headers
Andrew Morgan | 1 May 2007 01:26

Re: Changing group owner to a group user is not member of

On Mon, 30 Apr 2007, Henrik Zagerholm wrote:

> Hi,
>
> I'm using latest samba 3.0.24 on a debian etch box (ext3, acl) in ADS mode 
> joined to a W2003 domain.
>
> Everything works fine except when I want to change the group of a file to 
> something the user is not member of.
>
> Even if I run the commands as Administrator I can't seem to change to groups 
> expect to those that the Administrator is member of.
> This is really annoying as its very inconvenient to have a user member of all 
> groups...
>
> Is there some way to change this behavior?

I'm guessing you don't have Administrator mapped to root in unix?

I recently stumbled across the issue you describe in another context, and 
found this note in the Solaris manpage for chgrp:

      The   operating   system   has   a   configuration    option
      _POSIX_CHOWN_RESTRICTED, to restrict ownership changes. When
      this option is in effect, the owner of the file  may  change
      the  group  of  the  file only to a group to which the owner
      belongs. Only the super-user can  arbitrarily  change  owner
      IDs,  whether  or  not this option is in effect.

(the option is enabled by default in Solaris).
(Continue reading)

Permalink | Reply | 0 comments |
headers
Don Meyer | 1 May 2007 01:54
Picon

Re: Joining an 2003 AD

At 04:39 PM 4/30/2007, Aaron Kincer wrote:
>You must make sure that the hostname set in /etc/hostname and what 
>you have for your server string are exactly the same. At least 
>that's how I fixed it. On Edgy 6.10/Samba 3.0.22, I didn't have to do this.

This behavior was introduced at the 3.0.23c level, IIRC.   (maybe 
3.0.23b?)    That explains the version differences you are seeing.

The gotcha is that I get this failure despite attempting the 'net ads 
join' with Domain Admin credentials...    (Even up through 3.0.25rc3)

-D

Don Meyer                                           <dlmeyer <at> uiuc.edu>
Network Manager, ACES Academic Computing Facility
Technical System Manager, ACES TeleNet System
UIUC College of ACES, Information Technology and Communication Services

   "They that can give up essential liberty to obtain a little 
temporary safety,
         deserve neither liberty or safety."     -- Benjamin Franklin, 1759 

--

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
Permalink | Reply | 3 comments |
headers
oota | 1 May 2007 04:45
Picon
Picon

about csc policy parameter

For offline file support, I check "csc policy" parameter.
It has 4 parameters. but,I can not find how  each parameter work
(except disable).

I read source program. Each parameter has 0-3 value in param/loadparm.c .
And it use rpc_rpcserver/srv_srvsvc_nt.c (may be only).But I can't found
each parameter value means.

Does nyone know each parameter mean(work)?

--
--- Oota Toshiya ---  oota at mail.linux.bs1.fc.nec.co.jp
NEC Computers Software Operations Unit              Shiba,Minato,Tokyo
Open Source Software Platform Development Division  Japan,Earth,Solar system
(samba-jp/ldap-jp Staff,mutt-j admin,analog-jp/samba-jp postmaster)
--

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
Permalink | Reply | 1 comment |
headers
Kemp, Levi | 1 May 2007 05:31
Picon
Favicon

RE: Joining an 2003 AD

So for example my Server String = BMSK12LTSP then my entry in the /etc/hostname file should contain a line
reading 10.250.25.25 BMSK12LTSP.BOLIVAR.EDU BMSK12LTSP ? If that is all this is I'm going to shoot
myself. What if you don't have either one defined? Or only one defined, because I don't think I have an entry
in my hosts for my server, aside from the localhost.localhost localhost entry. And it is on the internal
NIC for the LTSP, 192.168.0.254 I think, I'm not in front of the server right now. 
 Don, are you saying that despite putting in both you still get this error? If this actually works I'm going to
add it to the how-to I've got and send it back to the writer. I don't think it was needed when he wrote it, and
like I said I got it to work the first time. I don't think I updated Samba that time, either that or I had the
entry's in both and didn't know it. Thanks for the info. I'm going to give it a try in the morning and let you
know if it worked.

Levi

________________________________

From: Don Meyer [mailto:dlmeyer <at> uiuc.edu]
Sent: Mon 4/30/2007 6:54 PM
To: Aaron Kincer; Kemp, Levi
Cc: samba <at> lists.samba.org
Subject: Re: [Samba] Joining an 2003 AD

At 04:39 PM 4/30/2007, Aaron Kincer wrote:
>You must make sure that the hostname set in /etc/hostname and what
>you have for your server string are exactly the same. At least
>that's how I fixed it. On Edgy 6.10/Samba 3.0.22, I didn't have to do this.

This behavior was introduced at the 3.0.23c level, IIRC.   (maybe
3.0.23b?)    That explains the version differences you are seeing.

The gotcha is that I get this failure despite attempting the 'net ads
(Continue reading)

Permalink | Reply | 2 comments |
headers
podge@swiftdsl.com.au | 1 May 2007 05:33
Picon

Re: Out of control smbd process

On Tue Aug 21  9:32 , Aaron Browne  sent:

>Although I have seen this on Solaris 9 running Samba 3.0.10, we
>have recently upgraded to Solaris 10 running Samba 3.0.23a.
>
>prstat/top shows a single smbd process out of control and this
>message is flooding the log.
>
>[2006/08/14 10:14:54, 0] libsmb/nmblib.c:(1019)
>  select returned -1, errno = Invalid argument (22)
>[2006/08/14 10:14:54, 0] libsmb/nmblib.c:(1019)
>  select returned -1, errno = Invalid argument (22)
>[2006/08/14 10:14:54, 0] libsmb/nmblib.c:(1019)
>  select returned -1, errno = Invalid argument (22)
>[2006/08/14 10:14:54, 0] libsmb/nmblib.c:(1019)
>  select returned -1, errno = Invalid argument (22)
>[2006/08/14 10:14:54, 0] libsmb/nmblib.c:(1019)
>  select returned -1, errno = Invalid argument (22)
>[2006/08/14 10:14:54, 0] libsmb/nmblib.c:(1019)
>  select returned -1, errno = Invalid argument (22)
>
>Samba is supporting users coming from a Terminal Server 2000 environment
>and therefore causes a DOS for users sharing that Terminal Server
>connection to Samba.

This issue was occurring approx 2-3 times a week for us. Symptoms are as described
above. My fellow Unix admin ran a Solaris pfiles against the out of control Samba
process
and found that it had the same file open quite a number of times. Sometimes it was 50
times and other times it was more. The file that was being opened is shared
(Continue reading)

Permalink | Reply | 0 comments |
headers
Don Meyer | 1 May 2007 05:55
Picon

RE: Joining an 2003 AD

No, on systems that I have attempted to override this error and join 
the domain with the system's given name, I have been unable to do so 
with the Domain Admin credentials that the error states is required 
for success.

My current domain join workaround for a rebuild/new system is to 
install the 3.0.23-6 packages,  run the 'net ads join', then 
immediately update to current version.

-D

At 10:31 PM 4/30/2007, Kemp, Levi wrote:
>  Don, are you saying that despite putting in both you still get this error?
>
>----------
>At 04:39 PM 4/30/2007, Aaron Kincer wrote:
> >You must make sure that the hostname set in /etc/hostname and what
> >you have for your server string are exactly the same. At least
> >that's how I fixed it. On Edgy 6.10/Samba 3.0.22, I didn't have to do this.
>
>...
>The gotcha is that I get this failure despite attempting the 'net ads
>join' with Domain Admin credentials...    (Even up through 3.0.25rc3)

Don Meyer                                           <dlmeyer <at> uiuc.edu>
Network Manager, ACES Academic Computing Facility
Technical System Manager, ACES TeleNet System
UIUC College of ACES, Information Technology and Communication Services

   "They that can give up essential liberty to obtain a little
(Continue reading)

Permalink | Reply | 2 comments |
headers
Don Meyer | 1 May 2007 06:35
Picon

Group permission problems with winbind & NFS

I am wondering whether anyone might also be seeing the problems I am 
currently encountering -- and maybe even someone knows of a solution 
that I cannot seem to find.

First, to whet your appetite, the problem:

I have an otherwise functional samba+winbind system, that I am 
primarily using winbind to instantiate users & groups from a 
Win2K3-based ADS, to allow clients ssh/scp/sftp access to website 
file storage.

Winbind appears to be working reasonably correctly - I have 3.0.24 
installed on this RHEL4 system.  I have successfully tweaked the 
pam.d/sshd config to restrict ssh login access to members of a 
particular group.  Once on the system, home directories are properly 
created if necessary, and they can successfully modify/add files in 
their home directory, in /tmp/, as necessary.   As long as it is on 
local file storage...

This system NFS mounts the remote file storage resource on a backend 
RHEL4 server.   The public facing web frontends also mount these same 
resources.   Here is where things get hinky -- some users can write 
to the directories on the NFS mount, and some cannot.   If the 
directory in question is owned by the user, then no problems 
writing.   If not, but the directory's owning group contains the user 
as a member, then only sometimes can the user add/change/remove files 
in the directory.

The first thing I would think to check here are the permissions -- 
directory permissions in my testcase are 2775, file perms are 0664 --
(Continue reading)

Permalink | Reply | 2 comments |
headers
Don Meyer | 1 May 2007 09:49
Picon

Problem with Samba-3.0.25rc3 & idmap_ldap (winbind dumps core)

In an effort to improve my lot, I'm trying to move to a ldap backend 
for idmap synchronization when I deploy the new 3.0.25 version on my 
systems.   In preparation for this, I've set up some test systems -- 
where I'm having some problems that I think others may be 
encountering  (according to a few comments I've seen recently).

In a nutshell, I believe I have set up my ldap services correctly -- 
largely following the ldap portion of the guide 
at: 
http://wiki.samba.org/index.php/Replicated_Failover_Domain_Controller_and_file_server_using_LDAP

At least according to phpldapadmin, I have a functioning master ldap 
service on one RHEL4 system and a replicating slave service 
established on a second RHEL4 system.  I then install the 
samba-3.0.25rc3-5 packages, and  alter my standard configuration 
according to the samba portion of the guide, taking into account the 
apparent changes needed due to the man pages for smb.conf & 
idmap_ldap.    (Relevant configs attached below...)

One step that I'm having a bit of a problem with, and I think it is 
contributing to the remainder of the problem below, is the entry of 
the credentials for the access to the ldap services.   Several guides 
state that the proper method to store the credentials for your ldap 
access dn is to use smbpasswd:

     smbpasswd -w {password}

However, this command complains:
     ERROR: 'ldap admin dn' not defined! Please check your smb.conf
(Continue reading)

Permalink | Reply | 2 comments |
headers
Radha Mohan Chintakuntla | 1 May 2007 14:04
Picon

samba and winxp problem with FAT32 shares

Hi,

I have a FC5 linux PC in the LAN where samba is configured. I connected a
2GB usb flash drive to it and created a share to access it through lan. The
flash drive is a FAT32 one. I have mounted it like this "mount -t vfat -o
umask=000 /dev/sda1 /mnt/usbdisk".

I am able to read/write small files but when I tried to copy a movie of some
467MB file into the share I got an error "The specified network name no
longer exists" after a some time of initiating copy. Through ethereal I was
able to know that windows is not giving response for some time and trying to
reconnect three or four times on different ports. I want to know if this is
windows problem or a samba problem. My samba logs when the error occured is
this:

[2007/04/29 11:45:03, 0] smbd/oplock.c:oplock_break(758)
   oplock_break: receive_smb error (Success)
   oplock_break failed for file mov001.dat (dev = 812, inode
= 1646447, file_id = 1118).
[2002/04/29 11:45:03, 0] smbd/oplock.c:oplock_break(843)
   oplock_break: client failure in break - shutting down this smbd.

-- Mohan
--

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
Permalink | Reply | 0 comments |
headers
Aaron Kincer | 1 May 2007 14:18
Picon

Re: Joining an 2003 AD

Here is what I'm saying (and one thing I forgot to include):

/etc/hosts has the line = 127.0.1.1       BMSK12LTSP.BOLIVAR.EDU   
BMSK12LTSP

/etc/hostname = BMSK12LTSP

server string in smb.conf = BMSK12LTSP

Your Active Directory fully qualified domain MUST be BOLIVAR.EDU

That's what I'm saying. If you fix these, I suspect it will work.

Kemp, Levi wrote:
> So for example my Server String = BMSK12LTSP then my entry in the /etc/hostname file should contain a line
reading 10.250.25.25 BMSK12LTSP.BOLIVAR.EDU BMSK12LTSP ? If that is all this is I'm going to shoot
myself. What if you don't have either one defined? Or only one defined, because I don't think I have an entry
in my hosts for my server, aside from the localhost.localhost localhost entry. And it is on the internal
NIC for the LTSP, 192.168.0.254 I think, I'm not in front of the server right now. 
>  Don, are you saying that despite putting in both you still get this error? If this actually works I'm going
to add it to the how-to I've got and send it back to the writer. I don't think it was needed when he wrote it, and
like I said I got it to work the first time. I don't think I updated Samba that time, either that or I had the
entry's in both and didn't know it. Thanks for the info. I'm going to give it a try in the morning and let you
know if it worked.
>  
> Levi
>
> ________________________________
>
> From: Don Meyer [mailto:dlmeyer <at> uiuc.edu]
(Continue reading)

Permalink | Reply | 1 comment |

Gmane