simo | 1 Nov 01:14 2006
Picon

Re: Winbind mappings change over time

On Wed, 2006-11-01 at 08:52 +1300, Richard Greaney wrote:
> Hi Simo
> Thanks for your reply. I might have made things a little hazy in my 
> initial post. The 40-odd servers I mentioned are all on remote client 
> sites and each has it's own corresponding Windows server. Effectively, I 
> have the same problem on all sites at one time or another. My issue 
> isn't with the order of winbind mapping, but more with the fact that the 
> SID to UID mapping appears to change over time.

This can happen only if you delete winbind_idmap.tdb
Mappings cannot change otherwise. Make sure you backup that file so that
you can restore it in case you need.

> I will take a look for information about idmap_ldap as a backend to see 
> if it is going to work with my setup.

idmap_ldap is useful if you need to share mappings, otherwise it is less
ideal for reliability and performance reasons (you start needing ldap
replicas and manage them).

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer
email: idra <at> samba.org
http://samba.org

--

-- 
To unsubscribe from this list go to the following URL and read the
(Continue reading)

xavier | 1 Nov 02:51 2006
Picon

severe problem with ms-word 97-2000 read only saving files

After restarting Samba, it is good now !
seems no need to reboot the server.
strange, but I have effectively done many tests and smb.conf changes 
without restarting anytime.
I definitively don't like m$word !

I will see if the problem occur in the nexts weeks...

Xavier

--

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Peter | 1 Nov 02:38 2006
Picon

Samba can't spool to CUPS. Data not sent to printer

I waited three days to post this while googling, reading, testing. I can't
figure this out, so am hoping someone here has had a similar problem and
can recommend a solution.

System and versions:
Kernel 2.6.17.13
Slackware-11
Sambe 3.0.23c
CUPS 1.2.4
Printer HP Photosmart 7550 on usb.
Samba guest account=ftp (I read that the account nobody can cause trouble).

$ lpstat -s
system default destination: Brother
device for Brother: smb://pc/Brother (printing from linux box to WXP works)
device for HPPhoto: usb://hp/photosmart%207550?serial=CN2CG410HV7E

Cups configured this printer fine, and files -- both graphical and text --
print perfectly from the local machine on which it was installed.
Curiously, the only thing which does not print locally is the test page,
but I think that has something to do with borders and margins.

Samba is configured simply as a share server so our local Windows PCs can
share common directories. Since this is a closed network, security is not
a priority (I can hear all the sysadmins groaning...but I don't feel
threatened by my wife and kids!).

Installation of the printer drivers on the satellite PCs worked fine (all
with XP SP2 and latest updates), and the PCs can all see and use the
printer. They can even print to the printer without an error.
(Continue reading)

Richard Greaney | 1 Nov 03:10 2006
Picon

Re: Winbind mappings change over time

simo wrote:
> On Wed, 2006-11-01 at 08:52 +1300, Richard Greaney wrote:
>> Hi Simo
>> Thanks for your reply. I might have made things a little hazy in my 
>> initial post. The 40-odd servers I mentioned are all on remote client 
>> sites and each has it's own corresponding Windows server. Effectively, I 
>> have the same problem on all sites at one time or another. My issue 
>> isn't with the order of winbind mapping, but more with the fact that the 
>> SID to UID mapping appears to change over time.
> 
> This can happen only if you delete winbind_idmap.tdb
> Mappings cannot change otherwise. Make sure you backup that file so that
> you can restore it in case you need.
> 
>> I will take a look for information about idmap_ldap as a backend to see 
>> if it is going to work with my setup.
> 
> idmap_ldap is useful if you need to share mappings, otherwise it is less
> ideal for reliability and performance reasons (you start needing ldap
> replicas and manage them).
> 
> Simo.
> 
What about idmap_rid (or just rid as it's called these days)? You 
mentioned this in an earlier email but I read it as idmap_ldap. 
Obviously it doesn't work on trusted domains, but apart from that would 
this be the best option for use in <1000 user sites?

--

-- 

(Continue reading)

Andrew Bartlett | 1 Nov 03:29 2006
Picon

Re: Samba-OpenLDAP and AD question..

On Mon, 2006-10-30 at 13:14 -0800, John Little wrote:
> Hi all
>  
> We have slowly been migrating our NT4 domain to Samba+OpenLDAP.  Today I was told that we were going to to
create an AD 'resource' domain, put all of the workstations in it and create a trust relationship between
the two domains.  In other words the users would be in the Samba+OpenLDAP domain and the workstations in the
AD 'resource' domain.  If it matters we have about 1750 workstations with about 2000 users.
> 
> Is this a reasonable model to follow or thing to do?

It depends on the reasons for creating the resource domain.

> If we do this what sort of pitfalls, if any, should I expect to encounter?
> Any ideas, opinions, knowledge of this are greatly appreciated.

It should work.  In fact, I think I even tested it briefly at my site.
It will just be an interdomain trust as far as Samba and AD are
concerned.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.                  http://redhat.com
--

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
(Continue reading)

Robert Fraser | 1 Nov 03:41 2006
Picon

ADS and Winbind problems with joining domain and listing users/ groups

Hi

I am having trouble joining a Samba 3.0.22 (Ubuntu 6.06) machine to an
AD.  I have done a heap of googling and can't find anything that seems
to fix the problem.  This sequence of commands shows the problem (I
have now tried to join the doain a number of times hence the modifying
old account):

# net ads join
[2006/11/01 15:32:56, 0] libads/ldap.c:ads_add_machine_acct(1414)
  ads_add_machine_acct: Host account for mail already exists -
modifying old account
Using short domain name -- SERVICES
Joined 'MAIL' to realm 'SERVICES.EXAMPLE.CO.NZ'

# net ads testjoin
[2006/11/01 15:34:02, 0] utils/net_ads.c:ads_startup(191)
  ads_connect: Invalid credentials
Join to domain is not valid

# wbinfo -t
checking the trust secret via RPC calls succeeded

# wbinfo -u
Error looking up domain users

#wbinfo -g
Error looking up domain groups

# net ads user
(Continue reading)

Adam Nielsen | 1 Nov 07:27 2006
Picon
Picon

How to stop creation of read-only files?

Hi everyone,

I've discovered an odd problem in Samba where I can apparently create a
read-only file even though I thought I'd disabled this (primarily
because once you make the file read only, you then can't delete it
again.)

The relevant section of smb.conf:

  [share]
    create mask = 664
    directory mask = 775
    force security mode = 660
    nt acl support = yes
    inherit acls = yes
    inherit owner = yes

If I create a file normally and try to mark it read-only it correctly
tells me 'access denied', however if I create a file elsewhere, mark it
read-only there and then copy it across to the Samba share, the file is
created in read-only mode which means I then can't delete it again.

Is this a bug in Samba or am I missing an option in my share config?
This is with Samba 3.0.21rc2.

Thanks,
Adam.
--

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
(Continue reading)

S.Barbaresi | 1 Nov 11:20 2006
Picon

Re: Samba Breaks with ACLs


>We have a number of files that are user/group writable (permissions 0664). 
>When a user that is someone other than the Unix owner of the file writes to
>it, the permissions switch to 0474 (-r--rwxr--) and an ACL is added with
>this second user getting read/write permission to it.
>
>  
>
Here's my observations: we've upgrade from 3.0.22 to 3.0.23c on Solaris 
10 and we are seeing the
 same problem (we did not see this behaviour with 3.0.22).

Sim

-- 
S.Barbaresi                       E-mail: s.barbaresi <at> bangor.ac.uk
Adeilad Deiniol, UWB              Tel: (44) (0)1248 382403
Ffordd Deiniol                    Mob: (44) (0)7788 977167
Bangor, Gwynedd LL57 2UX          URL: www.bangor.ac.uk

--

-- 
Gall y neges e-bost hon, ac unrhyw atodiadau a anfonwyd gyda hi,
gynnwys deunydd cyfrinachol ac wedi eu bwriadu i'w defnyddio'n unig
gan y sawl y cawsant eu cyfeirio ato (atynt). Os ydych wedi derbyn y
neges e-bost hon trwy gamgymeriad, rhowch wybod i'r anfonwr ar
unwaith a dilëwch y neges. Os na fwriadwyd anfon y neges atoch chi,
rhaid i chi beidio â defnyddio, cadw neu ddatgelu unrhyw wybodaeth a
gynhwysir ynddi. Mae unrhyw farn neu safbwynt yn eiddo i'r sawl a'i
hanfonodd yn unig  ac nid yw o anghenraid yn cynrychioli barn
Prifysgol Cymru, Bangor. Nid yw Prifysgol Cymru, Bangor yn gwarantu
(Continue reading)

Volker Lendecke | 1 Nov 11:29 2006
Picon

Re: again on file corruption

On Tue, Oct 31, 2006 at 08:55:16PM +0100, urza wrote:
> What do you suggest?

Bad network? TCP does not checksum the payload, so it might
be possible that the data arrives corrupted.

A way to at least detect this would be to enforce smb
signing. 'server signing = mandatory' would be that option.

You might then see spurious network disconnects which also
might corrupt the DB, but smbd should be much more verbose
for this particular error.

Volker
--

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
William Fry | 1 Nov 12:45 2006
Picon

Linux OK, Windows Bad - sharing Linux-hosted SMB files

I'm sure this is a question asked many times before, but before I'm flamed,
let me state that I've spent TWO WEEKS researching and testing this problem.
I've read so many "How To's," forum postings, news groups, and "official
docs," I should be an expert on Samba by now. It's obscene.

I have an external USB drive - Western Digital 160GB USB 2.0 - attached to a
Debian 3.1r2 PowerPC box. The WD drive is preformatted for Windows use, so
I'm mounting in on its host as "vfat."

My goal is to share this drive (and future ones) to all the other machines
on my LAN. Basically, I'm creating my own network-attached storage device.

I am using Samba to share out this drive to all the other machines on my
network. I have other Linux boxes, MacOS X boxes, and WinXPpro boxes. I have
no (Windows) domain controller and I'm content with (Samba) "share level"
access control but prefer "user level" access control. All this is on my
private LAN; I have no interest in exposing this drive/its shares outside my
LAN. Everyone within the LAN is "trusted."

With my current setup, all machines can READ, but only the Linux machines
(Debian, MacOSX) can write; the PC's (WinXPpro) seem to be stuck as R/O.

Below are the relevant files and connection commands ...

******************************
** Debian box "maurice" hosting and exporting WD USB drive:

Mount point: /mnt/nas01
Have local user "nas" of local group "nas"
User:group nas:nas own mount point
(Continue reading)


Gmane