[Samba] Shares connection problem after Debian upgrade
Hi, I just upgraded a Debian Samba server (PDC+shares) from Etch to Lenny, thus upgrading Samba from version 3.0.24 to version 3.2.5. After the upgrade most users, on WinXP SP3 clients, encountered problems connecting to SOME of their mapped network drives, access was denied as if the server was not available. Some others still worked, without a clear pattern. By looking into that I discovered that the registry keys related to the not accessible mapped drives inside HKEY_CURRENT_USER\Network had two values which were not found instead in the regkeys related to the still working drives: DeferFlags = 4 ProviderFlags = 1 Setting DeferFlags to 1, or deleting the two values entirely, and then logging in again, fixed the problem. I preferred the delete solutions, as I tried mapping a new drive and noticed that those values were not created. I found instead the DeferFlags solution somewhere on the web while looking for info about the problem. I could also disconnect and reconnect the drives but fixing the registry was faster. Now, this might be one of those strange Windows-related problem you have to accept, but what I'm asking here is: why did the problem only appear after the Samba upgrade? I didn't find any useful results by googling with those regvalues in relation with Samba. I can't believe I'm the only one who was bitten by this. -- Ciao, Marco. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Set password expiration date
Hi, I'm using Samba 3.2.5 on Debian Lenny, and I need to set the password for a certain user to expire on a specific date (not now, it's a date in the future). When I was on Debian Etch I could use this: pdbedit -r -u user --time-format=%d-%m-%Y --pwd-must-change-time=date But it seems this option for pdbedit is not available anymore in the Samba version included in Lenny. I've read elsewhere about using this as a replacement: net sam set pwdmustchangenow user yes ...but this sets the expiration date to NOW, which is not what I want. How can I achieve what I need? Using a cron job for planning a net sam command would give a different result, because the user would not be warned in advance about her password going to expire. Thank you. -- Ciao, Marco. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Set password expiration date
Il 27/08/10 15:42, Arvid Requate ha scritto: Sounds like a more debian related packaging question: http://packages.debian.org/lenny/i386/samba/filelist says /usr/bin/pdbedit is shipped in 2:3.2.5-4lenny12. Sorry, I do not understand what you mean to say. The Samba version shipped with Debian Lenny is 3.2.5, and pdbedit -V correctly returns 3.2.5. As far as I understood, the --pwd-must-change-time argument has been dropped in recent pdbedit versions. I think the previous Debian release (Etch) had Samba 3.0.24, that's where I come from, and there the pdbedit argument was still available. I suppose this change is due to Samba development, not to Debian packaging. -- Ciao, Marco. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re: Finding logged users with smbstatus
Il 31-05-2009 14:44, John Drescher ha scritto: If a user has been inactive for a while the connection is closed and you will not see them in smbstatus. Er... thanks, but... how long is that for a while? :) I wanted to test this, and left a user logged in since yesterday at 19:07 (GMT+1). There's nobody there now who can access the machine, I logged him in remotely using VNC and then closed my VNC connection. Now, more than 17 hours later, smbstatus -p still shows his process. Also a plain smbstatus shows a connection from his workstation to a service (a Samba share), started exactly yesterday at 19:07. The user has a couple of icons on the desktop which somehow link to the Samba server: a link to a subfolder (which actually doesn't exist anymore) in a Samba share, and a link to a web page whose icon is taken from a Samba share. But, without using them, I'm not sure they can cause any activity on the server. And, indeed, I see no activity in the Samba logs for that user. On the other hand, I just realized that the antivirus is checking each hour for new updates in a guest ok Samba share, with no authentication. So I have periodic activity from that machine, but not from that particular user. Whatever the reason, if the connection remains active for a whole working day without user intervention that's more than enough for me! -- Ciao, Marco. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Finding logged users with smbstatus
Hi, in a Samba 3.0.24 domain, using roaming profiles and WinXP (or later) workstations, can I be *100% SURE* to catch any logged in users when checking the smbstatus -p output? I need this to send internal service instant messages to some logged in users. Can it happen somehow that a logged in user is not listed in the smbstatus -p output, e.g. if he has been inactive for a while? Or is the process always active until the user logs out? Thanks. -- Ciao, Marco. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re: autodesk / autocad write problems
Il 11-11-2008 22:49, Tom Vier ha scritto: Anyone else have problems using autodesk products to save files to a samba share? No problems here. My users do it daily using AutoCAD 2007 on WinXP and Samba 3.0.24 on Debian Etch. -- Ciao, Marco. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Common MS Office and samba file share issue
Il 9-07-2008 2:14, Kevin Bedford ha scritto: The issue is .doc or .xls files saving and then producing an error about not being able to open the file for writing. Then it claims the file is locked by the user who just saved the file. It even occurs in users own home directories where no one else could have opened the file Are you sure you aren't talking about this Excel bug? http://support.microsoft.com/?scid=kb%3Ben-us%3B324491x=14y=13 -- Ciao, Marco. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Cannot add machine account
Il 2-02-2008 0:06, Ryan Novosielski ha scritto: Is that workstation name too long? On some of my machines, it would be. Well, the WinXP OS accepted it so I suppose it's not too long. Anyway I now tried adding another machine named MDVMBXP which surely is a good enough name, but the result is the same. The client is not involved at all in the error, because it just happens as soon as I do the following on the Samba PDC, well before trying to join the client to the domain: #useradd -g smb_pc -d /dev/null -s /bin/false MDVMBXP$ #passwd -l MDVMBXP$ Password changed. #pdbedit -a -m MDVMBXP tdb_update_sam: struct samu (mdvmbxp$) with no RID! Unable to add machine! (does it already exist?) PS: uhm, I just tried using smbpasswd instead of pdbedit and it appears to work, but I cannot try joining the domain now because I'm physically far from the LAN. I'll check when possible. -- Ciao, Marco. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Windows XP always see folder with read-only attribute set
Il 10/01/2008 19:19, Héctor Sánchez Sanmartín ha scritto: Does anyone has an idea what could be happening and how to avoid windows showing it as read-only??? Sorry for not having noticed this thread before, because I would have saved you some time. What you describe is not a problem with Samba. It is a Windows feature by design. Look here, and read especially the CAUSE section: http://support.microsoft.com/kb/326549/en-us -- Ciao, Marco. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Big problems with 3.0.24-6etch6 Debian packages
Il 30/11/2007 6:46, Christian Perrier ha scritto: New packages have been rolled out which claim to fix the long directory listings regression. It turned out that a chunk from Yes I've seen the DSA, thanks. But... Feedback about these packages is currently quite low so I would suggest people to run them carefully on their production servers. They ...I think I'll wait a bit before upgrading again, for this exact reason ;) After all, I didn't see many reports around the web for the problem I had, although it really was a showstopper for me. So, I'll better wait for some testing from others this time. Thanks anyway for the infos. -- Ciao, Marco. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Big problems with 3.0.24-6etch6 Debian packages
Hi, I'm using Samba as a PDC with roaming profiles on a Debian Etch machine, the clients are Windows XP/2000 machines. I just installed security upgrades with aptitude, and this upgraded all samba 3.0.24-6etch4 packages to 3.0.24-6etch6 (except for samba-doc which was upgraded to 3.0.24-6etch7). Immediately after the upgrade, my users could not load their profiles at login anymore. Errors popped out regarding problems loading insignificant files from their profiles, such as cookies, links to recently opened files, Java cache files, etc. This caused Windows to open up a new temporary profile, making everyone lose their settings. PANIC!! I now downgraded back to all 3.0.24-6etch4 packages, and things seem to be working fine again. What's happening with Samba packages for Debian Etch? I saw a security announce yesterday by Steve Kemp, but it's a bit confusing, for Etch it lists some 6etch6 packages and some 6etch7 others. Are the current packages broken? And... is there anyone officially working on more up-to-date Samba packages for Debian Etch? Or will we have to live with 3.0.24 until the next Debian stable upgrade? Thanks. -- Ciao, Marco. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Big problems with 3.0.24-6etch6 Debian packages
Il 27/11/2007 18:25, Christian Perrier ha scritto: and can't currently work on them. So you're quite likely to need waiting some time before this is fixed. In the meantim, you should revert back to -etch5 Thanks, no problem, I can wait. Luckily I could fix it immediately by reverting to the previous packages I still had in cache. And... is there anyone officially working on more up-to-date Samba packages for Debian Etch? Or will we have to live with 3.0.24 until the next Debian stable upgrade? This is not new in Debian. You will never get a new upstream version update for the stable distribution. Updates only include security fixes. Well, I know, but it wasn't like this for Samba on Sarge, when Simo Sorce promptly built upstream packages... but when Etch arrived I remember someone else was to take his role, can't remember who now. You might want to get packages built by the Samba team if you want to keep your samba server with the bleeding edge samba. Uhm... how? I can only get here from samba.org: http://us1.samba.org/samba/ftp/Binary_Packages/Debian/samba/3/ ...but I don't even know which Debian version are these for. -- Ciao, Marco. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Big problems with 3.0.24-6etch6 Debian packages
Il 27/11/2007 19:48, Christian Perrier ha scritto: On the other hand, I think (but this should be checked as well) that Debian packages from unstable may quite easily be rebuilt on an Etch machine. Thanks for your kind answer and your instructions. Anyway, I'll better not try this on a production server for the moment ;-). Maybe I will if a real need for getting upstream arises... I was asking because I recall that, long ago, I needed some new Samba features and could only get them on my Debian stable through Simo's packages. This is not the case now, but it might happen again, who knows. -- Ciao, Marco. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Rebuild Samba Server: Do my XP clients need to rejoin domain?
On 29/03/2007 18:17, Aaron Souza wrote: I would like to upgrade our Fedora Core 3 Linux server (hosting samba, among other services) to Cent OS 4.4. However, if I reformat the array and install Cent OS 4.4 and copy back all the samba files (and other files), do my Windows XP Clients have to re-join the domain? I ask I do not know Fedora and CentOS, but I performed a similar upgrade recently with Samba 3.0.23: I had a PDC running on Debian Sarge, I got a new machine and installed Debian Etch on it, then copied all relevant system and Samba files, following the migration guides in the official docs, and everything went smooth, also with WinXP Professional clients. No need to rejoin them. I suppose the same applies to your situation, as long as you take into account any different paths the two distros might use for Samba files. -- Ciao, Marco. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Change user IDs on Samba PDC
On 06/03/2007 0:35, simo wrote: HOWTO (Desktop Profile Management Chapter) about this? No, as far as I can tell this situation is not covered there; it talks about migrating profiles from a NT PDC, which is somehow different, and I'm missing the pieces to link it all together. You are missing the fact it is the same thing :-) Hi Simo! :) Well... maybe it is the same thing conceptually, but surely it is not from a practical point of view, e.g. On your NT4 domain controller, right-click on My Computer, then select Properties, then the tab labeled User Profiles hardly suits a Samba PDC ;). Moreover, my main purpose is not the migration of profiles from a server to a second one: I just want to fix UIDs on a server. I don't even know if some kind of migration will be needed for this, that's why I'm asking. strongly fear it could break something; it also only appears to support NT, which probably means you're in for a headache if you use it on XP profiles. profiles are the same on all machines the registry format has not change afaik. AFAIK is the problem here ;). Why can't you just keep your original tdbsam/ldap database of users, alogn with your PDC name and the secrets.tdb file ? Can I? Are you saying I can change the Linux UIDs, and Samba will continue working without a hitch with the same configuration and user database as before? This would wipe out all of my doubts, but I don't expect it to be SO easy... is it? I'm using tdbsam BTW. -- Ciao, Marco. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Change user IDs on Samba PDC
On 06/03/2007 14:46, simo wrote: Ahh, then you should have no problems, we don't save uids/gids in tdbsam, just the username. That sounds great. So, the UIDs in pdbedit's output are not read from the Samba database, but taken instead at runtime from /etc/passwd? I mean, quoting the pdbedit manpage: -L This option lists all the user accounts present in the users database. This option prints a list of user/uid pairs separated by the ':' character. Example: pdbedit -L sorce:500:Simo Sorce samba:45:Test User -v This option enables the verbose listing format. It causes pdbedit to list the users in the database, printing out the account fields in a descriptive format. Example: pdbedit -L -v --- username: sorce user ID/Group: 500/500 user RID/GRID: 2000/2001 Full Name: Simo Sorce (Actually, with the current pdbedit I don't see any UIDs with -Lv, I only see SIDs; but I still see the Linux UIDs when only using the -L option) Unfortunately we do save the gid in the group mapping database, so you must be carefull with mapped groups, but at most you will have to delete and redo the mapping. No problem here, I have almost no group mappings at all. Better to do it wtih samba stopped imo. Of course. This would wipe out all of my doubts, but I don't expect it to be SO easy... is it? Why not? :-) Because sh*t happens ;). -- Ciao, Marco. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: NTLM authentication with squid using smbpasswd/tdbsam?
On 05/03/2007 5:00, [EMAIL PROTECTED] wrote: The primary way of using NTLM seems to be using ntlm_auth. ntlm_auth connects to winbindd which then connects to an AD server for authentication. This doesn't seem to be what I want. ntlm_auth through winbind can also authenticate against a Samba PDC, whatever backend it uses. This is the way to go in your case. -- Ciao, Marco. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Change user IDs on Samba PDC
On 05/03/2007 14:23, Felipe Augusto van de Wiel wrote: That's a little bit of a hard guess. Windows can be an wild environment, and profiles can be even wilder. :-) I know, I know ;). PS: actually, I suppose I could simple delete both Linux and Samba users and create them again, as long as I know their passwords or inform the human users that they have to enter a new password... but what happens to their roaming profiles? Are they completely lost? Can't I reuse them by just changing file ownerships? There is a great chance that with new sid the workstation will create a new profile, isn't anything in the Samba Official HOWTO (Desktop Profile Management Chapter) about this? No, as far as I can tell this situation is not covered there; it talks about migrating profiles from a NT PDC, which is somehow different, and I'm missing the pieces to link it all together. Anyway I see mention of a profiles Samba tool which might be useful: it changes all occurrences of a SID in a NT registry file. But I strongly fear it could break something; it also only appears to support NT, which probably means you're in for a headache if you use it on XP profiles. Anyway, I could avoid touching the SID, if I can make the Samba users keep their SIDs while changing their Linux UIDs. This is the first piece I'm missing: what is the link between Samba users and Linux UIDs? What happens if I only change the UIDs? Can't I just change some references to them in the Samba database? PS: uhm, I now also noticed that the pdbedit command has -G and -U arguments which should be able to change the user/group SID for a user... If the only problem is the new SID, then maybe I could simply set it like the old one this way. Can anyone shed some light on this? -- Ciao, Marco. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Change user IDs on Samba PDC
Hi, I've got a Samba 3.0.24 Debian server which I'm currently moving to a new hardware. It uses tdbsam as password backend. So, while looking at configuration files, I was thinking: is there a way I could change the Unix UIDs for some users, without breaking anything? The problem is that, since migrating from a different Linux distribution a long time ago, I still have some UIDs and GIDs which do not follow the related Debian policy (http://www.debian.org/doc/debian-policy/ch-opersys.html), i.e. they are well below 1000 (from 500 and up for UIDs, but as low as 200 for GIDs). I would be happy if I could simply change the user IDs (or delete and create the Linux users again), fix file ownerships where needed, and then run Samba with no other change. On the other hand, if this is really impossible, I suppose I can live with it... Any info? Thanks. PS: actually, I suppose I could simple delete both Linux and Samba users and create them again, as long as I know their passwords or inform the human users that they have to enter a new password... but what happens to their roaming profiles? Are they completely lost? Can't I reuse them by just changing file ownerships? -- Ciao, Marco. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Password expiration and documentation problems
Hello, I'm using Samba 3.0.21a on Debian Sarge, tdbsam account backend. I was playing around with pdbedit and the account control flags, and noticed a different behaviour from what I expected: if the password for a user has expired, and I set the X account flag for him (pdbedit -c [X] username), I'd expect the system to never tell him about his expired password. Instead, the only difference is this: without the X flag, the user is forced to change his password, while when the X flag is active he is warned that the password has expired, but he has the choice to ignore the warning and continue using the old password; this happens at each logon, so eventually changing the password is unavoidable anyway to get rid of the warning. Is this the correct behaviour? In other words: is setting the expiration date far away in the future the only way to make a never-expiring password? I hoped to be able to do it by using the X flag... BTW, my user accounts initially had a password expiration date set to sometime in 1901 (this was automatically set, I don't know why), and this worked like a far away date, because their passwords never expired. Looks like what I'm after, but how can I recreate it? pdbedit does not seem to accept dates outside the 1970-2038 range. While playing with this, I encountered some problems in the documentation. The most important is an error (I believe) in the HOWTO: at the end of the section about pdbedit (http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/passdb.html#pdbeditthing) an example is made where maximum password age should be set to 90 days and minimum password age to 7 days... but the commands shown set the time to 90 and 7 seconds, respectively! Then, I think the pdbedit man page should mention that, instead of using: pdbedit -u username some options ...you can use: pdbedit some options username ...which is IMHO more friendly. I only discovered it by looking at the samples in the HOWTO. Finally, when reading in the pdbedit manpage that this is a tool to manage user accounts, you would expect it to also be able to change user passwords... but AFAIK is not, and you must use smbpasswd even when you're not using the smbpasswd password backend. IMHO this should be made explicit in the docs, both in the pdbedit and smbpasswd man pages. Thanks. -- Ciao, Marco. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Red X and guest user message in logs
Joel Franco wrote: Try sniff the ethernet communication with ethereal in the server (within a VNC server is cool), or try to increase the log level (3 gives you a lot information). Too much information, unfortunately. :-( The problem happens at random, and setting log level to 3 for an undefined time I run the risk of getting out of disk space (I already tried). Maybe I could sniff, yes, but browsing through tons of ethernet packets looks like a rather extreme solution to me. -- Ciao, Marco. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Red X and guest user message in logs
Hello, I have a Debian Sarge machine running Samba 3.0.14a as PDC and file server. Everything runs smoothly, except for a random problem: users (on Win2000Pro clients) are often seeing a red cross on the main network share, as if it was disconnected. This red X seems to come and go at random. The red cross would not be a big issue itself, but it has an annoying consequence: when it appears, Windows thinks the connection is down, so if you save a file on the share while the red X is there you get an error dialog telling something like The connection to the server has been reset. The file cannot be saved. (recalling from memory and translating from Italian, so the actual English message might be very different). The file is saved anyway, but users are obviously alarmed by the message. I had a look at my Samba logs (level 2) around the time when an user told me he noticed the red cross, but didn't find anything special, exception made for the following message: [2005/11/25 17:14:51, 2] smbd/service.c:make_connection_snum(314) guest user (from session setup) not permitted to access this share (COMMESSE) The user was already authenticated on the domain, and didn't logoff, so I can't understand where does this guest access come from. Can this message be related to my problem? Here follows an excerpt from my smb.conf, as returned by testparm, with some more or less sensible data omitted. BTW, the log file where I found that message was named client_name..log, which is correct (see log file setting below). I really hope someone can give me some clues, as this has been going on for months now. Thanks in advance. - [global] unix charset = UTF8 workgroup = domain name server string = Server Linux, Samba %v passdb backend = tdbsam log level = 2 vfs:2 syslog = 0 log file = /var/log/samba/%m.%U.log max log size = 0 logon script = netlogon.bat logon path = \\%L\profiles\%U logon drive = Z: domain logons = Yes os level = 64 preferred master = Yes domain master = Yes enhanced browsing = No create mask = 0664 directory mask = 0775 hosts allow = 127.0.0.1, 192.168.1.0/255.255.255.0 ea support = Yes hide files = /desktop.ini/.DS_Store/ veto oplock files = /NTUSER.DAT/ map archive = No store dos attributes = Yes dos filemode = Yes [netlogon] path = /home/netlogon browseable = No [profiles] path = /home/samba/profiles read only = No create mask = 0600 directory mask = 0700 browseable = No [COMMESSE] path = a valid path invalid users = one username force user = another username read only = No vfs objects = recycle recycle:exclude = ~$* ~*.doc *~*.tmp *.bak recycle:touch = yes recycle:versions = yes recycle:keeptree = yes recycle:repository = .cestino - -- Ciao, Marco. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Red X and guest user message in logs
Joel Franco wrote: I had that problem of a radom red X in the mapped drive too when the server was a Win98 machine. The problem was hardware on this server. I already thought about a hardware problem, but one thing mostly keeps me away from this idea: supposing there was some hardware network fault, I'd expect to find traces of communication errors in Samba logs (and maybe syslog). Instead, I see no errors in there, apart from the guest user message I reported. -- Ciao, Marco. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Group mapping only working for initial group?
In article [EMAIL PROTECTED], Gerald (Jerry) Carter [EMAIL PROTECTED] wrote: Marco De Vitis wrote: | Shouldn't group mapping work also for groups other | than the initial one? Yes. It does for me. Could be the user private group that's causing problems. Windows does not allow a user and group with the same name. Oh, right, could be. Although it's strange that this is preventing Windows from being informed about the user membership in the other group. Who knows. Thank you. -- Ciao, Marco. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Group mapping only working for initial group?
Hello, on my Samba 3.0.14a PDC (Debian Woody) I created a local unix group named gpusers. Then I mapped it to a new NT domain group named GPPower: # net groupmap add rid=1005 ntgroup=GPPower unixgroup=gpusers Then added a user mdv, who already had its own initial group mdv, to the new gpusers group: # usermod -g mdv -G gpusers mdv So the situation for mdv is the following: # groups mdv mdv : mdv gpusers I finally added the GPPower domain group to the local Power Users group on a domain client (Win2000Pro). In this situation, when the user logs in on that client, he is NOT part of the Power Users group. Instead, if I change his initial group: # usermod -g gpusers -G mdv mdv # groups mdv mdv : gpusers mdv ...then the user correctly appears to be part of the local Power Users group on the domain client. Shouldn't group mapping work also for groups other than the initial one? Thanks. -- Ciao, Marco. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Broken Samba in OS X. Any Alternatives?
Il 06/06/2005, alle ore 8:12, Jeremy Allison ha scritto: Or Apple can learn how to cooperate with Open Source/Free Software projects. Hi Jeremy. I don't know anything about changes introduced in Samba by Apple in MacOSX 10.4, but I've actually read that some OSX 10.4.1 users had troubles accessing a Debian server running Samba 3.0.14a, and everything started working again after they downgraded Samba to version 3.0.10 on the server, without changing anything on the clients. So, I know that Windows clients have no problems connecting to Samba 3.0.14a (I manage myself such a network), but maybe the problem is also partly due to some recent changes in Samba code. As I also own a Mac with Tiger installed, I might be able to help you do some tests, if needed. -- Ciao, Marco. ...Big Band Record, Ray Anderson (1994) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Re: Re: extd_audit log output and documentation
Il 07/04/2005, alle ore 15:52, John H Terpstra ha scritto: On Thursday 07 April 2005 07:35, Marco De Vitis wrote: https://bugzilla.samba.org/show_bug.cgi?id=2349 extd_audit VFS log output problems - unexpected behaviour But nobody seems to have picked it up. What else can I do, as a non-programmer? Please help me to help you. :) Understood. Ehm... sorry, what? Should I mail anyone in particular about it? Thanks. -- Ciao, Marco. ...The Juliet Letters, Elvis Costello The Brodsky Quartet (1993) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Re: Re: Re: extd_audit log output and documentation
Il 08/04/2005, alle ore 16:41, John H Terpstra ha scritto: Whoever did the last update to this module did not document the changes and most likelt will not either. I originated the extd_audit module and thus I think it will fall to me to update the docs. That will have to wait until I get current priorities out of the way. It will be at least 4 months before I will get to this. Oh, I see, thank you for the explanation. I had a look at the code and it doesn't seem too complex (I have very very basic programming knowledge), who knows, maybe I'll take courage and give it a try in the next months. ;) I'll keep you informed if this happens, of course. -- Ciao, Marco. ...Dig?, Bill Bruford's Earthworks (1989) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: extd_audit log output and documentation
Il 07/04/2005, alle ore 9:20, John H Terpstra ha scritto: I would much appreciate if you could provide a documentation update. I am bogged down with other priorities right now. If you can not provide a detailed documentation update this will have to wait for several months before I can even think of looking at this. Hi John, actually I didn't expect the problem to be in the documentation, but rather in extd_audit behaviour. I recall you telling that someone changed the VFS module behaviour after you wrote the doc, without notifying you. So I'd change the question to: is extd_audit ok as it is now, or does it need to be fixed? What the doc says seems to be a reasonable behaviour for extd_audit. Otherwise, I sincerely would have no idea where to start updating the documentations, because do not know how extd_audit works in first place. Good documentation cannot be written by trial and error. :-/ Who is the developer of extd_audit? Can he be reached and asked for details? -- Ciao, Marco. ...The Lamb Lies Down on Broadway, Genesis (1974) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Re: extd_audit log output and documentation
Il 07/04/2005, alle ore 15:13, John H Terpstra ha scritto: The documentation will need to be updated based on a review of the current source code. If there is a bug then the appropriate vehicle for having it dealt with is a bug report on https://bugzilla.samba.org. ...which is what I already did: https://bugzilla.samba.org/show_bug.cgi?id=2349 extd_audit VFS log output problems - unexpected behaviour But nobody seems to have picked it up. What else can I do, as a non-programmer? Please help me to help you. :) -- Ciao, Marco. ...Red, King Crimson (1974) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] extd_audit log output and documentation
Hello, any news about the inconsistencies between what the Samba HOWTO tells and the actual behaviour of the extd_audit VFS module? See https://bugzilla.samba.org/show_bug.cgi?id=2349 Thanks in advance for any useful info. -- Ciao, Marco. ...Close To The Edge, Yes (1972) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] VFS Extended Auditing output situation
Hello, I'm using Samba 3.0.10 as file server and PDC for some Win2000 Pro clients, and I'd like to get detailed and clear logs of file/dir creation/open/save/deletion on some shares. The standard logs are a bit too much for me. The ideal would be a well balanced setting of the extd_audit VFS module, but when trying, some months ago, I discovered it behaved differently than expected, see http://groups-beta.google.com/group/linux.samba/msg/6207c77305925e18 Has anything changed since then? I'm trying it this very moment, using the following global parameters: log file = /var/log/samba/%m.%U.log syslog = 0 log level = 0 vfs:2 max log size = 0 The share I'm interested into has the following parameter: vfs objects = recycle extd_audit ...plus some options for recycle, and of course all standard share definition parameters. Using this configuration, according to the docs, nothing should go into syslog, and samba logs should only contain extd_audit output; quoting from the official howto: Syslog can be used to record all transaction. This can be disabled by setting in the smb.conf file syslog = 0. Logging can take place to the default log file (log.smbd) for all loaded VFS modules just by setting in the smb.conf file log level = 0 vfs:x, where x is the log level. This will disable general logging while activating all logging of VFS module activity at the log level specified. Detailed logging can be obtained per user, per client machine, etc. This requires the above together with the creative use of the log file settings. Instead, here is what I can see: - extd_audit output is going *to syslog only*, and it does not contain info about the user who executes the action, which makes it somewhat useless for multiuser environments; ok, you can find out the user by looking at the PID, but it's not an easy job if you are searching through megabytes of old logs; - almost nothing is logged by extd_audit, regarding file reads! There are 10 users currently connected and working, and in 1 hour only the following few operations have been logged: feb 8 11:37:44 gpserver smbd_audit[24489]: open Personali/SMo/Martina/Martina -1-COMPRESSA 2.jpg (fd 26) feb 8 12:01:52 gpserver smbd_audit[24506]: open rsaenh.dll (fd -1) failed: No such file or directory feb 8 12:19:39 gpserver smbd_audit[24506]: open quasi.rl4 (fd -1) failed: No such file or directory feb 8 12:19:39 gpserver smbd_audit[24506]: open sicure.rl4 (fd -1) failed: No such file or directory ...plus many failed opens of Desktop.ini, many opendirs and various connect/disconnnect messages. I also expressly asked a user (I'm remotely connected) to open a specific JPG file in that share, she did (I checked with ls -l --time=atime), and nothing was logged about it. - only a few smbd errors are logged into Samba logs in /var/log/samba, e.g. couldn't find service and string overflow by 1. This definitely is not the expected behaviour. Any clues? Thanks. -- Ciao, Marco. ...Have a Little Faith, Bill Frisell 1993 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Preventing deletion of folders under a SAMBA share
Il 03/02/2005, alle ore 22:13, Stuart Callender ha scritto: folder structure intact. However this option seems to be ignored by Samba 3 and Windows 2000. Windows 2000 will quite happily delete read-only files - which seems to be an annoying trait that cannot be Uhm, as far as I recall, Win2000 deletes them only after asking the user for confirmation (something like this folder is read-only, do you really want to delete it?). If you want to prevent them from being deleted even after confirmation, then you could try setting to read-only the parent folder which contains the undeletable folders (which would be the share root folder itself, supposing the undeletable folders are at the first level). -- Ciao, Marco. ...Dig?, Bill Bruford's Earthworks 1989 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Roaming Profiles -- Problem Rapidly Switching Users
Il 24/01/2005, alle ore 21:16, [EMAIL PROTECTED] ha scritto: ANY machine. However on a SINGLE MACHINE, when I log on as USER_1 and access that user's roaming profile, if I then log off and immediately try to log on again (AS USER_1 or ANOTHER USER), Windows XP gives me a message saying that it I recall having similar errors on Win2000 machines, when rapidly logging off and on using various machines (I don't remember experiencing the same on a single machine, though). I was told it's a Windows problem, as Win clients do not immedately remove all file locks upon logout. I worked around this using the following parameter in smb.conf: veto oplock files = /NTUSER.DAT/ -- Ciao, Marco. ...Refugee, Refugee 1974 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Re: Re: Question about win2000 and samba
On 23/12/2004 Bart Hendrix wrote:
When I go to my computer, I see a red cross in every sharemapping. But
when I click on the sharemapping it seems to work fine end I can see
al files.
On 24/12/2004 Gémes Géza wrote:
Changed the NICs and other hardware (even the servers), and of course
the Samba release (a couple of times) since the problem first apeared in
2001 (then we got our first Win2k workstations). I haven't inspected
Samba logs (yet) haunting for such simptoms, but I've did it many times
Indeed, today I finally replaced the NIC on the machine which is giving me
the exact same problem, to no avail: the red crosses remained.
Small reminder: I manage a network of 12 Win2000 machines connected to a
Samba PDC and file server, and only one of them is having this problem.
The machine is almost identical to another one, both in hardware and
software (the OS was cloned from the other one); the main difference is
that it has a Pioneer DVD burner, beside the regular CD reader, and Nero
installed.
I already had the same problem in the past, which I eventually discovered
was caused by the installation of Easy CD Creator 5.
So, recalling something about past problems with Easy CD Creator, here's
what I did today: I removed the Upperfilters and Lowerfilters values from
the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}
(I hope that's the right number at the end, I'm not at that machine now
and copied it from a MS article; anyway the two values were something like
Cdr4_2K and Cdralw2k.)
I then only had the possibility to test the machine for a few minutes, but
the problem seemed to be gone (it usually appeared right from login or
very soon after).
Can you try doing the same? Do a backup of the registry key before
deleting those values, you never know.
Please make me know if it helps, thanks.
--
Ciao,
Marco.
...You Had It Coming, Jeff Beck 2001
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Question about win2000 and samba
Il 23/12/2004, alle ore 18:28, Adam Tauno Williams ha scritto: The connections have been idled out, this is normal Windows 2000 behaviour. There are many articles about changing the value or disabling the 'feature' This can be changed or disabled only in Windows servers, AFAIK, which indeed have a default idle value of 15 minutes or so. This should not happen with Samba, and the fact that Bart experiences the problem right from boot up confirms that this is a different problem. Bart, do you have the problems on ALL (how many?) Win2000 machines you use? I also had the problem on a particular Win2000 machine in the past, it seemed to be due to the installation of Roxio Easy CD Creator 5 Platinum. Now I'm having the same problem on another machine which does not have that program installed (although it does have a CD writer), and I suspect it's due to a somehow faulty network card, I'm going to try replacing it. -- Ciao, Marco. ...Have a Little Faith, Bill Frisell 1993 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Re: Question about win2000 and samba
Il 24/12/2004, alle ore 10:02, Gémes Géza ha scritto: It happens to me to at any W2k machine on the network, and also to other users, so I suspect it is not a network problem. Maybe faulty network card/cable on the server or something like that? Check the Samba logs for errors; if the problem is in Samba, they should show some traces of it. -- Ciao, Marco. ...Close To The Edge, Yes 1972 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Getting the SID
Il 05/10/2004, alle ore 21:16, Paul Espinosa ha scritto: And now I've got a little conundrum. How to I get the local SID from the old samba server. It's running Samba 2.2.2 and it doesn't appear to have the -X flag for smbpasswd that is supposed to be in 2.2.8 and it obviously The SID should be stored in the secrets.tdb file, try copying this file to the new installation. Pay attention to using the correct directory... I had problems when moving from Mandrakelinux 9.0 to Debian Woody because they kept secrets.tdb in different places. -- Ciao, Marco. ...Stupid Dream, Porcupine Tree 1999 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Re: VFS Extended Auditing Module Debug Information
Il 27/09/2004, alle ore 18:23, rruegner ha scritto: also not working log file = /var/log/samba/%U.%m.log It works fine here, since Samba 2.x. Actually I use it the reverse way: %m.%U.log Some files are created as machinename..log, without username, but I suppose that's normal: they are probably used to log events taking place when no user has been authenticated yet, or something like that. -- Ciao, Marco. ...Dig?, Bill Bruford's Earthworks 1989 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: where is an explain of the tdb -files in Samba?
Il 26/09/2004, alle ore 20:32, [EMAIL PROTECTED] ha scritto: of what contains the .tdb-files. Okay, the secret.tdb contains the I suppose it will not answer all your questions, but you can have a look at the TDB FILES section in the man page for smbd (http://www.samba.org/samba/docs/man/smbd.8.html). -- Ciao, Marco. ...Crac!, Area 1975 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Server change
Il 22/09/2004, alle ore 16:01, LCID Fire ha scritto: Could anybody point out what things one has to take care of when changing the samba pdc? Remember to copy the domain SID, which is contained in the secrets.tdb file. You can also copy it using the net getlocalsid/net setlocalsid commands. Besides where does in samba 3 reside the smbpasswd file? Either it is due to using debian sarge but in samba 2 it resided beneath the smb.conf file. I wanted to check the smbpasswd file but couldn't find it. In Debian Woody it's in /var/lib. -- Ciao, Marco. ...Low, David Bowie 1977 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Log level and debug classes
Hi, I quote from the smb.conf man page: log level (G) The value of the parameter (a astring) allows the debug level (logging level) to be specified in the smb.conf file. This parameter has been extended since the 2.2.x series, now it allow to specify the debug level for multiple debug classes. [...] Example: log level = 3 passdb:5 auth:10 winbind:2 How can I know the names of all debug classes available, what they refer to, and the effect of log levels on them? My aim is to increase logs regarding file/dir access (e.g. log level = 2 doesn't log creation/deletion of an empty dir, not even when using the extd_audit VFS module), without having too much useless debug info inside logs. Thank you very much in advance. -- Ciao, Marco. ...Refugee, Refugee 1974 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Log level and debug classes
Il 22/09/2004, alle ore 14:57, Igor Belyi ha scritto: From source/include/debug.h: [...] From source/lib/debug.c: [...] Thanks, I'll do some tests. I don't know the answer to that but what I would do - I would turn all trace on and look which file reports the information I'm intereted in. Then look what debug class is defined for this file and what debug level turns the message on. Sorry, I don't understand: what do you mean by turn all trace on and look which file...? You mean there is a way to make samba create a different log file for each debug class? How? -- Ciao, Marco. ...Dig?, Bill Bruford's Earthworks 1989 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Audit
Il 20/09/2004, alle ore 15:55, rruegner ha scritto: hi, i have something like this in the logs [2004/04/22 08:35:55, 2] smbd/open.c:open_file(240) tanrit opened file tanrit/Vorlagen/winword2.doc read=Yes write=No (numopen=5) so its user time file what else do you miss? Some actions are not logged. My need came when an empty directory appeared from nowhere in the root of a samba share. My boss asked me to check what happened, but I could find no trace at all of the dir creation. Indeed, I just tried with Samba 3.0.7, log level = 2 and extd_audit active: from a Win2000 client I created and then deleted a directory inside a share, and nothing about this was logged. So it seems also audit modules are useless to me. :-/ Maybe more actions would be logged if using log level = 3, but this also creates loads of uninteresting (to me) log lines. The man page for smb.conf says that This parameter has been extended since the 2.2.x series, now it allow to specify the debug level for multiple debug classes, but how can I know which debug classes are available to use, and how log level values affect them regarding logged operations? i tried to set /var/log/samba/%U.%m.log to have user at machine log but this fails, i guess of massive logging That's strange, I have almost the same setting and it works fine: log file = /var/log/samba/%m.%U.log -- Ciao, Marco. ...Uncle Moe's Space Ranch, Garsed/Helmeric/Willis/Chambers/Kinsey 2001 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba Share Help Needed
Il 21/09/2004, alle ore 16:08, Ben ha scritto: Question: How can I make the same directory only readable by the rest of the users ? [pcbdata] comment = PCB Design Files path = /home/pcbadmin/pcbdata writable = no write list = pcbadmin -- Ciao, Marco. ...Dancing, Mike Keneally Beer for Dolphins 2000 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Re: Audit
Il 21/09/2004, alle ore 17:43, rruegner ha scritto: as a work around you can use the recycle module, so whatever they delete you will have it Thanks, I already use it, and I use a cron scripts which regularly empties recycle dirs and logs down all deleted files. But: 1. empty directories (such as the one in my example) do not go to the recycle dir, they are directly deleted, as far as I can tell; 2. even if it worked, it would only be useful for deleted files, and not to track down who did the latest modification to file xyz etc. -- Ciao, Marco. ...Outside, David Bowie 1995 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Network Drives Dropping Out
Il 21/09/2004, alle ore 17:07, Adam Tauno WIlliams ha scritto: The redXs mean the connection has been dropped probably due to idle Right. I just want to add that I also noticed this problem on Windows 2000 Pro clients where Roxio Easy CD Creator 5 was installed, with a slightly different behaviour: all network drives _always_ appeared as disconnected, right from boot up, although they were accessible. Uninstalling Easy CD Creator made the problem go away, and reinstalling it made it come back. I found other users with the same problem on the Roxio forum, but no solution. -- Ciao, Marco. ...Skylarking, XTC 1986 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Audit
Hello, I'm using Samba 3.0.7, and I'd like to keep logs of open/delete/etc. files, to be able to tell which user accessed a particular file at a certain moment, and so on. Samba logs are a bit confusing for this purpose. I thought the audit VFS module was best suited for the task, but I encountered some problems: 1. it does not clearly report which user did each action. Ok, it reports the PID, which could _maybe_ be put in relation with the user by searching in smbd logs, but it's uneasy. 2. It outputs lots of stuff, cluttering syslog. Ok, I can use syslog config to filter user.notice events in a different file, but this does not prevent syslog from becoming cluttered. Moreover, I tried this, and the file where I redirected the output grew up to more than 200 MB in a couple of days! :( 3. I'm now trying extd_audit, but the result seems more or less the same, if not even worse, as it also clutters Samba logs with its output. 4. I've noticed the presence of a full_audit module in my installation, without any docs. I had a look at the source, it contains some docs, and it seems interesting, but the docs do not list all available arguments for its options, and when trying to use it in smb.conf I get some fatal errors when starting Samba (sorry, cannot report the exact errors at the moment). Can anyone shed some light on the subject? Thanks a lot. -- Ciao, Marco. ...Homogenic, Björk 1997 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: PDC from 2 to 3, SID headaches
Il 13/09/2004, alle ore 20:22, [EMAIL PROTECTED] ha scritto: Where does Samba 3 store the domain SID? I tried deleting /etc/samba/secrets.tdb, to no avail. Indeed SID is stored in this database. You can use tdbdump to see what are Indeed it is, and today I found the cause for my problem: my fault. I was coming from a Mandrakelinux installation, where secrets.tdb sits in /etc/samba/, and moving to a Debian Woody installation, supposing the file position was the same. Wrong. Debian has the file in /var/lib/samba/. So I was simply deleting/replacing the wrong file. :-/ I now stopped Samba 3, replaced /var/lib/samba/secrets.tdb with the old one from Samba 2, restarted Samba 3, and finally had my new PDC with the old SID for both domain and server. Client logins are working fine without any changes. Thanks for your help. -- Ciao, Marco. ...Dancing, Mike Keneally Beer for Dolphins 2000 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: PDC from 2 to 3, SID headaches
Il 12/09/2004, alle ore 2:05, Brian Krusic ha scritto: Since user profs and envs are critical in my env, what I did was [...cut...] Thanks but oh, no, please someone DO tell me that a way exists to copy the domain SID and avoid all this trouble! :-( Where does Samba 3 store the domain SID? I tried deleting /etc/samba/secrets.tdb, to no avail. -- Ciao, Marco. ...Outside, David Bowie 1995 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Questions on VFS modules (audit)
Hello, I'm configuring Samba 3.0.6 on Debian stable, after using version 2.2.8a for a while. I have some questions on VFS modules, which could be summed up into a single big question: is there any documentation about them, other than the few paragaphs in the official howto? Now for the single questions: 1. audit: its output goes into syslog, no options to change this, right? And also no options to only record some specific actions, right? Due to the way Windows clients access files, I see lots of useless lines cluttering syslog. 2. extd_audit: same as audit, but it ALSO outputs to Samba logs. Can't the output to syslog be deactivated here? Also, I read it has a configurable parameter, a log level; what's the syntax for this parameter? The howto does not explain it. 3. In my installation I can see more modules, not mentioned at all in the howto: cap.so default_quota.so expand_msdfs.so full_audit.so readonly.so What's their use? Of course, I'm particularly interested in full_audit. Its source code (seen downloading the samba tarball) contains some limited docs, e.g. it does not list all possible options for its parameters. But, most of all, if I try using it in smb.conf my samba won't run at all, reporting errors with full_audit.so. Sorry that I can't show you the error log now, I currently do not have access to that machine. Thanks in advance for any info. -- Ciao, Marco. ...Hergest Ridge, Mike Oldfield 1974 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] PDC from 2 to 3, SID headaches
Hello, I'm doing a migration of a PDC from Samba 2.2.8a on Mandrake Linux 9.0 to Samba 3.0.6 on Debian Woody (stable), both on the same machine, different partitions, they do not run simultaneously. And I really need help. :-/ I could not find a detailed guide, so after having a look at the migration chapter of the official howto, I adapted my smb.conf keeping the same host and domain name, copied needed users by hand (by copypaste from/to passwd, shadow, group, gshadow and smbpasswd files, verifying that no IDs conflicted), got the 2.2.8a domain SID with smbpasswd -X and imported it in the 3.0.6 domain with net setlocalsid. I don't think I have anything else necessary, in other tdb files. Now, maybe the problem was the last step: after doing it on the Samba 3 domain, net getlocalsid and net getlocalsid domain_name returned two different values, which is not a good thing according to www.richardsharpe.com. Indeed, with net setlocalsid I did set the SID for the server, but HOW can I set the SID for the domain?? Anyway, the result was that Win2000 clients (I tested only one) could not load user profiles from the server, because a copy with wrong permissions already exists on the server or something like that. But users could access shares regularly. I could not find any special hints in logs at level 4. So I removed the client from the domain, and then made it join again. The result: no more errors at login, but most user settings are not loaded, and all local user/group mappings on the client have disappeared! This is a disaster for me, as domain users need to belong to the local Power Users group to use some crap applications, and I really do not like the idea of going through all clients again to assign users to groups. 8-/ I then tried making domain and server SID the same, copying the domain SID to the server (so both were different from the 2.2.8a one, but unfortunately I can't find a way to do the opposite). Had to remove/join the client again, and the problem stays the same, if not even worse. I also tried copying secrets.tdb over from the 2.2.8a installation, but nothing seemed to change. I then rebooted back on Mandrake with the old version, rejoined the client in the old domain, and everything started working fine again, including user/group mappings. I really need some detailed suggestions on what I might be missing. Thank you very much. I'm also having problems with VFS modules and charsets, but these will come later. ;) Making the new PDC basically work is my current priority. -- Ciao, Marco. ...Stupid Dream, Porcupine Tree 1999 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Read-only folders and WinXP
Hi, I posted this some time ago but it remained unanswered; sorry for the repost, but I hope to receive at least some confirmations or otherwise by other people using WinXP Pro. Using Samba 2.2.8a, I have a problem on a WinXP Pro client regarding the read-only attribute on folders; the problem does not appear on Win2000 Pro clients. Here it is: setting and unsetting the read-only attribute on files works fine, both on Win2000 and WinXP. And setting it on _directories_ does not work, if I recall correctly, neither on Win2000 nor on WinXP (but this is not a problem). Instead, UNSETTING it on directories works fine on Win2000, while it doesn't work on WinXP: it doesn't return any error, but when you open the folder properties again you notice that the attribute has not changed. I need this feature for some directories which are periodically set to read-only from the Linux side and need to be changed to writeable by users using the clients. It works fine on Win2000, but WinXP is driving me mad. Any clues? Can anyone confirm that their WinXP behaves the same? Thanks. -- Ciao, Marco. ...Skylarking, XTC 1986 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Read-only folders from XP Pro
Hi, I'm using Samba 2.2.8a as PDC + file server in a LAN containing many Win2000 Pro clients and one WinXP Pro client. In a share I have some directories which are set to read-only by a script on the Linux side, but any user can open up the folder properties on the Windows client and remove the read-only attribute; this is ok, it's what I want, and works perfectly on Win2000 clients. On the WinXP client, instead, when opening the properties window the checkmark near the read-only attribute is shown in grey; if the user removes it and clicks on OK nothing happens, the attribute is not changed. The same user, when accessing to the share using a Win2000 client, has no problems. Setting and unsetting the read-only attribute on _files_ works fine, also on WinXP. Setting it on directories does not work, if I recall correctly, neither on Win2000 nor on WinXP. But UNSETTING it on directories works fine on Win2000, while it doesn't work on WinXP. This is an important problem for me, and I opened up a bug report some days go (Bugzilla Bug 796), but didn't hear any comments yet. So I'll ask here: is anyone else experiencing the same problem? Any workarounds? Thanks a lot. -- Ciao, Marco. ...Refugee, Refugee 1974 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: oplock problem on NTUSER.DAT (fwd)
Il 30/07/2003, alle ore 1:41, Rashkae ha scritto: Try to veto oplocks for that file. In the global section of your smb.conf, add the following veto oplock files = /NTUSER.DAT/ Let us know if that changes the behaviour. This sounds like an interseting quirk in the W2K clients. Hi, I know I'm a bit late, but I could only try it now. Yes, thanks, I added that option and got no oplock errors today, so the workaround seems to work fine. -- Ciao, Marco. ...Stupid Dream, Porcupine Tree 1999 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] oplock problem on NTUSER.DAT
Hi, I'm on a network with a Samba 2.2.8a fileserver + PDC (Mandrake Linux 9.0) and various Win2000 Pro clients. Very often, when I log off from one client and log on a different one soon after, I get an error message telling me that the remote profile cannot be loaded, and the local one will be used, as if the profile was still locked by the previous session. One peculiar thing to notice is that, if I logon simultaneously on two or more clients, I do not get any similar errors, everything works fine. In syslog I found the following lines: [2003/07/29 18:53:43, 0] smbd/oplock.c:oplock_break(797) oplock_break: receive_smb timed out after 30 seconds. oplock_break failed for file mdv/NTUSER.DAT (dev = 307, inode = 449101, file_id = 2965). [2003/07/29 18:53:43, 0] smbd/oplock.c:oplock_break(869) oplock_break: client failure in oplock break in file mdv/NTUSER.DAT I did not set any option regarding oplocks in my smb.conf, I'm using the defaults in this regard. Can I work around the problem by using some particular smb.conf options, or is it an unavoidable Win2000 client problem? Thanks. -- Ciao, Marco. ...Skylarking, XTC 1986 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Winpopup message to all user on a PDC
Il 01/07/2003, alle ore 14:19, Roberto Samarone Araujo (RSA) ha scritto: It it possible to send messages to all users logged in a PDC at same time ? I didn't find a ready-to-use program, so I use something like this inside an executable script: for i in $(cat /path/clientlist.txt) do echo message_text | smbclient -M $i done clientlist.txt is an ASCII file containing a list of all NetBIOS names of the PCs in the network, e.g.: ACCOUNTING JOHN BILL_PC SHARED etc... message_text is the text you want to send. -- Ciao, Marco. ...The Lamb Lies Down on Broadway, Genesis 1974 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: please help: problems using 'force group' option
On Tue, 1 Apr 2003 08:48:55 +0200, Jordi Castells wrote: I would like to control the access to the shared files, so only allowed groups of users can modify/create files I think the simpler method to do this would be to use the write list parameter, together with read only = yes. -- Ciao, Marco. ...A Passion Play, Jethro Tull 1973 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: New Files in Samba
On 27 Mar 2003 09:37:22 -0500, Eric Halverson wrote: share. If you want rwx access for the creator and primary group, create mask would be 0770, if you want full access for everyone to have full access to the files, create mask would reflect 0777. Just make sure Shouldn't this be force create mode, instead of create mask? -- Ciao, Marco. ...The Lamb Lies Down on Broadway, Genesis 1974 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: hide files problem
On Fri, 28 Mar 2003 11:48:18 +0100, [EMAIL PROTECTED] wrote: hide dot files = yes This is the default, so you don't need to specify it. hide files = /.* This is the same as the previous option, so it only adds some useless overhead. And, judging on the man smb.conf examples, I suppose it should be: hide files = /.*/ veto files = /.* This is the same as before, with the only difference that the invisible files are also not accessible. When user changes options in folder options to show hide files and folders, he can see all files/folders beginning with . This is a normal behaviour for hidden files on Windows. And also on Linux, after all: a ls -a shows everything. You cannot make a file _totally_ invisible. -- Ciao, Marco. ...Grace, Jeff Buckley 1994 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Fw: share a folder rw, but not deletable?
On Wed, 26 Mar 2003 02:38:43 -0600, Brian Wiese wrote: I've tried setting the directories with the sticky bit (i) with chattr +i dir/ and that didn't work... as now the users could not r/w data within the directory. I don't want the directories to be renamed or deleted. I solved a similar situation this way: I changed the mode of all files in the share to 666, and dirs to 1777 (that's 777 + sticky bit). This means that anyone can read the contents of the share, but they cannot delete or rename any file or directory and they cannot edit the contents of any existing file (exception made for one user, the owner of all files and dirs, who can do anything). Anyway, everyone can add files and dirs, but I also used these two options: force create mode = 666 force directory mode = 1777 Then, every night, an automated script sets the privileged user as the owner of all files and dirs in the share. So, if someone adds a file or dir, he has the possibility to delete or edit it for the whole day; then, the next day, the objects he added are locked again, just like the rest of the share. The only difference, in your case, might be if you want to allow users to edit existing files. I do not have a solution for this... you might remove the sticky bit from the directory containing the files to be edited, but this will allow other users to also delete or rename subdirs contained in the same dir. -- Ciao, Marco. ...The Glimpse, Trilok Gurtu 1997 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba as PDC/Authentication server
On Wed, 19 Mar 2003 15:04:03 -0700, Andrew R wrote: I am trying to setup samba to act as an authentication server, as well = as the obvious file backup server. This free IBM tutorial is IMHO one of the best starting points about this: http://www-1.ibm.com/servers/esdd/tutorials/samba.html Also have a look at the other resources mentioned at the end of the tutorial. -- Ciao, Marco. ...Orange and Blue, Al Di Meola 1994 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Multiple Groups, Different Permissions problem
On Tue, 18 Mar 2003 11:19:51 -0600, Kevin Bramblett wrote: I need to setup some directories (in RHL 7.2 running Samba 2.2.3a w/ W2K PDC) to allow multiple groups, each of which has different permissions. If If you simply need to configure them so that e.g. one group has read+write permissions, while another has only read permissions, then you can use the various options in smb.conf. If you need a more complex setup, instead, I'm afraid you'll have to resort to ACL support. -- Ciao, Marco. ...A Passion Play, Jethro Tull 1973 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: File and Directory permissions
On Thu, 20 Mar 2003 05:18:56 +1100, Benjamin Stewart -NEW wrote: morning I was asked to restrict access to a particular directory in a particular share to a group of users. How do I do this ? Am I better to create a new share and share that folder out from there setting permissions etc. When the files were stored on win2000 server I was able to go to the security tab and add/select/change users from there. Is there a way to do this from the linux box where ths files are stored ? Well, yes, on Linux you could create a new group, add the needed users to the group, then set this group as the owner for the directory and all its contents (chown -R user.group directory), and finally set the right permissions on dir and contents (chmod -R 770 directory). Of course, some smb.conf options for the share could conflict with these, e.g. admin users, force user... A separate share would be a cleaner solution. -- Ciao, Marco. ...Crac!, Area 1975 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: recycle.so compiling problem
On Fri, 14 Mar 2003 14:21:51 -0500, Ben Griffith wrote: You have to run ./configure in the main samba-2.2.7a/source directory in order to generate That was it. It worked, thanks. -- Ciao, Marco. ...Fragile, Yes 1972 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] recycle.so compiling problem
Hi, as I saw someone today pointing to a solution for protected directories in the recycle dir (thanks Ben!), I wanted to compile the modified recycle.c. I'm using Mandrake 9.0, I have kernel-source, kernel-header and all basic development tools installed, including the libtool package; I downloaded the Samba 2.2.7a sources, applied the patch, but I cannot compile the library. Following the instructions, I go to the parent dir and issue ./configure and then make, but I get lots of errors and warnings and no output file. Any clue? Thanks a lot. The error lines are too many to quote them all here, so here is an excerpt from both the beginning and the end of the output: recycle/recycle.c:23:20: config.h: No such file or directory In file included from recycle/recycle.c:37: ../../source/include/includes.h:25:20: config.h: No such file or directory In file included from recycle/recycle.c:37: ../../source/include/includes.h:402: conflicting types for `socklen_t' /usr/include/bits/socket.h:36: previous declaration of `socklen_t' ../../source/include/includes.h:636: conflicting types for `sys_errlist' /usr/lib/gcc-lib/i586-mandrake-linux-gnu/3.2/include/stdio.h:561: previous declaration of `sys_errlist' In file included from ../../source/include/includes.h:683, from recycle/recycle.c:37: ../../source/include/smb.h:380: parse error before int32 ../../source/include/smb.h:380: warning: no semicolon at end of struct or union ../../source/include/smb.h:381: warning: type defaults to `int' in declaration of `wr_errclass' ../../source/include/smb.h:381: warning: data definition has no type or storage class ../../source/include/smb.h:382: parse error before wr_error ../../source/include/smb.h:382: warning: type defaults to `int' in declaration of `wr_error' ../../source/include/smb.h:382: warning: data definition has no type or storage class ../../source/include/smb.h:385: parse error before '}' token -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Profiles and home directory - Samba PDC
On Tue, 4 Mar 2003 10:55:28 -, Nick Gale wrote: I have sucessfully got a windows 2K machine to join the domain but I can not get it to run a logon script, map the drive letter to the home directory or create a roaming profile. All my smb.conf setting look correct as per the Try giving a look at this IBM tutorial, I used it and found it simple and effective, and it covers what you are asking for: http://www-1.ibm.com/servers/esdd/tutorials/samba.html Please note that the short registration required is free. -- Ciao, Marco. ...1978 gli dèi se ne vanno, gli arrabbiati restano!, Area 1978 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Hiding a share
On Sun, 02 Mar 2003 08:28:52 +0100, Kurt Weiss wrote: i don't understand your question. - we're using browsable = no over years. but i did not find, where u'll see the share. i can't see the share with 'net view' and not in network neighbourhood. - only if it's Uhm, sorry, I thought I already did everything correctly, but part of my problem might have been actually my fault: I remembered seeing shares which I shouldn't have seen, but I now did more specific tests, reviewed all options, and browseable = no seems to work fine. Seems, because I still get a strange behaviour with the special [homes] share, but this might be due to its special way of working. Please note that I'm talking about visibility of the share in the network neighbourhood tree, without having the network resource expressly added. if it's not so as descripted, then please send me smb.conf and versionnr. / version of used windows (incl. sp). The clients are Win2000 SP3. The relevant smb.conf sections are below (I customized a smb.conf from an IBM developerWorks tutorial). What happens is: user goofy logs in, browses the network neighbourhood tree, and CAN see a goofy share. I suppose this happens because the share is automatically added in his network resources, right? The strange thing is that, when goofy logs out and another user logs in, this different user can still see (but not access) goofy's share! Maybe the share is permanently added in the tree view, for ALL users, once a user added it to its resources? Thanks. [...] os level = 64 preferred master = yes local master = yes domain master = yes enhanced browsing = no security = user encrypt passwords = yes domain logons = yes logon drive = Z: logon path = \\%L\profiles\%U logon script = netlogon.bat [netlogon] path = /home/netlogon read only = yes browseable = no [homes] comment = Directory home browseable = no writeable = yes [profiles] path = /home/samba/profiles writeable = yes browseable = no create mask = 0600 directory mask = 0700 [...] -- Ciao, Marco. ...Red, King Crimson 1974 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Re: Hiding a share
On Sat, 1 Mar 2003 01:57:23 + (GMT), John H Terpstra wrote: On Fri, 28 Feb 2003, Jim Wharton wrote: Keep in mind however, this only hides the share in Network Neighborhood/My Network Places/explorer. It is still possible to do a net view command from the command line and see everything. Correct. That is why samba has a 'browseable = [ Yes | No]' option. Go figure. Which, in turn, leaves the share still visible in Network Neighborhood etc, as I initially reported. Go figure. :) -- Ciao, Marco. ...Hergest Ridge, Mike Oldfield 1974 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] RE: Hiding a share
On Fri, 28 Feb 2003 09:26:47 -0600, Henrickson, Den wrote: [sharename$] [] The $ creates a hidden Windows share. To access you would have to do Right, thanks. I did actually forget that trick. But, uhm... can it be used also with the [netlogon] share? Will it be still correctly identified by Samba as the netlogon service, where to look for netlogon.bat, if I name it [netlogon$]? Thanks. -- Ciao, Marco. ...Stupid Dream, Porcupine Tree 1999 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Hiding a share
Hello. Is it possible to completely hide a share, not making it visible in the Windows client browse tree, although leaving it accessible if the exact address is requested? I tried using browseable = no, but it only hides the contents of the share, not the share itself, which I can still see in the resources tree (even days - and total network poweroffs - after I changed the option). Thanks. -- Ciao, Marco. ...Thrak, King Crimson 1995 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
