Hello, I have couple questions regarding Samba. 1. In the smb.conf, what does "security = DOMAIN" mean? 2. I would like to samba into the firewall so that people can't connect through TCP/IP. What port (tcp or udp) does samba use? 3. How can I prompt user for entering login name instead of using Win95 login name for Win95 users? That's all for now. Thanks for your help. Alex
Hi all,
I am rather new to Samba, and I have a few questions at the moment, perhaps
someone can throw some light on these matters.
My Samba version is 2.0.7, running on FreeBSD version 4.2-Stable, clients
are Win95. The Samba machine has two Nic's, one in the 172.20 network, one
in the 172.22 network, no routing.
thanks very much in advance
Jeroen Heijungs
Het Muziektheater, Amsterdam
-----
First question is about the Socket options in SMB.CONF, Sambe is always
complaining about these:
* If I do set the following options in smb.conf, then I get the errors as
listed when a workstation logs in
socket options = TCP_NODELAY SO_KEEPALIVE
[2001/03/08 09:14:07, 0, effective(0, 0), real(0, 0)]
lib/util_sock.c:set_socket_options(154)
Failed to set socket option SO_KEEPALIVE (Error Bad file descriptor)
[2001/03/08 09:14:07, 0, effective(0, 0), real(0, 0)]
lib/util_sock.c:set_socket_options(154)
Failed to set socket option TCP_NODELAY (Error Bad file descriptor)
* If I do NOT set the socket options in smb.conf, then I get exactly the
same errors when a workstation logs in
[2001/03/08 09:25:25, 0, effective(0, 0), real(0, 0)]
lib/util_sock.c:set_socket_options(154)
Failed to set socket option SO_KEEPALIVE (Error Bad file descriptor)
[2001/03/08 09:25:25, 0, effective(0, 0), real(0, 0)]
lib/util_sock.c:set_socket_options(154)
Failed to set socket option TCP_NODELAY (Error Bad file descriptor)
Why is this, have I done something wrong, or missed something?, and how
important is it exactly?
-----
Second question is about Samba not really responding as I would expect,
when there is a long time between logons (a few hours, it is a test
environment) you get an error message: (sorry the actuel message in in
Dutch, so I do not know if the translation is correct) "The supplied Domain
password is not correct, or the loginserver has enied access". I can try
this a few times and always the same message, so I cannot log in. When I
cancel the login, and afterwards do a login again everything works fine. I
do not change anything on the client or the server in between.
Samba does write something in the logfiles (again socket's ??):
[2001/03/08 09:42:02, 0, effective(0, 0), real(0, 0)]
lib/util_sock.c:write_socket_data(543)
write_socket_data: write failure. Error = Broken pipe
[2001/03/08 09:42:02, 0, effective(0, 0), real(0, 0)]
lib/util_sock.c:write_socket(569)
write_socket: Error writing 4 bytes to socket 6: ERRNO = Broken pipe
[2001/03/08 09:42:02, 0, effective(0, 0), real(0, 0)]
lib/util_sock.c:send_smb(757)
Error writing 4 bytes to client. -1. Exiting
-----
Third question also about advertising, but I am not sure how much of a
problem this is. In the log files I see a lot of messages like the following:
[2001/03/08 09:25:25, 1, effective(0, 0), real(0, 0)]
lib/util_sock.c:client_name(1010)
Gethostbyaddr failed for 172.20.3.26
Is this really a problem or a sympton of something wrong?
I don't have WINS turned on, and do not use LMHOSTS.
-----
my SMB.CONF
[global]
workgroup = LICHT
netbios name = LICHTSERVER
server string = TEST %L (Samba %v)
domain logons = Yes
name resolve order = bcast lmhosts host wins
logon script = smblogin.bat
interfaces = 172.22.1.1/16 172.20.1.14/16
socket options = TCP_NODELAY SO_KEEPALIVE
security = user
min password length = 5
unix password sync = Yes
username map = /usr/local/etc/smbusers.map
hosts allow = 172.22. 172.20.1.12 172.20.3.26
log file = /var/log/log.%m
max log size = 1024
debug uid = Yes
log level = 1
load printers = No
[Lichtdata]
path = /usr/export/samba/Lichtdata
force group = usergroup
write list = @usergroup
[netlogon]
path = /usr/export/samba/netlogon
write list = myuserid
[Install]
path = /usr/export/samba/Install
write list = myuserid
read list = @usergroup
I have downloaded and compiled Samba 2.2.4. The Samba server is used
to access DFS space, so it was configured with DCE authentication. It
seems to work on for the most part. However we have seen the following
behavior:
When opening a directory with a large number of files, it spawns
additional smbd processes for the mapped share, which utilize a good
percentage of the CPU. My windows workstation hangs for a while, and I
get multiple Windows Msgs that read: "An error occurred while
reconnecting Z to <share> - Microsoft Windows Network: the local device
name is already in use - This connection has not been restored".
The smbd processes remain at the top of the execution queue (I use
"monitor" to view system execution queue).
I used Windows Explorer to map the share and to display directory
contents. This crashed when I closed the Window Msg.
Are there any configuration parameters I could use to prevent this?
Any help would be greatly appreciated.
Jaime A Cifuentes
IBM GS - SSD AIX/UNIX Sys Supp
1. In the smb.conf file what do the following statements accomplish? security mask = -1 directory security mask = -1 force directory security mode = -1 2. How do you work around a user who tries to login to his share and gets a domain slapped in front of the user name. example user name is jjones but when he tries to map a drive the ID shows as AAADOMAIN\jjones
On Wed, 9 Apr 2003, Dick Hill wrote:> 1. In the smb.conf file what do the following statements accomplish? > security mask = -1 > directory security mask = -1 > force directory security mode = -1Please refer to the man page for smb.con for an explanation of what the parameters do. More to the point, how did the values get set to -1?> 2. How do you work around a user who tries to login to his share and > gets a domain slapped in front of the user name. example user name is > jjones but when he tries to map a drive the ID shows as > AAADOMAIN\jjonesBecause that is how MS Windows clients see a user on a remote machine. This is NOT done by samba. I see you are in Utah. If you want direct local help call me on (801) 495-2107. - John T. -- John H Terpstra Email: jht@samba.org
Sorry for the bad subject line. But this is a collection of a few questions. We are basically a linux place, and are forced to support many windows clients. I have started using samba as a PDC a couple of weeks ago, to manage all our WinXP clients. So far, the experience is wonderful, and I am learning a lot about how Windows actually works. Thanks for the wonderful product. Especially the automatic printer driver dowloading bit. That said: 1. Since it is going to be a PDC I use "security = user" in the smb.conf. Then when I added printer shares, I realised that browsing into the "Printers and Faxes" was real slow almost a minute. Then I created netbios alias, called PRINT and set that to use "security = share", and made sure that only the PRINT netbios name exports the printers. Then the browsing into the printers share was much faster. Why is it so slow when I use it under the main PDC? 2. My main smb.conf has only a couple of lines, and includes three other smb.conf files (one for each netbios name it is posing as). When I use testparms utility and point it to the smb.conf, I see that it seems to ignore the include directives. Is there any way to tell testparms that here is the smb.conf file and I am interested in the final output for the PRINT netbios name, or something like that. 3. The profile directory for each user is inside their home share. I read some where that this is actually a bad idea, since windows keeps peoples home shares mounted or something like that. I would like to know more details. 3. This is related to roaming profiles. I have decided that I dont like the idea of windows downloading the contents of My Documents everytime they login and keep a local copy of it. However, I do need to support roaming profiles. So I thought of using roaming profiles and redirect each users MyDocuments to where ever they want on their unix home directory (login script reads a .windowsrc - ini style file and sets the appropriate registry keys). However, windows is trying to synchoronize the MyDocument with the local copy and making it available offline. I just cannot allow this as people's home directories are huge (100+ MB). So is there a way I can tell windows, dont do offline files, or sychronizing with MyDocuments, and redirect MyDocuments to a network share. So if the machine looses network, they loose access to MyDocuments. 4. We are exploring the possibility of mounting user home directories in Linux over SAMBA instead of NFS. I seem to getting some bad permissions when I SMB mounted my home directory (which is NFS mounted, but SAMBA exports it as a share) in Linux. Basically I have a shell script, with the execute bit turned off, i.e. it has permission rw-------. When I mount it using smbmount (PDC\username) the same file has permissions rwxr-xr-x and I was ablt run the script. But in the NFS mounted version, it gave me an error (since the execute bit was not set). So, is there anything which can be done about it. I understand, that if I were to mount it under windows, it would work correctly, and the problem is bcos of converting a unix file system to SMB and back to unix. 5. Is it possible to set a share configuration based on the OS which is attempting to mount it. So, in the previous problem, I could say.... "If Windows is mounting it, then the share should have the XXX options set, If Linux is mounting it, then options YYY set, if MacOSX then ZZZ ..." or even finer (i.e. Win95...) granularity. 6. Since samba doesn't have a machine startup script option (not user logon script), the only way I figured to do that, is to set up a local startup script on each machine, which mounts a network share and executes the real startup script. Ofcourse, I run into the "SYSTEM account cannot access network" problem. Should I tinker with the registry and allow NullSessionPipes, and make my system less secure, or is there any other way around it. Somebody suggested "net use \\PDC\IPC$ /USER:validuser validpassword" in the startup script before mounting the network share. Or can I do it using Group Policies using samba? Thats a loot of questions. I am still wrapping my head around the power of samba. - Murali
Is there any way, one can "ssh" into a running windows XP machine and get a text terminal. Infact, even if I can "ssh" into a windows machine and run a network script, it is fine with me. But the current user of the machine, should not be affected in any way (except possibly performance slow down). The "runas" commands do work, so the Secondary Logon service is available, and I have disable Fast user switching as well. - Murali
At 19:37 17.05.2003, Murali krishnan Ganapathy wrote:>Is there any way, one can "ssh" into a running windows XP machine >and get a text terminal.Yes, you can. Have a look at: http://lexa.mckenna.edu/sshwindows/>Infact, even if I can "ssh" into a windows >machine and run a network script, it is fine with me. But the current >user of the machine, should not be affected in any way (except possibly >performance slow down). The "runas" commands do work, so the Secondary >Logon service is available, and I have disable Fast user switching as >well. > >- Murali > >-- >To unsubscribe from this list go to the following URL and read the >instructions: http://lists.samba.org/mailman/listinfo/sambaBis denn dann, Carsten ------------------------------------------------ e-mail: carsten@sgcr.net www: www.sgcr.net mobil: +49-173-2137083 fax: +49-6403-96187 ------------------------------------------------
Hi, Samba GRUs, Does anybody know the issue of Samba 2.2.8a and Win2K + SP3? 1. My Samba server is configured under user mode. 2. Access the share by a valid user 3. When I right click on a file -> Choose Prosperities -> Security -> Add, it asks me to input a username and password to browse the user/group list, it didn't happen when I use Win2k + SP2? Has anybody experienced this? Any reasons or solution? Thank you in advance. more