RE: [Samba] ads_connect: Program lacks support for encryption type
I had this same problem,
banged my head against desk for 3 hours...
samba 3.0.21a + rhel4, and I had the same krb5.conf setup.
what was strange was that we could get to it by ip address(so Kerberos +
winbind was working, and wbinfo -u, and wbinfo -g worked), yet when we tried by
name, it wouldn't work, kept prompting for password(and saying the encryption
type error in the logs)...
I thought that our windows 2003 server upgrade got the better of us, even
though I had 4 other servers configured the same way that were still
working...(thinking it was something new when running net ads join command that
wasn't working)...
well, it must have been wins, or something, because about 3 hours later, it
started working properly. I have no explanation why(and would love one BTW.)
Barry Smoke
Network Administrator
AR Division of Legislative Audit
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mason, Roberto
Sent: Friday, January 13, 2006 10:48 AM
To: samba@lists.samba.org
Subject: [Samba] ads_connect: Program lacks support for encryption type
I'm trying to setup here at my school board an ADS domain member to Windows
2000 Server(s). I've setup Samba, configured nsswitch and /etc/krb5.conf. I'll
be including them on this post. When I run net join ADS
-Uadministrative_user, I'm prompted for the password and I get this error
message:
[2006/01/12 15:21:35, 0] utils/net_ads.c:ads_startup(191)
ads_connect: Program lacks support for encryption type
I scoured Google, but I've not been able to find the solution.
Is there a service I'm not running?
# Samba config file created using SWAT
# from 0.0.0.0 (0.0.0.0)
# Date: 2006/01/11 16:27:02
/etc/samba/smb.conf
# Samba config file created using SWAT
# from 0.0.0.0 (0.0.0.0)
# Date: 2006/01/11 16:27:02
[global]
workgroup = MYDOMAIN
realm = MYDOMAIN.QC.CA
bind interfaces only = Yes
security = ADS
username map = /etc/samba/smbusers
log level = 1
printcap name = cups
wins server = xxx.xxx.xxx.xxx
ldap ssl = no
idmap uid = 1-2
idmap gid = 1-2
template shell = /bin/bash
winbind use default domain = no
[homes]
valid users = %S
read only = No
browseable = No
#masonr is a local user
[storage2]
path = /drive
valid users = masonr
write list = masonr
force user = nobody
force group = nobody
read only = No
etc/nsswitch.conf
passwd: files winbind
shadow: files
group: files winbind
#hosts: db files ldap nis dns
hosts: files winbind dns
# Example - obey only what ldap tells us...
#services: ldap [NOTFOUND=return] files
#networks: ldap [NOTFOUND=return] files
#protocols: ldap [NOTFOUND=return] files
#rpc: ldap [NOTFOUND=return] files
#ethers:ldap [NOTFOUND=return] files
bootparams: files
ethers: files
netmasks: files
networks: files dns
protocols: files
rpc:files
services: files
netgroup: files
publickey: files
automount: files
aliases:files
/etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = MYDOMAIN.QC.CA
default_etypes = des-cbc-crc des-cbc-md5
default_etypes_des = des-cbc-crc des-cbc-md5
[realms]
MYDOMAIN.QC.CA = {
default_domain = mydomain.qc.ca
kdc = server1.mydomain.qc.ca:88
kdc = server2.mydomain.qc.ca:88
admin_server = server1.mydomain.qc.ca:749
}
[domain_realm]
.mydomain.qc.ca = MYDOMAIN.QC.CA
mydomain.qc.ca = MYDOMAIN.QC.CA
Roberto Mason
IT Department
Sir Wilfrid Laurier School Board
235 Montée Lesage
Rosemère, Québec,
J7A 4Y6
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] rhel4 + samba 3.0.21a + win2k3 server and sp1
Well, it looks like we are stuck... I can't figure out what to do next. ads_connect: Program lacks support for encryption type here's the whole story: We've been using winbind successfully for over a year now, rhel3 variants(scientific linux 3), some run rhel3's default samba, others use the packages from http://enterprisesamba.com/ we started out using the NT4 compatability mode(net rpc join -U administrator%password), which only allowed one server to use that username to connect to AD) so, we switched to security = ADS, and used net ads join -U administrator%password and now we have 5 servers using that method to host samba shares. These servers survived a windows 2003 server upgrade on our dc1 domain controller. no other problems with them. We were implementing a new rhel4 server(scientific linux 4), and did everything the same, and the stock samba that comes with rhel4 would not enumerate groups from active directory. After some searching the samba list archives, I found a thread that mentioned windows 2003 server sp1 caused that, and it had been fixed in samba 3.0.14 I tried an apt-get update(equiv. to yum update in scientific) and the new samba installed did not fix the problem. so, as I have done on many occasions(but not on rhel4), I installed the enterprisesamba packages. I immediately got this error: [EMAIL PROTECTED] i386]# net ads join -U administrator%password [2006/01/10 13:55:26, 0] utils/net_ads.c:ads_startup(191) ads_connect: Program lacks support for encryption type I fixed that error on an earlier rhel3 install with a line in the krb5.conf file, however that fix did not work here. I figure this has something to do with the heimdal 0.7.1 that enterprisesamba includes with their latest rpm's. I re-compiled the source rpm, and re-installed, and no luck! I can't find anyone else discussing this, so I thought, well maybe we are just ahead of the curve, and I downgraded to enterprisesamba's old 3.0.14, and come to find out, anything between 3.0.14a, and 3.0.20b gives a different error on the net ads join command: segmentation fault so, we are stuck. I can't revert back to rhel3 on this box(new raid card that is supported out of the box with rhel4, but not 3, at least not without a lot of work) any suggestions? Thanks, Barry Smoke Network Administrator AR Division of Legislative Audit -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
nevermind...stock 3.0.21a works...was RE: [Samba] rhel4 + samba 3.0.21a + win2k3 server and sp1
stock samba 3.0.21a works just fine, I generated an rpm from samba source, and everything works just fine! the enterprisesamba packages are what is broken. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Barry Smoke Sent: Tuesday, January 10, 2006 2:38 PM To: samba@lists.samba.org Subject: [Samba] rhel4 + samba 3.0.21a + win2k3 server and sp1 Well, it looks like we are stuck... I can't figure out what to do next. ads_connect: Program lacks support for encryption type here's the whole story: We've been using winbind successfully for over a year now, rhel3 variants(scientific linux 3), some run rhel3's default samba, others use the packages from http://enterprisesamba.com/ we started out using the NT4 compatability mode(net rpc join -U administrator%password), which only allowed one server to use that username to connect to AD) so, we switched to security = ADS, and used net ads join -U administrator%password and now we have 5 servers using that method to host samba shares. These servers survived a windows 2003 server upgrade on our dc1 domain controller. no other problems with them. We were implementing a new rhel4 server(scientific linux 4), and did everything the same, and the stock samba that comes with rhel4 would not enumerate groups from active directory. After some searching the samba list archives, I found a thread that mentioned windows 2003 server sp1 caused that, and it had been fixed in samba 3.0.14 I tried an apt-get update(equiv. to yum update in scientific) and the new samba installed did not fix the problem. so, as I have done on many occasions(but not on rhel4), I installed the enterprisesamba packages. I immediately got this error: [EMAIL PROTECTED] i386]# net ads join -U administrator%password [2006/01/10 13:55:26, 0] utils/net_ads.c:ads_startup(191) ads_connect: Program lacks support for encryption type I fixed that error on an earlier rhel3 install with a line in the krb5.conf file, however that fix did not work here. I figure this has something to do with the heimdal 0.7.1 that enterprisesamba includes with their latest rpm's. I re-compiled the source rpm, and re-installed, and no luck! I can't find anyone else discussing this, so I thought, well maybe we are just ahead of the curve, and I downgraded to enterprisesamba's old 3.0.14, and come to find out, anything between 3.0.14a, and 3.0.20b gives a different error on the net ads join command: segmentation fault so, we are stuck. I can't revert back to rhel3 on this box(new raid card that is supported out of the box with rhel4, but not 3, at least not without a lot of work) any suggestions? Thanks, Barry Smoke Network Administrator AR Division of Legislative Audit -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
am I the only one that pam_mkhomedir+samba makes machine folders for?...was RE: [Samba] pam_mkhomdir.so is creating machine folders when usedwithsamba
I see a ton of past archive mails for pam_mkhomedir.so, but I don't see anyone else with my problem. Do others just not care that a bunch of extra folders with the machine names are getting created, or is it not happening for anyone else, and I have just done something wrong? RHEL 3.04 samba 2.0.14a-1 Barry Smoke Network Administrator AR Division of Leg. Audit -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Barry Smoke Sent: Friday, September 30, 2005 10:02 AM To: samba@lists.samba.org Subject: RE: [Samba] pam_mkhomdir.so is creating machine folders when usedwithsamba I have tried changing the valid users on the [homes] share to %D+%u, instead of leaving the default, thinking it might be trying %S, which might have been causing the machine name folders to be created, that was not it, I tried changing the location of the pam_mkhomedir.so session string. I moved it to /etc/pam.d/samba, I moved it to the last string in system-auth, nothing has made a difference. I can't find a pam option to keep this from happening, and I did find a samba thread on this list about this being by design, and they eventually went with a pre-exec script. I see a ton of pam_mkhomedir threads on the samba list, but none of them mention the machine name directory getting created, and how to prevent it. Any help would be greatly appreciated. Barry Smoke -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Barry Smoke Sent: Thursday, September 29, 2005 10:22 AM To: samba@lists.samba.org Subject: [Samba] pam_mkhomdir.so is creating machine folders when used withsamba Hello Samba Users, I recently found out about pam_mkhomedir.so, and now use it on a couple of servers. It works great, except that it is constantly creating directories for the machines that connect also. is my problem in my pam config, or my samba config? What can I do to keep this from happening? here is my config [global] workgroup = audit netbios name = Storage1 server string = Storage1 security = ADS encrypt passwords = yes realm = AUDIT.LOCAL obey pam restrictions = yes idmap uid = 15000-2 idmap gid = 15000-2 winbind separator = + winbind use default domain = yes use sendfile = yes log level = 1 passdb:5 auth:1 winbind:1 template homedir = /data/%D/%U #template shell = /bin/bash time server = yes [homes] comment = Home Directories #valid users = %S read only = no browseable = no vfs objects = recycle:keeptree [EMAIL PROTECTED] pam.d]# cat system-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. authrequired /lib/security/$ISA/pam_env.so authsufficient/lib/security/$ISA/pam_unix.so likeauth nullok authrequired /lib/security/$ISA/pam_deny.so account required /lib/security/$ISA/pam_unix.so passwordrequired /lib/security/$ISA/pam_cracklib.so retry=3 type= passwordsufficient/lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow passwordrequired /lib/security/$ISA/pam_deny.so session sufficient/lib/security/$ISA/pam_mkhomedir.so skel=/etc/skel/ umask=0022 session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so Thanks, Barry Smoke Network Administrator AR Division of Legislative Audit -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] pam_mkhomdir.so is creating machine folders when used withsamba
I have tried changing the valid users on the [homes] share to %D+%u, instead of leaving the default, thinking it might be trying %S, which might have been causing the machine name folders to be created, that was not it, I tried changing the location of the pam_mkhomedir.so session string. I moved it to /etc/pam.d/samba, I moved it to the last string in system-auth, nothing has made a difference. I can't find a pam option to keep this from happening, and I did find a samba thread on this list about this being by design, and they eventually went with a pre-exec script. I see a ton of pam_mkhomedir threads on the samba list, but none of them mention the machine name directory getting created, and how to prevent it. Any help would be greatly appreciated. Barry Smoke -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Barry Smoke Sent: Thursday, September 29, 2005 10:22 AM To: samba@lists.samba.org Subject: [Samba] pam_mkhomdir.so is creating machine folders when used withsamba Hello Samba Users, I recently found out about pam_mkhomedir.so, and now use it on a couple of servers. It works great, except that it is constantly creating directories for the machines that connect also. is my problem in my pam config, or my samba config? What can I do to keep this from happening? here is my config [global] workgroup = audit netbios name = Storage1 server string = Storage1 security = ADS encrypt passwords = yes realm = AUDIT.LOCAL obey pam restrictions = yes idmap uid = 15000-2 idmap gid = 15000-2 winbind separator = + winbind use default domain = yes use sendfile = yes log level = 1 passdb:5 auth:1 winbind:1 template homedir = /data/%D/%U #template shell = /bin/bash time server = yes [homes] comment = Home Directories #valid users = %S read only = no browseable = no vfs objects = recycle:keeptree [EMAIL PROTECTED] pam.d]# cat system-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. authrequired /lib/security/$ISA/pam_env.so authsufficient/lib/security/$ISA/pam_unix.so likeauth nullok authrequired /lib/security/$ISA/pam_deny.so account required /lib/security/$ISA/pam_unix.so passwordrequired /lib/security/$ISA/pam_cracklib.so retry=3 type= passwordsufficient/lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow passwordrequired /lib/security/$ISA/pam_deny.so session sufficient/lib/security/$ISA/pam_mkhomedir.so skel=/etc/skel/ umask=0022 session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so Thanks, Barry Smoke Network Administrator AR Division of Legislative Audit -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] pam_mkhomdir.so is creating machine folders when used with samba
Hello Samba Users, I recently found out about pam_mkhomedir.so, and now use it on a couple of servers. It works great, except that it is constantly creating directories for the machines that connect also. is my problem in my pam config, or my samba config? What can I do to keep this from happening? here is my config [global] workgroup = audit netbios name = Storage1 server string = Storage1 security = ADS encrypt passwords = yes realm = AUDIT.LOCAL obey pam restrictions = yes idmap uid = 15000-2 idmap gid = 15000-2 winbind separator = + winbind use default domain = yes use sendfile = yes log level = 1 passdb:5 auth:1 winbind:1 template homedir = /data/%D/%U #template shell = /bin/bash time server = yes [homes] comment = Home Directories #valid users = %S read only = no browseable = no vfs objects = recycle:keeptree [EMAIL PROTECTED] pam.d]# cat system-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. authrequired /lib/security/$ISA/pam_env.so authsufficient/lib/security/$ISA/pam_unix.so likeauth nullok authrequired /lib/security/$ISA/pam_deny.so account required /lib/security/$ISA/pam_unix.so passwordrequired /lib/security/$ISA/pam_cracklib.so retry=3 type= passwordsufficient/lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow passwordrequired /lib/security/$ISA/pam_deny.so session sufficient/lib/security/$ISA/pam_mkhomedir.so skel=/etc/skel/ umask=0022 session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so Thanks, Barry Smoke Network Administrator AR Division of Legislative Audit -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.1 - 3.0.2 upgrade problem
Uwe Laverenz wrote: Gerald (Jerry) Carter schrieb: Is the last change time on the password set to 0 by chance? Please provide more details. This little question made my day. :-) I updated all our servers from 2.2.8a+LDAP to 3.0.2 this evening and had the problem that most users couldn't log in any more while my own account was still working. I remembered this little post from you, checked my LDAP-entries and found that the broken accounts all had 'sambaPwdLastSet' set to '0'. I changed them to a reasonable value and all worked fine. Thank you. :-) cu, Uwe We have hundreds of ldap entries, and about half of them have this set, but I swear, that even the ones that didn't couldn't get on... We can be up for another test run this weekend... -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.1 - 3.0.2 upgrade problem
same thing here... amrito wrote: Michal Sladek wrote: This morning I tried to upgrade Samba from 3.0.1 to 3.0.2 final I had only few minutes to test it from Windows XP clients (we use Windows 98 and XP clients in our company) because we have hundreds of users connected and I had to go back to 3.0.1 immediately before the get angry:-) Exactly the same happend with me. After compiling 3.0.2 (which worked absolutely fine) and installing it, the telephone started to ring, and I had to revert immediately. Basic effect: when attaching a network drive, the system asked for a password and afterwards rejected the service with a message like 'invalid user or password' I haven't got time to install 3.0.2 on a spare server to check what went wrong without the threat of being thrown out of the window, but if in between someone got some hints what might have gone wrong and (even more interesting) how to fix it, I would greatly appreciate to get the info, too. Thanks Regards john -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 4 samba domains/one ldap backend/2 methods/which to use?
Andrew Bartlett wrote: You cannot share users between domains. If the user is in one domain, it *must not* be visible to the other domains, you must use a seperate ldap suffix. where is the documentation on this? I would think this would be a common configuration with ldap, trying to consolidate to one ldap directory. Anyone written any HowTo's? since we are using smbldap-tools, I guess this means a re-write to make those utilities work? Check your replication, and use Samba 3.0.1, with the 'ldap replication sleep' parameter. This allows you to make the system wait until the slave LDAP server has caught up. Thanks, We'll try that... questions: on method1 above, we have some users that get special shares based upon the %m, meaning the domain they put to log in box. %m is the machine name they login from. %L is what I meant...the netbios name of the server(meaning what server the client wanted) We use this to make one large quad xeon act like 4 different servers. This works on the pdc, but we can't get it to work on a BDC.(Why don't domain aliases work on a BDC?) I'm not sure what you mean here. We tested putting a netbios alias into our pdc with ldap, and we can type that alias as the domain we are logging into on the main network, and use the variable in the smb.conf file for various thingsworks great! when we got our BDC up, we tried putting our main campus domain as the workgroup name, then put in what we were using as the remote domain in as an alias(just like on the main server), and even a windows 98 machine couldn't find the domain does BDC break this? Andrew Bartlett -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] 4 samba domains/one ldap backend/2 methods/which to use?
in both methods tried, we can't successfully add xp machines to the domain at the remote locations main samba is on our main campus, behind a 10.10 internal lan remote samba's are on remote campuses, behind a 10.xx network 10.11 10.12 all connected with our internal lan via VPN ## Method 1) ALL PDC's, using same ldap database(thus inherant problems, allusers have SID's generated with primary domain's SID) a)We set up our master ldap server, and samba server on the same machine. b)replicated ldap to remote samba servers, and set up referrals, so that transactions to modify ldap go back to master c)install idealx smbldap-tools on all samba servers, using different SID's on each server d) attempt to join xp machine to domain using results: samba authenticates users correctly, and users are added correctly. adding samba machine accounts at remote servers errors out, while it works on main server. the errors are sporadic, such as can't find domain, can't find user, questions: why would users in the ldap database generated with the master samba/ldap domain/server be able to log in at remote site/domain...wouldn't the SID's conflict? why would we not be able to join xp machine to domain, with the remote server's SID configured in smbldap-tools(remember remote server has different SID in smbldap-tools, thus adds users locally, whihc is referred to the master.)? when run manually, the machine entry get's put into ldap, and it gets put into ldap from the xp wizard also, but it does not get the sambaSamAccount objectclass, along with the sid's samba generates, thus causes an error(user not found) speculations: our remote domain needs a domain admins group wiht it's sid, so that a root user can be added to ldap (remoteroot), so machines can be added wiht that user's info... the problem is we get these errors wiht smbldap-tools: [EMAIL PROTECTED] samba]# smbldap-usershow desroot /usr/local/sbin/smbldap-usershow: user desroot doesn't exist [EMAIL PROTECTED] samba]# smbldap-groupshow desdomadm dn: cn=desdomadm,ou=Groups,dc=bryantschools,dc=org objectClass: posixGroup,sambaGroupMapping cn: desdomadm gidNumber: 1040 sambaSID: S-1-5-21-3567609034-2183773975-620293219-3081 sambaGroupType: 2 [EMAIL PROTECTED] samba]# smbldap-useradd -a -g desdomadm desroot Use of uninitialized value in pattern match (m//) at /usr/local/sbin//smbldap_tools.pm line 733. /usr/local/sbin/smbldap-useradd: unknown group desdomadm thus, I can't test the theory... ### Method 2) believeing method 1 had something to do with an SID problem, we proceeded to set up the remote locations as BDC's a)set up master ldap server, and samba server on same machine, b) set up replica's and referrals back to master c) set up remote servers as BDC's using same SID d)set up SID in smbldaptools to be the same results: samba added the xp machines to the domain, but we could not log in upon reboot. questions: on method1 above, we have some users that get special shares based upon the %m, meaning the domain they put to log in box. This works on the pdc, but we can't get it to work on a BDC.(Why don't domain aliases work on a BDC?) this e-mail mentions the correct way to do multiple domains in the same ldap databaseis different branches... where is any documentation on the correct way / designed way to do this? http://lists.samba.org/archive/samba-technical/2003-December/033422.html Thanks in advance, Barry Smoke District Network Admin Bryant Public Schools -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] kixtart and group based logins
I know this has been beaten to death, and the solution has always been pre-exec scripts, but I would like to delve further into discssion on group based actions in log in scripts. We have been playing with kixtart here, and are very impressed with it's flexibility. So, here is my primary question... there is an api that kixtart has that interfaces with the server, so that group based logins(and other advaced features) can be accomplished. Has there been any investigations on including this api into the samba code? Also, samba already supports mapping shares based on someone's group membership, even if that is not their primary group. Can this already existing function be used in anyway to allow kixtart to authenticate based on this? Barry Smoke District Network Administrator Bryant Public Schools RHCE,MCP -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Fwd: [Samba] Re: [K12OSN]Re: [Lrlug-discuss]emergency....file/directory recovery]
Is the only way to get this right now from CVS? On Tue, 2002-06-04 at 14:25, Chris Tooley wrote: The Recycle Bin option in the smb.conf allows you to create a Salvage area like Netware has. This is a really wonderful feature that I've been using for several releases and happy to see in the latest release of Samba. It works pretty well, and can grow extremely fast. It's better than Netware's Salvage though as it does revisioning. And since it's a standard directory instead of a special place it's actually easier for me to browse the files to recover the right ones. Chris Tooley On Tue, 2002-06-04 at 09:49, Barry Smoke wrote: I sent to samba list, with the wrong e-mail account, so it never made it... Any help with this is appreciated. Barry Smoke District Network Administrator Bryant Public Schools -Forwarded Message- From: Steve Langasek [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: [Samba] Re: [K12OSN] Re: [Lrlug-discuss]emergencyfile/directory recovery Date: 03 Jun 2002 17:03:27 -0500 On Mon, Jun 03, 2002 at 04:55:44PM -0500, Barry Smoke wrote: We have had another instance of this. since I am forwarding to other lists, this involves a lost file, due to accidental deletion. in this case, we had a backup, but from the backup time, till deletion time, a lot of data had been lost. So, we have not enough disk space to do hourly backups, novell allowed recovery of a lost file like this, so: is there a filesystem that we need to switch to, that is still linux compatible that has file recovery like this?.journaled...? Is there an application level program, that keeps stuff that has been deleted?besides backup, and backup often!? This is mostly a samba issue, for windows users maybe there should be a samba plug-in, or a purge type structure built in to samba-core. This appears to be a real problem for us. I think this will plague other districts/organizations/businesses in the decision to move to linux, where using samba is possible, but at what cost to file integrity...(maybe integrity is not the right word...) As I'm sure the people on the Samba list (whom you've cc:ed) will be happy to tell you, there is a vfs trashcan implementation available for Samba 2.2 and above. I believe it's part of the main Samba source in the Samba 3.0 CVS and will soon be built by default there; I'm not exactly sure what you have to do to get this for Samba 2.2.x, and will defer to Samba list denizens. Steve Langasek postmodern programmer On Mon, 2002-04-01 at 17:27, Bryan Voss wrote: On Mon, 2002-04-01 at 17:01, Barry Smoke wrote: We were doing a re-install of our imagecast software on our samba server, and the install deleted the images folder with 3 years worth of images in it. Can we get these back? The only info I have is for ext2 filesystems. Not sure how applicable it is for other filesystems, so YMMV. 1) Take the system offline ***IMMEDIATELY***. Preferably by just shutting it off without even doing a shutdown. The longer it runs, the more likely your lost data has been overwritten. Even doing a proper shutdown can overwrite some of the data. 2) Remove the drive/drives and hook them up to another system. 3) Mount the filesystem(s) read-only. 4) Download and compile The Coroner's Toolkit, which contains a couple of utilities you will need: unrm and lazarus. You can get TCT at: http://www.fish.com/tct/ . You may also want to get TCTUTILs from http://www.cerias.purdue.edu/homes/carrier/forensics/ to get a nicer interface for TCT. 5) Read http://www.fish.com/tct/help-recovering-file for a walkthrough. I did this a few years ago and it works, but it will probably take you many many hours to do a recovery and then it will probably be only partial. Some files will probably already be partially overwritten, so you can expect some corrupted images and other problems. As Nathan said, backups are the only good recovery path, but it's obviously a little late for that now. Also note the things you find that that can be partially recovered. An eye opener from a security standpoint. You'll probably find files dating back to the time that filesystem was put into use. -- \\// Bryan Voss [EMAIL PROTECTED] PGP Key: http://www.vosswerx.com/bvoss/pgpkey.txt ___ Lrlug-discuss mailing list [EMAIL PROTECTED] http://lrlug.org/cgi-bin/mailman/listinfo/lrlug-discuss ___ K12OSN mailing
[Samba] samba ports blocked by isp
Is it possible to map a drive to a samba share over the internet, through an isp that blocks the samba ports... I know with samba, I can specify a port, but what about a windows client? Can I change what port a windows machine looks to for samba/smb for a particular share only? Barry Smoke Network Administrator Bryant Public Schools -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
