Re: [Samba] Problems with idmap_adex module
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hey Ross, I'm having problems getting the new idmap_adex module to work. Sorry about that. When using the idmap_adex plugin I get the following: # wbinfo -n administrator S-1-5-21-X-XX-XX-500 User (1) # wbinfo -i administrator Could not get info for user administrator As expected attempting to lookup user group info via commands which use libnss also fail. The administrator account is setup with all the necessary rfc2307 attributes and works fine with the idmap_ad plugin. The uidNumber, gidNumber, and uid attributes have been added to the forests partial attribute set, as recommended by then idmap_adex man page. Idmap log throws up a couple of interesting lines (full log below): 1) NT_STATUS_NO_LOGON_SERVERS; although wbinfo --online-status says domain is online and name to sid lookups work ok. 2) could not find idmap alloc module adex; idmap module is installed at /usr/lib/samba/idmap/adex.so, ad.so is in the same folder. idmap_adex doesn't do uid/gid allocation so this is a normal message. Domain forest functional level are both Windows Server 2003. Running Samba/Winbind 3.3.1 on RHEL5, built from Fedora rawhide SRPM. Here is my smb.conf [global] workgroup = LOCAL ... The conf file looks fine. And here is log-winbindd-idmap at debug level 10: ... [2009/03/26 09:12:45, 10] winbindd/idmap_adex/likewise_cell.c:cell_do_search(382) cell_do_search: Base = , Filter = (objectSid=\XX\), Scope = 2, GC = yes [2009/03/26 09:12:45, 10] winbindd/idmap_adex/likewise_cell.c:cell_connect_dn(339) Failed! (NT_STATUS_NO_LOGON_SERVERS) Any chance i could get you to send me a network sniff of the failure (off list)? E.g. $ tcpdump -s 0 -w /tmp/dump.pcap \ port 88 or port 53 or port 3268 or port 389 cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewise.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAknLpngACgkQIR7qMdg1Efbn/ACfSlhx2g6hTXABULtMMtB3JcvA 5cMAn3f5XdUwzgJtVd0AoLsiqPYh932R =w1qw -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] map hidden only for files?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hey Andrea, do map hidden parameter works only for files and not for directories? Correct. Look at store dos attributes for complete attribute support for both files and directories. Much better solution. cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewise.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkm/ltgACgkQIR7qMdg1EfaPbwCgxJVEzEgBSb+6Bo0PUWN/Kg5p OjMAn0Paw5A59fO1Y98todmNHTOHX7Q7 =2lkY -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Saturday, Mar 14 - {git, wiki, bugzilla}.samba.org down for maintenace until 17:00 GMT-5 today
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Folks, Apologies for the short notice. I had sent a message to the rest of the team earlier this week but forgot to post here. The server providing git, wiki bugzilla for samba.org will be offline for maintenance until 17:00 GMT -5 today. Thanks for your patience. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkm7zzkACgkQIR7qMdg1EfbnwACdGE6E70ERCK45p4bnCjgIhRlJ OO0Anir31QXN6T/PrShgyC9bjcMtgVcA =sUtW -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re: Saturday, Mar 14 - {git, wiki, bugzilla}.samba.org down for maintenace until 17:00 GMT-5 today
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gerald (Jerry) Carter wrote: Folks, Apologies for the short notice. I had sent a message to the rest of the team earlier this week but forgot to post here. The server providing git, wiki bugzilla for samba.org will be offline for maintenance until 17:00 GMT -5 today. Thanks for your patience. Servers are back up and operational now. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJvEQwIR7qMdg1EfYRAvj3AJ4+AVtuyz73aPEKP5ru9Eapqkw6egCfZIDH rJtE1q2OH7cD1jejhwWhXTA= =2ytS -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Trust Question.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Linux Addict wrote: winbind offline logon = Yes idmap config DOMAIN1:range = 20 - 29 idmap config DOMAIN1:backend = rid idmap config DOMAIN2:range = 10 - 19 idmap config DOMAIN2:backend = rid idmap config DOMAIN3:range = 20 - 29 idmap config DOMAIN3:backend = rid idmap config default:default = Yes Why is DOMAIN1 and DOMAIN3 using the same range? cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJfgiCIR7qMdg1EfYRArBAAKDUv8hmDTuSwGe3yDcUbDLOKlZ2WACfXbRO khr4btSOJQMCOQ1dX9GcnSw= =3cp+ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] List search question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Troy Heidner wrote: Hello everyone, I'm a new member here at Samba lists. I've been a lightweight Samba user for several years, but now I am investigating replacing our Active Directory domain with a pure Samba domain. I already have a few questions, but before I start posting them I though I'd ask about searching the list archives. I might be missing something here, but I haven't found a way to do it? http://marc.info/ cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkl4yvkACgkQIR7qMdg1EfaovACeO7jPgXGY+TrcCrVDQTB+y756 wNIAoJv2Drxo1v6KfVsnxHPQi03UL6pj =Xblu -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Docu for Winbind using userprincipalName (UPN)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Carsten Witt wrote: Where can I find a howto configure using UPN for Winbind? You don't need to do anything special for getent passwd u...@realm to work (and hence user logins via pam_winbind as well. But this is only supported in a native mode AD domain. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJUR4KIR7qMdg1EfYRAllxAKCAGbzd7H0crNeBwO/Ct8q1Co/kDQCfZIbi xK6yk5mW02GAtpfrl4FE2Fw= =n5Np -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] _Truly_ disabling trusted domains?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Michael Adam wrote:
Hi Nick,
Nick wrote:
Is there a way to completely disable trusted domains in samba/winbind? Some
of the trusted domains are inaccessible to the client machines, which causes
winbind not to work due to all the timeouts/errors. I tried setting allow
trusted domains = no, but when looking at the debug logs it's obvious that
winbind is still trying to look them up. It appears that winbind doesn't
respect the allow trusted domains at all.
Hmmm, you are right: The manual page seems to promise too much
in the description of allow trusted domain. In fact looking at
the code, it is a smbd-only option. It prevents smbd to perform
explicit requests (like authentication) for trusted domains, but
it does not prevent winbind from walking the list of trusted domains
and trying to establish a connection to each of them (for instance
when enumating users).
Thought I had fixed this. Patch against 3.2 that should work is attached.
cheers, jerry
- --
=
Samba--- http://www.samba.org
Likewise Software - http://www.likewisesoftware.com
What man is a man who does not make the world better? --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFJT5kgIR7qMdg1EfYRAoZSAKDbR45MTOWwhuOcsTOJ4weMdfv9owCfUioL
bF4kwk9p/PjerzN8+il46p8=
=7fGD
-END PGP SIGNATURE-
From 695addd1eb9324d50ef87bc8c8ed5b8eb351fb19 Mon Sep 17 00:00:00 2001
From: Gerald (Jerry) Carter je...@samba.org
Date: Mon, 22 Dec 2008 07:40:04 -0600
Subject: [PATCH] Winbind: Honor the allow trusted domains option when scanning or adding a trusted domain.
---
source/winbindd/winbindd_util.c | 12 +++-
1 files changed, 11 insertions(+), 1 deletions(-)
diff --git a/source/winbindd/winbindd_util.c b/source/winbindd/winbindd_util.c
index a2a248b..34a5188 100644
--- a/source/winbindd/winbindd_util.c
+++ b/source/winbindd/winbindd_util.c
@@ -506,7 +506,12 @@ static void rescan_forest_trusts( void )
void rescan_trusted_domains( void )
{
time_t now = time(NULL);
-
+
+ /* Check that we allow trusted domains at all */
+
+ if (!lp_allow_trusted_domains())
+ return;
+
/* see if the time has come... */
if ((now = last_trustdom_scan)
@@ -763,6 +768,11 @@ void check_domain_trusted( const char *name, const DOM_SID *user_sid )
DOM_SID dom_sid;
uint32 rid;
+ /* Check if we even care */
+
+ if (!lp_allow_trusted_domains())
+ return;
+
domain = find_domain_from_name_noinit( name );
if ( domain )
return;
--
1.5.6.3
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] _Truly_ disabling trusted domains?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael Adam wrote: Hey Jerry, I just checked, these changes are in none of the branches master, v3-3-test, v3-2-test. Do you want to push them or do you want me to do it? I think this definitely should be in! Either way is fine. I just grabbed the small change from my old Winbind branch so I wanted Nick to confirm that I did grab everything. I think there might be a missing change in the Global Catalog support so that we give preference to GCs in our primary domain (and site). I need to track that one down. It might already be in. I'm heads down today on some other workbut will try to grab a few minutes to look at the GC changes to see if they are needed as well. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJT51vIR7qMdg1EfYRAsYXAJ975/ShCIbFxoUn9i/RQhvcQu0WwwCeLJ54 e0KDOprRuNe1vRDwxzYO9xQ= =ZUEd -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] To make winbindd upset and unresponsive (3.2.6)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Frank Burleigh wrote: This simple and often-suggested command to test Samba: getent passwd reproducibly upsets winbindd on my SLES 10 SP1 machine. [global] ... winbind enum users = Yes winbind enum groups = Yes Don't enable these. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJUDrWIR7qMdg1EfYRAjpsAJ97cpf1sLnK3eG2rSSrbu1Umb3JLwCgjkcI lH7l2K5vcV12LcRZ6XOEtv4= =bT6x -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Failed to join domain: failed to set machine spn: Constraint violation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alex, 3.0.28 and 3.0.32 - Native OS version shipped by Novell(Linux) and Sun(Solaris) Failing is the right thing to do in an MS-DNS/AD-Integrated environment, however for non-MS DNS environments disabling is going to be cleaner. Failing is the right thing to do period because without setting the attributes you can't do Krb5 auth. Maybe you should be using security = domain instead. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJR6DIIR7qMdg1EfYRAgIMAKC6kaIxLU+v7jwWKK4UEOF/CS+dSgCg2qTh a2Ni1L3EkpPweglM5p1gG2g= =ifuH -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Failed to join domain: failed to set machine spn: Constraint violation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alex Green wrote: Looks fine... :)... chances this makes it into the main stream for vendor adoption? Yeah. I don't do anything that doesn't go upstream. Unless it is really ugly. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJR7QtIR7qMdg1EfYRAipNAJ9LYaQJH0/CqPOpiWyadWjx2/xWvwCfSjkN ziAIVy4R/wsC/w7Wj03CwvY= =Q/R3 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Failed to join domain: failed to set machine spn: Constraint violation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alex Green wrote: :)... so command-line or config option do'able? Yeah. I'll see what I can do. Command line option probably. $ net ads join --disable-dns-update Look ok ? If so, I'll see if I can find some time real soon now. cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJR7KmIR7qMdg1EfYRAssTAKCgx2OqfjhnpJnbIwC1fu1tZJ9wVQCfT5Sc ZnickQA8ime2Xe6WN0Fozcc= =PvJ5 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Failed to join domain: failed to set machine spn: Constraint violation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alex Green wrote: Cross-wires (.) AD record update (SPN or DNS) failing absolutely the right thing to do ... no question. DDNS Fail - disable option would be good ... only talking about this... not the AD bit... Ahh..ok. gotcha. Sorry for the misfire. jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJR6a0IR7qMdg1EfYRAq2KAJ9t02IzDFmKrFZMWCLZ1HJ5VBv3+gCgmLXm 2NC0Ro4ZNnZxa+lZ2rlWHTg= =fs9X -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Failed to join domain: failed to set machine spn: Constraint violation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alex Green wrote: Found the issue: Validate Write for DNS and SPN were not set. However it now fails on DNS Update; I'm presuming this is because we're not using AD Integrated DNS (MS-DNS). Could this not be an option flag to disable DNS updates in this scenario? Those attributes and perms have nothing to do with DNS. You need full access rights to the computer object to join a machine with a DNS name outside of the AD realm name. That's what the validated write means. cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJRoS5IR7qMdg1EfYRAq/nAKDa3GwgMI1SzbyuU6UBAKR/r2X/7ACdFAaj Y5yzmHfOBD89pu0YXA5Y3fg= =J1Lb -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Failed to join domain: failed to set machine spn: Constraint violation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alex Green wrote: Hey Jerry, I'm aware of that. Due the restrictions placed within our AD environment, even users who have access to create computer objects don't have access to update the SPN or the host DNS name (AD record). Additionally, my point was more; would it be possible to turn off the DNS update process by means of flag, rather than compile time option. Youu confused me by saying DNS update. Assuming now you mean just updating the dNSHostName and SPN attributes. This is always required in order to support Krb5 authentication. This is exactly what Windows XP does. The DDNS update you are asking about (i.e. the--with-dnsupdate option) has nothing to do with setting the attributes. If the DDNS update fails, it is not fatal. You only get a warning. cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJRp7FIR7qMdg1EfYRAp/rAKC5IVsTNBNzIxE62FL5QaYfqMKzWQCfQxW8 GxpmNokZm3stFwqgHrFiC8g= =SEGF -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Failed to join domain: failed to set machine spn: Constraint violation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alex Green wrote: :)... it's this non-fatal error that our uses are getting confused about and it's this that I was asking for the cli option for... For the DDNS update we can add a disable run time option. For setting the attributes, failing is the right thing to do I believe. What version of Samba are you running? cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJRqXTIR7qMdg1EfYRAjlhAKDxjq2msUYQG6o4lKET78J55XpmpgCdFS9K Ttlu3rVaEVLz4AYEO1nqltA= =2cVK -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems joining a domain with a large number of DCs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Eric Diven wrote: You might want to use the latest git checkout of 3-0-test, for example available via http://repo.or.cz/w/Samba.git?a=snapshot;h=af33c8b3521564c;sf=tgz as there have been fixes for the server affinity cache during join. Volker I hate to drag this one up again, but I'm having issues with that snapshot of 3-0-test (smbd crashing, can't pin it to anything). Are the fixes actually in 3.0.33, or do I need to get a more recent version of 3-0-test? I've looked at the release notes and I don't see anything about the issue in there (just the security fix you made). I believe it only included the security fix. Alternately, if I need to move to 3.2.5, I'm fine with that too. This is better in the long run. 3.3.0 will be out soon and the 3.0 tree will become only more frozen. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJNVrWIR7qMdg1EfYRAtSrAKDiAU7HG3Hy9+dPpnPi8G6mq2d3igCdFw/p 3QaKLFkBvijGiXlLsvWRQ38= =OglA -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] template homedir question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Derek Harkness wrote: Hello All, I'm integrating an existing unix environment into an exist AD environment. I'm thinking of switching from nssldap to nss_winbind but have one problem. My user's home directories are in the format of /home/user/$first letter/$second letter/$username (/home/user/d/h/dhaknes). Looking at the template homedir it doesn't appear that I can use this format. Is there away to pull the first and second letters of the username as variables to use in template homedir? No but this would be easy to implement. The nss_info API allows you to write a new plugin. if you code in C, I can point you right at what to do. Maybe an hour's work. Side question, I'm looking at using pam_mkhomedir and it is creating home directories for computer accounts is there anyway to prevent that? Not really. A Computer object is derived from a user object in AD. SO both share the same set of base attributes (i.e. a computer is just a special type of user). cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJNVx/IR7qMdg1EfYRArppAJ4i7Bm3E+UOa0Jk4Y4SL0Xi46TzUACfTpqy WmNCZFHJnPLWub7fDm0q59E= =SqmA -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems joining a domain with a large number of DCs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Eric Diven wrote: I hate to drag this one up again, but I'm having issues with that snapshot of 3-0-test (smbd crashing, can't pin it to anything). Are the fixes actually in 3.0.33, or do I need to get a more recent version of 3-0-test? I've looked at the release notes and I don't see anything about the issue in there (just the security fix you made). I believe it only included the security fix. Alternately, if I need to move to 3.2.5, I'm fine with that too. This is better in the long run. 3.3.0 will be out soon and the 3.0 tree will become only more frozen. I looked through the release notes going back to 3.2.0, and I don't see anything in them matching Volker's description for those fixes. Is there a bug on this I can check or something else I should be looking for? This is the commit http://gitweb.samba.org/?p=samba.git;a=commitdiff;h=af33c8b3521564c229091f197341ba33a7d6f162 I expect it was only a regression in the older code. You could ask Volker directly. cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJNWtCIR7qMdg1EfYRAsQOAJ4iQFRoJQainvYnmMVfAP4oTpTtgACeJOHs dNOKmvJTdQYYQWiM1c7tSG4= =uFrK -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems joining a domain with a large number of DCs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Volker Lendecke wrote: On Tue, Dec 02, 2008 at 11:07:15AM -0600, Gerald (Jerry) Carter wrote: This is the commit http://gitweb.samba.org/?p=samba.git;a=commitdiff;h=af33c8b3521564c229091f197341ba33a7d6f162 I expect it was only a regression in the older code. You could ask Volker directly. Okay, you completely lost me here. Looking at the subject of the mails I thought this is about server affinity cache stuff during join. How does af33c8b35215 relate to that? Sorry. My fault. I pointed at the top of tree that you referred to the snapshot. I should have been paying more attention. I'm guessing I should have been pointing at commit 80e74a27c55c01221091e3eec930c2ac4433c22c Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Mon Oct 27 19:31:30 2008 +0100 libsmb/namequery.c: add saf_join_store() function saf_join_store() should be called after a successful domain join, the affinity to the dc used at join time has a larger ttl, to avoid problems with delayed replication. metze Signed-off-by: Stefan Metzmacher [EMAIL PROTECTED] Signed-off-by: Günther Deschner [EMAIL PROTECTED] And since the domain join code was rewritten to use libnet in 3.2, this would explain why the commit doesn't seem to exist in another branch. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJNXBdIR7qMdg1EfYRAuE9AJ9/Fsh4PXV9LMavUd3D4uZYYxJz1ACg6jy5 /2yTbSkNt6UMnlSYMFD38es= =tbGo -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Print Operator Rights in AD environment
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Derek Harkness wrote: I am attempting to set the SePrintOperatorPrivilege right on my RHEL 5.2 samba server and need some guidance. The samba box is currently joined to an AD forest in which I have a delegated OU, I do not have a Domain Admin account. Samba seems to want/need an Admin account in order to make changes to the server configuration such as rights. So the question is. Is there away to set a local administrator account or to map my AD account to a local administrator? if you are running Winbind, then add your account to the BUILTIN\Administrators group (net sam addmem Administrators you Or you can temporarily enable a root in Samba's account db. cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJNBqnIR7qMdg1EfYRAtQcAJwNjbWFB93Ulhqnv8LABdKfxkwQzgCfZVK7 8Umn5en2HjdmEO0DsO741so= =S6/3 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Print Operator Rights in AD environment
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hey Derek, Derek Harkness wrote: net sam addmember gives me Adding local group member failed with NT_STATUS_NO_SUCH_ALIAS. $ net sam createbuiltingroup Administrators You will need to configure a valid 'idmap alloc backend' for this. I added root to my local smbpasswd file but if I attempt to use the account I get NT_STATUS_LOGON_FAILURE. Make sure you use -U root -W MACHINE when connecting. (where MACHINE is replaced by your local machine name. cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJNCkcIR7qMdg1EfYRAkwWAJ9DlQmeGjpDtAn+wegsuw7L0tvEswCg5PDt gPBjLF2KITWBfFMwSSyLMTY= =J5ck -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [SCM] Samba Shared Repository - branch master updated - 6a4957d35d50e6508917aca62b282ae4904187c8
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael Adam wrote: The branch, master has been updated via 6a4957d35d50e6508917aca62b282ae4904187c8 (commit) via afbfbd7f4c656fa4ed036314837024be8cd634c9 (commit) via bf04324592695fd6e711ba25a89d47e1b61fa33e (commit) from 9d2c2a7a0e9e69c8fa2ce81af79007da0e32605b (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 6a4957d35d50e6508917aca62b282ae4904187c8 Author: Michael Adam [EMAIL PROTECTED] Date: Sun Nov 23 22:59:40 2008 +0100 UNFINISHED - s3:idmap_ad: multi-domain Michael, Why not just add the SFU schema support to the idmap_Adex plugin? It already has global catalog and cross forest support? cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJLAlpIR7qMdg1EfYRAk/FAJ9JO1yNGCKbdiSuz+bXcYOloxCj+ACgtzci m+zd6UVg+P5d/b0RrvW9JNE= =Vnu0 -END PGP SIGNATURE-
Re: [Samba] Why does the server want to connect to a client
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Marc Muehlfeld wrote: Hi, I have 5 of 140 Windows XP SP2/SP3 machines that make problems when printing. The client open the printer dialog and it takes a long time (up to 1 minute) before it appears. Printing is slow, too. Meanwhile I see the following messages (repeating several times) in the client log: [2008/11/21 08:17:28, 1] lib/util_sock.c:open_socket_out(888) timeout connecting to 10.1.0.253:445 [2008/11/21 08:17:37, 1] lib/util_sock.c:open_socket_out(888) timeout connecting to 10.1.0.253:139 [2008/11/21 08:17:37, 1] libsmb/cliconnect.c:cli_connect(1505) Error connecting to 10.1.0.253 (Operation already in progress) [2008/11/21 08:17:37, 1] libsmb/cliconnect.c:cli_start_connection(1568) cli_start_connection: failed to connect to IT-0920 (10.1.0.253). Error NT_STATUS_ACCESS_DENIED Why does the server tries to open a connection to these clients? On one of the 5 PCs if I disable the XP firewall, the problem disappers. The log entries above are from a client with enabled XP firewall (unchanged standard settings), but there are no changes when I disable it. Some of problem clients only show the timeout connection to... messages. I used samba 3.0.22 until yesterday, but the problem still exist after upgrading to 3.0.32. It's how MS designed the WINdows print notification mechanism. Set your firewall to reject instead of drop those packets. cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJJvktIR7qMdg1EfYRAkCqAKDPXNU0bHAKMPpf0pYKnv48SFTm9ACg4zpv rL7Wd7dJAouz8vJbSwrnF/s= =oLf8 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] The way things used to work...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dragan Lukic wrote: So, 18 days and 375 posts later. no answer to my question? Looks like I just want impossible: simple share with no limits, but with local user permissions for remote users. And NO I do not wish to use user level security, as users that have to use those shares hardly can cope with more basic stuff, than it is login to someone else's share via usernamepassword. Anyhow, in my previous post I have presented my non working (only on samba 3.2.3) smb.conf and I need help in getting it to work (again on samba 3.2.3 or later). I hope that conf is self explanatory, but if it is not, please ask me and I will clarify. Hey Dragan, You mail is a little hard for me to follow. Can you explain in about 2 - 3 sentences what you want to do ? cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJIsyMIR7qMdg1EfYRAqQjAKDDy6TeChvZTw9DgdcQNYl6rA+qpACfVbAF gUrFYK5J8JdC47JnHDEWPzU= =rIr1 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba authentication PAM/LDAP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 vishesh kumar wrote: Does NT hashes require even if we use kerberos for authentication?. I don't understand the context of this question. A Samba 3 DC does not support kerb5 auth. So you can only use the NTLM authentication (which requires the NT hash). A domain member server just uses the DC for authemtication and so this question does seem to apply. Did I miss something? cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJIs5GIR7qMdg1EfYRAnIIAJ4kNyXBd5zt5pEJ3h42uRnV71aDggCffAfs vVy0SQF5XGYce0+ngJZtqJ4= =/Fku -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] string_to_sid: Sid MYDOMAIN\mygroup does not start with 'S-'.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Robinson, Eric wrote:
I've been struggling for almost 2 weeks to get Samba working on two new
servers.
When I try to open a Samba share from a Windows 2003 computer, I always
get a logon challenge. I always get the following lot message
[2008/11/13 16:05:06, 3] lib/util_sid.c:string_to_sid(228)
string_to_sid: Sid MYDOMAIN\mygroup does not start with 'S-'.
[2008/11/13 16:05:06, 2] smbd/service.c:make_connection_snum(732)
user 'MYDOMAIN\user' (from session setup) not permitted to access this
share (ftp_site001)
[2008/11/13 16:05:06, 3] smbd/error.c:error_packet_set(61)
error packet at smbd/reply.c(662) cmd=117 (SMBtconX)
NT_STATUS_ACCESS_DENIED
The following code snippet shows where this error is coming from:
snip_start
bool string_to_sid(DOM_SID *sidout, const char *sidstr)
{
QUESTION: It looks to me as though this function is designed to convert
a string such as MYDOMAIN\user into a SID starting with S-.
No. it is to convert a SID char * string (S-1-) to a binary SID
representation. What does your smb.conf look like?
cheers, jerry
- --
=
Samba--- http://www.samba.org
Likewise Software - http://www.likewisesoftware.com
What man is a man who does not make the world better? --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2.2 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFJIs7XIR7qMdg1EfYRAosVAJ9Ycg67m7fz6E4QA2M3QQFBYwARNgCfbNbK
42ooYNnJQzYEts1yai3sLp8=
=vVUm
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] string_to_sid: Sid MYDOMAIN\mygroup does not start with 'S-'.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Eric, Robinson, Eric wrote: QUESTION: It looks to me as though this function is designed to convert a string such as MYDOMAIN\user into a SID starting with S-. No. it is to convert a SID char * string (S-1-) to a binary SID representation. What does your smb.conf look like? I figured that out after posting. :-) The error condition remains, though, and I still can't access shares. I don't see anything suspect in your smb.conf. I'll need a lvl 10 debug from smbd that includes the initial connection to the server and the access failure to come up with an explanation. Please send the log file to be off list. cheeers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJItkmIR7qMdg1EfYRAqpbAKCsPo9/N6FGfEmPQVg7iE7l9Jfi/QCfWvZR Lb00+M4H8GKVaEZW9W5yDgs= =cf+7 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] klist versus kadmin
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 degbert degbert wrote: I'm having a problem with kadmin not doing what klist says should work. klist will show my keytab file (with minus k), but when I try and use a principal in that keytab with kinit, I get an error: kinit(v5): Client not found in Kerberos database while getting initial credentials You can only get a TGT using either the UPN or the sAMAccountName. Machine accounts have no UPN by default. My guess is that this is the root of your troubles. cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJGHD2IR7qMdg1EfYRAqcaAJ9f20XSP/OejM9iNyqlwMw0IDJDmgCfWKYE M3qKQK0vd8PAdbnhr1c3WoQ= =mOQo -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbindd consuming 99% CPU
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sagar Borikar wrote: Hi All, We are currently caught up in a weird situation while using samba 3.0.28. There is a requirement from the customer that we should support ADS with 64000 objects. When we implemented the feature, we found couple of things mentioned below: 1. After joining ADS with 64k users, samba takes around 20 - 25 min to populate idmap_cache.tdb and winbindd_cache.tdb This is because we haven't turned of enumeration and we would be fixing it for next maintenance release of the NAS product. 2. We periodically check the quota state of all the users using repquota command. It refers to /etc/nsswitch.conf for mapping user ids to names. And winbindd inherently should look for its cache as it is populated completely to do the conversion. But we observed that every time the repquota command is invoked, winbindd starts consuming 98% of CPU. It fetches the info from ADS and not from local cache. So we are wondering why it doesn't make use of local cache for mapping the ids to names? Sagar, The enumeration is killing you performance wise. As a workaround you could try in creasing the winbind cache time to something like 1 or 2 hours. But there is a constant struggle between cache times and accuracy. cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJEatJIR7qMdg1EfYRAhmyAJ9CcrZLclYZ+P8q0hHI7EsUt7kRKwCg0km4 LWFcHLKbEfl8UMYnd4JWqpA= =3KW6 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Questions about known bugs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 john darnell wrote: I need to find a source for discussing known bugs in Samba. Is this a good place, or should I go elsewhere? This is the best place. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJEcfeIR7qMdg1EfYRAi7xAKCsL1zKpFCKHyS69RtNvBrr5CVwIQCfQUq4 1kkKnFKL79XsTTvMhanz0r8= =YI92 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Multiple IP addresses in DNS record
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jarrod Hyder wrote: Here is the debug output of net ads dns register -P -d 10. I can't really make heads or tails of it, but I also don't see either of the IP addresses that are getting registered on the domain. If you could take a look at it I would really appreciate it. I fixed a bug recently that prevently :net ads dns register from honoring the interfaces line in smb.conf. The fixed only went in to the v3.2 and later branches. If you need a backport to the 3.0 tree, let me know. cheer,s jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFI/yaUIR7qMdg1EfYRArWFAKDUbRvPLVz7e70/S9HRcz/1f1wJsgCgp3Qf ZZ/rUYun154UpKG6uCTKL30= =aK5G -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.2, Samba 3.3 release planning
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael Adam wrote: If I am not completely wrong, this had been decided as well as follows: A release will reach EOL when the next release goes into maintenance mode, i.e. when the second next release comes out. With the aimed release cycle of 6 months, this means that each release will go into maintenance mode after 6 months and reach EOL anonther 6 months later. Example: 3.2 will go into maintenance mode in december 2008, when 3.3sdcheduled for release, and 3.2 will reach EOL around June 2009 (?) when 3.4 is scheduled. At least that is what Karolin had proposed and as far as I remember at least noone had objected. (Time will tell if the workload is manageable with such a tight release cycle.) Thanks. I couldn't remember if the maintenance release window had been decided. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFI/ycXIR7qMdg1EfYRAk1rAKDfxnOBQ7DSslc45gw6afCswf+0JACg50EH O03EupUOz1yHNw2l5jGECrw= =XU3u -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.2, Samba 3.3 release planning
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andreas Ladanyi wrote: Is samba 3.2 development stopped and all concentration given to Samba 3.3 ? Because there isnt any further release note available for 3.2, but instead there are some notes for 3.3 ? Any future Samba 3.2.x release will be bug fix releases only. New develeopment is on-going in the 3.3 branch which is due for release mid-december. cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFI/iN2IR7qMdg1EfYRAinOAJ9XqGIi8selGvRTrPAfTumNJxTupwCgwn1K +6VSHinH8qJkRl9/FnlxURA= =+eBo -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.2, Samba 3.3 release planning
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 William Jojo wrote: I love that releases are moving very quickly now. My only concern is keeping up with and determining what is appropriate as I continue to maintain AIX binaries on my web page. Presently I have already dropped the 3.0 series and have 3.2.4 available with the clustering option for AIX 5.3 and 6.1. I am trying to determine how best to support a 3.2 and 3.3 parallel set or if I should just drop 3.2 after 3.3.1 is released or some other arbitrary schedule. :-) :-) How long after 3.3 is released to production does the Samba team anticipate supporting the 3.2 line? That has not bee decided yet. The 3.0.x releases are in maintenance mode (transitioned as soon as 3.2.0 was released). The 3.0.x series will reach EOL on Jul 1, 2009. I expect that 3.2.x will be moved to maintenance mode as soon as 3.3.0 is released. maintenance == only critical bug fixes and security issues What we've not stated is how long it would be until v3.2.x reaches EOL. Based on past data, I expect 6 - 12 months, but that is just a guess and not really up to me. If I were packaging Samba, I would only focus on the latest production release. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFI/laiIR7qMdg1EfYRAmcbAJ4pcc9a2mJvpMhvB29WapolX6YH9wCgtu6y TXcKxtS7V/Gt+G0Vo1LUhy0= =nkM3 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Print server communications back to the client during printing
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Taylor, Marc wrote: Hello All, I was wondering if anyone knows why a print server needs to talk back on the submitting client's ports 139 or 445? It's Microsoft's async print change notification protocol. Jeremy had talked about adding a separate timetou for the back channel connect, but I don't remember if this was ever done. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFI82/4IR7qMdg1EfYRAg8tAKDI3xZ9+9ydqksP5kIJO6Te8TxnRwCdEiD2 3l/1K+Ebt95hBYZf0V6z7mk= =XIcK -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Print server communications back to the client during printing
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ryan Novosielski wrote: I didn't really mean is there a benefit to supporting this, I meant more that if my clients are currently blocking the traffic coming back from the server, is there a tangible benefit I could expect from getting that fixed (perhaps the your document has printed message, or more speed, etc.), or is it a minor thing? Configure the firewall to reject the packets instead of dropping them to [prevent the lag. You will probably see some issues with enumerating print jobs in the Windows print manager. But tghe jobs should come out just fine. jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFI85DsIR7qMdg1EfYRAk6rAKDtjBtFbLsNUb1emn0WRMVjmbFoJACgnq3z 7ueMc+hiRxpoy+vE2Xk3bIM= =M1tb -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind does not list users from trusted domain
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Marco Senft wrote: Hello all. I've set up a testing environment with two Windows DCs. The first, called DCA, is serving the domain DOMA and is running Windows 2003. The second is called DCB and serves DOMB on Windows 2008. What version of Samba are you running? It looks like the trusted domains in this case are actually other domain trees. Are they in the same forest? cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFI71UYIR7qMdg1EfYRAs+yAKDslIL3c7Jxkm5gvSFu/ZdwkEix0wCfc/OL 7vpFjRQ8d4jxlTKWM+9FoWQ= =4WWV -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba/Winbind join domain requires password at every reboot?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tobias Skytte wrote: Hi, I have set up samba to join a windows domain (and everything works great, domain users can authenticate on the linux box, it even creates their home dirs and so on) but it seems to require joining to the domain everytime it reboots with: #net join -w mydomain -S myPDC -U administrator and then it needs the administrator password, and then a restart of the winbind daemon.. So the question is why is this necessary at every reboot? I don't want to leave the admin password in some script. Windows machines don't need to do this at every reboot so why winbind? How can I get it to be joined permanently..? The join should be persistent across reboots. Are some files being deleted automatically ? What platform is this and how was Samba installed? Check your winbindd logs after the reboot and see what the reason for the failure is. Perhaps Winbind is starting before your network is up and needs time to settle. if so, try rearranging the startup order. cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFI7gRjIR7qMdg1EfYRAhnQAJ4yciQha6kQxLlo4O2Teq6i04zpfACg4alY PEVr8cAf72HUeePIQX7bMkg= =0K2J -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] problems connecting to https list server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 John H Terpstra wrote: On Thursday 09 October 2008 11:27:10 David Mathog wrote: When I attempt to contact the server for this list https://lists.samba.org/ with Seamonkey or Mozilla it refuses and puts up a message: ! You have requested an invalid certificate. Please contact the server administrator or email correspondent and give them the following information: Your certificate contains the same serial number as another certificate issued by the certificate authority. Please get a new certificate containing a unique serial number. Just me, or are other people seeing this too? Everyone sees that. It is a self-signed certificate. No. Not a self-signed cert. We run our own CA. but the reason for the mesg is that the brower has an old expired cert from a samba.org addess left around. I should really get around to fixing this cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFI7jTiIR7qMdg1EfYRAvMbAJ97WaMXvfzF8AY8GLMdE9oGx7jWBwCgmj8h Zj/Dl+qjTObrW/dmR3FGGng= =uzPm -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] problems connecting to https list server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David Mathog wrote: No. Not a self-signed cert. We run our own CA. but the reason for the mesg is that the brower has an old expired cert from a samba.org addess left around. I should really get around to fixing this In the meantime, how does one induce a Mozilla/Seamonkey browser to get past that dialog and allow a connection? The only option on the dialog is OK, and clicking that does not connect. Remove the old, expired ticet from your list in the brower. jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFI7j4fIR7qMdg1EfYRAgVJAJ4i10/WEmyvB7JlRldv9vL4aDWBpQCgxkuC MO09Nx2voyNzBw99MTwHDdM= =rFoH -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.2.1 not detecting interface in Solaris 10 x86
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jake Carroll wrote: Hi Remy, Thanks for the reply. This was just a trivial example, but yes - I have it set up as nge1, as it stands, as this is the particular interface I use for filesharing tasks. I've also tried specifying an IP address and mask with the interfaces = directive, to no avail. Any extra thoughts? Thanks for your time. We really need to see why the interface detection failed. Did you compile yourself? If so, check config.log and see why the interface detection tests failed. Also I would recommend testing 3.2.4 and see if the problem was resolved in a later release (although I don't remember any specific bug fix to point at). cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFI56KyIR7qMdg1EfYRAtnzAKDc81oirfXeYimcGQfmcr4yodNQHgCgq96a h989z4wT3N9tYwlf1FcZEGA= =8mrX -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: smbclient kerberos issue
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ryan Bair wrote: This seems to be related to this entry on the list in 2004-2005. As far as I see, the issue was never fixed. This is a pretty big issue if it is indeed the same bug as it effectively stops *nix clients from using Kerberos authentication. http://lists.samba.org/archive/samba-technical/2005-April/040338.html I will try to work around using setspn -A host/fqdn computer. Will net ads keytab create pull all the SPNs available for the client or is it set only do load the default ones? We don't add cifs/... entries to the system keytab anymore. If I understand you correctly, you are using smbclient to connect from one Unix box to a Samba server. Correct? If so, smbd validates the service ticket using the machine trust account password stored in secrets.tdb so the keytab entries don't generally come into play. The keytab is provided to support non-Samba kerberized applications such as sshd. cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFI57nTIR7qMdg1EfYRAuKPAJ9Z9bP0QJchsYJ6laQJODFAgu2vQwCg3F1+ LjrMmz7trKtLBdsEOvzK8ww= =jy1l -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Will 3.3.x vs 3.2.x
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jim Shanks wrote: Hi All, Just a quick question: Will 3.3.x replace 3.2.x as the production use branch? We're still using 3.0.28 and up on our systems and just want to know if evaluating 3.2 is the right step, or wait for 3.3. We are moving to a 6 month dev cycle on major releases. So yes. v3.3 will replace 3.2. When 3.3.0 is released, the v3-2 releases move to maintaince mode just like the 3.0. v3.0 will reach end-of-life on Jul 1, 2009. We've not decided an EOL date for v3.2 yet. cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFI5ibrIR7qMdg1EfYRAs2UAKDlTuWfs4b+lVZS3a+8kohQfehCNgCbB+tg DnW5vvjm1xPk39amvOB1ioo= =zuCr -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Will 3.3.x vs 3.2.x
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jim Shanks wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jim Shanks wrote: Hi All, Just a quick question: Will 3.3.x replace 3.2.x as the production use branch? We're still using 3.0.28 and up on our systems and just want to know if evaluating 3.2 is the right step, or wait for 3.3. We are moving to a 6 month dev cycle on major releases. So yes. v3.3 will replace 3.2. When 3.3.0 is released, the v3-2 releases move to maintaince mode just like the 3.0. v3.0 will reach end-of-life on Jul 1, 2009. We've not decided an EOL date for v3.2 yet. cheers, jerry Thanks for the reply and all the hard work Jerry. Thanks, but I can't really take credit for this stuff. :-) I'm just the messenger in this case (as the commit logs will show). cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFI5jWdIR7qMdg1EfYRAuBmAJ91CtcsgjzEhZWCwGdJ9VqoeW894gCfbioT 7U6QZJywSTQrCQfVQs4RhyU= =fxJQ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PID-File smbd/nmbd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: Dear list, I just stumbled over a configuration issue that I seem to remember not to be there in 3.0.20 (when I built up my configuration). The pid file name is built including a suffix specifying the configuration name. (this is done directly in pidfile_create in lib/pidfile.c) There is no need to do so because the pid directory lets one specify a directory to store the pid file. Furthermore, this behaviour is not documented anywhere (at least I could not find a reference yet). Last but not least, it makes control of multiple servers with one start script less straight-forward. Conclusion: I consider this behaviour as a bug. This was a patch specifically added by request IIRC. commit e8bf421c018ed829b9dba7c0872693080b77d49d Author: Jeremy Allison [EMAIL PROTECTED] Date: Thu Nov 2 09:37:52 2006 + r19533: Add a suffix to the program name if this is a process with a non-default configuration file name. Jeremy. cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFI06jsIR7qMdg1EfYRAnohAKCXNGyXhcNx1nUy9xRHWDwfDSZeyQCg33xw X+uyTJofsS4aNG6xiUUbsco= =SDEz -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PID-File smbd/nmbd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: This was a patch specifically added by request IIRC. commit e8bf421c018ed829b9dba7c0872693080b77d49d Author: Jeremy Allison [EMAIL PROTECTED] Date: Thu Nov 2 09:37:52 2006 + r19533: Add a suffix to the program name if this is a process with a non-default configuration file name. Jeremy. thanks for the clarification! I did not find that reference to the change, so could not know about its history. Nevertheless I can not see why it is useful to have such an automatism here. Those who use a different config file could have a config file option, so a new config option pid file name would have solved the problem and cause less trouble for others, IMHO. Since Jeremy committed the patch, I'll defer to him to explain why :-) I honestly can't remember. it should be discussed in the samba-technical archives I believe in case he s getting old and can't remember either. cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFI064hIR7qMdg1EfYRAkRvAJ95oTemgnbi7sn9y73U7Gdg+MMbugCg6pZ4 eECXZw/U7WLyUX6Ib+ph4rc= =Cfem -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] On way trust issue
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ephi Dror wrote: Hello, Pam based authentication is failing for trusted domain users when the trust was set to one way. One way trust support for Winbind was introduced in Samba 3.2.0 What version are you running ? cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIwT0AIR7qMdg1EfYRAjWqAJ9liZfSJED+zUoJHWTdXbUxMucMmwCguDhu cxfcuxti41bqAozCYl1F46E= =qG04 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] large smb.conf file
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: Hello ! regarding that issue where reloading of smb.conf causing high system load due to high number of share definitions and smbd processes - does that still apply like being reported in 2005 ? Should be long fixed. cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIuGgTIR7qMdg1EfYRArHFAKDkrw3F5xkTO9JGQzYUkU/CPMYfOgCg6yMJ ghshJGewXV16pFjXhy6yMOU= =Z8s+ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind and Global Catalog
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sven Anders wrote: Gerald (Jerry) Carter schrieb: Sven, Does winbind work with a Global Catalog? Winbind does not rely upon global catalog. I added some search APi recently for GC support but there are not currently being used. What does this mean? Does winbind do not use the global catalog at all? Not currently. This should work in spite of GC or not. But enumerating users is really expensive and I wonder if you really have to do that. But that is another topic. What other possibilities do I have? Some faster? What doesn wbinfo -m? Sounds more like and problem with the in forest trusts. What Samba version are you running? I'm running Samba-3.0.28a. In the release notes for 3.2.0, you will see that the support for domain and forest trusts was greatly improved. Winbind and Active Directory Integration: o Full support for Windows 2003 cross-forest, transitive trusts and one-way domain trusts. I'd suggest you give that version a try. The wbinfo -m command lists all domains (GROUP and GROUP1..GROUP10). Isn't joining to the CG-domain (GROUP) enough? Do I have join to each domain separatly? It should be but we learned a lot during the work on 3.2.0. Basically we use a 3step process to discover all possible trust paths now in Winbind.I feel much more confident in the trusted domain support in 3.2.x that previous releases. cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFItWRGIR7qMdg1EfYRAvUJAJ4gwC8far7qWtFDlQAcaqAiLD+3lQCePf5J fH3c5CQMAS8DlNQ6p359fDY= =Dr5K -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Howto control ssh logins with winbind ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andreas Ladanyi wrote: Hi, with NIS the compat Mode in /etc/nsswitch.conf was available. So you could exclude user/group from login to the host. I read this mechanism is not possible with winbind. If you are using pam_winbind, look at the require-membership-of PAM config option. cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFItWW7IR7qMdg1EfYRArzvAKCcLvmmhbvJdJInM4KekRb0QrYz/wCeMRpj 5TODQaVEu2bIYUOqsQyTpHc= =2eAv -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] nested group support still broken in 3.2.2?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jason Haar wrote: Hi there I've just upgraded to 3.2.2 and it still looks like nested group support isn't finished? e.g. if I have domain1/user1 in group domain2/group1 and that in turn is in domain3/group2 (i.e. domain1/user1 is in domain3/group2), then getent group domain3/group2 should return domain1/user1 - and yet it doesn't. winbind enum groups is enabled if that matters (it didn't seem to make a difference) However, id domain1/user1 does show that domain3/group2 is listed as one of that users groups - so it's working well in that direction...? Am I right, or have we got a problem that could actually be fixed? :-) This is under FC8. What is winbind expand groups set to ? cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFItb3iIR7qMdg1EfYRAuz6AJ9gOmDHWYGrJgQTvGZkzyhXzuW5vgCfXLje 0eUmatOrEzoRc8CrTCN5p4s= =efXx -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [ANNOUNCE] Samba 3.3.0pre1 Available for Download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Christian McHugh wrote: As a lowly admin I can only beg: Has anyone looked at forward porting the patch from bug 3661? It would make my life much easier, and looks like it might close bugs 3661, 5363, and maybe 4069. Problem seems to be that idmap_ad only looks at the domain it is joined to and does not look up attributes for trusted domains. This forces us to use a third party product to lookup rfc2307 attributes from our two AD domains. I'm working on it. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFItBfvIR7qMdg1EfYRAlkNAKCgfF1tUaVgtCkZUizuZ14jMh53/QCeMu3q 4vNrDeye59FPq2piiiGU15A= =nKVU -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.32 Maintenance Release Available
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Adam Williams wrote: Have any of the samba developers had a chance to look at my bug I submitted a few weeks ago? https://bugzilla.samba.org/show_bug.cgi?id=5627 I'll take a quick look right now. cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFItCG2IR7qMdg1EfYRAu+kAKCY0e9umYpkKByb5YSllxGQQAm3qACeN5a9 cL+tWHRjFHDleTpURjxJs58= =1k0M -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind and Global Catalog
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sven, Does winbind work with a Global Catalog? Winbind does not rely upon global catalog. I added some search APi recently for GC support but there are not currently being used. To be more specific, I have the following scenario: 1. One AD Domain GROUP with a global catalog AD server (Windows 2003). 2. About 10 AD Domains GROUP-1 ... GROUP-10 (each Windows 2003), representing 10 locations, which are joined to GROUP. This works well and every user, from each of the locations can successfully use their account/profile. 3. One SAMBA server, which is successfully joined to GROUP. I now expected that a 'wbinfo -u' would list the accounts of all domains (GROUP and GROUP-1, ..., GROUP-10). Instead I only get accounts of the domain GROUP. The SAMBA server should work as an central transfer station between the domains. Therefore I need every account on this server. This should work in spite of GC or not. But enumerating users is really expensive and I wonder if you really have to do that. But that is another topic. What doesn wbinfo -m? Sounds more like and problem with the in forest trusts. What Samba version are you running? cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFItC3iIR7qMdg1EfYRAiV7AJ0cD9YzwKoXltKmYKNDewBWKZz30ACgtyql i5MgsAJGp+9Lggg9OL8oUPk= =jjMj -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] User's groups issue
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ephi Dror wrote: Hello, I'm using samba 3.0.31 and seems to have an issue with getting user's groups info. It works like a Swiss Watch when I start winbindd and do id username for a given user however, if I add that user to one more group on the domain and issue id username I don't get the up to date info. User group information is cached at login. Login the user in again and you should see the new groups. The specific cache file is netsamlogon_cache.tdb (login token) and winbindd_cache.tdb (general L1 caching in Winbindd). cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFItDo1IR7qMdg1EfYRAmpfAKCRzrg56aeJaJbTzDjWoYcTayiOhgCg7n8H XV9P0QAw3LsXSEGzAr5J1A8= =9N+J -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] User's groups issue
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ephi Dror wrote: Hello Jerry, Thank you for your quick reply. Actually, for us, the user does not login but we need to know all the groups that a given user belongs to so we use id username So my question is, if the user doesn't login again, how long we cache what we already know and how do I change this cache length if needed. The netsamlog_cache does not expire. It is refreshed at the next login. Otherwise it will store no information. The winbindd_cache entries do expire however (based on the TTL defined by the winbind cache time option). cheerss, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFItEzwIR7qMdg1EfYRAj/kAJ43uGzBNbh7rMOvq3Lbi+QFLTWIkACeJyet OQK8R/p9UWCoM6Ty9gwk0sI= =pj2d -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] User's groups issue
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ephi Dror wrote: Hello again, I looked at the code and found out that really the only way to have accurate group membership info is if one of the following functions are called: In winbindd_pam.c: 1. winbindd_dual_pam_auth() 2. winbindd_dual_pam_auth_crap() I would recommend to think about ways to call netsamlogon_clear_cached_user() in other places to allow none authentication pam functions such as id to work well. The samlogon reply or PAC information is the only completely accurate view of the user group membership. Querying AD is not always guaranteed to work. So the samlogon cache takes precendence. As to an experiation time on the cache entry, we have never agreed on how this to do this without potentially deleting information during a valid user session since applications are not required to call pm_close_session(). Also, the concept of an SMBsession become more difficult to track in this case. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFItE5bIR7qMdg1EfYRAg6GAKDXUAsBV8qC/qN5DDc/63mObAdEygCg3D27 dFyS9vaRyK4nhTSI1peEJ8M= =yg0/ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Add winbind user to local unix group?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sledz, Steffen wrote: I wan't to add some winbind authorized domain users to the local unix group uucp to give them access to some test equipment connected to serial ports (e.g. using minicom). I tried to add their UIDs (1...) to the uucp item in /etc/group, but this does not seem to work. id -G reports just the group memberships from the domain. What's the right way to configure this? The local machine is running openSUSE 11.0, is not a DC and does not run a local samba server. Just add DOMAIN\user to /etc/group. cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIsqpmIR7qMdg1EfYRAiMqAKC4omYOmbq2w1oNFc7UzC79NlOunACdGJJw 1L49Ck04NnnFMMfPLvJn/6k= =jJ7n -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.32 Maintenance Release Available
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 == Do you realize how hard it is to fake your own death? Only one person has pulled it off, Elvis. - Fox Mulder == Release Announcements = This is a bug fix release of the Samba 3.0 production series and is the version that servers should be run for all current Samba 3.0 bug fixes. User visible bug fixes in this release include: o Prevent crash bug in Winbind caused by a race condition when a child process becomes unresponsive. o Fix interactive password prompting in the net command. o Documentation clarifications and typographical fixes. = End-of-Life Announced = With the release of Samba 3.2.0 on July 1, the clock has been started to End-Of-Life the Samba 3.0 series on July 1, 2009. Moving forward, any 3.0.x releases will be on a as needed basis for critical bug fixes or security issues only. Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/ The release notes are available online at: http://www.samba.org/samba/history/samba-3.0.32.html Binary packages will be made available on a volunteer basis at http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIszvNIR7qMdg1EfYRAjUTAJ99LqGY5Ia/n3qz/liOWGksKWtSjQCffsdU kaCBXcKlzCy3fST+rIJLfhE= =wc3D -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Authenticating Linux boxes against Active Directory, using Samba as a sort of AD Proxy
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alex Davies wrote: Hi Everyone, I'm trying to find a open source solution to authenticate a bunch of Linux machines (and, ideally, network devices etc.) against Active Directory, as unfortunately in our organization this is the primary source of account data. The complication we have is that my organization has more than one Active Directory Domain, each hosted on its own collection of domain controllers. This breaks every technique i've found for authenticating Linux machines directly against AD. In Windows, users select the relevant domain when they login to a PC and everyone is happy [there is a trust relationship between our domains]. You might want to take a look at either rolling your own Samba/Winbind solution or try using Likewise Open http://www.likewisesoftware.com/community/index.php/download/spring08/ cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIrXb+IR7qMdg1EfYRArYBAKDRwuFwttPde5irinbLtEKSKwoQVwCgvYp/ dErfrIC4d19kYsV3J9Ptq74= =l0RA -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: ldapsearch and getent passd/group with nss winbind differs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andreas Ladanyi wrote: Ok ! Could it be true this behavior is different between security=domain and security=ads ? Because we had to put the user to the group: - first on windows side in ActiveFirectory - second on unix site in AD in the tab Members of so winbind 3.0.24 client recognise the group membership on unix side in security=domain mode. Now we changed to Samba 3.0.31 with security=ads mode and the behavior is a bit different. You lost me here. Maybe due to the fact that I accustomed to the Windows 2003 R2 Unix Attribute tab. The only member of tab I see is to control the Windows group memberships. If I understand you correctly, you want to define a different Unix group membership for the user rather than honoring the Windows group membership. Did I understand you correct? cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIrYNGIR7qMdg1EfYRAqZ9AJ9rDnF+21K2ZcdTcGSZmm/xTnfZcQCfcTMv gTJRvQv/ziAJNDuSnjgZilE= =ph5v -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: ldapsearch and getent passd/group with nss winbind differs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andreas Ladanyi wrote: Winbind honors the Windows group membership and not necessarily msSFU30PosixMemberOf attributes. So it should be enough if you give the Windows group a GID in tab UNIX attribute in Active Directory and you have to do nothing else for the Linux side ?! Yup. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIrDOFIR7qMdg1EfYRAgsqAKDTH0QZ9CBi3qqulyrxowRJTPs0CwCgvTL/ kOzJhdCV11isitjqB1ch9jo= =zXud -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ldapsearch and getent passd/group with nss winbind differs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andreas Ladanyi wrote: Hi, after deleting winbindd_idmap and winbindd_cache.tdb files: For security =domain AND security=ADS ! wbinfo -u /-g /-t are ok ! getent passwd is ok. getent group shows different group memberships as ldapsearch with filter msSFU30PosixMemberOf. Winbind honors the Windows group membership and not necessarily msSFU30PosixMemberOf attributes. smb.conf - winbind: winbind separator = / winbind enum users = yes winbind enum groups = yes winbind cache time = 60 idmap backend = ad idmap uid = 6000-27000 idmap gid = 600-7000 template shell = /bin/bash template homedir = /home/%u winbind use default domain = yes winbind refresh tickets = yes winbind nss info = template sfu Any ideas ? Andy - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIqyaeIR7qMdg1EfYRAgZWAKDRsC9qFFIIlIYZTgcrrt/+eZNiBQCcDNHE lxx+F3++8Y8maDRIxl3Xny8= =xmUQ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [ANNOUNCE] Samba 3.2.1 Available for Download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael Adam wrote: George R. Kasica wrote: On Wed, 06 Aug 2008 08:01:40 -0700, you wrote: Michael Adam wrote: That is right: the link creation in source/bin is fixed, but the installation of the links is still broken. It _is_ fixed in the v3-3-test branch which will be used for 3.3.0 (scheduled for December). The changes to the Make file and configure were just to profound to go into 3.2.X. If make install does not work correctly, it should be patched in 3.2.x I believe. But I haven't followed the discussion thoroughly so feel to disregard this if it is out of context. I'm just a lowly user/sysadmin out here with about 50-70 boxes running samba not a developer, but I have to agree with Jerry - PLEASE fix the install - we don't run off RPMS here and build/install from source here and right now what we have is a package that doesn't install. I realize that this is freeware but if it was a commercial product you couldn't ship it with a broken install routine I don't think. Yeah, thanks for your feedback, folks I will do it. Thanks Michael. You're the best. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIpFAzIR7qMdg1EfYRAhFzAKC+08POMQvDLD+DzN+CWRPuIt8LMgCgqqW3 XJpFYuWqN916CojbQ29we54= =+5gT -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] minimal configuration for custom RPC?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Daniel Trupinsky wrote: I'm working on a system that needs secure communications between multiple hosts, some of which are Linux and some of which are Windows, and all hosts need to serve as both clients and servers. I wanted potentially to use MSRPC/DCERPC as the comms mechanism. All the comms are application-specific, and I specifically want to avoid including the full Samba system, just what I need to implement my custom RPC functions. I could not figure out the right way to separate out and build the minimal set of Samba code that would allow me to do this. Can someone point me to where I might find this information? Thanks, Do you need ncacn_np? or is ncacn_tcp a good enogh transport? cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIpFBsIR7qMdg1EfYRAk7cAJ9l4hEVzBU2HI4tCyClQIi1S5m6GwCeLTKN RTYJZ/yMDKnzEHFOkREaSE8= =IxjM -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: Fwd: [Samba] Supporting large file transfers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 John Drescher wrote: On Wed, Aug 6, 2008 at 5:48 PM, Jeff L [EMAIL PROTECTED] wrote: Hi John, I removed the lines and it fixed the problem. Its weird because in the Oreily samba book they recommend using it? http://oreilly.com/catalog/samba/chapter/book/appb_02.html Probably because the book was written for a 2.2 or 2.4 kernel. The above link is a reference to the 1st edition. The third ed. was released about a year ago. cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIoErSIR7qMdg1EfYRAv8JAKDZDSYVzkp7RN8kDuXP9EUUBP+PGACdF096 FJyF4QohfgeNtZKWVz/Cmyo= =nxKK -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Printer driver interface different
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ryan Novosielski wrote: Had the same problem with the Aficio 350. You can just install the driver locally and not use the Samba spool at all (direct IP printing). That seems to be the best angle with my device. It's a shame, because it really ought to work. Does this driver contain a file names UNIDRV.DLL ? It's probably a difference in behavior between EMF and RAW printing. cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIoE4IIR7qMdg1EfYRAsuQAKDSLSGRTbxBMaUnM26ja2pCtdH0vwCeNBux GUUek3X1spX3HftY0v35yqU= =MFZ2 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbindd behaving oddly
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Glenn Bailey wrote: Ok wow, Looks like the likewise solution is exactly what I've been looking for, as I've been developing an internal solution that was basically a stripped down samba that wouldn't conflict with any other existing samba installs. Cool. Glad it helped. jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIoFhIIR7qMdg1EfYRAle6AKDjVqNE4S+oiKM1RU5UqWpjqVFOzACg1yTN snCBv8eMRTSkfMc8n9Ci0H4= =HJWG -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Machine-level shares on Windows server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jeremy Evans wrote: I realise that. I *did* give a 2nd example in my original post: $sudo smbclient -P -L //sbs ERROR: Unable to fetch machine password net ads testjoin returns an OK result at my end the PDC shows the machine as joined to the domain at the other. What I don't seem to be able to find out is just how the Windows PDC Samba interact to ensure that the Samba machine is a [trusted?] member of the domain therefore how to use that fact to allow machine-level shares without having to perform a user-level login. In that case, did you join the domain? Unless, this is just a bug, that seems the obvious explanation. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIoFsQIR7qMdg1EfYRAlTCAKCqYd29MWtR2u+HQ5d2iJ4brcoxQwCg5Cwj riGXI8QLCxKz1D86icciU3M= =jpEz -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Printer driver interface different
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Matthew Forrest wrote: Does this driver contain a file names UNIDRV.DLL ? It's probably a difference in behavior between EMF and RAW printing. It doesn't contain UNIDRV.DLL It looks like it uses the generic windows PS driver PSCRIPT5.DLL with a bunch of extras - for the UI? The only difference between rpcclient -c 'enumdrivers 3' on samba vs win2k is that the win2k driver has a Monitorname: [RICOH Language Monitor2] entry. Printer Driver Info 3: Version: [3] Driver Name: [RICOH Aficio Color5560 PS] Architecture: [Windows NT x86] Driver Path: [LOCALHOST\print$\W32X86\3\PSCRIPT5.DLL] Datafile: [LOCALHOST\print$\W32X86\3\RIC55603.PPD] Configfile: [LOCALHOST\print$\W32X86\3\PS5UI.DLL] Helpfile: [LOCALHOST\print$\W32X86\3\PSCRIPT.HLP] Matthew, Set the print processor to RAW on the Windows print server and see if the appearance looks the same. cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIoKDGIR7qMdg1EfYRAqOpAJ9S5k1+aigYwbG7K/Jqkfotba4mngCdEMG6 1dqFPOIhkLERlxenvgcNlu8= =hby6 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba print server client job queues.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chris Jeter wrote: Hello, I'm working on setting up a corporate print server with samba 3.2.0-2.17 on a Fedora 9 install. I've been able to get the services up and running and added several printers via the cups interface, also been able to upload the windows drivers. This all works well, printing also works well. The problem that I am running into is that the old print jobs seem to be getting stored somewhere in samba and i've been unable to figure out how to turn this option off. This bug was fixed in Samba 3.2.1. cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIoKKOIR7qMdg1EfYRAqktAJ4vLuliGLmkjaVg6g7eOxOW2MXkZQCeM10P JFWdZBeMGuBhQTbr1MJMH8k= =ob1/ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] net ads join - DNS Update failed !
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andreas Ladanyi wrote: Hi, it seems that all is working perfectly, but if start an net ads join i get the message DNS Update failed ! . What is the consequence if i dont care about this message ? Is the Samba Server (ADS member) only not registered in the ADS DNS tree ? Correct. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIoNQpIR7qMdg1EfYRAlCNAJ0RrzxyVVSH8lJkdUhkjcVTTuEnJACfV4eG Tqttb7GzM5j0SaGMUDJL/Bk= =//Db -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Machine-level shares on Windows server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jeremy Evans wrote: I've found that I can't access the share (or even get the list of shares as in the examples below) using the -P (--machine-password) switch, so I get the choice of $smbclient -P -L //sbs Failed to open /var/lib/samba/secrets.tdb ERROR: Unable to open secrets database You don't appear to be root. Secrets.tdb is rw for root only. cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFInDDzIR7qMdg1EfYRAocgAJ9amQTW+5kgCzj/D4xW8G6ufl3ZTQCggPMU j6OaxuHX4URo91995r97XfA= =q0sR -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind IDMAP question.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chavez, James R. wrote: Hello all, I have joined my linux boxes to AD and can authenticate using Active Directory usernames and passwords using Winbind. I want to Authenticate to AD but have that user mapped to a local Unix or NIS ID otherwise the AD authentication is useless and only hinders with file permissions and such. Are you asking about local login via pam_winbind? or just via smbd? If the latter, then the username map should solve it. If the former, then I could probably do this in in likewise-open using the name alias support and some NSS ordering tricks. PS: The same patches are pending for upstream Samba. I just keep getting distracted everytime I try to prepare then to push. cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFInDHxIR7qMdg1EfYRAuqsAKDbjZTac3IGqhBso75J1BHAO9jSOQCfUHik NvIzOIqM5kOWKae6BjwPKyk= =jK/y -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbindd behaving oddly
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Glenn Bailey wrote: Hello folks, Been beating my head with an winbind and pam just behaving oddly. I have following various HOW-TO's, wiki's, and docs, and just can't seem to get past a wall. Here a some of the issues: If you just want desktop or server logins and not File/Print, you might want to try likewise-open (http://www.likewisesoftware.com/community/). - the 1st attempt at ssh'ing to a server gives me a 'Wrong Password' in the logs. Here's an exact snippet: Aug 6 18:45:40 mia21654bcu001 sshd[5371]: pam_winbind(sshd): request failed: Wrong Password, PAM error was Authentication failure (7), NT error was NT_STATUS_WRONG_PASSWORD I get this w/o even entering a password. If I break out and just hit it 2 more times it will lock the account out as expected. - require_membership_of seems to be flat out ignored. Works for me. but I define it in /etc/security/pam_winbind.conf authrequired /lib/security/$ISA/pam_env.so authsufficient/lib/security/$ISA/pam_unix.so likeauth nullok authsufficient/lib/security/$ISA/pam_winbind.so use_first_pass use_first_pass authrequired /lib/security/$ISA/pam_deny.so I stack pam_winbind before pam_unix account required /lib/security/$ISA/pam_unix.so account sufficient/lib/security/$ISA/pam_succeed_if.so uid 100 quiet account sufficient/lib/security/$ISA/pam_winbind.so use_first_pass account required /lib/security/$ISA/pam_permit.so Don't need use_first_pass passwordrequired /lib/security/$ISA/pam_cracklib.so retry=3 passwordsufficient/lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow passwordsufficient/lib/security/$ISA/pam_winbind.so use_first_pass passwordrequired /lib/security/$ISA/pam_deny.so need useauthtok and not use_first_pass here. session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so session required /lib/security/$ISA/pam_winbind.so use_first_pass require_membership_of=some_group The require- option is enforced in auth and not session. cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFInDO3IR7qMdg1EfYRAm7eAKC75KUD+LH4BJ5JmhoX2N87sPf/wQCg0qmt U3OgUlotANWOvyAWkLt+0mo= =M+6M -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [ANNOUNCE] Samba 3.2.1 Available for Download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael Adam wrote: That is right: the link creation in source/bin is fixed, but the installation of the links is still broken. It _is_ fixed in the v3-3-test branch which will be used for 3.3.0 (scheduled for December). The changes to the Make file and configure were just to profound to go into 3.2.X. If make install does not work correctly, it should be patched in 3.2.x I believe. But I haven't followed the discussion thoroughly so feel to disregard this if it is out of context. cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFImbzUIR7qMdg1EfYRAtoGAJ40W9RLdvoHZDcvcFEz47hwT9X9HACdH45i pQbrevB5CteQSpikthqb9ME= =EjyK -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [ANNOUNCE] Samba 3.2.1 Available for Download.eml
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 James Kosin wrote: This is correct. make install does not work and forgets to create the symbolic links to the libraries. As a result, samba may not start correctly and generate errors when loading. Packagers have been able to get around this; but, users installing from source will have a difficult time or need to create the symbolic links themselves. The effected files on my build are libnetapi.so.0, libtalloc.so.1, libtdb.so.1 and libwbclient.so.0. But this depends on the build as there are other libraries that also need symbolic links added, if built. Michael, technically the correct thing to do is to install as libXX.so.1 and then have the .so symlink point to the sonamed library. This allows more than one soname lib to exist at the same time (if necessary). The .so file is only used when linking. For example: libtalloc.so.1 libtalloc.so - libtalloc.so.1 Not the other way around. Do you agree? cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFImdZpIR7qMdg1EfYRAmYxAKCD8VWRatxs6NFi9una5Z3/03VYngCgrgyY +aVbjySbqytpVVLWTQ7sB0w= =ypts -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [ANNOUNCE] Samba 3.2.1 Available for Download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Adam Williams wrote: if i knew how to fix it and create a patch for it i would, but I am unable to do either. :) I'll take care of it. I need to do something productive this week anyways :-) Volker Lendecke wrote: Sorry, it just got lost. The best way to make sure that it will be in 3.2.2 is to submit a good patch :-) Volker - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFImIXQIR7qMdg1EfYRAsAPAJ0Ulx78CMJRZ69S2bvM7eAlzCZ5fwCg4dnw HjpiegjBy5K9hURlxdoJ+gQ= =cdu+ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ntprinters.tdb
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Konrad Azzopardi wrote: Dear all, I am struggling to know how exactly SAMBA is working. I had a problem last week to save default preferences of printers which now seems to be ok. What I am trying to understand is how is it working because I am not seeing the file ntprinters.tdb changing , at least not in real time. I checked in /var/cache/samba and /var/lib/samba. Does anyone know, when changing print server default preferences, when is the file updated ? This is just an issue with mmap() on certain platforms not updating the mtime until the msync() is called IIRC. What specifically do you want to know about the printing implementation in Samba? cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFImIYtIR7qMdg1EfYRAkGoAKCBAooHO5vCgEieZW4HlQ05tnryQwCgzHEY lisH8YJlD78FKVB0BnZRz+c= =VX3M -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Unstable printing w/3.2.0
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Adam Tauno Williams wrote: 3.) After working perfectly for awhile a specific queue will stop working and users will get an Access Denied messgaes while other queues using the same driver will work perfectly. Then switching the driver on the server around will sometimes make it work. Othertimes the driver needs to be deleted, re-added, and reassigned to the printer to make the Access Denied message disappear. Found a seemingly reliable work around for #3. # Stop SMB services [EMAIL PROTECTED] var]# rm ./lib/samba/printing/cenps.tdb rm: remove regular file `./lib/samba/printing/cenps.tdb'? y # Restart SMB services [EMAIL PROTECTED] var]# rcsmb start Starting SMB services: [ OK ] Starting NMB services: [ OK ] Users can now print to the queue again, no Access Denied message. Are there any messages in the log files about a corrupted tdb ? The only change I could think of is a change in the way the security access check for a job is done. Jeremy might remember more. cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFImIawIR7qMdg1EfYRArtFAJ0UT+4irY0x/0+XvA7dZcMOaV2jRACfQ9kI k8gGGM3GcuB5vhe6rOhUIGE= =4Cf5 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba / AD integration
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hey Eric, Check out this paper: http://www.docs.hp.com/en/7212/ADSJoinMinimumPerms.pdf I wrote it about 3 years ago, so the Samba version was 3.0.7. Things may have changed. It refers to HP-UX CIFS Server but at the time held true for Opensource too. It has changed. I rewrote the join a long time ago to make the Windows XP network signature. commit 4c4ea7b20f44cd200cef8c7b389d51b72eccc39b Author: Gerald Carter [EMAIL PROTECTED] Date: Fri May 12 15:17:35 2006 + r15543: New implementation of 'net ads join' to be more like Windows XP. This was first included in Samba 3.0.23. cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFImIh0IR7qMdg1EfYRAo5RAKDkFVHyUosN8FI/qDeO2u0j/CWe6wCeM9Ko B0w5w3acZBFWinqljid3idQ= =IDYt -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba / AD integration
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hey Brian, Are you saying the pdf document is not correct and usable anymore, or a couple minor points need modifications? In general, it describes almost exactly the situation I'm in. I'm saying that the domain join process was rewritten in Samba 3.0.23. So any documented permissions for prior version is out of date. The current process technically should require only the same permissions as joining a Windows XP host. What exactly is failing? cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFImMjRIR7qMdg1EfYRApPAAJ9vHuX1+QioHG9LNse6Nf9c0LqcGACgl8NM CVdTjLO8OcDK7oS8NegWnn0= =BgWP -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [ANNOUNCE] Samba 3.2.1 Available for Download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael Adam wrote: FYI: I have just yesterday taken over bug 5507 which is about that error. I had been adapting the packaging/RHEL-CTDB/ stuff (due to my work on that branch), but I have not taken care of the RHEL/ folder. ok. I'll leave it with you then. If you have questions about the original packaging, just ping me. cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFImMoeIR7qMdg1EfYRApY7AKDV32mzY9sI8hyB+DAIn/S5Xuzz0QCfXhGM jELk1nxJ5rC4j7HD03ZubFk= =0Klr -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Is there a way to disable/remove Printers and Faxes?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Clayton Hill wrote: Hello, I have a small question I couldn't find an answer to by googling or checking the man pages. Is there a way to disable/remove the Printers and Faxes folder/share altogether? If you are offering no printers, then you could set the following in the global section. Assuming it still works. disable spoolss = yes cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFImMpsIR7qMdg1EfYRAooLAJ9+dt5iVBni/w7rT6BwSy9fKTk1gACfRjNO KvYfP4NNwnemY/TyZA+OxuQ= =QAmT -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.31 Available for Download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 == Silence is Golden == Release Announcements = This is a bug fix release of the Samba 3.0 production series and is the version that servers should be run for all current Samba 3.0 bug fixes. User visible bug fixes in this release include: o Correct issues with running Winbind runing on a Samba PDC. o Problems with trusted Windows 2008 domains. o Difficulty joining an NT4 or Windows 2000 AD domain. = End-of-Life Announced = With the release of Samba 3.2.0 on July 1, the clock has been started to End-Of-Life the Samba 3.0 series on July 1, 2009. Moving forward, any 3.0.x releases will be on a as needed basis for critical bug fixes or security issues only. Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/ The release notes are available online at: http://www.samba.org/samba/history/samba-3.0.31.html Binary packages will be made available on a volunteer basis at http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIdnzoIR7qMdg1EfYRAqkgAJ4nsmrUViUQI3bMcwu5yuGBQ2Pd5QCfTCVz Loi4I2onfkKcNU/6Ut2cYy4= =iFj8 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [ANNOUNCE] Samba 3.2.0 Available for Download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Lasantha Marian wrote: | Congratulations to samba team on the release of 3.2 ! | Missing from release candidate annoucements: | |Documentation: |o Inclusion of an HTML version of the 3rd edition of Using Samba | from O'Reilly Publishing. | | It was pulled I believe because I didn't get it into | the docs build dependencies. | | Jerry, will Using Samba, third edition be included | in the next release ? Yeah. The XML source is already there. I just goofed and didn't get it in the build. XML gives me headaches :-) cheer, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIa4GwIR7qMdg1EfYRAuhpAJwMyj0BgY5CtnCLsoTa3sRDrF2D8ACgoyPf H/i43cuvI42jEUgsE2vzjb0= =w0XI -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [ANNOUNCE] Samba 3.2.0 Available for Download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 sinisa wrote: Karolin Seeger wrote: Release Announcements = This is the first stable release of Samba 3.2.0. Please be aware that Samba is now distributed under the version 3 of the new GNU General Public License. You may refer to the COPYING file that accompanies these release notes for further licensing details. Major enhancements in Samba 3.2.0 include: File Serving: Winbind and Active Directory Integration: Joining: Users Groups: Missing from release candidate annoucements: Documentation: o Inclusion of an HTML version of the 3rd edition of Using Samba from O'Reilly Publishing. It was pulled I believe because I didn't get it into the docs build dependencies. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIaq7bIR7qMdg1EfYRAu/XAKCsaZKjFZgsIYjizohUMd3RfZxFsQCfb0Mb RL82lUg7t9m8ZIBm+nYX2X0= =iYsn -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] idmap_ad - GID
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Aiko Barz wrote:
Hi,
what is the GID of an Active Directory user?
a) Is it the GID, you can see within the Active Directory UNIX Tab?
Set winbind nss info = {sfu,rfc2307} depending on your supported
schema
b) Is it the GID of the primary windows group?
This is the default behavior.
cheers, jerry
- --
=
Samba--- http://www.samba.org
Likewise Software - http://www.likewisesoftware.com
What man is a man who does not make the world better? --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFIY5gmIR7qMdg1EfYRAsoCAJ9N7M2RWan+d/1nbPF73tUwDkR6LgCcD/Bi
hoAbfIb0WmV/a0b7VVMkKnI=
=xHv3
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] idmap_ad - Unix attributes vs. Windows attributes vs. Winbind
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Aiko Barz wrote: Hi, I'm using Debian Stable with Samba from SerNet (3.0.28-21). Most of it is working, but there is one issue: filer01 ~ # getent passwd user user:*:1024:1:Aiko Barz:/home/DOMAIN/user:/bin/false filer01 ~ # getent passwd | grep user user:*:1024:1:Aiko Barz:/net/server.domain.local/home/user:/bin/bash filer01 ~ # getent passwd user user:*:1024:100:Aiko Barz:/net/server.domain.local/home/user:/bin/bash 5 minutes later: filer01 ~ # getent passwd user user:*:1024:1:Aiko Barz:/home/DOMAIN/user:/bin/false nscd running ? jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIW7AUIR7qMdg1EfYRAi1XAKDcPxNOBua+kKFhF60qm5Vo4/nnlQCg8kRP aByb4JeIW1hBhTda4k3CaW0= =MeMA -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Using %G for template homedir
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Wendel, Ryan wrote: I am utilizing winbind to allow domain users to logon to one of my servers. Originally, I had specified the template homedir to have a value of '/home/%D/%U'. This works just fine... I would like to change it to '/home/%G/%U' but instead of seeing a human-readable groupname emerge, I get the GID. A user's homedir ends up looking something like '/home/16777220/ryanw'. Not currently supported (last time I looked). cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIWSvqIR7qMdg1EfYRAnJPAKDhHzTIQxdvcCLlVkpGAjGFTHzZAQCeMELB g3HT7k8Q5erKNyWVX3TZgOE= =iJ4z -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Reg: net rpc rights grant command is not working on samba-3.0.10
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 net rpc rights was introduced in 3.0.11. Charlie wrote: If you are running a distribution-supported release of samba 3.0.10 (Red Hat Enterprise Linux 3, perhaps?) you should consider staying with that version if it can still satisfy your needs. Currently samba 3 is undergoing some very rapid revision, and samba 4 is not ready yet. RHEL3's samba has been very stable and reliable in my enterprise, with uptimes measured in years. If you need a feature from a later version of samba, obviously you'll have to upgrade. But you should be aware that current versions of samba seem to have lost some features you might take for granted in older versions (such as stacked backends and domain trusts with user-specified names, for example). I hope nobody will take this as a criticism, I appreciate and admire the work of the Samba Team. --Charlie On Tue, Jun 17, 2008 at 7:45 AM, Michael Adam [EMAIL PROTECTED] wrote: Hi, please direct general questions to the samba mailing list or (if it is a development / technical question) to the samba-technical mailing list. You need to provide more information. your samba configuration, the precise output of the net command, a level 10 log of the net command... You might also consider upgrading your samba version. 3.0.10 is ancient. Cheers - Michael Kumar Kalisamy wrote: Hi, I am not able to run net rpc rights grant because it says rights command not found error getting, pls can you help me to solve this problem and can you tell me reference e-books to prepare Samba. Advance thanks for you help. Regards, Kumar Kalisamy ( FAC-W IT OPS ) -- Michael Adam [EMAIL PROTECTED] [EMAIL PROTECTED] SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.SerNet.DE, mailto: Info @ SerNet.DE -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIWDcnIR7qMdg1EfYRAu80AKCaCiGjVf0UUrVnCReqSK8s5gTXCgCeK47g vEww33062P4acoZFvkDbVCA= =KhM+ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] wbinfo question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Markus Moeller wrote: I have a domain whose netbios name is WIN2003R2 and the Kerberos domain name is win2003r2.home. Using wbinfo I get: wbinfo -D WIN2003R2 Name : WIN2003R2 Alt_Name : win2003r2.home SID : S-1-5-21-1828870822-1098772068-2592627279 Active Directory : Yes Native: Yes Primary : Yes Sequence : -1 Where in AD is the Alt_Name stored ? Can I access this info also via an ldap call ? The DNS name is returned in various RPC replies. As well as in the CLDAP Netlogon reply: $ net ads lookup Information for Domain Controller: 192.168.56.48 Response Type: SAMLOGON GUID: 24b34836-cdd9-47a7-b5a4-24c4121e5d52 Flags: Is a PDC: yes Is a GC of the forest: yes Is an LDAP server: yes Supports DS:yes Is running a KDC: yes Is running time services: yes Is the closest DC: yes Is writable:yes Has a hardware clock: no Is a non-domain NC serviced by LDAP server: no Forest: central.plainjoe.org Domain: central.plainjoe.org Domain Controller: kel.central.plainjoe.org Pre-Win2k Domain: CENTRAL Pre-Win2k Hostname: KEL Server Site Name : Default-First-Site-Name Client Site Name : Default-First-Site-Name NT Version: 5 LMNT Token: LM20 Token: You can also infer this information from the defaultNamingContext attribute in the rootDSE of a domain controller: $ ldapsearch -x -H ldap://central.plainjoe.org/ -b -s base\ -LLL (objectc;ass=*) defaultNamingContext defaultNamingContext: DC=central,DC=plainjoe,DC=org Hope this helps. cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIVo/nIR7qMdg1EfYRAiTBAJ9hzbtrl39NIyrRdqdFa6PEGDCdLQCfTAGP HtJIGdzWvNoVTgQg/27NltQ= =kQ7o -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Multiple Samba Instances: Is it possible to share *.tdb files?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Christian Brandes wrote: Hi again, in the official Howto Collection at § Binary Format is mentioned that many different samba processes read and write on the same *.tdb files at the same time: http://de5.samba.org/samba/docs/man/Samba-HOWTO-Collection/CUPS-printing.html#id424705 So if there are different instances of samba on one machine, do they really need *.tdb files on their own? Or can they share one common set of files? yes. I can't think of any case where each would need it's own set of tdb files. but each will need it's own smb.conf obviously. Winbind is the exception. You cannot currently run multiple instances of winbind without some severe trickery and path hacking in the source code I don't think. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIVp6BIR7qMdg1EfYRAgjNAKCO5oyxG5E0c9ggTrNKe+i925my/gCg1oC4 gSl2ts9KlXI3kUYYGYzMBxo= =a+Q2 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] CVE-2008-1105 - clarification request
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gustavo Homem wrote: Hi, The announcement states: Secunia Research reported a vulnerability that allows for the execution of arbitrary code in smbd Does this means arbitrary code executed as root ou as the user that is authenticaded after smdb drops privilegies? Potentially either. smbd never drops privileges and can always re-become root. Does this affect samba 2.x as well? What versions? Technically affects Samba 2.2.4 and later. but Samba 2.2 is reached EOL several years ago. cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFISYarIR7qMdg1EfYRAlRYAJ9H2r9BYLx0JTkyXWrgHJTTqNpCSACgzL9m H+R/lv3EeG6Qfk4JISPTfIc= =7wU+ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] CVE-2008-1105 - clarification request
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gustavo Homem wrote: On Friday 06 June 2008 19:49, Gerald (Jerry) Carter wrote: Gustavo Homem wrote: Hi, The announcement states: Secunia Research reported a vulnerability that allows for the execution of arbitrary code in smbd Does this means arbitrary code executed as root ou as the user that is authenticaded after smdb drops privilegies? Potentially either. smbd never drops privileges and can always re-become root. Are you sure about this? ├─smbd─┬─2*[smbd] │ ├─smbd(gustavo) │ └─smbd(asdrubal) From pstree I allways see an smbd process for each user mount. Yeah. I'm sure. :-) We change to the effective id of the user to perform certain operations. And then changes back to root when done (with some optimizations to minimize the number of security context switches). What I want to know is if the vulnerable call is run as the local user or root. Potentially either. Treat this as a potential remote root code execution although I've only seen PoC code for clients. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFISZLjIR7qMdg1EfYRAjorAJsEhefQQvefNMjyp2VEIM2IIoC3IgCgkS3D +TVoM9qYcepX+1evg+kK18w= =yaF3 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with Login Shell in User Information using Winbind
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Aniket Bharaswadkar wrote: I already had template shell = /bin/bash in my smb.conf, and still winbind was reporting the shell as /bin/false. This is the real problem. Winbind seems to ignore the template shell directive from the config file!!! First I tried with a manually edited file, next I configured using authconfig-gtk in fedora, both give same results (ie shell reported as /bin/false. I am posting my current smb.conf here. Are you absolutely sure you restarted winbindd after making any config changes? Also in current versions the nss_info data is cached for a period of winbind cache time seconds so you may need to purge winbindd_cache.tdb. Also check for any other caching services (e.g. nscd) outside of winbindd. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFISAVuIR7qMdg1EfYRAmrVAKCVzcKcOnBCatiSpMnWD3uczouOOQCg1eK9 RGagajpBsCqdDpEeZeZcHcs= =paSj -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] patch or upgrade for vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Moss, Patricia wrote: I am trying to do some research on two Samba Vulnerabilities; Samba MS-RPC Request Parsing Heap Buffer Overflows (CVE-2007-2446) and Samba Remote Command Injection Vulnerability (CVE-2007-2447). In reading the documentation for these vulnerabilities, it appears that the available patches, to fix the problems, are for version 3.0.24. I am currently running version 3.0.21, on Solaris 10. Does that mean that the vulnerability does not relate to my version? If not, is there somewhere that I can download the patch for version 3.0.21? If not, and the only way to resolve the vulnerability is to upgrade, are there upgrade documents somewhere? I have installation, but not upgrade documentation. Thanks All of the security announcements indicate the versions which are impacted. Generally we provide patches for the current release (at the time) and rely upon vendors to backport to their versions. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFISA3lIR7qMdg1EfYRAl4eAJ9S+c+VEXut3VJpsFhbIgEYNZQ8WwCfazUi mgm5M/SYqjO2cLqP9n04U9U= =e2JA -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] patch-3.0.29 to 3.0.30 broken
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 James Kosin wrote: | Jerry, | | The patch for 3.0.29 to 3.0.30 is broken; can you fix? Thanks. I'll try to get this fixed today. Apparently the 3.0.30 tree I used still had some temporary build files in it. jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIQql0IR7qMdg1EfYRAibwAJ90zm3KWuuJHDjxsH6EWrtUDJNWFQCeJXM0 RXwtzm+Ru9ShGEiQZnPvsCw= =pX+a -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
