Re: [Samba] pdbedit and profiles
Dominic Iadicicco wrote: That did not work. What passdb are you using? LDAP TDB? On 6/13/05, Collen [EMAIL PROTECTED] wrote: pdbedit -u username -p=server\\path Collen. Dominic Iadicicco wrote: Hello all, Could someone give me the command line to edit the profile path of a users? I have tried this with no results. pdbedit -u someuser -p server\\path There has to be better documentation. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows XP Home accessing a Samba PDC
Richard Gaywood wrote: A friend of mine has asked me a question in my role as biggest local geek (for very small values of local). Googling hasn't turned up an answer, so does anyone here know if this is possible? At his business, they had a mixture of XP Home, XP Pro and Win98 machines accessing a Samba server with security=user. The server has one big everyone-read-write drive and a few smaller areas restricted to a few users by the valid users directive. This isn't at all secure though, and means whenever a person gets a new computer they have to mess about matching the username and password with the Linux server. It is also becoming a pain to manage as their network grows, and as they have now removed all the Win98 and all except two of the XP Home clients, they are wondering about switching Samba to become a PDC. This would allow them a lot more flexibility in terms of permissions on the share, even without ACLs. Obviously, the XP Home machines will not be able to log into the domain. However, is there any way to allow them access to the public everyone-read-write anyway, even though they are not in the domain? Well yeah. Give them an LDAP account. Use the map network drive function on the xp home box, and check reconnect at logon. Enter uname/pword in dialogue box. Make a shortcut to the mapped drive and put it in the starup folder. When user reboots the login dialogue will pop up when the startup folder is accessed by the system. It's sounds clunky but it should work. TMS III Thanks for your help! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Win XP Clients Using Kerberos
I have had quite good luck with Samba 3.0.10PDC/BDC with LDAP backend until about a week ago. For some strange reason, the XP clients have decided to try the Kerberos authentication method first to acccess shares. Since this involves a LENGTHY time out before a reversion to NTLM the clusers are complaining. Anyone know a n easy way to keep the XP machines from doing this? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind and NTLM authentication problems - NT_STATUS_ACCESS_DENIED
Paul Gienger wrote: DOMAINNAME is not the real name of the domain I am joining. I have sanitized the logs for obvious reasons. Maybe I'm crazily niave, but I'll never understand why things need to be santized that much... password hashes, sure; real world IP addresses, you bet; things that don't matter in the world outside of your network, who cares? Anyway, back to the issue at hand, since we've gotten this out of the way. How do I check if the samba server has joined the domain or not? net rpc or net ads testjoin The net roc join command suggested by the documentation was executed with the smbd,nmbd stopped and it worked just fine. No errors reported. Out of curiousity, what part of the log suggested that the server hasn't joined the domain? Oh, I see I left the wrong line of the log... it was this one: [2005/04/27 06:12:09, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(184) no entry for trusted domain DOMAINNAME found. Not being a winbind-runner here, I can't offer much beyond pointing at the documentation to be sure you've followed all of the steps there to be sure your setup is sane. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Joining a domain controller with a conflict name
Jonathan Johnson wrote:
Tom Skeren wrote:
Andrew Bartlett wrote:
On Wed, 2005-04-13 at 16:41 -0700, Ephi Dror wrote:
Did you mean that Yes, there is a way to prevent joining a domain
with
using another server name or did you mean Yes that IT must make
sure
the name is unique and no computer with this name is already part of
this domain when joining a domain.
This is the sole responsibility of the IT department. Like windows,
Samba will use the name it is given.
It is not possible to reliably determine the difference between a
machine that is rejoining the domain (say after catastrophic hardware
failure, or simply an failure in the trust account) and a duplicate
machine, elsewhere in the domain.
True. However, if a machine named say SA1 is up and connected, and
another SA1 shows up, a network error should occur. Especially if a
WINS server is up.
Again, this is the responsibility of the network administrator. That's
why a password is required to join a domain, so those who don't know
the password (read: your users) can't mess up your network. As an
administrator, it's your responsibility to make sure that a network
name conflict does not occur, by knowing if there's a machine with
THAT NAME on the network already.
Yes, that's all fine and good, except when the boss allows some visiting
dignitary to plug his laptop into the ethernet port in the conferernce
room, etc.
In a purely Windows world, a naming conflict will be detected on the
network as soon as the second machine boots up. You'll get a message
on screen to the effect of another computer with this name exists on
the network. Since Samba works a little differently, you won't see a
message like this unless you look in the logs (and your logging is set
to an appropriate level).
This brings to mind two ideas for improving Samba:
- As part of its startup routine, Samba should check to see if there
are any naming conflicts and refuse to start if there are (returning
an error to the console so you know WHY it's not starting). Of course,
if the other machine with that name is presently not on the network,
no error would occur. An option could be added to allow operation
where naming conflicts could occur, though the use of this option
would be discouraged.
- As part of the 'net join' routine, Samba should check to see if the
domain controller already has an account by that computer name, and if
so, present a warning and a prompt to continue. ('A computer account
with the name SAMBA already exists in the domain ABMAS. Replace
account? (y/n) [n]') This would give Samba (even more) functionality
that Windows doesn't do, and the administrator a sanity check before
screwing something up. The default behaviour (if the admin just hits
enter) should be to either re-ask the question, or assume no and not
replace the account. If the answer is no then an error stating
failure to join the domain should appear.
~Jonathan Johnson
Sutinen Consulting, Inc.
www.sutinen.com
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Joining a domain controller with a conflict name
Andrew Bartlett wrote: On Wed, 2005-04-13 at 16:41 -0700, Ephi Dror wrote: Hi Andrew, Thanks Andrew for your reply. I was not quite understood one thing. Did you mean that Yes, there is a way to prevent joining a domain with using another server name or did you mean Yes that IT must make sure the name is unique and no computer with this name is already part of this domain when joining a domain. This is the sole responsibility of the IT department. Like windows, Samba will use the name it is given. It is not possible to reliably determine the difference between a machine that is rejoining the domain (say after catastrophic hardware failure, or simply an failure in the trust account) and a duplicate machine, elsewhere in the domain. True. However, if a machine named say SA1 is up and connected, and another SA1 shows up, a network error should occur. Especially if a WINS server is up. Andrew Bartlett -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Database Problems
I have a billing database that runs on a Faircom engine. I had set things up initially with users accessing files in this directory with their user accounts. However, only one person could enter data at a time. I then created a seperate share for this directory and did a force user= on it. I had thought that this worked, but of course users never bothered to tell me that after a short period of time the problem reemerged. I'm wondering what other tricks I might use here to eleviate this problem. The server is a LDAP PDC running 3.0.10. smb.conf. Tabs3 is the database directory global] workgroup = FSKS server string = Camarillo interfaces = obey pam restrictions = Yes passdb backend = ldapsam:ldap:// log file = /usr/log/samba/%m.log max log size = 50 acl compatibility = win2k map acl inherit = Yes server signing = auto add user script = /var/lib/samba/sbin/smbldap-useradd.pl -a -m '%u' delete user script = /var/lib/samba/sbin/smbldap-userdel.pl '%u' add group script = /var/lib/samba/sbin/smbldap-groupadd.pl -p '%g' delete group script = /var/lib/samba/sbin/smbldap-groupdel.pl '%g' add user to group script = /var/lib/samba/sbin/smbldap-groupmod.pl -m '%u' '%g' delete user from group script = /var/lib/samba/sbin/smbldap-groupmod.pl -x '%u' '%g' set primary group script = /var/lib/samba/sbin/smbldap-usermod.pl -g '%g' '%u' add machine script = /var/lib/samba/sbin/smbldap-useradd.pl -w '%u' domain logons = Yes os level = 33 lm interval = 5 preferred master = Yes domain master = Yes wins server = lock spin count = 4 ldap admin dn = cn=Manager,dc=fsklaw,dc=com ldap filter = ((uid=%u)(objectclass=posixAccount)) ldap group suffix = ou=groups ldap idmap suffix = ou=Idmap ldap machine suffix = ou=computers ldap suffix = dc=fsklaw,dc=com ldap user suffix = ou=users idmap backend = ldap:ldap:// idmap uid = 1-2 idmap gid = 1-2 admin users = tms3 inherit permissions = Yes inherit acls = Yes write cache size = 262144 dos filemode = Yes dos filetimes = Yes [camarillo] path = /usr/home/camarillo read only = No create mask = 0777 force create mode = 0777 force directory mode = 0777 guest ok = Yes [www] path = /usr/local/www valid users = root read only = No [Profiles] path = /usr/home/camarillo/open/Profiles read only = No guest ok = Yes profile acls = Yes hide files = /desktop.ini/ [tabs3] path = /usr/home/camarillo/open/STI_Remote force user = root read only = No create mask = 0740 force create mode = 0740 force directory mode = 0740 directory security mask = 0740 guest ok = Yes veto oplock files = rmtfee.dat, rmtfee.idx -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Strange LDAP add machine problem
Ben Davis wrote: I'm setting up a Samba/LDAP PDC (samba-3.0.13 / openldap-2.1.30) and I'm trying to join a machine (called melisa) to the domain. When I try to join the domain, I type in the Administrator (which maps to root) credentials. and after a few seconds I get a windows error that says: The following error occurred while attempting to joing the domain PCA-USERS: The user name could not be found. I have the same problem. The only way I am able to add a machine is to: 1. Create the posix machine account using chpass (I run on FreeBSD) 2. smbpasswd -m -a Machine_Name 3. Use my ldap gui tool to edit the ldap entry created by smbpasswd with the additional info. 'Tis a royal pain in the arse. Don't know whyhaven't had time to play with the smbldap_useradd.pl pearl script. The machine was successfully added to the ldap dir, in ou=Computers, but I can't seem to figure out why I'm getting this error. I saw the following searches in my slapd.log: SRCH base=dc=pca-wichita,dc=com scope=2 filter=((uid=melisa$)(objectClass=sambaSamAccount)) SRCH base=ou=Users,dc=pca-wichita,dc=com scope=1 filter=((objectClass=posixAccount)(uid=melisa$)) The first search returned 1 entry, but the second search returned 0. I'm not really sure why it's looking in ou=Users and using a scope of 1 (isn't that the base scope?). My smb.conf settings have the following: ldap user suffix = ou=Users ldap machine suffix = ou=Computers Does anyone know of anything else I can look at to try and troubleshoot this problem? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows ask for password when i try to access home shares
Cristian Thiago Moecke wrote: Ok, firist of all, thanks for the DONT USE SWAT!!! tip... it worked for me, very fine! :D Now I have the Linux box in my domain, winbind is runing just fine I guess (the getent and wbinfo commands return what they should return, and I can set the permissions of dirs to domain accounts... i loved that, by the way, when I decided to use samba I was not expecting this kind of thing! Very very nice :D), but... i am having problems setting up the homes... I had set up pam to create the home dirs, and now when I log in a Windows workstation and acces the samba server, it shows a dir of the username. If I try to acces it, it creates a dir in the directory i set PAM to do it (/home/MYDOMAIN/username) but it aasks for a password! And I tyed many passwords and no one worked... I found a lot of questions like that in internet but no answers. Could someone help me on that? Check directory permissions. Also, you probably want to set up ACLs. Thanks Cristian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Primard Domain Controller feature not working
Mark Ratering wrote: I tried using root and i get the error The username could not be found As root type smbpasswd -a root On Tue, 29 Mar 2005 16:31:19 -0600, Paul Gienger [EMAIL PROTECTED] wrote: problem! I am using the 'using samba' book from o'reilly and it says that the parameter domain admin group is obsoleted in samba 3.0 I A good way to do that would be creating a unix group that you want to be mapped to Domain Admins, map it and assign it the appropriate SID (you can look into the source for the smbldap-tools to get it in plain text). Then you simply add users to it. am using 3.0 and i cant add computers to the domain. Either use root (properly added as a samba user) or another user with uid=0, or use the privilege delegation tools in recent versions. I believe the version that started with them was 3.0.9. The documentation at samba.org (the howto and by example) should be your guide as they are updated for the current version. On Tue, 29 Mar 2005 12:35:56 -0800, Mark Ratering [EMAIL PROTECTED] wrote: Hey guys, I configured Samba do be the domain controller for my network and to share folders. the folder sharing works great. The problem is that the domain function does not work at all. I cannot join the domain from any workstation. It just says that the controller cannot be contacted. I ran an Ethereal sniff on the packets and the computer that i want to be PDC is sending ICMP Destination unreachable packets in response to the NBNS Name Query. Here is the packet that the workstation is sending to the server. 00 11 11 ba 82 1a 00 0a e6 d5 fa b4 08 00 45 00 ..E. 0010 00 4e 01 fb 00 00 80 11 b4 53 c0 a8 01 9e c0 a8 .N.. .S.. 0020 01 62 00 89 00 89 00 3a 81 4e 80 63 01 00 00 01 .b.: .N.c 0030 00 00 00 00 00 00 20 46 46 46 44 45 43 45 4a 45 .. F FFDECEJE 0040 4f 45 48 45 50 43 41 43 41 43 41 43 41 43 41 43 OEHEPCAC ACACACAC 0050 41 43 41 43 41 42 4d 00 00 20 00 01 ACACABM. . .. The config file that i am using (not including shares that have nothing to do with the domain controller). I do not want roaming profiles. #NetBIOS settings netbios name= FILESERVER workgroup = USBINGO server string = File Server log file= /var/log/samba/log.%m max log size= 50 time server = yes hide dot files = yes log level = 1 #Security settings security= user domain logons = yes encrypt passwords = yes #Turn on the WINS server wins support= yes #Make sure that Samba is the master browser and domain master browser domain master = yes local master= yes preferred master = yes os level= 65 add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u [netlogon] path= /files/netlogon writable= no browsable = no Thanks, -Mark -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Testparm
What's the trick to use testparm to clean up your smb.conf file? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba WINS problem on 2 networked LANS using a VPN connection
Your VPN looks problematic. You probably want a different subnet. Pml wrote: Hello Samba experts, Please read all email because i'm desperate! I have problem on joining to LAN-s using Samba. Finally i got a solution to see booth workgroups on Entire Network, but i'm having problem with stations located in LAN2. From any station located in LAN1, I can see LAN2 workgroup and the browse list with stations located in LAN2, but when i'm tring to access and station in it, i get connection refused. I want to mention that acces by IP address is working (eg: \\192.168.1.72)!!! It seems to be a probelm related to browse list and my wins server. From any station located in LAN2, i can access by name each networked station in LAN1. My networks scheme is printed below: (LAN1=192.168.1.48 network and 192.168.1.63 broadcast) --LAN1 (192.168.1.48/240)-- | | | | (192.168.1.49) Gateway/RouterA (83.84.85.86) | | Internet | | (83.84.85.87) Gateway/RouterB (192.168.1.65) | | | | --LAN2 (192.168.1.64/224)-- (LAN2=192.168.1.64 network and 192.168.1.95 broadcast) I have bidirectional ping between to/from any station located in my LANS. All stations from LAN1 and LAN2 are WindowsXP(SP2) and has firewall disabled. Booth Routers (A and B - RHEL 3.0) has samba installed and Router A is used as VPN server (tunel address 10.1.0.1) and RouterB is used as VPN client (tunel address 10.1.0.2). Here comes my smb.conf file from RouterA which i want to be used as WINS server by all my windows clients: [global] workgroup = LAN1 netbios name = router-LAN1 server string = Samba interfaces = 192.168.1.49/28 192.168.1.95/27 127.0.0.1/8 10.1.0.1/24 bind interfaces only = yes remote announce = 192.168.1.49/LAN1 192.168.1.65/LAN2 remote browse sync = 192.168.1.63 192.168.1.95 #broadcast address LAN1 and LAN2 public = yes browseable = yes browse list = yes auto services = yes announce as = NT os level = 200 local master = yes prefered master = yes domain master = yes name resolve order = wins wins support = yes Here comes my smb.conf file from RouterB (WINS client and Local Master Browser for LAN2). [global] workgroup = LAN2 netbios name = router-LAN2 server string = Samba interfaces = 192.168.1.65/27 192.168.1.63/28 127.0.0.1/8 10.1.0.2/24 bind interfaces only = yes remote announce = 192.168.1.65/LAN2 192.168.1.49/LAN1 remote browse sync = 192.168.1.63 192.168.1.95 #broadcast address LAN1 and LAN2 #politica de browsing si metoda de translatie ip-nume announce as = NT os level = 200 local master = yes prefered master = yes domain master = yes name resolve order = wins wins server = 192.168.1.49 Each Windows XP station from LAN2, has configured manually WINS server at 192.168.1.49. Also, on each LAN workgroup, i can see and access router-LAN1 and router-LAN2 which is not exactly what i really want (router-LAN1 should be present in WORKGROUP LAN1 and router-LAN2 should be present in WORKGROUP LAN2) More then that, if i'm tring to access from router-LAN2 a station located in LAN2, i get this error: # smbclient -L an13 Connection to an13 failed ...but browsing list is returned ok by router from LAN2: # smbclient -L router-LAN2 Password: Domain=[LAN2] OS=[Unix] Server=[Samba 3.0.9-1.3E.1] Server Comment ---- AN12 AN13 AN14 AN15 AN16 ROUTER-LAN1 Samba ROUTER-LAN2 Samba WorkgroupMaster ---- LAN1ROUTER-LAN1 LAN2ROUTER-LAN2 Please help me... Regards, Alex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Constantly failing trusts
OK, I have two way trust between a samba/ldap domain and a w2k domain. However, I constantly have to go to AD Trusts and verify the trust to the samba server so that w2k domian users can get to their shares in the samba domain. I am not seeing a problem from users in the samba domain to the w2k domain. Anyone have similar experiences? samba 3.0.10 ldap 2.2.2X FreeBSD 5.3 WINS is w2k Wan transactions between domains occur over IPSEC/Stunnel vlan with FreeBSD 5.3 gateways. As always, thanks in advance TMS III -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Domain Tursts Revisited
OK Jerry, I think I got it sorted. The documentation in Chap 17 says: Problems With LDAP ldapsam And The smbldap-tools If you use the smbldap-useradd.pl script to create a trust account to set up Interdomain trusts the process of setting up the trust will fail. The account that was created in the LDAP database will have an account flags field that has [W ], when it must have [I ] for Interdomain trusts to work. Answer: Here is a simple solution. Create a machine account as follows: root# smbldap-useradd.pl -w domain_name Then set the desired trust account password as shown here: root# smbldap-passwd.pl domain_name\$ I think it needs to be clear that domain_name here is the NetBIOS name of the w2k domain and not the samba domain. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Trusts
Is the trust function no longer functional in 3.0.10 or is it just experimental I've got 3.0.10 with ldap backend and it consistantly fails. At this point members in the previously trusted w2k domain cannot get into the samba drive even with an ldap username and password. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Trust Accounts W2K - Samba/LDAP
Used the how to, but keep getting trust cannot be verified from W2K server. Anyone got a good walk through on setting up the trust between a W2k and ldap-samba domain? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Still no browse list and no help!
Marvin Bonilla wrote: Unable to resolve my problem after long time of reading and searching I decide to ask for help to the experts. The problems is that there is no browse list even thought everything works fine. I can share files with others machines but don't see anything on network neighborhood. We use the OpenBSD 3.6 box with Samba 2.2 only for DNS and Wins. Please Help! Are you using static IP's on the win boxes, or DHCP? If you are using DHCP, what DHCP server are you using? The reason I ask is that you need to have the Win boxes point to the Samba wins server for browsing to work right. It also helps to make sure the workgroup on the Win boxes is the same as the workgroup name in smb.conf. Here is my smb.conf file. # This is the main Samba configuration file. You should read the #=== Global Settings [global] ## ## Basic Server Settings ## # workgroup = NT-Domain-Name or Workgroup-Name, eg: REDHAT4 workgroup = TVGBCAST netbios name = laxbcastdns01 # server string is the equivalent of the NT Description field server string = # This option is important for security. It allows you to restrict # connections to machines which are on your local network. The # following example restricts access to two C class networks and # the loopback interface. For more examples of the syntax see # the smb.conf man page hosts allow = 10. 127.0.0.1 # Uncomment this if you want a guest account, you must add this to /etc/passwd # otherwise the user nobody is used guest account = pcguest # this tells Samba to use a separate log file for each machine # that connects # log file = /var/log/smbd.%m # How much information do you want to see in the logs? # default is only to log critical messages ; log level = 1 # Put a capping on the size of the log files (in Kb). max log size = 550 # Security mode. Most people will want user level security. See # security_level.txt for details. security = user # Using the following line enables you to customise your configuration # on a per machine basis. The %m gets replaced with the netbios name # of the machine that is connecting. # Note: Consider carefully the location in the configuration file of # this line. The included file is read at that point. ; include = /etc/samba/smb.conf.%m # Most people will find that this option gives better performance. # See speed.txt and the manual pages for details # You may want to add the following on a Linux system: # SO_RCVBUF?92 SO_SNDBUF?92 ; socket options = TCP_NODELAY # Configure Samba to use multiple interfaces # If you have multiple network interfaces and want to limit smbd will # use, list the ones desired here. Otherwise smbd nmbd will bind to all # active interfaces on the system. See the man page for details. # interfaces = 10.4.100.2/24 10.3.100.2/24 10.7.50.1 # Should smbd report that it has MS-DFS Capabilities? Only available # if-with-msdfs was passed to ./configure ; host msdfs = yes ## ## Network Browsing ## # set local master to no if you don't want Samba to become a master # browser on your network. Otherwise the normal election rules apply local master = yes # OS Level determines the precedence of this server in master browser # elections. The default value (20) should be reasonable os level = 65 # Domain Master specifies Samba to be the Domain Master Browser. This # allows Samba to collate browse lists between subnets. Don't use this # if you already have a Windows NT domain controller doing this job domain master = yes # Preferred Master causes Samba to force a local browser election on startup # and gives it a slightly higher chance of winning the election preferred master = yes browse list = yes ## ## WINS Name Resolution ## # If you have multiple network interfaces and want to limit smbd will # use, list the ones desired here. Otherwise smbd nmbd will bind to all # active interfaces on the system. See the man page for details. # interfaces = 10.4.100.2/24 10.3.100.2/24 10.7.50.1 # Should smbd report that it has MS-DFS Capabilities? Only available # if-with-msdfs was passed to ./configure ; host msdfs = yes ## ## Network Browsing ## # set local master to no if you don't want Samba to become a master # browser on your network. Otherwise the normal election rules apply local master = yes # OS Level determines the precedence of this server in master browser #
Re: [Samba] Smbmount and permission denied
MATHIEU FRANCOIS-XAVIER wrote: Hello, Note that I found many place with similar problem, but I don't understand any solution. Can you help me ? I use Samba 3.0.10 on a Suse 8.2. On SuSE 9.2 I use mount -t smbfs -U=user //machine_name/share /local/directory. I think that's the right structure. Sorry don't use linux much. My goal is to mount a shared directory from a XP machine to a directory on my linux. * I have created a directory in order to mount the XP directory * a ls -l show me this directory * I mount the XP directory with a valid command : smbmount //be2a03xc/pmlist /home/team/monsysrv -o username=NT_user,password=NT_password,workgroup=BE001 * This command gives no error message and mount command shows me that all seems to be correct. * When I do a ls -l, I see no more this directory, but I can enter in it with cd * a ls -l of this directory gives me permission denied. * strange ? No ? If you have any tips or additional question in order to solve this very strange problem, do not hesitate to respond to me. Kind regards, François -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] PDC Domain Name Change
What are the repercusions, particularly with respect to XP Pro, for changing the domain name in Samba 3.0.9 PDC? Can I join a Samba PDC to a W2K domain with net rpc or is this a bad idea? TMS III -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Multiple Permissions within a share for the same userid
Michael Lueck wrote: Simply what I would like to create is the following Default, the share is read only The share has a write list, for admins allowed to update the share Now for the twist... Read Only Users have ability to write to one dir within the share Any simple way to configure this, or is two shares easier? Two shares are the easiest way to do this, IMHO. TMS III Here is the share as it stands today... [blablabla] comment = Bla Bla Bla browseable = no path = /shares/blablabla guest ok = no read only = yes write list = mradmin And lets say I would like to allow /shares/blablabla/app/logs to be a user writable directory tree. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba as PDC and Win2K File Srv
OrvUx wrote: Hi everybody... I have a Debian GNU/Linux Box running Samba as PDC on my network, but i have too a Win2K File Server... all the clients are Win98,2K,XP... OK, well, you should just join the W2K server to the samba domain, as a domain member server. Or you could create an AD W2K domain and make the samba PDC a domain member server. That would be the easiest solution to your problem. TMS III I have created users in both Linux/Samba and W2K with the same username and passwords, the W98 clients now can join the domain owned by Samba, but when this client try to access to the W2K Srv a popup window ask for a Password, it says: -- Enter the Network password: You must supply a password to make this connection: Resource: \\serverW2K\IPC$ Password: If i type the password and clic Enter a new popup window appear with: - Microsoft Networking The password is incorrect. Try again. - Even if the username and password are the same than the Win2K Somebody can help me? How can access to this server shared folders with any client (98,2K,XP) Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] problems with samba 3.x
David Bear wrote: I upgraded from Samba 2.x to Samba 3.x on my FreeBSD box. I used the ports collection to do it. Currently, samba is at samba-3.0.10,1 I did a rapid test of after make install from a windows XP box. It worked fine. I also test from another samba client on linux. Again, all was fine However, when I attempt to access this server from ANY windows 2000 box I get the message: net use s: \\assurbanipal\iddwb System error 50 has occurred. The network request is not supported. I left my smb.conf file in place form the prior installation. Yes, well, I've never seen it. Dunno what to tell you. samba loads without error -- nothing interesting in log/samba/smbd.log. Anyone seen this and know of a fix? Again, windows XP and other samba clients can access this server fine. Its only windows 2000 that has this problem, and it is consistent for all w2k boxes. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] domain administrator is always mapped to root
Florian Effenberger wrote: Hello, I have found out that a domain administrator is always mapped to root in the UNIX filesystem: drwx-- 2 jive smbguests 1024 2004-12-23 18:59 jive drwx-- 13 salsa smbusers 1024 2004-12-23 18:58 salsa drwx-- 13 root smbadmins 1024 2004-12-23 18:56 tango jive is a domain guest user, salsa a domain user and tango a domain administrator. Yes, if tango is listed as admin user in smb.conf. Is it possible to change the root ownership behaviour? Don't list Tango as admin user in smb.conf. Thanks Florian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] one machine connects, others do not
jdyke wrote: See below I have samba 3.x running on FreeBSD 5.3, configuration info follows. One machine, mine, can connect to any share on the FreeBSD machine that i have access to. But no one else can connect, inclusive of me with the same credentials from the other computuers. All clients are WinXP Pro, some have SP2, some dont, mine does not. I had been running samba2.2 and was expierencing the same issue. In the /var/log/log.NETBIOS files i was seeing [2004/12/23 08:44:27, 0] smbd/password.c:server_cryptkey(1055) password server not available now that i've upgraded i'm seeing log.ip.address files, instead of the NETBIOS name, with zero file sizes. The error above is no longer entered into any files. nor is anything logged. When i browse the Network Neighborhood on the XP machines i get an error that states You are not authorized to log in from this location, as soon as i click on the Workgroup icon. All of these machines are on a 192.168.2 and 192.168.2.102 network. i've modified the Workgroup a number of times(rebooting of course) and each time, my computer can connect, but no one else. Any input would be greatly appreciated...if i can supply more information, please let me know. Seems liek it has to be something very simple...if i can connect. Thanks Jeff output from testparm Load smb config files from /usr/local/etc/smb.conf Processing section [jdyke] Processing section [x] Processing section [x] Processing section [x] Processing section [xxx] Processing section [xx] Processing section [x] Processing section [x] Processing section [x] Loaded services file OK. Server role: ROLE_STANDALONE [global] workgroup = AZIMAOFFICE server string = freebsd encrypt passwords = No Wrong...should be Yes log file = /var/log/log.%m max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 Those are Linux options. I don't use them. preferred master = Yes domain master = Yes Add: wins support = Yes (Unless you have an NT wins server. Then you want to use wins server = w.x.y.z) enhanced browsing = Yes dns proxy = No hosts allow = 192.168.2., 192.168.102., 127. [jdyke] comment = Jeffs path = /home/jdyke username = jdyke read only = No writeable = Yes create mask = 0765 --- 7 more of these shares with only the path and share name changed. --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] BDC Question
When configing a BDC and using passdb backend tdb, do I need to rebuild all the users on the BDC manually, or should I use the password server = PDC line in smb.conf? Thanks for any input, TMS III -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Moving from tdb backend to LDAP
Have about 15 accounts in tdb, want to move to LDAP. Do I need to recreate all the accounts in LDAP? TMSIII -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] net rpc getsid
Net rpc getsid fails on with unable to find suitable server. The two samba servers are on different nodes, but I have remote announce, and remote browse sync running, and working. I was able to join a WinXP Pro machine on the remote node to the PDC, so the windows box is working, but not the samba box. Any thoughts? TMS III -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba panics on disk size and connection is lost while copting files.
Bo Jacobsen wrote: I have moved a Samba installation from an old samba 2.2.8a (on a 2.4.21 kernel) to a new server running Samba 3.0.10 on a SuSE 9.2 (kernel 2.6.8) and I now have a problem using the (same) shares from client W2K machines. When I open My Computer window on a client, the drives are marked by a red cross, as if they were disconnected, and the disksize is zero. I can decend into the folders on the drives, and here all the files are there as expected. After opening the My Computer window, a panic error message is logged in log.smbd. The error message is added below. As long as I'm in a Samba share, the error message is reapeated over and over again. Have you done this? [2004/12/21 15:54:59, 0] lib/fault.c:fault_report(37) INTERNAL ERROR: Signal 11 in pid 5751 (3.0.10-0.1-SUSE) Please read the appendix Bugs of the Samba HOWTO collection If I copy files to the Samba shares, the operation is interupted after maybe 600 - 1000MB of files, with a message that the connection to the drive has been lost. The connection is actually not lost, as I still has full access to the drive !?. When the copy stops, there is no new error message added to log.smbd (or log.nmbd). The problem is exactly the same in both Samba 3.07 and 3.0.10. The client tested is W2K with SP4 and all the latest fixes installed. Norton Internet Security 2003. Disabling the antivirus has no effect. From time to time the W2K machines displayes an error message that the connection to a Samba share is lost and reestablished. Any suggestions. Bo ## # log.smbd printout: ## [2004/12/21 15:54:59, 0] lib/fault.c:fault_report(36) === [2004/12/21 15:54:59, 0] lib/fault.c:fault_report(37) INTERNAL ERROR: Signal 11 in pid 5733 (3.0.10-0.1-SUSE) Please read the appendix Bugs of the Samba HOWTO collection [2004/12/21 15:54:59, 0] lib/fault.c:fault_report(39) === [2004/12/21 15:54:59, 0] lib/util.c:smb_panic2(1482) PANIC: internal error [2004/12/21 15:54:59, 0] lib/util.c:smb_panic2(1490) BACKTRACE: 18 stack frames: #0 /usr/sbin/smbd(smb_panic2+0x120) [0x8202000] #1 /usr/sbin/smbd(smb_panic+0x26) [0x82021d6] #2 /usr/sbin/smbd [0x81ed0b0] #3 [0xe420] #4 /lib/tls/libc.so.6(getmntent+0x54) [0x4035ad84] #5 /usr/sbin/smbd [0x80e1058] #6 /usr/sbin/smbd(sys_get_quota+0xed) [0x80e1a7d] #7 /usr/sbin/smbd(disk_quotas+0x4d) [0x80e5aed] #8 /usr/sbin/smbd(sys_disk_free+0xcb) [0x8088bcb] #9 /usr/sbin/smbd(vfswrap_disk_free+0x39) [0x80d2329] #10 /usr/sbin/smbd [0x80ba8fb] #11 /usr/sbin/smbd(reply_trans2+0x13cb) [0x80c09cb] #12 /usr/sbin/smbd [0x80dccf0] #13 /usr/sbin/smbd(process_smb+0x19a) [0x80dd27a] #14 /usr/sbin/smbd(smbd_process+0x16f) [0x80dd6df] #15 /usr/sbin/smbd(main+0x530) [0x8283310] #16 /lib/tls/libc.so.6(__libc_start_main+0xe4) [0x402bdb14] #17 /usr/sbin/smbd [0x8079701] [2004/12/21 15:54:59, 1] smbd/service.c:make_connection_snum(647) bopc2 (192.168.7.43) connect to service diverse initially as user bo (uid=1000, gid=100) (pid 5751) [2004/12/21 15:54:59, 0] lib/fault.c:fault_report(36) === [2004/12/21 15:54:59, 0] lib/fault.c:fault_report(37) INTERNAL ERROR: Signal 11 in pid 5751 (3.0.10-0.1-SUSE) Please read the appendix Bugs of the Samba HOWTO collection [2004/12/21 15:54:59, 0] lib/fault.c:fault_report(39) === [2004/12/21 15:54:59, 0] lib/util.c:smb_panic2(1482) PANIC: internal error [2004/12/21 15:54:59, 0] lib/util.c:smb_panic2(1490) BACKTRACE: 18 stack frames: #0 /usr/sbin/smbd(smb_panic2+0x120) [0x8202000] #1 /usr/sbin/smbd(smb_panic+0x26) [0x82021d6] #2 /usr/sbin/smbd [0x81ed0b0] #3 [0xe420] #4 /lib/tls/libc.so.6(getmntent+0x54) [0x4035ad84] #5 /usr/sbin/smbd [0x80e1058] #6 /usr/sbin/smbd(sys_get_quota+0xed) [0x80e1a7d] #7 /usr/sbin/smbd(disk_quotas+0x4d) [0x80e5aed] #8 /usr/sbin/smbd(sys_disk_free+0xcb) [0x8088bcb] #9 /usr/sbin/smbd(vfswrap_disk_free+0x39) [0x80d2329] #10 /usr/sbin/smbd [0x80b9d15] #11 /usr/sbin/smbd(reply_trans2+0x13cb) [0x80c09cb] #12 /usr/sbin/smbd [0x80dccf0] #13 /usr/sbin/smbd(process_smb+0x19a) [0x80dd27a] #14 /usr/sbin/smbd(smbd_process+0x16f) [0x80dd6df] #15 /usr/sbin/smbd(main+0x530) [0x8283310] #16 /lib/tls/libc.so.6(__libc_start_main+0xe4) [0x402bdb14] #17 /usr/sbin/smbd [0x8079701] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind problems
Brian Kesting wrote:
Hello,
I am running a Samba server (3.0.7) on a Suse 9.2 box. I have connected this
server successfully to a Windows 2000 Active Directory (mixed mode). I have
nsswitch.conf, krb5.conf configured and winbind seems to be running properly
for the most part. With wbinfo I can get all of my user and group information.
Problem is, it seems that at random times, the samba server just stops
authenticating the windows user names and accounts. If I restart the winbind
or smb service, then all seems to be well again for a while. Right now the
only way I can keep this running is to run a cron job that restartes the samba
and winbind services every hour. This is really bugging me as I cannot figure
out what is going on. Can anyone help me? I have included some of my
configuration and log files below. Thanks in advance.
-/etc/samba/smb.conf--
# Samba Configuration File
[global]
workgroup = WAYNE
realm = WAYNE.LOCAL
server string = Samba Server
security = ADS
password server = adserver.wayne.local
encrypt passwords = yes
idmap uid = 1-2
idmap gid = 1-2
template shell = /bin/bash
winbind use default domain = no
winbind separator = /
The separator might be a problem.
[users]
comment = Users on Linux
path = /home/WAYNE
read only = No
browseable = Yes
-/etc/nsswitch.conf---
passwd: files winbind
group: files winbind
hosts:files dns wins winbind
networks: files dns
-/etc/krb5.conf---
[libdefaults]
default_realm = WAYNE.LOCAL
clockskew = 300
[realms]
WAYNE.LOCAL = {
kdc = police.wayne.local
default_domain = WAYNE.LOCAL
kpasswd_server = adserver.wayne.local
}
[domain_realm]
.WAYNE.LOCAL = WAYNE.LOCAL
[appdefaults]
pam = {
ticket_lifetime = 365d
renew_lifetime = 365d
forwardable = true
proxiable = false
retain_after_close = true
minimum_uid = 0
}
--/var/log/samba/log.smbd
[2004/12/20 15:25:33, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
Username WAYNE/LIEUTENANT1$ is invalid on this system
[2004/12/20 15:25:44, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
Username WAYNE/LIEUTENANT1$ is invalid on this system
[2004/12/20 15:25:54, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
Username WAYNE/LIEUTENANT1$ is invalid on this system
[2004/12/20 15:25:56, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
Username WAYNE/LIEUTENANT1$ is invalid on this system
.
.
.
[2004/12/20 16:04:34, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
Username WAYNE/DISPATCH_GW1$ is invalid on this system
[2004/12/20 16:05:13, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
Username WAYNE/DISPATCH_GW1$ is invalid on this system
[2004/12/20 16:05:13, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
Username WAYNE/DISPATCH_GW1$ is invalid on this system
--/var/log/samba/log.winbindd---
[2004/12/20 16:51:07, 1] libsmb/ntlmssp.c:ntlmssp_update(245)
Failed to parse NTLMSSP packet, could not extract NTLMSSP command
[2004/12/20 16:54:52, 1] libsmb/clikrb5.c:ads_krb5_mk_req(313)
krb5_cc_get_principal failed (No such file or directory)
[2004/12/20 16:56:18, 1] libsmb/ntlmssp.c:ntlmssp_update(245)
Failed to parse NTLMSSP packet, could not extract NTLMSSP command
[2004/12/20 16:59:01, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1059)
user 'root' does not exist
[2004/12/20 17:00:01, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1059)
user 'root' does not exist
[2004/12/20 17:01:18, 1] libsmb/ntlmssp.c:ntlmssp_update(245)
Failed to parse NTLMSSP packet, could not extract NTLMSSP command
[2004/12/20 17:06:24, 1] libsmb/ntlmssp.c:ntlmssp_update(245)
Failed to parse NTLMSSP packet, could not extract NTLMSSP command
[2004/12/20 17:11:40, 1] libsmb/ntlmssp.c:ntlmssp_update(245)
Failed to parse NTLMSSP packet, could not extract NTLMSSP command
[2004/12/20 17:15:01, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1059)
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] two domains
eric wrote: Is it possible to have two domains in one subnet? Yes I have a windows 2000 server and a samba server, but I want Active directory running on both, You can't run Active Directory on *nix machines. Samba can only be an AD Domain Member server. and I don't want them communicating with each other. So build a Samba PDC and don't do any AD stuff. Also, does Samba need to have a DNS entry for AD to work? Yes, but you don't want them communicating so why ask. Please please answer me I just want to finish this. Finish what? Thank you -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] WinXP client always connects as Gaia\Guest
Woellert, Kirk D. wrote: Mounting by IP does not make a difference. Somehow WinXP or Samba always tries to set up the connection as Guest. Even if one specifies a specific user. I colored some smb.conf lines red. Check those. It seems you have like every option in smb.conf...why? Check man smb.conf...if you're using default values already, why put them in smb.conf? -Original Message- From: Thomas M. Skeren III [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 14, 2004 7:39 PM To: Woellert, Kirk D. Cc: [EMAIL PROTECTED] Subject: Re: [Samba] WinXP client always connects as Gaia\Guest Woellert, Kirk D. wrote: All attempts to connect to our Samba server, share \data from any Windows client fails. I'm trying to get samba to prompt the windows user with a login box, have them enter the samba username/password, then head onto the share. If I use in the address field the following: \\gaia\data /user:woellki Try mounting the share by IP address\\ipaddy\data a dialog box appears, with the username field greyed out Gaia\Guest is shown, with blank password field. I hit cancel and WinXP returns the following message: Windows cannot find \\gaia\data /user:woellki. Check the spelling and try again, or try searching for the item by clicking the Start button and then clicking Search. A valid samba user account exists, which happens to match the linux account. Windows clients are members of the following corporate domain: northgrum. Samba 3.0.9 RH9 Final (20-31.9) # Samba config file created using SWAT # from 137.51.14.53 (137.51.14.53) # Date: 2004/12/14 17:25:11 # Global parameters [global] dos charset = CP850 unix charset = UTF-8 display charset = LOCALE workgroup = LUI_DCO realm = netbios name = GAIA netbios aliases = netbios scope = server string = gaia irad server interfaces = bind interfaces only = No security = USER auth methods = encrypt passwords = Yes update encrypted = No client schannel = Auto server schannel = Auto allow trusted domains = Yes hosts equiv = min password length = 5 map to guest = Never null passwords = No obey pam restrictions = No password server = * smb passwd file = /etc/samba/smbpasswd private dir = /etc/samba passdb backend = smbpasswd algorithmic rid base = 1000 root directory = guest account = nobody pam password change = No passwd program = passwd chat = *new*password* %n\n *new*password* %n\n *changed* passwd chat debug = No passwd chat timeout = 2 check password script = username map = /etc/samba/smbusers password level = 0 username level = 0 unix password sync = No restrict anonymous = 0 lanman auth = Yes ntlm auth = Yes client NTLMv2 auth = No -why no? client lanman auth = Yes client plaintext auth = Yes should be no preload modules = use kerberos keytab = No log level = 0 syslog = 1 syslog only = No log file = /var/log/samba/%m.log max log size = 5000 debug timestamp = Yes debug hires timestamp = No debug pid = No debug uid = No smb ports = 445 139 large readwrite = Yes max protocol = NT1 min protocol = CORE read bmpx = No read raw = Yes write raw = Yes disable netbios = No acl compatibility = defer sharing violations = Yes nt pipe support = Yes nt status support = Yes announce version = 4.9 announce as = NT max mux = 50 max xmit = 16644 name resolve order = lmhosts wins host bcast max ttl = 259200 max wins ttl = 518400 min wins ttl = 21600 time server = No unix extensions = Yes use spnego = Yes client signing = auto server signing = No - why not agree with client client use spnego = Yes change notify timeout = 60 deadtime = 0 getwd cache = Yes keepalive = 300 kernel change notify = Yes lpq cache time = 10 max smbd processes = 0 paranoid server security = Yes max disk size = 0 max open files = 1 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 use mmap = Yes hostname lookups = No name cache timeout = 660 load printers = Yes printcap cache time = 0 printcap name = cups cups server = disable spoolss = No enumports command = addprinter command = deleteprinter command = show add printer wizard = Yes os2 driver map = mangling method = hash2 mangle prefix = 1 stat cache = Yes machine password timeout = 604800 add user script = delete user script = add group script = delete group script = add user to group script = delete user from group script = set primary group script = add machine script = shutdown script = abort shutdown script = logon script = logon path = \\%N\%U\profile logon drive = logon home = \\%N\%U domain logons = No os level = 20 lm announce = Auto lm interval = 60 preferred master = No local master = No domain master = No browse list = Yes enhanced browsing = Yes dns proxy = Yes wins proxy = No wins server = wins support = Yes wins hook = wins partners = kernel oplocks = Yes lock spin count = 3 lock spin time = 10 oplock break wait time = 0
[Samba] FreeBSD Setup
I created a little FreeBSD setupguide for joining samba to a W2K ADS domain. http://www.fsklaw.com/fbsdconfig.html Hope it helps. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ADS Authentication
Edward Wissner wrote:
What did you change in your smb.conf file?
Well, I managed to get samba to authenticate, however, continued
winbindd problems make the setup worthless. Group searches fail, or are
incomplete. Domain users and groups list without domain id. net
groupmap fails. Attempts to re-join via net ads join fail.
If your interested, I have copied all the relevant config files here:
_*smb.conf:*_
workgroup = FSK
realm = FSKLAW.NET
server string = SSERVER
netbios name = SSERVER
security = ADS
client schannel = Yes
server schannel = Yes
passdb backend = ldapsam:ldap://w2000.fsklaw.net
socket options = TCP_NODELAY
dns proxy = No
ldap admin dn = cn=Administrator,cn=users,DC=fsklaw,DC=net
ldap suffix = DC=fsklaw,DC=net
idmap uid = 1-2
idmap gid = 1-2
winbind separator = /
winbind enum users = No
winbind enum groups = No
winbind use default domain = Yes
dos filemode = Yes
acl compatibility = win2k
inherit acls = yes
inherit permissions = yes
[FSK]
path = /home/FSK
public = yes
only guest = no
browseable = yes
writeable = yes
printable = no
create mask = 0777
force create mode = 0777
force directory mode = 0777
directory security mask = 0777
_*ldap.conf:
*_
host w2000.fsklaw.net
base dc=fsklaw,dc=net
ldap_version 3
URI ldaps:w2000.fsklaw.net
scope sub
pam_login_attribute Administrator
pam_password md5
idle_timelimit 3600
nss_base_passwd cn=Users,dc=fsklaw,dc=net?one
nss_base_group cn=Users,dc=fsklaw,dc=net?one
ssl on
TLS_CACERT /etc/CA/fsk.pem
tls_ciphers TLSv1
sasl_secprops maxssf=0
krb5_ccname FILE:/tmp/krb5cc_0
_*nsswitch.conf:
*_
passwd: files winbind
shadow: files winbind
group: files winbind
hosts: dns winbind ldap files nis
automount: files winbind ldap nisplus
aliases: files winbind ldap nisplus
_*krb5.conf:*_
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = FSKLAW.NET
dns_lookup_realm = false
dns_lookup_kdc = false
default_etypes = des-cbc-crc des-cbc-md5
default_etypes_des = des-cbc-crc des-cbc-md5
default_keytab-name = FILE:/etc/krb5.keytab
[realms]
FSKLAW.NET = {
kdc = KERBEROS.FSKLAW.NET
admin_server = w2000.fsklaw.net
default_domain= fsklaw.net
}
[domain_realm]
.fsklaw.net = FSKLAW.NET
fsklaw.net = FSKLAW.NET
.FSKLAW.NET = FSKLAW.NET
.kerberos.server = KERBEROS.FSKLAW.NET
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[pam]
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
_*pam.d/login:
*_
#
# $FreeBSD: src/etc/pam.d/login,v 1.16 2003/06/14 12:35:05 des Exp $
#
# PAM configuration for the login service
#
# auth
auth required pam_nologin.so no_warn
auth sufficient pam_self.so no_warn
auth include system
auth sufficient /usr/local/lib/pam_winbind.so
# account
account requisite pam_securetty.so
account include system
account sufficient /usr/local/lib/pam_winbind.so
# session
session include system
# password
password include system
-Original Message-
From: Tom Skeren [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 07, 2004 4:04 PM
To: Jeremy Allison
Cc: samba
Subject: Re: [Samba] ADS Authentication
Jeremy Allison wrote:
It was an smb.conf issue. Authentication against ADS is now
functioning. Now it's time to wrestle with ACLs. Thanks for the help.
TMS III
On Mon, Dec 06, 2004 at 02:29:29PM -0800, Tom Skeren wrote:
I'm about ready to smash my head through a wall...I could use a few
answers.
1. When using security = ads, and completing net ads join, it was my
understanding that samba authenticated username/pword against ads, and
local posix accounts were nolonger needed, is this true?
Yes, so long as you have nsswitch and pam set up correctly. It sounds
like you don't.
Jeremy.
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ADS Authentication
Christoph Scheeder wrote:
first:
STOP,
Too late, but not a problem. I was begining to suspect the Free BSD 5.x
guide I was using was problematic. I just did a clean install of 5.3,
and am installing software. I had already considered getting rid of
ldap refences. Should I also get rid of nss_ldap?
Thanks for the fresh pair of eyes looking at this for me.
TMS III
you want your samba-server to be a membersever in ADS, do you?,
then *remove* *all* bits referencing ldap from your smb.conf.
you entrust all user and groupmanagment to ADS via winbindd
and only via winbindd.
second:
you have configured winbindd not to give you the domain part
from ADS by setting:
winbindd use default domain = Yes
set it to no and you will get the domain part for your
domain users/groups
third:
don't use / as domain-seperator in linux/unix.
Yeah, I thought about that I will switch back to _ as a separator.
it has special meaning (path-seperator) and using it probably will give
you strange problems.
Christoph
Tom Skeren schrieb:
Edward Wissner wrote:
I have similar issues, but am not using an ldap server, rather a W2k
Active Directory domain controller.
Yes, so am I. The ldap server listed in ldap.conf is named w2000
And am not interested in lging into the linux server with AD.
Domain users and groups list without the domain ID for me as well.
I don't know if that is proper as I have never seen a working setup.
No...it should be DOMAIN_NAME/user1 DOMAIN_NAME/group1 etc. The /
is specified in smb.conf as winbindd separator.
I see my shares on the samba server from a w2k client, but am
prompted again for usr/passwd when attempting to open a shared
directory. That's when I get a failure.
Try mapping a drive by \\ip-addy\sharebet it works.
I'm ready to toss it and start over, migrating completely away from
w2k AD and setting up an ldap directory instead.
I can't unfortunately.
Samba works great if I create my users locally.
It works pretty well as an NT style PDC, yes, but this project
requires a samba server become a member server in ADS.
ed
-Original Message-
*From:* Tom Skeren [mailto:[EMAIL PROTECTED]
*Sent:* Wednesday, December 08, 2004 10:32 AM
*To:* Edward Wissner; samba
*Subject:* Re: [Samba] ADS Authentication
Edward Wissner wrote:
What did you change in your smb.conf file?
Well, I managed to get samba to authenticate, however, continued
winbindd problems make the setup worthless. Group searches fail,
or are incomplete. Domain users and groups list without domain
id. net groupmap fails. Attempts to re-join via net ads join
fail.
If your interested, I have copied all the relevant config files
here:
_*smb.conf:*_
workgroup = FSK
realm = FSKLAW.NET
server string = SSERVER
netbios name = SSERVER
security = ADS
client schannel = Yes
server schannel = Yes
passdb backend = ldapsam:ldap://w2000.fsklaw.net
socket options = TCP_NODELAY
dns proxy = No
ldap admin dn = cn=Administrator,cn=users,DC=fsklaw,DC=net
ldap suffix = DC=fsklaw,DC=net
idmap uid = 1-2
idmap gid = 1-2
winbind separator = /
winbind enum users = No
winbind enum groups = No
winbind use default domain = Yes
dos filemode = Yes
acl compatibility = win2k
inherit acls = yes
inherit permissions = yes
[FSK]
path = /home/FSK
public = yes
only guest = no
browseable = yes
writeable = yes
printable = no
create mask = 0777
force create mode = 0777
force directory mode = 0777
directory security mask = 0777
_*ldap.conf:
*_
host w2000.fsklaw.net
base dc=fsklaw,dc=net
ldap_version 3
URI ldaps:w2000.fsklaw.net
scope sub
pam_login_attribute Administrator
pam_password md5
idle_timelimit 3600
nss_base_passwd cn=Users,dc=fsklaw,dc=net?one
nss_base_group cn=Users,dc=fsklaw,dc=net?one
ssl on
TLS_CACERT /etc/CA/fsk.pem
tls_ciphers TLSv1
sasl_secprops maxssf=0
krb5_ccname FILE:/tmp/krb5cc_0
_*nsswitch.conf:
*_
passwd: files winbind
shadow: files winbind
group: files winbind
hosts: dns winbind ldap files nis
automount: files winbind ldap nisplus
aliases: files winbind ldap nisplus
_*krb5.conf:*_
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = FSKLAW.NET
dns_lookup_realm = false
dns_lookup_kdc = false
default_etypes = des-cbc-crc des-cbc-md5
default_etypes_des = des-cbc-crc des-cbc-md5
default_keytab-name = FILE:/etc/krb5.keytab
[realms]
FSKLAW.NET = {
kdc = KERBEROS.FSKLAW.NET
admin_server = w2000.fsklaw.net
default_domain= fsklaw.net
}
[domain_realm]
.fsklaw.net
Re: [Samba] ADS Authentication
OK Christopher, samba is authenticating, if a bit oddly (some XP machines can use \\sserver\fsk others need to use \\ipaddy\fsk---not a huge problem). However I don't think I'm grasping the net groupmap function. I was of the belief that if I did this: net groupmap add ntgroup=nt-group unixgroup=(some group in /etc/group), then ADS members in nt-group would be mapped to the unix group. Thus when I setfacl on that directory with the unix mapped group rwx, then ADS members of the nt-group would have rwx permissions. However, when I log in to the share, the smaba server terminal burps up: smbd[582] chdir (/home/FSK) failed I must be missing something. Any thoughts would be appreciated. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ADS Authentication
Christoph Scheeder wrote: Hi, 2 points: 1.) use the smb.conf which gives you a working wbinfo. 2.) this sounds like missconfigured pam to me. -you have to tell pam that winbind is sufficient for auth and account with the lines Here's the /etc/pam.d/logon file info. This must be working because of the dual authentication when logging in at the terminal. In fact if you open a new terminal sessions and log in there, the primary [F1] screen will show pam_winbind[451]: user 'root' granted access. Further, when attempting to log on with an ADS account, although the log in fails, pam_winbind grants access. Here's the file info: # # $FreeBSD: src/etc/pam.d/login,v 1.16 2003/06/14 12:35:05 des Exp $ # # PAM configuration for the login service # # auth authrequiredpam_nologin.so no_warn authsufficient pam_self.so no_warn authinclude system authsufficient /usr/local/lib/pam_winbind.so # account account requisite pam_securetty.so account include system account sufficient /usr/local/lib/pam_winbind.so # session session include system # password passwordinclude system account sufficient pam_winbind.so and auth sufficient pam_winbind.so this drops the need for the local posix-account. -And for the auth modify the line with pam_unix.so to read like auth required pam_unix.so use_first_pass nullok this gets you rid of the second password-prompt. hope it helps. Christoph Tom Skeren schrieb: Jeremy Allison wrote: On Mon, Dec 06, 2004 at 02:29:29PM -0800, Tom Skeren wrote: I'm about ready to smash my head through a wall...I could use a few answers. 1. When using security = ads, and completing net ads join, it was my understanding that samba authenticated username/pword against ads, and local posix accounts were nolonger needed, is this true? Yes, so long as you have nsswitch and pam set up correctly. It sounds like you don't. Well, I've followed every how to that I can find. I have some strangeness. When I log into the unix terminal I have to supply 2 root passwords...the posix one and the one for root in ADS (they're different)to login. The same for a user with both posix and ADS accounts. Non posix account users cannot login with an ADS account to the terminal. Depending on changes to the smb.conf file I get wild results with winbindd. One config gives users and groups with a wbinfo -u/g command. Others error out with differing reasons for the errors. I'm really not sure where the error is...it should be working, but it is not. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ADS Authentication
Jeremy Allison wrote: On Mon, Dec 06, 2004 at 02:29:29PM -0800, Tom Skeren wrote: I'm about ready to smash my head through a wall...I could use a few answers. 1. When using security = ads, and completing net ads join, it was my understanding that samba authenticated username/pword against ads, and local posix accounts were nolonger needed, is this true? Yes, so long as you have nsswitch and pam set up correctly. It sounds like you don't. Pam appears to be setup correctly. At this time winbindd.log has this: [2004/12/07 09:49:16, 1] libsmb/clikrb5.c:ads_krb5_mk_req(313) krb5_cc_get_principal failed (No such file or directory) Which seems to be a kerberos problem. However, kinit is working properly. Also ldapsearch -Y GSSAPI works, and adds additional kerberos tickets, so that I find it difficult to believe it's a kerberos problem. I have a feeling it's a smb.conf problem, but I cannot locate it. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ADS Authentication
Jeremy Allison wrote: It was an smb.conf issue. Authentication against ADS is now functioning. Now it's time to wrestle with ACLs. Thanks for the help. TMS III On Mon, Dec 06, 2004 at 02:29:29PM -0800, Tom Skeren wrote: I'm about ready to smash my head through a wall...I could use a few answers. 1. When using security = ads, and completing net ads join, it was my understanding that samba authenticated username/pword against ads, and local posix accounts were nolonger needed, is this true? Yes, so long as you have nsswitch and pam set up correctly. It sounds like you don't. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] ADS Authentication
I'm about ready to smash my head through a wall...I could use a few answers. 1. When using security = ads, and completing net ads join, it was my understanding that samba authenticated username/pword against ads, and local posix accounts were nolonger needed, is this true? 2. If yes, I have not been able to get it to work. If I have a posix user account with the same name as one in ADS, even if pwords are different, I can log on to the samba server. If no identical posix/ADS account exists on the samba server, then I cannot connect. Any ideas as to where to look would be very helpful, as I am at a complete as to what to do at this point. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ADS Authentication
Jeremy Allison wrote: On Mon, Dec 06, 2004 at 02:29:29PM -0800, Tom Skeren wrote: I'm about ready to smash my head through a wall...I could use a few answers. 1. When using security = ads, and completing net ads join, it was my understanding that samba authenticated username/pword against ads, and local posix accounts were nolonger needed, is this true? Yes, so long as you have nsswitch and pam set up correctly. It sounds like you don't. Well, I've followed every how to that I can find. I have some strangeness. When I log into the unix terminal I have to supply 2 root passwords...the posix one and the one for root in ADS (they're different)to login. The same for a user with both posix and ADS accounts. Non posix account users cannot login with an ADS account to the terminal. Depending on changes to the smb.conf file I get wild results with winbindd. One config gives users and groups with a wbinfo -u/g command. Others error out with differing reasons for the errors. I'm really not sure where the error is...it should be working, but it is not. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] authentication against win2k3 server
Carissa Srugis wrote: I've been trying to setup Samba to authenticate users against accounts existing on a Windows 2003 Server without any backwards capability. Ideally, this needs to be done without any changes to the Windows 2003 Server. Users will not be logging into the Samba shares at all. This is merely for authentication. OK, well, try getting a kerberos ticket first. kinit [EMAIL PROTECTED] If you get a valid ticket, you can just do net ads join -U Administrator, no need for pw. If no kerberos ticket, then you've got a krb5.conf issue. Heimdal requires these lines: default_etypes = des-cbc-crc des-cbc-md5 default_etypes_des = des-cbc-crc des-cbc-md5 You also might need to have the w2k3 generate a keytab for you. If so you need this line as well. default_keytab-name = FILE:/etc/krb5.keytab I'm running FreeBSD 4.10-Relase #4 with Samba 3.0.8. This is my smb.conf file: [global] realm = WIN2K3.DOMAIN.LOCAL security = ads auth methods = winbind winbind separator = + encrypt passwords = yes workgroup = DOMAIN.LOCAL netbios name = FREEBSD_Machine winbind uid = 1-2 winbind gid = 1-2 winbind enum users = yes winbind enum groups = yes idmap uid = 1-2 idmap gid = 1-2 password server = WIN2K3.DOMAIN.LOCAL So once winbindd is running, I type the following and get these results: freebsd_machine# net ads join member -I 192.168.0.1 -U administrator administrator's password: *password* [2004/11/16 14:27:06, 0] libsmb/nmblib.c:send_udp(793) Packet send failed to 127.255.255.255(137) ERRNO=Permission denied [2004/11/16 14:27:07, 0] libsmb/nmblib.c:send_udp(793) Packet send failed to 127.255.255.255(137) ERRNO=Permission denied [2004/11/16 14:27:07, 0] utils/net_ads.c:ads_startup(186) ads_connect: Permission denied In the winbindd log I've also gotten the following error messages at one point or another: Could not fetch sid for our domain WIN2K3.DOMAIN.LOCAL Packet send failed to 127.255.255.255(137) ERRNO=Permission denied ads_connect for domain WIN2K3.DOMAIN.LOCAL failed: Permission denied get_trust_pw: could not fetch trust account password for my domain DOMAIN.LOCAL The odd part is when I try to use wbinfo to verify connections. If I type wbinfo -g it will display the correct group listing from the win2k3 server. But nothing else seems to work: freebsd_machine# wbinfo -t checking the trust secret via RPC calls failed error code was NT_STATUS_INTERNAL_ERROR (0xc0e5) Could not check secret freebsd_machine# wbinfo -u Error looking up domain users freebsd_machine# wbinfo --domain-info=DOMAIN.LOCAL Name : WIN2K3.DOMAIN.LOCAL Alt_Name : DOMAIN.LOCAL SID : S-0-0 Active Directory : No Native: No Primary : Yes Sequence : -1 I'm obviously missing something, but I am at a loss. Any help is greatly appreciated! Carissa Srugis -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Major Samba Battle
Brian Witowski wrote: I've been here before but I'm still battling with getting Samba to work right with my XP Pro clients. In a nutshell, when I try to access a share, it asks for a username and password. I enter a username and password and it simply goes right back to the prompt, asking again. This is when it's set up as a domain controller. This is a problem I have had. Try mapping witn \\ip-addy\share-name. If it works, then I think that it's a dns thing, i.e., the W2K machine doesnot have the netbios name of the samba machine in DNS. You might also try making nmbd a master browser for netbios, then put option netbios-name-servers [samba-ip-addy] and see if that helps. I suspect a proper DNS entry on the W2K server would solve the problem however. TMS III I should note: I CAN join the domain. I DO have my workstations added as machines. My [homes] mapping works fine. After I log in, I can access my H: drive (homes). I have added Unix users and passwords to Samba I've tried disabling Shorewall But that's about the only thing that works. Ethereal is showing errors such as: NTLMSSP_CHALLENGE, Error: STATUS_MORE_PROCESSING_REQUIRED and Tree Connect AndX Request, Path :\\SERVER\DOWNLOADS then Tree Connect AndX Response, Error: STATUS_BAD_NETWORK_NAME. Im at my wits end. I've been fighting with this for 3 weeks and not making any progress. PLEASE, give me a push in the right direction. Brian -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Win2003 ADS member server - almost working, ideas?
BSD Samba wrote: I am attempting to install a Samba-3.0.0,1 on FreeBSD 5.2.1-RELEASE server I'm running 3.0.7 on 5.2.1 and not able to reproduce the problem. Maybe try 3.0.7. to an existing Windows 2003 Server Active Directory Domain. I've followed Chapter 6 of the HOWTO man to get as far as I have. #kinit gooduser --successfully gets a kerberos ticket #wbinfo --authenticate=gooduser%goodpassword -- successfully authenticates all user accounts (that I've tested) #wbinfo -u yields Error geting Domain Users #wbinfo -g yields Error geting Domain Groups and any user accounts I newly create in AD since joining the Samba3 server as a Domain member are successfully able to authenticate and access the Samba3 server. However, pre-existing AD users are not able to access the Samba3 server. These accounts get an error NT_STATUS_LOGON_FAILURE. I noted some mention in various places of a quirk requiring the changing of domain passwords to allow something to work - which I've tried to no avail. New AD accounts work fine, pre-existing accounts don't. Any ideas on how to troubleshoot or fix this quirk would be greatly appreciated. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Puzzle -- Logon/Login from Windows XP
Top post oh well... Make Samba a PDC join the XP workstations and use roaming profiles. [EMAIL PROTECTED] wrote: I hope somebody can help me with this. I posed this question a week ago and got several well-meaning answers that were not very helpful. I have 10 Windows XP workstations and 100 users. Each of the 100 users has an account on my Samba server (running Samba 3.03 on Mandrake Linux 10). Each user has several shares on the Samba server which are unique to that user. In other words, only THAT user can access his/her shares, and THAT user has read/write priviledges for those shares. BTW, I define each user's shares by listings in smb.username.conf files and the include=smb.%U.conf option (I may have that backwards it may be username.smb.conf and include=%U.smb.conf, I have it right on my server.) The problem is, I need each of my 100 users to be able to logon to the Samba server (with READ/WRITE access to their own shares) from any of the 10 Windows XP workstations. It's not a problem if the user has an account on the XP machine that matches the username and password on the Linux Samba server. But users don't have their own machines and it's impractical to create 100 user accounts on EACH Windows XP workstation. Especially when the list of users changes every few months. So my question is, how can those 100 users logon to the Samba server from ANY workstation without having an account on the Windows XP workstation that matches their username/password on the Samba server? I have a clumsy workaround right now, but I need something better. This is what I can do now: -- I have a Samba share that is accessible to everyone. -- In Windows XP, if I map network drive on that share and select connect using different username, I get an opportunity to enter the username and password for the specific user. -- Once the Windows XP machine connects to the Samba server, the Samba server knows who the user is and displays a list of the user's own unique shares -- which can then be mapped as well. The thing that's awkward about this technique, however, is that I'm having to map a public share JUST to communicate to the Samba server the username and password. Isn't there a way to get the Samba server to ask for a username and password when the user clicks on the name of the Samba server in Explorer? That's what happens when I click on the name of a Windows XP machine (XP Machine 1) from another Windows XP machine (XP Machine 2) when I'm logged on to Machine 2 with a username and password that does not match an account on XP Machine 1. I get a dialog box asking for a username and password. If I enter a username that has an account on the first machine -- and the matching password -- I connect and get read/write access to all shared drives and folders. I want to get the same dialog box when I click on the Linux Samba server. But how? Thanks in advance for the help. Regards, Andy Liebman -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Roaming Profiles:Samba PDC:WinXP:User must be local admin
Igor Belyi wrote: Zach wrote: To clear it up: Domain: CIVILIZATION samba PDC: BABYLON Win XP client: TROY Domain user: Zach Local user: local_user If CILIVLIZATION\Zach is added to TROY\Administrators, then no problem. If CILIVLIZATION\Zach is removed from TROY\Administrators, then profile doesn't load properly, even if CILIVLIZATION\Zach is a member of TROY\Power Users or TROY\Users, etc. (This applies to other domain users as well, not just Zach). Further, when TROY\local_user, logs on to TROY, then no problem, regardless of group membership. Just to give you some hope - I don't have this problem. I have users which belong _only_ to Domain Users group and they have WinXP Theme loaded without a problem. BTW, did you move those profiles from local profiles or other Domains or were they created when users first login into Domain? ACLs and ownership on files in the Roaming profiles are stored in NTUSER.DAT file which is a representation of user registry. To properly copy User Profiles you would need to use Window's System Properties/Advanced/User Profiles. Well, I've been having the same probs too, and hadn't thought about this. That gives me lots of food for thought. Thanks Igor. TMS III Igor -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] net groupmap failures
OK all, really going nuts here. wbinfo -u/-g works, pulls up the W2k users/groups. Net ads join works just fine. Created the krb5.keytab file on the w2k machine and kutil copy this to /etc/krb5.keytab. kinit administrator works fine. However, all net groupmap commands fail. Here's an example: fskkweb# net groupmap add unixgroup=admin ntgroup=Domain Admins No rid or sid specified, choosing algorithmic mapping [2004/09/29 08:42:46, 0] lib/smbldap.c:smbldap_open_connection(623) Failed to issue the StartTLS instruction: Decoding error [2004/09/29 08:42:47, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1873) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: 20D6: SvcErr: DSID-03100684, problem 5012 (DIR_ERROR), data 0 (Operations error) Snip-error burps out for quite a number of lines [2004/09/29 08:42:47, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1873) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: 20D6: SvcErr: DSID-03100684, problem 5012 (DIR_ERROR), data 0 (Operations error) adding entry for group Domain Admins failed! fskkweb# I'm assuming there is some problem with openldap client. ldapsearch burps out this: fskkweb# ldapsearch -v -D CN=Administrator,CN=Users,DC=fsklaw,DC=net ldap_initialize( DEFAULT ) ldap_bind: Invalid credentials (49) additional info: 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 52e, v893 Any body have any clues...I would love to get this working. If you need smb.conf, krb5.conf, nsswitch files etc. please ask. TMS III -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming Profiles:Samba PDC:WinXP:User must be local admin
Zach wrote: We just experimented with this here at work. As administrator we manually deleted the profile of a user at replaced it with a manual copy of another user's profile, and the problem was reproduced exactly. When we subsquently deleted NTUSER.DAT and logged in again, NTUSER.DAT was rebuilt using the default profile and the profile loaded properly. Evidently the SID recorded in NTUSER.DAT has to match the user's sid or it won't load properly. Good news Zach. I'm off to the office to give it a go myself. Should give a preliminary response by noon PST. Cheers, TMS III Now to find out how to repair/rebuild/migrate NTUSER.DAT without losing the user's sid without losing the customizations. Although this has turned out to not really be a Samba problem, I'll post what I find out since this seems to affect several users on the list. Thanks Zach On Wed, 29 Sep 2004 10:00:47 -0700, Craig White [EMAIL PROTECTED] wrote: On Tue, 2004-09-28 at 11:18, Stefan Wegner wrote: Craig White schrieb: The 'homes' share should be differentiated from the 'profiles' share if you desire to have expected behavior. Whether this is an absolute requirement or not, I have no idea but I do know that I don't have a problem with roaming profiles and haven't since 2.2.x and it still works on 3.0.x Doesn't make any difference: profile acls = yes in homes is the same behaviour asin profiles as long as profiles are located under homes. The prob is still the same: user with local adm-rights = complete profile user with User- or Poweruser- rights = reduced profile (background and other settings) Can you switch the local Rights of your Users from User to Admin and then go back to User without loss in the profile ? I have done that but only once. My users are all NOT local admins or power users - they are pretty much unprivileged beyond the local Users. Either way (or even switching to and from local Administrator group) caused no problem with loading the profile. On the samba server(s) - my privileges are different for the homes and profiles directories. my users homes are in... drwxr-xr-x 40 root root 4096 Sep 8 10:50 users and a sample users directory... drwx-- 19 craigusers-all 4096 Aug 29 17:31 craig whereas the profiles... drwxrwsr-x 21 Administrator Domain Users 4096 Sep 9 08:53 profiles and a sample profile directory drwxr-xr-x 13 test Domain Users 4096 Jan 26 2004 test This has not been a problem for me. Craig -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming Profiles:Samba PDC:WinXP:User must be local admin
sith lord wrote: I'm having a problem with Roaming profiles in Windows XP with Samba as PDC. I've googled and trolled the mailing lists and read the Samba documentation. Problem: User logs onto domain from WinXP client and profile is downloaded (you can tell because it takes a long time and lights on hub are lit up). However, unless that user is in the admin group locally, all/some of the profile isn't loaded. eg, Desktop wallpaper, WinXP theme, start menu settings, etc. are not loaded. No error is given. No cached or default profile is loaded. If user is added to local admin group before-hand. everything is O.K. If user is subsequently removed from admin group, problem happens again at next login. I have EXACTLY the same problem TMS III What I've tried: Upgrade Samba from 2.2 to 3 (currently 3.0.7). Set the Check ownership of profile option to disabled on WinXP client local policy (grpedit.msc) Check ownership and permissisions on the samba server (though these still might not be set properly). System configuration: Server: RH9 (all packages updated) Samba 3.0.7 (from rpm) (problem happened with 2.2 as well) I would post smb.conf, but I don't have it right now. I can post it later, though. Clients: WinXP Pro SP2 (problem happened with pre sp1, sp1a as well). I'm not sure if this is an issue with on the samba/linux end or the win xp client end. The same problem happens on both of my win xp clients. If it is on the samba end, I'm wondering if it's related to ownership/permissions not being quite right. It is as if being admin on the local box allows you to override whatever the problem is. Any help is appreciated. I'll post more info along with smb.conf if anyone wants to see it. _ Check out Election 2004 for up-to-date election news, plus voter tools and more! http://special.msn.com/msn/election2004.armx -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming Profiles:Samba PDC:WinXP:User must be local admin
Snip Then for security on the XP machines, disable bypass traverse checking on each client. http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/528.mspx There does not appear to be a disable setting. You can add and remove users and groups. I don't think you can delete the key either. Cheers TMS III Am I missing anything? Zach [EMAIL PROTECTED] (previously [EMAIL PROTECTED]) On Tue, 28 Sep 2004 20:36:02 +0600 (YEKST), Ilia Chipitsine [EMAIL PROTECTED] wrote: maybe You guys need to read man smb.conf and search profile acls there. sith lord wrote: I'm having a problem with Roaming profiles in Windows XP with Samba as PDC. I've googled and trolled the mailing lists and read the Samba documentation. Problem: User logs onto domain from WinXP client and profile is downloaded (you can tell because it takes a long time and lights on hub are lit up). However, unless that user is in the admin group locally, all/some of the profile isn't loaded. eg, Desktop wallpaper, WinXP theme, start menu settings, etc. are not loaded. No error is given. No cached or default profile is loaded. If user is added to local admin group before-hand. everything is O.K. If user is subsequently removed from admin group, problem happens again at next login. I have EXACTLY the same problem TMS III What I've tried: Upgrade Samba from 2.2 to 3 (currently 3.0.7). Set the Check ownership of profile option to disabled on WinXP client local policy (grpedit.msc) Check ownership and permissisions on the samba server (though these still might not be set properly). System configuration: Server: RH9 (all packages updated) Samba 3.0.7 (from rpm) (problem happened with 2.2 as well) I would post smb.conf, but I don't have it right now. I can post it later, though. Clients: WinXP Pro SP2 (problem happened with pre sp1, sp1a as well). I'm not sure if this is an issue with on the samba/linux end or the win xp client end. The same problem happens on both of my win xp clients. If it is on the samba end, I'm wondering if it's related to ownership/permissions not being quite right. It is as if being admin on the local box allows you to override whatever the problem is. Any help is appreciated. I'll post more info along with smb.conf if anyone wants to see it. _ Check out Election 2004 for up-to-date election news, plus voter tools and more! http://special.msn.com/msn/election2004.armx -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming Profiles:Samba PDC:WinXP:User must be local admin
Zach wrote: I'll have to check it later today (i'm on RH9 at work). I'm guessing the man page means to remove the undesired user/group. Not having looked at it, I'm guessing that leaving only the Administrators is appropriate. I'll know more once I mess around with it this afternoon. Well the group everyone is in there. So it shouldn't be an issue. I'm going to add the group fskk to it, which is the group I created for the users-see if that helps. Tom, have you had a chance to implement profile acls = yes in your smb.conf? Did it work? Added the line in smb.conf, but I'm not at that office today, so I will travel there tomorrow and do some testing. Keep me posted. Thanks zach - Original Message - From: Tom Skeren [EMAIL PROTECTED] Date: Tue, 28 Sep 2004 08:59:21 -0700 Subject: Re: [Samba] Roaming Profiles:Samba PDC:WinXP:User must be local admin Snip Then for security on the XP machines, disable bypass traverse checking on each client. http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/528.mspx There does not appear to be a disable setting. You can add and remove users and groups. I don't think you can delete the key either. Cheers TMS III -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming Profiles:Samba PDC:WinXP:User must be local admin
Craig White wrote: On Tue, 2004-09-28 at 09:40, Stefan Wegner wrote: Tom Skeren schrieb: ... I have EXACTLY the same problem with Samba 3.0.7 and W2K SP4: Entering the Domain wit Admin-rights everything is fine (complete local settings, etc.) As soon as i make this User a (local)User or Poweruser, i get a reduced profile from the server although i still have profile acls = yes in my homes section (where the profiles are stored) Does this has to be under the section profiles ? You are not alone and i'm very interested to get a solution as well, cause i don't want to have Admin rights all the time. Anyone has got the trick ? The 'homes' share should be differentiated from the 'profiles' share if you desire to have expected behavior. Yep, I have a seperate share called [Profiles] in smb.conf. Whether this is an absolute requirement or not, I have no idea but I do know that I don't have a problem with roaming profiles and haven't since 2.2.x and it still works on 3.0.x Craig -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Can join domain, can't login -- LDAP PDC
Igor Belyi wrote: Chris St. Pierre wrote: The system cannot log you on to this domain because the system's computer account in its primary domain is missing or the password on that account is incorrect. I suspected that neither of these were the case, as I created the account with idealx's smbldap-tools, so I checked through the slapd logs after a login attempt and, strangely, Samba was never even querying the LDAP server. I checked the Samba logs, and here's what I get whenever I try to login: This is the usual simptom of nscd at work. I keep reading that this is the problem. However, FBSD has no daemon called nscd. It is simply, for me, not possible that this is the problem. It caches negative and positive answers and when Samba makes NSS requests it get it from nscd which doesn't bother to go into LDAP. I would suggest to turn nscd off untill you have all your machines and users in LDAP. Igor -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] invisible server
May be due to no guest account. From Samba 3 by Example:
Network browsing involves SMB broadcast announcements, SMB enumeration
requests, connections to the IPC$ share, share enumerations, and SMB
connection setup processes. The use of anonymous connections to a Samba
server involve the use of the /guest account/ that must map to a valid
UNIX UID.
Luca Ferrari wrote:
Hi,
I've got a few samba server in my network, but one of them is invisible. I
cannot do a nmblookup on it (even from the server itself), but I cannot
telnet the port 137, thus it should not be a problem of firewall. From
windows xp machines, I can connect specifying the IP address, while from
win98 machines I cannot (I got an error like network name does not exist).
The following is the smb.conf file, I'm running samba 2.2.7:
global]
os level = 33
time server = Yes
unix extensions = Yes
encrypt passwords = Yes
log level = 5
syslog = 5
printing = CUPS
printcap name = CUPS
socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
wins support = No
veto files = /*.eml/*.nws/riched20.dll/*.{*}/
security = user
workgroup = G2OR
server string = Mammuth
netbios name = mammuth
[project]
comment = Cartella PROJECT/ufficio MK via SMB - Mammuth
path = /mnt/data/uff_mk/PROJECT
browsable = yes
writable = yes
printable = no
valid users = +ufficioMK +cam
I've tried with the remote announce and master browser options, but it still
not works. Any idea?
Luca
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbindd on FreeBSD 4.10 Help
Elijah Savage wrote: All, First off I would like to say the book The Official Samba-3 HowTO and Reference Guide is awesome I purchased it off Amazon a couple of weeks ago. Ok now on to my problem. I have samba installed and configured and joined the domain no problem. When I run wbinfo -u I can see my domain users, when I run wbinfo -g I can see all my domain groups, BUT if I run /usr/compat/linux/usr/bin/getent passwd I only see a mirror of my Try compiling from source, then you don't need to use the linux compatible binaries. You can get it at http://www.domtools.com/unix/getent.shtml /etc/passwd and do no see the domain users. Winbind Setup in smb.conf idmap uid = 1-2 idmap gid = 1-2 winbind separator = + winbind use default domain = Yes -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Network Drives Dropping Out
Christoph Scheeder wrote: Hi, yes, we have seen this before. It seems not to be a samba issue, as one of our customers has had this symptoms in an winnt-only domain and they still persist after an upgrade of the DC to win2k. We have searched the complete network for problems, but couldn't find anything. running out of CAL's isn't the problem, and all the switches have been replaced. I even have the red-crosses some times in my two-computer-home-network, but every time i double click the crossed-out share i can access it without problems. It's not reproducible, nor does anything show up in the logs of samba. Not much help, i know. But you are not the only one facing this effect. Christoph Ditto herecan't seem to lock it down. [EMAIL PROTECTED] schrieb: Hi All, I am looking after a site that is running redhat 7.2 and Samba 3.0.2a-1. There is a mixture of Windows 98 and Windows XP clients on the network. Recently the Windows XP clients have been having problems with mapped network drives. The drives map fine but certain times during the day users get access denied error messages when accessing the drives. This lasts for a few minutes and without having to touch anything they are back working normally. Sometimes the drives in XP also come up with red 'x' next to them. Has anyone seen this before? Cheers -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind AD-LDAP errors
Anybody have a clue to this error: fskkweb# net groupmap add unixgroup=admin ntgroup=Administrators No rid or sid specified, choosing algorithmic mapping [2004/09/16 08:10:15, 0] lib/smbldap.c:smbldap_open_connection(545) ldap_initialize: Compare False [2004/09/16 08:10:16, 0] lib/smbldap.c:smbldap_open_connection(545) ldap_initialize: Compare False [2004/09/16 08:10:17, 0] lib/smbldap.c:smbldap_open_connection(545) ldap_initialize: Compare False [2004/09/16 08:10:18, 0] lib/smbldap.c:smbldap_open_connection(545) ldap_initialize: Compare False [2004/09/16 08:10:19, 0] lib/smbldap.c:smbldap_open_connection(545) ldap_initialize: Compare False [2004/09/16 08:10:20, 0] lib/smbldap.c:smbldap_open_connection(545) ldap_initialize: Compare False [2004/09/16 08:10:21, 0] lib/smbldap.c:smbldap_open_connection(545) ldap_initialize: Compare False [2004/09/16 08:10:22, 0] lib/smbldap.c:smbldap_open_connection(545) ldap_initialize: Compare False -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] (no subject)
It's a mount command. On FBSD it's mount_smbfs //[EMAIL PROTECTED]/share /(some local directory path) Gerald Hughes wrote: Samba, Is if possible to connect to a C drive on a windows machine from a Unix machine using SAMBA? We can go the other way but have a problem from Windows to Unix. Any Examples out there? jerry Gerald C. Hughes GEO/Graphic, Inc. 90 West Center Street Logan, UT 84321 ph:435.753-5429 This mail sent through Valley InfiNet Webmail: http://webmail.mtwest.net/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Login Script won't load if XP user is not local admin.
It's a simple .bat file on the samba server. It's contents are all of: net use z: \\server\share However roving profiles won't load, and neither will the login bat file, unless user is a local admin account on the XP Pro box. Samba 3.0.5. Anyone have any ideas? TMS III -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NTFS-type directory permissions
Michael Flatley wrote: Yes ACL's I apologize if this is an easy question. I am a samba newbie and the answer was not really clear to me from reading chpt 12 of the documentation. We recently moved from a Windows 2000 file server to a Samba(3.0.4) file server running on Solaris. We have about 20 top-level directories with lots of subdirectories. Right now, we have the security setup so that people can only get to the top-level directories that they should have access to. This is ok for now, but at some point we would like to get back to the way it was under NT. We have not figured out a way to control the permissions underneath these top-level directories. For example: The user is mapped to a single share that contains all of the folders (can't be more than one share since users need to access the folders from windows using the same drive letter). That share contains: Admin Helpdesk Finance HR etc. The particular user only has access to the HR directory which contains: Paychecks Personnel List etc. Now, this user should only have read access to List, no access to Personnel, and write access to Paychecks. In our current setup, he has write access to all these folders because they are only controlled by the top-level, HR, which has the Unix permissions: rwxrwx--- root hr (the user is a member of hr) Is there a way that we can have more control over the directories and files? Can someone give me some example configurations or point me to a past post or something? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NTFS-type directory permissions
[EMAIL PROTECTED] wrote: You have just, but the kernel and FS used for store data must using ACL... It's just patch kernel (if kernel 2.4.x) for ACL support Oh yeah forgot that. If you've got FreeBSD 5.x it's in the default kernel. http://acl.bestbits.at and use a FS which have this possibility : - ext3 - ReiserFS - JFS - XFS Stéphane --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 Hi, I think if you choose to compile samba with the acl flag then you will have the complex access control desired. When you do a ./configure --help ... the options will be there but I think the option for acl support is --with-acl-support or something like that. Both my samba book and a unix terminal are not available to me now. Bri- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Winbindd can't find ldap server
Winbindd is erroring out with can't find ldap server. LDAP is ADS W2K, the samba server is 3.0.5 and net join ads succeded. I have idmap_backend = ldap:ldap://ldap.mydomain.com. What am I missing. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Winbindd - ADS errors
Have a Samba 3.0.5 joined to W2K ADS. Getting very slow logon responses due to winbindd problem. smb.conf and snip of winbindd errors follows. Any help would be appreciated. smb.conf: workgroup = FSK realm = FSKLAW.NET netbios name = FSKKLAW server string = FSKKLAW interfaces = security = ADS obey pam restrictions = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*al l*authentication*tokens*updated*successfully* unix password sync = Yes log file = /var/log/samba/%m.log max log size = 0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 os level = 33 preferred master = No default keytab name = FILE:/etc/krb5.keytab local master = No domain master = No wins server = 192.168.62.1 remote announce = 192.168.61.1 192.168.62.1 remote browse sync = 192.168.61.1 192.168.62.1 ldap server = ldap://ldap.fsklaw.net ldap admin dn = tms3 ldap port = 389 idmap backend = ldap:ldap://ldap.fsklaw.net idmap uid = 1-2 idmap gid = 1-2 template homedir = /usr/templates/%D/%U template shell = /bin/ssh winbind errors: [2004/09/03 10:50:17, 0] passdb/pdb_ldap.c:ldapsam_setsamgrent(2239) ldapsam_setsamgrent: LDAP search failed: Can't contact LDAP server [2004/09/03 10:50:17, 0] passdb/pdb_ldap.c:ldapsam_enum_group_mapping(2304) ldapsam_enum_group_mapping: Unable to open passdb [2004/09/03 10:50:17, 1] lib/smbldap.c:smbldap_retry_open(909) Connection to LDAP Server failed for the 1 try! [2004/09/03 10:50:17, 1] lib/smbldap.c:smbldap_retry_open(909) Connection to LDAP Server failed for the 2 try! [2004/09/03 10:50:18, 1] lib/smbldap.c:smbldap_retry_open(909) Connection to LDAP Server failed for the 3 try! [2004/09/03 10:50:19, 1] lib/smbldap.c:smbldap_retry_open(909) Connection to LDAP Server failed for the 4 try! [2004/09/03 10:50:21, 1] lib/smbldap.c:smbldap_retry_open(909) Connection to LDAP Server failed for the 5 try! [2004/09/03 10:50:23, 1] lib/smbldap.c:smbldap_retry_open(909) Connection to LDAP Server failed for the 6 try! [2004/09/03 10:50:25, 1] lib/smbldap.c:smbldap_retry_open(909) Connection to LDAP Server failed for the 7 try! [2004/09/03 10:50:29, 1] lib/smbldap.c:smbldap_retry_open(909) Connection to LDAP Server failed for the 8 try! [2004/09/03 10:50:29, 0] lib/smbldap.c:smbldap_search(971) smbldap_search: LDAP server is down! [2004/09/03 10:50:29, 0] passdb/pdb_ldap.c:ldapsam_setsamgrent(2239) ldapsam_setsamgrent: LDAP search failed: Can't contact LDAP server [2004/09/03 10:50:29, 0] passdb/pdb_ldap.c:ldapsam_enum_group_mapping(2304) ldapsam_enum_group_mapping: Unable to open passdb -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbindd can't find ldap server
eric roseme wrote: Are you actually storing your mappings on the ADS (instead of default tdb). If so, I am interested to see your ADS schema modifications. I have been wondering if anyone has tried that yet. Nope, pretty much a default setup. Otherwise, with security = ads, you do not need the idmap parm, it stores the mappings in the winbindd_idmap.tdb (or the cache). PS - I think it's idmap backend, not idmap_backend. Give it a shot, but testparm didn't burp up any errors Eric Roseme Hewlett-Packard Tom Skeren wrote: Winbindd is erroring out with can't find ldap server. LDAP is ADS W2K, the samba server is 3.0.5 and net join ads succeded. I have idmap_backend = ldap:ldap://ldap.mydomain.com. What am I missing. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Mapped drive problems XP
Using 3.0.5 as PDC. Domain functions, machines get added, accounts set up with roving profiles. However, every log on the network drives are dropped, and have to be redone manually. Is there any fix for this? Is this normal behavior? TMS III -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] XP Problems adding machines on the fly
Having trouble with the add machine script. Followed the chapter 6 how-to, but, it fails. Checking log file for the machine after error-RPC call failed on XP box, I find a 101MB log file filled with -error must provide name- something to that effect. Any help would be appreciated. smb.conf follows. [global] workgroup = FSK netbios name = Camarillo server string = Camarillo hosts allow = passdb backend = tdbsam # guest account = pcguest log file = /usr/log/samba/%m.log max log size = 50 security = user encrypt passwords = yes write raw = yes strict allocate = No getwd cache = yes write cache size = 262144 interfaces = local master = yes enhanced browsing = yes os level = 33 preferred master = yes domain master = yes preferred master = yes domain logons = yes obey pam restrictions = yes add machine script = /usr/sbin/adduser -d /dev/null -g 100 \ -s /bin/false -M %u idmap uid = 1-2 idmap gid = 1-2 logon path = \\camarillo\Profiles\%U wins support = yes lm announce = auto lm interval = 5 dns proxy = yes -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Hi All-ADS_Groupmap probs
Back again to working out ADS groupmapping. Environment WK2 server, FreeBSD 5.2.1 with Samba 3.0.6. Net ads join works. Lildude is in ADS computer CN. Now, when doing: net groupmap add unixgroup=admin ntgroup=Administrators I get the following. lildude# net groupmap add unixgroup=admin ntgroup=Administrators [2004/08/26 09:28:19, 0] param/loadparm.c:map_parameter(2449) Unknown parameter encountered: default_keytab_name [2004/08/26 09:28:19, 0] param/loadparm.c:lp_do_parameter(3139) Ignoring unknown parameter default_keytab_name No rid or sid specified, choosing algorithmic mapping [2004/08/26 09:28:19, 0] lib/smbldap.c:smbldap_connect_system(796) failed to bind to server with dn= Error: Can't contact LDAP server (unknown) [2004/08/26 09:28:35, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1873) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (unknown) (Timed out) [2004/08/26 09:28:51, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1873) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (unknown) (Timed out) [2004/08/26 09:29:07, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1873) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (unknown) (Timed out) [2004/08/26 09:29:23, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1873) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (unknown) (Timed out) ^C lildude# I'm either missing/misconfigured a conf file or missing something else. Any pointers would be appreciated. Thanks in advance TMS III -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Net groupmap fails
Samba 3.0.6 installed. Net join ads worked perfectly. Net groupmap add fails as follows: lildude# net groupmap add unixgroup=admin ntgroup=Administrators [2004/08/26 09:28:19, 0] param/loadparm.c:map_parameter(2449) Unknown parameter encountered: default_keytab_name [2004/08/26 09:28:19, 0] param/loadparm.c:lp_do_parameter(3139) Ignoring unknown parameter default_keytab_name No rid or sid specified, choosing algorithmic mapping [2004/08/26 09:28:19, 0] lib/smbldap.c:smbldap_connect_system(796) failed to bind to server with dn= Error: Can't contact LDAP server (unknown) [2004/08/26 09:28:35, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1873) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (unknown) (Timed out) [2004/08/26 09:28:51, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1873) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (unknown) (Timed out) [2004/08/26 09:29:07, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1873) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (unknown) (Timed out) [2004/08/26 09:29:23, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1873) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (unknown) (Timed out) ^C lildude# Any pointers would be most appreciated. Thanks TMS III -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Net groupmap fails
Michael Lueck wrote: It looks like you are using LDAP as the back end... Ah my bad. W2K server. The grand WAN OpenLDAP Samba experiment gets started this weekend. Oh the joy. Just trying to iron out a few of these nagging issues before the deluge. BTW do have proper schema for the yet inert LDAP servers. just a guess (since I don't use LDAP at this time), did you get the corrected LDAP schema for 3.0.6? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can't logon to when member of ad-domain
Sandgren Eric wrote: I'm running a small Linux server with samba installed on it I want to access this server from an XP client which is a member of a ad-domain but when trying to logon XP putts in ad-domain-name\username as logon name to the samba server, how can I work around this? Map network drive using \\IPaddy\share-name. Bet it works like a charm. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Compiling Samba 3.0.6 on FreeBSD 5.2.1
Yeah I had similar headaches. First do a fressh install if feasable. If not then try to get rid of MIT Kerberos. Heimdal is default in FreeBSD and works well, just needs a bit of tweaking that MIT doesn't. My configure for ads looks like this ./configure --exec-prefix=/usr/local --localstatedir=/var --with-configdir=/usr/local/etc --with-libdir=/usr/local/lib/samba --with-piddir=/var/run --with-lockdir=/var/db/samba --with-privatedir=/usr/local/private --with-logfilebase=/var/log/samba --with-manpages-langs=en --with-libiconv=/usr/local --with-pam --with-readline --with-sendfile-support --with-libsmbclient --without-python --disable-cups --without-syslog --without-quotas --with-winbind --with-ldapsam --without-pam_smbpass --with-ads --with-krb5 --with-ldap --prefix=/usr/local i386-portbld-freebsd5.2.1 If that still doesn't work, try this little trick. Use the samba-devel port. Do a make, then make depends. Then go to 3.0.6 source and configure, make, make install. Holger Wesser wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi there, since yesterday the compiling of samba drives me mad. I'm running FreeBSD 5.2.1, installed OpenLDAP client/server and KRB5. Afterwards I got the sources for the 3.0.6-release, unpacked them and tried to configure like: ./configure --includedir=/usr/local/include/ - --with-libiconv=/usr/local/lib --with-pam --with-readline - --with-sendfile-support --without-libsmbclient --without-python - --disable-cups --with-syslog --with-quotas --with-msdfs - --with-acl-support --with-ldap --with-ads=/usr/local/lib Unfortunately the configure script aborts: configure: error: ldap.h is needed for LDAP support. I just don't know what's wrong. The header file is correctly installed under /usr/local/include, but for the system it doesn't matter. Has anybody an idea? Greetings Holger -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBKzPwO0QDuZMdP0sRAuBOAJ9p/Agpt71X3ucm+YZ2NGcBFLUwtACfUPee Cng6M7iTC7BWM166Dw4Jv2o= =DPf/ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Authenticating with ldap backend
Make sure you have the proper schema's loaded in ../etc/openldap/schema on the ldap server and that slapd.conf calls them in the right order. Also smb.conf needs this line ldap ssl = start tls. This will invoke the tls session which make ldap requests to port 389. Hastas TMS III Paul Gienger wrote: Try adding /ldap ssl = off to your smb.conf// / Brendon Standing wrote: Hi, Using samba 3.0.2, I am trying to set up my samba config to authenticate against my ldap server. However I am getting the errors: Failed to issue the StartTLS instruction: Can't contact LDAP server I believe that samba is trying to bind to port 636. This is a problem as my ldap server using port 389. Although the option exists in my config to change the ldap port : ldap port = 389, when I start samba with this option I get an error unkown option. PLease help ... -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] can't write superblock
nina wrote: Hi I have 2 servers. server 1(Fedora Core 2) shares /Shared with rwxrwx, server2(Redhat linux 9) mount to /Shared from server 1. When I did smbmount from server2, Shared is successfully mounted. I then remove /Shared Huh? What do you mean remove /Shared? and recreate /Shared from server 1, Again sorry, Huh? Please explain precisely. I started having problem from server 2. when I do mount, it still show Shared is mounted, but when I do ls -l / , it displays /Shared Input/Output error. I can't unmount /Shared after that. When I try to umount, it dislays can't write superblock. Can anybody tell me what's happening here? How can I fix it? If nothing I can do, reboot the system will umount /Shared? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] can't write superblock
Let's see, you first do this on server2 1. mkdir /Shared 2. mount_smbfs //server1/Shared /Shared 3. On server2 you rm -R /Shared. If so this is a bad thing. You have two choices here. ssh to server 1 and do that function on server1. Or cd /Shared and rm the stuff in there. You can't delete the mount point and then recreate the mount point, then remount the shared drive. nina wrote: /shared is actually the copy of one of mine folder which is updated everyday. That's why I need to remove /Shared and recreate it. rm -Rf /Shared cp -R /myDir /Shared Tom Skeren wrote: nina wrote: Hi I have 2 servers. server 1(Fedora Core 2) shares /Shared with rwxrwx, server2(Redhat linux 9) mount to /Shared from server 1. When I did smbmount from server2, Shared is successfully mounted. I then remove /Shared Huh? What do you mean remove /Shared? and recreate /Shared from server 1, Again sorry, Huh? Please explain precisely. I started having problem from server 2. when I do mount, it still show Shared is mounted, but when I do ls -l / , it displays /Shared Input/Output error. I can't unmount /Shared after that. When I try to umount, it dislays can't write superblock. Can anybody tell me what's happening here? How can I fix it? If nothing I can do, reboot the system will umount /Shared? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Template Home Dir Question
Yeah, I'm kinda wimping here, but it's Friday. In smb.conf I have this line: template homedir = /usr/templates/%D/%U template shell = /bin/ssh This samba server is a PDC. /usr/templates is o:g:w:rwx and acls are set u:m:g:o:rwx. When I attempt to log in on a freshly domain joined XP client I receive the error message: Windows cannot locate the server copy of your roaming profile and is attempting to logon to a local copy. I assume that the roaming profile is not being auto created. Is there something else I need to do in order to have that initial login generate the profile in /usr/templates/%D/%U? Do I need a login script? The samba guide while very clear and informative, does not seem to cover this. If it does, just point me to chapter and verse. Thanks in advance, TMS III -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Winbind sutff (Squid and Windows 2003)
Try net join ads -U admin (enter) provide passwd. See what happens. winbindd is a bit of a devil to get under control in my opinion. olly wrote: Hi Rivanor, I really know nothing about FreeBSD, but I have seen that error before on SuSE Linux, when I upgraded samba versions without restarting nscd. Once nscd was restarted, all the problems seemed to go away. Hope this helps Oliver Rivanor Soares [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Fellows, hello... My first post. :) The environment: Samba 3.0.5, Windows 2003 (domain controller), Squid 2.5-STABLE and FreeBSD 5.2.1. I'm facing this problem: While trying to authenticate the users inside Windows 2003 through the proxy server, using the wb_auth auth program, i can see the lines below in my log.winbindd [2004/08/09 22:28:12, 0] nsswitch/winbindd.c:process_loop(726) process_loop: Invalid request size from pid 1235: 1304 bytes sent, should be 1824 This usually means that you are running old wbinfo, pam_winbind or libnss_winbind clients I successfully joined the domain using 'net join'. I can wbinfo to list the users too. But it's not enough! :P Does anyone face this anytime? Thanks in advance! :) -- Rivanor P. Soares [web_knows] The meeting is over. Agents are coming... -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Joining a samba 3.0.5 domain with win2003 Server
Achim Unger wrote: Hallo List, I am running a samba domain as PDC with NT4 and Win2k as clients. Now I want to join this domain with a Win 2003 SERVER (for using terminal services). If I understand correctly, you have a stand alone w2k3 machine. If so and AD is not running, join the w2k3 machine to the samba PDC as a member server. The w2k3 server will authenticate off samba PDC. I just tried it the way I was trying with my clients, but no success. Google comes up with lots of information for joining an Win domain with samba, which is not what I want. So is it possible at all to join a samba domain with win3k+3 server? Maybe any links? Thanks for taking the time to read this! Achim -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] ACL
Getting ready to tighten up user land on a production server that I ws given a solid two days to set up (love those 5PM Friday By the way... conversations with the boss). Anyway, I assume that ACL's are better than permissions through smb.conf. Question is how hard is getting it dialed in with Samba? Any experiences/options/recommendations would be appreciated. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Compiling Samba 3.0.4, err w/ krb5
Greg Folkert wrote: On Thu, 2004-07-22 at 07:46, Poulson, Shawn wrote: I don't care for being patronized. I had a question, and I get this condescending reply. Thanks, but no thanks. I wasn't patronizing you. It was not condescending. It was a polite reminder to ask good questions. You think it is a simple question you asked, it is not. I could have given you the standard tirade that people asking your kind of bad questions get on the mailing lists I am on that are technical in nature, but not Windows in nature. You see, many people that have been long using Unix, Linux or *BSD, understand how to ask good questions, yet it seems from my perspective and many others that people coming or 95% of the time being in a Windows[tm] world, ask questions that are not quite as complete. Therefore when dealing with a heavy technical group such as the samba mailing list, where traceback stacks are commonly referred to or the error logs say Read the Bugs Appendix others typically known what the heck they are talking about. Please, think about including details of the system(s) you are dealing with. Then and only then can someone with the knowledge you are *ASKING FOR* can make a proper response to your problem. Being snide and asking stupid questions are not garnering you any goodwill. Thank you my dear for really hitting this idea home for me, without your ability to dig deeper, the message would not have come across as well. Now, that we are past the pleasantries, What kind of a system are you running, is it Linux, *BSD or Commercial Unix? If so, What version and possibly which Distro are you using? Have you searched for a prebuilt Binary that may fit your needs? I asked for OS info yesterday too. Had a similar problem with Hemdial on FreeBSD. Got a mile long configure line in a text file that works like a charm on clean installThat means no attempt to install MIT krb5 ;-). Willing to send it if it's a FreeB box. Please cut the pleasantries and just answer the questions. This is NOT SAP you are dealing with here, Deary. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Compiling Samba 3.0.4, err w/ krb5
Paul Gienger wrote: Greg Folkert wrote: On Wed, 2004-07-21 at 11:46, Poulson, Shawn wrote: Hello again, I'm not attempting an install of Samba 3.0.4 from source. I want to specifically compile in ads and winbindd support. Yes well, to do so you need to go into the source and ./configure..--with-ads --withwinbind --with-krb5 --with-ldap etc. Installing ldap client/server on your box isn't going to do much good vis a vis Samba. So, I already compiled and installed OpenLDAP 2.2.13. If you are not attempting to install samba from source, how are you going to get ads and winbindd support? What does OpenLDAP have to do with doing up samba for ads and winbind? I could be wrong here, but I'm pretty sure that LDAP is required for AD support since you have to do LDAP queries against the directory when you want information. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] security = ADS
Yes I've seen this behavior a LOT. I've replied to it. For some reason, the Samba when joined to ads needs to contacted for shares by IP addy. The XP shares then authenticate properly. Try \\ipaddy-samba-server\share-name. If you connect, do a netstat -an on the samba server. You'll see the XP box connected to port 445. I suspect that in an ads environment, the XP boxes default to connecting to shares on 445. I suspect smbd, or nmbd are mishandling this when netbios names are used. Rashaad S. Hyndman wrote: Hi all, I've been fighting with joining my samba server (debian) to my active directory domain for 4 days now. The problem here is that users in my active directory domain on windows machines are not able to browse my samba shares without being prompted for authentication. I can: - Join the domain from samba server using net ads - View list of tickets when brownsing window shares with klist - list window shares without being prompted with smbclient -k -L windows_servername I can NOT: - use net use * \\smb_servername\share from window based machine. (this resultes in The password or user name is invalid for \\delshare\public (delshare being my samba server name) I have no clue what to do from here. I've looked over my smb.conf file 20 times likewise my krb5.conf file Any suggestions would be greatly appreciated. I've arn out of tests. R. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] security = ADS
John H Terpstra wrote: On Thursday 22 July 2004 14:07, Tom Skeren wrote: Yes I've seen this behavior a LOT. I've replied to it. For some reason, the Samba when joined to ads needs to contacted for shares by IP addy. The XP shares then authenticate properly. No way, your ADS server is answering on port 445 - the port for netbios-less SMB. Try \\ipaddy-samba-server\share-name. If you connect, do a netstat -an on the samba server. You'll see the XP box connected to port 445. I suspect that in an ads environment, the XP boxes default to connecting to shares on 445. I suspect smbd, or nmbd are mishandling this when netbios names are used. Nope. To avoid this, in your smb.conf [globals] set: smb port = 139 Doesn't work as the XP box is the source of the problem. In the following, all the port 445 requests are from XP boxes. 1/3 of them are part of an ads domain. All the XP boxes try 445 first. However the ADS joined machines always fail to connect, unless 445 is available. PRiSM# netstat -an Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address(state) tcp4 0 48 x.199.7.138.22y.174.106.82.49787ESTABLISHED tcp4 0 0 x.199.7.138.445 z.120.237.222.1434ESTABLISHED tcp4 0 0 x.199.7.138.445 y.174.106.82.1081 ESTABLISHED tcp4 0 0 x.199.7.138.139 y.174.106.82.1027 ESTABLISHED tcp4 0 0 x.199.7.138.445 y.174.106.82.2720 ESTABLISHED tcp4 0 0 x.199.7.138.445 y.174.106.82.4095 ESTABLISHED tcp4 0 0 x.199.7.138.445 y.174.106.82.1818 ESTABLISHED tcp4 0 0 x.199.7.138.445 y.174.106.82.1906 ESTABLISHED tcp4 0 0 x.199.7.138.139 y.174.106.82.1433 ESTABLISHED tcp4 0 0 x.199.7.138.445 y.174.106.82.3v0 ESTABLISHED tcp4 0 0 x.199.7.138.445 y.174.106.82.3180 ESTABLISHED tcp4 0 0 x.199.7.138.445 z.15.79.153.1027 ESTABLISHED tcp4 0 0 x.199.7.138.445 y.174.106.82.3834 ESTABLISHED tcp4 0 0 x.199.7.138.445 y.174.106.82.1913 ESTABLISHED tcp4 0 0 x.199.7.138.445 z.120.237.222.1035ESTABLISHED tcp4 0 0 x.199.7.138.445 z.15.79.153.4435 ESTABLISHED tcp4 0 0 x.199.7.138.139 y.174.106.82.11x ESTABLISHED tcp4 0 0 x.199.7.138.445 z.15.79.153.1030 ESTABLISHED tcp4 0 0 x.199.7.138.445 z.15.79.153.3165 ESTABLISHED tcp4 0 0 x.199.7.138.445 z.15.79.153.2037 ESTABLISHED tcp4 0 0 192.1w.y.1.22192.1w.y.2.1876 ESTABLISHED tcp4 0 0 192.1w.y.1.445 192.1w.y.2.1808 ESTABLISHED tcp4 0 0 x.199.7.138.445 w.120.237.222.1070ESTABLISHED tcp4 0 0 x.199.7.138.445 w.120.237.222.1039ESTABLISHED tcp4 0 0 192.1w.y.1.49161 192.1w.0.1.139ESTABLISHED tcp4 0 0 x.199.7.138.445 v.194.126.54.1050 ESTABLISHED tcp4 0 0 x.199.7.138.445 w.120.237.222.1037ESTABLISHED tcp4 0 0 x.199.7.138.445 v.194.126.54.42y ESTABLISHED tcp4 0 0 x.199.7.138.445 v.194.126.54.2752 ESTABLISHED tcp4 0 0 x.199.7.138.139 y.174.106.82.55888ESTABLISHED tcp4 0 0 x.199.7.138.139 y.174.106.82.55887ESTABLISHED tcp4 0 0 x.199.7.138.139 y.174.106.82.55886ESTABLISHED tcp4 0 0 x.199.7.138.445 v.194.126.54.4272 ESTABLISHED tcp4 0 0 x.199.7.138.445 v.194.126.54.2296 ESTABLISHED tcp4 0 0 x.199.7.138.139 y.174.106.82.49760ESTABLISHED - John T. Rashaad S. Hyndman wrote: Hi all, I've been fighting with joining my samba server (debian) to my active directory domain for 4 days now. The problem here is that users in my active directory domain on windows machines are not able to browse my samba shares without being prompted for authentication. I can: - Join the domain from samba server using net ads - View list of tickets when brownsing window shares with klist - list window shares without being prompted with smbclient -k -L windows_servername I can NOT: - use net use * \\smb_servername\share from window based machine. (this resultes in The password or user name is invalid for \\delshare\public (delshare being my samba server name) I have no clue what to do from here. I've looked over my smb.conf file 20 times likewise my krb5.conf file Any suggestions would be greatly appreciated. I've arn out of tests. R. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Compiling Samba 3.0.4, err w/ krb5
What O.S.? Poulson, Shawn wrote: Typo... I'm now attempting... doh -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Poulson, Shawn Sent: Wednesday, July 21, 2004 11:47 AM To: [EMAIL PROTECTED] Subject: [Samba] Compiling Samba 3.0.4, err w/ krb5 Hello again, I'm not attempting an install of Samba 3.0.4 from source. I want to specifically compile in ads and winbindd support. So, I already compiled and installed OpenLDAP 2.2.13. Now the configure script is hung on krb5 dependancy: checking for krb5.h... no configure: error: Active Directory cannot be supported without krb5.h So I downloaded and attempted compile of krb5 1.3.4, but I got this error: /root/stuff/krb5-1.3.4/src/appl/telnet/telnet/telnet.c:783: undefined reference to `tgetent' collect2: ld returned 1 exit status Upon searching kerberos list archives, there was a complaint about this error and having to reinstall ncurses to satisfy this reference. http://mailman.mit.edu/pipermail/kerberos/2004-May/005452.html http://mailman.mit.edu/pipermail/kerberos/2004-May/005452.html However, when I compile ncurses 5.3, I get an error about g++ not being installed. This seems like an endless dependancy. Any tips on making samba configure script happy? --- ...OLE_Obj... Shawn Poulson SAP America, IT/PSS (610) 661-5011 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Enum printers slow in general... - Re: 6 second delay for File / Print dialog to come up
Paul Gienger wrote: Michael Lueck wrote: I've been digging further on this... Turned logging back up to 10. Reboot Win2K client, open notepad, etc... delete all logs, File/Print, and when the dialog finally comes up quick open the log to see what happened. 6128 lines of log just for three network printers! I have time stamping turned on in the logging, and I only catch about 3 seconds worth of traffic, that does not account for ALL of the 6 to 7 second delay. I saw some entries that it could not get the workstation to answer up as a server, ja, we turn off the server service on non-servers. Turned it back on, log entries went away, not the delays. Are these Win2K/XP style (spoolless) printers just that slow in general? WordPerfect is major painful as it reformats each file you open for the selected printer, and how does it know the printer... it enum's the printers... six seconds here, six seconds there... so much for 3GHz client PC's! ;-) How is your nameservice set up? Can the server find the client by the netbios name it advertises? I've seen some really long delays if this is screwed up bad enough. When you print the samba server will try to contact your client back (for some reason, why does it samba devs?) and if it can't get you it hangs. You should see logs like 'couldn't contact spoolss on [SOMEBOX]. Our specific situation was like this: Some client box had a name, we'll call it dynamicPC. When it was on DHCP it put itself into dns as dynamicPC and everything was fine. The user decided he wanted it as a static so it could be a 'server' for some test environment, what it was isn't important. I told him some static addresses to use for whetever machines he needed, and I set them up with DNS names like static1-5. When he put his machine in static he didn't change the name to staticX, but kept it as dynamicPC. When he came to the server as dynamicPC, he also didn't re-register his dns name, because he was static, and he didn't reverse map to dynamicPC. S, the samba server saw him coming as dynamicPC and tried to contact that dns name, which was now a black hole. Your (relatively quick) delay could be because your dns/wins (or lack thereof) server is returning NXDOMAIN right away rather than shunting you off to a dead IP like mine did. It's always quicker to get a definitive no than sit around waiting for an answer that isn't coming. Yeah, when I upgraded from NT4 to 2000 Server, it mangled the Server name and DNS couldn't find it, so clients had to time out before trying another method of getting to the server. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Regarding net groupmap
Well, my Samba 3.0.4 is joined to a w2k AD and works fairly well so far, as it's not in a production environment yet. I am now testing it for such a release and have encountered a permission problem. Unless I chmod -R 777 the Samba share directroy, users can only read files on the share, including the ADS users in Domain Admins. Reading the Samba online manual, I figured the groupmap function would solve this. I did as the manual suggested and got teh following errors: fskkweb# net groupmap add ntgroup=Domain Admins unixgroup=domadm No rid or sid specified, choosing algorithmic mapping [2004/07/09 08:54:36, 0] lib/smbldap.c:fetch_ldap_pw(260) fetch_ldap_pw: neither ldap secret retrieved! [2004/07/09 08:54:36, 0] lib/smbldap.c:smbldap_connect_system(760) ldap_connect_system: Failed to retrieve password from secrets.tdb [2004/07/09 08:54:36, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1763) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (unknown) (Invalid credentials) [2004/07/09 08:54:36, 0] lib/smbldap.c:fetch_ldap_pw(260) fetch_ldap_pw: neither ldap secret retrieved! [2004/07/09 08:54:36, 0] lib/smbldap.c:smbldap_connect_system(760) ldap_connect_system: Failed to retrieve password from secrets.tdb [2004/07/09 08:54:36, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1763) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (unknown) (Invalid credentials) [2004/07/09 08:54:36, 0] lib/smbldap.c:fetch_ldap_pw(260) fetch_ldap_pw: neither ldap secret retrieved! [2004/07/09 08:54:36, 0] lib/smbldap.c:smbldap_connect_system(760) ldap_connect_system: Failed to retrieve password from secrets.tdb [2004/07/09 08:54:36, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1763) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (unknown) (Invalid credentials) [2004/07/09 08:54:36, 0] lib/smbldap.c:fetch_ldap_pw(260) fetch_ldap_pw: neither ldap secret retrieved! [2004/07/09 08:54:36, 0] lib/smbldap.c:smbldap_connect_system(760) ldap_connect_system: Failed to retrieve password from secrets.tdb [2004/07/09 08:54:36, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1763) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (unknown) (Invalid credentials) [2004/07/09 08:54:36, 0] lib/smbldap.c:fetch_ldap_pw(260) fetch_ldap_pw: neither ldap secret retrieved! adding entry for group Domain Admins failed! This is snipped but the errors repeat over and over for several pages. Anyone have any thoughts. TMS III -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Interesting Behavior
I've know that W2k and XP, in a w2k/k3 domain, attempt to attach to port 445 first before trying 139. Here's the interesting part. Once I join a 3.0.4 samba server on FreeBSD 5.2.1, if I try to map to the share using \\servername\share, from a w2k/xp domain joined workstation, I get a logon prompt, but it fails to connect. Doing netstat -an on the workstation shows an attempt to open a connection to port 139 on the Samba server, but the samba machine shows no such attempt. Obviously, this causes the mapping operation to fail. However, from the w2k/xp box, map \\ip-addy\sharename and we get a connection...no user\pass prompt. Further, netstat shows the xp box attached to the samba server via port 445. I'm not terribly concerned about mapping by IP addy-the servers have static addresses. However, this problem DOES prevent browsing shares from My Network Places. The samba server shows up, but attempts to browse its shares fails--a log in prompt pops up as described earlier. Again, not a huge problem for me, as my users have trouble turning their machines on. The biggest problem here is that the domain joined workstations can't map shares from 2.2.8a version samba servers by IP address. I guess to fix that I'll have to upgrade. However, it would be nice to have some of the higher level wizards on the list look into this behavior, as it would be nice to be able to browse the shares. I'd be willing to help, if I can offer any. TMS III -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] XP 2.2.8a issues
Nope, the problem arose when I upgraded the NT 4 domain controller to w2k. Further, I have 1 XP box that can --usually-- map a drive on the samba server. Up untill last week my XP work station could map samba drives. After a recent reboot, no dice. I have to doubt that machine accounts on the stand alone samba server is the problem. In workgroup mode the XP machines have no problem mapping the samba share. Jason Balicki wrote: Tom Skeren wrote: I have some 30 XP boxes in one offices joined to a w2k domain. The w2k server has no problem mapping drives on the samba server, however, the XP workstations refuse. Put in user name and password in the box after mapping, and it just pops back up like you've entered a wrong pass/user name. I have changed signorseal to 0 in registry to no avail. Of course, when the server was NT4, I had no problem. And if the XP boxes are in workgroup mode rather than domain mode there's also no problem maping the samba drives. Any advise would be appreciated, as I'm about to roof test the worthless w2k server. Just a quickie: did you add machine accounts for the windows boxes on the samba server? --J(K) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Compilation with Kerberos problem
Wow, 3.5. I had a number of problems on 5.2.1, maybe they're similar. Here's the configure I use: ./configure --exec-prefix=/usr/local --localstatedir=/var --with-configdir=/usr/local/etc --with-libdir=/usr/local/lib/samba --with-swatdir=/usr/local/share/swat --with-piddir=/var/run --with-lockdir=/var/db/samba --with-privatedir=/usr/local/private --with-logfilebase=/var/log/samba --with-manpages-langs=en --with-libiconv=/usr/local --with-pam --with-readline --with-sendfile-support --with-libsmbclient --without-python --disable-cups --without-syslog --without-quotas --with-winbind --with-ldapsam --without-pam_smbpass --with-ads --with-krb5 --with-ldap --prefix=/usr/local i386-portbld-freebsd5.2.1 Tim Jordan wrote: On Fri, 2004-06-25 at 06:07, Daniel Ramaley wrote: I'm trying to compile Samba 3.0.4 with Active Directory support on OpenBSD 3.5, using the native Kerberos libraries (which happens to be Heimdal 0.6). Unfortunately, ./configure isn't working right. If anyone can help me figure out what the problem is, i would appreciate it. First a bit of info on OpenBSD's Kerberos path layout, in case it matters: /usr/libexec - daemons such as: kadmind, kdc, kpasswdd /usr/sbin - admin programs such as: kadmin, kstash, ktutil /usr/bin - user programs such as: kauth, kinit, krb5-config, kdestroy, klist /usr/lib - libraries /etc/kerberosV - configuration file: krb5.conf /usr/include/kerberosV - include files Here's the configure command i'm using: # ./configure --prefix=/usr/local/samba \ --localstatedir=/var \ --with-configdir=/etc/samba \ --with-lockdir=/var/spool/samba \ --with-piddir=/var/run \ --with-logfilebase=/var/log \ --with-privatedir=/etc/samba \ --with-ads \ --with-winbind \ --with-krb5 \ --with-krb5=/usr/lib \ --with-ssl \ --with-sslinc=/usr/include/ssl \ --with-ssllib=/usr/lib \ configure.out 2 configure.err After it fails, configure.err contains this: configure: WARNING: net/if.h: present but cannot be compiled configure: WARNING: net/if.h: check for missing prerequisite headers? configure: WARNING: net/if.h: proceeding with the preprocessor's result configure: WARNING: rpcsvc/yp_prot.h: present but cannot be compiled configure: WARNING: rpcsvc/yp_prot.h: check for missing prerequisite headers? configure: WARNING: rpcsvc/yp_prot.h: proceeding with the preprocessor's result configure: WARNING: sys/mount.h: present but cannot be compiled configure: WARNING: sys/mount.h: check for missing prerequisite headers? configure: WARNING: sys/mount.h: proceeding with the preprocessor's result configure: WARNING: netinet/ip.h: present but cannot be compiled configure: WARNING: netinet/ip.h: check for missing prerequisite headers? configure: WARNING: netinet/ip.h: proceeding with the preprocessor's result configure: error: libkrb5 is needed for Active Directory support I don't understand why libkrb5 isn't found, since it is in /usr/lib and ldconfig knows where it is: $ ls -l /usr/lib/libkrb5.* -r--r--r-- 5 root bin 648812 Mar 29 13:51 /usr/lib/libkrb5.a -r--r--r-- 4 root bin 457791 Mar 29 13:51 /usr/lib/libkrb5.so.13.0 $ ldconfig -r | grep krb5 12:-lkrb5.13.0 = /usr/lib/libkrb5.so.13.0 I won't bog the list down with the entirety of configure.out, but here are the last few lines of the file: checking for Active Directory and krb5 support... yes checking for krb5-config... /usr/bin/krb5-config checking for working krb5-config... yes checking krb5.h usability... yes checking krb5.h presence... yes checking for krb5.h... yes checking gssapi.h usability... yes checking gssapi.h presence... yes checking for gssapi.h... yes checking gssapi/gssapi_generic.h usability... no checking gssapi/gssapi_generic.h presence... no checking for gssapi/gssapi_generic.h... no checking gssapi/gssapi.h usability... no checking gssapi/gssapi.h presence... no checking for gssapi/gssapi.h... no checking com_err.h usability... yes checking com_err.h presence... yes checking for com_err.h... yes checking for _et_list in -lcom_err... no checking for krb5_encrypt_data in -lk5crypto... no checking for des_set_key in -lcrypto... no checking for copy_Authenticator in -lasn1... no checking for roken_getaddrinfo_hostspec in -lroken... no checking for gss_display_status in -lgssapi... no checking for krb5_mk_req_extended in -lkrb5... no checking for gss_display_status in -lgssapi_krb5... no checking for krb5_set_real_time... no checking for krb5_set_default_in_tkt_etypes... no checking for krb5_set_default_tgs_ktypes... no checking for krb5_principal2salt... no checking for krb5_use_enctype... no checking for krb5_string_to_key... no checking for krb5_get_pw_salt... no checking for krb5_string_to_key_salt... no checking
Re: [Samba] join as ADS member
This is very important when doing things with ADS. You must either use the w2k3 machine as DNS or export the w2k3 DNS settings it writes and manually import them into bind9. Your Samba machine is sending out DNS requests for LDAP and Kerberos on the ADS. If you aren't using a properly configured DNS server, those are the errors you will get. Zuwei Liu wrote: Hello, I met a problem when I trying to join a linux client to a Windows 2003 server. This Windows 2003 server is ADS and PDS, plus DNS. The client is Linux RedHat 7.3, installed Samba 3.0.4. I tried to use # net ads join -UAdministrator%abcedef it give me error of libads/kerberos.c:ads_kinit_password(135) kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot find KDC for requested realm I tried to run # kinit and also get error of kinit(v5): Cannot resolve network address for KDC in requested realm while getting initial credentials Does any one know what's wrong or what kind of configuration I missed? The smb.conf is list below: netbios name = lisbon interfaces = 172.22.4.137 bind interfaces only = yes security = ADS realm = qa4.neopathnetworks.com password server = rio.qa4.neopathnetworks.com Thanks alot zuwei -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Login failures on Win XP.
I'm having a similar problem. Thought it was just me. Franklin Trumpy wrote: Hello, everyone, Particulars: Solaris 8 on i386 Samba 2.2.5 Windows 2000 PDC Windows XP clients I'm having occasional problems with one or two Windows XP machines being able to browse my Samba server while members of a Windows 2000 domain. If the machine bar is joined to the domain mydomain, and the user foo is logged in via the Windows 2K PDC and attempts to browse the Samba server, the login window pops up with the username field containing: mydomain/foo. Attempts to authenticate result in You may not have privileges to access this network resource errors. I have confirmed that Send unencrypted password to third party SMB servers is Enabled, and I've applied the signorseal registry hack, though I don't think that applies here. I've removed Client for Microsoft Networks and re-added it, as well. Removing from and rejoining to the domain doesn't help. If the user is removed from the domain and is made ONLY a member of a workgroup, it works just fine. This is only a problem on three or four out of maybe 80 machines, all of which *should* be identically configured. Relevant lines from the logfile, with names changed: [2004/06/11 15:06:45, 2] smbd/reply.c:reply_sesssetup_and_X(982) Defaulting to Lanman password for foo [2004/06/11 15:06:45, 1] smbd/reply.c:reply_sesssetup_and_X(998) Rejecting user 'foo': authentication failed Any help is appreciated. Thanks. Franklin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] security = ads: problem join XP Pro?
Does your DNS server have the following entries: If not it won't work. _ldap._tcp.fsklaw.net. 600 IN SRV 0 100 389 server.fsklaw.net. _ldap._tcp.Default-First-Site-Name._sites.fsklaw.net. 600 IN SRV 0 100 389 server.fsklaw.net. _ldap._tcp.pdc._msdcs.fsklaw.net. 600 IN SRV 0 100 389 server.fsklaw.net. _ldap._tcp.gc._msdcs.fsklaw.net. 600 IN SRV 0 100 3268 server.fsklaw.net. _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.fsklaw.net. 600 IN SRV 0 100 3268 server.fsklaw.net. _ldap._tcp.dddc-59fe-434d-8cca-f00ca06b564d.domains._msdcs.fsklaw.net. 600 IN SRV 0 100 389 server.fsklaw.net. gc._msdcs.fsklaw.net. 600 IN A 192.168.62.1 42254cae-00e0-4814-a063-af2189b41e2b._msdcs.fsklaw.net. 600 IN CNAME server.fsklaw.net. _kerberos._tcp.dc._msdcs.fsklaw.net. 600 IN SRV 0 100 88 server.fsklaw.net. _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.fsklaw.net. 600 IN SRV 0 100 88 server.fsklaw.net. _ldap._tcp.dc._msdcs.fsklaw.net. 600 IN SRV 0 100 389 server.fsklaw.net. _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.fsklaw.net. 600 IN SRV 0 100 389 server.fsklaw.net. _kerberos._tcp.fsklaw.net. 600 IN SRV 0 100 88 server.fsklaw.net. _kerberos._tcp.Default-First-Site-Name._sites.fsklaw.net. 600 IN SRV 0 100 88 server.fsklaw.net. _gc._tcp.fsklaw.net. 600 IN SRV 0 100 3268 server.fsklaw.net. _gc._tcp.Default-First-Site-Name._sites.fsklaw.net. 600 IN SRV 0 100 3268 server.fsklaw.net. _kerberos._udp.fsklaw.net. 600 IN SRV 0 100 88 server.fsklaw.net. _kpasswd._tcp.fsklaw.net. 600 IN SRV 0 100 464 server.fsklaw.net. _kpasswd._udp.fsklaw.net. 600 IN SRV 0 100 464 server.fsklaw.net. fsklaw.net. 600 IN A 192.168.61.1 gc._msdcs.fsklaw.net. 600 IN A 192.168.61.1 Etienne-Hugues Fortin wrote: Hi, I've configured Samba 3.0.4 with Openldap 2.1.22 to use my samba server as a PDC. At first, I had some problem with the user administrator. I've then found the workaround a few days ago. Now that this is fixed, I'm trying to join a XP Pro workstation to my domain. I've done multiple test and never succeeded. I'm always getting XP Pro to complain about not being able to find a domain and talking about a SRV entry in my DNS (which is dynamic as required when using dhcp at the same time). So, this morning, in a desesperate attempt, I changed security = ads to security = domain and retry to join the domain from XP Pro. To my surprise, it worked fine. I've reread the documentation and it's still saying that we should use security = domain when our server is acting as a BDC, not a PDC. I still have to do more test tonight to see if everything is working but right now, I'm more curious to understand why my samba server (which is now acting as a BDC) is accepting a join request while it's not when it's acting as a PDC. Is that normal? Should I keep my server in security = domain mode? Thank you. Etienne-Hugues Fortin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] What about domain trusts
Say between a Samba 3.0.4 and win2k machine? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] What about domain trusts
Any info would be appreciated. I've added the samba server as a one way trust in win2k, but the domain machines can't access the sambaa share (access denied) although the win2k servers can. Really would like the samba server to show up in DFS, well it does, but the users acces is denied. Greg Folkert wrote: On Tue, 2004-06-08 at 16:40, Tom Skeren wrote: Say between a Samba 3.0.4 and win2k machine? YES. Can be done. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] To all with FreeBSD 5.2.1 and net ads join problems
If your getting kinit problems with net ads join (don't bother with
testjoin-it will error out no matter), do the following:
1. Change an administrators password, especially if you upgraded from
NT 4.
2. Create a krb5.conf file int /etc that looks like this:
logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = YOURDOMAIN.COM
dns_lookup_realm = true
dns_lookup_kdc = true
default_etypes = des-cbc-crc des-cbc-md5
default_etypes_des = des-cbc-crc des-cbc-md5
[realms]
FSKLAW.NET = {
kdc = kerberos.yourdomain.com
admin_server = servername.yourdomain.com
default_domain= yourdomain.com
}
[domain_realm]
.kerberos.server = KERBEROS.FSKLAW.NET
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[pam]
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
3. Test kinit: kinit [EMAIL PROTECTED] enter new password.
You should be at a prompt. You'll get nothing if it's working.
4. Join the domain. net ads --user=someadmin join. Enter password.
You should get some message telling you you were successfull. Check out
the Win2k machine. The samba name of your Unix box should be in active
directory users and computers, in computers. Double click the listing
and check version. It should say the OS is Samba 3.0.x. Your in,
mostly at this point.
Hope this helps, I've been at this three weeks now.
TMS III
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] iptables and samba
Andrew Gaffney wrote: azeem ahmad wrote: hi i m using the script below - iptables -F iptables -t nat -F iptables -P INPUT DROP iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 53 -j ACCEPT iptables -A INPUT -i eth0 -p udp --dport 53 -j ACCEPT iptables -A INPUT -i eth0 -p udp --dport 137 -j ACCEPT iptables -A INPUT -i eth0 -p udp --dport 138 -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 139 -j ACCEPT - i have two shares on samba server Soft and linux in these shares there are many folders. whenever i run the above script and then i open the share it takes atleast 4 minutes to open the share. but it doesnt take time while browsing inside share. mean there is a folder on soft share like soft/adobe/acrobat/acrobat6 when i double click on soft it takes atleast 4 minutes but after that when i click on adobe then acrobat then acrobat6 it takes now time it just browse them normally. same problem is with the other share named linux. but if i dont run this script then all shares work fine with no delay this problem only occures first time. mean when i browse the share next time it doesnt occur This is a complete shot in the dark. Windows 2000 (probably) and XP (definately) will look for a SMB server on port 445 first by default. Since you have '-j DROP', the requests to 445 don't get a response. It takes a little bit to timeout and then Windows probably tries to connect again. I bet if you add the following iptables rule, the problem will go away: iptables -A INPUT -i eth0 -p all --dport 445 -j REJECT If you have Samba 3.x it will share on port 445. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] QuickBooks Enterprise Samba 2.2.8
Probably need to set filter in smb.conf with 770 setting. Someone mentioned it Tuesday. Kevin Kallsen wrote: Hello, I have samba 2.2.8 running on a pdc server. We recently purchased QuickBooks enterprise for multi user support. I have setup a folder on the samba server to store/use QuickBooks. From reading the newsgroups I see it is best to run with oplocks off (I have done this at the folder level.) I can successfully open and close the QuickBooks file (in the samba folder) using the machine I created it in. However, no other workstations running QuickBooks can open the file (even though I have the program set for multi user access). Please help and advice. Thanks in advance Kevin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: RES: [Samba] Experiences with Samba 3 in 'Windows Server 2003' mo de domains?
Log on to the Linux server, do netstat -an and find out whether users machines are connecting to port 445 or 139. If it's 445, then that IS the way to map a drive. If the clients are 2000/XP, and they're atempting to connect to 445, it may well be that 2003 is forcing network shares to try to connect to port 445 only. Microsoft is really trying to do away with netbios altogether. I just experimented with turning of netbios over tcp/ip on an XP machine, and the only way to connect to my Redhat ads joined samba server was by IP address. That's where I'd start looking. TMS III Estevam Henrique Carvalho wrote: Hi Thomas, I ran Samba-3.0.2a + MIT Kerberos 1.3.3 with Windows 2000 without any problem, all the users was able to access the shares with their tickets, after migrate my W2K server to Windows 2003 no one can access the shares on the linux machine using its netbios name, it only works trough ip address. I've been many people reporting the same issue, but no one was able do answer. Hi samba team can could you help us ?! Tks, Estevam Henrique -Mensagem original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Em nome de Thomas Maschutznig Enviada em: quarta-feira, 19 de maio de 2004 10:39 Para: [EMAIL PROTECTED] Assunto: [Samba] Experiences with Samba 3 in 'Windows Server 2003' mode domains? I have a RedHat ES3 with Samba 3 joined in a 'Windows 2000 Mixed Mode' domain running on Win 2003 DCs; everything works perfectly fine - accounts and groups all come from the DC through winbind and users can access the shares with their kerberos ticket without having to re-authenticate. Now, will all this still work if I switch to the Windows Server 2003 domain mode or are there known problems with this?Please point me to some useful links or share your experience with such a scenario! I am using: samba-3.0.2-6.3E krb5-1.3.3 Thomas -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 'veto oplock files' option in 3.0.2a broken ???
I suspect it has to do with the creation of the .lmd file, which is created when someone opens an access database. It's probably being created with the wrong permisions. There's a filter command for smb.conf that stops things like this from happening. Flávio Henrique wrote: Hi all.. I'm update my samba, from 2.2.8a to 3.0.2a, and now my 'veto oplock files' do no work... I set my option like this: veto oplock files = /*.mdb/*.MDB/ but after the first user open our software (that opens a file .mdb in a samba share) the second user can't open... he gets the error message: 'Couln't lock the file' Even setting all locking options = no, the error persists... Someone already have the same problem ?? thanx Hwo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] volume parameter PLEASE!
I'm not that nice to my users. ;-) They get what I give them, but nothing stops you from doing this [share] path = /home/some_directory [Pretty share name] path=/exact same as above. Never used volume. Could be a bug in the version your using. undergra wrote: Change [share] to [anothername]. Seems simple enough, I can't see any reason to not do this. the reason is by the users. For administrate and mount shares i use short names, but for users is more pretty use long names. For example, the share [homes] on windows is more pretty see the text My Disc, My home, my personal files etc. than homes The parameter volume do this but not works undergra wrote: The 'volume' parameter works fine? I would like change the share name on windows but not works! The share: [share] path = /home/unipost/barcelona/industria9/admision volume = anothername writeable = yes When i try to mount share windows shows the name share and not anothername Anyone help me please? thanks! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Hi again timur
I am completely frustrated at this point. The following is not meant against you personally, but I'm the ONLY I.T. person for 100 users in 6 different offices, and I don't know what to do at this point but beg. I finally figured out what Heimdal is, and I believe is the main problem. Installed 5.2.1 on a machine. Installed krb5 from ports. Changed make.conf adding KRB5_HOME=/usr/local. Rebooted. Got the newest port for samba-devel. Did make, make depends, make install. Try net ads testjoin. Machine responds ADS support not compiled in. Either I get it compiled in but net ads join/testjoin always error out because of some incompatibility in Heimdal Kerberos, or this happens. I really am getting up against a wall here. I've gotta get this thing working. It took me three hours to do this on a Redhat machine. I've been trying to do the same thing in FreeBSD for three weeks straight. I really don't want to rebuild all of my servers with Redhat, I don't know Redhat very well at all, and that means replacing 4 production servers. I could really use a bit of help. TMS III -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba-3.0.4.tar.gz Is not available
What's going on? Have you pulled it? Like to know. Last official email said to use 3.0.4 as production release. TMS III -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
