Re: [Samba] Winbind have repeat wbinfo -u before user can authentication
Nattapon, My thanks for putting this in the list. I have been running head long into this problem for months now, and this was the fix. You have my gratitude. Sean nattapon viroonsri wrote: After mailling list search someone told that samba 3.0.14 already fixed this problem Or in my version can fix with client schannel = no client use spnego = no server signing = auto after i put this in global section everything work fine Nattapon, Regards _ Don't just search. Find. Check out the new MSN Search! http://search.msn.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Error when attempting to join ads domain:
I am running into the following error when attempting to join a domain: [EMAIL PROTECTED]:/usr/local/samba# ./bin/net ads join -U administrator administrator's password: [2005/09/24 11:22:41, 0] utils/net_ads.c:ads_startup(191) ads_connect: Cannot contact any KDC for requested realm However, this seems to work: [EMAIL PROTECTED]:/usr/local/samba# kinit [EMAIL PROTECTED] Password for [EMAIL PROTECTED]: I have no krb5.conf file. Here's my smb.conf: [global] workgroup = BOCA netbios name = SPARKY realm = BOCA.PRI security = ADS server string = Sparky Data security = ADS allow trusted domains = no idmap backend = idmap_rid:BOCA=500-1 idmap uid = 500-1 idmap gid = 500-1 template shell = /bin/bash winbind use default domain = yes winbind enum users = no winbind enum groups = no winbind nested groups = yes I am using the latest Samba, MIT Kerberos and Openldap ( along with the latest Berkeley DB ). My network config is as follows: My main network is 192.168.1.0/24 ( with the DC living at 192.168.1.11 ). This machine in question lives at 192.168.3.1, a remote site linked via openvpn. DNS records are set correctly, in fact this machine is set to use 192.168.1.11 as it's DNS server. I can ping boca.pri and it resolves to the dc. kinit works when I enter in the correct username and password combo ( ie: kinit [EMAIL PROTECTED] works fine ). Can anybody give me any other ideas to try? Sean -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind oddness
Hi all, I'm really hoping someone can help me with this, I am at my wits end trying to figure this out. I have a centos 3.x system, fully updated. Samba 3.0.9-1 installed and configured. net ads join'd to my brand new win2k3 AD server. Up to yesterday everything was working fine. Now, I can chown users but not groups ( which is a huge deal ), and I lose the ability to do users unless I do wbinfo -u every couple of minutes. Now, here's the kicker: I started having this problem last week *with two completely seperate systems*. RH8 and win2k AD server. The only thing consistent between the two setups is the AD structure. However, that old AD server was demoted, and that old rh8 system has been retired. I have tried ( on the old systems and this one ), putting samba in domain mode hoping that would fix it, but no luck. I have the log level turned up to 3, but I'm not getting *any* log out put. And for some more weirdness: wbinfo -[u|g] works fine, but wbinfo -n user won't until I do wbinfo -u or g first. getent group|passwd works perfectly. But chown -R :'Domain Group' fails with: chown: `:Domain Group': invalid group. I'm begging, anybody who knows anything about this please help. I'm so fed up with this entire system suddenly deciding not to work I want to chuck it, quit my job and go flip burgers somewhere. Sean [global] workgroup = BOCA realm = BOCA.PRI netbios name = STARK password server = DC-2.BOCA.PRI #domain logons = yes security = domain server string = Office File Server ... wins server = 192.168.1.11 # Browsing Election options local master = no preferred master = no domain master = no os level = 55 ... name resolve order = wins hosts bcast socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 #domain admin group = @Domain Admins idmap uid = 2000-5000 idmap gid = 2000-5000 winbind enum users = yes winbind enum groups = yes template homedir = /home/%U template shell = /bin/bash wins server = 192.168.1.11 # Browsing Election options local master = no preferred master = no domain master = no os level = 55 winbind use default domain = yes winbind separator = + -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] CentOS 3.4 + Samba 3.0.9-1.3E.2, winbind problems
Hi all, Thus far, I have managed to get wbinfo -[u|g] to display users/group correctly, and getent passwd/group works. However, wbinfo -t fails to work, giving me this error: [EMAIL PROTECTED] samba]# wbinfo -t checking the trust secret via RPC calls failed error code was NT_STATUS_ACCESS_DENIED (0xc022) Could not check secret Further, this seems to be related to a problem with wbinfo -a: [EMAIL PROTECTED] samba]# wbinfo -a user%pass plaintext password authentication failed error code was NT_STATUS_ACCESS_DENIED (0xc022) error messsage was: Access denied Could not authenticate user user%pass with plaintext password challenge/response password authentication failed error code was NT_STATUS_ACCESS_DENIED (0xc022) error messsage was: Access denied Could not authenticate user user with challenge/response I was able to join the domain successfully: [EMAIL PROTECTED] samba]# net ads join [2005/05/23 10:09:35, 0] libads/ldap.c:ads_add_machine_acct(1368) ads_add_machine_acct: Host account for billing already exists - modifying old account Using short domain name -- DOMAIN Joined 'BILLING' to realm 'DOMAIN.PRI' At this point, I am at a loss as to what to do further. I don't understand ADS well enough to know why I can get a list of usernames but I can't auth with them. That seems to be a big clue to me what's going on, but I don't understand it well enough to take it. :) Here is my krb5.conf file: [logging] default = FILE:/var/log/krb5libs.log kdr = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = DOMAIN.PRI default_tkt_enctypes = des-cbc-crc des-cbc-md5 default_tgs_enctypes = des-cbc-crc dns_lookup_realm = true dns_lookup_kdc = true [realms] DOMAIN.PRI = { kdc = dc-1.domain.pri:88 admin_server = dc-1.domain.pri:749 default_domain = domain.PRI } [domain_realm] .domain.pri = DOMAIN.PRI domain.pri = DOMAIN.PRI [pam] debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert= false And here are the relevant bits of my smb.conf file: [global] workgroup = DOMAIN realm = DOMAIN.PRI netbios name = BILLING password server = 192.168.1.3 #domain logons = yes security = ads server string = Billing Office File Server interfaces = 192.168.1.0/24 127.0.0.0/8 bind interfaces only = yes encrypt passwords = yes log level = 3 log file =/var/log/samba/%U.log guest account = nobody guest ok = no use spnego = yes use kerberos keytab = yes wins server = 192.168.1.3 # Browsing Election options local master = yes preferred master = yes domain master = no os level = 55 wins support = no name resolve order = wins hosts bcast socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 #domain admin group = @Domain Admins winbind uid = 1000-5000 winbind gid = 1000-5000 winbind enum users = yes winbind enum groups = yes template homedir = /home/%U template shell = /bin/bash winbind use default domain = yes winbind separator = + Any help is greatly apprecaited! Sean ps: Sorry for the html folks, I'll send this as text too. The html really helps with the formatting, which is why I use it. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] CentOS 3.4 + Samba 3.0.9-1.3E.2, winbind problems
John H Terpstra wrote: On Monday 23 May 2005 11:23, Sean Kennedy wrote: Hi all, Thus far, I have managed to get wbinfo -[u|g] to display users/group correctly, and getent passwd/group works. However, wbinfo -t fails to work, giving me this error: [EMAIL PROTECTED] samba]# wbinfo -t checking the trust secret via RPC calls failed error code was NT_STATUS_ACCESS_DENIED (0xc022) Could not check secret Check the security settings on the ADS domain contollers. It looks like it may have been locked down to prevent remote access. - John T. I checked, I didn't see that it was. Further, two other linux servers are configured in the same way ( although neither are centOS. One is RH8, the other is Fedora Core 1 ). Would any other info help with debugging? Sean -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] CentOS 3.4 + Samba 3.0.9-1.3E.2, winbind problems
John H Terpstra wrote: On Monday 23 May 2005 11:23, Sean Kennedy wrote: Hi all, Thus far, I have managed to get wbinfo -[u|g] to display users/group correctly, and getent passwd/group works. However, wbinfo -t fails to work, giving me this error: [EMAIL PROTECTED] samba]# wbinfo -t checking the trust secret via RPC calls failed error code was NT_STATUS_ACCESS_DENIED (0xc022) Could not check secret Check the security settings on the ADS domain contollers. It looks like it may have been locked down to prevent remote access. - John T. I don't know if it helps, but when I run winbindd -i -d3 and I do `wbinfo -t`, this is the feedback I get from winbind: [ 1990]: request interface version [ 1990]: request location of privileged pipe [ 1990]: check machine account Connected to LDAP server 192.168.1.3 got ldap server name [EMAIL PROTECTED], using bind path: dc=BOCA,dc=PRI IPC$ connections done anonymously Connecting to host=DC-1 Connecting to 192.168.1.3 at port 445 Doing spnego session setup (blob length=102) got OID=1 2 840 48018 1 2 2 got OID=1 2 840 113554 1 2 2 got OID=1 2 840 113554 1 2 2 3 got OID=1 3 6 1 4 1 311 2 2 10 got [EMAIL PROTECTED] Doing kerberos session setup Ticket in ccache[MEMORY:cliconnect] expiration Mon, 23 May 2005 21:57:08 GMT failed tcon_X with NT_STATUS_ACCESS_DENIED Connecting to host=DC-1 Connecting to 192.168.1.3 at port 445 Doing spnego session setup (blob length=102) got OID=1 2 840 48018 1 2 2 got OID=1 2 840 113554 1 2 2 got OID=1 2 840 113554 1 2 2 3 got OID=1 3 6 1 4 1 311 2 2 10 got [EMAIL PROTECTED] Doing kerberos session setup Ticket in ccache[MEMORY:cliconnect] expiration Mon, 23 May 2005 21:57:08 GMT failed tcon_X with NT_STATUS_ACCESS_DENIED Connecting to host=DC-1 Connecting to 192.168.1.3 at port 445 Doing spnego session setup (blob length=102) got OID=1 2 840 48018 1 2 2 got OID=1 2 840 113554 1 2 2 got OID=1 2 840 113554 1 2 2 3 got OID=1 3 6 1 4 1 311 2 2 10 got [EMAIL PROTECTED] Doing kerberos session setup Ticket in ccache[MEMORY:cliconnect] expiration Mon, 23 May 2005 21:57:08 GMT failed tcon_X with NT_STATUS_ACCESS_DENIED Could not open a connection to BOCA for \PIPE\NETLOGON (NT_STATUS_ACCESS_DENIED) could not open handle to NETLOGON pipe Checking the trust account password returned NT_STATUS_ACCESS_DENIED Don't know if this helps or not, but if it does, here you go. ( Names were not changed to protect the innocent :) ) Sean -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] CentOS 3.4 + Samba 3.0.9-1.3E.2, winbind problems
John H Terpstra wrote: On Monday 23 May 2005 12:59, Sean Kennedy wrote: John H Terpstra wrote: On Monday 23 May 2005 11:23, Sean Kennedy wrote: Hi all, Thus far, I have managed to get wbinfo -[u|g] to display users/group correctly, and getent passwd/group works. However, wbinfo -t fails to work, giving me this error: [EMAIL PROTECTED] samba]# wbinfo -t checking the trust secret via RPC calls failed error code was NT_STATUS_ACCESS_DENIED (0xc022) Could not check secret Check the security settings on the ADS domain contollers. It looks like it may have been locked down to prevent remote access. - John T. I don't know if it helps, but when I run winbindd -i -d3 and I do `wbinfo -t`, this is the feedback I get from winbind: DC-1 is refusing the connection. The security settings on it need to be opened up. - John T. Hi John, I'm sorry John, I'm not seeing the setting you are referring to. Would this setting affect one machine while 2 others are able to communicate fine? After reading through my output, this almost sounds like a signing error on the communications, which leads me to suspect that samba/kerberos doesn't have the require encryption somewhere along the way. The reason I think that is because I see stuff like this in my logs: client_check_incoming_message: BAD SIG: wanted SMB signature of [000] 65 83 B8 05 F9 ED C7 08 e... client_check_incoming_message: BAD SIG: got SMB signature of [000] DA 3C 6A 63 E5 B9 1F 82 .jc And then, further down, this: srv_check_incoming_message: signing negotiated but not required and peer isn't sending correct signatures. Turning off. Could this be caused by what you were mentioning earlier? I'm looking under the GP/Window Settings/Security Settings/Local Policies/Security Options and User Rights. Is that the right place to find what you are referring to? Thanks again for your help Sean -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] wbinfo -u: Error looking up domain users
Hi all, Sorry if this has been asked, but I haven't had any luck with my searches, so I would assume it hasn't. I have joined my samba box to my AD domain ( win2k server ). I can do individual user lookups with wbinfo -a user%pass successfully. But I can't retrieve a domain user list with `wbinfo -u`. `wbinfo -g` works, sorta, but it only returns the BUILTIN accounts ( System Operator, Replicators, Guests, Power users, Print Operators, Administrators, Account Operators, Backup Operators, and User ). I do not get any domain groups. I can log into the C$ share on the domain controller, so I know I'm joined to the domain. I am at a loss at how to troubleshoot this, so if anybody has any suggestions, I'd greatly apprecaite them Sean -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind + ext3 ACLs
Hi folks, For the longest time, I've had a problem changing or modifying ACLs from my window clients. Whenever I tried, I'd get this in the logs: [2004/07/29 12:36:26, 0] smbd/posix_acls.c:create_canon_ace_lists(823) create_canon_ace_lists: unable to map SID S-1-5-21-1292428093-651377827-x-1333 to uid or gid. I could change the ACLs using getfacl/setfacl, btw. After a little investigation, I think I've found the problem. I'm using winbind here, but I'm using this option: winbind use default domain = yes Which, for the sake of completeness, strips out domain info out of the username. So instead of `BOCA/skennedy`, it comes out as `skennedy`. This is where I think my problem is. Using wbinfo, I resolved that SID to BOCA/skennedy, who happens to be a completely different user name. My question is this: Does my logic seem correct to everyone else? Is there anything else I should be looking at? Further, does anybody have a solution to this problem? This server is also a web/email server for the intranet, and I am trying to avoid setting up a new server ( we have 4 going already, mainly for window crap ) if at all possible. Any help is greatly apprecaited. Sean -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind + ext3 ACLs
Umberto Zanatta wrote: You should set up smb.conf like that: winbind trusted domains only = yes winbind use default domain = no When you change acl in files server, you will do: setacl -m u:skennedy:rwx,d:u:skennedy:rwx vattelapesca.doc u. I am so confused. :) I tried it out on my test server, and your advice worked flawlessly! Then...I tried it on my work server, and it failed, displaying the domains as well. So then, after I fixed that, I checked out the man page, and found this: winbind trusted domains only (G) This parameter is designed to allow Samba servers that are mem- bers of a Samba controlled domain to use UNIX accounts dis- tributed via NIS, rsync, or LDAP as the uids for winbindd users in the hosts primary domain. Therefore, the user DOMAIN\user1 would be mapped to the account user1 in /etc/passwd instead of allocating a new uid for him or her. Default: winbind trusted domains only = no Given my setup, I have no users in /etc/passwd, beyond what the system is installed with, so it shouldn't have worked, even on my test system. I mean, if that's what I need to do, then that's what i need to do, but I want to understand what this is doing before I jump into it. :) Thank you for your help thus far! Sean Il gio, 2004-07-29 alle 23:06, Sean Kennedy ha scritto: /Hi folks, For the longest time, I've had a problem changing or modifying ACLs from my window clients. Whenever I tried, I'd get this in the logs: [2004/07/29 12:36:26, 0] smbd/posix_acls.c:create_canon_ace_lists(823) create_canon_ace_lists: unable to map SID S-1-5-21-1292428093-651377827-x-1333 to uid or gid. I could change the ACLs using getfacl/setfacl, btw. After a little investigation, I think I've found the problem. I'm using winbind here, but I'm using this option: winbind use default domain = yes Which, for the sake of completeness, strips out domain info out of the username. So instead of `BOCA/skennedy`, it comes out as `skennedy`. This is where I think my problem is. Using wbinfo, I resolved that SID to BOCA/skennedy, who happens to be a completely different user name. My question is this: Does my logic seem correct to everyone else? Is there anything else I should be looking at? Further, does anybody have a solution to this problem? This server is also a web/email server for the intranet, and I am trying to avoid setting up a new server ( we have 4 going already, mainly for window crap ) if at all possible. Any help is greatly apprecaited. Sean/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Directory listing with 11k files very slow to list
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Matthew Enger wrote: | Hello, | | I have a samba server which has a directory with 11764 files. (The | program stores information about jobs and each job has 3 files, | nothing I can do about it). | | When I do a listing of that directory using smbclient, it takes 15+ | seconds to complete, same thing on Windows XP. | | Does anyone have any ideas on how I can speed this up? | | I did a log on log level 10, it is accessible at | http://www.enger.org/backup.log (10761841 bytes). | | Timeline I have noticed: | | [0 sec] Received the request [0 sec] Starts running on all files: | [2004/04/19 16:31:51, 8] lib/util.c:is_in_path(1496) is_in_path: | A009.job [2004/04/19 16:31:51, 8] lib/util.c:is_in_path(1500) | is_in_path: no name list. [2 sec] starts doing this on all files: | [2004/04/19 16:31:53, 5] smbd/trans2.c:get_lanman2_dir_entry(606) | get_lanman2_dir_entry found Detail/A000MOON.job fname=A000MOON.job | [2004/04/19 16:31:53, 8] smbd/trans2.c:get_lanman2_dir_entry(521) | get_lanman2_dir_entry:readdir on dirptr 0x87f3960 now at offset 8 | [2004/04/19 16:31:53, 10] lib/ms_fnmatch.c:ms_fnmatch(240) | ms_fnmatch(*,A000RAJA.pfl) - 0 [2004/04/19 16:31:53, 8] | smbd/dosmode.c:dos_mode(122) dos_mode: Detail/A000RAJA.pfl | [2004/04/19 16:31:53, 8] lib/util.c:is_in_path(1496) is_in_path: | Detail/A000RAJA.pfl [2004/04/19 16:31:53, 8] | lib/util.c:is_in_path(1500) is_in_path: no name list. [2004/04/19 | 16:31:53, 8] smbd/dosmode.c:dos_mode(170) dos_mode returning [27 | sec] finishes off [2004/04/19 16:32:18, 9] | smbd/trans2.c:send_trans2_replies(178) t2_rep: params_sent_thistime | = 8, data_sent_thistime = 4200, useable_space = 131012 [2004/04/19 | 16:32:18, 9] smbd/trans2.c:send_trans2_replies(180) t2_rep: | params_to_send = 8, data_to_send = 4200, paramsize = 8, datasize = | 4200 [2004/04/19 16:32:18, 6] lib/util_sock.c:write_socket(407) | write_socket(5,4268) [2004/04/19 16:32:18, 6] | lib/util_sock.c:write_socket(410) write_socket(5,4268) wrote 4268 | [2004/04/19 16:32:18, 3] smbd/trans2.c:call_trans2findnext(1369) | SMBtrans2 mask=* directory=Detail dirtype=22 numentries=35 | | If anyone has any ideas that would be great. | | I have tried Samba 2.2.7a and 3.0.2 which both have the same issue. | Log is from 3.0.2. Running Fedora Core 1 and ext3 file system. | | Thanks, Matthew Enger [EMAIL PROTECTED] | | | Not much can be done for this I'm afriad. I have a directory with 40k(!) files in it. Guess how long that takes to open. flame suit onI've found a small speed boost by putting the share on a reiserFS partition. Yeah, yeah, data corruption blah blah blah. I've been running it for over a year without a single problem. That is not to say I don't backup the new data hourly onto an ext3 partition. :) - -- Sean Kennedy PGP public key: http://tpno.org/keys/0xFC1C377F.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAhGmJIjyA6vwcN38RAoSbAJ9AsU17hMY1mEffeLV+OnmcAzTAdwCdHj6x 8Qc22t0kUUGOw2zd8y1ddHs= =H81U -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3, winbind, win2k AD: Kerberos question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi folks, after a little head banging, I got winbind chatting with the domain control ( win2k server ) by hard coding my realm info into krb5.conf. My question is this: Is there a cleaner, more fault tolerant method than this? I googled, and read about dns srv records being used ( intead of hardcoding ), which I understand win2k uses to begin with, but I don't know how to turn those on on my linux box. Can anybody point me in the right direction? I'd apprecaite it. - -- Sean Kennedy PGP public key: http://tpno.org/keys/0xFC1C377F.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAYwnsIjyA6vwcN38RAhx+AJ4y37cu3hYsHljijcMYRl3owhvaOACbBnal 7Eu52tCX1rv4H7ytxofi+7c= =+L+l -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind PAM authentication
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I can tell you that I'm using pam_winbind for qmail ( chkpassword-pam ) and courier Imap, along with ssh and system-auth. Oh yeah, and I just recently got jabberd2 working on it. Is that what you were after? Klinger, John (N-CSC) wrote: Config: Solaris 8, OpenLDAP winbind backend, using AD for global users. Is there documentation on what service_name / module_type pairs are supported by pam_winbind? I've gone through the Samba-3 HOWTO book and internet searches, but haven't found anything difinitive. I have been able to tell through experimentation that winbind doesn't work with rsh auth, giving a Protocol Error when attempted. - -- Sean Kennedy PGP public key: http://tpno.org/keys/0xFC1C377F.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1-nr1 (Windows 2000) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFABCEHIjyA6vwcN38RAp+xAJ9Xp+g7HDxxWsLS6sqmiGHszUd3twCfdrpg 3PU82yRUKoJv52XnSaazJt8= =Go2A -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] inetd etc
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 1) When you run samba under inetd, samba has to be loaded everytime inetd hands off a connection. Tons of overhead using this method. When it runs as a stand alone daemon, it never unloads itself. 2) Gremlins. Probably from the last solar eclipse, no wait! From the last solar flare. Cover the server in tin foil and it should fix the problem. ( Note: More details are needed before any diagnostic attempts are made ) Judy Lin wrote: Hello. I know that it is recommended to run smbd as a standalone daemon and to avoid inetd. Can you please tell me why inetd is discouraged and what problems it imposes? Also, I have one user who is having problems accessing her personal files on a MacOSX 10.3.2 via smb. Any ideas what may be causing it? Judy Lin NACS-DCS - -- Sean Kennedy PGP public key: http://tpno.org/keys/0xFC1C377F.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1-nr1 (Windows 2000) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQE//vskIjyA6vwcN38RAg4KAJwKuLHGdQEEJGbU158FDnjxG7RUJwCeP7ZL lenX5r5V9/mu9uFPMyssNt8= =HvNb -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Spam in the list.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andrew Gaffney wrote: Brent Ellis wrote: There is an inordinate amount of spam going to the Samba list lately. Is there anything that can be done about that? I was wondering about that. It looks like someone is trying to see what does and doesn't get through spam filters. They can try all they like. They won't be getting through *MY* filters. :) - -- Sean Kennedy PGP public key: http://tpno.org/keys/0xFC1C377F.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1-nr1 (Windows 2000) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQE/+uXcIjyA6vwcN38RAs+4AJ9VyP449WN4U9ZR/CA7zQ0InEcyLgCfUFWm f9tk2je1nCJBafX59ohSzvc= =BzpK -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] User validation in domain different than workgroup
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I'm not entirely sure I understand. You want your users to be validated against the UPVNET domain controller, right? How does COMOPT come into then? Is COMOPT the domain root, and UPVNET a branch ( or subforest, or whatever they call it )? From Samba's perspective, it shouldn't matter the relationship: Point samba to UPVNET as the DC, and let the win2k boxes work themselves out. Please let me know if I got what you want wrong. Pascual Muñoz wrote: Hello all, First of all, I'm really a newbie in Samba. I can manage to setup the Samba server in security = user, and now I'm trying to do a more complicated thing. I wish the Samba server to be our domain master in group COMOPT, that is workgroup = COMPOPT. I do not want to have Linux user accounts for the users, but rather to validate them using another domain server, whose domain is UPVNET, and then map all the connections to the shares to a single Linux user for all of them. I'm a little bit confused, because it seems I must use security = domain and winbind, but then workgroup should be UPVNET rather than COMOPT, that is the one I want. Sorry in advance for this little mess. Maybe I'm asking something that makes no sense. Can any one help me? Thanks in advance. Pascual. - -- Sean Kennedy PGP public key: http://tpno.org/keys/0xFC1C377F.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1-nr1 (Windows 2000) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD4DBQE/5z9xIjyA6vwcN38RAnPOAJQPCHtvRM2qHZk4tpwLwWNQUeRjAJ9GSbzX 0ZeKGMX9V0L2ePLSYOQ0wA== =TziP -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] XFS + Samba 2.2.3a, unable to change permissions on shares
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi folks, I'm at a dead end on this one. I really have no clue where to go from here. Any advice? Sean Kennedy wrote: Symptoms: Unable to change permissions from win2k clients on folders/shares. When change is attempted, they are silently ignored. Data: Win2k Domain controller ( AD enabled ) Winbind ( to sync user/password lists ) Redhat 8.0 with custom kernel ( xfs patched ) Samba 2.2.3a Logs have ~10-20 of these messages as a direct result of my attempt to change permissions: [2003/11/11 09:54:44, 0] smbd/posix_acls.c:create_canon_ace_lists(823) create_canon_ace_lists: unable to map SID S-2-6-31-3345428093-651377827-839522115-1192 to uid or gid. ( SIDs have been changed to protect the innocent ) uname -a output: Linux stark 2.4.20-20.9.XFS1.3.1 #1 Sat Oct 11 15:23:43 CDT 2003 i686 athlon i386 GNU/Linux That's all the data I can think of that would relate to this problem. I can also tell you I had the same problem on Debian ( woody ) and samba 3 with xfs. Help is greatly apprecaited. - -- Sean Kennedy PGP public key: http://tpno.org/keys/0xFC1C377F.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQE/snRlIjyA6vwcN38RAkqdAJ9WJmKKrTXJJaoNcEHd9/hQ9ncYxQCZARkX tEcVI2pSD6tnVvSIpVEe3xU= =q8YK -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] XFS + Samba 2.2.3a, unable to change permissions on shares
Symptoms: Unable to change permissions from win2k clients on folders/shares. When change is attempted, they are silently ignored. Data: Win2k Domain controller ( AD enabled ) Winbind ( to sync user/password lists ) Redhat 8.0 with custom kernel ( xfs patched ) Samba 2.2.3a Logs have ~10-20 of these messages as a direct result of my attempt to change permissions: [2003/11/11 09:54:44, 0] smbd/posix_acls.c:create_canon_ace_lists(823) create_canon_ace_lists: unable to map SID S-2-6-31-3345428093-651377827-839522115-1192 to uid or gid. ( SIDs have been changed to protect the innocent ) uname -a output: Linux stark 2.4.20-20.9.XFS1.3.1 #1 Sat Oct 11 15:23:43 CDT 2003 i686 athlon i386 GNU/Linux That's all the data I can think of that would relate to this problem. I can also tell you I had the same problem on Debian ( woody ) and samba 3 with xfs. Help is greatly apprecaited. -- Sean Kennedy PGP public key: http://tpno.org/keys/0xFC1C377F.asc file:///C|/DOCUME%7E1/SKENNEDY/LOCALS%7E1/TEMP/nsmail-1.tmp Description: PGP signature pgp0.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba