[Samba] cannot add a linux as member to a PDC with linux
I had some linux boxes running Samba 3.5,3.6 x32 in my Domain running Samba 3.5.x, all are Centos 5.x. My current boxes doesn't have issue, I can browse all of them in the network without issue. Just my PDC is x64, the other are x32. I manage all my servers with LDAP, my servers can contact ldap and get users, groups without issue. Now, I try to add a new server running Centos 5 but x64 arch, I follow my instructions to add this machine to my domain, setup ldap, authentification is working I can query groups and users from LDAP, setup samba and try to run the net join -S MYPDC -U DomainAdmin But the command return: cannot join as standalone machine My config is this one: [global] workgroup = MYDOMAIN server string = x64 Server netbios name = my-server64 hosts allow = 192.168. 127. hosts deny = 0.0.0.0 smb ports = 139 445 # passwd backend encrypt passwords = yes #enable privileges = yes password server = MYPDCHOSTNAME # security = DOMAIN # Log options log level = 1 log file = /var/log/samba/%m.log max log size = 500 syslog = 1 # Name resolution #name resolve order = wins bcast hosts lmhost # misc time server = No socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 use sendfile = yes # Dos-Attribute Map to Guest = Bad User # printers - configured to use CUPS and automatically load them load printers = No printcap name = # printing = cups options = show add printer wizard = No idmap config * : backend = ldap idmap config * : range = 1-2 # logon options logon script = logon path = logon path = logon home = logon drive = # setting up as domain controller username map = /etc/samba/smbusers preferred master = No wins support = No wins server = 192.168.2.24 winbind nested groups = Yes winbind trusted domains only = No winbind use default domain = Yes winbind separator = + domain logons = No domain master = No local master = No unix charset = UTF-8 case sensitive = No dns proxy = No write cache size = 65536 Some one could point me my issue? I can query ldap for users, not using winbind. My other server is equal but x32. LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] idmap migration settings.
Hi. I had note the changes in samba 3.6.x, I have a DOMAIN with Samba 3.5.x, I have 3 servers and I start updating my OS Centos to the latest 5.9, there I note this changes. Now I have search around the globe for the doc that show us how to make the changes. But is only in maillist or forums. What I understand is this: idmap uid idmap gid idmap range === In my smb,conf I don't have this settings but I understand that is this value: 1-2 right? Are replace by: idmap config * : range idmap config * : backend Now, how my setup will have to be? idmap config * : ldap idmap config * : 1-2 Now I have other warning that samba 3.5.x won't complain about: WARNING: The setting 'security=domain' should NOT be combined with the 'password server' parameter. What problem with this one? Thanks for your time. -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Centos 6.3 smbldap-tools installation issue
On Mon, Aug 27, 2012 at 8:31 AM, Alex Domoradov alex@gmail.com wrote: Hi. I got a fresh installation of centos 6.3 x64, I want to setup a PDC with samba+ldap and see what I need to upgrade my centos 5.x servers. I follow my manual, but I got issues went I want to install smbldap-tools, check: Processing Dependency: perl(Unicode::MapUTF8) for package: smbldap-tools-0.9.5-2.el6.rf.noarch -- Finished Dependency Resolution Error: Package: smbldap-tools-0.9.5-2.el6.rf.noarch (rpmforge) Requires: perl(Unicode::MapUTF8) You could try using --skip-broken to work around the problem You could try running: rpm -Va --nofiles --nodigest I'm using rpmforge repo. Does someone here knows how to fix this issue? 0.9.5 it's too old. Try to use from EPEL # yum info smbldap-tools Available Packages Name: smbldap-tools Arch: noarch Version : 0.9.6 Release : 3.el6 Size: 309 k Repo: epel Summary : User and group administration tools for Samba/OpenLDAP URL : http://gna.org/projects/smbldap-tools/ License : GPLv2+ Description : In conjunction with OpenLDAP and Samba-LDAP servers, this collection is useful : to add, modify and delete users and groups, and to change Unix and Samba : passwords. In those contexts they replace the system tools to manage users, : groups and passwords. And you can also directly install from off site # yum install perl-Crypt-SmbHash perl-Digest-SHA perl-LDAP # rpm -ivh http://download.gna.org/smbldap-tools/packages/el6/smbldap-tools-0.9.8-1.el6.noarch.rpm Thanks Alex, looks that one was installed good, thanks again!!! -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Centos 6.3 smbldap-tools installation issue.
Hi. I got a fresh installation of centos 6.3 x64, I want to setup a PDC with samba+ldap and see what I need to upgrade my centos 5.x servers. I follow my manual, but I got issues went I want to install smbldap-tools, check: Processing Dependency: perl(Unicode::MapUTF8) for package: smbldap-tools-0.9.5-2.el6.rf.noarch -- Finished Dependency Resolution Error: Package: smbldap-tools-0.9.5-2.el6.rf.noarch (rpmforge) Requires: perl(Unicode::MapUTF8) You could try using --skip-broken to work around the problem You could try running: rpm -Va --nofiles --nodigest I'm using rpmforge repo. Does someone here knows how to fix this issue? Using: rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm Thanks!!! -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba PDC: Admin tools?
Guys. I have use smbldap-tools to handle my accounts for my PDC with samba+openldap. Now, I ask here because a lot of people have PDC running on their networks, what tools do u use to manage your openldap db for samba: users, machines, groups? Working with Centos 6.x. Any input will be appreciated, thanks!!! -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Question about the difference samba3x and samba 3.x
On Wed, Jul 25, 2012 at 7:39 AM, Anthony Boccia aboc...@afilias.info wrote: Hello All, I haven been having issues joining my windows 7 client to a samba 3.5.10-125 PDC. I have been doing some reading online and have found some pages that suggest that samba3x plays better with windows 7. The PDC OS is RHEL and i am using RHEL 6 upstream packages for samba. My question is, does this theory of samba3x being windows 7 friendly over samba 3.x hold true? Also, what is the difference between samba3x and samba 3.x. Thank You -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Hi. What U can tello u is that I have a samba 3.5.10-0.109.el5_8 as PDC+LDAP and I have follow the instructions for win7 and have success with Win7-Pro x32 x64, win 2008 x32 x64, this is Centos 5.8. On centos samba 3x is the new one that support this new OS from Redmont. Hope u read the samba+win7 doc? See u latter!!! -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Upgrade samba 3.0.x to 3.5.x crash Authentication: LDAP
Hi guys I have strange case. One network is based on Samba 3.0.x + LDAP PDC. Centos 5.8 i386. This server have the mail: dovecot-ldap+postfix. Everything is working good, my clients are Windows XP Pro, roaming profiles, etc. I have receive my first Win7 machine and I need to update samba to samba3x(3.5.x). What I understand is that samba is not related to ldap-centos auth nss_ldap right? I can have this services without samba and no problem right? Well I decide to make the upgrade, first backup my current settings(/etc/samba, /etc/smbldap-tools/, /var/cache/samba). I test this in laboratory but didn't install nothing else, just samba+ldap and the update from 3.0.x to 3.5.x works. Once I prepare my server, I remove samba 3.0.x, delete everything related to samba. Install samba3x, build smbldap-tools for support to samba3.5.x. Setup my smb.conf. Setup my smbldap-tools etc. Restart ldap ok service smb start ok service nmb start ok service winbind start ok Check my clients and everything was working... Latter I test again, shutdown samba services and restart ldap... Ldap start no issue... smb service refuse to start nmb ok winbind ok Not starting smb services clock my server ldap authentication, I cannot access: I cannot access over ssh using keys my email clients cannot login I cannot send or receive emails.. Dovecot logs say that he cannot authenticated users... samba log(smbd.log) don't show to me iffo about what he refuse to start... I restart my server and the same issue, smb service refuse to start. I'm thinking, why samba is affecting my authtentication...? why he refuse to start...? in the console I can query for users and no problem. Why samba affect auth...? I increase the debug level and don't see nothing wrong... check: smbd.log [2012/06/27 19:44:00.277583, 3] param/loadparm.c:9180(lp_load_ex) lp_load_ex: refreshing parameters Initialising global parameters rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) [2012/06/27 19:44:00.277731, 3] ../lib/util/params.c:550(pm_process) params.c:pm_process() - Processing configuration file /etc/samba/smb.conf [2012/06/27 19:44:00.277767, 3] param/loadparm.c:7864(do_section) Processing section [global] doing parameter workgroup = midomain doing parameter server string = PDC Domain doing parameter netbios name = PDC-SRV [2012/06/27 19:44:00.277838, 4] param/loadparm.c:7226(handle_netbios_name) handle_netbios_name: set global_myname to: PDC-SRV doing parameter hosts allow = 192.168.1. 192.168.2. 127. doing parameter interfaces = eth0 lo0 doing parameter smb ports = 139 445 doing parameter security = user doing parameter encrypt passwords = yes doing parameter passdb backend = ldapsam:ldap://127.0.0.1/ doing parameter enable privileges = yes doing parameter pam password change = Yes doing parameter passwd program = /usr/bin/passwd %u doing parameter passwd chat = *New*UNIX*password* %nn *ReType*new*UNIX*password* %nn * passwd:*all*authentication*tokens*updated*successfully* doing parameter unix password sync = Yes doing parameter log level = 10 [2012/06/27 19:44:00.278084, 5] lib/debug.c:405(debug_dump_status) INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 acls: False/0 locking: False/0 msdfs: False/0 dmapi: False/0 registry: False/0 doing parameter log file = /var/log/samba/%m.log doing parameter max log size = 2048 doing parameter syslog = 1 doing parameter name resolve order = wins bcast hosts lmhost doing parameter time server = No doing parameter socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 doing parameter use sendfile = yes doing parameter map hidden = No doing parameter map system = No doing parameter map archive = No doing parameter map read only = No doing parameter store dos attributes = Yes doing parameter Map to Guest = Bad User doing parameter load printers = No doing parameter printcap name = doing parameter cups options = doing parameter show add printer wizard = No doing parameter add user script = /usr/sbin/smbldap-useradd -m %u doing parameter delete user script = /usr/sbin/smbldap-userdel %u doing parameter add group script = /usr/sbin/smbldap-groupadd -p %g doing parameter delete group script = /usr/sbin/smbldap-groupdel %g doing parameter add user to group script = /usr/sbin/smbldap-groupmod -m %u %g doing parameter delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g doing parameter set primary group script = /usr/sbin/smbldap-usermod -g %g %u doing parameter add machine script = /usr/sbin/smbldap-useradd -w %u doing parameter ldap ssl = off doing parameter ldap passwd sync =
[Samba] Restore tdbbackup files?
Hi Samba 3.5.10 centos 5.x. I can backup with tdbbackup, read samba doc but haven't found how to restore them? Any info will appreciated, thanks!!! -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] PDC How to change workstation setting?
Will be easy, but I don't want to install something that I normally don't use to just change 1 field. But appreciated your input thanks!!! On Mon, May 28, 2012 at 1:37 PM, John Drescher dresche...@gmail.com wrote: Got it, I will give a try, thanks!!! One easy way to do that is Ldap account manager. http://www.ldap-account-manager.org/lamcms/changelog John -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] PDC How to change workstation setting?
On Mon, May 28, 2012 at 2:07 AM, Andrew Bartlett abart...@samba.org wrote: On Sun, 2012-05-27 at 21:15 -0700, Alberto Moreno wrote: Maybe I wasn't clear. In a NT4 domain, u have a option to setup on which machines a user can login, this way u can know that a X user can only use his own computer. Once u migrate NT4 to SAMBA-LDAP, that setting goes to Workstation field. check this: pdbedit -L -v -u user1 smbldap_search_domain_info: Searching for:[((objectClass=sambaDomain)(sambaDomainName=X))] smbldap_open_connection: connection opened ldap_connect_system: successful connection to the LDAP server init_sam_from_ldap: Entry found for user: itello Unix username: user1 NT username: user1 Account Flags: [U ] User SID: XXX Primary Group SID: XXX Full Name: One User Home Directory: HomeDir Drive: O: Logon Script: /sbin/nologin Profile Path: Domain: XXX Account desc: kITCHEN Workstations: MACHINE-X = Munged dial: Logon time: Tue, 04 Jan 2011 07:08:28 PST Logoff time: never Kickoff time: never Password last set: Sat, 26 May 2012 13:07:23 PDT Password can change: Sat, 26 May 2012 13:07:23 PDT Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FF As u can see the field Workstations it means that this user can only login on this machine on this domain. How can I change that field? If you are using LDAP, the easy option might be to change it directly in LDAP - just remove the ldap attribute. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Got it, I will give a try, thanks!!! -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] PDC How to change workstation setting?
Hi people. I migrate some PDC NT4 to samba 3.3.x, some users have info the Workstations parameter, I need to remove that info, because they cannot login on any other machine, I have read the pdbedit, smbldap-usermod but wont't where I can do that. Any info will be appreciated, thanks!!! -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] PDC How to change workstation setting?
Maybe I wasn't clear. In a NT4 domain, u have a option to setup on which machines a user can login, this way u can know that a X user can only use his own computer. Once u migrate NT4 to SAMBA-LDAP, that setting goes to Workstation field. check this: pdbedit -L -v -u user1 smbldap_search_domain_info: Searching for:[((objectClass=sambaDomain)(sambaDomainName=X))] smbldap_open_connection: connection opened ldap_connect_system: successful connection to the LDAP server init_sam_from_ldap: Entry found for user: itello Unix username:user1 NT username: user1 Account Flags:[U ] User SID: XXX Primary Group SID:XXX Full Name:One User Home Directory: HomeDir Drive:O: Logon Script: /sbin/nologin Profile Path: Domain: XXX Account desc:kITCHEN Workstations: MACHINE-X = Munged dial: Logon time: Tue, 04 Jan 2011 07:08:28 PST Logoff time: never Kickoff time: never Password last set:Sat, 26 May 2012 13:07:23 PDT Password can change: Sat, 26 May 2012 13:07:23 PDT Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FF As u can see the field Workstations it means that this user can only login on this machine on this domain. How can I change that field? Thanks!!! On Sun, May 27, 2012 at 4:41 PM, Dewayne Geraghty dewayne.gerag...@heuristicsystems.com.au wrote: If you're asking where on the PC, its in Control Panel- System - Computer Name - Change button. This will help you to connect to the samba domain; but there is a lot more that you'll need. Also I'd recommend going to the samba 3.6 series, as there are configuration changes that you'll need to make from samba 3.3 to the more recent stream. Unfortunately you'll need to be clearer on what your problem is. Regards, Dewayne. -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] domain member server smb won't start
Hi. I had been reading about how to join a samba server to my current PDC running samba+ldap. My PDC have a BDC and they are working, I want to add another samba server and be a domain member server. The docs off samba had open my mind about the technical stuff but I still cannot make this thing works. My OS is Centos 5.6 PDC Samba Version 3.5.4-0.83.el5_7.2 My domain member is centos to 5.7 Version 3.5.4-0.83.el5_7.2 The old book say: http://www.samba.org/samba/docs/man/Samba-Guide/unixclients.html step 1: This is my smb.conf from domain member server: [global] workgroup = MYDOMAIN server string = Develop Server netbios name = mbx-devel hosts allow = 192.168.2. 127. interfaces = eth0 lo0 bind interfaces only = Yes hosts deny = 0.0.0.0 remote announce = 192.168.2.255 lanman auth = Yes client lanman auth = Yes security = DOMAIN # passwd backend encrypt passwords = yes passdb backend = ldapsam:ldap://192.168.2.24/ ldap://192.168.2.25/; enable privileges = yes pam password change= Yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %nn *ReType*new*UNIX*password* %nn * passwd:*all*authentication*tokens*updated*successfully* unix password sync = Yes password server = 192.168.2.24 # Log options log level = 10 log file = /var/log/samba/%m.log max log size = 500 syslog = 1 # Name resolution name resolve order = wins bcast hosts lmhost # misc time server = No socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 use sendfile = yes # Dos-Attribute map hidden = No map system = No map archive = No map read only = No store dos attributes = Yes Map to Guest = Bad User # printers - configured to use CUPS and automatically load them load printers = No printcap name = # printing = cups options = show add printer wizard = No # LDAP-iConfiguration ldap ssl = off ldap passwd sync = Yes ldap suffix = dc=mydomain,dc=local ldap machine suffix = ou=Computers ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap admin dn = cn=Manager,dc=mydomain,dc=local idmap backend = ldap:ldap://192.168.2.24 ldap://192.168.2.25 idmap uid = 1-2 idmap gid = 1-2 # logon options logon script = logon path = logon path = logon home = logon drive = username map = /etc/samba/smbuser preferred master = No wins support = No wins server = 192.168.2.24 winbind nested groups = Yes winbind trusted domains only = Yes winbind use default domain = Yes winbind separator = + ea support = Yes domain logons = No domain master = No local master = No map acl inherit = Yes unix charset = UTF8 case sensitive = No Step 2: Now, the manual say that we need to setup nss_ldap, nsswitch: /etc/nsswitch.conf passwd: files ldap shadow: files ldap group: files ldap #hosts: db files nisplus nis dns hosts: files dns wins # Example - obey only what nisplus tells us... #services: nisplus [NOTFOUND=return] files #networks: nisplus [NOTFOUND=return] files #protocols: nisplus [NOTFOUND=return] files #rpc:nisplus [NOTFOUND=return] files #ethers: nisplus [NOTFOUND=return] files #netmasks: nisplus [NOTFOUND=return] files bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files rpc:files services: files netgroup: files publickey: nisplus automount: files aliases:files nisplus Latter ldap client. /etc/ldap.conf host 192.168.2.24 192.168.2.25 # The distinguished name of the search base. base dc=mydomain,dc=local ldap_version 3 binddn cn=Manager,dc=mueblex,dc=local bindpw MYPASSWD port 389 timelimit 120 bind_timelimit 120 bind_policy soft idle_timelimit 3600 pam_password md5 nss_base_passwd ou=Users,dc=mydomain,dc=local?one nss_base_shadow ou=Users,dc=mydomain,dc=local?one nss_base_group ou=Groups,dc=mydomain,dc=local?one nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm ssl off /etc/openldap/ldap HOST192.1689.2.24 192.168.2.25 URI ldap://192.168.2.24 ldap://192.168.2.25 BASEdc=mydomain,dc=local Test: getent passwd getent group works. From here, the doc start speaking about slapcat, which is a tool from openldap-server: The LDAP directory must have a container object for IDMAP data. There are several ways you can check that your LDAP database is able to receive IDMAP information. One of the simplest is to execute: My client(domain member
Re: [Samba] BDC Server Settings Doubts?
On Mon, Jan 31, 2011 at 4:55 AM, TAKAHASHI Motonobu mo...@monyo.com wrote: 2011/1/31 Alberto Moreno ports...@gmail.com: (snip) As u can see, both serves exist on different subnets,I want to save bandwidth,this is the reason I setup a BDC in my other network, now, what are the correct settings for the network browser for my BDC: preferred master = No (Just the PDC) wins server = 192.168.40.2 (PDC IP) wins support = No (Just the PDC=yes) domain logons = Yes domain master = No (This just for the PDC) local master = Yes ?? This are right for my BDC?, every time I setup a BDC on different subnet do I have to use local master = Yes? or this wouldn't make any difference? Samba 3.3.x Centos 5.5. If you want to setup your BDC same as Windows BDC, you should set: preferred master = Yes domain master = No (This just for the PDC) local master = Yes At least one (local) master browser should exist in each subnet. In Microsoft implementation (one of ) BDC should become master browser unless PDC exists in the same subnet. Remember that Samba cannot become a backup browser, so if you have multiple BDCs and PDC in the same subnet, only one should be set: preferred master = Yes You had better read documentation about browsing. --- TAKAHASHI Motonobu mo...@samba.gr.jp I get the point. Thanks for your tips reply!!! -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] BDC Server Settings Doubts?
Hi people. I have finally my PDC+BDC running with LDAP+replicaon different subnets. My doubts are simple, I want to understand a little more about BDC. My network is this: Domaine Name=DOMA Networks:NET-A 192.168.40.0/24 NET-B 192.168.50.0/24 PDC=192.168.40.2 BDC=192.168.50.2 wins server = PDC As u can see, both serves exist on different subnets,I want to save bandwidth,this is the reason I setup a BDC in my other network, now, what are the correct settings for the network browser for my BDC: preferred master = No (Just the PDC) wins server = 192.168.40.2 (PDC IP) wins support = No (Just the PDC=yes) domain logons = Yes domain master = No (This just for the PDC) local master = Yes ?? This are right for my BDC?, every time I setup a BDC on different subnet do I have to use local master = Yes? or this wouldn't make any difference? Samba 3.3.x Centos 5.5. Thanks!!! -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7/Samba unable to log in via name, works by IP
On Wed, Jan 26, 2011 at 8:21 AM, Berni Elbourn be...@elbournb.fsnet.co.uk wrote: On 25/01/11 20:58, Jay Coleman wrote: So far, we've tried: smb ports = 139 changing windows 7 Network security settings (LAN Manager authentication level and Minimum session security) added the auth lines to the smb.conf valid users = %S Try this: http://wiki.samba.org/index.php/Windows7 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba I had follow the wiki about windows 7 settings and never have issue with samba 3.3.x on Centos 5.5 with LDAP. My smb.conf is this one: workgroup = MYDOMAIN server string = PDC Domain netbios name = MYDOMAINPDC hosts allow = 192.168.2. 192.168.1. 127. interfaces = eth0 lo bind interfaces only = Yes hosts deny = 0.0.0.0 smb ports = 139 445 remote announce = 192.168.2.255 # windows 98 clients. #lanman auth = Yes # client lanman auth = Yes # passwd backend encrypt passwords = yes passdb backend = ldapsam:ldap://127.0.0.1/ enable privileges = yes pam password change= Yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %nn *ReType*new*UNIX*password* %nn * passwd:*all*authentication*tokens*updated*successfully* unix password sync = Yes # Log options log level = 1 log file = /var/log/samba/%m.log max log size = 500 syslog = 1 # Name resolution name resolve order = wins bcast hosts lmhost # misc timeserver = No socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 use sendfile = yes # Dos-Attribute map hidden = No map system = No map archive = No map read only = No store dos attributes = Yes Map to Guest = Bad User # printers - configured to use CUPS and automatically load them load printers = No printcap name = # printing = cups options = show add printer wizard = No add user script = /usr/sbin/smbldap-useradd -m %u delete user script = /usr/sbin/smbldap-userdel %u add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u add machine script = /usr/sbin/smbldap-useradd -w %u # LDAP-iConfiguration #ldap delete dn = Yes ldap ssl = off ldap passwd sync = Yes ldap suffix = dc=mydomain,dc=local ldap machine suffix = ou=Computers ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap admin dn = cn=Manager,dc=mydomain,dc=local idmap backend = ldap:ldap://127.0.0.1 idmap uid = 1-2 idmap gid = 1-2 # logon options logon script = logon path = logon path = logon home = logon drive = # setting up as domain controller username map = /etc/samba/usermap preferred master = Yes wins support = Yes # for bdc's # wins server = 192.168.2.10 winbind nested groups = Yes ea support = Yes domain logons = Yes domain master = Yes local master = Yes map acl inherit = Yes unix charset = UTF8 case sensitive = No About your IP settings, looks likes u are using other wins server, who is: WINS_SERVER, in my case this server is the wins server for my domain, If I remember the manual say that if setup a PDC, your better use it as Wins server and try to avoid using other wins servers. The other serves even if they are fighting to be the master browsers, if u windows 7 machine has your PDC as wins server he wouldn't contact the other servers. The win2k8/2k are AD right? If they are, win7 haven't been add to those domains right? Once your wins servers is running, your clients must be able u ping by name. In my case, my dhcp assign the wins ip and done. Hope this help u!!! -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problems with a trust relation between samba and samba different subnet
Hi, well once u try lot and no good result is time to ask. My friends I want to make to domains running samba+ldap to share resources, I want to create a trust relation in two directions. Both domains have wins enable but are on different subnet. Domain Name: DOM1Netbios Name = DOM1PDC 192.168.50.0/24 Domain Name: DOM2Netbios Name = DOM2PDC 192.168.40.0/24 Both networks are separate, each one with his own switch, a FW is what help me they can communicate. OS: Centos 5.5 Samba 3.3.x. First, I follow the instructions from the bible of samba and say that I need to create the Interdomain account on each network: smbldap-useradd -a -i DOMAIN-NAME Done. smbldap-usershow I have the I flag on each account. I have enable the ports in my fw to communicate both domainsm done. Now went I run the command: net rpc trustdom establish DOM1 on PDC DOM2 I got the error net rpc trustdom establish DOM1 running on PDC DOM2 [2011/01/21 07:17:16, 0] libsmb/namequery.c:internal_resolve_name(1609) resolve_name: unknown name switch type lmhost [2011/01/21 07:17:16, 0] utils/net_rpc.c:rpc_trustdom_establish(5565) Couldn't find domain controller for domain DOM1 Some search pages point me that in this case I need to setup the file lmhosts to make this happen because no service is helping my PDC to reach the other end, I read the MS KB where it say how to setup a LMHOSTS and have this on my PDC DOM2: 127.0.0.1 localhost 192.168.50.3 DOM1 \0x1b #PRE 192.168.50.3 DOM1PDC #PRE #DOM:DOM1 on DOM1 I have 192.168.40.3 DOM2 \0x1b #PRE 192.168.40.3 DOM2PDC #PRE #DOM:DOM2 In samba smb.conf I have: hosts allow = 192.168.40. 192.168.50. 127. name resolve order = wins hosts bcast lmhost nsswitch have the line: hosts: files wins dns I try again and in DOM1 PDC: net rpc trustdom establish DOM2 [2011/01/21 07:22:13, 0] libsmb/namequery.c:internal_resolve_name(1609) resolve_name: unknown name switch type lmhost [2011/01/21 07:22:13, 0] utils/net_rpc.c:rpc_trustdom_establish(5565) Couldn't find domain controller for domain DOM2 There is something I forget to setup or what I'm doing wrong, hope some could give some tips and point my errors, I will appreciated, thanks!!! -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problems with a trust relation between samba and sambadifferent subnet
On Fri, Jan 21, 2011 at 10:46 AM, t...@tms3.com wrote: My friends I want to make to domains running samba+ldap to share resources, I want to create a trust relation in two directions. Both domains have wins enable but are on different subnet. MUST use the same WINS server for trusts to work. Why have two domains? Domain Name: DOM1 Netbios Name = DOM1PDC 192.168.50.0/24 Domain Name: DOM2 Netbios Name = DOM2PDC 192.168.40.0/24 Both networks are separate, each one with his own switch, a FW is what help me they can communicate. OS: Centos 5.5 Samba 3.3.x. First, I follow the instructions from the bible of samba and say that I need to create the Interdomain account on each network: smbldap-useradd -a -i DOMAIN-NAME Done. smbldap-usershow I have the I flag on each account. I have enable the ports in my fw to communicate both domainsm done. Now went I run the command: net rpc trustdom establish DOM1 on PDC DOM2 I got the error net rpc trustdom establish DOM1 running on PDC DOM2 [2011/01/21 07:17:16, 0] libsmb/namequery.c:internal_resolve_name(1609) resolve_name: unknown name switch type lmhost [2011/01/21 07:17:16, 0] utils/net_rpc.c:rpc_trustdom_establish(5565) Couldn't find domain controller for domain DOM1 Some search pages point me that in this case I need to setup the file lmhosts to make this happen because no service is helping my PDC to reach the other end, I read the MS KB where it say how to setup a LMHOSTS and have this on my PDC DOM2: 127.0.0.1 localhost 192.168.50.3 DOM1 \0x1b #PRE 192.168.50.3 DOM1PDC #PRE #DOM:DOM1 on DOM1 I have 192.168.40.3 DOM2 \0x1b #PRE 192.168.40.3 DOM2PDC #PRE #DOM:DOM2 In samba smb.conf I have: hosts allow = 192.168.40. 192.168.50. 127. name resolve order = wins hosts bcast lmhost nsswitch have the line: hosts: files wins dns I try again and in DOM1 PDC: net rpc trustdom establish DOM2 [2011/01/21 07:22:13, 0] libsmb/namequery.c:internal_resolve_name(1609) resolve_name: unknown name switch type lmhost [2011/01/21 07:22:13, 0] utils/net_rpc.c:rpc_trustdom_establish(5565) Couldn't find domain controller for domain DOM2 There is something I forget to setup or what I'm doing wrong, hope some could give some tips and point my errors, I will appreciated, thanks!!! -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Two domains. Well this is a test systems. But my current production system are separate by a P2P link. What u recommend? Location A -- PDC Wins Server Location B -- BDC ? Them, u say 1 wins to rule them all I have to work with this. Thanks!!! -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problems with a trust relation between samba andsambadifferent subnet
On Fri, Jan 21, 2011 at 3:20 PM, t...@tms3.com wrote: Two domains. Well this is a test systems. But my current production system are separate by a P2P link. What u recommend? Location A -- PDC Wins Server +LDAP server Location B -- BDC +LDAP server smb.conf to point to local ldap servers. ? Them, u say 1 wins to rule them all I have to work with this. Thanks!!! -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba U suggest to build a PDC+Ldap and the other end BDC+Ldap and setup the replica of ldap right? The only issue is that, we already have 2 domains, I need to delete one and just work with one, but what about the SID of the clients that will lose there PDC, this will be a issue, because I will have to add them to the domain again right? I'm correct? This thread is giving me a lot of tips to try :-), thanks guys!!! -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] smbldap-tools and phpldapadmin
On Mon, Jan 17, 2011 at 4:38 AM, Dimitri Yioulos dyiou...@firstbhph.com wrote: On Saturday 15 January 2011 4:26:03 pm William Brown wrote: If I enter the command smbldap-useradd -a -m -M juser -g Domain Users -G Domain Admins -G Administrators -c Joe User juser (beginning and ending parens for clarity), I do indeed create the type of user I'm trying to create. And, that user appears in the list of users in PhpLdapAdmin. However, if I create the same type of user using the PhpLdapAdmin Samba3 Account template, the user doesn't have the same attributes as the ones created via smbldap-useradd. Yes, there are schema extensions in samba's ldap admin tool that extend the posix account. You can convert an existing user iirc with that command, since the posix password hash is irrerversible. Also pay attention you MUST use the smbpasswod tool to change passwords, else the userPassword and smbPassword feilds will de-sync. I could probably create a bash script that invokes smbldap-useradd for my users to use to create accounts, but they're CLI-phobic, so I really want to get PhpLdapAdmin to do this. How can I accomplish this PhpLdapAdmin/smbldap-useradd integration? I'm really not a programmer, so messing with the PhpLdapAdmin xml files is daunting to me if, in fact, this is how it's done. I've looked through all of the config files associated with the PDC set-up, but simply don't see anything in them that would do the trick. sorry, but edit the templates. Look here http://phpldapadmin.sourceforge.net/wiki/index. php/Templates Also, create a user in ldap, and one in smb, then compare the differences. Some of the fields are autogenerated as well iirc, You can likely cheat with the value tag, to call php, that calls your smb script. Something like valuesystem(smbldap-useradd -a -m -M uid ) might do it (you will need to substitute in values like i did with uid ) If anyone has accomplished this, I would greatly appreciate your help! Thanks. Dimitri -- Thank you both for your responses. I was afraid I'd hear, sorry, but edit the templates. Now, I know the old saw about, If you give a man a fish ... , but if someone has already created such a template, and is willing to share it, I'd be extremely grateful. It's not laziness, it's lack of skill in this area. Thanks. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Hi guys. What I can add to this thread is that, for your safe. 1) Don't use samba 3.0.x, doesn't support windows 7, if someone came with a machine like, your are doom. Use samba 3x is ready to be use as PDC and support windows 7, windows 2008, etc. 2) The only issue is that u have to setup smbldap-tools by hand because doesn't have support for samba 3x, but is to easy, I can help u. 3) I try phpldapadmin but I prefer Mandriva MDS, is the same, ajax interface to openldap, I prefer this one is very clean and stable. I can help u setup this one to. Migrate from samba 3.0.x to samba 3.x is not a issue, you just have to upgrade samba, review your settings, maybe some are on on samba 3.0.x and off on samba3x is what I have seen in my deployments. My two cents!!! -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] trust relation between 2 networks firewall issues!!!
Hi. I have 2 separate networks. Net-A 192.168.50.0/24 Net-B 172.16.2.0/16 I have 1 Samba PDC+LDAP on each site. I want to create a trust relation between both networks, what ports do I have to open in my fw to make this works? thanks!!! Centos 5.5 Samba 3x. -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Domain trust between a Samba PDC domain and W2K AD domain
On Thu, Aug 5, 2010 at 7:23 AM, Gaiseric Vandal gaiseric.van...@gmail.com wrote: He is correct that the Windows 2003 native shd be able to trust an NT4 domain (which is what Samba pretends to be.) AD domain in Windows mixed mode supports NT4 domain members- which is not what you are trying to do anyway. But it suggested to me that when the AD domain moves to native mode it either tightens up some authentication protocols in such a way that don't play nice with older version of Samba. Of course, there could have been some weird issue with my environment that I couldn't isolate. If you really were setting up a domain trust between NT4 PDC and an Windows 2003 PDC, the NT4 PDC would think it was talking to another NT4 PDC. Samba , even tho it is providing the function of an NT4 PDC, looks like it will detect that the other domain is an Active Directory domain. Things like DNS name lookup (which wasn't so much of an issue for primitive OS's like NT4 or Windows 95) are a lot more important. (Active directory clients use DNS to locate AD LDAP and Kerberos servers.) It will probably make your life simpler if you use your Active Directory server as the main DNS and WINS server for the network. You may also want to update the krb5.conf file on your samba server to have information info on the AD kerberos domain. That may help samba locate the the DC for the AD domain. Also, pretty sure you need to keep NBT (netbios over tcp ) enable on your Windows AD server- which should be the default option. Windows XP (and later) AD clients don't need NBT to talk to an AD server so it is possible your AD admin turned it off. I also found that the samba documentation was not as complete or current as I would like. On 08/05/2010 09:18 AM, Marc Rechté wrote: Hello Gaiseric, Thank you for your answer. My last experience in Windows server was on NT, therefore my knowledge on AD is rather limited. I however work with an AD admin who may answer to some questions. He said the server with which the relation has to be set is in a 2003 level forest with a 2003 R2 schema. He also made a reference to MS KB http://support.microsoft.com/kb/325874/ on establishing a trust relation between an NT server and 2003 server and this document does not explicitly state the Windows server must be set in mixed mode. I checked both the Samba3 Official guide and Samba 3 how-to guides but it seems both of them are stuck to 3.0 version. Is there some more updated information regarding domains and AD interoperability in Samba ? Many thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Hi people. I'm working on a trust relation between Samba 3.3.X and Windows 2003 AD mixed mode. I have read the doc about this but for some reason wont work, my PDC+LDAP is working but I still cannot make this 2 servers share users. Could u please give me the process u use to create the relation between win2k3(in/out) and samba? I will appreciated, thanks!!! -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Trust Relation between win2k3 and samba 3.3.x Printers doubts?
Hi people. Well I have finally migrate my NT4 db to samba 3.3.x running on Centos 5.5. My doubt is this, I have 2 domains, 1 running NT4 2nd win2k3 AD, I have a trust relation between NT4 and win2k3, the printers are on my 2k3 server, samba replace my NT4 domain. Before if someone from NT4 need it to use a printer they need to access and connect the printer they need from win2k3. I didn't had(if I remember) to setup any rights in the printer sharing settings to be available for the users that are part of the NT4 domain. Now, I was testing this with samba3.3, what I see is that, if someone from the samba domain need to use the printers from the win2k3 domain, I need to add the user to the Permissions and security settings, other way they cannot use those printers. This is the normal behaviour or there is something I didn't setup right? Thanks all for your time happy new year!!! -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] windows 7 unable to join domain
On Mon, Jun 14, 2010 at 6:11 PM, t...@tms3.com wrote: SNIP I'm currently running Samba3x-3.3.8-0.51 on CentOS 5.5. I currently have many Windows XP clients associated with the domain and behaving correctly. However, I am unable to join a Windows 7 PC. I receive The specified network name is no longer available. I've verified that DNS is configured correctly, and as stated XP machines have no problem joining. http://wiki.samba.org/index.php/Windows7 There's a reg file that comes with the source code. Not sure about binary packages. Cheers, SNIP -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Like tms3 told u, we have to make some changes to the register before we join ms 7 to the domain, I already did and works, no issue. Another thing I see in your smb.conf: security = DOMAIN. In my little knowledge about samba, if u have a PDC it must say: security = user. Went u add a BDC it must say: security = DOMAIN. In domain security mode, the Samba server has a machine account (domain security trust account) and causes all authentication requests to be passed through to the domain controllers. The Samba server is made into a domain member server by using the following directives in smb.conf. security = domain Last thing, smbldap-tools using the base repo from Centos 5.5 depend on Samba-3.0.x, u must build your own rpm to work with samba3x. My two cents. -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] windows 7 unable to join domain
On Tue, Jun 15, 2010 at 9:57 AM, t...@tms3.com wrote: On Tuesday 15/06/2010 at 9:17 am, Alberto Moreno wrote: On Mon, Jun 14, 2010 at 11:45 PM, t...@tms3.com wrote: --- Original message --- Subject: Re: [Samba] windows 7 unable to join domain From: Alberto Moreno ports...@gmail.com To: samba@lists.samba.org Date: Monday, 14/06/2010 11:03 PM On Mon, Jun 14, 2010 at 6:11 PM, t...@tms3.com wrote: SNIP I'm currently running Samba3x-3.3.8-0.51 on CentOS 5.5. I currently have many Windows XP clients associated with the domain and behaving correctly. However, I am unable to join a Windows 7 PC. I receive The specified network name is no longer available. I've verified that DNS is configured correctly, and as stated XP machines have no problem joining. http://wiki.samba.org/index.php/Windows7 There's a reg file that comes with the source code. Not sure about binary packages. Cheers, SNIP -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Like tms3 told u, we have to make some changes to the register before we join ms 7 to the domain, I already did and works, no issue. Another thing I see in your smb.conf: security = DOMAIN. In my little knowledge about samba, if u have a PDC it must say: security = user. Went u add a BDC it must say: security = DOMAIN. I disagree on the last point. Security = user is default, so no entry necessary. For PDC I use: os level = 64 preferred master = Yes domain logons =Yes domain master = Yes For BDC I use (if on separate nodes) �� os level = 64 preferred master = Yes domain logons =Yes domain master = no If on same node os level = 60 preferred master = Auto domain logons =Yes domain master = no In domain security mode, the Samba server has a machine account (domain security trust account) and causes all authentication requests to be passed through to the domain controllers. The Samba server is made into a domain member server by using the following directives in smb.conf. security = domain Hi. I point this because on his smb.conf file he us using security=domain, by default like u say is =user. Oh, not trying to be a snit, just that if you use sec=domain then the BDC will call the PDC for authing. It will work, it's just that it kinda (IMHO) makes the BDC sorta useless. And over WAN links wastes bandwidth. Cheers, Thanks!!! Last thing, smbldap-tools using the base repo from Centos 5.5 depend on Samba-3.0.x, u must build your own rpm to work with samba3x. My two cents. -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba No problem my friend, we are here to learn, thanks for sharing. -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] windows 7 unable to join domain
On Tue, Jun 15, 2010 at 10:40 AM, Alberto Moreno ports...@gmail.com wrote: On Tue, Jun 15, 2010 at 9:57 AM, t...@tms3.com wrote: On Tuesday 15/06/2010 at 9:17 am, Alberto Moreno wrote: On Mon, Jun 14, 2010 at 11:45 PM, t...@tms3.com wrote: --- Original message --- Subject: Re: [Samba] windows 7 unable to join domain From: Alberto Moreno ports...@gmail.com To: samba@lists.samba.org Date: Monday, 14/06/2010 11:03 PM On Mon, Jun 14, 2010 at 6:11 PM, t...@tms3.com wrote: SNIP I'm currently running Samba3x-3.3.8-0.51 on CentOS 5.5. I currently have many Windows XP clients associated with the domain and behaving correctly. However, I am unable to join a Windows 7 PC. I receive The specified network name is no longer available. I've verified that DNS is configured correctly, and as stated XP machines have no problem joining. http://wiki.samba.org/index.php/Windows7 There's a reg file that comes with the source code. Not sure about binary packages. Cheers, SNIP -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Like tms3 told u, we have to make some changes to the register before we join ms 7 to the domain, I already did and works, no issue. Another thing I see in your smb.conf: security = DOMAIN. In my little knowledge about samba, if u have a PDC it must say: security = user. Went u add a BDC it must say: security = DOMAIN. I disagree on the last point. Security = user is default, so no entry necessary. For PDC I use: os level = 64 preferred master = Yes domain logons =Yes domain master = Yes For BDC I use (if on separate nodes) �� os level = 64 preferred master = Yes domain logons =Yes domain master = no If on same node os level = 60 preferred master = Auto domain logons =Yes domain master = no In domain security mode, the Samba server has a machine account (domain security trust account) and causes all authentication requests to be passed through to the domain controllers. The Samba server is made into a domain member server by using the following directives in smb.conf. security = domain Hi. I point this because on his smb.conf file he us using security=domain, by default like u say is =user. Oh, not trying to be a snit, just that if you use sec=domain then the BDC will call the PDC for authing. It will work, it's just that it kinda (IMHO) makes the BDC sorta useless. And over WAN links wastes bandwidth. Cheers, Thanks!!! Last thing, smbldap-tools using the base repo from Centos 5.5 depend on Samba-3.0.x, u must build your own rpm to work with samba3x. My two cents. -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba No problem my friend, we are here to learn, thanks for sharing. -- LIving the dream... U say that u already have some XP clients on your domain, which meant that works. U are trying to add a Windows 7 capable of being able to be part of a Domain, like Ultimate Edition or compatible right? not a Home Edition. U are using ldap on centos, which is working? Because u have XP clients inside the domain, they can see the PDC of your domain? Could u please give us the output of testparm+testparm of your PDC. Thanks!!! -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] windows 7 unable to join domain
= copy = include = preexec = preexec close = No postexec = root preexec = root preexec close = No root postexec = available = Yes volume = fstype = NTFS set directory = No wide links = Yes follow symlinks = Yes dont descend = magic script = magic output = delete readonly = No dos filemode = No dos filetimes = Yes dos filetime resolution = No fake directory create times = No vfs objects = msdfs root = No msdfs proxy = [homes] comment = Home Directories valid users = %S read only = No browseable = No [netlogon] comment = Network Logon Service path = /home/netlogon guest ok = Yes [profiles] comment = Network Profiles Share path = /data/profiles read only = No create mask = 0600 directory mask = 0700 hide files = /desktop.ini/outlook*.lnk/*Briefcase*/ store dos attributes = Yes browseable = No [public] path = /data/public valid users = @Domain Users read only = No create mask = 0755 guest ok = Yes [former.employees] path = /data/former.employees valid users = @Domain Users read only = No create mask = 0755 guest ok = Yes [temp] path = /data/temp valid users = @Domain Users read only = No create mask = 0755 guest ok = Yes [joadmin] comment = Jo Admin path = /data/jo-admin valid users = joxxx write list = @domain users read only = No create mask = 0775 directory mask = 0775 [labs] comment = Labs Data path = /data/labs valid users = @Domain Users write list = @Domain Users read only = No create mask = 0775 directory mask = 0770 guest ok = Yes [business] comment = Business Docs path = /data/Business valid users = @Business Users read only = No create mask = 0775 directory mask = 0775 On Tue, Jun 15, 2010 at 12:52 PM, Alberto Moreno ports...@gmail.com wrote: On Tue, Jun 15, 2010 at 10:40 AM, Alberto Moreno ports...@gmail.com wrote: On Tue, Jun 15, 2010 at 9:57 AM, t...@tms3.com wrote: On Tuesday 15/06/2010 at 9:17 am, Alberto Moreno wrote: On Mon, Jun 14, 2010 at 11:45 PM, t...@tms3.com wrote: --- Original message --- Subject: Re: [Samba] windows 7 unable to join domain From: Alberto Moreno ports...@gmail.com To: samba@lists.samba.org Date: Monday, 14/06/2010 11:03 PM On Mon, Jun 14, 2010 at 6:11 PM, t...@tms3.com wrote: SNIP I'm currently running Samba3x-3.3.8-0.51 on CentOS 5.5. I currently have many Windows XP clients associated with the domain and behaving correctly. However, I am unable to join a Windows 7 PC. I receive The specified network name is no longer available. I've verified that DNS is configured correctly, and as stated XP machines have no problem joining. http://wiki.samba.org/index.php/Windows7 There's a reg file that comes with the source code. Not sure about binary packages. Cheers, SNIP -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Like tms3 told u, we have to make some changes to the register before we join ms 7 to the domain, I already did and works, no issue. Another thing I see in your smb.conf: security = DOMAIN. In my little knowledge about samba, if u have a PDC it must say: security = user. Went u add a BDC it must say: security = DOMAIN. I disagree on the last point. Security = user is default, so no entry necessary. For PDC I use: os level = 64 preferred master = Yes domain logons =Yes domain master = Yes For BDC I use (if on separate nodes) �� os level = 64 preferred master = Yes domain logons =Yes domain master = no If on same node os level = 60 preferred master = Auto domain logons =Yes domain master = no In domain security mode, the Samba server has a machine account (domain security trust account) and causes all authentication requests to be passed through to the domain controllers. The Samba server is made into a domain member server by using the following directives in smb.conf. security = domain Hi. I point this because on his smb.conf file he us using security=domain, by default like u say is =user. Oh, not trying to be a snit, just that if you use sec=domain then the BDC will call the PDC for authing. It will work, it's just that it kinda (IMHO) makes the BDC sorta useless. And over WAN links wastes bandwidth. Cheers, Thanks!!! Last thing, smbldap-tools using the base repo from Centos 5.5 depend on Samba-3.0.x, u must build your own rpm to work with samba3x. My two cents
Re: [Samba] Problems with ldap groups in share folders ACCESS_DENIED
On Sat, Jun 12, 2010 at 1:58 PM, Gaiseric Vandal gaiseric.van...@gmail.com wrote: On each machine I would try running net groupmap list net user info someuser -U Administrator That is to make sure that the group mappings for key groups (e.g. Domain Users) is setup to verify that users are in the groups you think that they are. You don't need group mappings for all your user groups (you will see warnings in logs about missing SID's) but for the well known groups and groups used in shares you will need mappings. I found that when I moved to samba 3.4.x that the ou=groups seemed to be ignored, and that the entire LDAP branch for the domain was searched for groups (I had had one ou for unix groups and one ou for group mappings.) The results was that access was broken if it required a user being in the domain users group, or domain users being in the local users groups on windows server. -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Alberto Moreno Sent: Friday, June 11, 2010 9:27 PM To: samba@lists.samba.org Subject: [Samba] Problems with ldap groups in share folders ACCESS_DENIED Hi I have been working all week with samba 3.4.7 in Centos 5.5 PDC(3.4.7) with LDAP backend+Centos 5.5(3.4.7) BDC with LDAP slave. I already have 5 clients join. 1 Windows XP 1 Windows 7 UE 1 Centos 5.5 Desktop 1 Ubuntu 9.x 1 Centos 5.5 I can browse inside windows and see my clients, access some shares. I want to create private shares inside my PDC, I use: force group valid users write list I create a group with smbldap-tools name :it, add 2 users: test1,test2. Centos PDC and others are enable to get users+groups from LDAP: id test1 id test1 uid=10001(test1) gid=513(Domain Users) groups=513(Domain Users),10001(it) getent passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news: uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:100:102:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin exim:x:93:93::/var/spool/exim:/sbin/nologin ldap:x:55:55:LDAP User:/var/lib/ldap:/bin/false pcap:x:77:77::/var/arpwatch:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin root:x:0:0:Netbios Domain Administrator:/home/root:/bin/false nobody:x:999:514:nobody:/dev/null:/bin/false rot:x:1004:513:System User:/home/rot:/sbin/nologin smbbdc$:*:1005:515:Computer:/dev/null:/bin/false pim-win7ue$:*:1006:515:Computer:/dev/null:/bin/false test1:x:10001:513:Test Test Uno:/home/test1:/sbin/nologin test2:x:10002:513:Test Test2:/home/test2:/bin/bash smbpdc$:*:1007:515:Computer:/dev/null:/bin/false pim-winxpa$:*:1008:515:Computer:/dev/null:/bin/false pim-ubuntu$:*:1009:515:Computer:/dev/null:/bin/false pim-centos1$:*:1010:515:Computer:/dev/null:/bin/false getent group root:x:0:root bin:x:1:root,bin,daemon daemon:x:2:root,bin,daemon sys:x:3:root,bin,adm adm:x:4:root,adm,daemon tty:x:5: disk:x:6:root lp:x:7:daemon,lp mem:x:8: kmem:x:9: wheel:x:10:root mail:x:12:mail,exim news:x:13:news uucp:x:14:uucp man:x:15: games:x:20: gopher:x:30: dip:x:40: ftp:x:50: lock:x:54: nobody:x:99: users:x:100: nscd:x:28: floppy:x:19: vcsa:x:69: utmp:x:22: utempter:x:35: slocate:x:21: audio:x:63: rpc:x:32: ecryptfs:x:101: sshd:x:74: dbus:x:81: avahi:x:70: haldaemon:x:68: avahi-autoipd:x:102: exim:x:93: ldap:x:55: screen:x:84: pcap:x:77: apache:x:48: Domain Admins:*:512:root Domain Users:*:513:test1 Domain Guests:*:514: Domain Computers:*:515: Administrators:*:544: Account Operators:*:548: Print Operators:*:550: Backup Operators:*:551: Replicators:*:552: it:*:10001:test1,test2ll I can add ldap groups to directories: total 2088 drwxrwx--- 5 root it 4096 Jun 8 19:32 it This is my smb.conf for this share: [sis] path = /opt/it available = Yes browseable = Yes read only = No guest ok = No writeable = Yes valid users = @it write list = @PIMPOM\it directory mode = 0770 I
[Samba] Fwd: Problems with ldap groups in share folders ACCESS_DENIED
On Mon, Jun 14, 2010 at 8:41 AM, Gaiseric Vandal gaiseric.van...@gmail.com wrote: On 06/14/2010 03:44 AM, Alberto Moreno wrote: On Sat, Jun 12, 2010 at 1:58 PM, Gaiseric Vandal gaiseric.van...@gmail.com wrote: On each machine I would try running net groupmap list net user info someuser -U Administrator That is to make sure that the group mappings for key groups (e.g. Domain Users) is setup to verify that users are in the groups you think that they are. You don't need group mappings for all your user groups (you will see warnings in logs about missing SID's) but for the well known groups and groups used in shares you will need mappings. I found that when I moved to samba 3.4.x that the ou=groups seemed to be ignored, and that the entire LDAP branch for the domain was searched for groups (I had had one ou for unix groups and one ou for group mappings.) The results was that access was broken if it required a user being in the domain users group, or domain users being in the local users groups on windows server. -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Alberto Moreno Sent: Friday, June 11, 2010 9:27 PM To: samba@lists.samba.org Subject: [Samba] Problems with ldap groups in share folders ACCESS_DENIED Hi I have been working all week with samba 3.4.7 in Centos 5.5 PDC(3.4.7) with LDAP backend+Centos 5.5(3.4.7) BDC with LDAP slave. I already have 5 clients join. 1 Windows XP 1 Windows 7 UE 1 Centos 5.5 Desktop 1 Ubuntu 9.x 1 Centos 5.5 I can browse inside windows and see my clients, access some shares. I want to create private shares inside my PDC, I use: force group valid users write list I create a group with smbldap-tools name :it, add 2 users: test1,test2. Centos PDC and others are enable to get users+groups from LDAP: id test1 id test1 uid=10001(test1) gid=513(Domain Users) groups=513(Domain Users),10001(it) getent passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news: uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:100:102:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin exim:x:93:93::/var/spool/exim:/sbin/nologin ldap:x:55:55:LDAP User:/var/lib/ldap:/bin/false pcap:x:77:77::/var/arpwatch:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin root:x:0:0:Netbios Domain Administrator:/home/root:/bin/false nobody:x:999:514:nobody:/dev/null:/bin/false rot:x:1004:513:System User:/home/rot:/sbin/nologin smbbdc$:*:1005:515:Computer:/dev/null:/bin/false pim-win7ue$:*:1006:515:Computer:/dev/null:/bin/false test1:x:10001:513:Test Test Uno:/home/test1:/sbin/nologin test2:x:10002:513:Test Test2:/home/test2:/bin/bash smbpdc$:*:1007:515:Computer:/dev/null:/bin/false pim-winxpa$:*:1008:515:Computer:/dev/null:/bin/false pim-ubuntu$:*:1009:515:Computer:/dev/null:/bin/false pim-centos1$:*:1010:515:Computer:/dev/null:/bin/false getent group root:x:0:root bin:x:1:root,bin,daemon daemon:x:2:root,bin,daemon sys:x:3:root,bin,adm adm:x:4:root,adm,daemon tty:x:5: disk:x:6:root lp:x:7:daemon,lp mem:x:8: kmem:x:9: wheel:x:10:root mail:x:12:mail,exim news:x:13:news uucp:x:14:uucp man:x:15: games:x:20: gopher:x:30: dip:x:40: ftp:x:50: lock:x:54: nobody:x:99: users:x:100: nscd:x:28: floppy:x:19: vcsa:x:69: utmp:x:22: utempter:x:35: slocate:x:21: audio:x:63: rpc:x:32: ecryptfs:x:101: sshd:x:74: dbus:x:81: avahi:x:70: haldaemon:x:68: avahi-autoipd:x:102: exim:x:93: ldap:x:55: screen:x:84: pcap:x:77: apache:x:48: Domain Admins:*:512:root Domain Users:*:513:test1 Domain Guests:*:514: Domain Computers:*:515: Administrators:*:544: Account Operators:*:548: Print Operators:*:550: Backup Operators:*:551: Replicators:*:552: it:*:10001:test1,test2ll I can add ldap groups to directories: total 2088 drwxrwx--- 5 root it 4096 Jun 8 19:32 it This is my smb.conf for this share: [sis] path = /opt/it available = Yes browseable = Yes read only
Re: [Samba] Fwd: Problems with ldap groups in share folders ACCESS_DENIED
On Mon, Jun 14, 2010 at 10:36 AM, Gaiseric Vandal gaiseric.van...@gmail.com wrote: I was thinking that will be more complicated. Hey what distro are u using? do already has this on production? Thanks!!! I am running Samba 3.4.8 on my PDC. Solaris 10 with Sun Directory Server as the LDAP backend for both Samba and Unix accounts. I use Apache Directory Studio to manage ldap entries. It is pretty easy to create, modify, import, export and delete ldap entries. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Thanks for your help my friend!!! -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Linux Desktop as Windows Machine Logon
Hi people. I would like to know if this is possible. Working with windows is easy to login, automatically add the user home folder and shares, easy. I would like to know, is this behavior could be setup in a Linux Desktop, I would like to setup this with Centos+Ubuntu desktops. Both machines running Desktop software, cannot authenticated against LDAP, I already setup ldap clients on both machines, by ssh I can access using my LDAP credentials, the LDAP servers is my PDC running samba+ldap and works. But wet I try to login with some user from LDAP to Desktop session it won't accept my user, I even setup inside each Gnome session the ldap settings. Could linux emulate a windows session? I have been googling but still don't find the answer, thanks!!! -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] UPDATE: group permissions broken after upgrade 3.2.5 - 3.4.8: deleting of files denied
On Mon, Jun 14, 2010 at 2:25 PM, Marc Schiffbauer m...@schiffbauer.net wrote: Update: I tested some other samba versions now: Samba 3.5.3 has the same problem, it does not work here but: Samba 3.3.12 works just fine as 3.2.5 did This error definitely depends on the samba version that is being used. I have no clue what might cause this... Anybody else? -Marc -- 8AAC 5F46 83B4 DB70 8317 3723 296C 6CCA 35A6 4134 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Hi. Looks like u just want to have a share where any user could do what ever she/he wants, I was thinking in add public =Yes guest ok = Yes Or if u have a issues: Create a group: mygroup. Public =No guest ok = No force group = @mygroup add all your users u need to that group, change the rights for the folder: chgrp -R mygroup /path/toyour/share chmod -R 774 /path/toyour/share reload samba, test!!! smbclient yoursamba\\yourshare -U username psw: My 2 cents. -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Linux Desktop as Windows Machine Logon
On Mon, Jun 14, 2010 at 2:40 PM, John Drescher dresche...@gmail.com wrote: On Mon, Jun 14, 2010 at 5:36 PM, Alberto Moreno ports...@gmail.com wrote: Hi people. I would like to know if this is possible. Working with windows is easy to login, automatically add the user home folder and shares, easy. I would like to know, is this behavior could be setup in a Linux Desktop, I would like to setup this with Centos+Ubuntu desktops. Both machines running Desktop software, cannot authenticated against LDAP, I already setup ldap clients on both machines, by ssh I can access using my LDAP credentials, the LDAP servers is my PDC running samba+ldap and works. But wet I try to login with some user from LDAP to Desktop session it won't accept my user, I even setup inside each Gnome session the ldap settings. Yes that works for me under gentoo. You need to however setup pam and nsswitch to use ldap. John Hi John. Thanks for your quick answer. Just to add, with Centos using authconfig-tui u setup your machine to authenticated vs ldap, it works, this change nsswitch.conf, after this u can use the users from ldap inside Centos. Just need to verify pam, thanks John. -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problems with ldap groups in share folders ACCESS_DENIED
Hi I have been working all week with samba 3.4.7 in Centos 5.5 PDC(3.4.7) with LDAP backend+Centos 5.5(3.4.7) BDC with LDAP slave. I already have 5 clients join. 1 Windows XP 1 Windows 7 UE 1 Centos 5.5 Desktop 1 Ubuntu 9.x 1 Centos 5.5 I can browse inside windows and see my clients, access some shares. I want to create private shares inside my PDC, I use: force group valid users write list I create a group with smbldap-tools name :it, add 2 users: test1,test2. Centos PDC and others are enable to get users+groups from LDAP: id test1 id test1 uid=10001(test1) gid=513(Domain Users) groups=513(Domain Users),10001(it) getent passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news: uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:100:102:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin exim:x:93:93::/var/spool/exim:/sbin/nologin ldap:x:55:55:LDAP User:/var/lib/ldap:/bin/false pcap:x:77:77::/var/arpwatch:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin root:x:0:0:Netbios Domain Administrator:/home/root:/bin/false nobody:x:999:514:nobody:/dev/null:/bin/false rot:x:1004:513:System User:/home/rot:/sbin/nologin smbbdc$:*:1005:515:Computer:/dev/null:/bin/false pim-win7ue$:*:1006:515:Computer:/dev/null:/bin/false test1:x:10001:513:Test Test Uno:/home/test1:/sbin/nologin test2:x:10002:513:Test Test2:/home/test2:/bin/bash smbpdc$:*:1007:515:Computer:/dev/null:/bin/false pim-winxpa$:*:1008:515:Computer:/dev/null:/bin/false pim-ubuntu$:*:1009:515:Computer:/dev/null:/bin/false pim-centos1$:*:1010:515:Computer:/dev/null:/bin/false getent group root:x:0:root bin:x:1:root,bin,daemon daemon:x:2:root,bin,daemon sys:x:3:root,bin,adm adm:x:4:root,adm,daemon tty:x:5: disk:x:6:root lp:x:7:daemon,lp mem:x:8: kmem:x:9: wheel:x:10:root mail:x:12:mail,exim news:x:13:news uucp:x:14:uucp man:x:15: games:x:20: gopher:x:30: dip:x:40: ftp:x:50: lock:x:54: nobody:x:99: users:x:100: nscd:x:28: floppy:x:19: vcsa:x:69: utmp:x:22: utempter:x:35: slocate:x:21: audio:x:63: rpc:x:32: ecryptfs:x:101: sshd:x:74: dbus:x:81: avahi:x:70: haldaemon:x:68: avahi-autoipd:x:102: exim:x:93: ldap:x:55: screen:x:84: pcap:x:77: apache:x:48: Domain Admins:*:512:root Domain Users:*:513:test1 Domain Guests:*:514: Domain Computers:*:515: Administrators:*:544: Account Operators:*:548: Print Operators:*:550: Backup Operators:*:551: Replicators:*:552: it:*:10001:test1,test2ll I can add ldap groups to directories: total 2088 drwxrwx--- 5 root it 4096 Jun 8 19:32 it This is my smb.conf for this share: [sis] path = /opt/it available = Yes browseable = Yes read only = No guest ok = No writeable = Yes valid users = @it write list = @PIMPOM\it directory mode = 0770 I have try: valid users: @it valid users = \it valid users = @PIMPOM\it the same for write list, combinations, etc and cannot make this happen. If I handle this by user it works, example: valid users = test1 write list = test1 I just need this small thing to work and done. log: [2010/06/08 19:52:04, 3] smbd/process.c:1273(switch_message) switch message SMBtconX (pid 11075) conn 0x0 [2010/06/08 19:52:04, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/06/08 19:52:04, 5] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/06/08 19:52:04, 5] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/06/08 19:52:04, 5] smbd/uid.c:368(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2010/06/08 19:52:04, 4] smbd/reply.c:680(reply_tcon_and_X) Client requested device type [?] for share [SIS] [2010/06/08 19:52:04, 5] smbd/service.c:1216(make_connection) making a connection to 'normal' service sistemas [2010/06/08 19:52:04, 3] lib/access.c:362(only_ipaddrs_in_list) only_ipaddrs_in_list: list has non-ip address (127.) [2010/06/08 19:52:04, 3] lib/access.c:396(check_access) check_access: hostnames in host allow/deny list.
[Samba] NT4 Migration Doubt?
Hi people. I'm in process to remove my last NT4 machine here at the company. I had read the migration process tested and looks like works. Now my box is going to run Centos 5.x with LDAP as backend. My only doubt is, once u run the migration tool (vampire) do samba need to have the same IP as the NT server? Is all my doubt, thanks!!! -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba+ldap two domains db sync?
Hi people. I have 2 domains running samba with ldap(Centos 5.x), I would like to know this. I would like to have the same DB in both sites, if I change the users just would like to do it 1 time. Is possible to sync both ldap servers every time I change something in ldap? or a better way to do it? Thanks!!! -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba+ldap two domains db sync?
Thanks people. I will read about synrepl and see how it works, thanks all of u for your tips!!! See u!!! On Mon, Jan 11, 2010 at 6:49 AM, Rob Shinn mor...@tuxedo.darktech.org wrote: Gaiseric Vandal wrote: I don't think one user in LDAP could be in two different domains- each user has to have a distinct SambaSID entry. Ooomph! *slaps forehead*. You're right. That's what I get for posting before I've had my coffeee. I stand by my original statement that OpenLDAP's syncrepl would work, though. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba with ldap + windows AD can work together?
Hi people. I have 2 domains right now: WinNT4 + Windows 2k3. A lot of u will say, why don't u just move everything to win2k3?.. well I prefer to work with linux/Unix. My question is this, I test the migration from NT4 to linux with ldap, it works and is not to difficult, my problem is this: All my printers are in the server running windows 2k3 my AD server, the NT4 users can access the resources from the win2k3 server without any issue, if I make the migration from NT4 to Linux, will my users lost the connection of the win2k3(AD) resources? Centos 5.4. Thanks!!! -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] How to backup my samba+ldap PDC?
Hi people. I have had been working in my first PDC with samba+ldap, is working in Centos 5.3. Now I have been searching about how to backup this installation, for samba, looks like I need to backup: /etc/samba Exist some else that I need to backup for samba? Now, I had not been able to find something about how to backup my ldap server. I just backup /etc/openldap and /var/lb/ldap Or in your experienced, how to backup this settings in case that would need to make a restore if something happend? I appreciate your time, thanks!!! P.S. The shares I know that are part of the backup, I'm locking info about how to backup samba+ldap settings for restore. -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba with ldap PDC cannot join my windows to domain?
On Thu, Aug 13, 2009 at 12:02 PM, Dale Schroederd...@briannassaladdressing.com wrote: Alberto Moreno wrote: Hello my friends. Looks like I had seen some light with this small issue. Normally wet u have a PDC in your network, with Winboxes, AD, NT4, u must have at least 1 Master Browser rigth? Well at home I have just 2 winboxes xp pro sp3, every time I setup a samba server, nomally I stop the computer browser services of my clients, in this case my 2 winboxes, this way samba could quickly became the master browser of my network. Like I told u before, one of my issues is that my domain name doesn't appear at my network, just the workgroup of the winboxes machines, every time I try to browse my networks with my winboxes, it took a while to answer or some times just stop working and finally, won't show me my samba domain. If I read the nmbd.log, it tells me that samba is the master browser... cool but is not happening. Last night I decide to enable one of my winboxes Computer Browser service and boom, I could browse my network and see my domain. This tell me that samba is having issues trying to handle the network browser, right now I could not add my box to the doman, but at least I could see my domain there. I follow the manuals Dale at work and no issue here, even that I have 2 domains running, but as soon as I start samba, it appears at my network. The issue is at home. Well If u have some tips guys about how to troubleshoot this I will appreciated. Thanks all for your help and time!!! To ensure that samba is the master browser against xp machines, I use [global] domain master = Yes os level = 65 announce version = 5.9 This has always worked for me. Dale Hi my friends. I got finally my test server working. What I did: 1) My server wasn't working as I describe to u. Them I decide to start from scratch. 2) Read about 4 how-to's(one of them was about ubuntu thanks Dale). I decide to start from scratch, because for some reason even that I delete the samba info (/var/cache/samba, /var/lib/ldap) and some other files we create each time we setup this, my windows xp machine could not reach my samba server and my server act very strange. Right the server is working, I could finally add my windows xp machine to the domain without any issue. I'm just continue learning more about samba. Thanks all for your help and time!!! -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba with ldap PDC cannot join my windows to domain?
Hi people. I have been working with samba+ldap = PDC in my test netwwork. I had follow the good tutorial: Samba By Example, chapter 5, I had done all the test the book say and no issues. I have 2 issues: 1; I cannot see my domain at my windows browser. 2; I cannot add my windows xp pro to my domain. I have been trying to see if I could find the solution but nothing yet, there is the reason I send this email. My server is Centos 5.3 latest one all the packages are the current from centos. Ldap looks that is working, because all my test from the book pass, and the same with samba. Went I try to add one Winbox to the domain I receive this: The following error occurred attempting to join the domain MyDomain The network path as not found My smb.conf is this: [global] dos charset = 850 unix charset = ISO8859-1 display charset = ISO8859-1 workgroup = RMAI netbios name = RMAIPDC server string = Samba Server on %L os level = 33 remote announce = 192.168.50.255 interfaces = eth0,lo bind interfaces only = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 allow hosts = 192.168.50.0/24 127.0.0.1 admin users = Manager @Domain Admins passdb backend = ldapsam:ldap://127.0.0.1 enable privileges = Yes username map = /etc/samba/smbusers log level = 6 syslog = 1 log file = /var/log/samba/%m.log max log size = 100 smb ports = 139 445 name resolve order = wins bcast hosts time server = No #printcap name = CUPS show add printer wizard = No add user script = /usr/sbin/smbldap-useradd -m %u delete user script = /usr/sbin/smbldap-userdel %u add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u add machine script = /usr/sbin/smbldap-useradd -w %u #logon script = scripts\logon.bat #logon path = \\%L\profiles\%U #logon drive = X: domain logons = Yes domain master = Yes preferred master = Yes wins support = Yes ##LDAP### ldap suffix = dc=rmai,dc=local ldap machine suffix = ou=Computers ldap user suffix = ou=People ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap admin dn = cn=Manager,dc=rmai,dc=local idmap backend = ldap:ldap://127.0.0.1 idmap uid = 1-2 idmap gid = 1-2 # map acl inherit = Yes cups options = [homes] comment = RMAI Home Directories browseable = No writeable = Yes read only = No create mask = 0664 browseable = No valid users = %U [profiles] path = /home/samba/profiles read only = No store dos attributes = Yes create mask = 0600 directory mask = 0700 browseable = No writeable = Yes guest ok = No The stuff I can see at the log files is this: windows-box.log [2009/08/11 16:40:49, 5] rpc_parse/parse_prs.c:prs_uint32(710) 004c uni_max_len: 000c [2009/08/11 16:40:49, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0050 offset : [2009/08/11 16:40:49, 5] rpc_parse/parse_prs.c:prs_uint32(710) 0054 uni_str_len: 000c [2009/08/11 16:40:49, 5] rpc_parse/parse_prs.c:dbg_rw_punival(942) 0058 buffer : F.A.M.-.C.H.O.R.I.Z.O... [2009/08/11 16:40:49, 6] rpc_parse/parse_prs.c:prs_debug(84) 70 smb_io_chal [2009/08/11 16:40:49, 5] rpc_parse/parse_prs.c:prs_uint8s(857) 0070 data: 03 a3 f4 30 4b c7 3c 90 [2009/08/11 16:40:49, 5] rpc_parse/parse_prs.c:prs_debug(84) 00 net_io_r_auth [2009/08/11 16:40:49, 6] rpc_parse/parse_prs.c:prs_debug(84) 00 smb_io_chal [2009/08/11 16:40:49, 5] rpc_parse/parse_prs.c:prs_uint8s(857) data: 00 00 00 00 00 00 00 00 [2009/08/11 16:40:49, 5] rpc_parse/parse_prs.c:prs_ntstatus(769) 0008 status: NT_STATUS_ACCESS_DENIED [2009/08/11 16:40:49, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called NETLOGON successfully [2009/08/11 16:40:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 70 I will increase the debug level and give u more info. Thanks for your time!!! -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Suggestion for 2 domains samba+ldap and Windows AD
Hi people. I want to know if this is possible. I have right now 3 domains in my network. Dom A = Samba 3.0.33 Gentoo + LDAP. This serve to a domain of 10 users at location 1. Dom B = Windows 2003 AD serving 8 users at location 2. Dom C = WinNT + samba as client serving most of the users(35) at location 2. As u can see, the NT is the most busy, I need to remove that domain, is in the same location as Dom B, my path is to move all the users from Dom C to Dom B most of the machines are windows boxes. This is easy, the only issue I was having before is my 2 samba boxes, I could not make possible to be part of the Dom B, but last week I made that possible, them I can make this move. Well, the main reason of this email is because, after I remove the NT server, at location 2 I would just have a Window 2k3 AD domain working, on the other site (location 1) I would have a domain running samba+ldap working. Right now, if I'm at location 1 I cannot see location 2 the Dom B(Win 2k3), the same thing happen at location 2. There is a way to make this possible, can a domain with samba+ldap see a domain with win 2k3? Is possible to share users? I was think to setup another server at location 2 with samba+ldap and sync users but I still have the users of the win 2k3 domain...? Hope to be clear, if someone have some experience here at will appreciated, thanks for your time!!! P.S. my samba serves at location 2 are Centos 5.x Samba 3.0.33. -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Active Directory Integration Problems
Lets see if this help.
I have setup a server a couple of weeks before, windows 2k3 AD I
add my vm centos 5.3 machine to it, I share 1 folder and add the home
users folder.
Is running and have no issue with.
Windows 2k3 domain name: DOM.local
machine name: dompdc
IP: 192.168.2.2
Network: 192.168.2.0/24
Centos machine name: dom-vmcentos(DHCP)
Kerberos: /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = DOM.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes
[realms]
DOM.LOCAL = {
admin_server = dompdc.DOM.local
default_domain = DOM.local
kdc = dompdc.DOM.local
}
[domain_realm]
.kerberos.server = DOM.LOCAL
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
Winbind + samba running, lets go with samba:
[global]
syslog = 1
log level = 2 vfs:2
log file = /var/log/samba/%U.%m.log
utmp = Yes
load printers = no
socket options = TCP_NODELAY SO_RCVBUF=20480 SO_SNDBUF=20480
dns proxy = no
server string = vmCents 5.x Test Server
printing = cups
workgroup = DOM
netbios name = dom-vmcentos
security = ads
realm = DOM.LOCAL
allow trusted domains = Yes
idmap uid = 1-2
idmap gid = 1-2
winbind enum users = Yes
winbind enum groups = Yes
winbind separator = +
password server = dompdc.DOM.local
encrypt passwords = Yes
printcap name = /etc/printcap
max log size = 100
interfaces = eth0
bind interfaces only = Yes
local master = no
domain master = no
preferred master = no
template homedir = /home/%D/%U
template shell = /bin/bash
#unix charset = UTF-8
[homes]
comment = Home Directories DOM
browseable = no
writable = yes
#valid users = %S
create mode = 0664
directory mode = 0775
[Test]
comment = Test Directories DOM
path = /opt/test
public = yes
browseable = yes
writable = yes
valid users = DOM+username
write list = DOM+username
create mode = 0770
/etc/nsswitch.conf
passwd: files winbind
shadow: files winbind
group: files winbind
#hosts: db files nisplus nis dns
hosts: files dns
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files winbind
rpc:files winbind
services: files
netgroup: files winbind
publickey: nisplus
automount: files winbind
aliases:files nisplus
/etc/hostname:
# Do not remove the following line, or various programs
# that require network functionality willfail.
192.168.2.118 dom-vmcentos.DOM.local dom-vmcentos
#::1localhost6.localdomain6 localhost6
192.168.2.2 dompdc.DOM.local dompdc
Here it suppose that we already add the machine account to AD and is
working as u say.
Now lets see our shares on linux:
[r...@dom-vmcentos opt]# ll
total 16
-rw-r--r-- 1 root root 146 Sep 16 2008 File
drwx-- 2 root root 12288 Feb 22 2008 lost+found
drwxr-xr-x 3 psql pvsw 1024 Jun 12 2008 PSQLDATA
drwxr-xr-x 2 DOM+username root 1024 Jun 16 15:31 test
drwxr-xr-x 3 root root 1024 Jan 8 2009 zimbra
Lest test:
[r...@dom-vmcentos opt]# smbclient -L dom-vmcentos -U username
Password:
Domain=[DOM] OS=[Unix] Server=[Samba 3.0.33-3.7.el5]
Sharename Type Comment
- ---
IPC$IPC IPC Service (vmCents 5.x Test Server)
TestDisk Test Directories DOM
usernameDisk Home Directories DOM
Domain=[DOM] OS=[Unix] Server=[Samba 3.0.33-3.7.el5]
Server Comment
----
DOM-VMCENTOS vmCents 5.x Test Server
DOMPDC
WorkgroupMaster
----
DOM DOMPDC
Now a mount command:
mount -t cifs //dom-vmcentos/Test -o username=username,password=passwd /mnt
[r...@dom-vmcentos ~]# mount
//dom-vmcentos/Test on /mnt type cifs (rw,mand)
[r...@dom-vmcentos ~]#
I can see the files inside this user home folder, create, modify, etc
even inside windows 2k3.
See u latter!!!
On Mon, Jul 13, 2009 at 9:21 AM, David Armstrongdarmstr...@moca.org wrote:
Brian,
Which logs should I be checking?
The following output comes from the winbindd.log. I replaced the FQDN
of the domain controller in the second to last line of the log file. It
was in the format SERVERNAME.domain.name
[2009/07/13 09:16:40, 0] lib/util_sock.c:write_data(564)
write_data: write
[Samba] samba 3.0.28 + ldap domain update to 3.0.33 is save?
Hi people. I have I have 1 server(gentoo) running samba 3.0.28+ldap as domain of my winboxes, running: dev-perl/perl-ldap-0.34 dev-python/python-ldap-2.2.1 net-nds/openldap-2.3.43 net-nds/smbldap-tools-0.9.4-r1 sys-auth/nss_ldap-258 sys-auth/pam_ldap-183 Emerge is offering me samba 3.0.33 and other ports that works with samba, just wondering is someone have already update samba from 3.0.28 to 3.0.33 and if save to do this, I just don't want to break my current samba domain with ldap. Thanks all for your time!!! LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Linux local user problem when security = ADS
On Wed, Jun 24, 2009 at 12:34 PM, Reginald0re...@ig.com.br wrote: Hi, folks! I have two RHEL5 Linux machines, both successfuly joined to a Windows 2008 Server AD domain. I can see AD users, groups, checking trusts, etc. My problem is that when I try to mount a share from one Linux machine to the other using a local user, I receive the message mount error 13 = Permission denied. If I add the user with same name/password to the Windows AD domain, then I can mount the share, and this way I can read but can't write to the mounted folder on the client side, unless I set chmod 777 on the server side, but this would open a security hole on my system. Before join these two machines to a domain, I was using security = share and username map option to map the server local user to the client remote user, and it was working flawlessly. Follows below the relevant configuration: /etc/samba/smb.conf on server: [GLOBAL] security = ADS workgroup = DOMAINNAME realm = DOMAINNAME password server = DOMAINSERVERNAME username map = /etc/samba/smbusers winbind use default domain = yes winbind uid = 1-2 winbind gid = 1-2 [SHARE] path = /share writable = yes browseable = no create mask = 0664 valid users = remoteusername /etc/samba/smbusers on server: localusername = remoteusername mount command on client: mount -t cifs //MACHINE1/SHARE /share -o user=remoteusername If you need some more information, please advise me. Thanks in advance, Reginald0 -- View this message in context: http://www.nabble.com/Linux-local-user-problem-when-security-%3D-ADS-tp24189729p24189729.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Last week I did this, I join my samba server running centos 5.3 with a AD server running Win 2k3. Went I start testing, wbinfo -u, wbinfo -g show all my users and groups from AD, the goal of this is that we don't need to add the each user to Linux+samba user db like we did before with NT4. Now, the: username map = /etc/samba/smbusers I don't like it, I don't have right access to my samba server to see my settings, but I remember that if I would like to share a folder like your example, I did this: mkdir share chmod 0664 share chown DOMAIN+username share [SHARE] path = /share writable = yes browseable = no create mask = 0664 valid users = DOMAIN+username write list = DOMAIN+username Just to point that, I setup winbind, pam and all that stuff to make my AD server to samba all the info about names+groups. See latter. -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] working file server, but logs filling with NT_STATUS_ACCESS_DENIED
On Sat, May 2, 2009 at 3:35 PM, Barnaby Scott b...@waywood.co.uk wrote: Hi, I wonder if anyone can help with this. I have a Samba server (Samba 3.3.3 running under FreeBSD 7.1-RELEASE), with 3 Windows workstations all running XP Professional and 3 laptops (1 XP home,1 XP professional, 1 Vista). There is no Windows domain invloved, just a workgroup. Everything works absolutely fine, except that my logs are filling up with errors similar to this: [2009/05/02 18:40:10, 0] smbd/service.c:make_connection_snum(740) create_connection_server_info failed: NT_STATUS_ACCESS_DENIED I cannot trace this to any particlaur activity by any user - in fact many of these errors occur at a similar time at around 3am every night, when there is certainly no user activity. Obviously to troubleshoot this properly you will need logs etc. I have copied my smb.conf below, but to save me posting all sorts of irrelevant stuff, perhaps a first step would be to let me know what else is needed in order to look into this further. Or perhaps there is something obvious I have done wrong already! I can find literally only 2 Google hits for the exact string create_connection_server_info failed: NT_STATUS_ACCESS_DENIED, neither of which are relevant to my situation. Any help would therefore be very gratefully received! Thanks ==smb.conf=== [global] workgroup = CHADLINGTON server string = Samba Server map to guest = Bad User passdb backend = tdbsam log level = 3 log file = /var/log/samba/log.%m max log size = 50 smb ports = 139 dns proxy = No hosts allow = 192.168.1., 127.0.0.1 hosts deny = ALL [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [music] comment = shared music path = /home/music write list = @samba-clients guest ok = Yes = -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba - LIving the dream... Hi just curios. If u test the connection for each user, do u see anything wrong? Maybe u already test your connections? Increase the debug level 3 before u test this. After each test read the log file. Example: inside the bsd box. smbclient -L //your-server-name -U your-user-name U must see all shares of this server. smbclient //your-server-name/home-username -U username Password: Domain=[YourDomain] OS=[Unix] Server=[Samba 3.0.33-3.7.el5] smb: \ Once u access, u must create, list, delete, edit, etc all the files and directories. U must test with all your users all your shares. This I do everytime I build a samba server. Inside the Unix/Linux box and with the user desktop. See u latter!!! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to Join Samba Client to a Samba PDC Domain with ldap?
On Fri, Aug 22, 2008 at 6:06 PM, David Collins [EMAIL PROTECTED] wrote: Manu, You have 2 choices - your call ... 1. Have the Centos box act like a Windows PC, by installing Winbind, and then join the Samba domain. The Samba Howto has information about that. In this case, it is irrelevant that the Samba database is LDAP. 2. Since you are using smbldap-tools, I presume the LDAP database holds posix information about each Samba user? If so, you can set up your Centos box to use LDAP for authentication, so that anyone listed in LDAP can log onto the Centos box. If you need to access Samba shared files, then you will also need to install smbclient. Also, pyNeighbourhood is a nice GUI for accessing Samba shares from Linux. Regards, David Collins On Fri, 2008-08-22 at 04:52 +0200, manu Baylac wrote: Alberto Moreno a écrit : Hi People. I have a domain running samba 3.0.28 with Gentoo+ LDAP+smbldap-tools. Is running very well, I have about 15 WinXP clients + 1 Win2K3 server. Is easy to add a win machine to the domain, but now I need to add a linux box running Centos 5.2, But I have my doubts: Do I need to edit in my client the openldap settings? I just need samba? How my samba client is going to read the users from the LDAP server? What I have to do... See libnss-ldap and libpam-ldap. Could someone pint me some links where exist this info? I will appreciated a lot, thanks for your time people. Sorry, only in french... Manu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Hi David. Thanks for your info, this server is just CLI, no GUI or X stuff, right now I can see my server in my domain, plus I can reach the domain users+groups without winbind, right now I'm configuring the roaming profiles + redirection some folders from my windows clients to the server. Looks like everything is working very well. Just 1 doubt came to my mind, the official how or the samba by example, didn't mention about if samba need to be already running before you start joining the client or after that, in my case, I start samba after I finish the process. Right now is the only doubt I have. Thanks all again for your help!!! -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How to Join Samba Client to a Samba PDC Domain with ldap?
On Fri, Aug 22, 2008 at 5:41 AM, Adam Williams [EMAIL PROTECTED] wrote: you want to have samba on your centos 5.2 system join the samba domain handled by samba/ldap on your PDC? Yes Adams thats what I whant to do. Albert give some points, now about the point where I need to configure ldap inside my client (Centos), I need to run slapd inside my client? or what SW i need to run? (I know that I need to run samba, Albert say that I don't need winbind) In my client, I don't need to edit anything inside /etc/openldap/ ? just /etc/ldap.conf? To get the users from my PDC, I have to edit the same files I edit inside my PDC(nsswitch.conf, systems-auth, etc)? This is new for me, this is way I have a lot of doubts, I read the manuals, but I still have some holes. Thanks for your support. -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How to Join Samba Client to a Samba PDC Domain with ldap?
On Fri, Aug 22, 2008 at 8:03 AM, Adam Williams [EMAIL PROTECTED] wrote: /etc/ldap.conf will handle the linux shell accounts, use authconfig-tui. for getting samba on your centos 5.2 server talking to your PDC, see chapter 7 of Samba 3 by example.pdf. you won't need to run slapd on your centos 5.2 server unless you want to have it act as a slave/read only/replication LDAP server to your PDC server which isn't required. Alberto Moreno wrote: On Fri, Aug 22, 2008 at 5:41 AM, Adam Williams [EMAIL PROTECTED] wrote: you want to have samba on your centos 5.2 system join the samba domain handled by samba/ldap on your PDC? Yes Adams thats what I whant to do. Albert give some points, now about the point where I need to configure ldap inside my client (Centos), I need to run slapd inside my client? or what SW i need to run? (I know that I need to run samba, Albert say that I don't need winbind) In my client, I don't need to edit anything inside /etc/openldap/ ? just /etc/ldap.conf? To get the users from my PDC, I have to edit the same files I edit inside my PDC(nsswitch.conf, systems-auth, etc)? This is new for me, this is way I have a lot of doubts, I read the manuals, but I still have some holes. Thanks for your support. Thanks all u people. Following your instructions I had finally add my Linux box to my domain. I was reading the samba by example before + official how-to + www docs but I didn't understand very well, but today my brain was concentrate and with the info u people give to me I finally understand the process. Thanks again from your great help all of u!!! -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] How to Join Samba Client to a Samba PDC Domain with ldap?
Hi People. I have a domain running samba 3.0.28 with Gentoo+ LDAP+smbldap-tools. Is running very well, I have about 15 WinXP clients + 1 Win2K3 server. Is easy to add a win machine to the domain, but now I need to add a linux box running Centos 5.2, But I have my doubts: Do I need to edit in my client the openldap settings? I just need samba? How my samba client is going to read the users from the LDAP server? What I have to do... I have been searching some examples in the how-to, but I still don't found this info. Could someone pint me some links where exist this info? I will appreciated a lot, thanks for your time people. -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cannot Redirect some windows xp folders to samba share?
On Wed, Aug 13, 2008 at 11:44 AM, Adam Williams [EMAIL PROTECTED] wrote: see page 211 of samba 3 by example.pdf Alberto Moreno wrote: Hi people. I have some issues, I setup a samba server(3.0.28) with gentoo, samba + ldap. Is working, I can create users, change, add, mod, etc,etc. I setup each home drive, using smbldap-tools. Everything is working good. But I have 1 problem, I want to setup my windows xp pro sp2 users to have roaming + folder redirection to my samba server. Some folders are very easy to move to be in a redirect or roaming environment like: My Documents My Pictures Favorites My Music Start Up To make this possible, I use tweakUI from windows site, is a easy tool. The main problem I have is that, some folders: Application Data and Local Settings, wont let me redirect them to each user profile share. TweakUI doesn't show this folders. Some sites just show examples but using a AD which is not my case, some sites say that I will see a link inside gpedit.msc where I can setup folder redirection, but In my case, I don't see anything related to Folder Redirection, the other option they say is to change the register for each user. I already try to change the register (Shell Folders) but each time the user restart there computer, the settings for Application Data + Local Settings get back to the default state(C:\Docum and See\UserName\..) I was thinking is windows xp pro, have some option that prevent a user to change this settings like a protection and prevent me to change the settings for this special folders? Does someone succesfully implement Folder Redirection for this folders inside windows xp pro sp2 or sp3, how do u did it? I will appreciated a lot all the info u could give, thanks all for your time!!! P.S. I came from a lot of windows forums, but I still cannot fix this. Thanks Braebaum, that was what I need it. Adam I'm reading the doc thanks for your tip. I appreciated all the information u people give to me, thanks!!! See u. -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Cannot Redirect some windows xp folders to samba share?
Hi people. I have some issues, I setup a samba server(3.0.28) with gentoo, samba + ldap. Is working, I can create users, change, add, mod, etc,etc. I setup each home drive, using smbldap-tools. Everything is working good. But I have 1 problem, I want to setup my windows xp pro sp2 users to have roaming + folder redirection to my samba server. Some folders are very easy to move to be in a redirect or roaming environment like: My Documents My Pictures Favorites My Music Start Up To make this possible, I use tweakUI from windows site, is a easy tool. The main problem I have is that, some folders: Application Data and Local Settings, wont let me redirect them to each user profile share. TweakUI doesn't show this folders. Some sites just show examples but using a AD which is not my case, some sites say that I will see a link inside gpedit.msc where I can setup folder redirection, but In my case, I don't see anything related to Folder Redirection, the other option they say is to change the register for each user. I already try to change the register (Shell Folders) but each time the user restart there computer, the settings for Application Data + Local Settings get back to the default state(C:\Docum and See\UserName\..) I was thinking is windows xp pro, have some option that prevent a user to change this settings like a protection and prevent me to change the settings for this special folders? Does someone succesfully implement Folder Redirection for this folders inside windows xp pro sp2 or sp3, how do u did it? I will appreciated a lot all the info u could give, thanks all for your time!!! P.S. I came from a lot of windows forums, but I still cannot fix this. -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cannot Redirect some windows xp folders to samba share?
On Wed, Aug 13, 2008 at 8:22 AM, Charles Marcus [EMAIL PROTECTED] wrote: On 8/13/2008, Alberto Moreno ([EMAIL PROTECTED]) wrote: The main problem I have is that, some folders: Application Data and Local Settings, wont let me redirect them to each user profile share. Application Data should work fine, but why on earth would you want to do Local Settings? -- Best regards, Charles -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Thanks all for your quick answer. I will check today the User Shell Folder and let u know. Will Charles, this is just my Test enviroment. Thanks and I let u know ASAP. -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.25b on centos 5.1 a lot of signal 11 very unstable!!!
Hi. We add a new virtual machine with vmware server 1.0.4, centos 5.x client, we update the server with yum and receive samba 3.0.25b-1.el5_1.4, we have a PDC running Gentoo with Samba 3.0.24+ldap, all the windows clients and other Linux boxes(.3.0.10 + 3.0.23 + 3.0.24) are working very good and stable. The only problem is this new server, i read about some changes with samba 3.0.25b and oldest version, since we add this server to the domain we had been having problems, we enable the roaming profile to our windows clients, but some times the server doesn't update the user profile, on other situations we lost the profile, example firefox settings, or if the user update some excel file next day appear with no changes. We have almost 3GB of core dumps since we setup samba inside winbind folder, look this is my smb.conf file: [global] workgroup = mydomain server string = mydomain VM DBA Server interfaces = eth0, lo bind interfaces only = Yes security = DOMAIN username map = /etc/samba/smbusers log level = 10 log file = /var/log/samba/%m.%U.log max log size = 150 smb ports = 139 445 name resolve order = wins hosts lmhosts bcast socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = CUPS preferred master = No local master = No domain master = No wins server = 192.168.1.7 ldap admin dn = cn=root,dc=mydomain,dc=com ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Computers ldap suffix = dc=oakwest,dc=com ldap user suffix = ou=Users utmp = Yes remote announce = 192.168.1.255 idmap backend = ldap:ldap://192.168.1.7/ ldap://192.168.1.150; idmap uid = 1-2 idmap gid = 1-2 hosts allow = 127.0.0.1, 192.168.1.0/24, 192.168.2.0/24, 192.168.10.0/24 hosts deny = 0.0.0.0 printing = cups print command = lpq command = %p lprm command = [homes] comment = Home Directories Oakwest valid users = mydomain\%U read only = No create mask = 0664 directory mask = 0775 browseable = No [profiles] path = /home/samba/profiles valid users = mydomain\%U, @Domain Admins force user = %U read only = No create mask = 0600 directory mask = 0700 profile acls = Yes browseable = No csc policy = disable Look now, this winbind logs: - wb-mydomain.log rpc_pipe_bind: Remote machine PDC-SRV pipe \lsarpc fnum 0x7628 bind request returned ok. [2008/02/26 21:58:43, 1] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(625) cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from remote machine PDC-SRV pipe \lsarpc fnum 0x7628! [2008/02/26 21:58:43, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081) rpc_pipe_bind: Remote machine PDC-SRV pipe \lsarpc fnum 0x7629 bind request returned ok. [2008/02/26 21:58:43, 1] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(625) cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from remote machine PDC-SRV pipe \lsarpc fnum 0x7629! [2008/02/26 21:58:43, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081) rpc_pipe_bind: Remote machine PDC-SRV pipe \lsarpc fnum 0x762a bind request returned ok. [2008/02/26 21:58:43, 1] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(625) cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from remote machine PDC-SRV pipe \lsarpc fnum 0x762a! [2008/02/26 21:58:43, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081) rpc_pipe_bind: Remote machine PDC-SRV pipe \lsarpc fnum 0x762b bind request returned ok. [2008/02/26 21:58:43, 1] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(625) cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from remote machine PDC-SRV pipe \lsarpc fnum 0x762b! [2008/02/26 21:58:43, 3] nsswitch/winbindd_rpc.c:trusted_domains(909) rpc: trusted_domains [2008/02/26 21:58:43, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081) rpc_pipe_bind: Remote machine PDC-SRV pipe \lsarpc fnum 0x762c bind request returned ok. [2008/02/26 21:58:43, 1] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(625) cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from remote machine PDC-SRV pipe \lsarpc fnum 0x762c! [2008/02/26 21:58:43, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081) rpc_pipe_bind: Remote machine PDC-SRV pipe \lsarpc fnum 0x762d bind request returned ok. [2008/02/26 21:58:43, 1] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(625) cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from remote machine PDC-SRV pipe \lsarpc fnum 0x762d! -
[Samba] Windows 2003 R2 client Network Browsing very slow
Hi people. I add a new server to the network, windows 2003 R2 sp2, is another client in the domain running gentoo linux with samba 3.0.24, the problem i have is that my Network Browsing is very slow inside win2k3. * The network is working normally, 90% of my clients are windows xp pro sp2 and those can browse the network without a issue. * The master browser in the domain is my linux PDC server, i disable the browser service in all my Windows Clients even win2k3. I found that if i enable the browser server in win2k3, he take the roll of Master Browser and problem fix. But that server is not the PDC, have some one had been having problems like this one and fix it? Any info about i will appreciated a lot, thanks!!! -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Doubts about some old parameters?
Thanks Dale, this remove that message. See u!!! 2007/8/31, Dale Schroeder [EMAIL PROTECTED]: Alberto, To get rid of the testparm error message, add level2 oplocks = No The default for this parameter is Yes, but is only in effect if oplocks = Yes. Dale Alberto Moreno wrote: Hi people. I'm using Centos 4.5 running samba 3.0.x, i have a old ERP software that always setup this some entrance in my smb.conf: [PVPIPE$] comment = Pervasive pipes path = /usr/local/psql/etc/pipe # only members of group pvsw will have access valid users = @pvsw # Absolutely necessary - prevents caching oplocks = no read only = yes browseable = No My doubts is oplocks, every time i run testparm tell me this: Invalid combination of parameters for service PVPIPE$. Level II oplocks can only be set if oplocks are also set. Is this configuration correct? Thanks all for your time!!! -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Doubts about some old parameters?
Hi people. I'm using Centos 4.5 running samba 3.0.x, i have a old ERP software that always setup this some entrance in my smb.conf: [PVPIPE$] comment = Pervasive pipes path = /usr/local/psql/etc/pipe # only members of group pvsw will have access valid users = @pvsw # Absolutely necessary - prevents caching oplocks = no read only = yes browseable = No My doubts is oplocks, every time i run testparm tell me this: Invalid combination of parameters for service PVPIPE$. Level II oplocks can only be set if oplocks are also set. Is this configuration correct? Thanks all for your time!!! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Adding FreeBSD Samba Server to windows 2003 ADS
2006/10/31, Edward Irvine at home [EMAIL PROTECTED]:
Hi,
It has been a while since I have looked at any of this. However, I do know
you don't want to run a kdc on your FreeBSD server. Windows is the KDC.
You do need to tell FreeBSD what realm you are in , and what the Windows
ADS servers are:
You might wish to try the following in your /etc/krb5.conf file:
# /etc/krb5.conf
[libdefaults]
default_realm= EXAMPLE.COM
forwardable = true
default_tgs_enctypes = rc4-hmac des-cbc-crc
default_tkt_enctypes = rc4-hmac des-cbc-crc
[appdefaults]
default_realm = EXAMPLE.COM
pam = {
forwardable = true
krb4_convert = false
debug= false
}
[realms]
EXAMPLE.COM = {
kdc = ads1.example.com:88
kdc = ads2.example.com:88
admin_server = ads1.example.com:749
kpasswd_server = ads1.example.com:464
kpasswd_protocol = SET_CHANGE
default_domain = example.com
}
[domain_realm]
example.com = EXAMPLE.COM
.example.com = EXAMPLE.COM
[logging]
default = FILE:/var/log/krb5lib.log
Also, you might want to try this link:
http://www.kurai.org/~gdunn/samba3-ad/fbsd_samba.html
Eddie
Alberto Moreno wrote:
2006/10/27, Guillermo Gutierrez [EMAIL PROTECTED]:
Thank you for your response.
I have not been successful in trying to do this. I have found a how-to
doing this with winbind and ldap ut coud not get them to work.
-Original Message-
From: [EMAIL PROTECTED] [mailto:
[EMAIL PROTECTED] On Behalf Of
Alberto Moreno
Sent: Thursday, October 26, 2006 11:51 PM
To: samba@lists.samba.org
Subject: Re: [Samba] Adding FreeBSD Samba Server to windows 2003 ADS
2006/3/29, Guillermo Gutierrez [EMAIL PROTECTED]:
Hi, I am trying to add a FreeBSD 6.0 Samba Server to a windows 2003
ADS
domain and utilize winbind/kerberos for authenticating domain users
on
it.
I have already done this with a Gentoo Samba server (which after I
realized how, turned out to be very easy) but it is a lot tougher to
do
with
FreeBSD.
Has anyone on the list had any experience with it. The samba in the
FreeBSD ports is version 3.0.14a but I downloaded the source for
3.0.21cso that I can use the latest version.
thanks,
Guillermo Gutierrez
Development Systems Engineer
Market Scan Information Systems Inc.
(818) 575-2000 x2427
[EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
HI Guillermo, im working on this, but i see that this post is from
march,
just want to know if you succed with this? Did have some tips about
this
situation? Is your system stable? May you show me your settings?
I already installed samba on freebsd 6-1 from ports with ADS support,
tomorrow i will try to add that machine to win2k3 AD domain, but my
doubt
is with the kerberos version that has freebsd by default, can we use
that
one..?
We can enable krb5 from rc.conf, but we need all the optios there?
#
# kerberos. Do not run the admin daemons on slave servers
#
kerberos5_server_enable=NO # Run a kerberos 5 master server (or NO).
kerberos5_server=/usr/libexec/kdc # path to kerberos 5 KDC
kerberos5_server_flags= # Additional flags to the kerberos 5 server
kadmind5_server_enable=NO # Run kadmind (or NO)
kadmind5_server=/usr/libexec/kadmind # path to kerberos 5 admin
daemon
kpasswdd_server_enable=NO # Run kpasswdd (or NO)
kpasswdd_server=/usr/libexec/kpasswdd # path to kerberos 5 passwd
daemon
Which options i need for this job..?
Im really starting working with samba, but the kerberos stuff is some
confused, thanks for your time!!!
--
LIving the dream...
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.408 / Virus Database: 268.13.17/505 - Release Date:
10/27/2006
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.408 / Virus Database: 268.13.17/505 - Release Date:
10/27/2006
I read some docs about the same situation with winbind+ldap but went
i
try, no success, but let me try with Kerberos and see what happend, i
will
inform here in the list, see you man.
LIving the dream...
Thanks for that link i will try and let you know guys, right im setting
the ntp server on my lan to syc clocks between clients servers.
See you soon.
--
LIving the dream...
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Adding FreeBSD Samba Server to windows 2003 ADS
2006/3/29, Guillermo Gutierrez [EMAIL PROTECTED]: Hi, I am trying to add a FreeBSD 6.0 Samba Server to a windows 2003 ADS domain and utilize winbind/kerberos for authenticating domain users on it. I have already done this with a Gentoo Samba server (which after I realized how, turned out to be very easy) but it is a lot tougher to do with FreeBSD. Has anyone on the list had any experience with it. The samba in the FreeBSD ports is version 3.0.14a but I downloaded the source for 3.0.21cso that I can use the latest version. thanks, Guillermo Gutierrez Development Systems Engineer Market Scan Information Systems Inc. (818) 575-2000 x2427 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba HI Guillermo, im working on this, but i see that this post is from march, just want to know if you succed with this? Did have some tips about this situation? Is your system stable? May you show me your settings? I already installed samba on freebsd 6-1 from ports with ADS support, tomorrow i will try to add that machine to win2k3 AD domain, but my doubt is with the kerberos version that has freebsd by default, can we use that one..? We can enable krb5 from rc.conf, but we need all the optios there? # # kerberos. Do not run the admin daemons on slave servers # kerberos5_server_enable=NO # Run a kerberos 5 master server (or NO). kerberos5_server=/usr/libexec/kdc # path to kerberos 5 KDC kerberos5_server_flags= # Additional flags to the kerberos 5 server kadmind5_server_enable=NO # Run kadmind (or NO) kadmind5_server=/usr/libexec/kadmind # path to kerberos 5 admin daemon kpasswdd_server_enable=NO # Run kpasswdd (or NO) kpasswdd_server=/usr/libexec/kpasswdd # path to kerberos 5 passwd daemon Which options i need for this job..? Im really starting working with samba, but the kerberos stuff is some confused, thanks for your time!!! -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Freebsd 6.1 and Kerberos in rc.conf
Hi people. Im reading the samba manual to join my freebsd box with to an win2k3 AD Domain, i install samba from ports with support for AD, already check that my samba program has been build with support for kerberos, ldap and all the stuff the manual recommended, now about kerberos, we have some stuff in /etc/rc.conf # # kerberos. Do not run the admin daemons on slave servers # kerberos5_server_enable=NO # Run a kerberos 5 master server (or NO). kerberos5_server=/usr/libexec/kdc # path to kerberos 5 KDC kerberos5_server_flags= # Additional flags to the kerberos 5 server kadmind5_server_enable=NO # Run kadmind (or NO) kadmind5_server=/usr/libexec/kadmind # path to kerberos 5 admin daemon kpasswdd_server_enable=NO # Run kpasswdd (or NO) kpasswdd_server=/usr/libexec/kpasswdd # path to kerberos 5 passwd daemon Which options we neen to enable...? There is something extra that we need to do with kerberos before i try to join this machine..? Another thing, there is one var in smb.conf that ask for a wins server, my domain doesnt have any wins server, do i need this var...? Any tip will be apreciated, thanks for your time!!! -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Freebsd 6.1 and Kerberos in rc.conf
2006/10/27, Matt [EMAIL PROTECTED]: I am familiar with freebsd 6.1 as I use it regularly. Here is how you enable kerberos. Add these lines to your rc.conf. kerberos5_server_enable=YES kadmind5_server_enable=YES kpasswdd_server_enable=YES The other options you can pretty much ignore. Those are for if you have a non-standard install of FreeBSD. I am assuming you are using the version of Heimdal included with FreeBSD 6.1. If you are, it is version 0.6.6 so you do not have to specify any special encryption algorithm. On 10/27/06, Cleber P. de Souza [EMAIL PROTECTED] wrote: I'm not familiar about FreeBSD settings, but about kerberos and AD you'll need also pay attention to your clock syncronization, because if your Win2k3 and FreeBSD's clock differs more than 5 minutes you'll get errors to connect. On 10/27/06, Alberto Moreno [EMAIL PROTECTED] wrote: Hi people. Im reading the samba manual to join my freebsd box with to an win2k3 AD Domain, i install samba from ports with support for AD, already check that my samba program has been build with support for kerberos, ldap and all the stuff the manual recommended, now about kerberos, we have some stuff in /etc/rc.conf # # kerberos. Do not run the admin daemons on slave servers # kerberos5_server_enable=NO # Run a kerberos 5 master server (or NO). kerberos5_server=/usr/libexec/kdc # path to kerberos 5 KDC kerberos5_server_flags= # Additional flags to the kerberos 5 server kadmind5_server_enable=NO # Run kadmind (or NO) kadmind5_server=/usr/libexec/kadmind # path to kerberos 5 admin daemon kpasswdd_server_enable=NO # Run kpasswdd (or NO) kpasswdd_server=/usr/libexec/kpasswdd # path to kerberos 5 passwd daemon Which options we neen to enable...? There is something extra that we need to do with kerberos before i try to join this machine..? Another thing, there is one var in smb.conf that ask for a wins server, my domain doesnt have any wins server, do i need this var...? Any tip will be apreciated, thanks for your time!!! -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- *** Cleber P. de Souza -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Hi guys. Them, i read some post about the Time between AD and Samba server, them is better to setup on local time server(NTP) to help this comunication? Thanks for your answers. -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Adding FreeBSD Samba Server to windows 2003 ADS
2006/10/27, Guillermo Gutierrez [EMAIL PROTECTED]: Thank you for your response. I have not been successful in trying to do this. I have found a how-to doing this with winbind and ldap ut coud not get them to work. -Original Message- From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] On Behalf Of Alberto Moreno Sent: Thursday, October 26, 2006 11:51 PM To: samba@lists.samba.org Subject: Re: [Samba] Adding FreeBSD Samba Server to windows 2003 ADS 2006/3/29, Guillermo Gutierrez [EMAIL PROTECTED]: Hi, I am trying to add a FreeBSD 6.0 Samba Server to a windows 2003 ADS domain and utilize winbind/kerberos for authenticating domain users on it. I have already done this with a Gentoo Samba server (which after I realized how, turned out to be very easy) but it is a lot tougher to do with FreeBSD. Has anyone on the list had any experience with it. The samba in the FreeBSD ports is version 3.0.14a but I downloaded the source for 3.0.21cso that I can use the latest version. thanks, Guillermo Gutierrez Development Systems Engineer Market Scan Information Systems Inc. (818) 575-2000 x2427 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba HI Guillermo, im working on this, but i see that this post is from march, just want to know if you succed with this? Did have some tips about this situation? Is your system stable? May you show me your settings? I already installed samba on freebsd 6-1 from ports with ADS support, tomorrow i will try to add that machine to win2k3 AD domain, but my doubt is with the kerberos version that has freebsd by default, can we use that one..? We can enable krb5 from rc.conf, but we need all the optios there? # # kerberos. Do not run the admin daemons on slave servers # kerberos5_server_enable=NO # Run a kerberos 5 master server (or NO). kerberos5_server=/usr/libexec/kdc # path to kerberos 5 KDC kerberos5_server_flags= # Additional flags to the kerberos 5 server kadmind5_server_enable=NO # Run kadmind (or NO) kadmind5_server=/usr/libexec/kadmind # path to kerberos 5 admin daemon kpasswdd_server_enable=NO # Run kpasswdd (or NO) kpasswdd_server=/usr/libexec/kpasswdd # path to kerberos 5 passwd daemon Which options i need for this job..? Im really starting working with samba, but the kerberos stuff is some confused, thanks for your time!!! -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.408 / Virus Database: 268.13.17/505 - Release Date: 10/27/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.408 / Virus Database: 268.13.17/505 - Release Date: 10/27/2006 I read some docs about the same situation with winbind+ldap but went i try, no success, but let me try with Kerberos and see what happend, i will inform here in the list, see you man. LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Port options in FreeBSD 6.1
Hi people. I want to add one freebsd machine to my current domain which run on Win2k3 AD, i see that samba3 have some options before compile, i just want to have some NFS for the users, i need something extra to enable before compile the port..? OPTIONS=LDAPWith LDAP support on \ ADS With Active Directory support off \ CUPSWith CUPS printing support on \ WINBIND With WinBIND support on \ ACL_SUPPORT With ACL support off \ AIO_SUPPORT With experimental AIO support off \ FAM_SUPPORT With File Alteration Monitor off \ SYSLOG With Syslog support off \ QUOTAS With Disk quota support off \ UTMPWith UTMP accounting support on \ MSDFS With MSDFS support off \ SMBSH With SMBSH wrapper for UNIX commands off \ PAM_SMBPASS With PAM authentication vs passdb backends off \ EXP_MODULES With experimental modules off \ POPTWith system-wide POPT library on Which options i need to enable, disable or the current settings are good for joining my freebsd box, i wont need cups, but what about ADS? WINBIND? this feature is for WINNT4 enviroments i think?, ACL_SUPPORT? Thanks all for your time, greetings!!! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problems protecting one share folder...?
Hi people. I have been reading about shares access protection with samba, i found some sites googling but i still dont know how to implement this problem, this is my situation: smb.conf for that share: [test] comment = Test System path = /opt/test writeable = yes valid users = @inges @notelaacabas @mfonseca @mvalencia read list = mfonseca mvalencia create mode = 0660 directory mode = 0770 admin users = root notelaacabas @inges is the group of users that need to write/change/deleted from this share valid users = user that can login this service or share read list = read only users to this service create mode and directory mode was from one example i found in the web, but i think 0660 and 0770 is not good...? Them i took one linux shell, create one folder in /opt/ root#mkdir test Change the owners root# chown notelaacabas:inges /opt/test Change the mode root# chmod 775 /opt/test Restart samba. *Now the users in the valid user list can create /modify/delete files, here ok. *The users in the read list can read files but they cannot delete/create/change files great. The problem i have now is this: We have one application that was made with access, that application need 2 thinks: 1; The user need to have one maped drive with the letter k (is the share i create before) 2; Need to be execute in one folder inside the k drive like this: k\App\MyApp I create the folder with the same attributes as the parent folder(test). Ok, the problem start went the READ LIST users execute MyApp, because you know like WORD, the access program create one temporal file inside the folder where we run the program (App), the user cannot write anything there, went the program start, Access send back one message saying that it will open the application READ ONLY and went we try to use some part of the application, it CRUSH because it cannot UPDATE something, for me the problem is because the user cannot write there, the common problems of office applications. Another thing, the write user are about 5 and the read-only are about 40, how can i handle this..? I have been locking around, testing but i still dont make this thing to work. How can i fix this problem, i still testing, any information i will apreciated a lot. OS: red hat 9 Samba 3 Grettings. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Questions about sub-folders, access...?
Hi people, iam testing samba3 on freebsd 5.4, i install samba from ports with no problems, i have this simple smb.conf file: [global] workgroup = WORKGROUP netbios name = FREEBSD server string = Samba Server FreeBSD security = user encrypt passwords = yes [public] comment = %h Shared Public Directory path = /opt/test force directory mode = 0777 force create mode = 0777 force group = nobody force user = nobody public = yes writeable = yes read only = no My problem right now is that i want to create one folder with the user X inside this share and give access to user Y to that sub-folder, them i create the folder with the user X from windows 2000, smbd create the folder with this permisions: root# getfacl test #file:test #owner:65534 #group:0 user::rwx group::rwx other::rwx The owner is nobody like the smb.conf say, the group 0 is wheel, ok here everybody can access the folder, but what about if i only want to give access to the owner(X user) and the user Y...? Ok, after rading some docs, i do this: Go to freebsd login with root and change the folder rights: root# chown X:Y /opt/test/NewFolder root# chmod 770 /opt/test/NewFolder Now user X or Y if try to access the folder from windows 2000 smbd say \\Freebsd\public\test is not accessible Access is denied I have been reading the samba 3 by examples book 10.3.3 Share Point Directory and File Permisions, but didnt find the answer, and the chapter 15 of the samba how-to but they speak about the smb.conf shares, and i want to apply this to sub-folders i create inside of samba shares...? I think this can be done inside the Unix/Linux box with the root user but i still dont find the way, what i forget...? Hope you can help me people, thanks all for your time!!! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] How to compile on FreeBSD 5.4 Samba 3.0.20b?
Hi people. I run freebsd 5.4-p8 and want to start working with samba. I normally use the porst to install programs on freebsd. But i read the Makefile and see that we have a lot of arguments to chose and some are default, i want to know wich options i will use on 2 situations i want to test. A) windows 2k AC enviroment -Workgroup. B) Windows 2003 AD -Windows XP clients -DNS -AD On both situations i want to: -I want to share 1 folder on FreeBSD -I want that freebsd machine appear on Microsoft Windows Network Link -I want to access windows share folders from Freebsd machine, is posible...? This are the options i have on freebsd to compile samba: LDAPWith LDAP support on \ ADS With Active Directory support off \ CUPSWith CUPS printing support on \ WINBIND With WinBIND support on \ ACL_SUPPORT With ACL support off \ AIO_SUPPORT With experimental AIO support off \ SYSLOG With Syslog support off \ QUOTAS With Quota support off \ UTMPWith UTMP support on \ MSDFS With MSDFS support off \ SAM_XML With XML smbpasswd backend off \ SAM_MYSQL With MYSQL smbpasswd backend off \ SAM_PGSQL With PostgreSQL smbpasswd backend off \ SAM_OLD_LDAPWith Samba2.x LDAP smbpasswd backend off \ PAM_SMBPASS With SMB PAM module off \ EXP_MODULES With experimental module(s) off \ POPTWith installed POPT library on Here wich options i use for one of each situations i have? Is all my doubt, hope someone could help me with this qustions, thanks. NOTE: I already have cups and mysql!!! Thanks all for your time!!! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Hi About samba and windows 2003.
Hi to all. We are running samba 2.2.7a, on Red Hat 9 kernel 2.4.20-smp. the PDC is NT 4 Server. My doubt is this one: We buy one new server to be the PDC running windows 2003, them this samba we have running still work for windows 2003 or do we need to upgrade to the new version 3.0.20? I now we need to upgrade the kernel to 2.4.31 the last one o thing. Hope some one give to me some info about to make tests before we upgrade everything. Thanks for your time. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
