Linux Samba discussions

Beating head on desk again!

I have a samba server is running winbind which can access domain.  It is
working fine and is using domain credentials.  I access the samba shares
after the user has authenticated against a novell server during the novell
logon script. The shares are authenticated with user domain credentials and
verified with smbstatus. This works great!

If I alternatively use windows networking domain authentication, I have
problems.  
The Win95 station correctly authenticates against NT4 PDC and runs logon.bat
from that server.
As LOGON.BAT accesses samba shares, samba appears to get user credentials
without the Domain Name.  Since there are no users on the samba server, this
gets morphed into nobody.  
All services which can be accessed as nobody are attached as nobody,  all
other services are denied.  As a result important tools such as "net use X:
/home" do not work when file and directory permissions prohibit access to
nobody.

During the LOGON.BAT, I issued a net config
Computer name                  \\LGA00D0B724628B
User name                      GPALMER
Workgroup                      LGANET
Workstation root directory     C:\WINDOWS

Software version               4.00.950
Redirector version             4.00
Client for NetWare version     3.26

Registry setting require authentication..  It appears that "net" thinks it
is part of the domain; but as stated above, samba attaches as nobody.  Samba
logs indicate that it is receive user gpalmer and not lganet\gpalmer.

>From a DOS window, after logon.bat finishes , I can successfully execute

"net use X: /home".  Samba gets and processes the full domain credentials.  
Samba interperets user as nobody without regard to setting in "Log on to
windows nt domain" in the "client for microsoft networks" dialog.
If the home directory is moved to nt server it will successfully attach
during logon.bat.
I have exhausted all options I know about.

Thanks in advance for any insight you might give.

Excerpts from Failure log:
At log level 5
[2004/06/22 16:19:12, 3] smbd/reply.c:reply_sesssetup_and_X(1070)
  No such user gpalmer [] – using guest account
.
.
.
[2004/06/22 16:19:13, 3] smbd/service.c:find_service(140)
  checking for home directory gpalmer gave (NULL)
[2004/06/22 16:19:13, 3] smbd/service.c:find_service(209)
  find_service() failed to find service gpalmer
[2004/06/22 16:19:13, 0] smbd/service.c:make_connection(251)
  lga009027a6e884 (192.168.12.178) couldn’t find service gpalmer

at loglevel 0
[2004/06/23 08:59:49, 0] smbd/password.c:authorise_login(863)
  authorise_login: rejected invalid user nobody
[2004/06/23 09:04:10, 0] smbd/service.c:make_connection(251)
  lga009027a6e884 (192.168.12.178) couldn’t find service gpalmer

Samba version 2.2.8a
SMB.CONF
#*********************************************************************
#server naming
        server string = LGACHI01 – Chicago Main Server
        workgroup = LGANET
        netbios name = LGACHI01
        netbios aliases = LGAGLE04

#*********************************************************************
#authentication
        #PDC
        password server = LGAGLE02 LGAGLE03
        logon script = logon.bat
        encrypt passwords = yes
        password level = 8
        username level = 8
        #username map = /usr/local/samba/lbin/map.user
        smb passwd file = /usr/local/samba/lbin/smbpasswd
        security = domain
        domain master = no
        domain admin group = @root
        domain logons = no

#********************************************************************
* #WINS Browsing and naming
#wins server
        wins support = no
        lm announce = yes
        lm interval = 120
        preferred master = no
        remote browse sync = 192.168.201.0 192.168.201.255 192.168.201.1
        remote announce = 192.168.201.255/LGANET 192.168.12.255/LGANET
192.168.3
1.255/LGANET 192.168.51.255/LGANET
        local master = no
        os level = 0

#wins client
        name resolve order = wins bcast lmhosts host
        wins server = 192.168.12.28 192.168.201.1
        wins proxy = yes
        dns proxy = no
        browse list = yes

 #*********************************************************************
#IP Networking
        time server = yes
        socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192
SO_SNDBUF=819
2
        allow hosts = 192.168. 127.
        interfaces = 192.168.10.2/24 192.168.11.2/24 192.168.12.2/24
192.168.12.
101/24 192.168.12.104/24
        oplock break wait time = 100

#*********************************************************************
#printing
        print command = lpr -l -P’%p’ %s
        printing = lprng
        printcap name = /etc/printcap
        load printers = yes

#*********************************************************************
#log files
        log file = /var/log/samba/log.%m
        max log size = 50
        log level = 0
#*********************************************************************
#winbind
        #winbind separator = –
        winbind uid =10000-15000
        winbind gid =10000-15000
        winbind enum users = yes
        winbind enum groups = yes
        template homedir = /home/samba/data.user/%U
        template shell = /bin/bash

#*********************************************************************
#global share declarations
        browseable=yes
        writeable=yes
        public=yes
        printable=no
        map archive = yes
        map system = yes
        map hidden = yes
        force create mode = 0660
        force directory mode = 0770
        force group="LGANET\Domain Users"

#*********************************************************************
#Printer Shares
[printers]
        path = /var/spool/samba
        writeable = yes
        browseable = no
        comment = All Printers
        printable = yes
        public = no
        print command=lpr -l -P’%p’ %s

#*********************************************************************
# Un-comment the following to provide a specific roving profile share
# the default is to use the user’s home directory
[Profiles]
        path = /home/samba/data.user/%U/windows.profile
        browseable = no
        write list ="LGANET\"%U
        valid users="LGANET\"%U

[homes]
        comment = Home Directory for \\%D\%U (H:)
        path = /home/samba/data.user/%U
        #browseable = no
        write list ="LGANET\"%U
        read list="LGANET\"%U
        valid users="LGANET\"%U

–
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

hi,
  I am running with Samba 3.0.4 compiled under Solaris 9 using winbind to
authenticate against a W2K server running as a ADS DC. All appears to be
working OK
except …

According to my reading of the Samba docs I should be able to modify
the share permissions (share access controls) using the Computer Management
Console of a windows client (XP or 2000) whilst logged on as the domain
admin.

Alas this isn’t working for me and I am getting the following message:
"Unable to save permission changes. Access denied"

I would be grateful for any clues on how to get this aspect working.

        many thanks
                steve

The Information contained in this E-Mail and any subsequent correspondence
is private and is intended solely for the intended recipient(s).
For those other than the recipient any disclosure, copying, distribution,
or any action taken or omitted to be taken in reliance on such information
is prohibited and may be unlawful.

Emails and other electronic communication with QinetiQ may be monitored.
Calls to QinetiQ may be recorded for quality control,
regulatory and monitoring purposes.
—
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

I currently have a Redhat 9 server running Samba 3.0.4.  I need to move
the Samba data to a different server that I installed the Redhat
Enterprise 3.0, because Redhat Enterprise will not upgrade Redhat 9.
The problem is that Redhat Enterprise 3.0 comes with samba-3.0.2-6.3E
which I assume that this version based of 3.0.2 with the printer and
security patches.  The problem is I do not think I can down grade to
3.0.2 since I am at 3.0.4 is this correct?  If I upgrade the Redhat
Enterprise 3.0 to samba 3.0.4 can I use a Redhat 9 RPM or Fedora RPM or
would I be better off to build my own?  

Thanks
-Glenn
—
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Hi,

How to prompt to change default password the first time user login to
the domain?

Regards,
ro0ot

–
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

I am trying to figure out the best approach to authenticating the Linux
Boxes on my network against active Directory V2 (Windows 2003)

The domain is in mixed mode.

I want to essentially setup the boxes so that I can use unified logins and
SSO (Single Sign on) in linux.

Thanks -J

–
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Hi,

  my dmain users have started using linux boxes using there windows user
names and passwords.

now the only problem is that they cannot change there password from linux
 boxes.

niit158VM login : linwin/irfan
password:
Last login" Thu Jun 24 11:29:05 on tty1
-bash-2.05b$ passwd
Changing password for user LINWIN/irfan
passwd: Authentication token manipulation error
-bash-2.05b$

so how do i enable password changing as well from Linux boes too.

Sahibzada Junaid Noor
Ph#(+92) (051) 5950 940
Cell#(+92) (0333) 5223586
Qazi plaza,Third Floor,Commerical Market,
Chaklala Scheme 3,
Rawalpindi
Islamic Republic of Pakistan

–
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Should I have to upgrade the version of LDAP that came with Red Hat
Enterprise 3.0?  The version I have is openldap-2.0.27-11.  

Thanks
-Glenn
—
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Roger,

This issue may be created by the absence of the /etc/samba directory .  I
had the same issue and did the following:

cd /etc

mkdir samba

to recreate the samba directory, the error went away.

John

–
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

What exactly does the POSIX locking option do?

I know what it does NOT do: flock() the files a Windows machine has
locked. When for example a file is locked on server side (Linux,  I
tried all three Debian samba releases from stable, testing and
unstable), notepad on Windows still opens it. If it however is locked by
a Windows application on another computer, notepad refuses.

Does "posix locking" perhaps map SMB locks to something else than
flock()?

–
A pumpkin, an eggplant and a tomato are on a truck.
What will fall on a sharp curve?
–> Gur fcrrq.
                                             >> http://www.ccc-offenbach.org <<
—
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba