RE: [Samba] ASCII problem ??
$ man unix2dos $ man dos2unix For text files only, I believe. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Blane Bramble Sent: Tuesday, February 03, 2004 8:03 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: [Samba] ASCII problem ?? On Tue, 2004-02-03 at 12:56, [EMAIL PROTECTED] wrote: Hi Hope you can help me. I have a problem transferring files from Unix to Windows NT using Samba, specifically the CR\LF is missing from the files when they are transferred over. In FTP I can choose the -ASCII option and all is well. I can overcome this problem myself by using tr, unix2dos or sed to place the missing CR\LF characters. The question is can Samba add the CR\LF via an option like FTP does Regards Dave I think you are confusing file serving with file transfer - Samba is designed as a file server - as such it is vital it does *not* make any changes to files. The problem you have with transferring the files is a result of file format differences between the platforms - if the files are only being used by Windows machines then you need to look at why they not in the correct format. If the files are being created by a unix machine or process, then you need to look at how you can create them in the correct format for Windows. Blane. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] debian packages: krb5
Does anyone know where I can find the needed Debian packages for installing Kerberos 1.3.1? From what I've been told I need these for ADS support in Samba. There are no backports for Kerberos 1.3 or higher. If anyone has any suggestions besides building from source, I'd like to hear them. Thanks, Brian -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] copying from Win to Linux
As a related follow-up to Tarjei's question: I too am going to be copying large amounts of files from a Windows 2000/2003 server to a Linux box running Samba. The files range from 2K to 30K (sometimes upwards of 50K). The files are being copied basically as fast as they can be generated (by separate applications) and transferred over the wire. I currently have a Samba 2.2.3a-12.3 (the Debian stable package) installed, but I'm considering installing 3.0.0 or 3.0.1. I've heard that Samba 3.0 and above have definite advantages in speed over 2.x.x. My question is this: Can anyone discuss the performance difference between Samba 3 and 2 in quantitative terms or point me to web sources that do? Specifically in a situation where files (averaging around 30K in size) are being copied across the network from a Windows 200x machine to a Linux box. The files, once written, will be read by a single Linux process only. No Windows server will be accessing the files once they're copied over. Any information would be greatly appreciated. I need to make a decision today. Thanks, Brian -Original Message- From: Tarjei Huse [mailto:[EMAIL PROTECTED] Sent: Thursday, January 15, 2004 4:14 AM To: [EMAIL PROTECTED] Subject: [Samba] copying from Win to Linux Hi, I'm about to migrate a lot of files from a windows server to a new, shiny samba-server. I just got a small problem : What is the best way to do this? I'e tried rsync, but it croaks on some files with names like somethign :some.eml the same does cp. What I'm wondering about, is has anyone else had these problems, and if so, how did you solve them? Do you have a script for cleaning out characters like this one? Tarjei -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] copying from Win to Linux
Thanks, Rashkae. I have ReiserFS installed on two 18GB SCSI 10k drives with RAID 1. I think this should be sufficient. But if there's a performance improvement on the networking end between Samba 2.x and 3.x, I'd like to consider it. And yes, the files will potentially be in the tens of thousands at any given time (it's basically a large-scale email solution). Thanks, Brian -Original Message- From: Rashkae [mailto:[EMAIL PROTECTED] Sent: Thursday, January 15, 2004 10:51 AM To: Brian Spiegel Subject: Re: [Samba] copying from Win to Linux If there are a large number of these small files (in the thousands), you'll most deffinately want a ReiserFS filesystem. A well tuned FS will make more of a performance difference. I haven't tested JFS or XFS in this scenario, but EXT just can't handle writing a large number of small files in a single directory. On Thu, Jan 15, 2004 at 10:22:41AM -0800, Brian Spiegel wrote: As a related follow-up to Tarjei's question: I too am going to be copying large amounts of files from a Windows 2000/2003 server to a Linux box running Samba. The files range from 2K to 30K (sometimes upwards of 50K). The files are being copied basically as fast as they can be generated (by separate applications) and transferred over the wire. I currently have a Samba 2.2.3a-12.3 (the Debian stable package) installed, but I'm considering installing 3.0.0 or 3.0.1. I've heard that Samba 3.0 and above have definite advantages in speed over 2.x.x. My question is this: Can anyone discuss the performance difference between Samba 3 and 2 in quantitative terms or point me to web sources that do? Specifically in a situation where files (averaging around 30K in size) are being copied across the network from a Windows 200x machine to a Linux box. The files, once written, will be read by a single Linux process only. No Windows server will be accessing the files once they're copied over. Any information would be greatly appreciated. I need to make a decision today. Thanks, Brian -Original Message- From: Tarjei Huse [mailto:[EMAIL PROTECTED] Sent: Thursday, January 15, 2004 4:14 AM To: [EMAIL PROTECTED] Subject: [Samba] copying from Win to Linux Hi, I'm about to migrate a lot of files from a windows server to a new, shiny samba-server. I just got a small problem : What is the best way to do this? I'e tried rsync, but it croaks on some files with names like somethign :some.eml the same does cp. What I'm wondering about, is has anyone else had these problems, and if so, how did you solve them? Do you have a script for cleaning out characters like this one? Tarjei -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Mapping a drive letter to a Samba share
Hey guys, I'm in kind of a crunch right now. Due to a poorly written script that I don't have control over, I need to be able to map a drive letter to a Samba share so that it works seamlessly with UNC (i.e \\server\Share file:///\\server\Share ). Basically, I need a way for a share name with a $ in it to be recognized as a valid network name. My current setup is like so: [Pickup] comment = Pickup path = /pickup read only = No guest ok = Yes guest only = Yes [C$\inetpub\mailroot\Pickup] comment = Other Pickup, Same Target Directory path = /pickup read only = No guest ok = Yes guest only = Yes Now, C$ is standard UNC for the root directory on Windows ( C: ). The Pickup share works great. However, the share with C$ in the title gives me a Network name could not be found error dialog. Has anyone had to do this before? How can it be done? I'm in a serious time crunch at this point and the owner of the application that uses this access method is not going to have time to change it. Any help or guidance on how this could be done would be greatly appreciated. Time is running short. Thanks, Brian -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
FW: [Samba] Samba requesting nonexistent keytab type?
Hi all, I've downloaded and installed the 3.0.2pre1 package. However, I've not managed to get winbindd working. I've run into a credentials cache problem (so I haven't been able to even get to the point I was at before). My krb5.conf and pam settings haven't changed and I'm using the same smb.conf as before. I'm using MIT Kerberos 1.3.1 (in /usr/kerberos/). Here are some excerpts from the winbindd log file (at debug level 10). [2004/01/07 16:15:34, 3] libsmb/cliconnect.c:cli_session_setup_spnego(705) got [EMAIL PROTECTED] [2004/01/07 16:15:34, 2] libsmb/cliconnect.c:cli_session_setup_kerberos(509) Doing kerberos session setup [2004/01/07 16:15:34, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269) krb5_cc_get_principal failed (No credentials cache found) [2004/01/07 16:15:34, 4] nsswitch/winbindd_cm.c:cm_open_connection(186) failed kerberos session setup with NT_STATUS_UNSUCCESSFUL [2004/01/07 16:15:34, 5] nsswitch/winbindd_cm.c:cm_open_connection(218) anonymous connection attempt to DC01 from SOME-SERVER ... a bunch of data for pipe/connection (I think)... [2004/01/07 16:15:34, 3] nsswitch/winbindd_util.c:add_trusted_domain(142) add_trusted_domain: DOMAIN is a native mode domain [2004/01/07 16:15:34, 1] nsswitch/winbindd_util.c:add_trusted_domain(149) Added domain DOMAIN DOMAIN.COM [2004/01/07 16:15:34, 10] nsswitch/winbindd_cache.c:wcache_flush_cache(66) wcache_flush_cache success [2004/01/07 16:15:34, 10] nsswitch/winbindd_cache.c:alternate_name(1306) alternate_name: [Cached] - doing backend query for info for domain DOMAIN [2004/01/07 16:15:34, 3] nsswitch/winbindd_ads.c:alternate_name(952) ads: alternate_name [2004/01/07 16:15:34, 6] libads/ldap.c:ads_find_dc(147) ads_find_dc: looking for realm 'DOMAIN.COM' [2004/01/07 16:15:34, 8] libsmb/namequery.c:get_sorted_dc_list(1215) get_sorted_dc_list: attempting lookup using [hosts] [2004/01/07 16:15:34, 10] libsmb/namequery.c:remove_duplicate_addrs2(312) remove_duplicate_addrs2: looking for duplicate address/port pairs [2004/01/07 16:15:34, 4] libsmb/namequery.c:get_dc_list(1350) get_dc_list: returning 1 ip addresses in an ordered list [2004/01/07 16:15:34, 4] libsmb/namequery.c:get_dc_list(1351) get_dc_list: 192.168.3.2:389 [2004/01/07 16:15:34, 5] libads/ldap.c:ads_try_connect(56) ads_try_connect: trying ldap server '192.168.3.2' port 389 [2004/01/07 16:15:34, 3] libads/ldap.c:ads_connect(218) Connected to LDAP server 192.168.3.2 [2004/01/07 16:15:34, 3] libads/ldap.c:ads_server_info(2030) got ldap server name [EMAIL PROTECTED], using bind path: dc=DOMAIN,dc=COM ... some more junk... [2004/01/07 16:15:34, 3] libads/sasl.c:ads_sasl_spnego_bind(191) got [EMAIL PROTECTED] [2004/01/07 16:15:34, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269) krb5_cc_get_principal failed (No credentials cache found) [2004/01/07 16:15:34, 1] nsswitch/winbindd_ads.c:ads_cached_connection(65) ads_connect for domain DOMAIN failed: Operations error [2004/01/07 16:15:34, 1] nsswitch/winbindd_util.c:init_domain_list(284) Could not fetch sid for our domain DOMAIN [2004/01/07 16:15:34, 0] nsswitch/winbindd_util.c:rescan_trusted_domains(170) rescan_trusted_domains: Can't find my own domain! The machine had been joined to the AD domain some time back (IP share access was working yesterday) and a kinit gets my principal. $ klist -e Ticket cache: FILE:/tmp/krb5cc_501 Default principal: [EMAIL PROTECTED] Valid starting ExpiresService principal 01/07/04 15:47:17 01/08/04 01:45:18 krbtgt/[EMAIL PROTECTED] renew until 01/08/04 15:47:17, Etype (skey, tkt): ArcFour with HMAC/md5, ArcFour with HMAC/md5 01/07/04 15:50:02 01/08/04 01:45:18 [EMAIL PROTECTED] renew until 01/08/04 15:47:17, Etype (skey, tkt): ArcFour with HMAC/md5, ArcFour with HMAC/md5 Is there something I'm missing with my setup? Where does winbindd look for the credentials cache by default? Below is my smb.conf. The pam settings for samba and login are identical to that in the HOW-TO at samba.org. Same with the krb5.conf file. Any ideas? I've got a deadline approaching and I'm really in a crunch. Any help is appreciated. Thanks, Brian smb.conf: [global] ; smbd settings log level = 3 log file = /var/log/samba/log.%m server string = %u [Samba Server %v] ; Active Directory settings workgroup = DOMAIN security = ADS realm = DOMAIN.COM client use spnego = yes use spnego = yes local master = no domain master = no preferred master = no domain logons = no os level = 0 ; winbind stuff winbind separator = + allow trusted domains = no obey pam restrictions = yes winbind enum users = yes idmap uid = 1-2 winbind enum groups = yes idmap gid = 1-2 password server = 192.168.3.2 encrypt passwords = yes template homedir = /home/%D/%U template shell = /bin/bash -- To unsubscribe from this list go to the following URL and read the
[Samba] Win2K3 ADS and Samba 3.0.1: Cannot access shares even with IP
Regarding the problem where you cannot view shares using the hostname
(netbios) of the server, but can if you use the IP address: I can view my
Samba shares from a Win2000 server using the IP, but I cannot access them.
Double-clicking on the shares in Windows Explorer results in the following
error:
'\\ipaddr\Share is not accessible. The network name cannot be found.'
The smbd logs show the following lines:
[2004/01/06 14:54:27, 0] smbd/service.c:make_connection_snum(677)
'/home/username/sharedirectory/' does not exist or is not a directory,
when connecting to [Share]
...
[2004/01/06 14:54:27, 3] smbd/error.c:error_packet(94)
error string = Permission denied
[2004/01/06 14:54:27, 3] smbd/error.c:error_packet(118)
error packet at smbd/reply.c(286) cmd=117 (SMBtconX)
NT_STATUS_BAD_NETWORK_NAME
Here's the related code snippet from smbd/service.c:
smbd/service.c:make_connection_snum:
#if CHECK_PATH_ON_TCONX
/* win2000 does not check the permissions on the directory
during the tree connect, instead relying on permission
check during individual operations. To match this behaviour
I have disabled this chdir check (tridge) */
if (vfs_ChDir(conn,conn-connectpath) != 0) {
DEBUG(0,(%s (%s) Can't change directory to %s (%s)\n,
get_remote_machine_name(), conn-client_address,
conn-connectpath,strerror(errno)));
change_to_root_user();
yield_connection(conn, lp_servicename(SNUM(conn)));
conn_free(conn);
*status = NT_STATUS_BAD_NETWORK_NAME;
return NULL;
}
#else
/* the alternative is just to check the directory exists */
if (stat(conn-connectpath, st) != 0 || !S_ISDIR(st.st_mode)) {
DEBUG(0,('%s' does not exist or is not a directory, when connecting
to
[%s]\n, conn-connectpath, lp_servicename(SNUM(conn;
change_to_root_user();
yield_connection(conn, lp_servicename(SNUM(conn)));
conn_free(conn);
*status = NT_STATUS_BAD_NETWORK_NAME;
return NULL;
}
#endif
I've made sure the directories on Linux have full permissions and exist, but
smbd seems to think they don't.
$ ls -ld samba_setup/
drwxrwxrwx2 username users4096 Nov 12 12:41 sharedirectory/
From smb.conf:
[Share]
comment = Samba Configuration Test Share
path = /home/username/sharedirectory/
read only = no
browsable = yes
writable = yes
guest ok = yes
Under what conditions does the CHECK_PATH_ON_TCONX code get compiled instead
of the directory check? The server I'm attempting to connect from is
Win2000. Is there a compile configuration option that I missed somewhere?
Thanks,
Brian
-Original Message-
From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED]
Sent: Tuesday, January 06, 2004 12:57 PM
To: Brian Spiegel
Subject: Re: [Samba] Samba requesting nonexistent keytab type?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Brian Spiegel wrote:
| Will you be providing a source package for the 3.0.2pre1 release
| or will we only be able to access that from CVS?
I'm working on the source release for 3.0.2pre1 now.
| And as far as downloading from CVS I want the SAMBA_3_0 tree, correct?
Yup. The patch is trivial though. Try this.
cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/+yEPIR7qMdg1EfYRAur4AKDHWk67ekCysgrrGEm2Qodu0WMZFACgsnrJ
GMsA0xf0mby8OYu4ScxIeoU=
=Saie
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Cannot access shares from a Win2k client
Hey all.
I'm running Samba 3.0.1 as a domain member in a Win2k3 ADS domain. I'm
attempting to view shares on the samba server via a Win2000 client.
I've been getting the following messages from the smbd logs and I'm
wondering why. I can connect to the Samba server (using the IP only) to
view which shares are available, but when I double click the share to access
it, I get a network name cannot be found on the share.
From smbd log:
[2003/12/19 14:25:08, 3] libads/kerberos_verify.c:setup_keytab(147)
unable to create MEMORY: keytab (Unknown Key table type)
[2003/12/19 14:25:08, 3] libads/kerberos_verify.c:ads_verify_ticket(280)
ads_verify_ticket: unable to setup keytab
[2003/12/19 14:25:08, 1] smbd/sesssetup.c:reply_spnego_kerberos(172)
Failed to verify incoming ticket!
Can anyone shed some light on what this might be caused by?
Also, I'm running winbind for UNIX/Windows user/group mapping. The 'wbinfo
-u' command works, but it spits out only the user names rather than
DOMAIN\username. Since usernames aren't unique across our OSes, 'getent
passwd' results in duplicate entries. Groups are not prefixed by their
domain either. Anyone have this problem?
Below are my configs:
smb.conf
--
[global]
; smbd settings
log level = 3
log file = /var/log/samba/log.%m
server string = %U [Samba Server %v]
; Active Directory settings
;dns proxy = yes
workgroup = FOO
security = ADS
realm = FOO.COM
local master = no
domain master = no
preferred master = no
os level = 0
; winbind stuff
winbind separator = +
winbind enum users = yes
idmap uid = 1-2
winbind enum groups = yes
idmap gid = 1-2
winbind use default domain = yes
password server = dc.foo.com
encrypt passwords = yes
[test]
comment = Samba functionality test directory
path = /home/user/test/
read only = no
browsable = yes
writable = yes
guest ok = yes
krb5.conf
--
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = FOO.COM
default_tgs_enctypes = des-cbc-crc des-cbc-md5
default_tkt_enctypes = des-cbc-crc des-cbc-md5
dns_lookup_realm = true
dns_lookup_kdc = true
[realms]
FOO.COM = {
kdc = dc.foo.com:88
admin_server = dc.foo.com:749
default_domain = foo.com
}
[domain_realm]
.foo.com = FOO.COM
foo.com = FOO.COM
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
nsswitch.conf
--
...
passwd: files winbind
shadow: files
group: files winbind
host: files dns winbind
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
FW: [Samba] Cannot access shares from a Win2k client
Here's a followup. I also get these errors in the smbd logs. The thing is,
the share directory has full permissions (0777) and the smb.conf is set to
be fully readable, writeable and okay for guests.
[2003/12/19 15:21:23, 0] smbd/service.c:make_connection_snum(677)
'/home/bspiegel/test/' does not exist or is not a directory, when
connecting to [test]
[2003/12/19 15:21:23, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2003/12/19 15:21:23, 3] smbd/connection.c:yield_connection(69)
Yielding connection to test
[2003/12/19 15:21:23, 3] smbd/error.c:error_packet(94)
error string = Permission denied
[2003/12/19 15:21:23, 3] smbd/error.c:error_packet(118)
error packet at smbd/reply.c(286) cmd=117 (SMBtconX)
NT_STATUS_BAD_NETWORK_NAME
-Original Message-
From: Brian Spiegel [mailto:[EMAIL PROTECTED]
Sent: Friday, December 19, 2003 2:53 PM
To: '[EMAIL PROTECTED]'
Subject: [Samba] Cannot access shares from a Win2k client
Hey all.
I'm running Samba 3.0.1 as a domain member in a Win2k3 ADS domain. I'm
attempting to view shares on the samba server via a Win2000 client.
I've been getting the following messages from the smbd logs and I'm
wondering why. I can connect to the Samba server (using the IP only) to
view which shares are available, but when I double click the share to access
it, I get a network name cannot be found on the share.
From smbd log:
[2003/12/19 14:25:08, 3] libads/kerberos_verify.c:setup_keytab(147)
unable to create MEMORY: keytab (Unknown Key table type)
[2003/12/19 14:25:08, 3] libads/kerberos_verify.c:ads_verify_ticket(280)
ads_verify_ticket: unable to setup keytab
[2003/12/19 14:25:08, 1] smbd/sesssetup.c:reply_spnego_kerberos(172)
Failed to verify incoming ticket!
Can anyone shed some light on what this might be caused by?
Also, I'm running winbind for UNIX/Windows user/group mapping. The 'wbinfo
-u' command works, but it spits out only the user names rather than
DOMAIN\username. Since usernames aren't unique across our OSes, 'getent
passwd' results in duplicate entries. Groups are not prefixed by their
domain either. Anyone have this problem?
Below are my configs:
smb.conf
--
[global]
; smbd settings
log level = 3
log file = /var/log/samba/log.%m
server string = %U [Samba Server %v]
; Active Directory settings
;dns proxy = yes
workgroup = FOO
security = ADS
realm = FOO.COM
local master = no
domain master = no
preferred master = no
os level = 0
; winbind stuff
winbind separator = +
winbind enum users = yes
idmap uid = 1-2
winbind enum groups = yes
idmap gid = 1-2
winbind use default domain = yes
password server = dc.foo.com
encrypt passwords = yes
[test]
comment = Samba functionality test directory
path = /home/user/test/
read only = no
browsable = yes
writable = yes
guest ok = yes
krb5.conf
--
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = FOO.COM
default_tgs_enctypes = des-cbc-crc des-cbc-md5
default_tkt_enctypes = des-cbc-crc des-cbc-md5
dns_lookup_realm = true
dns_lookup_kdc = true
[realms]
FOO.COM = {
kdc = dc.foo.com:88
admin_server = dc.foo.com:749
default_domain = foo.com
}
[domain_realm]
.foo.com = FOO.COM
foo.com = FOO.COM
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
nsswitch.conf
--
...
passwd: files winbind
shadow: files
group: files winbind
host: files dns winbind
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Win2K unable to connect to 3.0.1 shares
I've been having an issue that's been discussed at some length here on the
list, but I haven't found a definitive solution to it. The problem is the
Win2k connection failing when attempting to connect to Samba 3.0.1 shares in
a Win2k3 Active Directory domain.
I've installed MIT-Kerberos 1.3.1 and done all the configuration. I'm
running winbindd. The following commands work fine from the Samba server:
wbinfo -u
wbinfo -g
getent -u
getent -g
smbclient -L winserver -k
smbclient //winserver/share -k
However, Win2k clients prompt for password when attempting to connect to the
share with netbios name. Using the IP address of the Samba server allows
viewing of the shares, but I get the following in log.smb when I attempt to
access the shares:
[2003/12/17 16:34:59, 3] smbd/service.c:make_connection_snum(543)
Connect path is '/home/bspiegel/samba_setup/' for service [Samba]
[2003/12/17 16:34:59, 3] lib/util_seaccess.c:se_access_check(251)
[2003/12/17 16:34:59, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is
S-1-5-21-1699881384-1462387219-1540833222-7294
...
se_access_check: also S-1-5-21-1699881384-1462387219-1540833222-2102
[2003/12/17 16:34:59, 3] smbd/vfs.c:vfs_init_default(201)
Initialising default vfs hooks
[2003/12/17 16:34:59, 3] lib/util_seaccess.c:se_access_check(251)
[2003/12/17 16:34:59, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is
S-1-5-21-1699881384-1462387219-1540833222-7294
...
se_access_check: also S-1-5-21-1699881384-1462387219-1540833222-2102
[2003/12/17 16:34:59, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (1, 1) - sec_ctx_stack_ndx = 0
[2003/12/17 16:34:59, 0] smbd/service.c:make_connection_snum(677)
'/home/bspiegel/samba_setup/' does not exist or is not a directory, when
connecting to [Samba]
See below for how I've got my shares setup in smb.conf (you can find full
versions of my configs at the bottom of this email):
A pop-up window indicates the following error:
\\ipaddr\Samba is not accessible.
The network name cannot be found.
The path has full permissions (chmod 0777) in the filesystem and still no
dice. I know some of you have been able to view and access shares through
the IP address even though you cannot through the netbios name. Do any of
you have any idea why my shares are inaccessible even though I've enabled
every access option I can think of?
The full smb.conf and krb5.conf files:
smb.conf:
[global]
log level = 3
server string = [Samba Server %v]
workgroup = FOO
security = ADS
realm = FOO.COM
local master = no
domain master = no
preferred master = no
os level = 0
idmap uid = 1-2
idmap gid = 1-2
[Samba]
comment = Samba Configuration and Setup
path = /home/bspiegel/samba_setup/
read only = no
browsable = yes
writable = yes
guest ok = yes
[test]
comment = Samba functionality test directory
path = /home/bspiegel/test/
read only = no
browsable = yes
writable = yes
guest ok = yes
krb5.conf:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = FOO.COM
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
FOO.COM = {
kdc = bhdc01.foo.com:88
admin_server = bhdc01.foo.com:749
default_domain = foo.com
}
[domain_realm]
.foo.com = foo.COM
foo.com = foo.COM
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] attempting login with hostname not username
Hi. I'm running a RH 9 machine with Samba 3.0.0 as a domain member of a Win2003 ADS domain. I've setup samba w/ winbind and added a test share on the Linux box. I can see and access Windows shares from my Linux box, but I cannot access the Linux share from a Win2k machine. I can see the Linux machine and the just fine when browsing the network, but when I attempt to access the share I get the following error: -- \\linuxhost\Share file:///\\linuxhost\Share is not accessible. The network name could not be found -- Taking a look at the log file for smbd reveals: [2003/12/05 14:32:03, 1] smbd/sesssetup.c:reply_spnego_kerberos(218) Username winhost$ is invalid on this system [2003/12/05 14:32:03, 1] smbd/sesssetup.c:reply_spnego_kerberos(218) Username winhost$ is invalid on this system [2003/12/05 14:32:03, 0] smbd/service.c:make_connection_snum(670) '/home/username/samba_setup' does not exist or is not a directory, when connec ting to [Samba] And the log file for winbind: [2003/12/05 14:25:23, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(147) user 'winhost$' does not exist Now, winhost is the name of my Win2k server that I'm trying to access the Linux share from. It is not a username on the system. My question is, why is there a '$' concatenated to it? Does anyone have an idea why it won't connect? winbind appears to be setup fine. wbinfo -u and -g display the proper information. getent is as expected. Has anyone run into this? Thanks, Brian -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] attempting login with hostname not username
I am using security = ADS, actually. Here's a copy of my smb.conf: [global] server string = Brian Spiegel [Samba 3.0.0] workgroup = GROUP security = ADS encrypt passwords = yes realm = DOMAIN.COM password server = ads.domain.com socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = no domain master = no preferred master = no os level = 0 winbind uid = 1-2 winbind gid = 1-2 [Samba] comment = Samba Configuration and Setup Docs path = /home/username/samba_setup read only = no browsable = yes writable = yes guest ok = yes -Original Message- From: Dan Rowles [mailto:[EMAIL PROTECTED] Sent: Friday, December 05, 2003 2:51 PM To: Brian Spiegel Subject: Re: [Samba] attempting login with hostname not username Just as a quick check - you're not using security=share or security=server in your smb.conf file are you? On Fri, 2003-12-05 at 22:43, Brian Spiegel wrote: Hi. I'm running a RH 9 machine with Samba 3.0.0 as a domain member of a Win2003 ADS domain. I've setup samba w/ winbind and added a test share on the Linux box. I can see and access Windows shares from my Linux box, but I cannot access the Linux share from a Win2k machine. I can see the Linux machine and the just fine when browsing the network, but when I attempt to access the share I get the following error: -- \\linuxhost\Share file:///\\linuxhost\Share is not accessible. The network name could not be found -- Taking a look at the log file for smbd reveals: [2003/12/05 14:32:03, 1] smbd/sesssetup.c:reply_spnego_kerberos(218) Username winhost$ is invalid on this system [2003/12/05 14:32:03, 1] smbd/sesssetup.c:reply_spnego_kerberos(218) Username winhost$ is invalid on this system [2003/12/05 14:32:03, 0] smbd/service.c:make_connection_snum(670) '/home/username/samba_setup' does not exist or is not a directory, when connec ting to [Samba] And the log file for winbind: [2003/12/05 14:25:23, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(147) user 'winhost$' does not exist Now, winhost is the name of my Win2k server that I'm trying to access the Linux share from. It is not a username on the system. My question is, why is there a '$' concatenated to it? Does anyone have an idea why it won't connect? winbind appears to be setup fine. wbinfo -u and -g display the proper information. getent is as expected. Has anyone run into this? Thanks, Brian -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Client accessing Samba doesn't authenticate against A ctive Directory
| When a Windows client attempts to browse shares on a Samba 3.0 server
| authenticating against a Windows 2003 Active Directory domain, it
| requests credentials. Typing in user name and password fails
I am having this exact same issue. Attached is a sample copy of my smb.conf
and krb5.conf along with some errors I got from the smbd logs (max debug
level).
smb.conf
[global]
server string = Samba 3.0.0
workgroup = DOMAIN
hosts allow = 192.168.3. 127.
security = ADS
realm = DOMAIN.COM
client use spnego = yes
password server = ads.domain.com
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
local master = no
domain master = no
preferred master = no
domain logons = no
name resolve order = host
dns proxy = yes
[test]
comment = Test Share
path = /home/user/test
read only = no
browsable = yes
writable = yes
guest ok = yes
krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = DOMAIN.COM
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
MATCHNET.COM = {
kdc = ads.domain.com:88
admin_server = ads.domain.com:749
default_domain = domain.com
}
[domain_realm]
.domain.com = DOMAIN.COM
domain.com = DOMAIN.COM
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
smb log snippet
[2003/11/12 17:54:31, 10] passdb/secrets.c:secrets_named_mutex(697)
secrets_named_mutex: got mutex for replay cache mutex
[2003/11/12 17:54:31, 10] libads/kerberos_verify.c:ads_verify_ticket(310)
ads_verify_ticket: enc type [16] failed to decrypt with error Bad
encryption type
[2003/11/12 17:54:31, 3] libads/kerberos_verify.c:ads_verify_ticket(310)
ads_verify_ticket: enc type [3] failed to decrypt with error Decrypt
integrity check failed
[2003/11/12 17:54:31, 10] libads/kerberos_verify.c:ads_verify_ticket(310)
ads_verify_ticket: enc type [1] failed to decrypt with error Bad
encryption type
[2003/11/12 17:54:31, 10] passdb/secrets.c:secrets_named_mutex_release(709)
secrets_named_mutex: released mutex for replay cache mutex
[2003/11/12 17:54:31, 3] libads/kerberos_verify.c:ads_verify_ticket(317)
ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type)
[2003/11/12 17:54:31, 1] smbd/sesssetup.c:reply_spnego_kerberos(172)
Failed to verify incoming ticket!
[2003/11/12 17:54:31, 3] smbd/error.c:error_packet(94)
error string = No such file or directory
[2003/11/12 17:54:31, 3] smbd/error.c:error_packet(113)
error packet at smbd/sesssetup.c(173) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
Anyone run into this as well?
Thanks,
Brian
-Original Message-
From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED]
Sent: Thursday, November 13, 2003 8:49 AM
To: Jonathan Johnson
Cc: [EMAIL PROTECTED]
Subject: Re: [Samba] Client accessing Samba doesn't authenticate against
Active Directory
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jonathan Johnson wrote:
| When a Windows client attempts to browse shares on a Samba 3.0 server
| authenticating against a Windows 2003 Active Directory domain, it
| requests credentials. Typing in user name and password fails
Looks like you don't have the MIT krb5 1.3.1 libs or the
latest version of Heimdal (don't remembe which version
you need...cvs development snapshot maybe).
| Output of smbclient -k -L license [EMAIL PROTECTED]
| [2003/11/12 16:03:45, 0] libsmb/clientgen.c:cli_receive_smb(121)
| SMB Signature verification failed on incoming packet!
| session setup failed: Server packet had invalid SMB signature!
...
| -
| Interesting lines of /var/log/samba/log.192.168.254.202:
|
| [2003/11/12 14:00:24, 1] smbd/sesssetup.c:reply_spnego_kerberos(172)
| Failed to verify incoming ticket!
| (message is repeated twice)
|
cheers, jerry
- --
~ --
~ Hewlett-Packard- http://www.hp.com
~ SAMBA Team -- http://www.samba.org
~ GnuPG Key http://www.plainjoe.org/gpg_public.asc
~ If we're adding to the noise, turn off this song --Switchfoot (2003)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/s7YNIR7qMdg1EfYRAre8AJ4tW64CC2OTjxDD/zaU7k+HFcPungCfdZmC
RLnMHyR095uIzJ48yg5EQ2Y=
=4M/D
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:
