Re: [Samba] Excel 'Document not saved' Error when using SMB2 Protocol
Hi Ian, You should verify that the following GPFS configuration flag is set to 'yes': cifsBypassShareLocksOnRename This flag is not very well documented, but you can get some more details here: http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004008 . Cheers, Dan Cohen IBM - XIV, Israel NAS Development Team From: Ian CLANCY ian.cla...@valeo.com To: samba@lists.samba.org, Date: 08/10/2013 17:37 Subject:[Samba] Excel 'Document not saved' Error when using SMB2 Protocol Sent by:samba-boun...@lists.samba.org Hi Samba Users, I'm in the process of building a Samba4 CTDB /GPFS Cluster joined as a member server to AD that also supports ACL's . It has taken some time but almost everything is working now :) . My one outstanding issue is editing files using Excel 2007 on Windows 7 results in a 'Document not saved' error. I believe this is an issue with the SMB2 protocol as I can edit the same files with the same user and version of Excel on a Windows XP workstation. Using Wireshark i can see that communication between the Windows 7 client is using SMB2 . Excel is quite a strange beast, it creates temporary files etc.. As a test i have set the parameter client max protocol = NT1 in the smb.conf of my cluster members but the Win 7 clients continue to use the SMB2 protocol. Looking more closely at the communication between the Win 7 client and the Samba Servers when i attempt a file save in Excel i see that the Client issues a FILE_INFO/SMB2_FILE_RENAME_INFO request and the samba server returns a STATUS_ACCESS_DENIED response. I suspect disabling ACL's would resolve the issue but unfortunately these are necessary for the project . Ideally i would be able to use SMB2 but it is not a show stopper if i could force Win 7 clients to use SMB1. I'm currently using samba 4.0.9 / CTDB 2.4 on Centos 6.4 with GPFS 3.4.0-14. my smb.conf is pasted below. Thanks in advance for any comment of feedback. Ian Clancy IS Department Valeo Vision Systems (VVS) [global] workgroup = MYNET realm = MYNET.BALEO.COM netbios name = TESTCLUSTER security = ADS map to guest = Bad User client max protocol = NT1 unix extensions = No clustering = Yes winbind cache time = 900 winbind use default domain = Yes idmap config *:range = 1000-9 idmap config * : backend = tdb2 force unknown acl user = Yes ea support = Yes map archive = No map readonly = no mangled names = No store dos attributes = Yes [gpfstest] comment = GPFS File System path = /gpfstest read only = No create mask = 0770 force create mode = 0770 nt acl support = No vfs objects = shadow_copy2, gpfs, fileid fileid:algorithm = fsname shadow:fixinodes = yes shadow:basedir = /gpfstest shadow:snapdir = /gpfstest/.snapshots nfs4:acedup = merge nfs4:chown = yes nfs4:mode = special gpfs:winattr = yes gpfs:sharemodes = yes This e-mail message is intended only for the use of the intended recipient(s). The information contained therein may be confidential or privileged, and its disclosure or reproduction is strictly prohibited. If you are not the intended recipient, please return it immediately to its sender at the above address and destroy it. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba Winbind and NTLM
Hi, I have a setup where two Domain's exist. 1 domain is in a DMZ and the other on an internal network. Both running Window 2003 R2. They have an external NTLM trust setup between them, from DMZ to Internal. Linux clients in the DMZ are joined to the DMZ AD. I'm trying to get the Linux clients to authenticate users that exist on the internal AD Domain, but it is failing. When attempting to auth users as INT\username it is trying to connect to the INT server but can't as it's in the DMZ. Is there a way to force clients to negotiate the NTLM trust and avoid attempting to connect to the INT server? I.e using the DMZ server to pass through the authentication? Or setup some sort of NTLM auth? Windows clients appear to do this without issue. Thanks, Dan. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Permissions incorrectly ordered on Windows after disabling inheritance
On Wed, Aug 29, 2012 at 21:45:24, Jeremy Allison wrote: On Fri, Aug 24, 2012 at 11:08:53AM -0600, Walkes, Dan wrote: Hi everyone, I've noticed a problem with Debian wheezy + samba 3.6.6 configured with acl_xattr in my configuration. The following test sequence causes Windows Explorer to report incorrectly ordered permission entries: 1) Map a share as with admin user credentials to a drive letter on a Windows client 2) Create a folder at the root of the share rootfolder 3) Create a subfolder subfolder1 under rootfolder 4) Un-check Include inheritable permissions from this object's parent in the windows security settings dialog for Windows Explorer on the root folder 5) Create a subfolder subfolder2 under subfolder1 6) Right-click with Windows Explorer and attempt to edit the permissions of subfolder2. Windows Explorer pops up a message stating The permissions on subfolder2 are incorrectly ordered, which may cause some entries to be ineffective. FYI, the complete and correct fix for this ifor 3.6.next s now attached to bug : https://bugzilla.samba.org/show_bug.cgi?id=9124 as a patch. Please test (it fixes the problem here). Thanks for reporting this, the same code will go into master as soon as I've finished wrestling with autobuild :-). Thanks Jeremy. I've tested today. I can confirm it fixes the incorrect ordering issue and sequence 1-6 works for me. I can also confirm that after removing inheritance on a root folder from windows the I flag is set for all permissions on subfolders as expected. I did notice however that in my case if I never modify permissions or change permissions from Windows Explorer the I flag is still not set on inherited permissions, at least with my configuration. For instance if my share folder permissions are: smbcacls --user=K9\\tandberg //localhost/20120830_4 rootfolder/.. REVISION:1 CONTROL:0x8004 OWNER:BIZNAS-B2\nobody GROUP:Unix Group\root ACL:BIZNAS-B2\nobody:ALLOWED/0x0/FULL ACL:K9\domain users:ALLOWED/0x0/FULL ACL:Unix Group\%naslocal%:ALLOWED/0x0/FULL ACL:Unix Group\root:ALLOWED/0x0/FULL ACL:BIZNAS-B2\admin:ALLOWED/0x0/FULL ACL:Everyone:ALLOWED/0x0/ ACL:Creator Owner:ALLOWED/OI|CI|IO/RWXDPO ACL:Creator Group:ALLOWED/OI|CI|IO/RWXDPO ACL:Everyone:ALLOWED/OI|CI|IO/RWXDPO Each of my subfolders have permissions which look like this: smbcacls --user=K9\\tandberg //localhost/20120830_4 rootfolder REVISION:1 CONTROL:0x8004 OWNER:BIZNAS-B2\admin GROUP:BIZNAS-B2\None ACL:BIZNAS-B2\admin:ALLOWED/0x0/RWXDPO ACL:Creator Owner:ALLOWED/OI|CI|IO/RWXDPO ACL:BIZNAS-B2\None:ALLOWED/0x0/RWXDPO ACL:Creator Group:ALLOWED/OI|CI|IO/RWXDPO ACL:Everyone:ALLOWED/OI|CI/RWXDPO I would have expected the I flag to be set on Creator Owner, Creator Group and Everyone in this case since these permissions were inherited from the share folder. This is what I see with a Windows 7 file share. However, after I modify permissions on any folder in any way from windows explorer (even if I don't modify Creator Owner, Creator Group or Everyone), all inherited permissions on subfolders have the I flag set. This applies both to subfolders which existed before the change and for new subfolders created after I made the change from Windows Explorer. I don't see this behavior if I change from smbcacls, only if I change from Windows Explorer. If I use Windows Explorer to modify the permissions on the root folder in any way, all inherited permissions have the I flag set on all subfolders as I would expect. I'm not sure that missing the I flag is actually important as long as the permissions are inheriting and now that windows is no longer complaining about ordering. I just thought I would bring it up here in case it was related and in case you thought it was important. I can gather more data if you are interested... let me know Thanks again! Dan Cheers, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Permissions incorrectly ordered on Windows after disabling inheritance
On Thu, Aug 30, 2012 at 17:52:08, Jeremy Allison wrote: On Thu, Aug 30, 2012 at 05:09:10PM -0600, Walkes, Dan wrote: On Wed, Aug 29, 2012 at 21:45:24, Jeremy Allison wrote: On Fri, Aug 24, 2012 at 11:08:53AM -0600, Walkes, Dan wrote: Hi everyone, I've noticed a problem with Debian wheezy + samba 3.6.6 configured with acl_xattr in my configuration. The following test sequence causes Windows Explorer to report incorrectly ordered permission entries: 1) Map a share as with admin user credentials to a drive letter on a Windows client 2) Create a folder at the root of the share rootfolder 3) Create a subfolder subfolder1 under rootfolder 4) Un-check Include inheritable permissions from this object's parent in the windows security settings dialog for Windows Explorer on the root folder 5) Create a subfolder subfolder2 under subfolder1 6) Right-click with Windows Explorer and attempt to edit the permissions of subfolder2. Windows Explorer pops up a message stating The permissions on subfolder2 are incorrectly ordered, which may cause some entries to be ineffective. FYI, the complete and correct fix for this ifor 3.6.next s now attached to bug : https://bugzilla.samba.org/show_bug.cgi?id=9124 as a patch. Please test (it fixes the problem here). Thanks for reporting this, the same code will go into master as soon as I've finished wrestling with autobuild :-). Thanks Jeremy. I've tested today. I can confirm it fixes the incorrect ordering issue and sequence 1-6 works for me. I can also confirm that after removing inheritance on a root folder from windows the I flag is set for all permissions on subfolders as expected. I did notice however that in my case if I never modify permissions or change permissions from Windows Explorer the I flag is still not set on inherited permissions, at least with my configuration. Actually this is what you'd expect with a security descriptor type of : CONTROL:0x8004 (SEC_DESC_SELF_RELATIVE = 0x8000| SEC_DESC_DACL_PRESENT = 0x0004). On Windows you'll probably have : CONTROL:0x8404 (SEC_DESC_SELF_RELATIVE = 0x8000| SEC_DESC_DACL_AUTO_INHERITED= 0x0400| SEC_DESC_DACL_PRESENT = 0x0004). which explains the difference. If you set a security descriptor on rootfolder/ from the Windows client and end up with CONTROL:0x8404, then whenever you create subfolders/files below that you'll see the INHERITED bit (that's what the patch solves). Jeremy. Yes this explains it. Thanks for your help. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Permissions incorrectly ordered on Windows after disabling inheritance
that all I SEC_ACE_FLAG_INHERITED_ACE's are listed below entries with inherit flags cleared - I'm guessing this was the reason for the incorrect ordering message in Windows. I'm not sure why this is required by Windows and I haven't come up with a scenario where permissions are actually ineffective due to this ordering. Assuming it is a requirement to order permissions in this way, I think I've noticed two problems which are either samba bugs or some other problem with my configuration which I've not yet identified. 1) ACE's are not ordered based in SEC_ACE_FLAG_INHERITED_ACE's to include all permissions with I values at the end of the ACE list. 2) Although permissions on folders are marked with OI|CI|IO flags appear to inherit properly from Windows, the I flag is not set in corresponding ACE's. My smb.conf configuration is below. I haven't found anything in the man page for smb.conf which would explain this behavior. I've experimented with turning off vfs_acl_xattr with this change to smb.conf: # vfs objects = acl_xattr dos filemode = yes inherit acls = yes force unknown acl user = yes However in this case I've noticed that Windows does not indicate permissions are inherited (Include inheritable permissions from this object's parent is un-checked) and I'd prefer a configuration which mimics Windows server implementation as closely as possible. Full smb.conf configuration: [global] workgroup = WORKGROUP security = user server string = %h server obey pam restrictions = Yes pam password change = Yes unix password sync = Yes log level = 0 syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 local master = No domain master = No dns proxy = No socket options = TCP_NODELAY panic action = /usr/share/samba/panic-action %d idmap alloc config: range = 1-10 idmap uid = 1 - 10 idmap gid = 1 - 10 template shell = /bin/bash winbind enum users = Yes winbind enum groups = Yes winbind use default domain = No winbind refresh tickets = Yes store dos attributes = yes ea support = yes vfs objects = acl_xattr passdb backend = tdbsam username map = /etc/samba/smbusers encrypt passwords = yes map to guest = Bad User deadtime = 5 include = /etc/samba/dhcp.conf [20120821_3] comment = path = /tmp/testshare3 map acl inherit = Yes map archive = No map read only = No security mask = 0777 create mask = 0640 directory mask = 0750 delete readonly = yes directory mode= 0777 create mode= 0777 acl map full control = True read only = Yes invalid users = valid users = @%naslocal% admin read list = write list = @%naslocal% admin If anyone has suggestions about any further troubleshooting steps to try or changes in configuration which may resolve this issue please let me know. Also if logs for any portion of this sequence would be useful I can collect them. Thanks and best regards, Dan Walkes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Upgrade 4.0.0alpha14
Hey, I am looking to upgrade my v4 installation to Beta6 (well, master - to overcome the mem leak mentioned on the wiki). The end goal is to be on Beta6 with the Samba4 on a new host in a remote location - but preserve the same domain, accounts, SID's, etc. I see on the wiki it mentions that I should get advice before trying this from this list - so anything you can provide me with would be appreciated! I pencilled out two options (are either feasible?): 1) Create new remote host, install v4 B6, join to existing domain, and shift FSMO roles. Then, remove v4 A14 from the domain - and hey presto. 2) Remove v4 A14 from the machine, but preserve databases. Install v4 B6, and attempt to upgrade the databases somehow (but I wouldn't know how to start with that). The current v4 A14 install was not upgraded from an earlier version - it was installed fresh. Exact version is 4.0.0alpha14-GIT-e8bae4c. Thanks for any advice, Dan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] dc locator/site awareness, and samba-winbind-krb5-locator
Apologies, have I put this in the wrong place? Is this perhaps something I need to ask the technical list? Dan Johnson From: samba-boun...@lists.samba.org [samba-boun...@lists.samba.org] On Behalf Of Dan Johnson [d...@djjconsulting.com] Sent: 21 June 2012 12:42 To: samba@lists.samba.org Subject: [Samba] dc locator/site awareness, and samba-winbind-krb5-locator Hi all A couple of questions for you on domain integration: Firstly, can someone please explain to me where/how a samba device's site info is cached? I see from a trace that when winbind starts it goes through the usual process that a windows device does (DNS query for non site-specific SRV, LDAP query/response with site name, DNS query for site-specific SRV). -How is the site info cached? -How can the cache be refreshed? -Is it possible to manually set a site (like configuring the SiteName registry entry on a windows box) Secondly, I installed the samba-winbind-krb5-locator plugin (on Fedora), how can I tell this is actually working? It no longer queries DNS for the _kerberos or _kpasswd SRV records (cf windows client) so I am assuming it is working ok. However before I did the domain join, it was still doing default Kerberos behaviour (i.e. looking for _kerberos and_kerberos-master, with no site info requested). I couldn't see anything in the man pages for winbind. I am an AD person not a UNIX person so thanks in advance for any insights/top tips from samba gurus :) Dan Johnson -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] dc locator/site awareness, and samba-winbind-krb5-locator
Hi all A couple of questions for you on domain integration: Firstly, can someone please explain to me where/how a samba device's site info is cached? I see from a trace that when winbind starts it goes through the usual process that a windows device does (DNS query for non site-specific SRV, LDAP query/response with site name, DNS query for site-specific SRV). -How is the site info cached? -How can the cache be refreshed? -Is it possible to manually set a site (like configuring the SiteName registry entry on a windows box) Secondly, I installed the samba-winbind-krb5-locator plugin (on Fedora), how can I tell this is actually working? It no longer queries DNS for the _kerberos or _kpasswd SRV records (cf windows client) so I am assuming it is working ok. However before I did the domain join, it was still doing default Kerberos behaviour (i.e. looking for _kerberos and_kerberos-master, with no site info requested). I couldn't see anything in the man pages for winbind. I am an AD person not a UNIX person so thanks in advance for any insights/top tips from samba gurus :) Dan Johnson -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Anyone can create empty files (v 3.5.11)
Just a follow up incase someone else runs into this problem. It turns out this was a bug in the cifs driver. I submitted a patch to fix this. http://marc.info/?l=linux-cifsm=131715894203568w=2 regards, dan carpenter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Anyone can create empty files (v 3.5.11)
I've found a solution which is to just chmod o-rwx the dictory so the testuser doesn't have permission to open any files. That way it can't open them with O_CREAT by mistake. I'm still new at Samba but it seems to me like what happens is that: 1) I type touch asdf as testuser on the client. 2) The client doesn't know what permisions asdf has until it opens it. 3) It opens it as dcarpenter, because that's how I mounted the share. 4) The server says Oh, fine. dcarpenter is permitted to open files 5) After doing the open, the client now knows what the permisions are and I don't have permission to open the file. Unfortunately, I already just created it, so the client gives me a permision denied message and closes the file. I haven't looked at this, but it might be possible to fix the Samba client. If the client can see that testuser doesn't have write permision to the directory, it could mask out the O_CREAT flag before sending the open() to the server. regards, dan carpenter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Anyone can create empty files (v 3.5.11)
On Sat, Sep 24, 2011 at 05:04:50PM +0900, TAKAHASHI Motonobu wrote: From: Dan Carpenter dan.carpen...@oracle.com Date: Fri, 23 Sep 2011 09:38:56 +0300 I've mounted my cifs partition with a username and password and to test whether I had my permissions right, I did: $ sudo su testuser $ touch asdf touch: cannot touch `asdf': Permission denied $ It says permission denied, but the `asdf' file is still created. I can't write any data to it, but I can create empty files. How does ls -l asdf? -rw-r--r-- 1 dcarpenter dcarpenter 0 Sep 19 09:45 asdf By default, the permission and owner for a created file is forcibily set on root 644 because CIFS server (Windows server) essentially does not have semantics of permission. That sometimes causes an odd behavior that you have met. Try noperm option as mentioned: https://lists.samba.org/archive/samba/2011-September/163986.html The noperm option means that the client doesn't do permission checks. I enabled it, and that meant that anyone could write to the samba share. That isn't what I wanted. I wanted only the one user to read to be able to write files. But it does show that I didn't understand Samba security before and I was wrong to blame the server for this. It should be prevented in the client side. I'm still trying to figure it out. I'm using a 3.1-rc6 kernel on the client. But it's probably a configuration problem. regards, dan carpenter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Anyone can create empty files (v 3.5.11)
I've mounted my cifs partition with a username and password and to test whether I had my permissions right, I did: $ sudo su testuser $ touch asdf touch: cannot touch `asdf': Permission denied $ It says permission denied, but the `asdf' file is still created. I can't write any data to it, but I can create empty files. This is because in smbd/open.c if the file doesn't exist and O_CREAT flag is set then it lets you open the file without checking smbd_check_open_rights(). Or am I doing something wrong? I'm using Debian testing (wheezy). regards, dan carpenter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Did my email come through?
I sent an email to the list on Monday before I joined and it got held up in moderation (non-member to a members-only list). I don't see my mail on the list archives but when I tried to remove it from the moderation queue it said it had already gone through. Odd. regards, dan carpenter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Build Environment
To Whom this concerns, In the process of building the latest stable version of Samba, Samba 3.5.8, while compiling from Source3 an error was thrown when the compiler tried to create the libnetapi.so.0 file. This build was attempted on a NetBSD computer. Another attempt at configuring the file it was observed that when checking for the libnetapi.h it is not found during the ./configure when configuring from Source3 directory. Again the same build broke at the same point. The following is a quick analysis of the reported error: When compiling librpc/ndr/ndr.c there is an undefined smb_iconv_convience_init' this is due to the inability to link against libnetapi.so.0 since the library is not built. Looking at bin/ libnetapi.a is built but no libnetapi.so.0 is built. This was done in from the Source3 directory. In attempts to get a successful build manually installing the cups, libmcrypt, libiconv, and pthread libraries allowed for the compiling process to make it a little farther. However even after doing this the build failed when trying to link shared library bin/libsmbclient.so.0. The reason given for this failure was because the compiler could not find -lpthread, even after the pthreads library had been manually installed on the machine. Through more trial and error a successful build occurred when the Makefile was altered to not link with the pthread. Have these issues been reported already and what can be done to fix it so that a successfully build can happen without so many alterations? Thank you for your help and if you need more information feel free to e-mail me questions. - Dan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba/Winbind Question
Hello all, I am upgrading some clients on my network to the RHEL 5.5 versions of the Samba/Winbind packages (samba3x-3.3.8-0.52) and have a few questions regarding them. I just upgraded my AD domain controller to the 2008 functional level thus requiring an upgrade of the Samba/Winbind clients so I revisited the configurations I had previously made. I have everything working however I have noticed when I boot a RHEL client or restart the Samba Winbind services (in that order) I get a bunch of log entries in /var/log/messages like the following: Jan 11 08:04:27 mn4s34052 winbindd[10980]: ERROR: Initialization failed for alloc backend, deferred! I then started wondering if I really need the Samba Or NMB services running anymore at all so I disabled both and authentication still continued to work just fine (with no entries like the one above appearing in /var/log/messages). If I am just using the Authentication ID mapping features of Winbind can the Samba NMB services be disabled? Thank you -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem compiling Samba from source
Hi, It's taken me ages to get past teh compile dependencies and having to build most of the dependencies from source. I then ran make and within a few short compilations the samba3 make fails with the following errors: ~/samba-3.5.5/source3 make Using CFLAGS = -I../lib/zlib -I/app/utils//include -O -I. -I/app/builduser/samba-3.5.5/source3 -I/app/builduser/samba-3.5.5/source3/iniparser/src -Iinclude -I./include -I. -I. -I./../lib/replace -I./../lib/tevent -I./libaddns -I./librpc -I./.. -I./../lib/talloc -I../lib/tdb/include -DHAVE_CONFIG_H -I/app/utils//include -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -I/app/utils/include -I/app/builduser/e2fsprogs-1.41.12/lib/ -Iinclude -I./include -I. -I. -I./../lib/replace -I./../lib/tevent -I./libaddns -I./librpc -I./.. -I./../lib/popt -DLDAP_DEPRECATED -I/app/builduser/samba-3.5.5/source3/lib -I.. -I../source4 -D_SAMBA_BUILD_=3 -D_SAMBA_BUILD_=3 PICFLAG= -fPIC LIBS = -lresolv -lnsl -ldl LDFLAGS= -pie -Wl,-z,relro -L/app/utils//lib -Wl,-rpath -Wl,/app/utils//lib -Wl,--as-needed -L/app/subversion/lib -L/app/subversion/lib64 -L/app/utils/lib -L/app/utils/lib64 -L./bin DYNEXP = -Wl,--export-dynamic LDSHFLAGS = -fPIC -shared -Wl,-Bsymbolic -Wl,-z,relro -L/app/utils//lib -Wl,-rpath -Wl,/app/utils//lib -Wl,--as-needed -L/app/subversion/lib -L/app/subversion/lib64 -L/app/utils/lib -L/app/utils/lib64 -L./bin -lc -Wl,-z,defs SHLIBEXT = so SONAMEFLAG = -Wl,-soname= Compiling ../lib/util/blocking.c In file included from include/includes.h:675, from ../lib/util/blocking.c:24: include/client.h:169: error: expected specifier-qualifier-list before ‘gss_ctx_id_t’ The following command failed: gcc -I../lib/zlib -I/app/utils//include -O -I. -I/app/builduser/samba-3.5.5/source3 -I/app/builduser/samba-3.5.5/source3/iniparser/src -Iinclude -I./include -I. -I. -I./../lib/replace -I./../lib/tevent -I./libaddns -I./librpc -I./.. -I./../lib/talloc -I../lib/tdb/include -DHAVE_CONFIG_H -I/app/utils//include -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -I/app/utils/include -I/app/builduser/e2fsprogs-1.41.12/lib/ -Iinclude -I./include -I. -I. -I./../lib/replace -I./../lib/tevent -I./libaddns -I./librpc -I./.. -I./../lib/popt -DLDAP_DEPRECATED -I/app/builduser/samba-3.5.5/source3/lib -I.. -I../source4 -D_SAMBA_BUILD_=3 -D_SAMBA_BUILD_=3 -fPIC -c ../lib/util/blocking.c -o ../lib/util/blocking.o make: *** [../lib/util/blocking.o] Error 1 Can someone please help me shed some light on this and why this woudl be happening and how to fix it? Many thanks in advance Dan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] krb ticket for the computer account
[DOMAIN\computercomputer ~]$ klist -5 klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_16777222) [DOMAIN\computercomputer ~]$ kinit -5 compute...@domain.com Password for comput...@domain.com: As you know, computer account passwords are not supposed to be entered by users under normal circumstances. How can I obtain a krb5 ticket for the computer account? Hi Mustafa, To be able to check out a ticket in that way you need to set userprincipialname on the computeraccount. I do that when I join with: # net ads join createupn=host/hostname.domain@domain.tld I then create a keytab file: # net ads keytab create You don't need a userprincipialname to have a keytab but you have to have upn set if you want to check out a ticket from a keytab to a ccache. There are some options in smb.conf about kerberos keytab that I guess you want to use. Regards, Andreas Larsson -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Windows 7 connect to FreeBSD samba
I'm having trouble connecting my windows 7 machine to my Samba server that i set up on a FreeBSD VM. The FreeBSD version is 7.2 and the samba version is 3. I followed the directions here http://www.mrp3.com/windows-to-unix-samba.html to set it up as a domain controller exactly.. except for adding the samba_dns_update script because i didn't find it being asked for in the config file. The name of my Windows computer is Pushkin-PC so like it says in the script I added it using adduser and put it under the machines group. I added it as Pushkin-PC$ though.. as the site showed. then I did smbpasswd -a Pushkin-PC$ which also made me make a password. Then the script said to finalize it by doing the command smbpasswd -m Pushkin-PC$ .. but when I executed that command i got the errors: Failed to set password for user Pushkin-PC$. Failed to modify password entry for user Pushkin-PC$. I couldn't figure out why... Here's my config file.. all the uncommented parts: server string = WORKGROUP server string = Samba Server security = user hosts allow = 192.168.1 192.168.2 127. load printers = yes printing = cups log file = /var/log/samba/log.%m max log size = 50 passdb backend = tdbsam include = /usr/local/etc/smb.conf.%m local master = yes os level = 33 domain master = yes preferred master = auto domain logons = yes logon path = \\%L\Profiles\%U wins support = yes dns proxy = no add user script = /usr/local/sbin/smb-add-user %u add group script = /usr/local/sbin/smb-add-group %g add machine script = /usr/local/sbin/smb-add-machine %u add user to group script = /usr/local/sbin/smb-add-user-group %u %g delete user script = /usr/local/sbin/smb-rm-user %u delete user from group script = /usr/local/sbin/smb-rm-user-group %u %g delete group script = /usr/local/sbin/smb-rm-group %g [homes] comment = Home Directories browseable = no writeable = yes [netlogon] comment = Network Logon Service path = /usr/local/lib/samba/netlogon guest ok = yes writeable = no share modes = no [profiles] path = /usr/local/lib/samba/profiles browseable = no guest ok = yes [printers] comment =All Pringers path = /var/spool/samba browseable = no guest ok = no writeable = no printable = yes anyways, when try to connect my windows pc (Pushin-PC) to samba.. i do the following command: \\192.168.198.137\Pushkin-PC$ the ip is the freebsd's ip running samba. and I get the following error: The network path was not found. Help? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Windows 7 connect to FreeBSD samba
I'm having trouble connecting my windows 7 machine to my Samba server that i set up on a FreeBSD VM. The FreeBSD version is 7.2 and the samba version is 3. I followed the directions here http://www.mrp3.com/windows-to-unix-samba.html to set it up as a domain controller exactly.. except for adding the samba_dns_update script because i didn't find it being asked for in the config file. The name of my Windows computer is Pushkin-PC so like it says in the script I added it using adduser and put it under the machines group. I added it as Pushkin-PC$ though.. as the site showed. then I did smbpasswd -a Pushkin-PC$ which also made me make a password. Then the script said to finalize it by doing the command smbpasswd -m Pushkin-PC$ .. but when I executed that command i got the errors: Failed to set password for user Pushkin-PC$. Failed to modify password entry for user Pushkin-PC$. I couldn't figure out why... Here's my config file.. all the uncommented parts: server string = WORKGROUP server string = Samba Server security = user hosts allow = 192.168.1 192.168.2 127. load printers = yes printing = cups log file = /var/log/samba/log.%m max log size = 50 passdb backend = tdbsam include = /usr/local/etc/smb.conf.%m local master = yes os level = 33 domain master = yes preferred master = auto domain logons = yes logon path = \\%L\Profiles\%U wins support = yes dns proxy = no add user script = /usr/local/sbin/smb-add-user %u add group script = /usr/local/sbin/smb-add-group %g add machine script = /usr/local/sbin/smb-add-machine %u add user to group script = /usr/local/sbin/smb-add-user-group %u %g delete user script = /usr/local/sbin/smb-rm-user %u delete user from group script = /usr/local/sbin/smb-rm-user-group %u %g delete group script = /usr/local/sbin/smb-rm-group %g [homes] comment = Home Directories browseable = no writeable = yes [netlogon] comment = Network Logon Service path = /usr/local/lib/samba/netlogon guest ok = yes writeable = no share modes = no [profiles] path = /usr/local/lib/samba/profiles browseable = no guest ok = yes [printers] comment =All Pringers path = /var/spool/samba browseable = no guest ok = no writeable = no printable = yes anyways, when try to connect my windows pc (Pushin-PC) to samba.. i do the following command: \\192.168.198.137\Pushkin-PC$ the ip is the freebsd's ip running samba. and I get the following error: The network path was not found. Help? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Encryption
On Tue, 01 Dec 2009 08:23:01 -0800, Jeremy Allison wrote: On Tue, Dec 01, 2009 at 10:01:57AM -0600, Cameron Laird wrote: What are the prospects for smb transport encryption? Where can I learn more? It's implemented via the UNIX extension mechanism between smbclient and smbd for versions of Samba 3.2.x and greater. Not yet implemented in the Linux CIFSFS client or MacOSX client. The encryption feature of smbclient seems really great! But it is too bad that it is only in smbclient and not in smbmount/mount.cifs. Is there any technical barrier to implementing it in smbmount? I used to use sshfs to remotely mount my home directories between different computers running Linux, but I have switched to Samba for better performance. I would like to be able to keep using Samba without worrying about the relative lack of security. (I know this isn't really Samba's fault, but a legacy of its origins.) Dan Lenski -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Encryption
On Sun, 18 Apr 2010 10:29:38 -0400, simo wrote: On Sun, 2010-04-18 at 10:05 -0400, Nico Kadel-Garcia wrote: Reviewing the docs, this tool requires Samba 3.2 or later on both the client and server sides. I'm therefore assuming that it's not compatible with a contemporary Windows fileserver: can you confirm this? Does anyone know if NetApp supports such encryption? It is an extension created by the Samba Team as part of unix extensions, and at the moment the only client that implements it is smbclient. Not even the in kernel cifs driver implements it. And we have no knowledge of any other implementer adopting it yet. Does anyone know a time-frame for inclusion of transport encryption in the kernel CIFS driver? I'm really looking forward to this feature! Dan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Serious grief with a Samba connection
OK, back at work On the Sun box: The suggested commands did not work as suggested, but I did find the proper options for this system smbd -V says 2.2.8a testparm -x says lots of stuff including encrypt passwords = yes I will talk with the network guys about NTLM - sato x gara...@gmail.com wrote: On Wed, Nov 25, 2009 at 3:21 PM, Gaiseric Vandal gaiseric.van...@gmail.com wrote: My guess is that they may have required NTLMv2 or something thing similar on the Win machines. If these machines are part of an Active Directory domain, it would be relatively easy for this to be done. http://www.dennek.com/2009/03/system-error-1240-the-account-is-not- authorized-to-login-from-this-station/ You can use gpedit.msc on XP to check your security settings. smbd -v would tell you the samba version. testparm -v | more would let you check the various settings. Are you the sys admin for the solaris box? On 11/25/09 14:52, Dan White wrote: The server is on a Sun box (uname says SunOS 5.8) I do not know what version of samba is running For the last year and a half, I have made a daily connection from a Windows XP box with the following command: new use G: \\server\volume /USER:userid password This makes a G network drive that serves the purpose. About a month ago, network folks upstream from us spewed a bunch of policy updates that caused serious trouble. The worst being mine. Now, if I try the same command on an XP box, the command executes successfully, the G-drive appears and then blinks to say Disconnected Network Drive Because some of our team use them, I tried from a Windows 2000 box. The same command responds with : System Error 1240 has occurred. The account is not authorized to log in from this station I checked the smb.conf file and found that the samba server is configured for encrypted passwords. This error makes no sense. The local network folks are convinced this is a Unix problem. Any clues out there for this clueless one ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Serious grief with a Samba connection
- Volker Lendecke volker.lende...@sernet.de wrote: On Mon, Nov 30, 2009 at 01:26:34PM +, Dan White wrote: OK, back at work On the Sun box: The suggested commands did not work as suggested, but I did find the proper options for this system smbd -V says 2.2.8a testparm -x says lots of stuff including encrypt passwords = yes I will talk with the network guys about NTLM You should also talk with your Solaris people about a newer Samba version :-) Volker Yes, but this setup DID work up until a month ago. Iit would be nice to get it working agin with a minimum of change because it is part of a development environment. “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin Hobbes) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Serious grief with a Samba connection
The server is on a Sun box (uname says SunOS 5.8) I do not know what version of samba is running For the last year and a half, I have made a daily connection from a Windows XP box with the following command: new use G: \\server\volume /USER:userid password This makes a G network drive that serves the purpose. About a month ago, network folks upstream from us spewed a bunch of policy updates that caused serious trouble. The worst being mine. Now, if I try the same command on an XP box, the command executes successfully, the G-drive appears and then blinks to say Disconnected Network Drive Because some of our team use them, I tried from a Windows 2000 box. The same command responds with : System Error 1240 has occurred. The account is not authorized to log in from this station I checked the smb.conf file and found that the samba server is configured for encrypted passwords. This error makes no sense. The local network folks are convinced this is a Unix problem. Any clues out there for this clueless one ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Serious grief with a Samba connection
Thanks for the reply ! I can try those commands on Monday -- long Thanksgiving holiday weekend. I do not have admin on the Sun box, but my tech lead does. The link says to turn off password encryption. I cannot do that. The network people (government run network) will not allow that. The samba machine is set for encrypted passwords. On Nov 25, 2009, at 3:21 PM, Gaiseric Vandal wrote: My guess is that they may have required NTLMv2 or something thing similar on the Win machines. If these machines are part of an Active Directory domain, it would be relatively easy for this to be done. http://www.dennek.com/2009/03/system-error-1240-the-account-is-not- authorized-to-login-from-this-station/ You can use gpedit.msc on XP to check your security settings. smbd -v would tell you the samba version. testparm -v | more would let you check the various settings. Are you the sys admin for the solaris box? On 11/25/09 14:52, Dan White wrote: The server is on a Sun box (uname says SunOS 5.8) I do not know what version of samba is running For the last year and a half, I have made a daily connection from a Windows XP box with the following command: new use G: \\server\volume /USER:userid password This makes a G network drive that serves the purpose. About a month ago, network folks upstream from us spewed a bunch of policy updates that caused serious trouble. The worst being mine. Now, if I try the same command on an XP box, the command executes successfully, the G-drive appears and then blinks to say Disconnected Network Drive Because some of our team use them, I tried from a Windows 2000 box. The same command responds with : System Error 1240 has occurred. The account is not authorized to log in from this station I checked the smb.conf file and found that the samba server is configured for encrypted passwords. This error makes no sense. The local network folks are convinced this is a Unix problem. Any clues out there for this clueless one ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How do I tell winbind to always send kerberos pre-auth to Active Directory DC
You might want to look at the docs for krb5.conf if there's any setting you can use to stop the non-preauth requests. I'm afraid I don't have those docs handy right now, and I'm behind a slow mobile connection. Thank you for the answer. Doesn't look like it's possible to do anything about this in the configs im afraid. If it's not possible to request pre-auth in the SASL libs I guesse I'm out of luck. Ill try to find a way to filter it from the domain controllers instead. Andreas Larsson Axis Communicatications -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] How do I tell winbind to always send kerberos pre-auth to Active Directory DC
Hi List, I have reported this issue before but I did not get an answer, ill try one more time before I register it as a bug incase I am doing something wrong. I'm evaluating the use of samba/winbind to join our linuxhosts into active directory. My testsetup use win2k3 R2 with rfc2307 schema fields populated on the server side. For the most part the project is humming along nicely. However, I have noticed that the domaincontrollers get spammed with a lot of messages in the event log. The events look like this: Failure Audit - Security - 675 Pre-Authentication failed: User Name: machineaccount$ User ID:DOMAIN\\machineaccount$ Service Name: krgtgt/DOMAIN Pre-Authentication type:0x0 Failure Code: 0x19 Client Address: ipofclient This message is not fatal in any way, all it means is that the client did not pre-authenticate it self to the domaincontroller. The domaincontroller responds to the client that it needs pre-auth to proceed, the client then supply the pre-auth info. So the error in it self is quite harmless, my concern is that its appearing a bit to often. Some clients log this message to the domaincontroller up to 10-20 times a minute, could this indicate that something is broken? My other concern is that this message will totally flood the logs of the domaincontrollers in the event of a full scale rollout on all linux clients. The solution i believe is to always send KRB5_PADATA_ENC_TIMESTAMP as pre-auth when connecting to a Active Directory domain controller. I have searched for a config option to enable this behavior without finding one. I have also searched the source code to see where the connection to the domaincontroller is set up. I have however been unsuccessful in figuring out how i tell sasl to make the connection using pre-auth. Unless i have misunderstood my problem i believe this will benefit anyone that integrate their samba machines into Active Directory. Other solutions i found via google solve the problem by disabling pre-auth all together. This solution is totally unacceptable from a security point of view. For reference i have used samba 3.2.5 from debian lenny and samba 3.3.3 from lenny backports to test this. Any advice on how to proceed would be appreciated. Andreas Larsson -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Cannot Access Workgroup shares
Hello All, I have set up samba server 3.0.33-0.fc8 and successfully created a share accessible by all machines in my workgroup. When I open up network on my linux box I can see all other machines in the workgroup. I have set up other shares on other machines and am able to see them but when I try to open the share from linux I get login message. I do not want to have to log in from linux. I have set up the shares on the windows machines to be accessible to everyone. TIA for any and all advice. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Cannot Access Workgroup shares
Thanks! -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Jonathon Doran Sent: Wednesday, July 29, 2009 3:29 PM To: samba@lists.samba.org Subject: Re: [Samba] Cannot Access Workgroup shares Quoting Dan Grindstaff d...@oakrun.net: Hello All, I have set up samba server 3.0.33-0.fc8 and successfully created a share accessible by all machines in my workgroup. When I open up network on my linux box I can see all other machines in the workgroup. I have set up other shares on other machines and am able to see them but when I try to open the share from linux I get login message. I do not want to have to log in from linux. I have set up the shares on the windows machines to be accessible to everyone. TIA for any and all advice. Well the Linux client behavior probably has little to do with the server side. You might consider providing credentials in /etc/fstab and mount the shares that way. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Cannot start nmbd - deleted pid file and restarted all services with no luck.
I have trouble with the Samba server for RH FC8. I keep getting a message that nmbd service is dead but pid exists. I have researched and found that I can delete pid, stop all services and restart but I have tried this with no luck. TIA for any advice. ___ Dan Grindstaff Oak Run Computer Associates, Inc. [EMAIL PROTECTED] cell: (651)214-2895 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Bad certificate at lists.samba.org?
I can't easily access the list management page because Firefox 3 complains bitterly that the certificate for https://lists.samba.org is invalid. How much would it cost to get that site a proper certificate? - Dan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] multiple smb commands (some non AndX) in one packet
On Fri, Jun 6, 2008 at 1:54 AM, Volker Lendecke [EMAIL PROTECTED] wrote: Well, maybe 10MB before the reconnect, bzip2 -9 and you can send it directly to me :-) rzip often compresses log files better than bzip2... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] push install software with samba
On Thu, Jun 5, 2008 at 1:33 PM, dnk [EMAIL PROTECTED] wrote: I used to have a book mark for an open source piece of software that could be used in conjunction with samba to push install software (that supported unattended installs) and windows updates (I think). I for the life of me can not remember what it is called. Probably http://wpkg.org/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Listing shadow copy directories from Linux CIFS client?
We've been fooling around with the shadow copy module lately, and have more or less made it easy for users of our package to export filesystems with snapshots via samba; see our recipe at http://zumastor.googlecode.com/svn/branches/0.8/doc/zumastor-howto.html#_export_a_zumastor_volume_via_samba And we've successfully accessed the snapshots from Windows clients. Question: how to access the snapshots from Linux cifs clients? One would expect the @GMT... directories to be visible in the top of the exported share... but first report is that they're not there. Are we confused, or are those directories hidden somehow? Thanks, Dan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] got stuck in setting up samba to linux box through putty tunneling
I read the posting below. but I have not figured out why my vista pc won't work. here is what I did - 1. I disable window file sharing; 2. in putty, i add a tunnel: source port: 445 destination port: my linux box IP: 139 I forward 80. i see http://127.0.0.1 yields my web server's start page. 3 i also use secpol.msc and change local policies - security options. By default Windows Vista sets the policy to NTVLM2 responses only. Change this to LM and NTLM – use NTLMV2 session security if negotiated. 4. i start a putty session and login in. 5. i try to use this command: net use Z: \\127.0.0.1\myid /user:myid i was prompted to input the password. I input the right passwords. it failed. i got again asked about passwd. I input again and fail again. this time, it shows an error msg: System error 86 has occurred. The specificed network password is not correct. 6. for my vista pc, i use a cisco 800 router from my cable company. Can anyone help find out what is wrong? thank you, Dan - Well, it looks like I needed to forward port 445. I have it working now. Thanks! Charles Bueche wrote: Hi, I would check to forward port 445. XP tries this one before 139 and friends. Are you sure that your remote Samba listen on 127.0.0.1 ? Show us your smb.conf Charles On 5 mars 07, at 07:47, Richard D. Morey wrote: After having scoured the net for a way to do SMB over SSH with Windows, I've tried everything I have found and I still can't get it to work. I'm using Windows Vista as the client and FC6 with Samba 3.0.24-1 as the server. I have set up a share and can successfully connect to that share with no ssh tunnel. I would like to tunnel SMB over SSH, so here is what I have tried: 1. Disabling Windows File Sharing with net stop server. Then, using puTTY, I connect with my ports forwarded. I forward 80 and 139. http://127.0.0.1; yields my web server's start page, so I know forwarding is working. When I telnet 127.0.0.1 139 it connects to the SMB server successfully. netstat -ano reveals that 127.0.0.1:80 and 127.0.0.1:139 are listening with puTTY. However, trying to map a network drive fails. \\127.0.0.1\share yields the error The specified network name is no longer available. or Network path not found. I know the share is working because I can access it without SSH at the same time. Here are two lines from netstat when I have the telnet session open: tcp 0 0 127.0.0.1:45535 127.0.0.1:139 ESTABLISHED tcp 0 0 127.0.0.1:139 127.0.0.1:45535 ESTABLISHED 2. I have tried adding the loopback device as detailed all over the web (ie http://www.blisstonia.com/eolson/notes/smboverssh.php , http://www.cheswick.com/ches/cheap/tunnelprob.html) When I do this, I can access the webserver via the loopback device but telnet 10.0.0.1 139 times out. However, puTTY appears to be listening on 10.0.0.1:80 and 10.0.0.1:139. I cannot add the share either. I have done everything I can think of to get this to work. In addition, I have disabled Windows listening on port 445 (as suggested in one of the guides) I have tried giving puTTY the actually IP of the samba server as the destination, I have ensured that 127. is allowed by the smb.conf... What could be going wrong here? Any ideas? Thanks, Richard --Richard D. Morey, M.A. Research Assistant, Perception and Cognition Lab University of Missouri-Columbia --To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba --Charles Bueche charles at bueche.ch sand, snow, wave, wind and net -surfer A-Cat SUI 192 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] two questions
1. I just found out port 445 and 139 are both blocked by my ISP (cablevision). i use Vista Ultimate. Is there a way to solve my problem? see my email below. 2. I am a new user of this mailing list. how can i read the postings and reply to a post? it does not seem allow me to reply to a post in your archive page. thanks, Dan -- I read the posting below. but I have not figured out why my vista pc won't work. here is what I did - 1. I disable window file sharing; 2. in putty, i add a tunnel: source port: 445 destination port: my linux box IP: 139 I forward 80. i see http://127.0.0.1 yields my web server's start page. 3 i also use secpol.msc and change local policies - security options. By default Windows Vista sets the policy to NTVLM2 responses only. Change this to LM and NTLM – use NTLMV2 session security if negotiated. 4. i start a putty session and login in. 5. i try to use this command: net use Z: \\127.0.0.1\myid /user:myid i was prompted to input the password. I input the right passwords. it failed. i got again asked about passwd. I input again and fail again. this time, it shows an error msg: System error 86 has occurred. The specificed network password is not correct. 6. for my vista pc, i use a cisco 800 router from my cable company. Can anyone help find out what is wrong? thank you, Dan - Well, it looks like I needed to forward port 445. I have it working now. Thanks! Charles Bueche wrote: Hi, I would check to forward port 445. XP tries this one before 139 and friends. Are you sure that your remote Samba listen on 127.0.0.1 ? Show us your smb.conf Charles On 5 mars 07, at 07:47, Richard D. Morey wrote: After having scoured the net for a way to do SMB over SSH with Windows, I've tried everything I have found and I still can't get it to work. I'm using Windows Vista as the client and FC6 with Samba 3.0.24-1 as the server. I have set up a share and can successfully connect to that share with no ssh tunnel. I would like to tunnel SMB over SSH, so here is what I have tried: 1. Disabling Windows File Sharing with net stop server. Then, using puTTY, I connect with my ports forwarded. I forward 80 and 139. http://127.0.0.1; yields my web server's start page, so I know forwarding is working. When I telnet 127.0.0.1 139 it connects to the SMB server successfully. netstat -ano reveals that 127.0.0.1:80 and 127.0.0.1:139 are listening with puTTY. However, trying to map a network drive fails. \\127.0.0.1\share yields the error The specified network name is no longer available. or Network path not found. I know the share is working because I can access it without SSH at the same time. Here are two lines from netstat when I have the telnet session open: tcp 0 0 127.0.0.1:45535 127.0.0.1:139 ESTABLISHED tcp 0 0 127.0.0.1:139 127.0.0.1:45535 ESTABLISHED 2. I have tried adding the loopback device as detailed all over the web (ie http://www.blisstonia.com/eolson/notes/smboverssh.php , http://www.cheswick.com/ches/cheap/tunnelprob.html) When I do this, I can access the webserver via the loopback device but telnet 10.0.0.1 139 times out. However, puTTY appears to be listening on 10.0.0.1:80 and 10.0.0.1:139. I cannot add the share either. I have done everything I can think of to get this to work. In addition, I have disabled Windows listening on port 445 (as suggested in one of the guides) I have tried giving puTTY the actually IP of the samba server as the destination, I have ensured that 127. is allowed by the smb.conf... What could be going wrong here? Any ideas? Thanks, Richard --Richard D. Morey, M.A. Research Assistant, Perception and Cognition Lab University of Missouri-Columbia --To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba --Charles Bueche charles at bueche.ch sand, snow, wave, wind and net -surfer A-Cat SUI 192 * Previous message: [Samba] Samba and Win98 * Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] More informat -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] CIFS Duplicating the Mount Point
My file server (Debian stable; SMB 3.0.24) has several CIFS shares, one of which is named music. My desktop client (Ubuntu gutsy, SMB 3.0.26a) can mount the music share as either CIFS of SMBFS, but when mounted using CIFS, something very weird happens - data in the root of the share appears in 2nd-level folders in the share when the name is the same (using a case insensitive comparison). When mounted Under SMBFS, it works as expected. For instance, I have the following directory structure: music |- 311 |- Music |- songs, etc. |- other albums, etc. |- other bands, etc. When the music share is mounted using CIFS, it appears as: music |- 311 |- Music |- 311 |- Music |- songs, etc. |- other bands, etc. After a quick test, the problem seems to be with the subfolder with the same name as the share (case insensitive comparison). Even stranger, this issue only appears with folders named music on the 2nd level: music/music and music/test1/test2/Music both work as expected. Do I have something misconfigured, a known issue, or a bug (or something else entirely)? Windows machines can use the share properly. I can post my server's configuration files if someone is interested. Thanks, Dan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: weird smbclient authentication problem NT_STATUS_LOGON_FAILURE
never mind. didn't receive all log files. the traces were scattered to different log files due to log file being defined with %m macro. On Nov 6, 2007 9:36 PM, Dan Wong [EMAIL PROTECTED] wrote: I've installed samba 3.0.25c and did a net ads join successfully to Windows 2003 PDC. wbinfo -u list all users in windows domain correctly. I've disabled winbind enum user/groups because wbinfo -u would time out due to large number of users/groups. when I execute smbclient -L localhost -U testuser on the local samba server I get NT_STATUS_LOGON_FAILURE I am absolutely sure that the password is correct. On the Windows Domain Controller, in the event logs under security, I saw a successful logon entry for testuser. this event was right after I executed smbclient command. I was actually expecting to see two succesfull logon events (samba tries twice I believe). I have log level =10 auth:10 the last trace in the log file was: libsmb/ntlmssp.c:ntlmssp_server_auth(739) Got user=[testuser] domain=[D1] workstation=[WS1] len1=24 len2=96 There were no traces of make_user_info_map and check_ntlm_password. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] weird smbclient authentication problem NT_STATUS_LOGON_FAILURE
I've installed samba 3.0.25c and did a net ads join successfully to Windows 2003 PDC. wbinfo -u list all users in windows domain correctly. I've disabled winbind enum user/groups because wbinfo -u would time out due to large number of users/groups. when I execute smbclient -L localhost -U testuser on the local samba server I get NT_STATUS_LOGON_FAILURE I am absolutely sure that the password is correct. On the Windows Domain Controller, in the event logs under security, I saw a successful logon entry for testuser. this event was right after I executed smbclient command. I was actually expecting to see two succesfull logon events (samba tries twice I believe). I have log level =10 auth:10 the last trace in the log file was: libsmb/ntlmssp.c:ntlmssp_server_auth(739) Got user=[testuser] domain=[D1] workstation=[WS1] len1=24 len2=96 There were no traces of make_user_info_map and check_ntlm_password. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] question about smb flag2
I'm trying to get authentication to work with security=ADS with samba 3.0.25b The ads join worked and wbinfo -u sees all users correctly. smbclient -L localhost with user/password failed with NT_STATUS_LOGON_FAILURE I know for sure that user/password is correct. I turned up samba logging and found that make_user_info_map and check_ntlm_password was never called (no traces in log file). I'm thinking that samba is trying to authenticate with the local passdb due to some stale configuration problems. From the logs I saw smbd/sesssetup.c:reply_sesssetup_and_x(1244) wct=12 flg2=0xc801 what is flg2 and does that indicate anything about authenticating locally with passdb? on another samba server authenticating correctly with AD flg2=0xc805. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Issue with Samba version 3.0.25b on Debian
On Sat, Aug 11, 2007 at 10:24:07PM +0100, Dan Peachey wrote: I have an issue with Samba version 3.0.25b on Debian. I am receiving a number of mails from my server with the following: The Samba 'panic action' script, /usr/share/samba/panic-action, was called for PID 18483 (). We need a backtrace from that. The log file should have it. Thanks for the reply. Here is the backtrace info from the log file: -- [2007/08/08 08:49:54, 1] smbd/service.c:make_connection_snum(1033) ian (192.168.1.35) connect to service shared initially as user ianlang (uid=1005, gid=106) (pid 18483) [2007/08/08 09:00:43, 0] lib/util.c:smb_panic(1632) PANIC (pid 18483): Could not store share mode entry [2007/08/08 09:00:43, 0] lib/util.c:log_stack_trace(1736) BACKTRACE: 11 stack frames: #0 /usr/sbin/smbd(log_stack_trace+0x2d) [0x827c5cd] #1 /usr/sbin/smbd(smb_panic+0x5d) [0x827c6fd] #2 /usr/sbin/smbd [0x8220b28] #3 /usr/sbin/smbd(talloc_free+0x1c1) [0x8261a81] #4 /usr/sbin/smbd(open_directory+0x5e4) [0x80f4be4] #5 /usr/sbin/smbd(reply_ntcreate_and_X+0x10b5) [0x80c1105] #6 /usr/sbin/smbd [0x810ace0] #7 /usr/sbin/smbd(smbd_process+0x836) [0x810c076] #8 /usr/sbin/smbd(main+0xbdd) [0x834ffad] #9 /lib/libc.so.6(__libc_start_main+0xe0) [0xb7b4b030] #10 /usr/sbin/smbd [0x8093f31] [2007/08/08 09:00:43, 0] lib/util.c:smb_panic(1637) smb_panic(): calling panic action [/usr/share/samba/panic-action 18483] [2007/08/08 09:00:43, 0] lib/util.c:smb_panic(1645) smb_panic(): action returned status 0 [2007/08/08 09:00:43, 0] lib/fault.c:dump_core(181) dumping core in /var/log/samba/cores/smbd -- Also, when running 'smbstatus' I get the following at the bottom of the output: -- tdb(/var/run/samba/locking.tdb): tdb_rec_read bad magic 0xd9fee666 at offset=678200 locked file list truncated That's not desirable, but normal. smbstatus opens the tdbs readonly, which means no locking. When there's heavy activity on a larger file server, these messages are possible. It should not happen in quiet periods. I just checked now which is a quiet period and indeed, the messages do not show. One less thing to worry about :-) Regards, Dan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Issue with Samba version 3.0.25b on Debian
On Sun, Aug 12, 2007 at 09:12:58AM +0100, Dan Peachey wrote: Thanks for the reply. Here is the backtrace info from the log file: -- [2007/08/08 08:49:54, 1] smbd/service.c:make_connection_snum(1033) ian (192.168.1.35) connect to service shared initially as user ianlang (uid=1005, gid=106) (pid 18483) [2007/08/08 09:00:43, 0] lib/util.c:smb_panic(1632) PANIC (pid 18483): Could not store share mode entry Is it possible that the file system where you store the locking.tdb is full? Volker Hi, It is OK, there is a lot of space left on the disk. Regards, Dan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Issue with Samba version 3.0.25b on Debian
On Sun, Aug 12, 2007 at 10:31:47AM +0100, Dan Peachey wrote: It is OK, there is a lot of space left on the disk. The next most likely reason is that you locking.tdb is indeed corrupt. reiserfs? Does it become better if you shut down smbd, delete it and restart smbd? Voler I'm using ext3 with RAID1. Here are some more details: -- server01:/home/dan# df -h FilesystemSize Used Avail Use% Mounted on /dev/md0 72G 15G 54G 21% / tmpfs 248M 0 248M 0% /lib/init/rw udev 10M 60K 10M 1% /dev tmpfs 248M 0 248M 0% /dev/shm server01:/home/dan# mdadm --detail /dev/md0 /dev/md0: Version : 00.90.03 Creation Time : Fri Apr 22 15:38:44 2005 Raid Level : raid1 Array Size : 76172096 (72.64 GiB 78.00 GB) Device Size : 76172096 (72.64 GiB 78.00 GB) Raid Devices : 2 Total Devices : 2 Preferred Minor : 0 Persistence : Superblock is persistent Update Time : Sun Aug 12 13:43:09 2007 State : clean Active Devices : 2 Working Devices : 2 Failed Devices : 0 Spare Devices : 0 UUID : 2fae712e:5c464738:f87979ca:777de3c9 Events : 0.6969538 Number Major Minor RaidDevice State 0 820 active sync /dev/sda2 1 8 181 active sync /dev/sdb2 -- I have deleted the locking.tdb like you have said. I will monitor from now and report back. Tomorrow the users will start using the files again. Regards, Dan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Issue with Samba version 3.0.25b on Debian
Hi, I have an issue with Samba version 3.0.25b on Debian. I am receiving a number of mails from my server with the following: The Samba 'panic action' script, /usr/share/samba/panic-action, was called for PID 18483 (). This means there was a problem with the program, such as a segfault. However, the executable could not be found for process 18483. It may have died unexpectedly, or you may not have permission to debug the process. Also, when running 'smbstatus' I get the following at the bottom of the output: -- tdb(/var/run/samba/locking.tdb): tdb_rec_read bad magic 0xd9fee666 at offset=678200 locked file list truncated -- I'm not sure what's happening here as it only seems to do this once in a while. If I restart samaba it will be OK for a week or so but then I will have users report that open files are locking up etc, then I start receiving the panic e-mails and have to restart the process again. I am away until next Monday now but will reply on return, in the meantime I'd be most grateful if anyone can help me out with this issue! Regards, Dan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] NTLM proxy auth against a Samba 3 server
Hi, Is it possible to configure NTLM HTTP proxy authentication using the winbind/squid ntlm_auth helper, to authenticate users against a Samba 3 server? I already have the NTLM auth working against a Windows 2003 Active Directory, but I also have a completely separate Samba 3 server that I would also like to configure NTLM proxy authentication against. Please advise, as I can't find anything on the web about this. Regards, Dan... -- Dan Searle Adelix Ltd [EMAIL PROTECTED] web: www.adelix.com tel: 0845 230 9590 / fax: 0845 230 9591 / support: 0845 230 9592 snail: The Old Post Office, Bristol Rd, Hambrook, Bristol BS16 1RY. UK. Adelix Ltd is a registered company in England Wales No. 4232156 VAT registration number 779 4232 91 Adelix Ltd is BS EN ISO 9001:2000 Certified (No. GB 12763) Any views expressed in this email communication are those of the individual sender, except where the sender specifically states them to be the views of a member of Adelix Ltd. Adelix Ltd. does not represent, warrant or guarantee that the integrity of this communication has been maintained nor that the communication is free of errors or interference. Scanned for viruses, spam and offensive content by CensorNet MailSafe Professional Web E-mail Filtering from www.censornet.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NTLM proxy auth against a Samba 3 server
Hi, No, I have the ntlm_auth daemon working fine, authenticating squid proxy users against a Windows 2003 Active Directory server, however I want to replicate this functionality replacing the Windows 2003 server with a Samba 3 server. I.e. is it possible for a Samba 3 server to be the authentication server for the winbindd/ntlm_auth tools? Regards, Dan... Tuesday, August 7, 2007, 11:26:11 AM, you wrote: Quoting Dan Searle [EMAIL PROTECTED]: Do you mean this? http://adldap.sourceforge.net/mod_auth_ntlm_winbind.php Hi, Is it possible to configure NTLM HTTP proxy authentication using the winbind/squid ntlm_auth helper, to authenticate users against a Samba 3 server? I already have the NTLM auth working against a Windows 2003 Active Directory, but I also have a completely separate Samba 3 server that I would also like to configure NTLM proxy authentication against. Please advise, as I can't find anything on the web about this. Regards, Dan... -- Dan Searle Adelix Ltd [EMAIL PROTECTED] web: www.adelix.com tel: 0845 230 9590 / fax: 0845 230 9591 / support: 0845 230 9592 snail: The Old Post Office, Bristol Rd, Hambrook, Bristol BS16 1RY. UK. Adelix Ltd is a registered company in England Wales No. 4232156 VAT registration number 779 4232 91 Adelix Ltd is BS EN ISO 9001:2000 Certified (No. GB 12763) Any views expressed in this email communication are those of the individual sender, except where the sender specifically states them to be the views of a member of Adelix Ltd. Adelix Ltd. does not represent, warrant or guarantee that the integrity of this communication has been maintained nor that the communication is free of errors or interference. Scanned for viruses, spam and offensive content by CensorNet MailSafe Professional Web E-mail Filtering from www.censornet.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- Pau Garcia i Quiles http://www.elpauer.org (Due to my workload, I may need 10 days to answer) -- Dan Searle Adelix Ltd [EMAIL PROTECTED] web: www.adelix.com tel: 0845 230 9590 / fax: 0845 230 9591 / support: 0845 230 9592 snail: The Old Post Office, Bristol Rd, Hambrook, Bristol BS16 1RY. UK. Adelix Ltd is a registered company in England Wales No. 4232156 VAT registration number 779 4232 91 Adelix Ltd is BS EN ISO 9001:2000 Certified (No. GB 12763) Any views expressed in this email communication are those of the individual sender, except where the sender specifically states them to be the views of a member of Adelix Ltd. Adelix Ltd. does not represent, warrant or guarantee that the integrity of this communication has been maintained nor that the communication is free of errors or interference. Scanned for viruses, spam and offensive content by CensorNet MailSafe Professional Web E-mail Filtering from www.censornet.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NTLM proxy auth against a Samba 3 server
Hi, Erm, ok, so can you point me in the right direction? If I already have a working NTLM authentication system with squid, ntlm_auth, winbindd running against a windows 2003 server, what do I need to change to make it authenticate against a samba 3 server? I would have tried this myself but I can find no docs anywhere that explain how to do it. Dan... Tuesday, August 7, 2007, 4:24:21 PM, you wrote: No, I have the ntlm_auth daemon working fine, authenticating squid proxy users against a Windows 2003 Active Directory server, however I want to replicate this functionality replacing the Windows 2003 server with a Samba 3 server. I.e. is it possible for a Samba 3 server to be the authentication server for the winbindd/ntlm_auth tools? Yes. -- Adam Tauno Williams, Network Systems Administrator Consultant - http://www.whitemiceconsulting.com Developer - http://www.opengroupware.org -- Dan Searle Adelix Ltd [EMAIL PROTECTED] web: www.adelix.com tel: 0845 230 9590 / fax: 0845 230 9591 / support: 0845 230 9592 snail: The Old Post Office, Bristol Rd, Hambrook, Bristol BS16 1RY. UK. Adelix Ltd is a registered company in England Wales No. 4232156 VAT registration number 779 4232 91 Adelix Ltd is BS EN ISO 9001:2000 Certified (No. GB 12763) Any views expressed in this email communication are those of the individual sender, except where the sender specifically states them to be the views of a member of Adelix Ltd. Adelix Ltd. does not represent, warrant or guarantee that the integrity of this communication has been maintained nor that the communication is free of errors or interference. Scanned for viruses, spam and offensive content by CensorNet MailSafe Professional Web E-mail Filtering from www.censornet.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] The Domain THUNDER is not abaliable
Good day. I am relatively new with samba, I can get a single server configuration of samba to work. However now I am trying to get single sign ons with roaming profiles to work. I can join the domain without problems. However when I restart and then type THUNDER\dan and my password into the login screen (as the domain entry box does not show up) I get the error The system cannot log you on now because the domain THUNDER is not avaliable.. This error still happens even though I can browse the file server portion of the server. My goals with this server are to have my login accounts set on the one server and logged on to by Windows XP Pro, and Mac OS X eventually. The following is my smb.conf file, it is mostly a copy of one I found in a HOW-TO on the internet, most options I do not understand. [global] workgroup = THUNDER netbios name = %h server string = %h passdb backend = tdbsam security = user username map = /etc/samba/smbusers name resolve order = wins bcast hosts domain logons = yes preferred master = yes wins support = yes # Set CUPS for printing printcap name = CUPS printing = CUPS # Default logon logon drive = H: logon script = scripts/logon.bat logon path = \\THUNDER\profile\%U # Useradd scripts add user script = /usr/sbin/useradd -m %u delete user script = /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupdel %g add user to group script = /usr/sbin/usermod -G %g %u add machine script = /usr/sbin/useradd -s /bin/false/ -d /var/lib/nobody %u idmap uid = 15000-2 idmap gid = 15000-2 # sync smb passwords woth linux passwords passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . passwd chat debug = yes unix password sync = yes # set the loglevel log level = 3 [homes] comment = Home valid users = %S read only = no browsable = no [Data] comment = Data Share path = /media/Thunder read only = no browsable = yes writable = yes [printers] comment = All Printers path = /var/spool/samba printable = yes guest ok = yes browsable = no [netlogon] comment = Network Logon Service path = /home/samba/netlogon admin users = Administrator valid users = %U read only = no [profile] comment = User profiles path = /home/samba/profiles valid users = %U create mode = 0600 directory mode = 0700 writable = yes browsable = no [profiles] comment = User profiles path = /home/samba/profiles valid users = %U create mode = 0600 directory mode = 0700 writable = yes browsable = no If you require any other information I will be more then happy to provide it, simply say the word. Thank you for your time, it is much appreciated. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3.0.2a on Aix 5.2
We have samba 3.0.2a running on Aix 5.1. We will be going to AIX 5.2. Trying to find out if Samba 3.0.2a is compatible with AIX 5.2. Thank You! Dan Pecina Unix Administrator/Operations Supervisor John B. Sanfilippo Son, Inc. (847) 214-4621 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] [SOLVED] Re: Active Directory authentication no longer works
After days of banging my head against my desk we've managed to find the
cause of the issue.
The problem was in the group policy on the domain controllers, under
Default Domain Controller Security Settings - Local Policies -
Security Options:
Allow anonymous SID/Name translation: Was set to disabled
Do not allow anonymous enumeration of SAM accounts and Shares: Was Enabled
once we changed these (and disabled the No Override bit on the default
domain policy). Everything started working again.
Hope this helps someone else.
Regards,
Dan
Dan O'Brien wrote:
Hello all,
I have 3 Linux boxes all authenticating against 2 Windows 2003 domain
controllers. Each Linux box is running a different Linux and samba version:
Box1: CentOS 3.4 3.0.25-7
Box2: CentOS 4.4 3.0.10-1
Box3: CentOS 5 3.0.23c-2
Their smb.conf and krb5.conf files are all identical (below). A few days
ago authentication stopped working and my /var/log/messages fills up
with signing_good: BAD SIG: seq 1 and SMB Signature verification
failed on incoming packet! errors. When someone tries to log into one
of the machines i get an internal module error and
NT_STATUS_LOGON_TYPE_NOT_GRANTED messages.
I've been on this for 2 full days now, I've tried everything I could
think of. Any help would be appreciated.
Regards,
Dan O'Brien
(conf files and messaeges below)
/var/log/messages
...
May 21 16:58:13 scandium winbindd[14882]: [2007/05/21 16:58:13, 0]
libsmb/smb_signing.c:signing_good(240)
May 21 16:58:13 scandium winbindd[14882]: signing_good: BAD SIG: seq 1
May 21 16:58:13 scandium winbindd[14882]: [2007/05/21 16:58:13, 0]
libsmb/clientgen.c:cli_receive_smb(121)
May 21 16:58:13 scandium winbindd[14882]: SMB Signature verification
failed on incoming packet!
May 21 16:58:13 scandium winbindd[14882]: [2007/05/21 16:58:13, 0]
libsmb/smb_signing.c:signing_good(240)
May 21 16:58:13 scandium winbindd[14882]: signing_good: BAD SIG: seq 1
May 21 16:58:13 scandium winbindd[14882]: [2007/05/21 16:58:13, 0]
libsmb/clientgen.c:cli_receive_smb(121)
May 21 16:58:13 scandium winbindd[14882]: SMB Signature verification
failed on incoming packet!
May 21 16:58:13 scandium winbindd[14882]: [2007/05/21 16:58:13, 0]
libsmb/smb_signing.c:signing_good(240)
May 21 16:58:13 scandium winbindd[14882]: signing_good: BAD SIG: seq 1
May 21 16:58:13 scandium winbindd[14882]: [2007/05/21 16:58:13, 0]
libsmb/clientgen.c:cli_receive_smb(121)
May 21 16:58:13 scandium winbindd[14882]: SMB Signature verification
failed on incoming packet!
May 21 16:58:13 scandium pam_winbind[17827]: request failed:
NT_STATUS_LOGON_TYPE_NOT_GRANTED, PAM error was 4, NT error was
NT_STATUS_LOGON_TYPE_NOT_GRANTED
May 21 16:58:13 scandium pam_winbind[17827]: internal module error
(retval = 4, user = `user'
krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = MYDOMAIN.COM
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
MYDOMAIN.COM = {
kdc = mydomain.com
admin_server = dc1.mydomain.com
default_domain = mydomain.com
kdc = dc1.mydomain.com
kdc = dc2.mydomain.com
}
[domain_realm]
.mydomain.com = MYDOMAIN.COM
mydomain.com = MYDOMAIN.COM
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
smb.conf
[global]
realm = MYDOMAIN.COM
workgroup = mydomain
server string = Scandium
security = ADS
idmap uid = 1-2
idmap gid = 1-2
template shell = /bin/bash
template homedir = /home/%U
winbind use default domain = yes
printcap name = /etc/printcap
load printers = yes
cups options = raw
log level = 9
log file = /var/log/samba/%m.log
max log size = 50
password server = dc2.mydomain.com dc2.mydomain.com
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
local master = no
domain master = no
preferred master = no
dns proxy = no
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Active Directory authentication no longer works
Hello all,
I have 3 Linux boxes all authenticating against 2 Windows 2003 domain
controllers. Each Linux box is running a different Linux and samba version:
Box1: CentOS 3.4 3.0.25-7
Box2: CentOS 4.4 3.0.10-1
Box3: CentOS 5 3.0.23c-2
Their smb.conf and krb5.conf files are all identical (below). A few days
ago authentication stopped working and my /var/log/messages fills up
with signing_good: BAD SIG: seq 1 and SMB Signature verification
failed on incoming packet! errors. When someone tries to log into one
of the machines i get an internal module error and
NT_STATUS_LOGON_TYPE_NOT_GRANTED messages.
I've been on this for 2 full days now, I've tried everything I could
think of. Any help would be appreciated.
Regards,
Dan O'Brien
(conf files and messaeges below)
/var/log/messages
...
May 21 16:58:13 scandium winbindd[14882]: [2007/05/21 16:58:13, 0]
libsmb/smb_signing.c:signing_good(240)
May 21 16:58:13 scandium winbindd[14882]: signing_good: BAD SIG: seq 1
May 21 16:58:13 scandium winbindd[14882]: [2007/05/21 16:58:13, 0]
libsmb/clientgen.c:cli_receive_smb(121)
May 21 16:58:13 scandium winbindd[14882]: SMB Signature verification
failed on incoming packet!
May 21 16:58:13 scandium winbindd[14882]: [2007/05/21 16:58:13, 0]
libsmb/smb_signing.c:signing_good(240)
May 21 16:58:13 scandium winbindd[14882]: signing_good: BAD SIG: seq 1
May 21 16:58:13 scandium winbindd[14882]: [2007/05/21 16:58:13, 0]
libsmb/clientgen.c:cli_receive_smb(121)
May 21 16:58:13 scandium winbindd[14882]: SMB Signature verification
failed on incoming packet!
May 21 16:58:13 scandium winbindd[14882]: [2007/05/21 16:58:13, 0]
libsmb/smb_signing.c:signing_good(240)
May 21 16:58:13 scandium winbindd[14882]: signing_good: BAD SIG: seq 1
May 21 16:58:13 scandium winbindd[14882]: [2007/05/21 16:58:13, 0]
libsmb/clientgen.c:cli_receive_smb(121)
May 21 16:58:13 scandium winbindd[14882]: SMB Signature verification
failed on incoming packet!
May 21 16:58:13 scandium pam_winbind[17827]: request failed:
NT_STATUS_LOGON_TYPE_NOT_GRANTED, PAM error was 4, NT error was
NT_STATUS_LOGON_TYPE_NOT_GRANTED
May 21 16:58:13 scandium pam_winbind[17827]: internal module error
(retval = 4, user = `user'
krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = MYDOMAIN.COM
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
MYDOMAIN.COM = {
kdc = mydomain.com
admin_server = dc1.mydomain.com
default_domain = mydomain.com
kdc = dc1.mydomain.com
kdc = dc2.mydomain.com
}
[domain_realm]
.mydomain.com = MYDOMAIN.COM
mydomain.com = MYDOMAIN.COM
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
smb.conf
[global]
realm = MYDOMAIN.COM
workgroup = mydomain
server string = Scandium
security = ADS
idmap uid = 1-2
idmap gid = 1-2
template shell = /bin/bash
template homedir = /home/%U
winbind use default domain = yes
printcap name = /etc/printcap
load printers = yes
cups options = raw
log level = 9
log file = /var/log/samba/%m.log
max log size = 50
password server = dc2.mydomain.com dc2.mydomain.com
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
local master = no
domain master = no
preferred master = no
dns proxy = no
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Can copy to test share, but not read, move or delete
Service (Trailrunner, Samba 3.0.23c-2.el5.2 on (trailrunner)) Anonymous login successful Domain=[DJ14847] OS=[Unix] Server=[Samba 3.0.23c-2.el5.2] Server Comment ---- TRAILRUNNER Trailrunner, Samba 3.0.23c-2.el5.2 on (trailrunn WorkgroupMaster ---- DJ14847 But if I try with 'trailrunner' in place of 10.20.30.45 it times out. I can see the shares though - but I have no luck at all attempting to connect to my home directory - my test directories are also not working quite right. The permissions for each are as follows (yes I set rights to 777 for testing purposes) for [temp] path = /sambatest drwxrwxrwx 2 root root 4096 Apr 29 15:40 sambatest for [test] path = /export/test drwxrwxrwx 2 root root 4096 Apr 29 15:15 test I can copy files into [test] or into [temp] but I can't copy anything from either share back to my Win2000 workstation or my Apple MacBook. I also can't delete anything or open anything, or copy (drag and drop) between the shares. Say I try and copy a file wdw rates.pdf between them - then I get the following: [2007/04/29 15:44:41, 3] smbd/trans2.c:call_trans2qfilepathinfo(2908) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2007/04/29 15:44:41, 3] smbd/msdfs.c:dfs_redirect(435) dfs_redirect: Not redirecting Trailrunner/test/Trailrunner/test/WDW rates.pdf. [2007/04/29 15:44:41, 3] smbd/msdfs.c:dfs_redirect(439) dfs_redirect: Path converted to non-dfs path Trailrunner/test/WDW rates.pdf [2007/04/29 15:44:41, 3] smbd/error.c:error_packet(146) error packet at smbd/trans2.c(2919) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_PATH_NOT_FOUND [2007/04/29 15:44:41, 3] smbd/process.c:process_smb(1110) Transaction 267 of length 152 [2007/04/29 15:44:41, 3] smbd/process.c:switch_message(914) switch message SMBntcreateX (pid 6008) conn 0x9755c80 [2007/04/29 15:44:41, 3] smbd/msdfs.c:dfs_redirect(435) dfs_redirect: Not redirecting Trailrunner/test/WDW rates.pdf. [2007/04/29 15:44:41, 3] smbd/msdfs.c:dfs_redirect(439) dfs_redirect: Path converted to non-dfs path WDW rates.pdf [2007/04/29 15:44:41, 3] smbd/dosmode.c:unix_mode(147) unix_mode(WDW rates.pdf) returning 0744 [2007/04/29 15:44:41, 3] smbd/open.c:open_file(278) Error opening file WDW rates.pdf (Permission denied) (local_flags=0) (flags=0) [2007/04/29 15:44:41, 3] smbd/error.c:unix_error_packet(90) unix_error_packet: error string = Permission denied [2007/04/29 15:44:41, 3] smbd/error.c:error_packet(146) error packet at smbd/trans2.c(2682) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED If I attempt to connect to my home directory, the log shows the following: [2007/04/29 15:29:10, 3] smbd/service.c:make_connection_snum(752) Connect path is '/home/dan' for service [dan] [2007/04/29 15:29:10, 3] lib/util_seaccess.c:se_access_check(250) [2007/04/29 15:29:10, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-2148115504-1604552216-1780682046-2000 se_access_check: also S-1-22-2-500 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-22-2-10 [2007/04/29 15:29:10, 3] smbd/vfs.c:vfs_init_default(219) Initialising default vfs hooks [2007/04/29 15:29:10, 3] lib/util_seaccess.c:se_access_check(250) [2007/04/29 15:29:10, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-2148115504-1604552216-1780682046-2000 se_access_check: also S-1-22-2-500 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-22-2-10 [2007/04/29 15:29:10, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (500, 500) - sec_ctx_stack_ndx = 0 [2007/04/29 15:29:10, 0] smbd/service.c:make_connection_snum(911) '/home/dan' does not exist or permission denied when connecting to [dan] Error was Permission denied If the above info isn't complete, or if it indicates something that you would also like to see, please let me know. Again, I truly appreciate the help. Cheers- dan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] test share works, but homes returns with network name cannot be found
Just built a new server based on CentOS 5.0 which included Samba 3.0232. I also added Webmin as the server is in the closet without a monitor currently. When I went thorugh the generla tutorial with Webmin Samba worked, but showed all root directories, except for /home. That was not as expected and certainly not very helpful. So, I went back and tried again baseed on what I had used in the past on the old server. I have set up the test share directory and can connect to it without problem from either my desktop Win2000 system or my MacBook Pro. I don't have a printer on this server, having switched over to a jetdirect card, but I do see the Printers icon in the list at least on the Windows. My home directory is another matter - I can see it and it has the proper comment attached, but any attempt to connect from Win2000 results in a popup window. I get rejected from the Mac too, but of course don't get the Windows popup window. As the Windows popup window actually says something, here it is - top line is the banner -- \\Trailrunner \\Trailrunner\dan is not accessable. The network name cannot be found. --- Googeling on this has lead me to various old postings but nothing directly on point, and the bid difference I seem to have is that I can indeed get to the test share, copy in files etc... without problem. What follows are the core entries of my smb.conf file, the notations from the log file and the results of what seem to be key tests. Truly hope someone can help me get this sorted out. smb.conf #=== Global Settings = [global] log file = /var/log/samba/%m.log dns proxy = no ; passwd chat = *Enter\snew\sUNIX:* %n\n *Retype\spassword:* %n\n server string = Trailrunner, Samba %v on (%L) ; unix password sync = yes remote announce = 10.20.30.255 workgroup = DJ14847 os level = 20 encrypt passwords = Yes security = user ; passwd program = /usr/bin/passwd %u max log size = 50 allow hosts = 10.20.30. 127.0.0.1 log level = 3 socket options = TCP_NODELAY IPTOS_LOWDELAY wins support = yes netbios name = trailrunner # Share Definitions == [homes] comment = %U's Home Directory is %H valid users = %S ; path = %H read only = no browsable = no create mask = 0755 directory mask = 0755 [test] comment = for testing purposes only path = /export/test read only = no public = yes --- From the /var/log/samba/ tial superspiff.log file - [EMAIL PROTECTED] samba]# tail superspiff.log [2007/04/26 19:11:30, 3] smbd/error.c:error_packet(146) error packet at smbd/reply.c(676) cmd=117 (SMBtconX) NT_STATUS_BAD_NETWORK_NAME [2007/04/26 19:11:30, 3] smbd/process.c:process_smb(1110) Transaction 27 of length 43 [2007/04/26 19:11:30, 3] smbd/process.c:switch_message(914) switch message SMBulogoffX (pid 3764) conn 0x0 [2007/04/26 19:11:30, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/04/26 19:11:30, 3] smbd/reply.c:reply_ulogoffX(1618) ulogoffX vuid=105 - Testing locally wiht smbclient [EMAIL PROTECTED] samba]# smbclient -L localhost -U% Domain=[DJ14847] OS=[Unix] Server=[Samba 3.0.23c-2] Sharename Type Comment - --- testDisk for testing purposes only IPC$IPC IPC Service (Trailrunner, Samba 3.0.23c-2 on (trailrunner)) Domain=[DJ14847] OS=[Unix] Server=[Samba 3.0.23c-2] Server Comment ---- DANS-MAC Dan's Mac SUPERSPIFF TECRA TRAILRUNNER Trailrunner, Samba 3.0.23c-2 on (trailrunner) WorkgroupMaster ---- DJ14847 TRAILRUNNER KUTAKDN-ROBERTS-5898 [EMAIL PROTECTED] samba]# --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] winbindd logging problem, filling up log filesystem
Greetings all... I'm new to the list -- hope to be a contributor, as I've been using and teaching Samba for decades now (I used to be the author of the advanced UNIX course for Learning Tree International -- until they retired it). I've scoured the archives and haven't been able to find any example that matches my problem, so I'm here first to solve a problem. If I can help answer others questions along the way, I'll have paid my dues. Background: Our enviroment is mixed Win2K3 Linux (RHEL 4). Win2K3 is the sole AD server, and the linux system does virtually all of the file storage. There are 40 or so users at any given time. Samba is installed using the RPM supplied from RHN, and we're at 3.0.24-1. Winbind is started at the same time (same script) as the rest of Samba, so there is no appreciable delay from when users have access and when winbind can validate the access. The AD Domain is named pdr.local the samba netbios name is SERVER (these are relevant below). Problem: We're getting log file entries virtually every new system access because winbindd is attempting to use the server netbios name as a domain name. The error text is: [2007/03/14 14:30:46, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(259) group 10002 in domain SERVER does not exist NOTE: Users are NOT being denied access, its just that these error messages, with so many users, are generating very large log files... currently, we keep 5 weeks of log files around for security tracking, if necessary. The winbind.log files are exceeding 200 MB in a week! (my /var partition is only 1 GB, so you can see the problem!) Is there really a problem here, or do I need to run a nightly script and take out the lines that complain about UID 10002 (which maps to a perfectly valid PDR+Domain Users on the AD server) All comments welcome. Dan -- Dan McAllister, President IT4SOHO, LLC -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: RAP86 error with unix password sync = yes
Just so this gets stored to the list for all those who may encounter this in the future: I finally found the answer: pam password change = yes must be set. This fixed the problem completely in my environment. Dan Dan [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hello all, I am running 3.0.22 on Ubuntu 6.0.6 LTS and cannot get user passwords to change while unix password sync = yes. Setting it to no works, but I need it on. At the user workstation (Win XP) I receive You don't have the permissions to change your password and logged in on the server as the user I receive machine 127.0.0.1 rejected the password change: Error was : RAP86: The specified password is invalid. Failed to change password for user I have searched the archives and googled the web. I have played with my passwd program and passwd chat to no avail. I set passwd chat debug = yes, log level = 100 and studied the log, but couldn't see anything that helped me. Using SWAT I reset everything in the security options section to default except unix password sync = yes, passwd chat, passwd program, and passdb backend = tdbsam. I did find that in Feb 2004 John Terpstra had someone file a bug report for a similar problem, also on a debian system. I hope that I am overlooking something simple here and we can get this working. Please respond with any ideas you may have. My current smb.conf is below. [global] workgroup = DOMAIN netbios name = PDC server string = Samba PDC passdb backend = tdbsam enable privileges = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUnix\spassword:* %n\n *Retype\snew\sUnix\spassword:* %n\n *password\supdated\ssuccessfully . unix password sync = Yes restrict anonymous = 1 lanman auth = No log level = 1 log file = /usr/local/samba/var/log.%m max log size = 500 min protocol = NT1 name resolve order = lmhosts host wins add user to group script = /usr/sbin/adduser %u %g add machine script = /usr/sbin/useradd -g machines -d /var/lib/nobody -s /bin/false %u logon path = \\%N\profiles\%U logon drive = H: logon home = domain logons = Yes os level = 65 preferred master = Yes domain master = Yes dns proxy = No ldap ssl = no remote announce = *edited out* template shell = /bin/bash invalid users = *edited out* admin users = *edited out* acl group control = Yes hosts allow = *edited out* [netlogon] path = /var/lib/samba/netlogon guest ok = Yes browseable = No [profiles] path = /var/lib/samba/profiles read only = No create mask = 0600 directory mask = 0700 browseable = No -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] RAP86 error with unix password sync = yes
Hello all, I am running 3.0.22 on Ubuntu 6.0.6 LTS and cannot get user passwords to change while unix password sync = yes. Setting it to no works, but I need it on. At the user workstation (Win XP) I receive You don't have the permissions to change your password and logged in on the server as the user I receive machine 127.0.0.1 rejected the password change: Error was : RAP86: The specified password is invalid. Failed to change password for user I have searched the archives and googled the web. I have played with my passwd program and passwd chat to no avail. I set passwd chat debug = yes, log level = 100 and studied the log, but couldn't see anything that helped me. Using SWAT I reset everything in the security options section to default except unix password sync = yes, passwd chat, passwd program, and passdb backend = tdbsam. I did find that in Feb 2004 John Terpstra had someone file a bug report for a similar problem, also on a debian system. I hope that I am overlooking something simple here and we can get this working. Please respond with any ideas you may have. My current smb.conf is below. [global] workgroup = DOMAIN netbios name = PDC server string = Samba PDC passdb backend = tdbsam enable privileges = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUnix\spassword:* %n\n *Retype\snew\sUnix\spassword:* %n\n *password\supdated\ssuccessfully . unix password sync = Yes restrict anonymous = 1 lanman auth = No log level = 1 log file = /usr/local/samba/var/log.%m max log size = 500 min protocol = NT1 name resolve order = lmhosts host wins add user to group script = /usr/sbin/adduser %u %g add machine script = /usr/sbin/useradd -g machines -d /var/lib/nobody -s /bin/false %u logon path = \\%N\profiles\%U logon drive = H: logon home = domain logons = Yes os level = 65 preferred master = Yes domain master = Yes dns proxy = No ldap ssl = no remote announce = *edited out* template shell = /bin/bash invalid users = *edited out* admin users = *edited out* acl group control = Yes hosts allow = *edited out* [netlogon] path = /var/lib/samba/netlogon guest ok = Yes browseable = No [profiles] path = /var/lib/samba/profiles read only = No create mask = 0600 directory mask = 0700 browseable = No -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Can't change passwords samba 3.0.23c
I have been using samba for many years now and just recently I upgraded from 3.0.9 to 3.0.23c and now I can not change domain passwords from the windows box. I am using an openldap backend and everything works fine from the command line running smbldap-passwd but I get unable to change the password on this account due to the following error: 31 : A device attached to the system is not functioning There is nothing showing in the logs as there being a problem. I have never see this error and am stumped on even where to begin. Has anyone have any suggestions? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PLEASE HELP - MAC NEWBIE - MAC OS X 10.4.8 (Intel) - Bus Error
Unfortunately I can not find a core file any where on the system. There is a directory /private/var/log/cores with smbd and nmbd folders but all are empty. Any thing else I can do to get the core file or needed info? James Peach wrote: On 11/10/06, Dan [EMAIL PROTECTED] wrote: I was able to get things to compile but with warnings of unrecognized option '--pie'. Add --disable-pie to your configure line. Unfortunately configure tests generally can't detect warnings, so -pie gets enabled when it probably shouldn't be. When I run things I still can not login to shares and when I run smbclient I get a Bus Error. Could this be related to the compile warnings? Maybe a gcc thing? I don't see any glibc files on the system. Any help is greatly appreciated. Here is the output from the smbclient: This smells like a bug. When this happens, smbclient should drop a core file in /cores. It will be called /cores/core.$pid. Can you use gdb to get a stack trace of where it crashes? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PLEASE HELP - MAC NEWBIE - MAC OS X 10.4.8 (Intel) - Bus Error
Here is what I got: (gdb) run -U administrator%MYPASS -I 10.1.0.11 -L 10.2.0.9 Starting program: /usr/bin/smbclient -U administrator%MYPASS -I 10.1.0.11 -L 10.2.0.9 Reading symbols for shared libraries . done Domain=[MY_DOMAIN] OS=[Unix] Server=[Samba 3.0.23c] Sharename Type Comment - --- Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_PROTECTION_FAILURE at address: 0x 0x000a11fd in rpccli_srvsvc_NetShareEnum () James Peach wrote: On 12/10/06, Dan [EMAIL PROTECTED] wrote: Unfortunately I can not find a core file any where on the system. There is a directory /private/var/log/cores with smbd and nmbd folders but all are empty. Any thing else I can do to get the core file or needed info? try running smbclient under gdb gdb /path/to/smbclient (gdb) run -with -whatever -args -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] PLEASE HELP - MAC NEWBIE - MAC OS X 10.4.8 (Intel) compiling errors of Samba 3.0.23.c
Hello, I am trying to compile the latest samba 3.0.23c on MAC Intel OS X 10.4.8 and I am getting errors with the krb5 stuff. I have searched the net and found other people with the same error but didn't see any solution. Has anyone successfully compiled it on 10.4.8 Intel? Any help would be greatly appreciated as I am new to the mac platform but have lots of linux experience. The errors are below: Compiling libsmb/clikrb5.c libsmb/clikrb5.c: In function 'krb5_locate_kdc': libsmb/clikrb5.c:378: error: 'krb5_krbhst_handle' undeclared (first use in this function) libsmb/clikrb5.c:378: error: (Each undeclared identifier is reported only once libsmb/clikrb5.c:378: error: for each function it appears in.) libsmb/clikrb5.c:378: error: parse error before 'hnd' libsmb/clikrb5.c:379: error: 'krb5_krbhst_info' undeclared (first use in this function) libsmb/clikrb5.c:379: error: 'hinfo' undeclared (first use in this function) libsmb/clikrb5.c:388: error: 'KRB5_KRBHST_KDC' undeclared (first use in this function) libsmb/clikrb5.c:388: error: 'hnd' undeclared (first use in this function) libsmb/clikrb5.c:917:2: error: #error UNKNOWN_KRB5_AP_REQ_FREE_FUNCTION libsmb/clikrb5.c:959:2: error: #error UNKOWN_KRB5_AP_REQ_DECODING_FUNCTION make: *** [libsmb/clikrb5.o] Error 1 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PLEASE HELP - MAC NEWBIE - MAC OS X 10.4.8 (Intel) compiling errors of Samba 3.0.23.c
Ok, I checked out the latest source using subversion and the command was as follows: /usr/local/bin/svn co svn://svnanon.samba.org/samba/branches/SAMBA_3_0 samba-3_0 I then rsynced the latest source into the 3.0.23c tree to get all the changes, but after a successful configure I get the following error when I run make. I am probably doing something wrong but I am not sure what as I am not used to dealing with the source tree that doesn't have the configure script in it. Any ideas? intelimac:/Users/dan/samba-3.0.23c/source root# make Using FLAGS = -O -D_SAMBA_BUILD_ -I/Users/dan/samba-3.0.23c/source/popt -I/Users/dan/samba-3.0.23c/source/iniparser/src @SAMBA_CPPFLAGS@ -DHAVE_CONFIG_H -I/sw/include -DLDAP_DEPRECATED -I/Users/dan/samba-3.0.23c/source/lib -D_SAMBA_BUILD_=3 PICFLAG= @PICFLAG@ LIBS = -lresolv -ldl -liconv LDFLAGS= -pie -Wl,-search_paths_first -L/sw/lib DYNEXP = LDSHFLAGS = -bundle -flat_namespace -undefined suppress -Wl,-search_paths_first -L/sw/lib SHLIBEXT = dylib SONAMEFLAG = # Generating smbd/build_options.c Building include/proto.h creating /Users/dan/samba-3.0.23c/source/include/proto.h Building include/build_env.h creating /Users/dan/samba-3.0.23c/source/nsswitch/winbindd_proto.h creating /Users/dan/samba-3.0.23c/source/web/swat_proto.h creating /Users/dan/samba-3.0.23c/source/client/client_proto.h creating /Users/dan/samba-3.0.23c/source/utils/net_proto.h creating /Users/dan/samba-3.0.23c/source/utils/ntlm_auth_proto.h Compiling dynconfig.c i686-apple-darwin8-gcc-4.0.1: @SAMBA_CPPFLAGS@: No such file or directory i686-apple-darwin8-gcc-4.0.1: @PICFLAG@: No such file or directory command line:1:1: warning: _SAMBA_BUILD_ redefined command line:1:1: warning: this is the location of the previous definition /Users/dan/samba-3.0.23c/source/dynconfig.c:21:22: error: includes.h: No such file or directory /Users/dan/samba-3.0.23c/source/dynconfig.c:47: error: parse error before 'dyn_CONFIGFILE' /Users/dan/samba-3.0.23c/source/dynconfig.c:47: warning: initialization makes integer from pointer without a cast /Users/dan/samba-3.0.23c/source/dynconfig.c:47: warning: data definition has no type or storage class /Users/dan/samba-3.0.23c/source/dynconfig.c:50: error: parse error before 'dyn_LOGFILEBASE' /Users/dan/samba-3.0.23c/source/dynconfig.c:50: warning: initialization makes integer from pointer without a cast /Users/dan/samba-3.0.23c/source/dynconfig.c:50: warning: data definition has no type or storage class /Users/dan/samba-3.0.23c/source/dynconfig.c:53: error: parse error before 'dyn_LMHOSTSFILE' /Users/dan/samba-3.0.23c/source/dynconfig.c:53: warning: initialization makes integer from pointer without a cast /Users/dan/samba-3.0.23c/source/dynconfig.c:53: warning: data definition has no type or storage class /Users/dan/samba-3.0.23c/source/dynconfig.c:60: error: parse error before 'dyn_LIBDIR' /Users/dan/samba-3.0.23c/source/dynconfig.c:60: warning: initialization makes integer from pointer without a cast /Users/dan/samba-3.0.23c/source/dynconfig.c:60: warning: data definition has no type or storage class /Users/dan/samba-3.0.23c/source/dynconfig.c:61: error: parse error before 'dyn_SHLIBEXT' /Users/dan/samba-3.0.23c/source/dynconfig.c:61: warning: initialization makes integer from pointer without a cast /Users/dan/samba-3.0.23c/source/dynconfig.c:61: warning: data definition has no type or storage class /Users/dan/samba-3.0.23c/source/dynconfig.c:68: error: parse error before 'dyn_LOCKDIR' /Users/dan/samba-3.0.23c/source/dynconfig.c:68: warning: initialization makes integer from pointer without a cast /Users/dan/samba-3.0.23c/source/dynconfig.c:68: warning: data definition has no type or storage class /Users/dan/samba-3.0.23c/source/dynconfig.c:69: error: parse error before 'dyn_PIDDIR' /Users/dan/samba-3.0.23c/source/dynconfig.c:69: warning: initialization makes integer from pointer without a cast /Users/dan/samba-3.0.23c/source/dynconfig.c:69: warning: data definition has no type or storage class /Users/dan/samba-3.0.23c/source/dynconfig.c:71: error: parse error before 'dyn_SMB_PASSWD_FILE' /Users/dan/samba-3.0.23c/source/dynconfig.c:71: warning: initialization makes integer from pointer without a cast /Users/dan/samba-3.0.23c/source/dynconfig.c:71: warning: data definition has no type or storage class /Users/dan/samba-3.0.23c/source/dynconfig.c:72: error: parse error before 'dyn_PRIVATE_DIR' /Users/dan/samba-3.0.23c/source/dynconfig.c:72: warning: initialization makes integer from pointer without a cast /Users/dan/samba-3.0.23c/source/dynconfig.c:72: warning: data definition has no type or storage class The following command failed: gcc -O -D_SAMBA_BUILD_ -I/Users/dan/samba-3.0.23c/source/popt -I/Users/dan/samba-3.0.23c/source/iniparser/src @SAMBA_CPPFLAGS@ -DHAVE_CONFIG_H -I/sw/include -DLDAP_DEPRECATED -I/Users/dan/samba-3.0.23c/source/lib -D_SAMBA_BUILD_=3
Re: [Samba] PLEASE HELP - MAC NEWBIE - MAC OS X 10.4.8 (Intel) compiling errors of Samba 3.0.23.c - FIXED
I figured out what I was doing wrong. Obviously the old configure file will not work. I ran the make-tarball.sh script to reproduce the configure and everything builds fine. I will test it to make sure things work. I am building this because my original 3.0.10 version wasn't allowing connections after upgrading to the 3.0.23c version on the domain controller. I am hoping this will fix that problem. James Peach wrote: On 11/10/06, Dan [EMAIL PROTECTED] wrote: Hello, I am trying to compile the latest samba 3.0.23c on MAC Intel OS X 10.4.8 and I am getting errors with the krb5 stuff. I have searched the net and found other people with the same error but didn't see any solution. Has anyone successfully compiled it on 10.4.8 Intel? Any help would be greatly appreciated as I am new to the mac platform but have lots of linux experience. The errors are below: Compiling libsmb/clikrb5.c libsmb/clikrb5.c: In function 'krb5_locate_kdc': libsmb/clikrb5.c:378: error: 'krb5_krbhst_handle' undeclared (first use in this function) libsmb/clikrb5.c:378: error: (Each undeclared identifier is reported only once libsmb/clikrb5.c:378: error: for each function it appears in.) libsmb/clikrb5.c:378: error: parse error before 'hnd' libsmb/clikrb5.c:379: error: 'krb5_krbhst_info' undeclared (first use in this function) libsmb/clikrb5.c:379: error: 'hinfo' undeclared (first use in this function) libsmb/clikrb5.c:388: error: 'KRB5_KRBHST_KDC' undeclared (first use in this function) libsmb/clikrb5.c:388: error: 'hnd' undeclared (first use in this function) libsmb/clikrb5.c:917:2: error: #error UNKNOWN_KRB5_AP_REQ_FREE_FUNCTION libsmb/clikrb5.c:959:2: error: #error UNKOWN_KRB5_AP_REQ_DECODING_FUNCTION make: *** [libsmb/clikrb5.o] Error 1 metze just checked in a change to fix this. If you try the latest code from the subversion repository, it should build. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PLEASE HELP - MAC NEWBIE - MAC OS X 10.4.8 (Intel) - Bus Error
: * comment : 'Network Logon Service' array: struct srvsvc_NetShareInfo1 name : * name : 'campbell' type : STYPE_DISKTREE (0x0) comment : * comment : 'Home Directories' totalentries : * totalentries : 0x0002 (2) resume_handle: NULL result : WERR_OK Bus error James Peach wrote: On 11/10/06, Dan [EMAIL PROTECTED] wrote: I figured out what I was doing wrong. Obviously the old configure file will not work. I ran the make-tarball.sh script to reproduce the configure and everything builds fine. yep :) I usually do a ./autogen.sh ./configure --foo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] GetDC got invalid response type 21
Hi, First time I try ro resolve a domain user after samba/winbind is started, it takes a couple of seconds during which winbind says the following Received packet for \MAILSLOT\NET\GETDC70A GetDC got invalid response type 21 Received packet for \MAILSLOT\NET\GETDC70A GetDC got invalid response type 21 Received packet for \MAILSLOT\NET\GETDC70A GetDC got invalid response type 21 Received packet for \MAILSLOT\NET\GETDC70A GetDC got invalid response type 21 Received packet for \MAILSLOT\NET\GETDC70A GetDC got invalid response type 21 I understand that after 5 tries it falls back to another method - but can this be fixed or disabled by some config option? -- Dan Borlovan Level 7 Software -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] GetDC got invalid response type 21
Volker Lendecke wrote: On Mon, Oct 09, 2006 at 11:56:14AM +0300, Dan Borlovan wrote: First time I try ro resolve a domain user after samba/winbind is started, it takes a couple of seconds during which winbind says the following Can you send a sniff of those exchanges? Argh. Cannot reproduce, now I get no answer from the 2003 server. This time I get no reply from the server. Is this normal for a 2003 server or...? send_mailslot: Sending to mailslot \MAILSLOT\NET\NTLOGON from CURS1300 to DATAGROUP1c IP 192.168.105.2 Did not receive packet for \MAILSLOT\NET\GETDC269A8C0 Did not receive packet for \MAILSLOT\NET\GETDC269A8C0 Did not receive packet for \MAILSLOT\NET\GETDC269A8C0 Did not receive packet for \MAILSLOT\NET\GETDC269A8C0 Did not receive packet for \MAILSLOT\NET\GETDC269A8C0 14:34:52.626271 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto: UDP (17), length: 305) curs 13.intranet.netbios-dgm 192.168.105.2.netbios-dgm: [udp sum ok] NBT UDP PACKET(138) Res=0x110A ID=0x3E3D IP=10 (0xa).0 (0x0).0 (0x0).13 (0xd) Port=138 (0x8a) Le ngth=263 (0x107) Res2=0x0 SourceName=CURS13 NameType=0x00 (Workstation) DestName=DATAGROUP NameType=0x1C (Unknown) SMB PACKET: SMBtrans (REQUEST) SMB Command = 0x25 Error class = 0x0 Error code= 0 (0x0) Flags1= 0x0 Flags2= 0x0 Tree ID = 0 (0x0) Proc ID = 0 (0x0) UID = 0 (0x0) MID = 0 (0x0) Word Count= 17 (0x11) TotParamCnt=0 (0x0) TotDataCnt=104 (0x68) MaxParmCnt=0 (0x0) MaxDataCnt=0 (0x0) MaxSCnt=0 (0x0) TransFlags=0x0 Res1=0x0 Res2=0x0 Res3=0x0 ParamCnt=0 (0x0) ParamOff=0 (0x0) DataCnt=104 (0x68) DataOff=91 (0x5b) SUCnt=3 (0x3) Data: (6 bytes) [000] 01 00 00 00 02 00 \001\000\000\000\002\000 smb_bcc=126 Name=\MAILSLOT\NET\NTLOGON Data Data: (104 bytes) [000] 12 00 00 00 43 00 55 00 52 00 53 00 31 00 33 00 \022\000\000\000C\000U\000 R\000S\0001\0003\ 000 [010] 00 00 43 00 55 00 52 00 53 00 31 00 33 00 24 00 \000\000C\000U\000R\000 S\0001\0003\000$\000 [020] 00 00 5C 4D 41 49 4C 53 4C 4F 54 5C 4E 45 54 5C \000\000\MAILS LOT\NET\ [030] 47 45 54 44 43 32 36 39 41 38 43 30 00 80 00 00 GETDC269 A8C0\000\200\000\000 [040] 00 18 00 00 00 00 00 00 01 04 00 00 00 00 00 05 \000\030\000\000\000\000\000\000 \001\004\00 0\000\000\000\000\005 [050] 15 00 00 00 BB 36 BF 8F 20 52 AC BC 6F 71 D9 FA \025\000\000\000\2736\277\217 R\254\274oq\3 31\372 [060] 01 00 00 00 FF FF FF FF \001\000\000\000\377\377\377\377 -- Dan Borlovan Level 7 Software -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Change system/samba password via webmin
I think Usermin is what you need, rather than webmin. You can limit the modules available to the user- probably Change Password is all that you would want. This will change the Unix and Samba passwords. At 11:07 PM 9/28/2006, Ivan Arteaga wrote: Hi, Basically what I need is the windows users be able to change the unix/linux password because when I installed the server I defined the same username as pass. I am running sendmail and samba(PDC) in the same box, so the system password is the same mail and windows domain pass. And I want to find an easy way for the users change the initial password for their own. I defined the users in the webmin as webmin users and gived them access to the /change system pass/ option in the Samba module 'Configure automatic Unix and Samba user synchronization' But it only changes the system pass, not the samba pass. Do you have any ideas? Thanks in advance ^^ --Ivan. -Original Message- From: Gary Dale [mailto:[EMAIL PROTECTED] Sent: Thursday, September 28, 2006 10:11 PM To: Ivan Arteaga; samba@lists.samba.org Subject: Re: [Samba] Change system/samba password via webmin Ivan Arteaga wrote: Hi List, I need my users to change their passwords, so I defined them as webmin users and gived them access only to the system/change password option to do so. So far so good... they changed their system passwords (in order to access email) but the change it's not reflected in samba passwords. I defined the option change password in other modules in webmin but it doesn't works, I also have in the smb.conf unix password sync = yes but the same. I will appreciate if somebody can give me an idea about how to ride this, or maybe using another app? o_0 Thanks in advance. --Ivan. I'm not quite sure what you are asking. Assuming that when you say system password, you are referring to the Windows domain password, and when you say Samba password, you are referring to the Unix/Linux password, then one obvious place to check is password change dialog in smb.conf. It has to match what your Unix/Linux password program is doing (it use expect to get the passwd prompts and feed it the passwords). Otherwise, check the list archives. There have been a couple other similar problems recently that had different solutions. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] PLEASE HELP! Can't add machines to domain!
I have spent days now trying to debug why I can not add machines to the domain. I am using samba 3.0.23c with an openldap backend. I can authenticate fine using smbclient with the administrator account but when I go to add a machine it fails. I have checked the debug logs and know what is happening, I am just not sure why or how to fix it. I am using the idealx scripts to add machines. It adds the machine to ldap but does not add any of the necessary samba attributes. I thought the machine was supposed to do this now and not the scripts. Is this correct? If so I am seeing one thing in the log for the machine that I think may have something to do with it. It says secrets_fetch failed! just before the check for the machine and failing. What does this mean and is this a problem? As you can see the administrator authenticates fine. When it fails the check for the machine account with NT_STATUS_NO_SUCH_USER it is searching the ldap for ((uid=xplaptop$)(objectClass=sambaSamAccount)) but the entry created does not contain any samba* entries like it should. I am curious to know if the secrets check failing is the machine trying to add that stuff to ldap? I have read the how to a few times and don't see anything I missed, but obviously I have something amiss here. Any help would be GREATLY appreciated as I have spent many many hours trying to find out why this is happening. [2006/09/26 10:35:53, 10] passdb/pdb_get_set.c:pdb_set_username(534) pdb_set_username: setting username Administrator, was [2006/09/26 10:35:53, 10] passdb/pdb_get_set.c:pdb_set_domain(557) pdb_set_domain: setting domain DOMAIN_UK, was [2006/09/26 10:35:53, 10] passdb/pdb_get_set.c:pdb_set_nt_username(580) pdb_set_nt_username: setting nt username Administrator, was [2006/09/26 10:35:53, 10] passdb/pdb_get_set.c:pdb_set_fullname(603) pdb_set_full_name: setting full name System User, was [2006/09/26 10:35:53, 10] passdb/pdb_get_set.c:pdb_set_homedir(696) pdb_set_homedir: setting home dir \UK_PDC\Administrator, was [2006/09/26 10:35:53, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(672) pdb_set_dir_drive: setting dir drive c:, was NULL [2006/09/26 10:35:53, 10] passdb/pdb_get_set.c:pdb_set_logon_script(626) pdb_set_logon_script: setting logon script logon.bat, was [2006/09/26 10:35:53, 10] passdb/pdb_get_set.c:pdb_set_profile_path(649) pdb_set_profile_path: setting profile path c:\Documents and Settings\Administrator, was [2006/09/26 10:35:53, 10] passdb/pdb_get_set.c:pdb_set_workstations(739) pdb_set_workstations: setting workstations , was [2006/09/26 10:35:53, 10] passdb/pdb_get_set.c:pdb_set_user_sid(463) pdb_set_user_sid: setting user sid S-1-5-21-334771251-3296030561-843139161-500 [2006/09/26 10:35:53, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-334771251-3296030561-843139161-500 from rid 500 [2006/09/26 10:35:53, 10] passdb/pdb_get_set.c:pdb_set_group_sid(521) pdb_set_group_sid: setting group sid S-1-5-21-334771251-3296030561-843139161-512 [2006/09/26 10:35:53, 10] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100) pdb_set_group_sid_from_rid: setting group sid S-1-5-21-334771251-3296030561-843139161-512 from rid 512 [2006/09/26 10:35:53, 5] passdb/secrets.c:secrets_fetch_trusted_domain_password(340) secrets_fetch failed! [2006/09/26 10:35:53, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1396) ldapsam_getsampwnam: Unable to locate user [XPLAPTOP$] count=0 [2006/09/26 10:35:53, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2213) ldapsam_getgroup: Did not find group [2006/09/26 10:36:00, 3] passdb/pdb_interface.c:pdb_default_create_user(368) _samr_create_user: Running the command `/usr/local/sbin/smbldap-useradd -t 5 -w 'xplaptop$'' gave 0 [2006/09/26 10:36:00, 3] passdb/pdb_interface.c:pdb_default_create_user(381) pdb_default_create_user: failed to create a new user structure: NT_STATUS_NO_SUCH_USER [2006/09/26 10:36:00, 5] lib/gencache.c:gencache_shutdown(90) Closing cache file -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: PLEASE HELP! Can't add machines to domain! - SOLVED
I figured out what my problem was. It was with nss_ldap not authenticating off of ldap. I didn't notice it before because I had all the same users etc in the local file as I did in ldap. After adding some more users to ldap and running getent passwd, I realized they weren't showing up. I looked around and tried to turn on debugging but it didn't work. I then realized it obviously wasn't reading the ldap.conf under my /etc/openldap directory. I linked that conf to /etc and voila everything works! Something to keep in mind for people seeing what I was seeing. Dan wrote: I have spent days now trying to debug why I can not add machines to the domain. I am using samba 3.0.23c with an openldap backend. I can authenticate fine using smbclient with the administrator account but when I go to add a machine it fails. I have checked the debug logs and know what is happening, I am just not sure why or how to fix it. I am using the idealx scripts to add machines. It adds the machine to ldap but does not add any of the necessary samba attributes. I thought the machine was supposed to do this now and not the scripts. Is this correct? If so I am seeing one thing in the log for the machine that I think may have something to do with it. It says secrets_fetch failed! just before the check for the machine and failing. What does this mean and is this a problem? As you can see the administrator authenticates fine. When it fails the check for the machine account with NT_STATUS_NO_SUCH_USER it is searching the ldap for ((uid=xplaptop$)(objectClass=sambaSamAccount)) but the entry created does not contain any samba* entries like it should. I am curious to know if the secrets check failing is the machine trying to add that stuff to ldap? I have read the how to a few times and don't see anything I missed, but obviously I have something amiss here. Any help would be GREATLY appreciated as I have spent many many hours trying to find out why this is happening. [2006/09/26 10:35:53, 10] passdb/pdb_get_set.c:pdb_set_username(534) pdb_set_username: setting username Administrator, was [2006/09/26 10:35:53, 10] passdb/pdb_get_set.c:pdb_set_domain(557) pdb_set_domain: setting domain DOMAIN_UK, was [2006/09/26 10:35:53, 10] passdb/pdb_get_set.c:pdb_set_nt_username(580) pdb_set_nt_username: setting nt username Administrator, was [2006/09/26 10:35:53, 10] passdb/pdb_get_set.c:pdb_set_fullname(603) pdb_set_full_name: setting full name System User, was [2006/09/26 10:35:53, 10] passdb/pdb_get_set.c:pdb_set_homedir(696) pdb_set_homedir: setting home dir \UK_PDC\Administrator, was [2006/09/26 10:35:53, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(672) pdb_set_dir_drive: setting dir drive c:, was NULL [2006/09/26 10:35:53, 10] passdb/pdb_get_set.c:pdb_set_logon_script(626) pdb_set_logon_script: setting logon script logon.bat, was [2006/09/26 10:35:53, 10] passdb/pdb_get_set.c:pdb_set_profile_path(649) pdb_set_profile_path: setting profile path c:\Documents and Settings\Administrator, was [2006/09/26 10:35:53, 10] passdb/pdb_get_set.c:pdb_set_workstations(739) pdb_set_workstations: setting workstations , was [2006/09/26 10:35:53, 10] passdb/pdb_get_set.c:pdb_set_user_sid(463) pdb_set_user_sid: setting user sid S-1-5-21-334771251-3296030561-843139161-500 [2006/09/26 10:35:53, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-334771251-3296030561-843139161-500 from rid 500 [2006/09/26 10:35:53, 10] passdb/pdb_get_set.c:pdb_set_group_sid(521) pdb_set_group_sid: setting group sid S-1-5-21-334771251-3296030561-843139161-512 [2006/09/26 10:35:53, 10] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100) pdb_set_group_sid_from_rid: setting group sid S-1-5-21-334771251-3296030561-843139161-512 from rid 512 [2006/09/26 10:35:53, 5] passdb/secrets.c:secrets_fetch_trusted_domain_password(340) secrets_fetch failed! [2006/09/26 10:35:53, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1396) ldapsam_getsampwnam: Unable to locate user [XPLAPTOP$] count=0 [2006/09/26 10:35:53, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2213) ldapsam_getgroup: Did not find group [2006/09/26 10:36:00, 3] passdb/pdb_interface.c:pdb_default_create_user(368) _samr_create_user: Running the command `/usr/local/sbin/smbldap-useradd -t 5 -w 'xplaptop$'' gave 0 [2006/09/26 10:36:00, 3] passdb/pdb_interface.c:pdb_default_create_user(381) pdb_default_create_user: failed to create a new user structure: NT_STATUS_NO_SUCH_USER [2006/09/26 10:36:00, 5] lib/gencache.c:gencache_shutdown(90) Closing cache file -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] current master browser = UNKNOWN / failing WINS test #1 on 3.0.23c
I am having trouble with one of my samba PDC's. It does not recognize itself as the domain master browser even though it is set to be so. I can not add machines to this domain and I suspect this is why. Has anybody seen this or know what causes it? Notice this: DOMAIN_ALBANY(3) current master browser = ALBANY_PDC DOMAIN_NYC(2) current master browser = NYC_PDC DOMAIN_UK(1) current master browser = UNKNOWN but right above it there is dump workgroup on subnet 10.10.20.1: netmask= 255.255.255.0: DOMAIN_UK(1) current master browser = UK_PDC So I am lost as to what is going on. Here is the the coorsponding part of the nmbd log: [2006/09/21 12:35:25, 5] libsmb/nmblib.c:send_udp(777) Sending a packet of len 176 to (10.1.0.11) on port 138 [2006/09/21 12:35:25, 5] nmbd/nmbd_sendannounce.c:browse_sync_remote(576) announce_remote: Doing remote browse sync announce for server UK_PDC to IP 10.1.0.12. [2006/09/21 12:35:25, 4] nmbd/nmbd_packets.c:send_mailslot(1921) send_mailslot: Sending to mailslot \MAILSLOT\BROWSE from UK_PDC00 IP 10.10.20.1 to *00 IP 10.1.0.12 [2006/09/21 12:35:25, 4] nmbd/nmbd_packets.c:debug_browse_data(100) debug_browse_data(): 0 char .UK_PDC. hex 0d 55 4b 5f 50 44 43 00 [2006/09/21 12:35:25, 5] libsmb/nmblib.c:send_udp(777) Sending a packet of len 176 to (10.1.0.12) on port 138 [2006/09/21 12:35:25, 5] nmbd/nmbd_sendannounce.c:browse_sync_remote(576) announce_remote: Doing remote browse sync announce for server UK_PDC to IP 0.0.0.0. [2006/09/21 12:35:25, 4] nmbd/nmbd_packets.c:send_mailslot(1921) send_mailslot: Sending to mailslot \MAILSLOT\BROWSE from UK_PDC00 IP 10.10.20.1 to *00 IP 0.0.0.0 [2006/09/21 12:35:25, 4] nmbd/nmbd_packets.c:debug_browse_data(100) debug_browse_data(): 0 char .UK_PDC. hex 0d 55 4b 5f 50 44 43 00 [2006/09/21 12:35:25, 5] libsmb/nmblib.c:send_udp(777) Sending a packet of len 176 to (0.0.0.0) on port 138 [2006/09/21 12:35:25, 4] nmbd/nmbd_workgroupdb.c:dump_workgroups(282) dump_workgroups() dump workgroup on subnet 10.10.20.1: netmask= 255.255.255.0: DOMAIN_UK(1) current master browser = UK_PDC UK_PDC 408c9b0b (UK PDC) PAULP4 40011207 () [2006/09/21 12:35:25, 4] nmbd/nmbd_workgroupdb.c:dump_workgroups(282) dump_workgroups() dump workgroup on subnet UNICAST_SUBNET: netmask= 10.10.20.1: DOMAIN_ALBANY(3) current master browser = ALBANY_PDC DOMAIN_NYC(2) current master browser = NYC_PDC DOMAIN_UK(1) current master browser = UNKNOWN UK_PDC 40899b0b (UK PDC) [2006/09/21 12:35:25, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(171) find_workgroup_on_subnet: workgroup search for DOMAIN_UK on subnet UNICAST_SUBNET: found. [2006/09/21 12:35:25, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(171) find_workgroup_on_subnet: workgroup search for DOMAIN_UK on subnet UNICAST_SUBNET: found. [2006/09/21 12:35:25, 10] lib/util_sock.c:read_udp_socket(294) read_udp_socket: lastip 10.10.20.1 lastport 138 read: 176 [2006/09/21 12:35:25, 5] libsmb/nmblib.c:read_packet(755) Received a packet of len 176 from (10.10.20.1) port 138 [2006/09/21 12:35:25, 7] nmbd/nmbd_packets.c:listen_for_packets(1833) discarding own dgram packet from 10.10.20.1:138 [2006/09/21 12:35:25, 9] nmbd/nmbd_namelistdb.c:find_name_on_subnet(127) find_name_on_subnet: on subnet 10.10.20.1 - found name DOMAIN_UK1d source=2 [2006/09/21 12:35:25, 4] nmbd/nmbd_packets.c:process_dgram(1270) process_dgram: datagram from UK_PDC00 to DOMAIN_UK1d IP 10.10.20.1 for \MAILSLOT\BROWSE of type 1 len=39 [2006/09/21 12:35:25, 8] lib/util.c:is_myname(2036) is_myname(UK_PDC) returns 1 [2006/09/21 12:35:25, 0] nmbd/nmbd_packets.c:process_browse_packet(1061) process_browse_packet: Discarding datagram from IP 10.10.20.1. Source name UK_PDC00 is one of our names ! [2006/09/21 12:35:25, 9] nmbd/nmbd_namelistdb.c:find_name_on_subnet(127) find_name_on_subnet: on subnet 10.10.20.1 - found name *00 source=5 [2006/09/21 12:35:25, 4] nmbd/nmbd_packets.c:process_dgram(1270) process_dgram: datagram from UK_PDC00 to *00 IP 10.10.20.1 for \MAILSLOT\BROWSE of type 13 len=8 [2006/09/21 12:35:25, 8] lib/util.c:is_myname(2036) is_myname(UK_PDC) returns 1 [2006/09/21 12:35:25, 0] nmbd/nmbd_packets.c:process_browse_packet(1061) process_browse_packet: Discarding datagram from IP 10.10.20.1. Source name UK_PDC00 is one of our names ! [2006/09/21 12:35:25, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(171) find_workgroup_on_subnet: workgroup search for DOMAIN_UK on subnet 10.10.20.1: found. [2006/09/21 12:35:25, 10] nmbd/nmbd_sendannounce.c:announce_myself_to_domain_master_browser(382) announce_myself_to_domain_master_browser: t (1158856525) - last(1158856321) 900 [2006/09/21 12:35:25, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(171) find_workgroup_on_subnet: workgroup search for DOMAIN_UK on subnet UNICAST_SUBNET: found.
[Samba] Re: current master browser = UNKNOWN / failing WINS test #1 on 3.0.23c
Here is my smb.conf also, maybe it is something silly I have set in that. [global] workgroup = DOMAIN_UK netbios name = UK_PDC interfaces = eth0 bind interfaces only = Yes admin users = root administrator server string = UK PDC security = user enable privileges = Yes load printers = yes printing = cups printcap = cups printcap name = cups show add printer wizard = yes log file = /var/log/samba/log.%m remote announce = 10.10.20.1 10.1.0.11 10.1.0.12 10.10.80.15 remote browse sync = 10.10.20.1 10.1.0.11 10.1.0.12 10.1.10.80.15 max log size = 1 ldap ssl = on passdb backend = ldapsam:ldaps://uk_pdc:636 ldap admin dn = uid=root,ou=users,o=uk.on2.com ldap user suffix = ou=users ldap group suffix = ou=groups ldap machine suffix = ou=computers ldap suffix = o=uk.on2.com ldap idmap suffix = ou=idmap ldap delete dn = no add user script = /usr/local/sbin/smbldap-useradd -m '%u' delete user script = /usr/local/sbin/smbldap-userdel %u add group script = /usr/local/sbin/smbldap-groupadd -p '%g' delete group script = /usr/local/sbin/smbldap-groupdel '%g' add user to group script = /usr/local/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/local/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/local/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/local/sbin/smbldap-useradd -t 5 -w '%u' dos charset = 850 unix charset = ISO8859-1 ldap passwd sync = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 os level = 128 domain master = yes domain logons = yes local master = yes preferred master = yes logon script = logon.bat encrypt passwords = yes unix password sync = no passwd program = /usr/local/sbin/smbldap-passwd -o %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *all*authentication*tokens*updated*successfully* logon path = c:\Documents and Settings\%U wins support = yes map to guest = Never nt acl support = true Dan wrote: I am having trouble with one of my samba PDC's. It does not recognize itself as the domain master browser even though it is set to be so. I can not add machines to this domain and I suspect this is why. Has anybody seen this or know what causes it? Notice this: DOMAIN_ALBANY(3) current master browser = ALBANY_PDC DOMAIN_NYC(2) current master browser = NYC_PDC DOMAIN_UK(1) current master browser = UNKNOWN but right above it there is dump workgroup on subnet 10.10.20.1: netmask= 255.255.255.0: DOMAIN_UK(1) current master browser = UK_PDC So I am lost as to what is going on. Here is the the coorsponding part of the nmbd log: [2006/09/21 12:35:25, 5] libsmb/nmblib.c:send_udp(777) Sending a packet of len 176 to (10.1.0.11) on port 138 [2006/09/21 12:35:25, 5] nmbd/nmbd_sendannounce.c:browse_sync_remote(576) announce_remote: Doing remote browse sync announce for server UK_PDC to IP 10.1.0.12. [2006/09/21 12:35:25, 4] nmbd/nmbd_packets.c:send_mailslot(1921) send_mailslot: Sending to mailslot \MAILSLOT\BROWSE from UK_PDC00 IP 10.10.20.1 to *00 IP 10.1.0.12 [2006/09/21 12:35:25, 4] nmbd/nmbd_packets.c:debug_browse_data(100) debug_browse_data(): 0 char .UK_PDC. hex 0d 55 4b 5f 50 44 43 00 [2006/09/21 12:35:25, 5] libsmb/nmblib.c:send_udp(777) Sending a packet of len 176 to (10.1.0.12) on port 138 [2006/09/21 12:35:25, 5] nmbd/nmbd_sendannounce.c:browse_sync_remote(576) announce_remote: Doing remote browse sync announce for server UK_PDC to IP 0.0.0.0. [2006/09/21 12:35:25, 4] nmbd/nmbd_packets.c:send_mailslot(1921) send_mailslot: Sending to mailslot \MAILSLOT\BROWSE from UK_PDC00 IP 10.10.20.1 to *00 IP 0.0.0.0 [2006/09/21 12:35:25, 4] nmbd/nmbd_packets.c:debug_browse_data(100) debug_browse_data(): 0 char .UK_PDC. hex 0d 55 4b 5f 50 44 43 00 [2006/09/21 12:35:25, 5] libsmb/nmblib.c:send_udp(777) Sending a packet of len 176 to (0.0.0.0) on port 138 [2006/09/21 12:35:25, 4] nmbd/nmbd_workgroupdb.c:dump_workgroups(282) dump_workgroups() dump workgroup on subnet 10.10.20.1: netmask= 255.255.255.0: DOMAIN_UK(1) current master browser = UK_PDC UK_PDC 408c9b0b (UK PDC) PAULP4 40011207 () [2006/09/21 12:35:25, 4] nmbd/nmbd_workgroupdb.c:dump_workgroups(282) dump_workgroups() dump workgroup on subnet UNICAST_SUBNET: netmask= 10.10.20.1: DOMAIN_ALBANY(3) current master browser = ALBANY_PDC DOMAIN_NYC(2) current master browser = NYC_PDC DOMAIN_UK(1) current master browser = UNKNOWN UK_PDC 40899b0b (UK PDC) [2006/09/21 12:35:25, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(171) find_workgroup_on_subnet: workgroup search for DOMAIN_UK on subnet UNICAST_SUBNET: found. [2006/09/21 12:35:25, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(171) find_workgroup_on_subnet: workgroup search for DOMAIN_UK
[Samba] Re: current master browser = UNKNOWN / failing WINS test #1 on 3.0.23c
There is also this which I don't understand dump workgroup on subnet 10.10.20.1: netmask= 255.255.255.0: ON2_UK(1) current master browser = UK_PDC UK_PDC 408c9b0b (UK PDC) [2006/09/21 16:15:00, 4] nmbd/nmbd_workgroupdb.c:dump_workgroups(282) dump_workgroups() dump workgroup on subnet UNICAST_SUBNET: netmask= 10.10.20.1: ON2_UK(1) current master browser = UNKNOWN UK_PDC 40899b0b (UK PDC) Does anyone have any ideas? I really need to get this up and working. Thanks! Dan wrote: Here is my smb.conf also, maybe it is something silly I have set in that. [global] workgroup = DOMAIN_UK netbios name = UK_PDC interfaces = eth0 bind interfaces only = Yes admin users = root administrator server string = UK PDC security = user enable privileges = Yes load printers = yes printing = cups printcap = cups printcap name = cups show add printer wizard = yes log file = /var/log/samba/log.%m remote announce = 10.10.20.1 10.1.0.11 10.1.0.12 10.10.80.15 remote browse sync = 10.10.20.1 10.1.0.11 10.1.0.12 10.1.10.80.15 max log size = 1 ldap ssl = on passdb backend = ldapsam:ldaps://uk_pdc:636 ldap admin dn = uid=root,ou=users,o=uk.on2.com ldap user suffix = ou=users ldap group suffix = ou=groups ldap machine suffix = ou=computers ldap suffix = o=uk.on2.com ldap idmap suffix = ou=idmap ldap delete dn = no add user script = /usr/local/sbin/smbldap-useradd -m '%u' delete user script = /usr/local/sbin/smbldap-userdel %u add group script = /usr/local/sbin/smbldap-groupadd -p '%g' delete group script = /usr/local/sbin/smbldap-groupdel '%g' add user to group script = /usr/local/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/local/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/local/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/local/sbin/smbldap-useradd -t 5 -w '%u' dos charset = 850 unix charset = ISO8859-1 ldap passwd sync = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 os level = 128 domain master = yes domain logons = yes local master = yes preferred master = yes logon script = logon.bat encrypt passwords = yes unix password sync = no passwd program = /usr/local/sbin/smbldap-passwd -o %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *all*authentication*tokens*updated*successfully* logon path = c:\Documents and Settings\%U wins support = yes map to guest = Never nt acl support = true Dan wrote: I am having trouble with one of my samba PDC's. It does not recognize itself as the domain master browser even though it is set to be so. I can not add machines to this domain and I suspect this is why. Has anybody seen this or know what causes it? Notice this: DOMAIN_ALBANY(3) current master browser = ALBANY_PDC DOMAIN_NYC(2) current master browser = NYC_PDC DOMAIN_UK(1) current master browser = UNKNOWN but right above it there is dump workgroup on subnet 10.10.20.1: netmask= 255.255.255.0: DOMAIN_UK(1) current master browser = UK_PDC So I am lost as to what is going on. Here is the the coorsponding part of the nmbd log: [2006/09/21 12:35:25, 5] libsmb/nmblib.c:send_udp(777) Sending a packet of len 176 to (10.1.0.11) on port 138 [2006/09/21 12:35:25, 5] nmbd/nmbd_sendannounce.c:browse_sync_remote(576) announce_remote: Doing remote browse sync announce for server UK_PDC to IP 10.1.0.12. [2006/09/21 12:35:25, 4] nmbd/nmbd_packets.c:send_mailslot(1921) send_mailslot: Sending to mailslot \MAILSLOT\BROWSE from UK_PDC00 IP 10.10.20.1 to *00 IP 10.1.0.12 [2006/09/21 12:35:25, 4] nmbd/nmbd_packets.c:debug_browse_data(100) debug_browse_data(): 0 char .UK_PDC. hex 0d 55 4b 5f 50 44 43 00 [2006/09/21 12:35:25, 5] libsmb/nmblib.c:send_udp(777) Sending a packet of len 176 to (10.1.0.12) on port 138 [2006/09/21 12:35:25, 5] nmbd/nmbd_sendannounce.c:browse_sync_remote(576) announce_remote: Doing remote browse sync announce for server UK_PDC to IP 0.0.0.0. [2006/09/21 12:35:25, 4] nmbd/nmbd_packets.c:send_mailslot(1921) send_mailslot: Sending to mailslot \MAILSLOT\BROWSE from UK_PDC00 IP 10.10.20.1 to *00 IP 0.0.0.0 [2006/09/21 12:35:25, 4] nmbd/nmbd_packets.c:debug_browse_data(100) debug_browse_data(): 0 char .UK_PDC. hex 0d 55 4b 5f 50 44 43 00 [2006/09/21 12:35:25, 5] libsmb/nmblib.c:send_udp(777) Sending a packet of len 176 to (0.0.0.0) on port 138 [2006/09/21 12:35:25, 4] nmbd/nmbd_workgroupdb.c:dump_workgroups(282) dump_workgroups() dump workgroup on subnet 10.10.20.1: netmask= 255.255.255.0: DOMAIN_UK(1) current master browser = UK_PDC UK_PDC 408c9b0b (UK PDC) PAULP4 40011207 () [2006/09/21 12:35:25, 4] nmbd/nmbd_workgroupdb.c:dump_workgroups(282) dump_workgroups() dump workgroup on subnet
Re: [Samba] joining domain fails because of no samba entries with 3.0.23c
It adds the computer just fine but still doesn't have any samba attributes like sambaSID etc. I thought I read the computer or the smbd daemon is supposed to populate the samba attributes now instead of the scripts. Is this not the case? Thanks. ryan punt wrote: What happens when you run smbldap-useradd -w MYCOMPUTER$ from the command line? I've found that useful for debugging machine-account-creation problems. Ryan Dan [EMAIL PROTECTED] 9/18/2006 5:41:21 PM Hello All, I am having a very strange problem with samba 3.0.23c. I upgraded everything from 3.0.9 and I am able to smbclient to the samba 3.0.23c PDC with the administrator user just fine. When I go to add a machine to the domain, it adds the unix machine account to the ou=computers like it is supposed to but none of the samba entries are added. I get an error on the windows side of The user name can not be found. but I know the administrator user is there. The group mappings are correct for both the windows and unix groups, both on the PDC machine and in my openldap backend. I am using the idealx scripts with 'smbldap-useradd -w '%u' .It was my understanding that the scripts are not supposed to add the samba stuff anymore but either samba itself or the machine does that, I am not sure. Is this correct? Has anyone else seen things like this? I searched and found a bunch of simular things but no real solutions. I see in the logs where it is searching for the name of the machine and the sambaSamAccount objectclass and failing because it is not there, but I can't figure out why it is not getting created. I have put the relevant log section below and can supply more if needed. I suspect I am missing something simple. Any help would be greatly appreciated. [2006/09/18 18:30:05, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 05 00 00 00 00 00 00 00 ED 1D 0F 45 í..E [010] 8B 7A 00 00 .z.. [2006/09/18 18:30:05, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(222) _samr_create_user: access check ((granted: 0x000d067b; required: 0x0010) [2006/09/18 18:30:05, 10] rpc_server/srv_samr_nt.c:can_create(2389) Checking whether [MYCOMPUTER$] can be created [2006/09/18 18:30:05, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 512) : sec_ctx_stack_ndx = 1 [2006/09/18 18:30:05, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2006/09/18 18:30:05, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/09/18 18:30:05, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/09/18 18:30:05, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/09/18 18:30:05, 10] passdb/lookup_sid.c:lookup_name(64) lookup_name: MYCOMPUTER$ = (domain), MYCOMPUTER$ (name) [2006/09/18 18:30:05, 10] passdb/util_wellknown.c:lookup_wellknown_name(154) map_name_to_wellknown_sid: looking up MYCOMPUTER$ [2006/09/18 18:30:05, 5] passdb/secrets.c:secrets_fetch_trusted_domain_password(340) secrets_fetch failed! [2006/09/18 18:30:05, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2006/09/18 18:30:05, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(101) : conn_ctx_stack_ndx = 1 [2006/09/18 18:30:05, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2006/09/18 18:30:05, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/09/18 18:30:05, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/09/18 18:30:05, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base = [o=my.domain.com], filter = [((uid=MYCOMPUTER$)(objectclass=sambaSamAccount))], scope = [2] [2006/09/18 18:30:05, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1396) ldapsam_getsampwnam: Unable to locate user [MYCOMPUTER$] count=0 [2006/09/18 18:30:05, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/09/18 18:30:05, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2006/09/18 18:30:05, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(101) : conn_ctx_stack_ndx = 1 [2006/09/18 18:30:05, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2006/09/18 18:30:05, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/09/18 18:30:05, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/09/18 18:30:05, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base = [ou=groups,o=my.domain.com], filter = [((objectClass=sambaGroupMapping)(|(displayName=MYCOMPUTER$)(cn=MYCOMPUTER$)))], scope = [2
Re: [Samba] Mount point disappearing
Samba User wrote: HI have a bizzare problem. When I mount a share, the mount point disappears! Try to mount as cifs not smbfs -- Dan Borlovan Level 7 Software -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Couldn't find service home
Greetings, I'm having a problem with configuring Samba. I am trying to connect to a linux box running Ubuntu with my os x laptop. When I try and connect I get prompted for a username/password. When I enter them apple gives me a weird error and it doesn't work. I'm pretty the problem is with my config on the linux side. The error log has this printed every time I tried to connect: [2006/09/07 13:09:24, 0] smbd/service.c:make_connection(851) daniel-bakers-c (192.168.1.3) couldn't find service home Here is all the things I could thing to test and include: [EMAIL PROTECTED]:/etc/samba$ smbclient //Newton/home/dan Password: Domain=[NEWTON] OS=[Unix] Server=[Samba 3.0.22] tree connect failed: NT_STATUS_BAD_NETWORK_NAME Load smb config files from smb.conf Processing section [printers] Processing section [print$] Processing section [Newton] Loaded services file OK. WARNING: passdb expand explicit = yes is deprecated Server role: ROLE_STANDALONE - [global] workgroup = LINUX_SERVER server string = %h server (Samba, Ubuntu) obey pam restrictions = Yes passdb backend = tdbsam passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew \sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* . syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 dns proxy = No panic action = /usr/share/samba/panic-action %d invalid users = root [printers] comment = All Printers path = /tmp create mask = 0700 printable = Yes browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/printers [Newton] path = /home/dan read only = No guest ok = Yes - Domain=[NEWTON] OS=[Unix] Server=[Samba 3.0.22] Sharename Type Comment - --- print$ Disk Printer Drivers IPC$IPC IPC Service (Newton server (Samba, Ubuntu)) ADMIN$ IPC IPC Service (Newton server (Samba, Ubuntu)) Domain=[NEWTON] OS=[Unix] Server=[Samba 3.0.22] Server Comment ---- WorkgroupMaster ---- LINUX_SERVER NEWTON SERENITY ALANNA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Windows xp cannot acces some shares but smbclient can
Samba 3.0.22 .. 3.0.23b configured with security=domain, joined to windows 2003. Samba has two shares, lets name them joe and joe1, with exactly the same definition (copy/pasted, just the name differs) Share definition like this [joe] path = /opt/joe writeable = yes force user = joe force group = users valid users = domain/user1, domain/user2 etc. From smbclient both shares work (of course, they have the same definition) From windows xp client (logged in as domain/user1 or domain/user2) joe is not accessible (no error from windows but doesn't enter it) but joe1 works. Oops. As long as the share has any other name than joe, it works. Same problem for a second share (windows cannot access it if share name equals local force user name), but not for a third share tested with another local user. Now I'm really confused. Debug is pretty long and does not (at least to me) reveal any obvious error, but I can attach it on request. Any ideas? -- Dan Borlovan Level 7 Software -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Error was Permission denied
Samba version Samba 3.0.23a-1.FC5.1 Linux Fedora 5 (localhost) User: dsmith 192.168.1.104 Windows XP SP2 with lastest updates (T2385) User: dan 192.168.1.100 Linksys 8 port router I have tried a few days on an off to get samba to work, but need some help. I found a couple problems with the checklist and fixed them. A couple problems I wasn't able to solve. Here are the problems: 1) smbclient //192.168.1.104/dan -Udsmith tree connect failed: NT_STATUS_BAD_NETWORK_NAME smbpasswd is set, both dsmith and dan testparm runs fine I have cleared allow hosts, specified allow hosts, etc. Have disable both firewalls, Linux and Windows. 2) nmblookup -d 2 '*' Linux box responds fine. Never have got a response from Windows. 3) cat T2385.log [2006/08/20 01:33:26, 0] smbd/service.c:make_connection_snum (911) '/home/dsmith' does not exist or permission denied when connecting to [dan] Error was Permission denied I have changed permissions on /home and /dsmith to 777. It didn't help I created a user dan. It didn't help. On Windows I'm using map network drive. Y: //192.168.1.104/dan I use login as different user: dsmith and password Here is smb.conf # Samba config file created using SWAT # from 127.0.0.1 (127.0.0.1) # Date: 2006/08/19 23:38:24 [global] workgroup = SMITH server string = Samba Server log file = /var/log/samba/%m.log max log size = 50 preferred master = Yes dns proxy = No ldap ssl = no hosts allow = 192.168.1., 127. cups options = raw [printers] comment = All Printers path = /usr/spool/samba printable = Yes browseable = No [dan] path = /home/dsmith username = dsmith -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.1.394 / Virus Database: 268.11.3/423 - Release Date: 8/18/2006 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Error was Permission denied
Greetings, I have tried a few days on an off to get samba to work, but need some help. Samba version Samba 3.0.23a-1.FC5.1 Linux Fedora 5 (localhost) User: dsmith 192.168.1.104 Windows XP SP2 with lastest updates (T2385) User: dan 192.168.1.100 Linksys 8 port router I found a couple problems with the checklist and fixed them. A couple problems I wasn't able to solve. Here are the problems: 1) smbclient //192.168.1.104/dan -Udsmith tree connect failed: NT_STATUS_BAD_NETWORK_NAME smbpasswd is set, both dsmith and dan testparm runs fine I have cleared allow hosts, specified allow hosts, etc. Have disable both firewalls, Linux and Windows. 2) nmblookup -d 2 '*' Linux box responds fine. Never have got a response from Windows. 3) cat T2385.log [2006/08/20 01:33:26, 0] smbd/service.c:make_connection_snum (911) '/home/dsmith' does not exist or permission denied when connecting to [dan] Error was Permission denied I have changed permissions on /home and /dsmith to 777. It didn't help I created a user dan. It didn't help. On Windows I'm using map network drive. Y: //192.168.1.104/dan I use login as different user: dsmith and password Here is smb.conf # Samba config file created using SWAT # from 127.0.0.1 (127.0.0.1) # Date: 2006/08/19 23:38:24 [global] workgroup = SMITH server string = Samba Server log file = /var/log/samba/%m.log max log size = 50 preferred master = Yes dns proxy = No ldap ssl = no hosts allow = 192.168.1., 127. cups options = raw [printers] comment = All Printers path = /usr/spool/samba printable = Yes browseable = No [dan] path = /home/dsmith username = dsmith I hope you can help me, I'm trying to convert from Windows XP to Linux and I thought samba would be the fastest way to transfer my files over (60Gb). Thanks, Dan -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.1.394 / Virus Database: 268.11.5/425 - Release Date: 8/22/2006 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] 3.0.23b binaries for debian/sarge please
Hi, Cannot spot the debian binaries for 3.0.23b - please please please as 3.0.23a has some issues regarding domain users and I'm too lazy to compile my own packages Thanks, -- DanB -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] This list is a black hole.
Hi John, Stefan, maybe most of the questions ar allready answered if using the mail archive or/and read the faqs, i answered a lot in that list but i am not willing to answer same questions every day, in comparing to other lists , this one is very nice Don't worry, my most recent question is with yours in the black hole. Although, I have read that now they think that some things can actually escape a black hole. So I'm still hopeful. But I just assumed that the non-response to my question meant that what I was asking wasn't possible with Samba, even though it seemed pretty basic. Dan -- Daniel Armbrust Biomedical Informatics Mayo Clinic Rochester daniel.armbrust(at)mayo.edu http://informatics.mayo.edu/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] guest access in server security mode?
I have a samba server that is configured in server mode. However, I want to share one folder to everyone - whether or not they have a real account on my system, or on the server that I am authenticating against. The [global] section of my config file has things like this: log file = /var/log/samba/%m.log load printers = no guest account = lexbig idmap gid = 16777216-33554431 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 map to guest = Bad Uid null passwords = yes encrypt passwords = yes winbind use default domain = no template shell = /bin/false dns proxy = no cups options = raw netbios name = servername server string =server description idmap uid = 16777216-33554431 password server = server name workgroup = workgroup name os level = 20 printcap name = /etc/printcap security = server preferred master = no local master = no domain master = no max log size = 50 The public share that I want to create looks like this: [LexBIGDemo] guest ok = yes force user = lexbig browseable = yes writeable = yes only guest = yes public = yes path = /home/lexbig/demo force group = lexbig But it continues to insist on authenticating against the domain server. If I connect with a valid user name and password, everything works as I expect - I connect to the public share as the user 'lexbig'. But - if I connect with an invalid user name and password (according to the domain server) - I get this in the log file: [2006/08/04 09:47:21, 1] auth/auth_server.c:check_smbserver_security(363) password server the-server rejected the password And it rejects me. I have tried all of the values for 'map to guest' - Bad Uid, Bad Password, and Bad User - but they all have the same exact behavior. Is there a way to do what I'm trying to do? This seems like such a simple thing - but I can't get it to work. I was originally using 3.0.10 or so - whatever came with fedora core 3, but now I built the current from source - and it has the same behavior. Thanks, Dan -- Daniel Armbrust Biomedical Informatics Mayo Clinic Rochester daniel.armbrust(at)mayo.edu http://informatics.mayo.edu/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba mount problems
Hi I've setup samba on a file server. I'm using ADS as the security level. Now I'd like to make a share that would allow guest to login, below is the share I've setup: [test] path = /tmp/ public = yes only guest = yes writable = yes printable = no auth methods = guest guest ok = yes map to guest = Bad Password The problem I have is quite confusing. Basically I can't mount the above partition as an anonymous user when I use mount or mount.smb or mount.smbfs. However, I can connect to the share as an anonymous user if I use smbclient. Could someone please help me understand why I can't mount the above using the mount command. Thanks in advance Dan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3 using a mysql backend
I see in the documentation that samba can use a mysql backend. I see an example for users tables but I am curious as to where it would store computer accounts and group accounts. Has anyone setup samba using mysql as a backend? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] NT_STATUS_ACCESS_DENIED
When I run: /usr/local/sambabin/smbclient -U user%pass -L //myhost -N I get: Domain=[MYDOMAIN] OS=[Unix] Server=[Samba 3.0.22] tree connect failed: NT_STATUS_ACCESS_DENIED Is there someplace this error message is explained?? My smb.conf file is: [global] security = server encrypt passwords = yes password server = nt4dc1, nt4dc2 username map = /usr/local/samba/lib/users.map workgroup = YMINTWEB remote announce = 192.12.95.255 204.140.39.255 wins server = 204.140.39.6 browseable = yes public = yes print command = lpr -r -P%p %s lpq command = lpq -P%p lprm command = lprm -P%p %j printing = bsd printcap name = /etc/printcap load printers = yes guest account = nobody guest ok = yes preserve case = yes short preserve case = yes case sensitive = no log file = /usr/local/samba/log.%m lock directory = /usr/local/samba/var/locks local master = no share modes = yes valid users = @smb ; Mount user home directories on demand. [homes] comment = Home Directories public = no browseable = yes read only = no create mode = 7774 directory mode = 7775 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Here's a recipe for Samba+Active Directory on Solaris 9
Samba 3.0.22 on Solaris 9 with Active Directory === Dan Shearer Version 1.0 May 2006 Official Samba binaries for Solaris 9 are not enabled for ADS support. Enabling ADS is much harder than it looks, mostly because of the crazy Solaris 9 build environment. Here is the simplest reproducable recipe I could find for ADS-enabled Samba on a default fresh install of Solaris 9. Some concession has been made for installs that are not default, but you might still need to modify for your particular servers. Tested with Heimdal Kerberos 0.7, OpenLDAP 2.3.20 and Samba 3.0.22 . All three packages are in /opt/local (no namespace clashes luckily.) This is a big glob, don't go adding to it :-) The point is to demonstrate a known-working solution from which to work at your site. Someone from sunfreeware.com (excellent site!) might want to create a package to avoid this pain, in fact it would be good if sunfreeware and the official Samba binaries could perhaps be coordinated. Let me know if I can help. This document was developed fairly empirically because I don't know Solaris well. Most of the time went into discovering how to get the environment right. Overview of Steps - Install OS plus particular patches. Install *very* particular versions of packages from sunfreeware.com . Install OpenLDAP libraries Install Heimdal Kerberos. /etc/krb5/krb5.conf. Test with kinit [EMAIL PROTECTED] in capitals) Install Samba, create smb.conf (test config file with testparm) Join Samba Member Servers (net ads join -U Administrator ) List AD domain users (net ads user -U Administrator ) Test Security from Windows (browse, file access from Explorer right-click) Optional: idmap using ridmap or a dedicated LDAP server. At this point you will be able to use Samba as per the documentation, having skipped the weeks of frustration people usually seem to spend to get this going :-) Solaris 9 Prep -- Install from the first three CDs, accepting all defaults. Install patches 112960-36, 112874-34, 112233-01, 112233-11 . This is a dependency chain, the only thing really required is a new libnss that will let Samba winbind work. On production machines, if you keep up with Sun recommended patches you may have this already. If you want to grow old quickly, attempt to build the entire GNU toolchain on Solaris9! Alternatively, be sensible and use the following list of binaries packaged at http://sunfreeware.com : gcc-3.3.2-sol9-sparc-local.gz bison-1.34-sol7-sparc-local.gz (built for Solaris 7; no higher Bison version or Heimdal breaks, no higher Solaris version or there is a library problem on Solaris 9 . ) m4-1.4.2-sol9-sparc-local.gz make-3.80-sol9-sparc-local.gz db-4.2.52.NC-sol9-sparc-local.gz (no lower version or OpenLDAP breaks) binutils-2.11.2-sol8-sparc-local.gz (built for Solaris 8, not built for Solaris 9 but works fine) flex-2.5.31-sol9-sparc-local.gz (required for Heimdal build) Set global time on your network using something like ntp! The Solaris machines must be consistent with the Windows AD server to within 5 minutes, unless you reconfigure Kerberos to be less fussy. When changing time manually, sometimes the Solaris date command gets confused with what it is displaying (for example BST != GMT+1, GMT+1 time is displayed two hours in the past.) The linker in ccs is bad news for Samba and probably everything else so get rid of it. mv /usr/ccs/bin/ld /usr/ccs/bin/ld.off . Sun gssapi won't work with Heimdal and probably not much else will either. Heimdal provides its own. mv /usr/include/gssapi /usr/include/old.gssapi Don't run configure in any of OpenLDAP, Kerberos or Samba until all the above modifications have been done. Build OpenLDAP, Heimdal and Samba in that order. A Comment on Libraries -- With crle, GNU automake scripts (ie configure) will find all libraries present. LDFLAGS should be sufficient but isn't, and LD_LIBRARY_PATH isn't always equivalent to crle although it looks like it should be. When debugging, to check what libraries a particular program has been linked against, use ldd. Be suspicious if, for example, ldd /opt/local/bin/kinit doesn't have a reference to a BerkeleyDB db library, or libgcc_s . Fix this with crle (using the commandline crle itself gives you) something like this: crle -c /var/ld/ld.config -l \ /lib:/usr/lib:/usr/local/lib:/usr/local/BerkeleyDB4.2/lib:/opt/local/lib The foregoing problems are with non-default Solaris 9 installs. A default install works as expected. /usr/local/lib is used by all packages from sunfreeware.com. Installing OpenLDAP --- Version 2.3.20 from openldap.org ./configure --prefix=/opt/local --disable-bdb --enable-null --without-tls \ CFLAGS=-I/usr/local/include -I/usr/local/BerkeleyDB.4.2/include \ CPPFLAGS=-I/usr/local/include -I/usr/local/BerkeleyDB/4.2/include make depend make make install Installing Heimdal
Re: [Samba] AIX 5L 5.3 Error after Compiling the SAMBA 3.0.21.0
WARNING: ldap.h is needed for LDAP support if you want ldap support openldap-devel needs to be installed on AIX. 0509-136 Symbol _posix_kaio_rdwr (number 2) is not exported from dependent module /unix. running smitty posixaio and turning on aio support might handle this. HTH Dan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] getpwnam() fails for LDAP Users on AIX 5.3
Our Version is 3.0.21c --sorry forgot Best Dan Hello List, below our smb.conf and loglevel 5 output of a failed authentication. We want to get the Unix User details from MS-SFU using the new idmap_ad Backend. If the Windows User is mapped to local name it's all fine. But if we want to use our SFU Users it fails. We believe getpwnam() on AIX is faulty. id username and login works for all users local and AD! Any ideas how to handle, get around this,or solve it differently ? Best Dan smb.conf: [global] workgroup = WG realm = WG.OURREALM.COM server string = host_name (Samba Server) security = ADS idmap backend = idmap_ad username map = /etc/samba/smbusers winbind use default domain = Yes winbind trusted domains only = yes log level = 5 log.smbd: [2006/03/17 14:10:09, 4] lib/username.c:map_username(143) Scanning username map /etc/samba/smbusers [2006/03/17 14:10:09, 3] lib/username.c:map_username(184) Mapped user WG\pawisda to pawisda [2006/03/17 14:10:09, 5] lib/username.c:Get_Pwnam_alloc(290) Finding user pawisda [2006/03/17 14:10:09, 5] lib/username.c:Get_Pwnam_internals(234) Trying _Get_Pwnam(), username as lowercase is pawisda [2006/03/17 14:10:09, 5] lib/username.c:Get_Pwnam_internals(252) Trying _Get_Pwnam(), username as uppercase is PAWISDA [2006/03/17 14:10:09, 5] lib/username.c:Get_Pwnam_internals(261) Checking combinations of 0 uppercase letters in pawisda [2006/03/17 14:10:09, 5] lib/username.c:Get_Pwnam_internals(267) Get_Pwnam_internals didn't find user [pawisda]! [2006/03/17 14:10:09, 5] lib/username.c:Get_Pwnam_alloc(290) Finding user pawisda [2006/03/17 14:10:09, 5] lib/username.c:Get_Pwnam_internals(234) Trying _Get_Pwnam(), username as lowercase is pawisda [2006/03/17 14:10:09, 5] lib/username.c:Get_Pwnam_internals(252) Trying _Get_Pwnam(), username as uppercase is PAWISDA [2006/03/17 14:10:09, 5] lib/username.c:Get_Pwnam_internals(261) Checking combinations of 0 uppercase letters in pawisda [2006/03/17 14:10:09, 5] lib/username.c:Get_Pwnam_internals(267) Get_Pwnam_internals didn't find user [pawisda]! [2006/03/17 14:10:09, 1] smbd/sesssetup.c:reply_spnego_kerberos(303) Username pawisda is invalid on this system -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] getpwnam() fails for LDAP Users on AIX 5.3
Hello List, below our smb.conf and loglevel 5 output of a failed authentication. We want to get the Unix User details from MS-SFU using the new idmap_ad Backend. If the Windows User is mapped to local name it's all fine. But if we want to use our SFU Users it fails. We believe getpwnam() on AIX is faulty. id username and login works for all users local and AD! Any ideas how to handle, get around this,or solve it differently ? Best Dan smb.conf: [global] workgroup = WG realm = WG.OURREALM.COM server string = host_name (Samba Server) security = ADS idmap backend = idmap_ad username map = /etc/samba/smbusers winbind use default domain = Yes winbind trusted domains only = yes log level = 5 log.smbd: [2006/03/17 14:10:09, 4] lib/username.c:map_username(143) Scanning username map /etc/samba/smbusers [2006/03/17 14:10:09, 3] lib/username.c:map_username(184) Mapped user WG\pawisda to pawisda [2006/03/17 14:10:09, 5] lib/username.c:Get_Pwnam_alloc(290) Finding user pawisda [2006/03/17 14:10:09, 5] lib/username.c:Get_Pwnam_internals(234) Trying _Get_Pwnam(), username as lowercase is pawisda [2006/03/17 14:10:09, 5] lib/username.c:Get_Pwnam_internals(252) Trying _Get_Pwnam(), username as uppercase is PAWISDA [2006/03/17 14:10:09, 5] lib/username.c:Get_Pwnam_internals(261) Checking combinations of 0 uppercase letters in pawisda [2006/03/17 14:10:09, 5] lib/username.c:Get_Pwnam_internals(267) Get_Pwnam_internals didn't find user [pawisda]! [2006/03/17 14:10:09, 5] lib/username.c:Get_Pwnam_alloc(290) Finding user pawisda [2006/03/17 14:10:09, 5] lib/username.c:Get_Pwnam_internals(234) Trying _Get_Pwnam(), username as lowercase is pawisda [2006/03/17 14:10:09, 5] lib/username.c:Get_Pwnam_internals(252) Trying _Get_Pwnam(), username as uppercase is PAWISDA [2006/03/17 14:10:09, 5] lib/username.c:Get_Pwnam_internals(261) Checking combinations of 0 uppercase letters in pawisda [2006/03/17 14:10:09, 5] lib/username.c:Get_Pwnam_internals(267) Get_Pwnam_internals didn't find user [pawisda]! [2006/03/17 14:10:09, 1] smbd/sesssetup.c:reply_spnego_kerberos(303) Username pawisda is invalid on this system -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba as non-root?
I have a two-part question. Is it possible to run Samba as a non-root user? What we want to do, ideally, is to create a user account such as samba, and let our applications people log in as the samba user, and do all the setup and ongoing maintenance. I looked through the stuff on samba.org but the answer isn't readily apparent to me. This is so they can allow a few users the ability to view some files on a Solaris 8 server. All the users who need read access via Samba are already in the passwd file. We would prefer not to use any external servers for authentication if we can avoid it. Can we do that? We're trying to keep this as simple as possible. Thanks, Dan P.S. Sorry for the disclaimer message below but I can't do anything to stop it. The contents of this email are the property of PNC. If it was not addressed to you, you have no legal right to read it. If you think you received it in error, please notify the sender. Do not forward or copy without permission of the sender. This message may contain an advertisement of a product or service and thus may constitute a commercial electronic mail message under US Law. PNCs postal address is 249 Fifth Avenue, Pittsburgh, PA 15222. If you do not wish to receive any additional advertising or promotional messages from PNC at this e-mail address, click here to Unsubscribe. https://pnc.p.delivery.net/m/u/pnc/uni/p.asp By unsubscribing to this message, you will be unsubscribed from all advertising or promotional messages from PNC. Removing your e-mail address from this mailing list will not affect your subscription to alerts, e-newsletters or account servicing e-mails.. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] libldap not found
It sounds like it can not find your libldap library in any of the paths you specified. Do you have a locate program such that you could try locate libldap and see if/where it shows up? David Shapiro wrote: Can anybody clue me in on why this build script is failing? checking for ldap.h... yes checking lber.h usability... yes checking lber.h presence... yes checking for lber.h... yes checking for ber_scanf in -llber... no checking for ldap_init in -lldap... no checking for ldap_set_rebind_proc... no checking whether ldap_set_rebind_proc takes 3 arguments... 3 configure: error: libldap is needed for LDAP support + [ 1 != 0 ] #!/bin/ksh -x env CC=gcc \ CFLAGS=-DPAM_AUTHTOK_RECOVER_ERR=PAM_AUTHTOK_RECOVERY_ERR -DPAM_EXTERN=extern -D_LINUX_SOURCE_COMPAT \ CPPFLAGS=-I/usr/local/bdb/include -I/usr/local/ssl/include -I/usr/local/openldap/include \ LDFLAGS=-L/usr/local/bdb/lib -L/usr/local/cyrus-sasl/lib -L/usr/local/openldap/lib -L/usr/local/ssl/lib \ ../configure --prefix=/usr/local/samba --with-shared-modules=idmap_ad,idmap_rid \ --with-ads --with-ldap --with-ldapsam --with-pam --with-krb5=/usr/local/kerberos --with-winbind \ --with-acl-support --with-utmp --with-quotas --with-sendfile-support \ --with-aio-support --enable-shared=no --enable-static=yes if [ $? != 0 ]; then echo Configure failed so exiting... exit 1 fi /usr/local/bin/gmake /usr/local/bin/gmake install if [ $? != 0 ]; then echo Build failed so exiting... exit 1 fi for i in WINBIND pam_winbind.so; do if [ -f /usr/lib/security/$i ]; then mv /usr/lib/security/$i /usr/lib/security/$i.old chmod 555 nsswitch/$i cp nsswitch/$i /usr/lib/security rm /usr/lib/security/$i.old else cp nsswitch/$i /usr/lib/security fi done David Shapiro Unix Team Lead 919-765-2011 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Upgraded from 3.0.9 - 3.0.21b - Now adding machines a problem
I recently upgraded my samba pdc from version 3.0.9 to version 3.0.21b
to try and fix a browse issue with Windows 2003 Server and linux samba
servers. The browse issue was fixed, but now I am having problems
adding machines to the network. I run slackware 10.0 linux with an
openldap backend which has worked fine until now. I also upgraded the
samba tools from idealx.org to the latest version. First when I went to
add a machine it would bomb out and when I would check the ldap
directory I noticed it had the posix machine info but not the samba
machine info. To add the machine I am using the command
add machine script = /usr/local/sbin/smbldap-useradd -t 0 -w '%u'
in my smb.conf as specified in the example. I then looked at the
smbldap-useradd script and realized that the add_samba_machine call from
the tools.pm file was never getting called anywhere in the scripts so
maybe this is incorrect but I added the following to the smbldap-useradd
script:
if (defined($Options{'w'})) {
if (!add_samba_machine($userName,$userUidNumber,$Options{'t'})) {
die $0: error while adding samba account\n;
}
}
right under the following:
# MACHINE ACCOUNT
if (defined($Options{'w'}) or defined($Options{'i'})) {
#print About to create machine $userName:\n;
if (!add_posix_machine
($userName,$userUidNumber,$userGidNumber,$Options{'t'})) {
die $0: error while adding posix account\n;
}
so that the rest of the ldap info was getting filled in. It still would
bomb out on me with the error The user name could not be found but it
did make a difference. Leaving the new ldap entry alone I would then
try and add the machine again and it would work so I am not sure what is
wrong. I checked the machine entry in ldap before and after and nothing
much seems to have changed. I checked the samba logs and the user
adding to the domain comes back as authenticated so I am at a loss as to
why it would fail the first time and not the second.
Now most likely I am doing something else wrong as I can't imagine I
should have to change the scripts but I haven't come across what it is.
Has anyone seen this behavior before?
Any help is greatly appreciated thanks.
Dan,
Below is the global section of my smb.conf:
[global]
workgroup=MYDOMAIN
netbios name=MYDOMAIN_PDC
admin users = administrator
server string = MY PDC
security = user
load printers = yes
; printcap name = /etc/printcap
; print command = lpr -r -P%p %s
; printing = lprng
; printcap name = cups
; printing = cups
; show add printer wizard = yes
log file = /var/log/samba/log.%m
max log size = 1
ldap ssl = on
passdb backend = ldapsam:ldaps://ldap.home.mydomain.org:636
ldap admin dn = uid=root,ou=users,dc=home,dc=mydomain,dc=org
ldap user suffix = ou=users
ldap group suffix = ou=groups
ldap machine suffix = ou=users
ldap suffix = dc=home,dc=mydomain,dc=org
ldap delete dn = no
add user script = /usr/local/sbin/smbldap-useradd -m '%u'
delete user script = /usr/local/sbin/smbldap-userdel %u
add group script = /usr/local/sbin/smbldap-groupadd -p '%g'
delete group script = /usr/local/sbin/smbldap-groupdel '%g'
add user to group script = /usr/local/sbin/smbldap-groupmod -m '%u'
'%g'
delete user from group script = /usr/local/sbin/smbldap-groupmod -x
'%u' '%g'
set primary group script = /usr/local/sbin/smbldap-usermod -g '%u' '%g'
add machine script = /usr/local/sbin/smbldap-useradd -t 0 -w '%u'
ldap passwd sync = Yes
idmap uid = 15000-2
idmap gid = 15000-2
idmap backend = ldap:ldaps://ldap.mydomain.org:636
username map = /etc/samba/smbusers
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
os level = 128
domain master = yes
domain logons = yes
local master = yes
preferred master = yes
logon script = logon.bat
encrypt passwords = yes
unix password sync = no
passwd program = /usr/local/sbin/smbldap-passwd -o %u
logon path = c:\Documents and Settings\%U
remote announce = 10.1.0.255
remote browse sync = 10.1.0.255
wins support = yes
map to guest = Never
nt acl support = true
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Joining AIX 5.3 samba server into an AD domain
I have an AIX server running AIX 5.3 and samba 3.0.21a that I recently compiled. I am looking for detailed instructions on how to join the AIX 5.3 Samba Server into the AD domain. All of the information that I have been able to find is for Linux. Is there a document that describes what filesets I need to have installed and how the configure the samba server and AIX server to join the AD domain? I have the O'Reilly Samba book, but it does not really describe how to do this for AIX. Thanks in advance. Dan __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.21a and AIX 5.3 - Cannot see server on network
Starting smbd /opt/samba/sbin/smbd -D fi if [ -x /opt/samba/sbin/nmbd ] then echo Starting nmbd /opt/samba/sbin/nmbd -D fi When I try to use the smbclient command, I get the following: [r10dev01:/opt/samba/bin]79 ./smbclient '\\AZSHSAMBAD01\dano' Password: Domain=[CAREMARKRX] OS=[Unix] Server=[Samba 3.0.21a] tree connect failed: NT_STATUS_BAD_NETWORK_NAME Any ideas as to what the problem could be? Any suggestions would be greatly appreciated. Thanks, Dan AIX Administrator __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Migration from 2.2.7a to 3.0.14a
Hi, I'm new to this list so please do not flame me if this is not an appropriate question. I would like to migrate from an old Server running Samba 2.2.7a as Domain controller to a new one running version 3.0.14a. The new server (with a new hostname) should be the DC in the future as the old server is to be decommissioned. Now I am looking a good HOWTO or similar document describing such a migration - any suggestions? Regards, -- Dan Johansson, http://www.dmj.nu *** This message is printed on 100% recycled electrons! *** pgpkhxlzP6mX8.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Id Mapping from SFU 3.5
Hello, our task is to get Samba to us the same Mapping as SFU is using in AD. 1. In 3.0.21pre1 we set idmap uid = 5-10 idmap gid = 5-10 idmap backend = AD winbind separator = = but mapping a drive from Win2003 Server fails with: nsswitch/winbindd_user.c:winbindd_getpwnam(161) user our_user dows not exist Are we missing something ? 2. We succeeded with 3.0.9 by setting winbind enable local accounts = yes and pulling in the AD Users via nss_ldap directly. But this parameter has been removed in current versions. Why ? Are there any contraindications for the parameter ? Any advice would be gratefully accepted. Best Regards Daniel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Id Mapping from SFU 3.5
Hello, our task is to get Samba to us the same Mapping as SFU is using in AD. 1. In 3.0.21pre1 we set idmap uid = 5-10 idmap gid = 5-10 idmap backend = AD winbind separator = = but mapping a drive from Win2003 Server fails with: nsswitch/winbindd_user.c:winbindd_getpwnam(161) user our_user dows not exist Are we missing something ? 2. We succeeded with 3.0.9 by setting winbind enable local accounts = yes and pulling in the AD Users via nss_ldap directly. But this parameter has been removed in current versions. Why ? Are there any contraindications for the parameter ? Any advice would be gratefully accepted. Best Regards Daniel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] connecting to windows server 2003 with samba 3.0.9
I have a Windows server 2003 Domain controller with a share called DC02Data. I can connect to this share successfully from several RedHat boxes, running samba 2.2.7. However, on several other RedHat machines, running samba 3.0.9 I cannot connect properly. In fact, I actually seem able to establish a mount successfully, but cannot then view the files, as shown below: [EMAIL PROTECTED] mnt]# mount /mnt/hhfs05-dc02data [EMAIL PROTECTED] mnt]# ls -l ls: hhfs05-dc02data: Permission denied total 84 drwxr-xr-x2 root root 4096 Jul 29 2004 cdrom The /etc/fstab file is configured as follows: \\machine.example.com\DC02Data /mnt/hhfs05-dc02data smbfs rw,username=username,password=password,workgroup=production,uid=nobody,g id=gid,fmask=775 0 0 However, from one of the Samba 3.0.9 machines I can connect to another windows server 2003 machine, which ISN'T a domain controller, but is part of the same domain, using identical credentials...??? Any pointers would be much appreciated. /Dan. -- Dan McNulty Systems Administrator Eckoh Technologies (UK) Limited Telford House, Cornerhall, Hemel Hempstead, Hertfordshire HP3 9HN T 01442 458390 F 01442 458443 M 07900 566618 W www.eckoh.com Eckoh Technologies - Winner, Product of the Year - European Call Centre Awards 2005 http://www.eckoh.com/Investor_Relations/News/story_1022.shtml This communication contains information, which is confidential and may also be privileged. It is for the exclusive use of the intended recipient(s) only. If you are not the intended recipient(s) please note that any form of distribution, copying or use of this communication or the information in it is strictly prohibited and may be unlawful. If you have received this communication in error please return it to the sender and then delete it. Opinions expressed in this message are those of the author, and are not binding on the company. Registered in England and Wales, No. 2796531 Registered office: Telford House, Corner Hall, Hemel Hempstead, Hertfordshire HP3 9HN A member of the Eckoh Technologies plc group of companies. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] 3.0.20 : AIX 5.2 compile problem
Hi all, I am trying to compile Samba 3.0.20 for AIX 5.2. ./configure runs okay, if very slow. make breaks in some kerberos library. However kerberos works perfectly. Anyone ever done this or other advice ? TIA Dan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] (no subject)
I have just setup a Linux box (Suse 9.0) to act as an internet gateway and file server. The installation has gone very well, but I am having a problem with my Samba server. (I have a small network with about 4 client computers, all Windows boxes.) Problem 1: I set Share Homes in the Samba configuration, but none of the user folders or even the Home directory could be seen from the client machines. I could only see the Shares Printer folder. Problem 2: To solve that, I manually added a share for each users' folders. I could then see the folders, but when I try to open the folder from the client machine, it asks for a user name and password. I have tried all known user names and passwords including root, and none will work. I then changed the Allow Guest to true in the Samba configuration for the shared folders. I can now open and read the folders but cannot make any changes to the files. Ultimately, I want each user to have read/write priv. and for their folder to be password protected. Can anyone point me in the right direction? Thanks! drw [EMAIL PROTECTED] Sell on Yahoo! Auctions no fees. Bid on great items. http://auctions.yahoo.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] AD Domain Member with SFU
Hello all, we have joind Samba 3.0.9 to an AD-Domain which is running AD. All is working fine, acces to shares is granted, files are created, deleted. When we start off with assigning ACL's though, they just get ignored, and the User vanishes from the access list in the share manager. Server is Windows 2003, Client is XP Pro. Here is the error we get: Jun 30 13:56:05 w01abnfs07 smbd[17006]: create_canon_ace_lists: unable to map SID S-1-5-21-1291875906-2546917919-626822916-1122 to uid or gid. (I googled that one, nothing particularly related...) The whole thing seems odd, since Samba has already mapped SID to UID, when the files were initially created, not so ? I tried upgrading to 3.0.14 and 3.0.20, but no change, only different error-messages in 3.0.20 Any clues ? TIA Dan ---smb.conf--- [global] workgroup = WORKSHOP realm = WORKSHOP.LOCAL netbios name = WORKSHOP-FS security = ADS password server = tasv01.workshop.local #passdb backend = tdbsam username map = /etc/samba/smbusers log level = 3 passdb:5 auth:10 # desperate tries: force unknown acl user = yes map acl inherit = yes [sles9] path = /data/software-depot read only = No [homes] comment = Home Drives #path = /home/%s #write list = pawisda2 read only = No browseable = No valid users = %S ~ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] AD Domain Member: User Mapping w/out winbind ?
Hello everybody, I have set up authentication for a Linux Host using MS SFU. Works fine: getent passwd show my users, they can login... On the same host I want to set up Samba 3.0.9 as a domain member. The question: Can I use the AD Controller as idmap_backend _directly_ , skipping the use of winbind ? The problem with using winbind is that users will show up twice in getent passwd and the parallel use of NFS becomes a problem, as files belong to the winbind user if created with Samba , and to the SFU User if created with NFS. I hope this can be understood. Let me know if you need more details Regards Dan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
