similar to: Duplicate winbind uid/gid

In the process of migrating file storage from NT to Samba servers, I am running into the following problem. I need a way to allow members of the group specified by file perms to change permissions on the file or dir. Here is the scenario: dir & files are owned by user (id 10634 in this case) group ownership is the nt group "domain admins" (id 10000) drwxrwx--- 4 10634

Are there plans to support logon time restrictions in Samba, or is it somehow supported already? We are using an NT4 PDC, and would like the samba servers to disconnect users outside of their logon times. Also, is there any way to allow one to change file ownership via samba? I have not found any way to do this. We would like domain admins to have this ability so that we can maintain file

I'm trying to work out an upgrade path for upgrading our 2.2.8a servers to 3.x, and have run into the following problem. (surely someone has documented this?!) Freshly loaded Mandrake 9.2 server using XFS with ACL support. Samba 3.0.2a compiled with: --with-winbind --with-acl-support --with-quotas The stock 2.2.8a Mandrake RPMS were installed and tested first. Then the binaries from

We have a samba 3.0.22 server which acts as file storage for our mail system (Mercury/32 & Pegasus Mail), serving about 600 users, with a typical load of 150 concurrent users. We have been seeing an increase in stability problems such as: 1. shared win32 executable files become "locked" to the point where the win2k client reports the file is corrupt, or access is denied. Clients

I have just upgraded two of our samba boxes to 2.2.8 and ended up with partially broken winbind after the upgrade. The machines are slightly different, and so are the symptoms, so here goes: System 1: Was at 2.2.3 compiled from source Feb4/02, using options: "./configure --with-winbind --with-acl-support --with-quotas". Running on RedHat 7.2, installed from SGI's XFS installer

On 11 Aug 2005 at 14:40, samba@lists.samba.org wrote: > Way back on Mar 10 2004, I wrote this: > > ========== > Perhaps this is a known problem, and if so, hopefully it is fixed > in 3.x: > > Win2K SP4 clients, Samba 2.2.8a servers on Linux using ACL > support with > XFS filesystem (Redhat SGI-XFS build, and Mandrake 9.2). > > Adding/editing an ACL for

I'm building 3.0.14a on Mandrake 10.2, trying to use the same config as my other servers (3.0.11), but ACLs are not working. In checking the outout of smbd -b, I see this line is missing: System Headers: HAVE_SYS_ACL_H .... But I am specifying ./configure --with-acl-support ... Adding an acl using 'setfacl -m 'NTDOMAIN+NTUSER' file does successfully add an ACL for the NT

I'm sure there is a simple solution to this one... how do I make the printers share go away? I have no printers, and no [printers] section. I tried adding one, and making it browseable=no, but it still appears. This is on v 3.0.11 and 3.0.14a -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Shawn Wright, I.T. Manager Shawnigan Lake School http://www.sls.bc.ca swright@sls.bc.ca

A problem has arisen with the way samba handles file creation dates compared to NT/win2k, which prevents xcopy /d from working correctly. On NT/Win2k, files copied from another NT machine using xcopy end up with the modified dates equal to the original modified date of the file, and the created and accessed dates become the date of the xcopy operation. On Samba, files copied from an NT

We have recently switched providers, and have been re-assigned a network in the 72.0.0.0 block, which was released last year. We are finding a significant number of sites that are filtering traffic from the 70/71/72 networks due to them being previously reserved. Trying to change this is like pushing a rope. So we are considering trying to NAT our outgoing proxy, incoming web, and mail

Sorry if this is somewhat offtopic, but I''m interested in knowing how many on the list either manage or have dealt with networks in the following address blocks that have been recently assigned by ARIN: 58.0.0.0/24 59.0.0.0/24 69.0.0.0/24 through 72.0.0.0/24 82.0.0.0/24 through 88.0.0.0/24 We have recently changed ISPs and ended up with an address block in the 72.x space, which is

Has anyone tried setting up shorewall/netfilter with an alternative logging process, such as multilog? Is this even possible? If this would be better asked on the netfilter list, just let me know. Just wondering... -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Shawn Wright, I.T. Manager Shawnigan Lake School http://www.sls.bc.ca swright@sls.bc.ca

Our problems with the attempted upgrade to 2.2.8 continue. On a production machine running 2.2.3, I backed out of the 2.2.8 upgrade due to winbind strangeness reported in earlier post. Things *appeared* normal, until this morning, when I noticed that an 'ls -l' no longer shows domain usernames, and a 'chacl -l' also no longer shows names, only winbind ids. Furthermore,

Perhaps this is a known problem, and if so, hopefully it is fixed in 3.x: Win2K SP4 clients, Samba 2.2.8a servers on Linux using ACL support with XFS filesystem (Redhat SGI-XFS build, and Mandrake 9.2). Adding/editing an ACL for an NT domain group to a folder on samba, and attempting to apply permissions to all subdirs and files only goes one level deep when using the win2k standard gui tool.

In the panic of replacing our firewall(s) earlier in the week, we ended up moving our original shorewall 1.4 config onto a machine with 2.0.10 already installed, overwriting all the 2.0.10 config files. Most things seem to work fine, except for our masq entries. I''ve examined the default 2.0.10 files compared with our 1.4 files, and can''t spot the problem. What am I missing?

It''s now been over a week, and we are nearly at wits end trying to track down our performance issues here. We now have a P3/667 (single CPU! SMP was definitely the source of previous lockups) with 256Mb RAM. It is running along with a load avg of less than 0.1 even at peak times. Max ip_conntrack is around 1500-2000. Sounds fine, but, we have also tried 3 different squid proxies (2

Sorry for the frantic nature of this message, but we need to allow pings on our firewall so our ISP can test things. I''ve done this, and it still doesn''t work: (I am now at v.2.0.10) rules: AllowPing net fw AllowPing sls fw show indicates some matches, so where are they? Chain AllowPing (4 references) pkts bytes target prot opt in out source

We are seeing the following in our logs: Nov 25 16:21:41 fw kernel: martian source 139.142.66.253 from 10.0.0.199, on dev eth0 Nov 25 16:21:41 fw kernel: ll header: 00:a0:c9:60:0e:b2:00:02:7e:21:0e:dc:08:00 00:a0:c9:60:0e:b2 is the mac of our firewall interface on IP 139.142.66.253. 00:02:7e:21:0e:dc is the mac of our Cisco router on IP 10.0.0.1 10.0.0.199 is a Cisco switch - we have about

Has anyone encountered a situation where packets dropped by the newnotsyn chain can result in sporadic browsing problems, slowness, and even timeouts? I noticed that of the 3300 hits for newnotsyn in our current log (6 hours worth), over 2700 of them were to/from our proxy servers. And browsing through them, most *appear* to be otherwise valid packets from remote web servers that would have

I''m re-reading the section on dns names in the shorewall docs: "I personally recommend strongly against using DNS names in Shorewall configuration files. If you use DNS names and you are called out of bed at 2:00AM because Shorewall won''t start as a result of DNS problems then don''t say that you were not forewarned." Having been stung by this a few times