[Samba] Mapping shares as different user
Hello I have domain KEVF_D4 run by samba and KEVF_D1 run by NT4. There is a mutual trust between these domains. When I log on into KEVF_D1 as KEVF_D1 user and try to map a share from KEVF_D4 it asks me for a username and password. I supply a username in form kevf_d4\username and password for that account. However, nothing is mapped. When I try the same with smbclient and authenticate the same way from the samba server commandline against the samba server, I am permitted access. Is this supposed to work in Samba? Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Groups not listed in USERMGR.EXE
On Fri, Mar 12, 2004 at 12:16:24AM +0100, Erik Hoitinga wrote: Dear list, I'm using samba 3.0.2a on a RedHat Linux server. Samba is configured as being a PDC. When I use the usermanager from SRVTOOLS.EXE on my W2K workstation I don't see any groups listed in the window below the userlist. Also when I look at the properties of on of the user (who is member of more than one group) I only see that a primary group is assigned, the one in /etc/passwd. man net groupmap add man net groupmap modify Samba HOWTO group mapping windows and unix The member of and the not member of windows are empty. Anyone seen this behaviour before? The configuration lines concerning users and groups in my smb.conf are: username map = /etc/samba/smbusers add user script = /usr/sbin/useradd -n -d /home/%u -g users -c 'User Account' -s /sbin/nologin -m %u add machine script = /usr/sbin/useradd -n -d /dev/null -g users -c Machine -s /sbin/nologin -M %u$ delete group script = /usr/sbin/groupdel %g delete user script = /usr/sbin/userdel -r %u set primary group script = /usr/sbin/usermod -g %g %u add user to group script = /usr/sbin/usermod -G %g %u delete user from group script = /usr/bin/gpasswd -d %u %g TIA, Erik Hoitinga web: http://users.skynet.be/fanzel -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 2 NT groups mapping into 1 UNIX group
On Wed, Mar 10, 2004 at 10:17:33PM +1100, Andrew Bartlett wrote: On Tue, 2004-03-09 at 02:32, Karel Kulhavy wrote: Hello Is it correct to map two NT groups into one UNIX group? For example Domain Users - users Kosmos Users - users This must be a one-to-one mapping, so no. Is this fact written somewhere in Samba HOWTO or the manpages? Cl Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba manpages
Hello I discovered one can get Samba manpages either by make install from samba sources (samba-3.0.2/sources: make install) or by downloading for example samba-20040215.tar.bz and manually copying the contents of manpages/ subdirectory into /usr/local/samba/man. Are both these sources of manpages equivalent? Which one of them should be used officially? Are the manpages in source tarball obsolete somehow? Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba as the Trusted Domain
I have samba-3.0.2 with tdbsam (I don't remember why I moved on to tdbsam from smbpasswd but something in the past must have required it). When trying to add trusting domain according to Samba HOWTO Collection, page clxxxvii (why the heck the pages have such strange Roman hashes instead of numbers?): oberon root # smbpasswd -a -i KEVF_D1 New SMB password: Retype new SMB password: Failed to initialise SAM_ACCOUNT for user KEVF_D1$. Failed to modify password entry for user KEVF_D1$ The instructions seem to work only for those who use smbpasswd. I suggest the documentation maintainer to add similar instructions into the documentation for tdbsam users. My smbconf follows: # Samba config file created using SWAT # from 127.0.0.1 (127.0.0.1) # Date: 2003/11/19 15:51:41 # Global parameters [global] security = user wins support = no workgroup = KEVF_D4 encrypt passwords = yes domain logons = yes null passwords = yes interfaces = eth1 preferred master = Yes domain master = Yes debuglevel = 3 ldap ssl = no admin users = admin,prech,root,test hosts allow = 195.113.0.0/255.255.0.0 # hide local users = yes name resolve order=lmhosts,bcast socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 unix password sync = yes passwd program = /bin/passwd %u passwd chat = *ew*password* %n\n *ew*password* %n\n add user to group script = /usr/local/samba/bin/myaddusertogroup %u %g add user script = /usr/sbin/useradd -c 'Samba User' -d /dev/null -g smbusers -s /bin/false %u add machine script = /usr/sbin/useradd -c 'Machine' -d /dev/null -g machines -s /bin/false %u add group script = /usr/local/samba/bin/mygroupadd %g delete group script = /usr/sbin/groupdel %g delete user script = /usr/sbin/userdel %u delete user from group script = /usr/local/samba/bin/mydeleteuserfromgroupscript %u %g delete user script = /usr/sbin/userdel %u map to guest = Bad User passdb backend = tdbsam logon drive = h: logon home = \\oberon\%U logon path = \\oberon\profiles\%U server schannel = yes server signing = auto [netlogon] path=/usr/local/samba/netlogon read only = yes guest ok = yes browseable = yes write list = admin prech root test locking = no public = no csc policy = disable [homes] comment = Home Directories browseable = no writable = yes [admin] comment = Admin Home writable = yes path = /home/admin [root] comment = Root Home writable = yes path = /home/admin [test] comment = test's home writable = yes path = /home/test [linux] comment = Linux Kernel Sources path = /usr/src/linux [profiles] create mode = 0600 csc policy = disable directory mode = 0700 comment = Profiles path = /usr/local/samba/profiles/ profile acls = yes read only = no -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] net rpc trustdom add
Hello I would like to ask what is the syntax of net rpc trustdom add. http://samba.kn.vutbr.cz/samba/docs/man/net.8.html: [NET] RPC TRUSTDOM ADD DOMAIN However: bash-2.05b$ net rpc trustdom add KEVF_D1 Password: Usage: net rpc trustdom add domain_name pw 1) It seems there is a pretty havoc in the issue. 2) Why does net complain about violating the commandline format after asking for password and not before? 3) Did the operation in my case complete successfully or a NOP was performed (or even worse, some kind of partial operation)? Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] net rpc trustdom usage suggestion
Hello net 3.0.2 prints out it's usage: bash-2.05b$ net rpc trustdom net rpc trustdom add add trusting domain's account net rpc trustdom del delete trusting domain's account net rpc trustdom establish establish relationship to trusted domain net rpc trustdom revokeabandon relationship to trusted domain net rpc trustdom list show current interdomain trust relationships I suggest to add the format of the parameteres to this usage. Let's assume net rpc trustdom add takes one parameter domain. Then the corresponding usage line would be for example: net rpc trustdom add domain add trusting domain's account Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Deadlink on Samba website
There is something that looks like a deadlink on Samba website. http://samba.kn.vutbr.cz/samba/archives.html contains a href=http://lists.samba.org/pipermail/samba-docs/;docs/a which is an empty page. I wanted to examine the contents of docs mainling list. Is the docs mailing list working? Is there any traffic? Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba-docs mailing list
Hello How do I subscribe to samba-docs mailing list? The list is listed at http://samba.kn.vutbr.cz/samba/archives.html however it is not listed on the subscription page at http://lists.samba.org/mailman/ judging by grepping 'samba-docs' in the page and finding nothing. Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba bugzilla search terms not functional
Hello I tried to search for a term deadlink in Samba bugzilla system at https://bugzilla.samba.org/ Entere a bug# or some search terms I consider the word deadlink to be a search term. Also the [Help] states that Bugzilla QuickSearch. Type in one or more words (or word fragments) to search for. The string deadlink is certainly a word. However after pressing 'show', I got to URL https://bugzilla.samba.org/show_bug.cgi?id=deadlink Whis stated in a big red box: The bug number is invalid. If you are trying to use QuickSearch, you need to enable JavaScript in your browser. To help us fix this limitation, look here. I have web browser Links-2.1pre14 and the Javascript is enabled: [X] Enable javascript. It looks like the Bugzilla search mechanism requires something more that an enabled javascript. Probably it has special requirements on the properties of JavaScript implementation. What I suggest: 1) Determine what are the specification of Bugzilla system in regards of requirement on Javascript implementation 2) Replace the text you need to enable JavaScript in your browser with you have to enable JavaScript in your browser and the implementation on JavaScript in your browser has to comply with standard XXX of JavaScript. Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Access rights for users from trusted domains
Hello I have a Samba 3.0.2 domain D4 that trusts NT4 domain D1 I tried to change access permissions of a file on Samba's share from a windows machine that is part of D4 for a user from D1. The dialog showed me D1, I could select an user from D1 and I had been allowed to complete the dialog. However, on reopening Properties, it was all gone. The right I tried to add was Read right. Is this supposed to work in Samba 3.0.2? If not, would it be difficult to hack it there up? Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] What must be removed during samba reinstall
Hello If I reinstall samba from version A to version B, what all files must be removed to maintain correctness of the whole system? Let's assume the reinstall is done in this way: cd /usr/src/samba-3.0.2/source ./configure make make install Is the answer to this question dependent on the pair of versions (past version, future version)? For example: 3.0.1pre2, 3.0.2 3.0.2, 3.0.pre1 3.0.1rc1, 3.0.2 3.0.2, 3.0.0rc4 3.0.0 3.0.2 etc. Is it possible to get answer to this question somewhere in samba documentation instead of on this mailing list? Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] pdbedit 3.0.2 segfault
Hello I have samba-3.0.2 installed into /usr/local/samba/ by means of cd /usr/src/samba-3.0.2/source ./configure --with-acl-support make make install When I run pdbedit -L I get a segfault: oberon root # pdbedit -L Segmentation fault (core dumped) This occurs after samba of unknown version from these two: 3.0.1pre2 3.0.2 has been reinstalled with samba-3.0.2 (gdb) bt #0 0x400f9bf9 in free () from /lib/libc.so.6 #1 0x08068472 in init_sam_from_buffer () #2 0x08071d3f in tdbsam_getsampwent () #3 0x080694da in context_getsampwent () #4 0x0805a292 in print_users_list () #5 0x0805b7e1 in main () #6 0x4009a90b in __libc_start_main () from /lib/libc.so.6 oberon samba # ldd `which pdbedit` libcrypt.so.1 = /lib/libcrypt.so.1 (0x40026000) libresolv.so.2 = /lib/libresolv.so.2 (0x40053000) libnsl.so.1 = /lib/libnsl.so.1 (0x40065000) libdl.so.2 = /lib/libdl.so.2 (0x4007a000) libpopt.so.0 = /usr/lib/libpopt.so.0 (0x4007d000) libc.so.6 = /lib/libc.so.6 (0x40085000) /lib/ld-linux.so.2 = /lib/ld-linux.so.2 (0x4000) oberon root # echo $CFLAGS oberon root # echo $CXXFLAGS oberon root # echo $LDFLAGS Is this a bug in pdbedit? What kind of debugging information should I provide to help with debugging pdbedit? Cl backtrace: -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] More to pdbedit -L segfault
I have recompiled pdbedit 3.0.2 with -g flag to be able to list sources from gdb when debugging pdbedit and discovered some more info but don't know how to interpret it: (gdb) frame 1 #1 0x0806c899 in init_sam_from_buffer (sampass=0x81b8c28, buf=0x81b8d78 , buflen=208) at passdb/passdb.c:1462 1462SAFE_FREE(domain); (gdb) print domain $8 = 0x1 Address 0x1 out of bounds It looks like domain is invalid address. It seems some integer has been sucked in into the pointer. This architecture is i686-pc-linux-gnu. Or maybe the whole memory is fatally corrupt and just generic strange things happen. I suspect the databases got broken by reinstalling one version of samba to another. Question: can the databases be broken by reinstalling one 3.0.* samba with 3.0.2? Or can the database be broken by reinstalling one 3.0.* samba with another 3.0.* samba (possible higher or lower version)? I can try removing the databases and building them again. However, I think, no matter how corrupt data files on the samba systems are, the executables should not crash on segfault. Or is there a case where crashing on segfault due to invalid input is a correct behaviour for an executable? Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] More to pdbedit -L segfault
I have deleted the whole samba tree (rm -r /usr/local/samba) and reinstalled samba-3.0.2 with '-g' compiler flag switched on with make install and now pdbedit -L works. Fortunately I have saved the old tree (/usr/local/samba) so that it can still be ussed as assistance if anyone would be interester in debugging that segfault. Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] More to pdbedit -L segfault
I tried to invoke the state of /usr/local/samba tree that causes pdbedit -L to segfault however I failed. What I tried (reload = reloading smbd and nmbd daemons): 3.0.2 make install reload pdbedit -L 3.0.1rc2 make install reload pdbedit -L 3.0.0 make install pdbedit -L reload pdbedit -L Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Error was NT_STATUS_OK
Hello samba-3.0.2 just after starting a brand new installation of samba-3.0.2 I issued the command net rpc trustdom establish KEVF_D1 and entered a correct password. What I got was: Password: [2004/02/12 14:35:56, 0] utils/net_rpc.c:rpc_trustdom_establish(1986) Couldn't verify trusting domain account. Error was NT_STATUS_OK What does it mean? It doesn't make a sense to me. It something like famous Windows message: Error: Success. After reentering the command and typing in the same password I got: oberon my # net rpc trustdom establish KEVF_D1 Password: [2004/02/12 14:40:24, 0] utils/net_rpc.c:rpc_trustdom_establish(2106) Success! Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] More to pdbedit -L segfault
I have determined that the segfault can be reproduced by:
1) Fresh installation of samba-3.0.2
2) Copying the bad private/passdb.tdb into /usr/local/samba/private/passdb.tdb
However I can't post the passdb.tdb that causes this because I think it
contains sensitive information. However tdbdump dumps it without complaints:
tdbdump /root/samba-pdbedit-segfault/private/passdb.tdb
{
key = USER_test\00
data = censored
}
{
key = RID_03e8\00
data = root\00
}
{
key = USER_neptun$\00
data = censored
}
{
key = RID_0bba\00
data = neptun$\00
}
{
key = RID_0bbe\00
data = test\00
}
{
key = INFO/version\00
data = \01\00\00\00
}
{
key = USER_root\00
data = censored
}
Is there a way how to dump the database into text format, edit the obviously
sensitive informations and then pack it back into .tdb file? I would need
something like reverse-tdbdump. Then I could maybe make an unsensitive
file that crashes pdbedit-3.0.2 -L and post it here.
Cl
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Error was NT_STATUS_OK
I have discovered what I have done wrong: sitting on KEVF_D4 Samba 3.0.2 PDC instead of net rpc trustdom establish KEVF_D1 I issued net rpc trustdom establish KEVF_D4. However I still wonder why I didn't get more meaningful message (something like: you are trying to make a loopback interdomain trust relationship or: invalid argument) than Error was NT_STATUS_OK. Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] adding users from trusted domains into groups
Hello I have domain KEVF_D4 run by samba PDC that trusts domain KEVF_D1 run by NT4 PDC. The trust is running judging according to at least 3 independent signs it is really working. However when I fire up usrmgrx.exe on a computer that is in KEVF_D4 (and is different from the PDC because PDC is Linux and there are no Windows to run usrmgrx.exe on) and creat a local group and then try to add someone from KEVF_D1 into the local group, I get an error message User name cannot be found. I also tried to add some group from KEVF_D1 into that KEVF_D4 local group and it does the same: User name cannot be found. I wonder what user name is it talking about when I am adding one group into another and think no user names should be involved. Are these operations supported? If not, is it difficult to hack them up into the Samba? Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Bad signature in samba sources?
Hello What should I do in this case? It seems the signature of Samba sources is bad. I tried downloading from CZ and FI mirrors and both had the same problem. I got this key by bash-2.05b$ gpg --keyserver wwwkeys.pgp.net --recv-keys 2F87AF6F gpgkeys: WARNING: this is an *experimental* HKP interface! gpg: key 2F87AF6F: Samba Distribution Verification Key [EMAIL PROTECTED] not changed gpg: Total number processed: 1 gpg: unchanged: 1 bash-2.05b$ gpg --verify samba-3.0.2.tar.asc samba-3.0.2.tar.gz gpg: Signature made Fri Feb 6 23:45:07 2004 MET using DSA key ID 2F87AF6F gpg: BAD signature from Samba Distribution Verification Key [EMAIL PROTECTED] bash-2.05b$ gpg --version gpg (GnuPG) 1.2.3 Copyright (C) 2003 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. Home: ~/.gnupg Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA, ELG Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH Hash: MD5, SHA1, RIPEMD160, SHA256 Compression: Uncompressed, ZIP, ZLIB Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] USRMGR.EXE won't add user
_ / | /usr/local/samba/bin/mygroupadd \_ / | #!/bin/bash | | # Add the group using normal system groupadd tool. | groupadd smbtmpgrp00 | | thegid=`cat /etc/group | grep smbtmpgrp00 | cut -d : -f3` | | # Now change the name to what we want for the MS Windows networking end | cp /etc/group /etc/group.bak | cat /etc/group.bak | sed -e s/smbtmpgrp00/$1/g /etc/group | | # Now return the GID as would normally happen. | echo $thegid | exit 0 | \_ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba I hope I'm not imposing, but I was reading your post. I'm setting up my own Domain using Samba 3.0. My Domain was running to my satisfaction using 2.27a. I have since upgraded to 3.0, have been having some problems. Did USRMGR.EXE administration work in 2.27a? that is mygroupdel. I was wondering if you could post it. I noticed I haven't written up any mygroupdel. But now I tried /usr/sbin/groupdel and it works even for strange group names like Live Beef sh-2.05b# /usr/local/samba/bin/mygroupadd Live Beef 414 bash-2.05b# fgrep Live Beef /etc/group Live Beef:x:414: bash-2.05b# /usr/sbin/groupdel Live Beef bash-2.05b# fgrep Live Beef /etc/group bash-2.05b# So I changed my smb.conf line to delete group script = /usr/sbin/groupdel %g Is it possible my problems were caused by not-working group deletion? I doubt USRMGR.EXE would delete any groups on user addition. Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: USRMGR.EXE won't add user
long stupid passwd). The user wasn't in the database. Then clicked OK. Never managed to add user this way. CVS head 2003-12-10: Access is denied 3.0.1rc1:Access is denied 3.0.1rc2:Access is denied 3.0.0: Access is denied I'm not sure if this is of any help, but did you map the NT groups to the Unix groups? i.e., net groupmap modify ntgroup=Domain Admins unixgroup=domadm? Yes, this is my script that automatically sets up Samba for tests (I run it after make install.) _ / | copy_samba \_ / | #!/bin/bash | | spt=/usr/local/samba | | cp $spt/my/my* $spt/bin/ | cp $spt/my/smb.conf $spt/lib/ | cp $spt/my/lmhosts $spt/lib/ | pdbedit -m -a -u neptun | net groupmap modify ntgroup=Domain Admins unixgroup=domadm | net groupmap modify ntgroup=Domain Users unixgroup=smbusers | net groupmap modify ntgroup=Domain Guests unixgroup=nobody | /etc/init.d/samba start | echo Enter password for root: | pdbedit -a -u root | echo Enter password for test: | pdbedit -a -u test \_ and from /etc/group: domadm:x:412:admin,root So that root is even a member of Domain Admins - and still I can't add users. What can I do is move users into a group and change their description from Windows. Cl I think that I ran into similar problems when I upgraded from Samba 2.2.8a to 3.0, and it turned out that I hadn't correctly mapped the groups. Eddie -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] USRMGR.EXE now adds users :)
Was it my fault, of course. passwd program = /bin/passwd was wrong. Right is passwd program = /bin/passwd %u Passwd chat: passwd chat = *ew*password* %n\n *ew*password* %n\n I can add users, add groups, delete users, delete groups,... :) My backend is tdbsam. How did I find it? Was reading through /usr/local/samba/var/log.smbd and saw a complaint that passwd program must contain %u. Why doesn't testparm test this? If it did, it would save me two days of experiments ;-) Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] make install: what all databases must be deleted
Hello When copying over one version of Samba 3.* with another, what all databases must be deleted and built again to prevent corruption of them? Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] USRMGR.EXE won't add user
Hello
Tried to add user in user manager from domains, NT4.0 client, logged in as root
on the NT client. Clicked New User, filled in nick, description, full name,
password1, password2 (was dead sure they were the same, carefully typed 9-chars
long stupid passwd). The user wasn't in the database. Then clicked OK. Never
managed to add user this way.
Checked all the add user, del user etc. scripts, tried manually that they:
* add user
* add group
* add user to group
* delete user from group
* delete user
root is in admin users in smb.conf.
Tried the following version of samba:
CVS head 2003-12-10: Access is denied
3.0.1rc1:Access is denied
3.0.1rc2:Access is denied
3.0.0: Access is denied
/etc/passwd and pdbedit -L don't show any new user after this action.
But when the delete user script is removed/made unfunctional, the
user appears in /etc/passwd (but not in pdbedit -L).
Between tests, I removed the client from the domain, killed all connections
in SWAT, removed whole samba, reinstalled, reinitialized databases, put the
client back by pdbedit, rebooted client, ran usrmgr.exe.
Can you help what can be set wrong in my case? Config files and scripts follow.
Logs don't say any error. There is a bunch of DCE RPC calls in ethereal
logs:
17 SAMR_LOOKUP_NAMES
57 SAMR_CONNECT
44 SAMR_GET_USRDOM_PWINFO
7 SAMR_OPEN_DOMAIN
0 SAMR_CONNECT_ANON
7 SAMR_OPEN_DOMAIN
50 SAMR_CREATE_USER
36 SAMR_QUERY_USERINFO
44 SAMR_GET_USRDOM_PWINFO
58 SAMR_SET_USERINFO
35 SAMR_DELETE_USER
1 SAMR_CLOSE_HND
Has anyone working USRMGR.EXE administrastion including adding users?
Can you please paste your config files and additional info necessary
to make this work?
Cl
_
/
| /usr/local/samba/lib/smb.conf
\_
/
| # Samba config file created using SWAT
| # from 127.0.0.1 (127.0.0.1)
| # Date: 2003/11/19 15:51:41
|
| # Global parameters
| [global]
| security = user
| wins support = no
| workgroup = KEVF_D4
| encrypt passwords = yes
| domain logons = yes
| null passwords = yes
| interfaces = eth0
| preferred master = Yes
| domain master = Yes
| debuglevel = 3
| ldap ssl = no
| admin users = admin,prech,root
| hosts allow = 195.113.0.0/255.255.0.0
| # hide local users = yes
| name resolve order=lmhosts,bcast
|
| socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
|
| unix password sync = yes
| passwd program = /bin/passwd
| passwd chat = *ew*password* %n\n *new*password* %n\n
|
| add user to group script = /usr/local/samba/bin/myaddusertogroup %u %g
| add user script = /usr/sbin/useradd -c 'Samba User' -d /dev/null -g smbusers
-s /bin/false %u
| add machine script = /usr/sbin/useradd -c 'Machine' -d /dev/null -g machines
-s /bin/false %u
| add group script = /usr/local/samba/bin/mygroupadd %g
| delete group script = /usr/local/samba/bin/mygroupdel %g
| delete user script = /usr/sbin/userdel %u
| delete user from group script =
/usr/local/samba/bin/mydeleteuserfromgroupscript %u %g
| delete user script = /usr/sbin/userdel %u
|
| map to guest = Bad User
| passdb backend = tdbsam
|
| logon drive = h:
| logon home = \{}\{}oberon\{}%U
| logon path = \{}\{}oberon\}{profiles\{}%U
|
| server schannel = yes
| server signing = auto
|
| [netlogon]
| path=/usr/local/samba/netlogon
| read only = yes
| guest ok = yes
| browseable = yes
| write list = admin prech root
| locking = no
| public = no
| csc policy = disable
|
| [homes]
| comment = Home Directories
| browseable = no
| writable = yes
|
| [admin]
| comment = Admin Home
| writable = yes
| path = /home/admin
|
| [root]
| comment = Root Home
| writable = yes
| path = /home/admin
|
| [test]
| comment = test's home
| writable = yes
| path = /home/test
|
| [linux]
| comment = Linux Kernel Sources
| path = /usr/src/linux
|
| [profiles]
| create mode = 0600
| csc policy = disable
| directory mode = 0700
| comment = Profiles
| path = /usr/local/samba/profiles/
| profile acls = yes
| read only = no
\_
_
/
| /usr/local/samba/bin/myaddusertogroup
\_
/
| #!/bin/bash
|
| # myaddusertogroup username groupname
|
| username=$1
| groupname=$2
| groups=`cat /etc/group | grep [,:]$username | cut -d ':' -f 1 | tr '\n' ','`
| groups=$groups$groupname
| usermod -G $groups
Re: [Samba] USRMGR.EXE
Thanks, server schannel = Yes ^ This is the key. After setting this (on samba-3.0.1pre3), usrmgr.exe started to partially work. samba-3.0.1pre3 usrmgr.exe: Works: Browsing users properties Change of user's description Browsing groups Seems to work: Moving users into a group Doesn't work: adding an user * admin users = admin,root * logging on NT4.0 client as root Will investigate further. Will try samba-3.0.0 or other versions. Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] 3.0.1pre3 - 3.0.1rc1: doesn't want to connect to itself
Hello
With smb.conf below, samba 3.0.1pre3 is capable of connecting to itself
by smbclient -L oberon empty_password. Also domain logons work.
With 3.0.1rc1 it just writes
bash-2.05b# smbclient -L oberon
Password:empty
tree connect failed: Call returned zero bytes (EOF)
bash-2.05b# smbclient --version
Version 3.0.1rc1
bash-2.05b# smbd --version
Version 3.0.1rc1
bash-2.05b# which smbclient
/usr/local/samba/bin/smbclient
bash-2.05b# which smbd
/usr/local/samba/sbin/smbd
bash-2.05b# ps ax | grep mbd
23062 ?S 0:00 /usr/local/samba/sbin/smbd
23064 ?S 0:00 /usr/local/samba/sbin/nmbd
bash-2.05b# testparm
Load smb config files from /usr/local/samba/lib/smb.conf
Processing section [netlogon]
Processing section [homes]
Processing section [admin]
Processing section [root]
Processing section [linux]
Processing section [profiles]
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions
^C
bash-2.05b# cat /proc/version
Linux version 2.4.22-2.4.22 ([EMAIL PROTECTED]) (gcc version 3.2.3 20030422 (Gentoo
Linux 1.4 3.2.3-r2, propolice)) #7 SMP Tue Dec 2 08:58:49 MET 2003
Please tell me what kind of diagnostics should I provide to be helpful.
Cl
# Samba config file created using SWAT
# from 127.0.0.1 (127.0.0.1)
# Date: 2003/11/19 15:51:41
# Global parameters
[global]
security = user
wins support = no
workgroup = KEVF_D4
encrypt passwords = yes
domain logons = yes
null passwords = yes
interfaces = eth0
preferred master = Yes
domain master = Yes
debuglevel = 3
ldap ssl = no
hosts allow = 195.113.28.0/255.255.0.0
admin users = admin,prech,root
# hide local users = yes
name resolve order=lmhosts,bcast
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
unix password sync = yes
passwd program = /bin/passwd
passwd chat = *ew*password* %n\n *new*password* %n\n
add user to group script = /usr/local/samba/bin/myaddusertogroup %u %
g
add user script = /usr/sbin/useradd -c 'Samba User' -d /dev/null -g smbu
sers -s /bin/false %u
add machine script = /usr/sbin/useradd -c 'Machine' -d /dev/null -g mach
ines -s /bin/false %u
add group script = /usr/local/samba/bin/mygroupadd %g
delete group script = /usr/local/samba/bin/mygroupdel %g
map to guest = Bad User
passdb backend = tdbsam
logon drive = h:
logon home = \{}\{}oberon\{}%U
logon path = \{}\{}oberon\}{profiles\{}%U
[netlogon]
path=/usr/local/samba/netlogon
read only = yes
guest ok = yes
browseable = yes
write list = admin prech root
locking = no
public = no
[homes]
comment = Home Directories
browseable = no
writable = yes
[admin]
comment = Admin Home
writable = yes
path = /home/admin
[root]
comment = Root Home
writable = yes
path = /home/admin
[linux]
comment = Linux Kernel Sources
path = /usr/src/linux
[profiles]
create mode = 0600
csc policy = disable
directory mode = 0700
comment = Profiles
path = /usr/local/samba/profiles/
profile acls = yes
read only = no
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.1pre3 - 3.0.1rc1: doesn't want to connect to itself
On Fri, Dec 05, 2003 at 08:27:46AM -0600, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Karel Kulhav wrote: | Hello | | With smb.conf below, samba 3.0.1pre3 is capable of connecting to itself | by smbclient -L oberon empty_password. Also domain logons work. | | With 3.0.1rc1 it just writes | | bash-2.05b# smbclient -L oberon | Password:empty | tree connect failed: Call returned zero bytes (EOF) | bash-2.05b# smbclient --version | Version 3.0.1rc1 Hmmm... works ok for me. what about 'smbclient -L oberon -N' bash-2.05b# smbclient -L oberon -N [2003/12/05 16:06:08, 0] lib/util_sock.c:read_socket_with_timeout(279) read_socket_with_timeout: timeout read. read error = Connection reset by peer. tree connect failed: Read error: Connection reset by peer bash-2.05b# ps ax | grep mbd 1080 ?S 0:00 /usr/local/samba/sbin/smbd 1082 ?S 0:00 /usr/local/samba/sbin/nmbd 1559 pts/1S 0:00 grep mbd This is in the logs log.smb: [2003/12/05 16:25:45, 1] smbd/process.c:process_smb(883) Connection denied from 195.113.29.140 [2003/12/05 16:25:45, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/12/05 16:25:45, 2] smbd/server.c:exit_server(558) Closing connections [2003/12/05 16:25:45, 3] smbd/connection.c:yield_connection(69) Yielding connection to [2003/12/05 16:25:45, 3] smbd/connection.c:yield_connection(76) yield_connection: tdb_delete for name failed with error Record does not exist . [2003/12/05 16:25:45, 3] smbd/server.c:exit_server(601) Server exit (connection denied) | [global] | security = user | wins support = no | workgroup = KEVF_D4 | encrypt passwords = yes | domain logons = yes | null passwords = yes | interfaces = eth0 | preferred master = Yes | domain master = Yes | debuglevel = 3 | ldap ssl = no | hosts allow = 195.113.28.0/255.255.0.0 Try adding '127.0.0.1' to you hosts allow. Now:hosts allow = 195.113.28.0/255.255.0.0, 127.0.0.1 And it does the same. Also man smb.conf says Note that the localhost address 127.0.0.1 will always be allowed access unless specifically denied by a hosts deny option. Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] USRMGR.EXE
Hello Is here anybody who is able to manage his NT4.0 domain on hid Samba 3 PDC with User Manager for Domains? Can you please tell me what things must be checked to be sure USRMGR.EXE administration (User Manager for Domains aka Domain User Manager) works? I am unable to make it working and tried already these Samba versions: 3.0.0 3.0.0rc1 3.0.0rc2 3.0.0rc3 3.0.1pre3 3.0.1rc1 2003-12-04 head 2003-12-05 head Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Where is lmhosts?
Hello Someone who has working lmhosts please tell me where it is (i.e., the path). I RTFMd man lmhosts and: 1) man hosts tells: SYNOPSIS: /etc/hosts. 2) man lmhosts doesn't tell anything about the path. 3) man lmhosts: It is very similar to the /etc/hosts file format - does it mean that the similarity is also in the placement of the file? 4) All config files are in /usr/local/samba/lib, so I would expect lmhosts to be there too 5) RTFM'd man smb.conf too if there isn't some special option that configure location of this file. man smb.conf contains 8 occurences of lmhosts but none of them tells anything about the path of the file lmhosts. man smb.conf doesn't list any option that would set the path of lmhosts, thus I infer it's improbable such an option exists and the location of lmhosts is fixed. 1), 3) make more probable path /etc/lmhosts 4) makes more probable path /usr/local/samba/lib I am puzzled. Wouldn't it be possible to add the information about the placement of this file into man lmhosts? Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] USRMGR.EXE administration: invalid syntax error message
I try to admin Samba 3.0.0 and 3.0.1pre3 (tried both versions) NT4.0
PDC with NT4.0 machine and NT4.0 USRMGR.EXE and get persistent error
message
1) The group name could not be found
2) The user name could not be found
3) The filename, directory name, or volume label syntax is incorrect.
Loggin into domain under name: root
I can see the user and group listing. When I click on a user to see
his details, I get message (2). When I click on a group to see it's details,
I get message (1). When I click on Add New User in the menu, I get message
(3).
I have read mailing list postings indicating this works for other people. Am I
doing something wrong? Is there any specification I should read describing
under what circumstances should USRMGR.EXE administration work?
Windows on client: NT4.0 (reinstalled from NT3.5 to NT4.0).
Tried also another NT4.0 box with the same result
Tried also XP box and running NT4.0 USRMGR.EXE -- the same result
Samba: 3.0.0 and 3.0.1pre3 (tried first 3.0.1pre3 and then reinstalled
to 3.0.0 by compiling 3.0.0 and make install 3.0.0 with leaving the same
environment)
Install path: default (./configure without parameters, path defaults
to /usr/local/samba/) Distribution: gentoo.
smb.conf contents:
# Samba config file created using SWAT
# from 127.0.0.1 (127.0.0.1)
# Date: 2003/11/19 15:51:41
# Global parameters
[global]
security = user
wins support = no
workgroup = KEVF_D4
encrypt passwords = yes
domain logons = yes
null passwords = yes
interfaces = eth0
preferred master = Yes
domain master = Yes
debuglevel = 3
ldap ssl = no
hosts allow = 195.113.28.0/255.255.254.0
admin users = admin,prech,root
hide local users = yes
unix password sync = yes
passwd program = /bin/passwd
passwd chat = *ew*password* %n\n *new*password* %n\n
add user to group script = /usr/local/samba/bin/myaddusertogroup %u %g
add user script = /usr/sbin/useradd -c 'Samba User' -d /dev/null -g smbusers
-s /bin/false %u
add machine script = /usr/sbin/useradd -c 'Machine' -d /dev/null -g machines
-s /bin/false %u
add group script = /usr/local/samba/bin/mygroupadd %g
delete group script = /usr/local/samba/bin/mygroupdel %g
map to guest = Bad User
passdb backend = tdbsam
logon drive = h:
logon home = \{}\{}oberon\{}%U
logon path = \{}\{}oberon\}{profiles\{}%U
[netlogon]
path=/usr/local/samba/netlogon
read only = yes
guest ok = yes
browseable = yes
write list = admin prech root
locking = no
public = no
[homes]
comment = Home Directories
browseable = no
writable = yes
[admin]
comment = Admin Home
writable = yes
path = /home/admin
[root]
comment = Root Home
writable = yes
path = /home/admin
[linux]
comment = Linux Kernel Sources
path = /usr/src/linux
[profiles]
create mode = 0600
csc policy = disable
directory mode = 0700
comment = Profiles
path = /usr/local/samba/profiles/
profile acls = yes
read only = no
permissions:
drwxrwxrwt root root /usr/local/samba/profiles
drwxrwxrwt root root /usr/local/samba/netlogon
contents of netlogon: only directory scripts (no ntconfig.pol)
Group information /etc/group:
domain_users:x:410:root,admin,test
domad:x:412:admin,root
machines:x:408:
smbusers:x:407:
bash-2.05b# net groupmap list
System Operators (S-1-5-32-549) - -1
Replicators (S-1-5-32-552) - -1
Guests (S-1-5-32-546) - -1
Domain Users (S-1-5-21-xx-yy-zz-513) - smbusers
Power Users (S-1-5-32-547) - -1
Print Operators (S-1-5-32-550) - -1
Administrators (S-1-5-32-544) - -1
Account Operators (S-1-5-32-548) - -1
Domain Admins (S-1-5-21-xx-yy-zz-512) - domadm
Domain Guests (S-1-5-21-xx-yy-zz-514) - nobody
Backup Operators (S-1-5-32-551) - -1
Users (S-1-5-32-545) - -1
bash-2.05b# pdbedit -Lv root
Unix username:root
NT username:
Account Flags:[U ]
User SID: S-1-5-21-1720464068-1560033322-1864438560-1000
Primary Group SID:S-1-5-21-1720464068-1560033322-1864438560-1001
Full Name:root
Home Directory: \{}\{}oberon\{}root
HomeDir Drive:h:
Logon Script:
Profile Path: \{}\{}oberon\}{profiles\{}root
Domain: KEVF_D4
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Fri, 13 Dec 1901 21:45:51 GMT
Kickoff time: Fri, 13 Dec 1901 21:45:51 GMT
Password last set:Fri, 28 Nov 2003 08:48:20 GMT
Password can change: Fri, 28 Nov 2003 08:48:20 GMT
Password must change: Fri, 13 Dec 1901 21:45:51 GMT
Cl
--
To unsubscribe from this list go to the following URL and read the
instructions:
[Samba] swat documentation - password
Hello Suggested patch to man swat 2.2.8a: there is a guide how to install swat. When I ran browser to http://localhost:901, it wanted a login and pasword. I wasn't able to determine from man swat what I should enter. Please add this information to the manpage. Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] man swat 2.2.8a patch
replace all occurences of xientd by xinetd Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] doc bugreport 3.0.0 install.html
samba-3.0.0/docs/htmldocs/install.html reads: If you need to compile Samba from source, check . It seems to be a human language parse error - missing subject in a sentence. Regards, Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] doc bugreport compiling.html samba 3.0.0
samba-3.0.0/docs/htmldocs/compiling.html reads: wget http://us1.samba.org/samba/ftp/samba-2.2.8a.tar.asc; --14:58:11-- http://us1.samba.org/samba/ftp/samba-2.2.8a.tar.asc = `samba-2.2.8a.tar.asc' Resolving us1.samba.org... done. Connecting to us1.samba.org[216.251.47.16]:80... connected. HTTP request sent, awaiting response... 404 Not Found 14:58:12 ERROR 404: Not Found. Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] 3.0.0 doc obsolete content
samba-3.0.0/docs/htmldocs/compiling.html reads: gzip -d samba-2.2.8a.tar.gz gpg --verify samba-2.2.8a.tar.asc It seems to be outdated. Suggested patch: gzip -d samba-3.0.0.tar.gz gpg --verify samba-3.0.0.tar.asc Regards, Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] doc bugreport 3.0.0. install.html
samba-3.0.0/docs/htmldocs/install.html reads: More information about SWAT can be found in . I think there is missing where it can be found. Regards, Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] swat manpage -h opt bugreport 3.0.0
swat 3.0.0 manpage says: -h | --help swat --help prints help message. -h does not. Regards, Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
