.2.5 with same effect) as 
a PDC. It works just fine most of the time. But once every few logons or 
logoffs I get errors about not being able to write files because a 
process is currently using them when its updating the roaming profile or 
  a message about not being able to find the roaming profile when 
logging on. This happens a lot less often than the first error. Has 
anyone come across this before?

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba