Re: [Samba] Re: ADS + Samba
SNIP
I have a share set up for testing, but I cannot access it at all, I get
prompted for a username and password.
Um...have you changed PAM to allow logins authenticated from ADS. If
not, you will get exactly that message when accessing a share.
I will include the configs from everything at the bottom of this email.
I'm sure it's something that I'm just overlooking, it usually is ;)
TIA
-reno
Configs:
Smb.conf
[global]
netbios name = sambaserver
socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
idmap uid = 1-2
idmap gid = 1-2
winbind enum users = yes
winbind gid = 1-2
workgroup = WORKGROUP changed name to protect the innocent
os level = 20
winbind enum groups = yes
socket address = 192.168.1.2
password server = ADSERVER
preferred master = no
winbind separator = +
max log size = 50
log file = /var/log/samba3/log.%m
encrypt passwords = yes
dns proxy = no
realm = EXAMPLE.COM once again, name change
security = ADSERVER
wins server = 192.168.1.1
wins proxy = no
[test]
comment = Test Share
writeable = yes
path = /samba/test
force user = DOMAIN+user
browsable = yes
available = yes
krb5.conf
[libdefaults]
ticket_lifetime = 600
default_realm = EXAMPLE.COM
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
[realms]
EXAMPLE.COM = {
kdc = adserver.example.com:88
nsswitch.conf
passwd: compat winbind
group: compat winbind
shadow: compat
hosts: files dns wins
networks: files dns
protocols: db files
services: db files
ethers: db files
rpc: db files
kdc.conf
[kdcdefaults]
kdc_ports = 88,750
[realms]
EXAMPLE.COM = {
database_name = /etc/krb5kdc/principal
admin_keytab = /etc/krb5kdc/kadm5.keytab
acl_file = /etc/krb5kdc/kadm5.acl
dict_file = /etc/krb5kdc/kadm5.dict
key_stash_file = /etc/krb5kdc/.k5.EXAMPLE.COM
kadmind_port = 749
max_life = 10h 0m 0s
max_renewable_life = 7d 0h 0m 0s
master_key_type = des3-hmac-sha1
supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal
}
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Idealx Add Machine
Really frustrated here. After some tweaking I was able to get the smbldap-useradd script to work for adding samba users. This was resolved editing sambaDomainName=and adding an Attribute objectClass with value sambaUnixIdPool, and Attribute uidNumber and Value equal to one greater than the highest uidNumber currently in use. However smbldap-useradd -w machinename continues to produce garbage,. This is what is being created when the script is run: dn: uid=testor2$, ou=computers, dc=fsklaw,dc=com sn: testor2$ loginShell: /bin/false uidNumber: 1110 gidNumber: 553 objectClass: top objectClass: inetOrgPerson objectClass: posixAccount uid: testor2$ gecos: Computer cn: testor2$ homeDirectory: /dev/null description: Computer This is, clearly, not going to work as a working machine account contains the following: dn: uid=debbie$, ou=computers, dc=fsklaw,dc=com sambaPwdLastSet: 1 sn: debbie$ sambaAcctFlags: [W ] loginShell: /bin/false uidNumber: 1003 gidNumber: 553 displayName: Debbie LeBeau sambaPwdMustChange: uid: debbie$ objectClass: top objectClass: inetOrgPerson objectClass: posixAccount objectClass: sambaSamAccount sambaSID: S-1-5- cn: debbie$ homeDirectory: /dev/null sambaNTPassword: 537 sambaPwdCanChange: 1 description: Computer sambaPrimaryGroupSID: S-1- Does anyone have any insight here? Adding new machines manually is just painful. TMS III -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Idealx 9.1
Hoping someone knows how to deal with this, as I'm scratching my head. I have 8.3 or 8.4 installed already and they work ok for the most part. Server: FBSD5.4, Samba 3.0.20 Error in smbldap-useradd: camarillo# ./smbldap-useradd -w fums Could not find base dn, to get next uidNumber at /usr/local/sbin//smbldap_tools.pm line 995, DATA line 283. Data output during connection to LDAP server: Oct 13 12:12:42 db slapd[494]: conn=81708 fd=55 ACCEPT from IP=192.168.0.1:49822 (IP=0.0.0.0:389) Oct 13 12:12:42 db slapd[494]: conn=81708 op=0 BIND dn=cn=Manager,dc=fsklaw,dc=com method=128 Oct 13 12:12:42 db slapd[494]: conn=81708 op=0 BIND dn=cn=Manager,dc=fsklaw,dc=com mech=SIMPLE ssf=0 Oct 13 12:12:42 db slapd[494]: conn=81708 op=0 RESULT tag=97 err=0 text= Oct 13 12:12:42 db slapd[494]: conn=81708 op=1 SRCH base=dc=fsklaw,dc=com scope=2 deref=2 filter=((objectClass=posixAccount)(uid=fums$)) Oct 13 12:12:42 db slapd[494]: conn=81708 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text= Oct 13 12:12:42 db slapd[494]: conn=81708 op=2 SRCH base=sambaDomainName=FSKS,dc=fsklaw,dc=com scope=0 deref=2 filter=(objectClass=sambaUnixIdPool) Oct 13 12:12:42 db slapd[494]: conn=81708 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text= Oct 13 12:12:42 db slapd[494]: conn=81708 fd=55 closed The error does not look like an LDAP error. The search base is correct. I've crawled through the smbldap.conf file and can't see anything amiss. Anyone have any ideas what to look at? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Over A Wan
Mike McMullen wrote: - Original Message - From: David Miller [EMAIL PROTECTED] Subject: Re: [Samba] Samba Over A Wan I'm currently using OpenVPN to allow access to Samba over WAN. Works pretty good but my experience has been that browsing shares and directory structures over the WAN can be somewhat frustrating to users. I believe this is b/c windows file sharing is a pretty heavy protocal and our WAN connection is only 768bps up and down. You'll also want to be using WINS for name resolution unless you're bridging your OpenVPN subnet with your local subnet which I would avoid doing if possible. David Hi David! Thank you for your feedback. Our connection is a T1. The people would be accessing a folder that has 3 folders in it with 200 files in each folder. The connection would be their box to our box only. Would I still need WINS in this scenario? Well you could map the drive by IP addy instead. I have 10 offices connected by IPSEC encapsulated VLan. Users access the resources on the various drives on various servers over the vlan. Sure it can be a bit sluggish, but it's not horrible. I'm not up on Windows requirements. Thanks, Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Inter Domain trusts and BDC
I have a Samba-LDAP PDC at an office and 5 BDC's at other offices. At corporate HQ I have a W2k Server and domain. I have properly configured an interdomain trust and Users in the Samba domain can get to sections on the W2k machine regardless of location. However, members in the W2K domain can only access shares on the PDC. Attempts to access shares on a BDC cause a user name password dialogue box to open. Does anyone know why the BDC refuse to autheticate. I did a net rpc trustdom list on a BDC and it does list the W2K domain: to# net rpc trustdom list Password: Trusted domains list: FSK Trusting domains list: TACCOUNT Unable to find a suitable server domain controller is not responding FSKS FSK TACCOUNT Unable to find a suitable server domain controller is not responding FSKS FSK -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 + BSD 5.4 + AD
Peter Marshall wrote: I am still stuck on this .. can't seem to get any further. Does anyone have any ideas how to fix this. Any help would be greatly appreciated. You haven't configured pam.conf correctly. Pam has to know how to authenticte the Windows user Thanks Peter Peter Marshall wrote: I am having some problems getting a samba server to work with Windows 2000 Active Directory. I am at the point where I can successfully list all users and groups, using the wbinfo command, and was able to join the domain with the net join ads ... command. I can also see the computer in my network neighborhood ... however, when I click on it .. it prompts for a username / password .. and will not accept mine. The Log.smb file has these lines repeated over and over when I try and start the samba service. [2005/08/23 08:46:58, 0] lib/until_sock.c:read_socket_data(384) read_socket_data: recv failure for 4. Error = Connection reset by peer [2005/08/23 09:18:59, 0] lib/util_sock.c:read_socket_data(384) read_socket_data: recv failure for 4. Error = Connection reset by peer When I try to authenticate to the box by browsing to it in windows, I get this line in the log.smb file [2005/08/23 09:37:49, 1] smbd/sesssetup.c:reply_spnego_kerberos(250) Username DOMAIN+Username is invalid on this system Note: DOMAIN is my domain, and Username is my username Any ideas on what I am doing wrong ? Peter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Inter Domain trusts and BDC
I have a Samba-LDAP PDC at an office and 5 BDC's at other offices. At corporate HQ I have a W2k Server and domain. I have properly configured an interdomain trust and Users in the Samba domain can get to sections on the W2k machine regardless of location. However, members in the W2K domain can only access shares on the PDC. Attempts to access shares on a BDC cause a user name password dialogue box to open. Does anyone know why the BDC refuse to autheticate. I did a net rpc trustdom list on a BDC and it does list the W2K domain: to# net rpc trustdom list Password: Trusted domains list: FSK Trusting domains list: TACCOUNT Unable to find a suitable server domain controller is not responding FSKS FSK TACCOUNT Unable to find a suitable server domain controller is not responding FSKS FSK -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Schema Requests
It would be nice to have some additional attributes in the samba.schema. I have several servers that all my users need to have mapped locations. It would be nice if I could add drive letters and paths in ldap, but there doesn't seem to be anything defined in the schema. This way when I run the script to create the user all of the standard mappings are created as well. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba-vscan
Guido Lorenzutti wrote: Hi people, im using Debian Sarge with samba 3.0.14a. Im using tdbsam with 400 users. Well, if you run without a gui then it would be tight. With the gui I doubt your users would be at all happy with performance. I run all my samba servers on FBSD without X. I wouldn't try what your doing on FBSD with those limited resources. Recomend: If this thing can run sata drives, do it. Also plan ~ 5mb per smb childso that's 2.0GB Memory. In actuality 1.5 GB should be enough. TMS III My specs are: vendor_id : AuthenticAMD cpu family : 6 model : 8 model name : AMD Athlon(tm) XP 2000+ stepping: 1 cpu MHz : 1670.860 cache size : 256 KB fdiv_bug: no hlt_bug : no f00f_bug: no coma_bug: no fpu : yes fpu_exception : yes cpuid level : 1 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 mmx fxsr sse syscall mmxext 3dnowext 3dnow bogomips: 3309.56 total used free sharedbuffers cached Mem:516608 509516 7092 0 96988 337520 -/+ buffers/cache: 75008 441600 Swap: 979956664 979292 My idea is to start using samba-vscan + clamd to check my fileserver. Questions: Anyone using this on a production server? Comments? How much this would impact on my performance? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can Samba join two domains?
George Farris wrote: Hi all, If I have a Samba server that is say a PDC for domain DOM-A can I have Samba join an ADS server that is DOM-B and have people authenticate against it without having an account on DOM-A? Well...no, but you can set up trust account between the domains, that will accomplish a similar thing. Does winbind provide this? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.13 ADS domain member on AIX 5.2
Scruggs, Ronald wrote: All, I'm trying to figure out if I missed some steps in configuring Samba 3.0.13 on AIX 5.2 as a Windows 2003 ADS domain member server of the domain DEVELOPMENT. Samba is compiled with Heimdal Kerberos and openLDAP support, and I successfully joined the ADS domain using net ads join after running a kinit. Kerberos appears to be working, wbinfo -u and wbinfo -g work; net ads status works fine, smbtree works. However, when I try to authenticate to a test share using either a domain user ID or a user ID from another domain (CORP) that has a trust relationship with the domain that the Samba server is joined to, I see NT_STATUS_NO_SUCH_USER in the log.smbd. So, my two questions are: do I need to be running winbindd? Yes Does it have to have PAM support, Yes...pam needs to authenticate using ldap/ads or is that just for using domain logins on the unix side? smb.conf follows: [global] realm = READING.DEVPORTAL.NET workgroup = DEVELOPMENT password server = usrd106.reading.devportal.net security = ADS encrypt passwords = yes #debug level = 7 winbind separator = + idmap uid = 1-2 idmap gid = 1-2 winbind enum users=yes winbind enum groups=yes client use spnego = yes [public] comment = Public data directory read only = no path = /sambapublic user = @DEVELOPMENT+domain users @CORP+domain users -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Seeking help with Samba shares OPLOCKS Quickbooks databases
Liz Ackerman wrote: I thought I had things figured out, but guess not. I have multi-user Quickbooks databases that functioned fine on a Novell server but are behaving badly on a Samba share. I have created a separate share for the Quickbook databases, users are running Win XP Pro, latest patches, and the Quickbooks application installed on the desktop. It is a multiuser version. Server is RedHat ES 3, Samba 3.0.14. Here is the config for the Quickbooks share: [accting] comment = Accounting Volume path = /accting writeable = yes valid users = a list of valid users level2 oplocks = no veto oplock files = /*.*db/*.ldb/*.mde/*.xls/*.QB*/*.*/ blocking locks = no locking = no strict locking = no share modes = no The first user opens the database, and as soon as the second person attempts to access the same database, the database is corrupting and crashing. Yes, because you need to run your oplocks. You have two solutions. The easiest to implement is the force user line in smb.conf. The harder but cleaner way is to use acl's. Does anyone else out there have a similar setup or experience that works and can help me resolve my issue?? Much thanks! Liz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Logins require local admin membership on Windows XP
Lee Ball wrote: Hello, This is my first post to this list so if I break any rules be gentle :) I will try to put in as much detail into this as I can, here I go: We have a domain at work with Samba (samba-3.0.10-1.fc2) as the PDC. The Linux box is running FC2 as the rpm suggests running on a 2.6.5-1.358smp kernel. The problems that we exhibit is that unless you have your domain account made a member of the administrators group on the workstation for things to work correctly, if your not various things break: Desktop wallpaper displays when logging in then is replaced with a blue background default desktop Outlook won't run and reports Outlook cannot start when trying to run it (although Thunderbird works) Track-it won't run, it just simply hangs and then ends with Not responding I've only experienced this during some kind of upgrade. It's typically the result of trying to load a profile that has a different SID. Always the best way to do these things (if running XP Pro) is to use the files and settings transfer wizard on client machines, do upgrade and reimport the profile into the user account. Of course on large networks this is not a good option. For larger situations, or if running nt4/w2k you need to keep your SID, and your user SID's. This behaviour only happened once we moved our domain from being on Samba (samba-2.2.7-5.8.0) running on Red Hat Linux release 8.0 (Psyche) on a 2.4.20 kernel. We imported the old smbpassd file onto the new server (I didn't do this but could find out the process taken if required). This behaviour has happened on a customers site too which is the same story except that their installation is samba-3.0.10-1.4E running on CentOS release 4.0 (Final) on a 2.6.11.12 kernel. I've tried lots of things recently and I'm starting to get a little bit lost and would like some ideas from you learned lot. If you require anything like samba configs and the like just request and I shall post a non-user specific list to retain anonymity. One of the entries in my samba logs for logging into the machine I've been working on whilst the user is a non admin: [2005/07/05 13:30:45, 0] rpc_server/srv_samr.c:api_samr_set_userinfo(786) api_samr_set_userinfo: Unable to unmarshall SAMR_Q_SET_USERINFO. Cheers -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] help
Fernando Ruza wrote: A bit Off Topic. You can use bacula: http://www.bacula.org/ Regards, Fernando. On Tue, 2005-04-19 at 11:16 +0300, Amani Makala wrote: hi! i need to configure a linux backup server, let me give u some hints on the real environment, i have one linux machine and two windows machines, now i need to make backup of files found on windows machine,but the backup should be done on the linux machine. please anybody who can help me! thanks. Here's what I do: Mount the w2000 file share to back up: fresno# df -h Filesystem SizeUsed Avail Capacity Mounted on /dev/ad4s1a3.3G 57M3.0G 2%/ devfs 1.0K1.0K 0B 100%/dev /dev/ad4s4d 64G6.6G 53G11%/usr /dev/ad4s3d2.4G 20M2.1G 1%/var //[EMAIL PROTECTED]/COMPANY 11G6.4G4.7G58%/w2000 Then write a cron job: # Adjust the time zone if the CMOS clock keeps local time, as opposed to # UTC time. See adjkerntz(8) for details. 1,310-5 * * * rootadjkerntz -a 0 22 * * * rootcp -R /w2000/ /usr/backup/w2000/ 45 3 * * * roottar -cyvf /usr/backup/w2000.tar.bz2 /usr/backup/w2000 30 5 * * 1 rootmv /usr/backup/w2000.tar.bz2 /usr/daily/Mon/ 30 5 * * 2 rootmv /usr/backup/w2000.tar.bz2 /usr/daily/Tues/ 30 5 * * 3 rootmv /usr/backup/w2000.tar.bz2 /usr/daily/Wed/ 30 5 * * 4 rootmv /usr/backup/w2000.tar.bz2 /usr/daily/Thurs/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] losing access to profile when user becomes domain user instead domain admin
Rainer Traut wrote: Hi, I am in the process of migrating our windows workstations to a samba domain. Here is the problem: When creating the domain user I put every user additionalyy in the domain admin group so that he/she can copy his old files on the local profile to his new domain account. Then after this is done I put them to the domain users group but some (!) of the user the lose then access to the profile. Yeah, that's what happens. It's mostly a Windows problem...well not problem, rather it's security related. If you're using WinXP, the best way to do this is to using the file and setting transfer wizard in the non domain account and export the settings. Then login to the domain account and import those settings. This way the user needs no special permissions and the profile is fully restored for the user. I've done this numerous times, and this is by far the best way to do it. TMS III When I look at permissions on their workstation everything looks ok, but he/she has no write access, though he is listed as owner. samba is samba-3.0.13-1.4E.2 on Redhat EL4. Here are parts of smb.conf [Profiles] comment = Roaming profiles share path = /shares/profiles writeable = yes create mask = 0700 directory mask = 0770 browsable = no valid users = @domusers root force user = %U profile acls = yes [EMAIL PROTECTED] Eigene Dateien]# net groupmap list Domain Admins (S-1-5-21-2187243289-1530508873-3638611354-512) - domadmins System Operators (S-1-5-32-549) - -1 Domain Guests (S-1-5-21-2187243289-1530508873-3638611354-514) - -1 Replicators (S-1-5-32-552) - -1 Guests (S-1-5-32-546) - -1 Power Users (S-1-5-32-547) - -1 Print Operators (S-1-5-32-550) - -1 Administrators (S-1-5-32-544) - -1 Domain Users (S-1-5-21-2187243289-1530508873-3638611354-513) - domusers Account Operators (S-1-5-32-548) - -1 Backup Operators (S-1-5-32-551) - -1 Users (S-1-5-32-545) - -1 This works: [EMAIL PROTECTED] Eigene Dateien]# id koe uid=24446(koe) gid=1000(domusers) Gruppen=1000(domusers),1003(domadmins) [EMAIL PROTECTED] Eigene Dateien]# This does not: [EMAIL PROTECTED] Eigene Dateien]# id koe uid=24446(koe) gid=1000(domusers) Gruppen=1000(domusers) [EMAIL PROTECTED] Eigene Dateien]# Thanks for help Rainer -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba through a NAT router
Robin Bowes wrote: Hi, My network topology is as follows: Netgear Linksys DG632WRT54G DSL Modem --- Switch --- WAP/Router | (NAT)| | | Samba server (dude) +-- Win2000 PC 192.168.4.101 (Mum) 192.168.1.5 | +-- WinXP PC 192.168.4.100 (Tosh) Dude is configured as follows: # Global parameters [global] workgroup = HOME server string = Samba Server guest account = ftp log file = /var/log/samba/%m.log max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 os level = 255 domain master = Yes dns proxy = No wins support = Yes ldap ssl = no remote announce = 192.168.4.255 192.168.3.255 remote browse sync = 192.168.4.255 192.168.3.255 cups options = raw name resolve order = wins,lmhosts,host,bcast [homes] comment = Home Directories read only = No browseable = yes [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [music] comment = Music files used by slimserver path = /home/slimserver/music write list = robin read only = No [test] comment = Test share path = /home/test write list = robin read only = No If I connect the WinXP machine to the 192.168.1.x network I can connect to and use the shares on the samba server. However, when connected to the 192.168.4.x network I am unable to browse or connect to the shares. Yeah, you need a wins server on 64 node for that. You can still map by IP addy though. If I give the full domain name of the samba server (dude.robinbowes.com) I can see the shares, e.g.: C:\Documents and Settings\robinnet view \\dude.robinbowes.com Shared resources at \\dude.robinbowes.com Samba Server Share name Type Used as Comment --- homes Disk Home Directories music Disk Music files used by slimserver robin Disk Home Directories testDisk Test share The command completed successfully. Is there some way to enable browsing across the NAT-enable router? Thanks, R. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Browsing with duplicate names in multiple workgroups/subnets and multihome machines
Jonathan Johnson wrote: You can see by the subject I've got an ugly problem. Even though I don't have a Samba server anywhere near the network in question, nobody understands browsing as well as the folks on the Samba team. :-) Here's the situation: I've got two workgroups, FLINTSTONE and RUBBLE which are on physically separate networks. FLINTSTONE has a Windows 2003 Active Directory domain controller; RUBBLE is a simple workgroup. All workstations are either Windows 2000 or Windows XP Professional. There is no routing between these networks. However, there are two workstations which are multihomed. More on that in a minute. Here's the logic (illogic?) of the network: Segment 1: * FLINTSTONE domain * PEBBLES (Windows 2003 Small Business Server Active Directory domain controller) * FRED Windows XP Pro workstation (multi-homed to Segment 2, member of FLINTSTONE) * WILMA Windows XP Pro workstation (also multi-homed to Segment 2, member of FLINTSTONE) Segment 2: * RUBBLE workgroup * BETTY Windows 2000 Pro workstation (single-homed, member of RUBBLE) * BARNEY Windows 2000 Pro workstation (single-homed, member of RUBBLE) * FLINTSTONE Windows 2000 Pro workstation (single-homed, member of RUBBLE) The reason that FRED and WILMA are multi-homed is that they both must be able to access the workstations in the RUBBLE workgroup on Segment 2. As you can see, we've got a name conflict: a workstation named the same as the domain. This is, apparently, causing browsing problems for the multi-homed workstations. Unfortunately, it's not as simple as renaming the FLINTSTONE workstation to BAM-BAM. This network on Segment 2 was set up by another vendor (who, we might add, seems to be rather clueless about Windows networking), and they are afraid to change the name for fear of what it would break. That vendors requirements do not allow routing to other networks. This network is the automation system for a radio station, and it cannot go down. The domain of Segment 1 cannot be changed, as Small Business Server doesn't allow that. At this point, I'm not really seeking solutions, but perhaps a technical explanation of what might go on in this situation. Even if there were no naming conflicts, what are the implications of having two multi-homed non-routing Windows machines on common networks? Hmm it's a pickle. Try resolving netbios via DNS for the W2k3 domain and WINS for the other. That's where I'd start poking around. I have something of a similar problem on my VLAN. I inherited a server named server that's w2k SBS with w2k pro server on another node named server. They have different domains. I use bind9 and have both servers use it on the vlan, but the inherited domain uses a different WINS (itself) as do the clients. When I join machines to the inherited domain over the VLAN I use the FQDN of that domain and set WINS manually. I haven't had any conflicts yet. The reason for allowing this is that the office my company acquired leased the computers in the office. The lease ends in August. I have reccommened returning the equipment, so I need to limp along until then. But it works. Something like this might work for you. Dunno for sure. --Jonathan Johnson Sutinen Consulting, Inc. www.sutinen.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba access based on computername possible?
flashgordon wrote: Is it possible to setup samba based on computernames so hostnames (NOT ipnummers) of computers instead of usernames? so to be more clear : hosts allow= computername (instead of ip number) I think yes if they're in DNS. I don't think samba resolves this through WINS. Not sure though. never tried it. if this isn't possible is there a workaround? ora a how to? best regards gordon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba access based on computername possible?
flashgordon wrote: Hi Thomas Tried to do it, but didn't work, all machines are in dns but not resolved Hmm...then samba doesn't use anything but ip addy to resolve host allow statement. Try WINS if that fails then you're stuck with ip's. I've never tried it. I assume that the *nix server is resolving to the DNS server in question? gordon - Original Message - From: Thomas M. Skeren III [EMAIL PROTECTED] To: flashgordon [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Wednesday, March 23, 2005 12:58 AM Subject: Re: [Samba] samba access based on computername possible? flashgordon wrote: Is it possible to setup samba based on computernames so hostnames (NOT ipnummers) of computers instead of usernames? so to be more clear : hosts allow= computername (instead of ip number) I think yes if they're in DNS. I don't think samba resolves this through WINS. Not sure though. never tried it. if this isn't possible is there a workaround? ora a how to? best regards gordon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Seeking Good Documentation for... (freebsd+ldap+samba(pdc)+kerberos)
Andrew Bartlett wrote: I've got it up with two way trusts to a w2k domain everything over a ipsec vlan: s: 3.0.10 ports build FBSD: 5.3 etc. Any specific questions? On Tue, 2005-03-01 at 15:43 -0800, Chris Lawder wrote: ... Setting up a Samba PDC with the following: FreeBSD 5.3 Samba 3.0.x OpenLDAP 2.2.x Kerberos (Heimdal) Have you read: https://sec.miljovern.no/bin/view/Info/HeimdalKerberosSambaAndOpenLdap Also, Howard Chu has a module in current OpenLDAP called smbk5pwd, which was constructed to allow LDAP to 'set' all the different password types. (Unfortunately I don't use it yet, despite being the person it was constructed for...) Andrew Bartlett -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Seeking Good Documentation for... (freebsd+ldap+samba(pdc)+kerberos)
Andrew Bartlett wrote: On Tue, 2005-03-01 at 17:37 -0800, Thomas M. Skeren III wrote: Andrew Bartlett wrote: I've got it up with two way trusts to a w2k domain everything over a ipsec vlan: The kerberos stuff I refer to is all 'unix' (linking Samba and Heimdal kerberos), I don't run windows servers in production, so I can't help you on that side of things. Who is the kerberos for the benefit of? Dunno. I kinda hopped into the middle of the conversation. Only thing I can think is that a samba server is authenticating off of w2k/w2k3. It hasn't come up in my trust stuff. Just trying to help a FBSD user. No reason for someone else to have my forehead whelts. ;-) TMS III Andrew Bartlett -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Why Windows sucks.
snip Then of course, there's Linux distro's that operate primarily with root shell Then of course, there are Linux users that run everything as root because they can't be bothered by the notion of users. Then there's the BSD's and it's users. But, of course we know not to do these things. MAC's are now BSD's too. But why the bang on Linux's? While the bloated gui of SuSE 9.2 is annoying, it warns to not run as root, and a root login to the GUI is nowhere near as friendly as using the non root account created during startup. Further, where's your evidence? Whilst nimrods run as root in Linux, do you have evidence that a majority do? How about MAC users? I know large MAC networks that require passwords to do this. Sure you can kinda do this in Winblowz XP Pro...but XP Home? Yeah right. yes, the average home user, is under informed and ill-prepared to experience the world via a computer and direct connection to the internet which is why Microsoft finally (and probably in the better late than never category) installing firewall and pop-up blocking with WinXP SP2 - it ain't perfect, it ain't all that great but it's a start. I am neither a Windows lover nor a Mac lover, but rather a computer enthusiast which is what really excites me about Linux in general. Thanks Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Free space calculation gets it wrong
Alexander Skwar wrote: Hello! Running Samba 3.x on HP-UX 11.00, Linux and Solaris. I've got a problem with the free space calculation of Samba. The problem is, that Samba only seems to return the free space available in the top directory of a share and not the free space available in the current directory. That's a problem for me, since I share a directory on the server and then mount the actual stuff into it. Let me give you an example: I shared the directory /Shares on server with the name Shares. The directory /Shares is on / on the server. In /Shares, there's the directory CAD. This directory is a seperate file system. Now I start the Windows Explorer (from Windows XP) and go to \\server\Shares\CAD. The free space available is the same as shown in \\server\Shares - IOW: it shows the free space from /, and not from /Shares/CAD Directory Mountpoint Free space /Shares / 20MiB /Shares/CAD /Shares/CAD 40GiB Going to \\server\Shares\CAD shows me that 20MiB is available and not, as wanted, 40GiB. What do I have to do, to make Samba return the free space in the current directory and not from the top most directory of the share? First, I thought to write a script which I hook into the dfree command option of Samba. But sadly this did not work :( Just like the man page says, the script is only given ./ as the first (and only) parameter. I also did not see anything of interest in the environment (as printed by the env command). I don't quite see how to get to what directory ./ (the current directory) is referring. Do you have any clues on how to solve that problem? BTW: Also sharing /Shares/CAD is not a solution I'm after :) Probably the only way you will get what you want. I don't think Windows can understand how a directory on a drive can be larger than the drive itself. Thanks a lot, Alexander Skwar -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Free space calculation gets it wrong
Alexander Skwar wrote: Thomas M. Skeren III schrieb: I don't think Windows can understand how a directory on a drive can be larger than the drive itself. I disagree. On Windows XP (and 2000?), you can mount Well not really. The drive must be Dynamic . This is something I have not looked fully into, but it is not a traditional partitoning thing. Also, I'm not certain that mapping \\server\c in your example below would change anything from the remote computers' view. a local drive in a directory. This means, that C:\Appl can be a complete partition. Suppose that the partition holding C:\ is 2GiB small. Suppose that a new partition has 50GiB left. If you mount that new partition in C:\Appl, you've got the situation that the directory C:\Appl is larger than the drive holding C:. Alexander Skwar -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] how to check IP addresses of machines in the network?
Daniel Wilson wrote: try the tool that comes with samba (findsmb)?! Tomasz Chmielewski wrote: Hello, This post is similar to what I posted yesterday 'smbclient -L host to list IP addresses - possible?'. I have a PDC in one place and many workstations in different other places connected using WAN/VPN. These workstations have rather changing IPs assigned by DHCP. Sometimes I need to connect to these machines using VNC, for example, connect to machine AC-PC001 to show something to the user or fix something when a user is not there. However, smbclient -L pdc gives me only netbios names, and not IP addresses: use smbstatus: PRiSM# smbstatus Samba version 3.0.7 PID Username Group Machine --- 16082 xxx sm (192.168.65.1) 14557 x thejudge (192.168.64.190) $ smbclient -L pdc (...) Server Comment ---- AC-PC001 AC-PC002 How can I list workstations with their netbios names and corresponding IP addresses? Tomek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] About access the samba server through VPN connection
John Wong wrote: Dear all, We are facing the problem for accessing the samba server through the VPN connection. How's the VPN done? And also using the samba-2.2.3a-6 with the Red Hat Linux 7.3 (Kernel 2.4.18-3). Really old version. You should upgrade. Any solution can provide?? Best regards, John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] i cant make samba work!!
Diana Ross Guerrero wrote: hi! i've been working with samba for one 25days yet i cant make it work. i am configuring samba for a board which is on mips-linux. all i want to have is when i will try to access my mips-linux board, it will ask me for a username and password. but what was happening is - WHEN I TRY TO ACCESS MY MIPS-LINUX BOARD, IT WILL ASK ME FOR A USERNAME AND PASSWROD, THEN I WILL TRY TO INPUT A USERNAME AND A CORRECT PASSWORD BUT I CANT GO IN! Try mapping the drive by \\ip-addy\sharename. Every time I have that problem this works. I've been trying a hundred of usernames but its not working.. below are a copy of a line of my /etc/passwd file: . . dianag$:*:501:502:Trust Account:/home/dianag$:/bin/bash dian:d5Cyy.W3M6rvU:510:514:dian (TimeSys BSP User):/home/dian:/bin/bash . . below is a copy of a line of my smbpasswd: . . dianag$:501:4B8A4614E53B8055AAD3B435B51404EE:F4D74586093798E91CE014337F533210:[W ]:LCT-41E7AAC2: dian:510:93371DEE1D5EE7E6AAD3B435B51404EE:002345674BD69C0387771E9D0C543210:[UX ]:LCT-41EA4D16: . . below is copy of my smb.conf file: [global] workgroup = WORKGROUP netbios name = rbtx4938_pc server string = %h server (samba %v) log level = 10 syslog = 0 log file = /usr/local/samba/var/log.%m encrypt passwords = Yes unix password sync = yes username level = 8 password level = 8 domain logons = yes security = user os level = 34 local master = yes preferred master = yes domain master = yes interfaces = 127.0.0.1/255.0.0.0 192.168.214.30/255.255.255.0 bind interfaces only = Yes #passdb backend is unknown parameter in my smb, i dont know why ;passdb backend = smbpasswd passwd program = /bin/passwd %u wins proxy = No wins server = 192.168.214.30 wins support = No winbind gid = 1-2 winbind uid = 1-2 [homes] path = /home writeable = yes browsable = yes guest ok = yes valid users = %S pls help me..im very desperate...my boss is killing me everyday...thanks in advance.. - Do you Yahoo!? Yahoo! Mail - 250MB free storage. Do more. Manage less. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC Domain Name Change
Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tom Skeren wrote: | What are the repercusions, particularly with respect | to XP Pro, for changing the domain name in Samba 3.0.9 PDC? The domain SID will be regenerated (you can manually set it to the old value after the name change if you like). | Can I join a Samba PDC to a W2K domain with net rpc or | is this a bad idea? bad idea. Samba 3 cannot currently operate as a BDC for NT4 or AD domains with Windows DC's Right, I understand. I just wondered if it would sit there and look like a member server to users on the other node? cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB6C2oIR7qMdg1EfYRAtjNAKCtZIjdmJJkGlKnbywZzvnW9h1iPwCgx4Ml Cs3vwYlinyA3kXAYFm04nLY= =R4HO -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC Domain Name Change
Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Thomas M. Skeren III wrote : | | Can I join a Samba PDC to a W2K domain with net rpc or | | is this a bad idea? | | bad idea. Samba 3 cannot currently operate as a BDC for | NT4 or AD domains with Windows DC's | | | Right, I understand. I just wondered if it would | sit there and look like a member server to users on | the other node? Why not just set up a trust between the Samba domain and the AD domain ? Goes to the name change thing. I f'd up and named the samba domain the NetBIOS name of the AD domain. DOH!!! cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB6ElXIR7qMdg1EfYRAgA/AJ95Ue0b2z5hyjYvmBTCxJEJmx+jSQCfe++A dhvDhU9n/RZpPz+u1VuW85Q= =54EG -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [OT] SUSE 9.2 support
Greg Folkert wrote: On Thu, 2005-01-06 at 16:43 -0600, John Schmerold wrote: I'm really sick of trying to get Fedora working with Samba LDAP, I've read all the books, technotes etc etc Still no glory after several months of fighting with it. So: I'm going to give SUSE 9.2 a shot, after 6 years of Red Hat, however I'll certainly need some support don't know which list /or news groups are best Anyone care to make a recommendation or two? FreeBSD 5.3 is quite tight. No smb file transfers slow. Ports are fairly up to date. NO GUI. Makes a nice light (hardware wise) server. Give the new Debian Installer a shot and install Debian's Sarge (testing as it is called right now) The packages are working very well for me, just by editing things. Generating the certs and imports the schema, etc... etc... Feels much more a breeze than anything SuSE or Fedora (or RedHat for that matter, my last was RH9, I got off the whirly-gig then) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.10 joining Windows 20003 ADS
Pau Capdevila wrote: Authentication does work but it does not permission resolution Huh? Do you mean that there's file access permission issues? If so have you set up acl's? Remeber posix permissions are User, Group, Other. All clients authenticating via W2K3 are Other. (we use winbind). Neither smbclient -U domain user. I don't use smbclient. I don't know the solution yet. We also use Debian but I'm afraid it is not Debian related because I've tried to compile Samba and MIT kerberos from source and it keeps failing. What can we do?? Thanks On Tue, 28 Dec 2004 18:12:40 -0800, Thomas M. Skeren III [EMAIL PROTECTED] wrote: Andrew Zbikowski wrote: Commented out passdb backend abrams:/etc/samba# net ads testjoin Join is OK abrams:/etc/samba# net ads join [2004/12/28 20:00:31, 0] libads/ldap.c:ads_add_machine_acct(1368) ads_add_machine_acct: Host account for ttlnx01 already exists - modifying old account Using short domain name -- CORP [2004/12/28 20:00:34, 0] libads/kerberos.c:get_service_ticket(335) get_service_ticket: kerberos_kinit_password [EMAIL PROTECTED]@CORP.TCC.INET failed: Preauthentication failed Segmentation fault Yep I get the same damned thing. Check to see if user authentication to the share works. If so it will work. I'm not sure about that error during the re-join. I have 150 computers to manage by myself, so if it works I ain't worrying about it. As long as the testjoin works, then users should authenticate. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Update: Slow browsing/reading from WinXP SP2
Jim Hood wrote: Two things. 1. No wins--may be a netbios issue. Try mapping to share by \\ip-addy\share. 2. Security = share is not recommended. Try user instead. I stumbled onto another tidbit that may shed some more light. From the new laptop, I tried to create a new folder on the 'samba' share. It fails with the following error message: Unable to create the folder 'New Folder'. Access is denied It obviously looks like a permissions issue, but what? I did not have to make any changes to my other laptop (upgraded from XP standard to SP2), and it can create directories on the 'samba' share just fine. Thanks, Jim --- Jim Hood [EMAIL PROTECTED] wrote: Date: Mon, 27 Dec 2004 14:46:17 -0800 (PST) From: Jim Hood [EMAIL PROTECTED] Subject: Slow browsing/reading from WinXP SP2 To: samba@lists.samba.org Hi, I have a Samba 3.0.9 server on Linux 2.6.9 (Fedora Core 3) that serves WinMe and WinXP SP2 clients wonderfully. I have recently bought a new laptop however that is not playing nicely. Samba for this laptop is responding *very* slowly when browsing or reading files on either the 'samba' or 'jimhome' shares. The new laptop has Win XP SP2 pre-installed. I have its Windows firewall completely turned off and for the moment, the virus scanner too. The funny thing is that my other laptop is also WinXP SP2 (upgraded from stock XP via Windows Update) and doesn't have any performance issues with it. I'm stumped. Any tips greatly appreciated! Cheers, Jim Here is my smb.conf: [global] workgroup = Hoodwg netbios name = dev server string = Dev Samba Server log file = /var/log/samba/%m.log encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd security = share hosts deny = 192.168.1.1 strict sync = yes sync always = yes oplocks = no [samba] guest ok = yes guest account = samba path = /home/samba writeable = yes comment = Samba share on dev browseable = yes directory mask = 755 create mask = 744 hide dot files = yes veto files = /.*/ [jimhome] guest ok = yes guest account = jimdhood path = /home/jimdhood writeable = yes comment = Jim home on dev browseable = yes directory mask = 755 create mask = 744 hide dot files = yes veto files = /.*/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.10 joining Windows 20003 ADS
Andrew Zbikowski wrote:
Since smb.conf is a link..let me try.
I've experienced some strange things as well, the question is, can ADS
users get a share properly? I had similar probs, but the share works.
What does net ads testjoin show?
Also in smb.conf you have a passdb backend. DON'T.
Here's what I use, albeit it is a W2K AD: (I know some settings are
default that way, but I have been adjusting them)
workgroup = (NETBIOS NAME OF AD DOMAIN)
realm = YOURDOMAIN.COM
server string = (Info about server)
netbios name = (NAME YOU WANT TO GIVE YOUR SERVER)
security = ADS
client schannel = Auto
server schannel = Auto
client signing = Auto
server signing = Auto
client use spnego = No
socket options = TCP_NODELAY
dns proxy = No
idmap uid = 1-2
idmap gid = 1-2
winbind separator = _
winbind enum users = No
winbind enum groups = No
winbind use default domain = No
admin users = (AD Administrator that samba will tell Unix to
treat as root...be carefull here...but it's needed. Multiple users are
comma separated. The user is added
like this {assuming you used the winbindd seprarator I suggested}
DOMAIN_user1, DOMAIN_user2)
algorithmic rid base = 1
dos filetimes = Yes
dos filemode = Yes
acl compatibility = win2k
inherit acls = yes
inherit permissions = ye
abrams:~# kinit [EMAIL PROTECTED]
This seems to work just fine.
abrams:~# net ads join TwinCities\TTAGS\SERVERS
[2004/12/28 18:52:20, 0] libads/ldap.c:ads_add_machine_acct(1475)
Warning: ads_set_machine_sd: Unexpected information received
Using short domain name -- CORP
[2004/12/28 18:52:23, 0] libads/kerberos.c:get_service_ticket(335)
get_service_ticket: kerberos_kinit_password
[EMAIL PROTECTED]@CORP.TCC.INET failed: Client not found in
Kerberos database
Segmentation fault
That doesn't work. I look in Active Directory Users Comptuers and
there is a new computer account in the correct location however.
Looking at that output, it seems to be trying to create a client named
[EMAIL PROTECTED]@CORP.TCC.INET. That doesn't seem right, it
should be just [EMAIL PROTECTED] right? What would be causing
that extra @CORP.TCC.INET to be added? Or is it supposed to be that
way?
I have no /etc/krb5.conf, as according to the Official Samba HOWTO it
is not required.
With both MIT and Heimdal Kerberos, it is unnecessary to configure
the /etc/krb5.conf, and it may be detrimental.
As kinit works, it definitly doesn't seem like I need an /etc/krb5.conf.
Not sure if this list allows attachments, so my smb.conf is at
http://www.ringworld.org/~zibby/stuff/linux/smb.txt
The host system is Debian Testing (Sarge) running 2.4.27 on an Alpha
processor, using the packages for sarge.
If anyone knows how to resolve this, please please please let me know.
If you need/want more details, just ask.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.10 joining Windows 20003 ADS
Andrew Zbikowski wrote: Commented out passdb backend abrams:/etc/samba# net ads testjoin Join is OK abrams:/etc/samba# net ads join [2004/12/28 20:00:31, 0] libads/ldap.c:ads_add_machine_acct(1368) ads_add_machine_acct: Host account for ttlnx01 already exists - modifying old account Using short domain name -- CORP [2004/12/28 20:00:34, 0] libads/kerberos.c:get_service_ticket(335) get_service_ticket: kerberos_kinit_password [EMAIL PROTECTED]@CORP.TCC.INET failed: Preauthentication failed Segmentation fault Yep I get the same damned thing. Check to see if user authentication to the share works. If so it will work. I'm not sure about that error during the re-join. I have 150 computers to manage by myself, so if it works I ain't worrying about it. As long as the testjoin works, then users should authenticate. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] share premissions help
Lozej Radovan wrote: hello i would like to set premission for share like this: user can: -create new file -read file user cant: -delete file -modify file Well, since an owner can always change files owned, that's going to be tough. Maybe if cron did a chown -R root to the directory every few minutes, it might achieve your goal is it posible? i really dont know how to do it, but i relly need it. ..and another thing if i set create mask = 0740 and force user = root Beacause all users are mapped to root with force user = root. why can another user still delete this file, although root is the owner with 740 mask can someone help? bye bye rado. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Help with error log entry and terrible performance
stephen wrote: On Sun, 26 Dec 2004 11:33:26 -0800, Thomas M. Skeren III wrote: The Samba server log has these entries: posix_fcntl_lock: WARNING: lock request at offset 12226560, length 61440 returned [2004/12/24 17:28:52, 0] locking/posix.c:posix_fcntl_lock(658) an Invalid argument error. This can happen when using 64 bit lock offsets man smb.conf for the option to disable 64 bit lock offsets. I found nothing in the man for this setting. I may be wrong, but I seem to remeber a setting which discusses this. Read the whole thing. Try : man smb.conf | grep 64k\ streaming new 64k streaming read and write varient SMB requests introduced That's what I found. That's the config line you're looking for I think. But it is a very large document. stephen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: domain administrator is always mapped to root
Florian Effenberger wrote: Hi Michael, 2) Anyone who is a Samba Domain Admin will cause things in the log to equate the user to being the root user. Just how Samba thinks about things. okay. Any chance to get that fixed by the Samba development team? :-) Get what fixed? The OS is Unix. The administrator IS root. What is there to fix? Florian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] one machine connects, others do not
jdyke wrote: Glad to help. Merry Christmas and a Happy New Year TMS III Add: wins support = Yes (Unless you have an NT wins server. Then you want to use wins server = w.x.y.z) enhanced browsing = Yes thanks, that did it. as well as the passwordhad set it to No for testing and forgot to set backlikely caused more of a problem then i had in the first place. dns proxy = No hosts allow = 192.168.2., 192.168.102., 127. [jdyke] comment = Jeffs path = /home/jdyke username = jdyke read only = No writeable = Yes this was set, testparm just does not show create mask = 0765 --- 7 more of these shares with only the path and share name changed. --- again, thanks and Happy Holidays! Jeff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Connection reset by peer
[EMAIL PROTECTED] wrote: What are you doing? What configuration. What network configuration? Hi, We continuously see these errors in our logs. I've done some searches on this but nothing seems to point to anything specific. Any ideas? -John Dec 23 20:14:41 valhalla smbd[3574]: [2004/12/23 20:14:41, 0] lib/util_sock.c:get_peer_addr(1000) Dec 23 20:14:41 valhalla smbd[3574]: getpeername failed. Error was Transport endpoint is not connected Dec 23 20:14:41 valhalla smbd[3574]: [2004/12/23 20:14:41, 0] lib/util_sock.c:get_peer_addr(1000) Dec 23 20:14:41 valhalla smbd[3574]: getpeername failed. Error was Transport endpoint is not connected Dec 23 20:14:41 valhalla smbd[3574]: [2004/12/23 20:14:41, 0] lib/util_sock.c:write_socket_data(430) Dec 23 20:14:41 valhalla smbd[3574]: write_socket_data: write failure. Error = Connection reset by peer Dec 23 20:14:41 valhalla smbd[3574]: [2004/12/23 20:14:41, 0] lib/util_sock.c:write_socket(455) Dec 23 20:14:41 valhalla smbd[3574]: write_socket: Error writing 4 bytes to socket 5: ERRNO = Connection reset by peer -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.10 ADS setup issue
Jon Starbird wrote: Follow up: Sorry to have bothered all, after signing up to the list I was able to look at other archives but didn't do so until after I sent the email I found a post with the following link in it which had a helpful little piece in it. I wouldn't use that. It's gopt usefull stuff, but is wrong on several points, IMHO. Try mine http://www.fsklaw.com/fbsdconfig.html http://www.kurai.org/~gdunn/samba3-ad/fbsd_samba.html Hope all have a good holiday. Thanks, Jon Jon Starbird wrote: I am attempting to setup Samba 3.0.10 on a Windows 2000 Active Directory domain. The problem I'm having is getting Samba to configure correctly to get the Kerberos library. I've gone through previous posts and have tried doing what others suggested but I still keep getting the error of: configure: error: libkrb5 is needed for Active Directory support The current configure params I'm using are: ./configure --with-ads=yes --with-krb5=/usr/lib I've tried many different path entries, left out the path info with just the first option, nothing works I keep getting the exact error. It just never can find the Kerberos files. I've tried installing Kerberos 5 via Pkg_add, I've also downloaded and compiled it, this latest attempt is with Heimdal 0.6.3 being complied from source. Here is dump of a find for libkrb5* on the system: ./usr/local/lib/libkrb5.so.20 ./usr/local/lib/libkrb5.so ./usr/local/lib/libkrb5.a ./usr/lib/libkrb5.a ./usr/lib/libkrb5_p.a ./usr/lib/libkrb5.so.3 ./usr/lib/libkrb5.so ./usr/src/heimdal/heimdal-0.6.3/lib/krb5/.libs/libkrb5.lai ./usr/src/heimdal/heimdal-0.6.3/lib/krb5/.libs/libkrb5.a ./usr/src/heimdal/heimdal-0.6.3/lib/krb5/.libs/libkrb5.la ./usr/src/heimdal/heimdal-0.6.3/lib/krb5/libkrb5.la ./usr/src/krb5/krb5-1.3.6/src/lib/krb5/libkrb5.a ./usr/src/krb5/krb5-1.3.6/src/lib/libkrb5.a ./usr/heimdal/lib/libkrb5.la ./usr/heimdal/lib/libkrb5.a I have pointed the configure param to all of the above, including the source ones (I'm getting desperate!). So please someone help! Let me know if you need more info. Many thanks in advance. Jon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind problems
Brian Kesting wrote:
I have tried using a + separator with no success.
I use _ which works well. I'm just guessing here, but *nix's use / as a
very significant charactrer.
-- Original Message --
From: Tom Skeren [EMAIL PROTECTED]
Date: Mon, 20 Dec 2004 15:25:54 -0800
Brian Kesting wrote:
Hello,
I am running a Samba server (3.0.7) on a Suse 9.2 box. I have connected this
server successfully to a Windows 2000 Active Directory (mixed mode). I have
nsswitch.conf, krb5.conf configured and winbind seems to be running properly
for the most part. With wbinfo I can get all of my user and group information.
Problem is, it seems that at random times, the samba server just stops
authenticating the windows user names and accounts. If I restart the winbind
or smb service, then all seems to be well again for a while. Right now the
only way I can keep this running is to run a cron job that restartes the samba
and winbind services every hour. This is really bugging me as I cannot figure
out what is going on. Can anyone help me? I have included some of my
configuration and log files below. Thanks in advance.
-/etc/samba/smb.conf--
# Samba Configuration File
[global]
workgroup = WAYNE
realm = WAYNE.LOCAL
server string = Samba Server
security = ADS
password server = adserver.wayne.local
encrypt passwords = yes
idmap uid = 1-2
idmap gid = 1-2
template shell = /bin/bash
winbind use default domain = no
winbind separator = /
The separator might be a problem.
[users]
comment = Users on Linux
path = /home/WAYNE
read only = No
browseable = Yes
-/etc/nsswitch.conf---
passwd: files winbind
group: files winbind
hosts:files dns wins winbind
networks: files dns
-/etc/krb5.conf---
[libdefaults]
default_realm = WAYNE.LOCAL
clockskew = 300
[realms]
WAYNE.LOCAL = {
kdc = police.wayne.local
default_domain = WAYNE.LOCAL
kpasswd_server = adserver.wayne.local
}
[domain_realm]
.WAYNE.LOCAL = WAYNE.LOCAL
[appdefaults]
pam = {
ticket_lifetime = 365d
renew_lifetime = 365d
forwardable = true
proxiable = false
retain_after_close = true
minimum_uid = 0
}
--/var/log/samba/log.smbd
[2004/12/20 15:25:33, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
Username WAYNE/LIEUTENANT1$ is invalid on this system
[2004/12/20 15:25:44, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
Username WAYNE/LIEUTENANT1$ is invalid on this system
[2004/12/20 15:25:54, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
Username WAYNE/LIEUTENANT1$ is invalid on this system
[2004/12/20 15:25:56, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
Username WAYNE/LIEUTENANT1$ is invalid on this system
.
.
.
[2004/12/20 16:04:34, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
Username WAYNE/DISPATCH_GW1$ is invalid on this system
[2004/12/20 16:05:13, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
Username WAYNE/DISPATCH_GW1$ is invalid on this system
[2004/12/20 16:05:13, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
Username WAYNE/DISPATCH_GW1$ is invalid on this system
--/var/log/samba/log.winbindd---
[2004/12/20 16:51:07, 1] libsmb/ntlmssp.c:ntlmssp_update(245)
Failed to parse NTLMSSP packet, could not extract NTLMSSP command
[2004/12/20 16:54:52, 1] libsmb/clikrb5.c:ads_krb5_mk_req(313)
krb5_cc_get_principal failed (No such file or directory)
[2004/12/20 16:56:18, 1] libsmb/ntlmssp.c:ntlmssp_update(245)
Failed to parse NTLMSSP packet, could not extract NTLMSSP command
[2004/12/20 16:59:01, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1059)
user 'root' does not exist
[2004/12/20 17:00:01, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1059)
user 'root' does not exist
[2004/12/20 17:01:18, 1] libsmb/ntlmssp.c:ntlmssp_update(245)
Failed to parse NTLMSSP packet, could not extract NTLMSSP command
[2004/12/20 17:06:24, 1] libsmb/ntlmssp.c:ntlmssp_update(245)
Failed to parse NTLMSSP packet, could not extract NTLMSSP command
[2004/12/20 17:11:40, 1] libsmb/ntlmssp.c:ntlmssp_update(245)
Failed to parse NTLMSSP packet, could not extract NTLMSSP command
[2004/12/20 17:15:01, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1059)
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind problems
Brian Kesting wrote:
I have tried using a + separator with no success. I also get this in my
log.winbindd file as soon as I restart winbind:
[2004/12/20 17:33:27, 1] libsmb/clikrb5.c:ads_krb5_mk_req(313)
krb5_cc_get_principal failed (No such file or directory)
I've seen that one. Do a kinit, and see if you get a kerberos ticket.
-- Original Message --
From: Tom Skeren [EMAIL PROTECTED]
Date: Mon, 20 Dec 2004 15:25:54 -0800
Brian Kesting wrote:
Hello,
I am running a Samba server (3.0.7) on a Suse 9.2 box. I have connected this
server successfully to a Windows 2000 Active Directory (mixed mode). I have
nsswitch.conf, krb5.conf configured and winbind seems to be running properly
for the most part. With wbinfo I can get all of my user and group information.
Problem is, it seems that at random times, the samba server just stops
authenticating the windows user names and accounts. If I restart the winbind
or smb service, then all seems to be well again for a while. Right now the
only way I can keep this running is to run a cron job that restartes the samba
and winbind services every hour. This is really bugging me as I cannot figure
out what is going on. Can anyone help me? I have included some of my
configuration and log files below. Thanks in advance.
-/etc/samba/smb.conf--
# Samba Configuration File
[global]
workgroup = WAYNE
realm = WAYNE.LOCAL
server string = Samba Server
security = ADS
password server = adserver.wayne.local
encrypt passwords = yes
idmap uid = 1-2
idmap gid = 1-2
template shell = /bin/bash
winbind use default domain = no
winbind separator = /
The separator might be a problem.
[users]
comment = Users on Linux
path = /home/WAYNE
read only = No
browseable = Yes
-/etc/nsswitch.conf---
passwd: files winbind
group: files winbind
hosts:files dns wins winbind
networks: files dns
-/etc/krb5.conf---
[libdefaults]
default_realm = WAYNE.LOCAL
clockskew = 300
[realms]
WAYNE.LOCAL = {
kdc = police.wayne.local
default_domain = WAYNE.LOCAL
kpasswd_server = adserver.wayne.local
}
[domain_realm]
.WAYNE.LOCAL = WAYNE.LOCAL
[appdefaults]
pam = {
ticket_lifetime = 365d
renew_lifetime = 365d
forwardable = true
proxiable = false
retain_after_close = true
minimum_uid = 0
}
--/var/log/samba/log.smbd
[2004/12/20 15:25:33, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
Username WAYNE/LIEUTENANT1$ is invalid on this system
[2004/12/20 15:25:44, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
Username WAYNE/LIEUTENANT1$ is invalid on this system
[2004/12/20 15:25:54, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
Username WAYNE/LIEUTENANT1$ is invalid on this system
[2004/12/20 15:25:56, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
Username WAYNE/LIEUTENANT1$ is invalid on this system
.
.
.
[2004/12/20 16:04:34, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
Username WAYNE/DISPATCH_GW1$ is invalid on this system
[2004/12/20 16:05:13, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
Username WAYNE/DISPATCH_GW1$ is invalid on this system
[2004/12/20 16:05:13, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
Username WAYNE/DISPATCH_GW1$ is invalid on this system
--/var/log/samba/log.winbindd---
[2004/12/20 16:51:07, 1] libsmb/ntlmssp.c:ntlmssp_update(245)
Failed to parse NTLMSSP packet, could not extract NTLMSSP command
[2004/12/20 16:54:52, 1] libsmb/clikrb5.c:ads_krb5_mk_req(313)
krb5_cc_get_principal failed (No such file or directory)
[2004/12/20 16:56:18, 1] libsmb/ntlmssp.c:ntlmssp_update(245)
Failed to parse NTLMSSP packet, could not extract NTLMSSP command
[2004/12/20 16:59:01, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1059)
user 'root' does not exist
[2004/12/20 17:00:01, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1059)
user 'root' does not exist
[2004/12/20 17:01:18, 1] libsmb/ntlmssp.c:ntlmssp_update(245)
Failed to parse NTLMSSP packet, could not extract NTLMSSP command
[2004/12/20 17:06:24, 1] libsmb/ntlmssp.c:ntlmssp_update(245)
Failed to parse NTLMSSP packet, could not extract NTLMSSP command
[2004/12/20 17:11:40, 1] libsmb/ntlmssp.c:ntlmssp_update(245)
Failed to parse NTLMSSP packet, could not extract NTLMSSP command
[2004/12/20 17:15:01, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1059)
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind problems
Brian Kesting wrote:
Someone told me once to try to remove the Samba server from the domain, rename it, and rejoin the domain..would that solve any problems in your opinion?
That is an odd solution, unless AD is mangled with respect to the samba
server name. Methinks you have a kerberos problem. My servers are
FreeBSD, but I do have a bare bones guide for setting up samba as an AD
member server in FreeBSD. If you use Linux it can only be a reference,
but it's an easy read.
http://www.fsklaw.com/fbsdconfig.html
-- Original Message --
From: Brian Kesting [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date: Mon, 20 Dec 2004 18:05:47 -0600
I read something about nscd causing problems before I even installed the system, so I never even installed that service.
Here is an updated /var/log/samba/log.winbindd file.btw, thanks for the
quick help and tips so far, I appreciate it.
[2004/12/20 17:33:27, 1] libsmb/clikrb5.c:ads_krb5_mk_req(313)
krb5_cc_get_principal failed (No such file or directory)
[2004/12/20 17:38:44, 1] libsmb/ntlmssp.c:ntlmssp_update(245)
Failed to parse NTLMSSP packet, could not extract NTLMSSP command
[2004/12/20 17:43:44, 1] libsmb/ntlmssp.c:ntlmssp_update(245)
Failed to parse NTLMSSP packet, could not extract NTLMSSP command
[2004/12/20 17:45:01, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1059)
user 'root' does not exist
[2004/12/20 17:49:01, 1] libsmb/ntlmssp.c:ntlmssp_update(245)
Failed to parse NTLMSSP packet, could not extract NTLMSSP command
[2004/12/20 17:52:26, 1] libads/ldap_utils.c:ads_do_search_retry(77)
ads_search_retry: failed to reconnect (Invalid credentials)
-- Original Message --
From: Brett Stevens [EMAIL PROTECTED]
Date: Tue, 21 Dec 2004 10:33:30 +1100
One thing I moticed when having simmilar problems is that for some reason
nscd seems to be a problem stop this service and restart all samba services
including smbd nmbd and winbind
Let us know how it goes.
Brett Stevens
-Original Message-
From: Brian Kesting [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 21, 2004 10:29 AM
To: [EMAIL PROTECTED]
Subject: [Samba] winbind problems
Hello,
I am running a Samba server (3.0.7) on a Suse 9.2 box. I have connected
this server successfully to a Windows 2000 Active Directory (mixed mode). I
have nsswitch.conf, krb5.conf configured and winbind seems to be running
properly for the most part. With wbinfo I can get all of my user and group
information. Problem is, it seems that at random times, the samba server
just stops authenticating the windows user names and accounts. If I restart
the winbind or smb service, then all seems to be well again for a while.
Right now the only way I can keep this running is to run a cron job that
restartes the samba and winbind services every hour. This is really bugging
me as I cannot figure out what is going on. Can anyone help me? I have
included some of my configuration and log files below. Thanks in advance.
-/etc/samba/smb.conf--
# Samba Configuration File
[global]
workgroup = WAYNE
realm = WAYNE.LOCAL
server string = Samba Server
security = ADS
password server = adserver.wayne.local
encrypt passwords = yes
idmap uid = 1-2
idmap gid = 1-2
template shell = /bin/bash
winbind use default domain = no
winbind separator = /
[users]
comment = Users on Linux
path = /home/WAYNE
read only = No
browseable = Yes
-/etc/nsswitch.conf---
passwd: files winbind
group: files winbind
hosts:files dns wins winbind
networks: files dns
-/etc/krb5.conf---
[libdefaults]
default_realm = WAYNE.LOCAL
clockskew = 300
[realms]
WAYNE.LOCAL = {
kdc = police.wayne.local
default_domain = WAYNE.LOCAL
kpasswd_server = adserver.wayne.local
}
[domain_realm]
.WAYNE.LOCAL = WAYNE.LOCAL
[appdefaults]
pam = {
ticket_lifetime = 365d
renew_lifetime = 365d
forwardable = true
proxiable = false
retain_after_close = true
minimum_uid = 0
}
--/var/log/samba/log.smbd
[2004/12/20 15:25:33, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
Username WAYNE/LIEUTENANT1$ is invalid on this system [2004/12/20
15:25:44, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
Username WAYNE/LIEUTENANT1$ is invalid on this system [2004/12/20
15:25:54, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
Username WAYNE/LIEUTENANT1$ is invalid on this system [2004/12/20
15:25:56, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
Username WAYNE/LIEUTENANT1$ is invalid on this system
.
.
.
[2004/12/20 16:04:34, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
Username WAYNE/DISPATCH_GW1$ is invalid on this system [2004/12/20
16:05:13, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
Username WAYNE/DISPATCH_GW1$ is invalid on this system
Re: [Samba] WinXP client always connects as Gaia\Guest
Woellert, Kirk D. wrote: All attempts to connect to our Samba server, share \data from any Windows client fails. I'm trying to get samba to prompt the windows user with a login box, have them enter the samba username/password, then head onto the share. If I use in the address field the following: \\gaia\data /user:woellki Try mounting the share by IP address\\ipaddy\data a dialog box appears, with the username field greyed out Gaia\Guest is shown, with blank password field. I hit cancel and WinXP returns the following message: Windows cannot find \\gaia\data /user:woellki. Check the spelling and try again, or try searching for the item by clicking the Start button and then clicking Search. A valid samba user account exists, which happens to match the linux account. Windows clients are members of the following corporate domain: northgrum. Samba 3.0.9 RH9 Final (20-31.9) # Samba config file created using SWAT # from 137.51.14.53 (137.51.14.53) # Date: 2004/12/14 17:25:11 # Global parameters [global] dos charset = CP850 unix charset = UTF-8 display charset = LOCALE workgroup = LUI_DCO realm = netbios name = GAIA netbios aliases = netbios scope = server string = gaia irad server interfaces = bind interfaces only = No security = USER auth methods = encrypt passwords = Yes update encrypted = No client schannel = Auto server schannel = Auto allow trusted domains = Yes hosts equiv = min password length = 5 map to guest = Never null passwords = No obey pam restrictions = No password server = * smb passwd file = /etc/samba/smbpasswd private dir = /etc/samba passdb backend = smbpasswd algorithmic rid base = 1000 root directory = guest account = nobody pam password change = No passwd program = passwd chat = *new*password* %n\n *new*password* %n\n *changed* passwd chat debug = No passwd chat timeout = 2 check password script = username map = /etc/samba/smbusers password level = 0 username level = 0 unix password sync = No restrict anonymous = 0 lanman auth = Yes ntlm auth = Yes client NTLMv2 auth = No client lanman auth = Yes client plaintext auth = Yes preload modules = use kerberos keytab = No log level = 0 syslog = 1 syslog only = No log file = /var/log/samba/%m.log max log size = 5000 debug timestamp = Yes debug hires timestamp = No debug pid = No debug uid = No smb ports = 445 139 large readwrite = Yes max protocol = NT1 min protocol = CORE read bmpx = No read raw = Yes write raw = Yes disable netbios = No acl compatibility = defer sharing violations = Yes nt pipe support = Yes nt status support = Yes announce version = 4.9 announce as = NT max mux = 50 max xmit = 16644 name resolve order = lmhosts wins host bcast max ttl = 259200 max wins ttl = 518400 min wins ttl = 21600 time server = No unix extensions = Yes use spnego = Yes client signing = auto server signing = No client use spnego = Yes change notify timeout = 60 deadtime = 0 getwd cache = Yes keepalive = 300 kernel change notify = Yes lpq cache time = 10 max smbd processes = 0 paranoid server security = Yes max disk size = 0 max open files = 1 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 use mmap = Yes hostname lookups = No name cache timeout = 660 load printers = Yes printcap cache time = 0 printcap name = cups cups server = disable spoolss = No enumports command = addprinter command = deleteprinter command = show add printer wizard = Yes os2 driver map = mangling method = hash2 mangle prefix = 1 stat cache = Yes machine password timeout = 604800 add user script = delete user script = add group script = delete group script = add user to group script = delete user from group script = set primary group script = add machine script = shutdown script = abort shutdown script = logon script = logon path = \\%N\%U\profile logon drive = logon home = \\%N\%U domain logons = No os level = 20 lm announce = Auto lm interval = 60 preferred master = No local master = No domain master = No browse list = Yes enhanced browsing = Yes dns proxy = Yes wins proxy = No wins server = wins support = Yes wins hook = wins partners = kernel oplocks = Yes lock spin count = 3 lock spin time = 10 oplock break wait time = 0 ldap admin dn = ldap delete dn = No ldap filter = (uid=%u) ldap group suffix = ldap idmap suffix = ldap machine suffix = ldap passwd sync = no ldap replication sleep = 1000 ldap suffix = ldap ssl = no ldap timeout = 15 ldap user suffix = add share command = change share command = delete share command = config file = preload = lock directory = /var/lib/samba pid directory = /var/run utmp directory = wtmp directory = utmp = No default service = message command = dfree command = get quota command = set quota command = remote announce = remote browse sync = socket address = 0.0.0.0 homedir map = afs username map =
Re: [Samba] Samba and internet!
Marcus Andersson wrote: Hi everybody! I have a problem wich has pusseled me for sometime time. I have put samba on an internal subnet wich is the same as the windowsclients. Everything works great as long as internet is up and running but if internet goes down then the windowsclients can't find the sambaserver or just simly times out when trying to log in. I'm not sure what this means. The internet never goes down. What I assume is that the local lan loses internet conectivity. If so, the cause of the disconnection is the source of the problem, not samba. On one installation I have a netgear router wich handels the traffic and is dhcpserver for the internal net OK, here it sounds like your router is going down (?). Why not run dhcp from the *nix box running samba. That way you could also hand out wins server info to the windows clients, which I'm certain the netgear router cannot do. Depending on the dhcp timeout on the netgear, if netgear goes down, as soon as the dhcp client needs to get an ip reissued, the client IP probably goes away. and in the other the windows machine has a isdn-connection localy which gives it connection to the internet and also routes the internal net (sambaserver) to the internet. Huh? I also has a third installation where the server running samba also is the gateway to internet and this problem never occurs there. If internet goes down then the clients can still login whitout problem. I would really appreciate some input on this problem since it keeps me awake at nights :) I have searced the internet but couldn't find anything that explains it. Thanks in advance /marcus -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba - Joining AD and OU issues
Wayne Rasmussen wrote: Windows 2000 Server named adtest.com as PDC. Solaris 9 server with SAMBA 3.0.7. I am trying to get a handle on the OU issue I am having. Suppose the PDC adtest.com has 100 OU such as a1, a2, a3, ..., a98, a99, a100. On the Solaris Server I am doing: kinit [EMAIL PROTECTED] type in Administrator password nmbd; smbd; winbindd -B net ads join When I do wbinfo -g or getent passwd I see all the accounts in all the OU. Suppose I only want one or two OUs? Imagine that I want a7 only, do I have to create a special account within OU a7 (such as a7adadmin) and use kinit a7adadmin? If so, then what do I need to have specifically two OUs, a7 and a12? The second question I have is that kinit always prompts for a password is there a better way to do this? Well, once you kinit, you have a ticket. kinit again asks the ADS to reissue a ticket. Do a klist to see if ticket is active. Thank you, Wayne -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unable to join AD (FreeBSD)
Elijah Savage wrote:
I was having the same problem as you decribe with 4.10 version of
freebsd and found a number of reasons why it was not working, but I
manage to find this great walk through and get it working with 5.2.1.
http://www.kurai.org/~gdunn/samba3-ad/fbsd_samba.html
This is quite good. However, the best option is to install 5.3RC2 and
use the samba 3.0.7 port in the ports collection. Works VERY well.
Try it and see if it helps and curious what version of freebsd are you
using?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of Josh Kropf
Sent: Tuesday, November 09, 2004 4:47 PM
To: [EMAIL PROTECTED]
Subject: [Samba] Unable to join AD (FreeBSD)
Hi,
I am trying to get samba 3.0.7 working with our win2k DC. I installed
samba from the ports collection, so the kerberos library looks to be the
heimdel version.
I can use kinit to create a ticket and it authenticates against the DC
just fine. However when I attempt to use net ads join it fails with
the following response:
[2004/11/09 16:32:30, 0] utils/net_ads.c:ads_startup(183)
ads_connect: Unknown error: -1765328343
Also note running net ads join without the -U parameter simply prompts
for a password for root even though I have created a ticket
successfully with kinit.
I have configured krb5.conf and smb.conf with the minimal items.
smb.conf
[global]
workgroup = CPOLDOM
netbios name = BSDWEB
realm = CPOL.DOM
security = ads
encrypt passwords = yes
password server = 192.168.1.10
krb5.conf
[libdefaults]
default_realm = CPOL.DOM
[domain_realm]
.cpol.dom = CPOL.DOM
cpol.dom = CPOL.DOM
[realms]
CPOL.DOM = {
kdc = 192.168.1.10
default_domain = cpol.dom
}
Thanks,
Josh
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unable to join AD (FreeBSD)
Elijah Savage wrote:
Well yes I would agree now that 5.3 is production release that this is a
safe bet.
Well shoot...they must've released it today. I got 5.3 rc2 on a server
working well, and my laptop too. But yeah, use 5.3.
-Original Message-
From: Thomas M. Skeren III [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 09, 2004 6:52 PM
To: Elijah Savage
Cc: Josh Kropf; [EMAIL PROTECTED]
Subject: Re: [Samba] Unable to join AD (FreeBSD)
Elijah Savage wrote:
I was having the same problem as you decribe with 4.10 version of
freebsd and found a number of reasons why it was not working, but I
manage to find this great walk through and get it working with 5.2.1.
http://www.kurai.org/~gdunn/samba3-ad/fbsd_samba.html
This is quite good. However, the best option is to install 5.3RC2 and
use the samba 3.0.7 port in the ports collection. Works VERY well.
Try it and see if it helps and curious what version of freebsd are you
using?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Josh Kropf
Sent: Tuesday, November 09, 2004 4:47 PM
To: [EMAIL PROTECTED]
Subject: [Samba] Unable to join AD (FreeBSD)
Hi,
I am trying to get samba 3.0.7 working with our win2k DC. I installed
samba from the ports collection, so the kerberos library looks to be
the heimdel version.
I can use kinit to create a ticket and it authenticates against the DC
just fine. However when I attempt to use net ads join it fails with
the following response:
[2004/11/09 16:32:30, 0] utils/net_ads.c:ads_startup(183)
ads_connect: Unknown error: -1765328343
Also note running net ads join without the -U parameter simply
prompts for a password for root even though I have created a ticket
successfully with kinit.
I have configured krb5.conf and smb.conf with the minimal items.
smb.conf
[global]
workgroup = CPOLDOM
netbios name = BSDWEB
realm = CPOL.DOM
security = ads
encrypt passwords = yes
password server = 192.168.1.10
krb5.conf
[libdefaults]
default_realm = CPOL.DOM
[domain_realm]
.cpol.dom = CPOL.DOM
cpol.dom = CPOL.DOM
[realms]
CPOL.DOM = {
kdc = 192.168.1.10
default_domain = cpol.dom
}
Thanks,
Josh
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Heimdal Version Question
L. Mark Stone wrote: We would like to build a SuSE Professional 8.2 box as a Domain Member Server in a Windows 2000 Active Directory domain, and we are referencing Chapter 9.3.3 of Samba3-By-Example. The version of heimdal supplied with SuSE 8.2 is 0.4e. S3BE references heimdal version 0.6 plus patches. Since SuSE often backports fixes from later versions of products into older versions, the question is: will the 0.4e heimdal rpms supplied with SuSE 8.2 work with Samba 3.0.7 in this configuration? All my research suggests no. Heimdal 0.6 is necessary. However, I have no idea what SuSE has in its RPM's. TIA, Mark -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Switch profile from local to roaming?
Been working on this for a while Misty. Stay tuned. TMS III Misty Stanley-Jones wrote: I've got a WinXP machine that was configured for local profiles. I have now joined that machine to the domain, but when I try to log in as a user, it tries to use a roaming profile. Fine, that's what I want anyway. But it doesn't do the smart thing and copy the user's local profile to roaming -- it gives an error instead. OK, no problem, I will change the type. I log in as local admin and go to her profile. It only gives me Local as an option. Maybe it's because I'm not logged into the domain. OK, I log into the domain as Administrator (alias root -- uid of 0). It doesn't even let me SEE her profile then. Because it is local, I assume. So ok, I add MYDOMAIN\Administrator as a local administrator on her machine. It lets me see her profile now but I still can't change it to roaming. And every time I try to copy it into either Administrator's directory on the server, or hers, it gives me Permission Denied. So what is the real way to get this accomplished? Thanks, Misty -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Switch profile from local to roaming?
Not sure if this is the 'approved' way to do things like this, but it always works for me when I have to migrate a profile from one dir to another, usually I use it when switching domains, i.e. from our 'one domain per site' to one global domain where the sid just can't match ANYWAY 1. Copy said user's profile to a backup location 2. Move the 'Default User' profile someplace so that it isn't in the way 3. Copy said user's old profile to Default User 4. Log in as said user, the default profile will copy to the user's profile 5. Move real 'Default User' back You rock dude. Never had to do this before. Didn't realize ntuser.dat was SID locked. The above works PERFECTLY for my purposes. Cheers TMS III Now there will be some things that aren't migrated but that depends a lot on your setup and what programs you run. For the most part, everything involving the SID that Windows knows about will be migrated in my experience. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba became Domain Member Server
Martin Hauptmann wrote: Hi group, I have problems with a former Samba-server. It has been a simple server, no acl-stuff,not a DC or so. ACL's would be a good idea here. Now we have a Windows 2003 PDC and I intergated the Samba-Server as a Domain Member Server. Everything works fine, except one annoying thing: I cannot allow the Domain-Members to full-access the files recursively. Example: The users complain, that they can make an excel-sheet and save it. When someone else opens it, he cannot overwrite it. When the owner of the file gives the right to all domain-users to change the file they can do that.But when they save it, it is the same game again: Nobody else can overwrite it. This is because MS Excel deletes the old file and replaces it with the new one, thus resseting privaleges on the file to 700. Man smb.conf for force user, or force directory mask, whcih should eliminate the problem, if you don't want to mess with ACL's. I am not a member of this group but I hope you will answer my question :-) bye Martin Verschicken Sie romantische, coole und witzige Bilder per SMS! Jetzt neu bei WEB.DE FreeMail: http://freemail.web.de/?mc=021193 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming Profiles:Samba PDC:WinXP:User must be local admin SOLVED
Thanks Zach, but as this project moves forward, doing it the way you did for 100+ users would likely cause me to eat a bullet. Paul's way may leave a glitch or too. However maybe this would solve Awful Hack's problems. Cheers TMS III Zach wrote: This worked for me: (1) Log in as a local administrator on one of the XP clients (2) Create a temporary user, eg test_user1 (3) System Properties-Advanced-User Profiles:Settings button (4) Choose the profile you're trying to migrate and click Copy To (5) Pick some temporary directory, eg c:\test (6) Under Permitted to use, click change, and add your temporary user (7) Click ok and ok again, and wait while the profile is copied to c:\test. Windows has now added test_user1's SID to NTUSER.DAT in c:\test (8) log out and log back in as test_user1, to allow test_user1's profile to be set up. (9) log out and log back in as a local administrator (10) manually copy the contents of c:\test over top of test_1's profile in c:\Documents ...\test_user1\, or the directory where test_user1's profile was created. (11) log out and log back in as test_user1 to verify the profile loads properly (12) log out and log back in as a local admin and repeat steps 3 through 6, except instead of adding test_user1 under Permitted to use, add your domain user. Allow the profile to be copied to c:\test. Windows has now added the sid for your domain user to NTUSER.DAT (I don't know if the other SIDs are there as well or not). (13) At this point it is vital to make sure the domain user is not logged in on any machine otherwise NTUSER.DAT will be overwritten when they log out. Backup the server copy of NTUSER.DAT (14) copy c:\test\NTUSER.DAT to your server under the appropriate user's profile. (15) log out and log back in as the domain user. It should work. This way worked for me and preserved all of the profile's custmizations. I didn't try the profiles program (see man profiles) because I couldn't find that binary on my system. However this seems to work perfectly. Admittedly if you have more than a few users to migrate, this could be cumbersome. Paul Geinger's suggestion is much fewer steps. Your mileage may vary. Thanks for everyone's help - Original Message - From: Thomas M. Skeren III [EMAIL PROTECTED] Date: Wed, 29 Sep 2004 13:17:16 -0700 Subject: Re: [Samba] Roaming Profiles:Samba PDC:WinXP:User must be local admin To: Zach [EMAIL PROTECTED] See Paul Geingers email on this subject. That method works perfectly. WooHoo! Zach wrote: Tom, Can't wait to find out what you learn. In the mean time, a quick google search turned up this: http://www.samba.org/samba/docs/man/profiles.1.html Unfortunately I don't have this package installed on this system, so I don't have the man page or the profiles command right now. On Wed, 29 Sep 2004 10:46:14 -0700, Tom Skeren [EMAIL PROTECTED] wrote: Zach wrote: We just experimented with this here at work. As administrator we manually deleted the profile of a user at replaced it with a manual copy of another user's profile, and the problem was reproduced exactly. When we subsquently deleted NTUSER.DAT and logged in again, NTUSER.DAT was rebuilt using the default profile and the profile loaded properly. Evidently the SID recorded in NTUSER.DAT has to match the user's sid or it won't load properly. Good news Zach. I'm off to the office to give it a go myself. Should give a preliminary response by noon PST. Cheers, TMS III -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smb.conf syntax
[EMAIL PROTECTED] wrote: Greetings, When a new file is created it's permissions need to be RWX for all users, as this a lock file is created, edited and deleted after each session... First User on App Creates the File, all users are editing, and the last one off deletes... (Paradox Database) Is this config correct for this scenario? [specworks] browseable = yes comment = SpecWorks Data path = /home/specworks writeable = yes valid users = user1 user2 user3 user4 security mask = 0777 force security mode = 0 directory security mask = 0777 force directory security mode = 0 Do I need a Force User or anything else to accomplish this?? Unfortunately I think the answer is yes. I have read that ACL's will alleviate this in many ways. However, I am just getting ACLs setup, and cannot advise at this point. Users are all members of SPECWORKS group... TIA -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] New user Questions on passwords
I've had a LOT of problems with this. First make sure that the Win box is using Samba as NetBIOS name server. Make sure that the samba server IS the domain master browser. Do a Netstat -an on the windows box when browsin, see what port the Win box is trying to connect to. IF MS client is issuing port 445 connects, this by-passes nmbd and you cannot authenticate using a netbiios name, only by IP-Addy. This has been my experience. Henry Baxter wrote: Unfortunately I have no experience with SWAT, so there may be some thing I'm not aware of, but I would suggest: 1) check that the user name you are logging in as has an account on the linux box, 2) set their password again just to be sure, 3) at command line type smbpasswd username and if that doesn't work, you know your smbpasswd file is the missing link, and to remedy it smbpasswd -a username. If you want to check which people are registered as samba users (not sure if SWAT does this?) go to /etc/samba/private/smbpasswd, and you can see them all. Oh, and as far as I know you should always be able to login as 'root' root-password, so I'm surprised you're having this trouble... If you've checked all that, keep in mind you can only have one open connecion, so something like 'map to guest = bad user' could be causing you to log in as a guest, stopping your ability to log in as a real user. Can't think of much else off-hand, if none of this helps, perhaps you could add some more information about your setup. Good luck! Oh, and you are entering user names in win2k, right? Henry Baxter John Graves wrote: I have just installed samba on a debian server. My laptop with win2k recognizes the debian server and shows it as a samba server in network neighborhood. I can start swat from the desktop. I have used swat to create both server and client server passwords. When I click on the debian server, I am asked for a network password for \\server. Every password I try, including the server user and root passwords are rejected as unknown or invalid. What am I missing??? John G. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems with Windows XP pro after initial login to Samba 3.0 server
Wee below Robert Galter wrote: Question: Does anybody have a solution for this problem? Problem: Windows XP creates a new user with same name after initial machine login to Samba domain. E.G. under Documents and settings the user name: gilbert existed as a subdirectory with additional subdirectories such as desktop, startup, MyDocuments, etc. The following procedure was used in Windows XP to log the machine into the Samba server: 1. Open System Properties dialog 2. Click Computer Name tab 3 Click command button: Change. 4. Click Member of Domain radio button 5. Fill domain name of edit field with Samba domain name 6. Click OK - User name/password appears 7. Fill in root as user name and rootspassword as the password 8. Wait 9. Process completes and then reboot. At this point a new user has been created: gilbert.000 . This new user has not inherited any of the settings from the original user, i.e. Desktop is blank, applications do not launch at startup, installed programs are not in start menu. The same set of subdirectories exist off of gilbert.000 but they are empty. The original gilbert subdirectory still exists but gilbert.000 has no access rights to gilbert. The original gilbert is an admin user and the new gilbert.000 has no admin rights. As the new user without rights, gilbert.000 cannot be changed back to admin. How do you keep this behavior from happening on Windows XP pro? You don't. It also happens under NT4 and w2k. How do you correct the problem after it has happened? Rename gilbert.000 to say gilbert.001. Rename gilbert to gilbert .000. This usually works. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] question on dot files
Perhaps you have in XP hidden files and folders exposed. Claude Jones wrote: I hope this is an appropriate forum for Samba questions from new users. I have successfully configured Samba on my network which consists of a Fedora 2 box and three Windows machines. However, I can't seem to turn off the dot files. When I browse to the shared folder from a one of the Windows machines, which is my personal folder in /home, I can see all the './' and '.' files. In SWAT under the 'filename handling' section 'hide dot files' is set to 'yes'. Can someone tell me what I'm overlooking? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Sharing a Samba Share?
An interesting problem. I think a thing I tried and failed at may apply here. Want internet samba port 445 clients to access a W2k machine, but point the router to a samba machine. Mount the w2k machine share on the Unix box Share that mount in samba Let the wan clients mount the unix samba share. Lots of errors. Besides being so slow it was unusable here are some issues. The smb mount to the unix box has the permissions of the mount. IE if you mount the w2k share as Administrator, then all who mount the samba share are Administrator. Further, given the above, Samba does not like this. It lags out a lot and is not ideal. Note that a smb mount from UNIX to a w2k server is a user level implementation. It's like mapping a drive to a windows box. I know not Novel, but I suspect that the Novel functions you describe are quite disimilar to smbfs. Too many beers. Exiting before I say something stupid. Fitzwater, Bryan wrote: Is it possible to share a Windows Share of a Samba Unix Share? We have Samba running on a Solaris Box, I can map a drive to the share just fine from a Windows 2000 server. Problem is that I want to in-turn share the Samba share from the Windows box. Reason is ... I have customers on a remote network who are only allowed HTTP and HTTPS outbound on their firewall. And I would like to give them access to the Solaris box. I would like to do something similar to what I have done for access to our Netware servers via HTTPS: Here's an example of what I have done for our Netware Servers: 1. Setup an application Server running Unix accessible via HTTPS in our DMZ. 2. Application Server runs an https Windows Domain Browser/ File Manager to browse and access Windows Server shares/files. 3. The shares are published to the client browser via HTTPS. 4. The user can manage files using their java client similar to the Windows Explorer. 5. I setup one of the Windows Servers with GSNW (Gateway Services for Netware) and use that to re-share netware file shares as windows shares. 6. From this point the remote users can access the Netware files through the HTTPS application server, then the Windows Server running GSNW and finally on the Netware server. This all works fine but I want to do something similar for sharing the files on the Solaris box. Process would be something like... 1. Setup an application Server running Unix accessible via HTTPS in our DMZ. = DONE. 2. Application Server runs an https Windows Domain Browser/ File Manager to browse and access Windows Server shares/files. = DONE. 3. Grab a Windows Server and MAP a drive to the Solaris Box using Samba. = DONE 4. Share the mapped drive in step 3 and allow remote user to access. = FAILED. This is where I get stuck, I can't share the mapped drive because Windows won't allow this type of mapping to be shared. Is there a workaround for this? Bear in mind the only connectivity the customer is allowed out their firewall is HTTPS, no FTP, no IPSEC (vpn) etc. thanks in advance for any ideas. -Bryan Fitzwater Network Janitor -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
