Re: [Samba] Failover
By the way! All your DCs should be able to run the 10.48.16.155!?? And all your shares are mapped like this : \\10.48.16.155\share!? How do you manage the second Controller to take over when the Master DC is down. It is important to have the DC slave dns working. With the internal DNS or dlz_bind I did not succeed to manage this. Only flat files could do the job for me. So the best thing to do Is to map like \\your.domain\share. No failover Ip is needed. Greetings Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Robert Gurdon Gesendet: Montag, 7. Oktober 2013 16:15 An: samba@lists.samba.org Betreff: [Samba] Failover Hi guys, I have a domain with Samba 4.0.5 domain controllers and also a failover DRBD shared disk, where the active DC controlls the access to the disk. DOMAINC01 - 10.48.16.150 DOMAINC02 - 10.48.16.151 DOMAINCHA - 10.48.16.155 this would be the failover IP, which works perfectly on Windows XP clients. I can see the shares, just like on DOMAINC01 or DOMAINC02 and if the users has the proper credentials they can write open etc. But when I try to do the same on a Windows 7 client I simply get an error message You dont have the proper rights to open the directory I guess because of the DOMAINCHA virtual controller is not in the AC, but shall I add a computer to the AC so my win7 clients could open the available shares? Thanks, Robert -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] using samba 4 as plugin replacement for samba 3
THIS WILL NOT WORK: can I simply give samba 4 a copy of the old smb.conf file? --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Klaus Hartnegg Gesendet: Freitag, 11. Oktober 2013 17:01 An: samba@lists.samba.org Betreff: [Samba] using samba 4 as plugin replacement for samba 3 Hi, when I don't want to switch to Active Directory, but don't want to be stuck on version 3.6 either, can I simply give samba 4 a copy of the old smb.conf file? Will it be able to store all windows acl's in extended attributes, or is this improvement only available in combination with letting it run as active directory domain controller? thanks, Klaus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] using samba 4 as plugin replacement for samba 3
First of all no more [homes] but [home]!! EX: [home] path= /mnt/glusterfs/ads/home readonly = No posix locking =NO [share1] path= /mnt/glusterfs/ads/share1 readonly= NO Best no acls defined in the conf but from the ads-tool/Microsoft or by the administrator from a windows client. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: Masopust, Christian [mailto:christian.masop...@siemens.com] Gesendet: Montag, 14. Oktober 2013 12:21 An: muel...@tropenklinik.de; 'Klaus Hartnegg'; samba@lists.samba.org Betreff: AW: [Samba] using samba 4 as plugin replacement for samba 3 Hi Daniel, so... is there a list what options to change? I've already seen the Wiki page with the minimal working configuration, but is there more information available? thanks, christian -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Daniel Müller Gesendet: Montag, 14. Oktober 2013 08:23 An: 'Klaus Hartnegg'; samba@lists.samba.org Betreff: Re: [Samba] using samba 4 as plugin replacement for samba 3 THIS WILL NOT WORK: can I simply give samba 4 a copy of the old smb.conf file? --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Klaus Hartnegg Gesendet: Freitag, 11. Oktober 2013 17:01 An: samba@lists.samba.org Betreff: [Samba] using samba 4 as plugin replacement for samba 3 Hi, when I don't want to switch to Active Directory, but don't want to be stuck on version 3.6 either, can I simply give samba 4 a copy of the old smb.conf file? Will it be able to store all windows acl's in extended attributes, or is this improvement only available in combination with letting it run as active directory domain controller? thanks, Klaus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4: Home of Users
[homes]-- THis IS WRONG WITH SAMBA 4 IT should be --[home] No valid Users and so on anymore. Important--path -- readonly = No --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Rowland Penny Gesendet: Montag, 30. September 2013 23:11 An: Neurodesarrollo; samba@lists.samba.org Betreff: Re: [Samba] Samba4: Home of Users On 30/09/13 21:45, Neurodesarrollo wrote: El 26/09/13 16:09, Neurodesarrollo escribió: Hi List, I'm new in the list and with Samba4 I was installed, samba4 ver. 4.0.9 in a server with openSUSE 12.3, 32 bits. Previously I had samba3.6.x installed in my server, the users could access to /home/(users) as like as users drive (U:) and modify every thing in theirs drive. But with Samba4: - How my users can modify theirs home(eg.User:erick, with home directory: /home/erick ) in the server, because in this, they can't modify(Delete, Create, Rename and so so) any thing. - When the user login in their session how can appear automatically the drive U: for example with their home files. My client PC are windows XP sp2 installed with theirs profiles only local. Thanks T.I.A. I provide my smb.conf configuration if you could help me. [global] server string = Samba4 Server en NEURODESARROLLO workgroup = NEURODCAR realm = NEURODCAR.MTZ.SLD.CU netbios name = ALFA server role = active directory domain controller server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc dns forwarder = 10.44.0.10 logon path = \\%L\profiles\%U logon home = \\%N\%U logon drive = U: domain logons = Yes domain master = Yes local master = Yes preferred master = Yes os level = 65 log level = 3 [homes] comment = Home Directories valid users = %ACCOUNTNAME%, %S, %D%w%S browseable = No read only = No [profiles] path = /usr/local/samba/Profiles/ read only = No [netlogon] path = /usr/local/samba/var/locks/sysvol/neurodcar.mtz.sld.cu/scripts read only = No [sysvol] path = /usr/local/samba/var/locks/sysvol read only = No [printers] comment = All Printers path = /var/tmp printable = Yes create mask = 0600 browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/drivers write list = @ntadmin root force group = ntadmin create mask = 0664 directory mask = 0775 ### Any body in this list can help me ??? Thanks in Advance Hi, from your posted smb.conf, you seem to be mixing up the settings for an AD DC and an old-style NT-PDC, most of the global part of it could be removed. The [homes] section will not work as before, it needs to be [home] and you need to supply the path to where ever they are stored. Have a look here: https://wiki.samba.org/index.php/Setup_and_configure_file_shares Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4 with glusterfs
It is also missing in glusterfs 3.4! Just setup samba4 with glusterfs on centos 6.4. The same error. Only the acl option is working. A work around to see the extended acls from windows is to set the volume stat-prefetch off. Greetings Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von wil Gesendet: Mittwoch, 25. September 2013 01:58 An: samba@lists.samba.org Betreff: Re: [Samba] samba4 with glusterfs Ulrich Schinz uli at schinz.de writes: Am 11.05.2013 03:31, schrieb Hisham Attar: for mine to work (under ubuntu) I had to mount with the options at the end or it didnt work mount -t glusterfs gluster01:/vol01/samba/glusterfs -o acl,user_xattr ah ok, maybe in earlier versions... for now it's an unkonwn option... mount -t glusterfs sba-gluster01.intern.ksfh.de:/dfsvol01 /samba/glusterfs/ -o acl,user_xattr unknown option user_xattr (ignored) the option does appear to be there but it is either miss-named or doesn't have an appropriate alias setup glusterfs --help | grep -i attr correct option name appears to be selinux you could modify the mount script... nano /sbin/mount.glusterfs I can confirm this option doesn't appear to be in glusterfs 3.2.5 built on Jan 31 2012 either as user_xattr or selinux the operation of mount.glusterfs appears to be buggy when issued user_xattr option - the log in /var/log/gluster/mnt indicates its trying to resolve it as a host name options are only specified after the volume when using the mount.glusterfs script directly... Usage: mount.glusterfs volumeserver:volumeid/volumeport -o options mountpoint I believe when working directly with mount it's more normal to do as per man entry mount [-fnrsvw] [-t vfstype] [-o options] device dir -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Bind9 AD SDLZ driver failed to load
This is mine working on centos 6:
[root@s4master ~]# named -V
BIND 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6 built with
'--host=x86_64-redhat-linux-gnu' '--build=x86_64-redhat-linux-gnu'
'--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin'
'--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share'
'--includedir=/usr/include' '--libdir=/usr/lib64'
'--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib'
'--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool'
'--localstatedir=/var' '--enable-threads' '--enable-ipv6' '--with-pic'
'--disable-static' '--disable-openssl-version-check' '--with-dlopen=yes'
'--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes'
'--with-dlz-filesystem=yes' '--with-gssapi=/usr/include/gssapi'
'--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets'
'--enable-fixed-rrset' 'build_alias=x86_64-redhat-linux-gnu'
'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g' 'CPPFLAGS=
-DDIG_SIGCHASE'
using OpenSSL version: OpenSSL 1.0.0 29 Mar 2010
using libxml2 version: 2.7.6
What about with-dlopen and your correct path to '--with-geoip=/usr'
---
EDV Daniel Müller
Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: muel...@tropenklinik.de
Internet: www.tropenklinik.de
---
-Ursprüngliche Nachricht-
Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im
Auftrag von Robert Millott
Gesendet: Mittwoch, 11. September 2013 17:33
An: samba@lists.samba.org
Betreff: [Samba] Bind9 AD SDLZ driver failed to load
I installed Bind9 on a new ubuntu 13.04 server using
apt-get install bind9
and am trying to integrate AD into it. Bind starts fine and will resolve my
domain and computer names, but when I add the line include
/usr/local/samba/private/named.conf
into /etc/bind/named.conf, Bind9 fails to start. I have edited that file to
ensure the correct line is included for Bind 9.9, and I am not getting any
apparmor errors in my logs, but it will not start.
The last paste to this message is me running named -g -d 9 and you can see
where SDLZ failes to load, but no reason is given.
I see no useful errors, so don't know where to begin fixing it
Thanx for the help
Here is some of my configurations
named -V
BIND 9.9.2-P1 built with '--prefix=/usr' '--mandir=/usr/share/man'
'--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var'
'--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared'
'--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr'
'--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no' '--enable-ipv6'
'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2'
using OpenSSL version: OpenSSL 1.0.1c 10 May 2012 using libxml2 version:
2.9.0
cat /etc/bind/named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in
/etc/bind/named.conf.local
include /etc/bind/named.conf.options;
include /etc/bind/named.conf.local;
include /etc/bind/named.conf.default-zones;
include /usr/local/samba/private/named.conf;
cat /etc/bind/named.conf.options
options {
directory /etc/bind;
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
forwarders {
8.8.8.8; 8.8.4.4;
};
//
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See
https://www.isc.org/bind-keys
//
dnssec-validation auto;
auth-nxdomain yes;# conform to RFC1035
listen-on-v6 { none; };
allow-transfer {none;};
notify no;
allow-query {
xxx.xxx.xxx.xxx/24;
// other networks you want to allow to query your DNS
};
allow-recursion {
xxx.xxx.xxx.xxx/24;
//other networks you want to allow to do recurrsive queries
};
tkey-gssapi-keytab /usr/local/samba/private/dns.keytab;
};
cat /usr/local/samba/private/named.conf
# This DNS configuration is for BIND 9.8.0 or later with dlz_dlopen support.
#
# This file should
Re: [Samba] Network Neighbourhood samba 4
With samba4 you do not need any netbios. If you want to see your network neighbourhood again you may install samba4wins: ftp://ftp.sernet.de/pub/samba4wins/. It is a wins and doing the job again for you. Good luck Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Andrew Bartlett Gesendet: Sonntag, 15. September 2013 02:24 An: Eduardo Sotomayor Cc: Lista Samba Betreff: Re: [Samba] Network Neighbourhood samba 4 On Fri, 2013-09-13 at 17:29 +, Eduardo Sotomayor wrote: When you say, there is not network neighbourhood in samba 4 you mean that: 1: all the workstations show in the network neighbourhood except the domain controller. 2: There is absolutly nothing in the network neighbourhod, no workstations nor DC. 2). The master browser code in smbd does not collect names because the netbios server in the AD DC does not have the browsing code in it. We would like to add that, but it just is a matter of a developer finding it to be a personal (or employer) priority. (Sadly on the AD DC, there isn't spare developer time just floating around). Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 samba 4 domain join problem
No you do not need to change any registry settings with samba 4 and windows 7. Is your dns working? First of all on your linux box try a smbclient -L localhost -U% Or more like this to be shure administrator is enabled and working: [root@s4master ~]# smbclient //s4master/netlogon -Uadministrator Enter administrator's password: Domain=[TPLK] OS=[Unix] Server=[Samba 4.0.7] smb: \ ls . D0 Fri Aug 23 08:16:23 2013 .. D0 Fri Aug 23 11:14:25 2013 65503 blocks of size 33553920. 65502 blocks available smb: \ If in any case it refuses you can try to enable administrator: samba-tool user enable administrator or list all known users to be shure: samba-tool user list Good luck Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von jared.m.jacob...@l-3com.com Gesendet: Dienstag, 10. September 2013 16:27 An: samba@lists.samba.org Betreff: Re: [Samba] Windows 7 samba 4 domain join problem Thanks for your help. I tried configuring the Windows 7 registry settings listed here, even though it says it shouldn't be necessary for an Active Directory domain: https://wiki.samba.org/index.php/Registry_changes_for_NT4-style_domains. The client acts exactly the same. Are there other registry settings somewhere else, or is this some other problem? Jared From: luisforchesa...@gmail.com [mailto:luisforchesa...@gmail.com] Sent: Friday, September 06, 2013 6:25 AM To: Jacobson, Jared M @ CSG - CSW Subject: Re: [Samba] Windows 7 samba 4 domain join problem Greetings Jared. Let's start the troubleshoot with Win7. Normally you need to modofy it's registry to Win7 work with Samba. Was it done? Att. 2013/9/5 jared.m.jacob...@l-3com.com I stood up a samba 4 (4.0.9) Active Directory domain controller on a Red Hat Enterprise Linux 6.3 server, configured in accordance with the Samba AD DC HOWTO https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO , and tailored to the domain name I want. I'm trying to join a Windows 7 Enterprise Edition client to the domain. Windows responds with Your computer could not be joined to the domain because the following error has occurred: The network path was not found. I used wireshark to capture the message exchange. ... here's a summary of the messages exchanged (C = Win 7 client, S = samba server, pretending client IP is 192.168.0.3, server IP is 192.168.0.4, server name is server, client name is client, and domain name is domain.name): ... 13. C-S: CLDAP search request ROOT baseobject a. Filter: DnsDomain=domain.name Host=CLIENT User=CLIENT AAC=80:01:00:00 NtVer=0x2016 b. Attributes: netlogon 14. S-C: CLDAP serchresentry a. Type: netlogon b. Opcode: LOGON_SAM_USER_UNKNOWN_EX Based on this exchange, it looks like the Win 7 client is trying to use the username CLIENT (message 13) rather than the Administrator username I put in when attempting to join the domain, and the server is rejecting that user because it doesn't know that user. Is it normal for the Win 7 client to use the computer name for the username, here? Did I miss something in the HOWTO? Am I supposed to add the client computer name to the Active Directory before trying to join the domain? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba Version 4.0.7 replace netlogon: /usr/local/samba/var/locks/sysvol/my.domain/scripts
Dear all, Im testing samba4 and replacing the [nelogon] directory: What I have done yet: Deleted the original scripts directory from /usr/local/samba/var/locks/sysvol/my.domain/scripts Set a link to a new place : ln -s /mnt/glusterfs/ads/scripts /usr/local/samba/var/locks/sysvol/my.domain/ When I search my samba server using network neighborhood clicking on netlogon I am successful reaching the share. But If I try \\mysambaserver\sysvol\my.domain\scripts I get a access denied!? Both folders are the same !? How can I set the right permissions on the new [netlogon] and \\mysambaserver\sysvol\my.domain\scripts? Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Version 4.0.7 replace netlogon: /usr/local/samba/var/locks/sysvol/my.domain/scripts
I did fix this: In [global] Set: follow symlinks = yes wide links = yes unix extensions = no As with Samba 3 --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: Daniel Müller [mailto:muel...@tropenklinik.de] Gesendet: Donnerstag, 22. August 2013 13:47 An: 'samba@lists.samba.org' Betreff: Samba Version 4.0.7 replace netlogon: /usr/local/samba/var/locks/sysvol/my.domain/scripts Dear all, Im testing samba4 and replacing the [nelogon] directory: What I have done yet: Deleted the original scripts directory from /usr/local/samba/var/locks/sysvol/my.domain/scripts Set a link to a new place : ln -s /mnt/glusterfs/ads/scripts /usr/local/samba/var/locks/sysvol/my.domain/ When I search my samba server using network neighborhood clicking on netlogon I am successful reaching the share. But If I try \\mysambaserver\sysvol\my.domain\scripts I get a access denied!? Both folders are the same !? How can I set the right permissions on the new [netlogon] and \\mysambaserver\sysvol\my.domain\scripts? Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 + Winbind + PAM Installation/Configuration
Did you set the [home] var already in your smb.conf? --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: Andreas Krupp [mailto:andreaskr...@akrupp.ch] Gesendet: Donnerstag, 15. August 2013 19:06 An: 'samba'; 'Daniel Müller' Betreff: FW: [Samba] Samba4 + Winbind + PAM Installation/Configuration Hello, The steps so far worked: 1) get all of pam installed via yum install pam* 2) Then recompile samba with ./configure.developer followed by make and make install 3) Restarted Samba... and great stuff, my domain controller, settings and users are still there! This is awesome by the way! 4) linked the pam_winbind.so with ln -s /usr/local/samba/lib/security/pam_winbind.so /lib/security 5) Edited /etc/pam.d/system-auth and added the entries as described in the wiki (http://wiki.samba.org/index.php/Samba4/Winbind) All the tests but 1 are fine: Wbinfo -p (Ok) Wbinfo -u (Ok) Getent passwd (Ok) Id [User] (Ok) Ssh [user]@localhost (Fails) -- Permission denied, please try again I tried with the Administrator Account and a normal user account, both fail in the same way. Any ideas? Cheers thx, Andreas -Original Message- From: Andreas Krupp [mailto:andreaskr...@akrupp.ch] Sent: jeudi 15 août 2013 14:53 To: 'muel...@tropenklinik.de' Subject: RE: [Samba] Samba4 + Winbind + PAM Installation/Configuration Ok I will try that. Just as a possibly important follow up question: If I run ./configure.developer, then make and make install ... is my current samba domain configuration kept or will I have to start setting up the domain from scratch? Cheers thx, Andreas -Original Message- From: Daniel Müller [mailto:muel...@tropenklinik.de] Sent: jeudi 15 août 2013 14:39 To: 'Andreas Krupp' Subject: AW: [Samba] Samba4 + Winbind + PAM Installation/Configuration Yes it is pam-devel. To be shure install with yum install pam* to get all pam packages. ./configure.developer will try all possibilities. It is important to have all packages installed before compiling. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: Andreas Krupp [mailto:andreaskr...@akrupp.ch] Gesendet: Donnerstag, 15. August 2013 14:18 An: muel...@tropenklinik.de; 'samba' Betreff: RE: [Samba] Samba4 + Winbind + PAM Installation/Configuration Hello Daniel, Thx a lot for the quick reply. Actually I did all these steps already and the tests that you proposed and that are documented on the wiki are working fine. http://wiki.samba.org/index.php/Samba4/Winbind It is the next section Using pam_winbind that I cannot get to work. My goal is that I can log on to the linux box with an AD Account, or run a service with an AD account or connect via SSH with an AD account. So where I am stuck is: - I do not know which pam files to edit under CentOS and it seems that - I do not have pam_winbind.so installed/compiled with Samba4.1rc2 On the wiki it says: Ensure that you built Samba 4 with libpam0g-dev installed on your system. If not, install the PAM development libraries and re-compile Samba 4 from the ./configure.developer stage. Install pam_winbind.so in the usual place: ... and I cannot make much sense out of that. Is pam-devel = libpam0g-dev? Would you know the difference between ./configure and ./configure.developer? Cheers thx, Andreas -Original Message- From: Daniel Müller [mailto:muel...@tropenklinik.de] Sent: jeudi 15 août 2013 11:35 To: andreaskr...@akrupp.ch; 'samba' Subject: AW: [Samba] Samba4 + Winbind + PAM Installation/Configuration Just install pam and pam-devel And: /etc/nsswitch.conf: passwd: files winbind shadow: files group: files winbind And: ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib64/libnss_winbind.so ln -s /lib64/libnss_winbind.so /lib64/libnss_winbind.so.2 Test now: [root@s4master lib]# ldconfig -v | grep winbind ldconfig: /etc/ld.so.conf.d/kernel-2.6.32-358.11.1.el6.x86_64.conf:6: duplicate hwcap 1 nosegneg libnss_winbind.so - libnss_winbind.so.2 libnss_winbind.so - libnss_winbind.so.2 and it should work with getent group and getenet passwd --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun
Re: [Samba] Samba4 + Winbind + PAM Installation/Configuration
Just install pam and pam-devel And: /etc/nsswitch.conf: passwd: files winbind shadow: files group: files winbind And: ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib64/libnss_winbind.so ln -s /lib64/libnss_winbind.so /lib64/libnss_winbind.so.2 Test now: [root@s4master lib]# ldconfig -v | grep winbind ldconfig: /etc/ld.so.conf.d/kernel-2.6.32-358.11.1.el6.x86_64.conf:6: duplicate hwcap 1 nosegneg libnss_winbind.so - libnss_winbind.so.2 libnss_winbind.so - libnss_winbind.so.2 and it should work with getent group and getenet passwd --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Andreas Krupp Gesendet: Donnerstag, 15. August 2013 11:15 An: samba Betreff: [Samba] Samba4 + Winbind + PAM Installation/Configuration Hello, Now that I have my Samba4 DC running great on CentOS6.4 I was wondering if somebody could help understand better how to install and configure Samba4 with winbind and PAM. I used the tutorial here: [http://wiki.samba.org/index.php/Samba4/Winbind](http://wiki.samba.org/index .php/Samba4/Winbind) This got me through to the point where Using pam_winbind starts. Could anybody help me understand how to do these steps + compile samba4 with pam_winbind on CentOS 6.4? I am more than willing to update the wiki page after that ;-) My questions in detail are: - How do I compile/install Samba4 with pam_winbind support and which prerequisits do I need to install with yum before doing that? - Which pam configuration files do I have to change on CentOS6.4? Cheers thx, Andreas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Failed to find a writeable DC for domain joining to win2k3 AD DC
Look at your /etc/resolv.conf There should be an entry of your existing DC in it ex.: nameserver your.existing.dc And you should be able to ping the existing DC. Greetings Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Kevin Field Gesendet: Dienstag, 13. August 2013 16:15 An: samba@lists.samba.org Betreff: [Samba] Failed to find a writeable DC for domain joining to win2k3 AD DC I have a CentOS 6.4 box with SerNet's Samba 4.0.8 installed and no smb.conf file yet, as it should be. I want it to become an AD DC in my existing Windows domain, replicating from the existing Windows Server 2003 box. I have SELinux enabled and want it to stay that way. I'm getting this error trying to run samba-tool: $ sudo samba-tool domain join currentwindowsadserver.mydomain.lan DC -Uadministrator --realm=currentwindowsadserver.mydomain.lan Finding a writeable DC for domain 'currentwindowsadserver.mydomain.lan' ERROR(exception): uncaught exception - Failed to find a writeable DC for domain 'currentwindowsadserver.mydomain.lan' File /usr/lib64/python2.6/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/lib64/python2.6/site-packages/samba/netcmd/domain.py, line 552, in run machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) File /usr/lib64/python2.6/site-packages/samba/join.py, line 1082, in join_DC machinepass, use_ntvfs, dns_backend, promote_existing) File /usr/lib64/python2.6/site-packages/samba/join.py, line 73, in __init__ ctx.server = ctx.find_dc(domain) File /usr/lib64/python2.6/site-packages/samba/join.py, line 246, in find_dc raise Exception(Failed to find a writeable DC for domain '%s' % domain) I have a StackExchange thread open with all the things I've tried changing and all the things I've verified so far: http://unix.stackexchange.com/questions/86516/samba-4-gives-failed-to-find-a -writeable-dc-for-domain-on-samba-tool-domain-jo I'd appreciate any pointers. I seem to have run out of things to try. Thanks, Kev -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Joining Samba4 as DC--Error Failed to find a writeable DC for domain
Dear all, I set up samba 4.1 (SlaveDC)in a test environment on CentOs 6.4. I tried to join this host to my running and provisioned MasterDC (Samba 4/CentOs 6.4). On the SlaveDC I did : samba-tool domain join tplk.loc DC -Uadministrator --realm=tplk.loc --dns-backend=BIND9_DLZ It gives me: [root@s4slave ~]# samba-tool domain join tplk.loc DC -Uadministrator --realm=tplk.loc --dns-backend=BIND9_DLZ Finding a writeable DC for domain 'tplk.loc' ERROR(exception): uncaught exception - Failed to find a writeable DC for domain 'tplk.loc' File /usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py, line 552, in run machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) File /usr/local/samba/lib64/python2.6/site-packages/samba/join.py, line 1082, in join_DC machinepass, use_ntvfs, dns_backend, promote_existing) File /usr/local/samba/lib64/python2.6/site-packages/samba/join.py, line 73, in __init__ ctx.server = ctx.find_dc(domain) File /usr/local/samba/lib64/python2.6/site-packages/samba/join.py, line 246, in find_dc raise Exception(Failed to find a writeable DC for domain '%s' % domain) Do I miss something?Just pulled with git, configure, make, make install, no porovisioning, just domain join!??? --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Joining Samba4 as DC--Error Failed to find a writeable DC for domain
Just did the trick: Put the nameserver MasterDC in my /etc/resolv.conf on the SlaveDC and all is finished. Please add this hint to http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: Daniel Müller [mailto:muel...@tropenklinik.de] Gesendet: Mittwoch, 31. Juli 2013 09:28 An: 'samba@lists.samba.org'; 'samba-techni...@samba.org' Betreff: Joining Samba4 as DC--Error Failed to find a writeable DC for domain Dear all, I set up samba 4.1 (SlaveDC)in a test environment on CentOs 6.4. I tried to join this host to my running and provisioned MasterDC (Samba 4/CentOs 6.4). On the SlaveDC I did : samba-tool domain join tplk.loc DC -Uadministrator --realm=tplk.loc --dns-backend=BIND9_DLZ It gives me: [root@s4slave ~]# samba-tool domain join tplk.loc DC -Uadministrator --realm=tplk.loc --dns-backend=BIND9_DLZ Finding a writeable DC for domain 'tplk.loc' ERROR(exception): uncaught exception - Failed to find a writeable DC for domain 'tplk.loc' File /usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py, line 552, in run machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) File /usr/local/samba/lib64/python2.6/site-packages/samba/join.py, line 1082, in join_DC machinepass, use_ntvfs, dns_backend, promote_existing) File /usr/local/samba/lib64/python2.6/site-packages/samba/join.py, line 73, in __init__ ctx.server = ctx.find_dc(domain) File /usr/local/samba/lib64/python2.6/site-packages/samba/join.py, line 246, in find_dc raise Exception(Failed to find a writeable DC for domain '%s' % domain) Do I miss something?Just pulled with git, configure, make, make install, no porovisioning, just domain join!??? --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] DNS update shows errors TKEY is unacceptable on joined Samba 4 DC
Calling nsupdate for SRV _ldap._tcp.dc._msdcs.tplk.loc s4slave.tplk.loc 389 Outgoing update query: ;; -HEADER- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: _ldap._tcp.dc._msdcs.tplk.loc. 900 IN SRV 0 100 389 s4slave.tplk.loc. dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for SRV _ldap._tcp.gc._msdcs.tplk.loc s4slave.tplk.loc 3268 Outgoing update query: ;; -HEADER- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: _ldap._tcp.gc._msdcs.tplk.loc. 900 IN SRV 0 100 3268 s4slave.tplk.loc. dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for SRV _ldap._tcp.default-first-site-name._sites.tplk.loc s4slave.tplk.loc 389 Outgoing update query: ;; -HEADER- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: _ldap._tcp.default-first-site-name._sites.tplk.loc. 900 IN SRV 0 100 389 s4slave.tplk.loc. dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for SRV _ldap._tcp.default-first-site-name._sites.dc._msdcs.tplk.loc s4slave.tplk.loc 389 Outgoing update query: ;; -HEADER- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: _ldap._tcp.default-first-site-name._sites.dc._msdcs.tplk.loc. 900 IN SRV 0 100 389 s4slave.tplk.loc. dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for SRV _ldap._tcp.default-first-site-name._sites.gc._msdcs.tplk.loc s4slave.tplk.loc 3268 Outgoing update query: ;; -HEADER- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: _ldap._tcp.default-first-site-name._sites.gc._msdcs.tplk.loc. 900 IN SRV 0 100 3268 s4slave.tplk.loc. dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for SRV _ldap._tcp.65e8afee-6cb0-459b-93ab-ffa1e7f57009.domains._msdcs.tplk.loc s4slave.tplk.loc 389 Outgoing update query: ;; -HEADER- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: _ldap._tcp.65e8afee-6cb0-459b-93ab-ffa1e7f57009.domains._msdcs.tplk.loc. 900 IN SRV 0 100 389 s4slave.tplk.loc. dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for SRV _gc._tcp.tplk.loc s4slave.tplk.loc 3268 Outgoing update query: ;; -HEADER- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: _gc._tcp.tplk.loc. 900 IN SRV 0 100 3268 s4slave.tplk.loc. dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for SRV _gc._tcp.default-first-site-name._sites.tplk.loc s4slave.tplk.loc 3268 Outgoing update query: ;; -HEADER- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: _gc._tcp.default-first-site-name._sites.tplk.loc. 900 IN SRV 0 100 3268 s4slave.tplk.loc. dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Failed update of 20 entries --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] How to solve: client XXX.XXX.XXX.XXX#55873: update 'XXX/IN' denied ---samba_dlz: cancelling transaction on zone
Dear all, how can I solve the issue with samba 4 bind_dlz , when a windows client is joined to the domain I get this error,ex.: 4master named[2814]: client 192.168.135.126#55873: update 'tplk.loc/IN' denied Jul 31 14:29:17 s4master named[2814]: samba_dlz: cancelling transaction on zone tplk.loc I can add the client to the dns by hand: samba-tool dns add s4master tplk.loc EDV2 A 192.168.135.126 -Uadministrator but this is no solution!? --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 8 pro and Samba 4
Just be sure you did no registry hack on the windows 8 machine!? --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Marc Muehlfeld Gesendet: Sonntag, 28. Juli 2013 18:54 An: iss...@aralar.edunet.es Cc: samba@lists.samba.org Betreff: Re: [Samba] Windows 8 pro and Samba 4 Hello Emeka, Am 28.07.2013 18:39, schrieb iss...@aralar.edunet.es: I installed opensuse 12.2, and upgraded the samba 3 it came with to samba 4. I successfully joined win xp, win 7 clients to the samba as domain controller but couldn´t join win 8 prof (it keeps displaying domain does not exist message). Does samba 4 really support win 8 prof or we have to wait for some time? I have one w8 prof in my Samba AD test environment and it works without problems. - Are there any messages/erros in the samba/windows log? - Can the DNS on your w8 resolve the Samba Domain? Please give some more information. That would make it easier to help you. Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Question on approach to authenticate Linux against Samba4
So first of all winbind is the fastest and easiest solution with samba 4: Just be sure winbind is loaded in your samba4 smb.conf. So winbind can read from samba: wbinfo -u Administrator Guest krbtgt dns-s4master then do a ldconfig -v | grep winbind If the result is ex: ldconfig: /etc/ld.so.conf.d/kernel-2.6.32-358.11.1.el6.x86_64.conf:6: duplicate hwcap 1 nosegneg libnss_winbind.so - libnss_winbind.so.2 You have to link libnss_winbind this way ex.: ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib64/libnss_winbind.so ln -s /lib64/libnss_winbind.so /lib64/libnss_winbind.so.2 In your nsswitch.conf: passwd: files winbind shadow: files group: files winbind now you get all your ads members and groups with getent passwd and group. Good luck Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von dahopk...@comcast.net Gesendet: Donnerstag, 25. Juli 2013 18:59 An: samba@lists.samba.org Betreff: [Samba] Question on approach to authenticate Linux against Samba4 This is in a test environment: Also, it is wordy, but I'm hoping it explains my scenario. I am migrating from a custom LDAP+Samba3 authentication solution to Samba4. I have used the classicupgrade option to pull off the data from the existing ldap server to populate the samba4 database. I've installed AD DS and Server for NIS tools on a Windows 2008 server that is connected to the Samba4 DC as a member server. All the information appears to be correct, including the Unix uid and group memberships, and the unixHomedirectory. Now I need to authenticate a Linux system against the Samba4 DC and I need to have the unixHomedirectory used. There is a lot of older information on the net on how to authenticate. I'd prefer to not be required to install samba4 on these other Linux systems which a lot of these approaches seem to require. These linux systems are running LTSP so I have 50+ users logged in at any given time. I currently NFS mount home directories for the linux systems from a central fileserver. Home directories are of the pattern /home/Graduation_year/username. I've tested the Windows logins. I have an issue with mapped drives to the fileservers but I expected this since the fileservers don't exist on the test network. I expect this issue to be resolved once the fileservers are upgraded to samba4 and joined as member servers. I found http://zachbethel.com/2013/04/10/linux-ldap-authentication-with-samba4/ which I think will work, The ldbsearch works but before embarking further on this approach, I have some concerns. 1) will the unixHomedirectory be honored? 2) will I be able to easily add users so that the unix settings will be properly configured? I currently use the IDEALX smbldap tools. Being able to script account creation is very important to me .. adding 200+ user accounts manually each year is not very appealing. ;) 3) Will the scripting tools be able to automatically assign a unique uid for each unix account. Current approach uses NextFreeUnixID but this does not exist in the Samba4 database (the ldap entry is shown below ) dn: cn=NextFreeUnixId,dc=ncs,dc=k12,dc=de,dc=us objectClass: inetOrgPerson objectClass: sambaUnixIdPool cn: NextFreeUnixId sn: NextFreeUnixId structuralObjectClass: inetOrgPerson entryUUID: 4a73a856-83a5-1029-8294-b4ff885ef639 creatorsName: cn=Manager,dc=ncs,dc=k12,dc=de,dc=us createTimestamp: 20050708023946Z gidNumber: 1002 uidNumber: 3885 I have read through the recent thread on winbind and honestly I am not sure that I want to pursue either winbind or sssd if it is possible to use nss_pam_ldap which seems closest to the current approach. Thank you for your patience and taking the time to read the above. Sincerely, Dave Hopkins -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Git- Samba 4.1 Glusterfs 3.4, CentOs 6.4
This is the result when deleting the vfs-glusterfs.c and then running make:# Project rules pass Waf: Leaving directory `/root/samba4/samba-master/bin' source not found: 'vfs_glusterfs.c' in 'dir:///root/samba4/samba-master/source3/modules' make: *** [all] Fehler 1 I am afraid there is more to do in configure and configure.developer --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: Christopher R. Hertel [mailto:c...@ubiqx.mn.org] Gesendet: Mittwoch, 24. Juli 2013 07:55 An: Daniel M?ller Cc: samba@lists.samba.org; samba-techni...@samba.org Betreff: Re: Git- Samba 4.1 Glusterfs 3.4, CentOs 6.4 Daniel, If we can reproduce the build bug, we will certainly work to fix it. The vfs_glusterfs module is, however, fairly new so there has not been time to produce useful documentation. If you would like to contribute documentation, we'll be happy to review it. The Gluster VFS project is hosted on forge.gluster.org. Please provide the BZ number of the Bugzilla bug you're created for this. Also, you should be able to work around the problem by deleting the vfs_glustefs.c file from the source tree. You'll find it in source3/modules/. Chris -)- On Wed, Jul 24, 2013 at 07:40:34AM +0200, Daniel M?ller wrote: Dear all, to your notice:Samba 4.1 pulled from git will not compile under CentOs 6.4 if Glusterfs 3.4 is installed from epel-repo. Make will die with an error concerning vfs modul glusterfs. There should be more documentation about the vfs modul glusterfs. Daniel --- EDV Daniel M?ller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 T?bingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Git- Samba 4.1 Glusterfs 3.4, CentOs 6.4
Dear all, to your notice:Samba 4.1 pulled from git will not compile under CentOs 6.4 if Glusterfs 3.4 is installed from epel-repo. Make will die with an error concerning vfs modul glusterfs. There should be more documentation about the vfs modul glusterfs. Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] About NAS versus Samba
Mostly All the NAS Vendors that belong to the linux side have samba3 winbind running pointing in their config to ads: Ex.: security = ADS something like this.. winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind nested groups = Yes winbind separator = + But in the first run you have to talk to them. Now and then you can buy the nas with a possibility to join to your samba3 domain. If you haven' t tried you will never know :-) Good Luck Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Gaiseric Vandal Gesendet: Donnerstag, 11. Juli 2013 18:44 An: samba@lists.samba.org Betreff: Re: [Samba] About NAS versus Samba On 07/11/13 12:29, Fernando Lozano wrote: Hi, what about the samba running on your NAS. I did a lot of NAS hacking pointing a running samba/winbind config of the vendor to my nt-style samba/ldap domain . But if you do so be aware you are loosing your support :-). So if you can change the samba on your NAS you are up and running. I don't have the NAS box yet. I wish advice on which one to buy based on compatibility with a Samba 3 PDC (or Samba 4 DC, or IPA). Vendors I talked to tell me it won't work, I'd have to use Microsoft AD. Knowing the Linux and Windows side (protocols, software) this doesn't make sense to me, I'm guessing the sales people I talked to simply doesn't know and doesn't want to learn. And it's not easy to tell the boss I'll buy a somewhat expensive box (for a small business) just to hack and see if it'll work the way I want. :-( It would help if you simply tell me which NAS you had success and which one was easier, out-of-the-box, or had to hack. []s, Fernando Lozano It seems common that vendors (esp the sales guys) assume you are running Windows 200x and AD.I think the logic is that none of our customers use linux so we won't support it. It becomes self-fulfilling when anyone wanting something besides the basic Windows AD support looks for other solutions. Getting samba to work sometimes requires fiddling with protocol versions, WINS and DNS. For example windows 7 won't work with Samba 3.x until you tweek the registry. You can probably put together a price-comparable equivalent of the Buffalo using a white-box PC tower and linux. You can even set up software raid. It is more likely to work the way you want than a NAS box. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] About NAS versus Samba
Hi, what about the samba running on your NAS. I did a lot of NAS hacking pointing a running samba/winbind config of the vendor to my nt-style samba/ldap domain . But if you do so be aware you are loosing your support :-). So if you can change the samba on your NAS you are up and running. Greetings Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von ferna...@lozano.eti.br Gesendet: Donnerstag, 11. Juli 2013 06:04 An: Chris Weiss Cc: samba; us...@lists.fedoraproject.org Betreff: Re: [Samba] About NAS versus Samba Hi Cris, Hi there, Has anyone tried to configure a NAS server to authenticate users using a Samba PDC, or even a Samba4 DC (AD-compatible) or an IPA server? not in a while, but I have done a samba 3 DC This was not my question. I'm ok running samba 3 DCs. :-) Have you ever configured a NAS so it would authenticate users from your Samba DC and them serve SMB file shares (aka network drives) to Windows desktops? I'm evaluating replacing some Linux file server for a NAS product, but all them make me nervous when the vendor talks about Active Directory support and nothing else. if 3rd party support is your concern, why are you using fedora instead of RHEL? Are you trying to sell me RHEL subscriptions or help me with my question? ;-) Anything wrong about asking about Fedora on a Fedora list, or any server issue is forbidden for Fedora users? ;-) AFAIK it shouldn't matter, from a technical perspective, if the samba DC runs Fedora, Debian, Slackware, RHEL, SuSE, Ubuntu, Solaris, whatever. I am not talking about OS level FC drivers or iSCSI initiators. Either a NAS will be compatible with Samba3, Samba4, both or neither. This depends on the SMB and MSRPC features needed by the NAS, all them application level protocols, not kernel modules. If I'll need Red Hat support for managing this system is another, unrelated, question. If the NAS vendors state they suṕport RHEL, that's not que question either, as supporting RHEL could mean the RHEL linux kernel smbfs and cifsfs driver talks to the NAS, not the NAS talks to the Samba DC. Or else, RHEL support may mean just that the NAS talks NFS and so a RHEL machine can mount volumes from tne NAS. That's not what I want. Most times I see linux servers they are simply members of a MSAD domain, not the DC themselves. But mine are. All vendors I talked to assume MSAD, and don't know about Samba. :-( Anyway Fedora is my desktop system and development workstation. The DC in question runs RHEL. But if this works I can try someday using Fedora or CentOS with the same (or other) NAS. In theory, many NASes are Linux boxes running samba, so there shouldn't be a problem, except if the web admin interface won't support a samba DC setup and I won't have SSH access to configure the NAS samba myself a cheaper nas will probably use samba, but not all NASs do. there are several commercial SMB/CIFS implementation out there. At least iomega/lenovo/emc state their NAS runs Samba. And a lot of less know vendors also. I'll buy a single, cheap NAS, not a high end EMC rack full of boxes. :-) But... will any NAS you know work with a Samba DC, or else, using an IPA server? Or will they only work with Microsoft Windows Server AD? All vendors I contacted talk only about MS Active Directory. They don't even know about NT4-style domains, which would mean a Samba3 DC should work. Besides, AFAIK a Samba4 DC isn't supported by RHEL at all -- that's why I included IPA in my question -- I'd have to use Sernet packages for Samba4. Even then, Samba4 is very new, I don't know if a NAS implementation would accept it in place of a MSAD DC. Most vendors talk to me about vmware, exchange and sql server support. They offer me windows-only backup servers and the like. Some even offer me SAP R/3 agents, while my ERP is another one. They can only follow their standard script for windows shops. So I ask for the collective knowledge from the Fedora and Samba lists... can anyone tell me I tried this NAS and it worked? Or should I better forget about this and keep using cheap intel boxes as file servers? Am I the first linux sysadmin in the world who's considering to have a NAS replacing some file servers but keeping his samba DCs? []s, Fernando Lozano -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 member server connected to Samba 4 DC (using nslcd)
How about post your nslcd-config? This would be a great help for other users. Greetings Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Chris Alavoine Gesendet: Montag, 8. Juli 2013 19:13 An: Marc Muehlfeld Cc: samba@lists.samba.org Betreff: Re: [Samba] Samba 3 member server connected to Samba 4 DC (using nslcd) Hi Marc, I've had many many problems with Winbind and after a few weeks of dead-ends I decided to switch to nslcd and everything started working very nicely, so I haven't looked back. I've just had a major success on getting getent passwd to work by adding this to my nslcd.conf: # users map passwd uid sAMAccountName map passwd gidNumber primaryGroupID map passwd homeDirectory unixHomeDirectory # groups map group cn sAMAccountName mapgroup uniqueMember member This now lets me see all users and groups via getent. Just doing some more testing now, but I think this may be fixed. Typical, you spend all day on something, finally decided to post on samba lists and then fix it 5 mins later :) Thanks for the swift reply though! Cheers, c:) On 8 July 2013 18:05, Marc Muehlfeld sa...@marc-muehlfeld.de wrote: Hello Chris, Am 08.07.2013 18:54, schrieb Chris Alavoine: My problem is that I have a Samba 3 member server (fileserver) that I'm trying to get to get work in this scenario. I've installed nslcd and am using the following conf file: Why don't you use winbind on your member server? http://wiki.samba.org/index.**php/Samba4/Domain_Memberhttp://wiki.sam ba.org/index.php/Samba4/Domain_Member If I then do a getent group I get success and can see all the groups, however getent passwd fails and I see this in the logs: Jul 8 17:51:46 test-fs-001 nslcd[4587]: [8e1f29] passwd entry CN=ice,CN=Users,DC=test,DC=**internal,DC=com does not contain uid value Does this account have an uid attribute in AD? Regards, Marc -- ACS (Alavoine Computer Services Ltd) Chris Alavoine mob +44 (0)7724 710 730 www.alavoinecs.co.uk http://twitter.com/#!/alavoinecs http://www.linkedin.com/pub/chris-alavoine/39/606/192 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4.0.7 DC in Windows 2003R2 AD
Did you join your samba4 to w 2003R2 AD domain? Is it a firewall feature? --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Garth Keesler Gesendet: Dienstag, 9. Juli 2013 14:43 An: samba@lists.samba.org Betreff: [Samba] Samba 4.0.7 DC in Windows 2003R2 AD Greetings, The ultimate goal is a full implementation of Samba4/OpenChange/SOGo but that onion has too many layers to shoot for the whole thing at once. So, I've added a Samba/Ubuntu12.04 DC to the AD and want to get it totally correct before proceeding with OC. I have two questions (at the moment): First, PAM is not included on the Samba DC and I need to know if it is a requirement. The docs say that, if you want to use it, just rebuild after installing the necessary PAM libs but there are a fairly large number of various flavors of PAM libraries and I could use some help selecting the right set. Second, the Samba DC is using the internal DNS and one-way sync from the PDC seems to be working but not the other way and I always get the following error when running one of the DNS tests that the docs indicate should be run. root@sambadc:~# samba-tool dns query sambadc mydomain.com @ ALL -Uadmin GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'schannel' registered GENSEC backend 'spnego' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered Using binding ncacn_ip_tcp:sambadc[,sign] Password for [mydomain\admin]: ERROR(runtime): uncaught exception - (9717, 'WERR_DNS_ERROR_DS_UNAVAILABLE') File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/dns.py, line 974, in run None, record_type, select_flags, None, None) If I need to include additional info/files, let me know and I'll do so. Any help greatly appreciated. Thanx, Garth -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Logon scripts, home directories, and Samba4 AD
This could do the job Identify the home share on your samba3 fileserver (certain it is member of your samba4 domain?!) as dfs root Ex: msdfs root= yes On samba4 ads [home] msdfs proxy= \your-samba3-server\homes read only = No with rsat point to \your-samba3-server\homes Good luck --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Lee Allen Gesendet: Mittwoch, 3. Juli 2013 00:20 An: samba@lists.samba.org; samba-techni...@lists.samba.org Betreff: [Samba] Logon scripts, home directories, and Samba4 AD I apologize if this appears twice: I posted it several hours ago and it has not appeared on the list, so I am tweaking the email address and trying again. I have two separate (virtual) servers: one running Samba4 functioning as an AD controller, and one running Samba 3.6.1 functioning as a file print server. On the Samba3 side I am using security=ads and winbind and authenticating against the Samba4 ADC. Everything is working great. Where things get a little messy is with the [homes] shares. Here is what I am doing now: My Samba3 smb.conf has a typical [homes] section. I create a subdirectory for each user, and set ownership permissions. I create a logon script on the Samba4 system -- one for each user, because the username is embedded in it: net use H: \\samba3\username And then I use RSAT to set the logon script to the correct value for each user. It's just a lot of steps that need to be performed (perfectly) for each user. Is there a better way? I see RSAT allows me to specify a Home folder. Could this be a folder on the Samba3 server -- ie, \\samba3\username ? (I tried that and it did not work) I can imagine some scripts that would create the logon script on the Samba4 system, and create the necessary directories on the Samba3 system. I could probably manage that, but I hate to re-invent the wheel -- If there is a clean, orthodox way to do this, I would like to know what it is. Thank you. Lee Allen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Logon scripts, home directories, and Samba4 AD
So you authenticate against the samba4 ads with your samba3 is this true? Then you can do a root preexec and run a script on your samba3 server every time the users connect to [homes]. Ex: [homes] root preexec = /path-to-script/./user-home-dir %U Your script user-home-dir (where $1 is the login of the user): #!/bin/bash #if exist directory if test -d /path-to/your-users-home-dirs/$1 then #put Directory is already there in a log file echo $1 Directory already up and running /system/log/eanm.log else mkdir /path-to/your-users-home-dirs/$1 chmod -R 700 /path-to/your-users-home-dirs/$1 chown -R $1:Domain Users / path-to/your-users-home-dirs/$1 echo /path-to/your-users-home-dirs/$1 created /system/log/anm.log fi Greetings Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Lee Allen Gesendet: Mittwoch, 3. Juli 2013 14:56 An: Gémes Géza Cc: samba@lists.samba.org Betreff: Re: [Samba] Logon scripts, home directories, and Samba4 AD Thank you, that works great, and it eliminates the need to create logon scripts for each user. That's a big improvement. ADUC complains it cannot create the folder. Not surprising, because the specified folder \\samba3\username does not really exist -- it's a [homes] share, the true pathname is \\samba3\nas\homes\username. So I still need to create the directory in the samba3 system, and set permissions appropriately. Is there a way around this? The only solution I can see is to write a script that will create the necessary directories when a user is created. But that wouldn't be simple, because it's on a different server -- the user is created on the samba4 ADC and the shares are on the samba3 fileserver. On Wed, Jul 3, 2013 at 3:22 AM, Gémes Géza g...@kzsdabas.hu wrote: Hi, This could do the job Identify the home share on your samba3 fileserver (certain it is member of your samba4 domain?!) as dfs root Ex: msdfs root= yes On samba4 ads [home] msdfs proxy= \your-samba3-server\homes read only = No with rsat point to \your-samba3-server\homes Good luck --**- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --**- Even easier specify \\your-samba3-server\%**USERNAME% as the home folder setting under ADUC for all the users you want (you can even select them set this once) if you also specify home drive H: it will get mounted at that drive letter -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-bounces@lists.** samba.org samba-boun...@lists.samba.org] Im Auftrag von Lee Allen Gesendet: Mittwoch, 3. Juli 2013 00:20 An: samba@lists.samba.org; samba-technical@lists.samba.**orgsamba-techni...@lists.samba.org Betreff: [Samba] Logon scripts, home directories, and Samba4 AD I apologize if this appears twice: I posted it several hours ago and it has not appeared on the list, so I am tweaking the email address and trying again. I have two separate (virtual) servers: one running Samba4 functioning as an AD controller, and one running Samba 3.6.1 functioning as a file print server. On the Samba3 side I am using security=ads and winbind and authenticating against the Samba4 ADC. Everything is working great. Where things get a little messy is with the [homes] shares. Here is what I am doing now: My Samba3 smb.conf has a typical [homes] section. I create a subdirectory for each user, and set ownership permissions. I create a logon script on the Samba4 system -- one for each user, because the username is embedded in it: net use H: \\samba3\username And then I use RSAT to set the logon script to the correct value for each user. It's just a lot of steps that need to be performed (perfectly) for each user. Is there a better way? I see RSAT allows me to specify a Home folder. Could this be a folder on the Samba3 server -- ie, \\samba3\username ? (I tried that and it did not work) I can imagine some scripts that would create the logon script on the Samba4 system, and create the necessary directories on the Samba3 system. I could probably manage that, but I hate to re-invent the wheel -- If there is a clean, orthodox way to do this, I would like to know what it is. Thank you. Lee Allen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/**mailman/options
Re: [Samba] problem over vpn
Using openvpn in bridge mode and you are up and running! No cisco would serve the same job. Greetings Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von David González Herrera - [DGHVoIP] Gesendet: Dienstag, 25. Juni 2013 17:23 An: Roberto Scattini Cc: samba@lists.samba.org Betreff: Re: [Samba] problem over vpn On 6/25/2013 10:12 AM, Roberto Scattini wrote: hi david, On Tue, Jun 25, 2013 at 12:06 PM, David González Herrera - [DGHVoIP] i...@dghvoip.com wrote: On 6/25/2013 9:58 AM, Roberto Scattini wrote: hi all, i have a Samba version 3.2.5 server running in a debian 5.0.8 (a little old, i know...). the network setup is: -one local office using samba -one remote office (we call it cberg) using samba remotely over a vpn (linksys-cisco) Here's you problem don't use cisco. -another remote office (we call it colon) using samba remotely over a vpn (linksys-cisco) Another problem ok, that's beyond my possibilities... :-( No problem that was just a practical joke, just make sure that the interfaces samba listens on do include your VPN interface if you're using routing on the VPN and that port forward is properly configured and the router advertises the VPN routes to client computers. I would recommend using wireshark to capture the packets and verify proper routing, also make sure that samba is starting after the VPN link is up so it's listening on the proper interface. i do have the traffic capture on both ends, where i can upload them? Well, I wouldn't know what to do with the capture because I'm no expert reading that but there's lots of gurus here so they might guide you further. Cheers. thanks -- David Gonzalez DGHVoIP USA: MOBILE: +1.646.559.6200 COL: +57.1.382.6718 COL: +57.4.247.0985 URL: www.dghvoip.com Skype: davidgonzalezh -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba+LDAP: NT_STATUS_UNSUCCESSFUL because of primary group SID mismatch
For me the better way would be, to run serveral openldap servers in master master replication on your DC and several BDC. And no headache about anything. Or just point your BSCs to authenticate against the DCs openldap. But when your DC is down your authentication is gone. Greetings Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Andrew Bartlett Gesendet: Freitag, 21. Juni 2013 09:58 An: Philipp Lies Cc: samba@lists.samba.org Betreff: Re: [Samba] Samba+LDAP: NT_STATUS_UNSUCCESSFUL because of primary group SID mismatch On Thu, 2013-06-20 at 10:26 +0200, Philipp Lies wrote: Hi, I'm trying to get my new samba server running for a few days now and I start losing my mind over not figuring out what I'm doing wrong. Here's my setup: OpenLDAP 2.4.21 server with ~15 groups and 100 users, all having a unix and a samba NT password stored in the LDAP as well as a User SID and Primary Group SID assigned and stored in the LDAP, derived from the SID of the LDAP Server. Now I want several samba servers to use the LDAP server to authenticate users. If you want multiple samba servers to use the same LDAP backend, they essentially all need to be domain controllers of the same domain. This is the supported way to have a single backend shared between multiple servers. You don't need to ever use the DC function from windows clients, but the servers need to think they are a DC. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Fix the Issue Windows 8 cannot join if a example.com domain
No it is not working! My domain is named example.com and windows 8 is not able to join this domain. My other domain named test windows 8 can join without any problem. It seems dotted domains old style are lost for ever. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Carlos R. Pena Evertsz Gesendet: Donnerstag, 20. Juni 2013 21:33 An: Christophe Dezé Cc: samba@lists.samba.org Betreff: Re: [Samba] Fix the Issue Windows 8 cannot join if a example.com domain Ok Thank you Christophe On Jun/20/2013 2:38 PM, Christophe Dezé wrote: hi read this https://www.multifake.net/2013/01/windows-8-not-joining-certain-samba- domains/ Le 20/06/2013 16:25, Carlos R. Pena Evertsz a écrit : Hi Daniel, Try modifying the Network Security: LAN Manager authorization Level. Run SecPol.msc SelectLocal PoliciesSecurity OptionsNetwork Security: LAN Manager authorization Level Double click and change to Send LM NTLM - use NTLMv2 session security if option in the combo box. I hope this could help. Sincerely, Carlos R. P. Evertsz Santo Domingo, Dominican Republic Correr el SecPol.msc y selecionar Local PoliciesSecurity OptionsNetwork Security: LAN Manager authorization Level Aqui seleccionar el Send LM NTLM - use NTLMv2 session security renegotiated On Jun/20/2013 2:25 AM, Daniel Müller wrote: Dear all, could anyone approve if the issue windows 8 could not join a samba3 old style dot domain, ex.: 'example.com' would not join-- but 'example' join well!, is solved in any hack? Greetings Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Fix the Issue Windows 8 cannot join if a example.com domain
Dear all, could anyone approve if the issue windows 8 could not join a samba3 old style dot domain, ex.: 'example.com' would not join-- but 'example' join well!, is solved in any hack? Greetings Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] netlogon homes with Samba4 DC
It is not homes anymore within samba4 it calls home. You need to set the rights for your netlogon from your adm windows client or within ads tool in your user profile --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Robert Gurdon Gesendet: Sonntag, 2. Juni 2013 01:02 An: spamv...@gmail.com Cc: samba@lists.samba.org Betreff: Re: [Samba] netlogon homes with Samba4 DC Hi, 1) Windows 7 logs should say something about your netlogon script. 2) I think you have to create the home directories via RSAT or make a pam script and login with the newly created user. I would suggest the second option, since as I discovered when you make your home directories with RSAT you will have getfacl and winbind problems. Well, if you try to use getfacl on a RSAT made directory samba's winbind part dies. 2013-06-01 22:38 keltezéssel, spamv...@googlemail.com írta: hi all, ive setup Samba4 as DC on Ubuntu Server LTS and have two problems right now: 1) netlogon smb.conf [netlogon] path = /usr/local/samba/var/locks/sysvol/asta-wh.de/scripts read only = No I can access the folder and execute the script as user, but it gets not executed automaticly Ive added to [netlogon] preexec = echo %u is in %G /tmp/netlogon to see if netlogon is executed, and its not. Client PC is a new installed Windows 7 Pro. And Ive added \\SMB4SRV\netlogon\userf00.bat via M$ AD Tools to the User. Roaming Prifiles are also enabled and working. 2) homes smb.conf [homes] comment = Home Directories path = /home/HOME/%S valid users = %S read only = No browseable = Yes Home directorys are not created. Im happy with every hint to the right direction Hans -- Kind regards: Robert -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4wins install
Why do you need to add manual entries? Samba4wins is running for me since years in cooperation with a w2008 wins without any errors. No need to add manual entries!? --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von TAKAHASHI Motonobu Gesendet: Samstag, 25. Mai 2013 17:39 An: gordon...@gmail.com Cc: samba@lists.samba.org Betreff: Re: [Samba] samba4wins install From: Gordon Freeman gordon...@gmail.com Date: Tue, 21 May 2013 12:13:43 -0700 I've the read docs and one thing I'm still not clear on: is Samba required to be installed before I install samba4wins, or not? No, samba4wins is derived from Samba, but does not depend on. Second question: once I get samba4wins installed, how does one add static WINS entries to the database? You can add an entry with ldbedit forexample, # ldbedit -H /usr/local/samba4wins/private/wins_config.ldb -a --- TAKAHASHI Motonobu mo...@monyo.com / @damemonyo facebook.com/takahashi.motonobu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Two departments on two different locations
Samba4-A/GLUSTER--glusterfs-repliactingBrickA-VPNSamba4-B/GL USTER-glusterfs---replicatingBrickB + Backup(if you like)Samba4-C--glusterfs-client(mount if backup needed) Just to think about. Mount as much Bricks you want with GLUSTER. Copy is synced in real time. Greetings Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Ulrich Schinz Gesendet: Freitag, 3. Mai 2013 09:12 An: samba@lists.samba.org Betreff: [Samba] Two departments on two different locations Hi there, like topic sais, I'd like to build a domain-system with two locations. Our users work one day here the other day in the other place. The two locations are connected via VPN (10MBit). To have one datastore in sync on both locations I was thinking about something like a distributed filesystem (e.g. ceph). Why? I hope to be able to setup the cluster between the two locations with a limited traffic between the two locations. So we would have a identical database on both locations. I want to have this identical datastore to have the profile and outlook.pst loaded at login fast. So I'd like to build something like two gateways in the two locations, both mounting same datastore. Placement of files in this datastore is configured to hold one copy of each file in each location. So conecting to one gateway should deliver a local copy in each location. I hope it's clear, what I mean. Maybe some ascii-art ;) -- - - --- |clients location a|-|Fileserver gatewayA|| CEPHCLUSTER |---| Fileserver gatewayB || clients location b | -- - - --- I'm not that skilled artist ;) The gateway idea is, because in the usermanagement of AD I can give only one profile-path. So I wanted to trick that, and have different dns-entries in the two locations for the same name. So I could achieve the local access to the datastore On both locations there is a samba4-AD of the same domain. So maybe one of you has some hints, how to achieve this. I fear that it's not possible to mount ceph from two clients at the same time. Maybe it is possible ??? Alternatives? Some other solution for that problem? Any hint and ideas concerning this problem is welcome! Kind regards Uli -- Ulrich Schinz ulrich.sch...@ksfh.de ___ Katholische Stiftungsfachhochschule München Abteilung Benediktbeuern Don Bosco Str. 1 83671 Benediktbeuern Telefon +49 8857 88 506 www.ksfh.de Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 home share problem
Need to be: [home] not [homes] And you are up and running --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Csányi Krisztián Gesendet: Samstag, 23. März 2013 20:34 An: samba@lists.samba.org Betreff: [Samba] Samba4 home share problem Hi, I have installed Samba4 and the home share functionality is not working. Samba version: 4.0.1 OS: Debian Squeeze Kernel: 2.6.32-5-amd64 The smb.conf: [global] workgroup = TESZT realm = TESZT.HU netbios name = FILESERVER server role = active directory domain controller server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate load printers = no printing = bsd printcap name = /dev/null show add printer wizard = no disable spoolss = yes log level = 3 syslog = 3 syslog only = yes logon path = # logon home = \\fileserver\homes\%U logon drive = H: logon script = %U.cmd [netlogon] path = /opt/samba4/var/lib/samba/sysvol/fileserver.teszt.hu/scripts read only = No [sysvol] path = /opt/samba4/var/lib/samba/sysvol read only = No [homes] path = /home read only = no After a net use h: /home command on client I get this: System error 53 has occured. The network path was not found. The user I try: Administrator and the client OS is Windows XP Pro. I think the rights on the server are ok. When I try to set the home for Administrator in AD I get the answer: The system could not create the startfolder (\\fileserver\homes\Administrator), because can't find path. Is there anybody who can use this functionality? Please help. Thanks for the replies. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Error + Syncing problems
It is the same I noticed: there is only syncing DC1 to DC2 not the other way. The second joined to domain is always the slave. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Tim Vangehugten Gesendet: Dienstag, 23. April 2013 13:33 An: samba@lists.samba.org Betreff: [Samba] Error + Syncing problems Hi, I have 2 samba4.0.5 DC controllers running ubuntu 12.04 in my network which are in sync. Everything works fine but I still get the following error on the first samba4 DC I installed when running /usr/local/samba/sbin/samba -i Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for e3514235-4b06-11d1-ab04-00c04fc2dcd2@ncacn_ip_tcp :ad48d62e-60c8-46fd-bc5c-48bc70ebbf8e._msdcs.samba.test.ad[1024,seal,krb5] NT_STATUS_NO_LOGON_SERVERS Also I tested the following scenarios: - Added a user with the 2 DC's running, pulled the first DC out and tried logging in on client (which uses then the DC2 because no cached credentials were available) Result: Passed test - Added a user with to DC2 (DC1 was still down). After that I pluged in DC1 back and restarted samba on it and waited for 5 min. No sync happened back from DC2 to DC1. Waited 30min, no result Result: Failure Can anyone help me or explain why DC2 won't sync back to DC1? Also can someone help me to solve the error I get? Best Regards Tim Vangehugten -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Applying head to wall to figure out permissions issues.
Try to test. Set the sticky bit for your group on the share [test] path = /path/to/your/test/share readonly=no valid users = @yourgroupofusers directory mask=2770 force directory mode=2770 create mask = 2770 force create mode=2770 force security mode=2770 force directory security mode=2770 force group = yourgroupofusersvfs browseable = no EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de Von: Wayne Edgar [mailto:zerover...@gmail.com] Gesendet: Dienstag, 23. April 2013 13:47 An: muel...@tropenklinik.de Cc: samba@lists.samba.org Betreff: Re: [Samba] Applying head to wall to figure out permissions issues. All files. Applies to simple text files created in Notepad. Today will be the test as users will be back on the network. On Tue, Apr 23, 2013 at 12:58 AM, Daniel Müller muel...@tropenklinik.de wrote: HI, MS Office files or all files? Office files can have this issue. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Wayne Edgar Gesendet: Montag, 22. April 2013 19:33 An: samba@lists.samba.org Betreff: [Samba] Applying head to wall to figure out permissions issues. I have a permissions issue on a Samba DC running 3.5.6. UserA does not have permissions to write to file opened by UserB. Specifically, a file created by UserA gets 764 permissions and UserB can't write to the file until permissions are changed either on the server to +w for other or UserA changes the permissions on the file from Windows for Everyone to have write permissions. I have tried nt acl support = no. I have gone line by line through the conf and can't see why this is not working. What information can I provide to for someone to better understand the issue? Attached my smb.conf. -- Wayne Edgar http://j.mp/wayneedgar -- Wayne Edgar http://j.mp/wayneedgar -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Applying head to wall to figure out permissions issues.
HI, MS Office files or all files? Office files can have this issue. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Wayne Edgar Gesendet: Montag, 22. April 2013 19:33 An: samba@lists.samba.org Betreff: [Samba] Applying head to wall to figure out permissions issues. I have a permissions issue on a Samba DC running 3.5.6. UserA does not have permissions to write to file opened by UserB. Specifically, a file created by UserA gets 764 permissions and UserB can't write to the file until permissions are changed either on the server to +w for other or UserA changes the permissions on the file from Windows for Everyone to have write permissions. I have tried nt acl support = no. I have gone line by line through the conf and can't see why this is not working. What information can I provide to for someone to better understand the issue? Attached my smb.conf. -- Wayne Edgar http://j.mp/wayneedgar -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Sysvol replication
For my interest!? What are your issues about gluster not working replicating sysvol? Greetings Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Jim Potter Gesendet: Sonntag, 14. April 2013 22:34 An: samba Betreff: [Samba] Sysvol replication Hi all, Has anyone actually got sysvol replication working between 2 (or more) Samba4 DCs? I've tried gluster, inosync, csync and rsync and keep getting stuck on issues with the extended attributes. Is there a roadmap or any clues of a date when MSFRS or DFS replication will be part of Samb4? thanks again, Jim -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 home share problem
This should be not [homes] -- but [home] and it should work --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Krisztián Csányi Gesendet: Sonntag, 24. März 2013 12:17 An: Gémes Géza Cc: samba@lists.samba.org Betreff: Re: [Samba] Samba4 home share problem Hi, It's ok now. I didn't use winbind. I have read theese: https://lists.samba.org/archive/samba/2013-February/171877.html https://wiki.samba.org/index.php/Samba4/Winbind https://wiki.samba.org/index.php/Samba4/Domain_Member#Make_domain_users.2Fgr oups_available_locally_through_winbind. I get the solution from this howtos. Thanks 2013/3/24, Gémes Géza g...@kzsdabas.hu: Hi, Hi, I have installed Samba4 and the home share functionality is not working. Samba version: 4.0.1 OS: Debian Squeeze Kernel: 2.6.32-5-amd64 The smb.conf: [global] workgroup = TESZT realm = TESZT.HU netbios name = FILESERVER server role = active directory domain controller server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate load printers = no printing = bsd printcap name = /dev/null show add printer wizard = no disable spoolss = yes log level = 3 syslog = 3 syslog only = yes logon path = # logon home = \\fileserver\homes\%U logon drive = H: logon script = %U.cmd [netlogon] path = /opt/samba4/var/lib/samba/sysvol/fileserver.teszt.hu/scripts read only = No [sysvol] path = /opt/samba4/var/lib/samba/sysvol read only = No [homes] path = /home read only = no After a net use h: /home command on client I get this: System error 53 has occured. The network path was not found. The user I try: Administrator and the client OS is Windows XP Pro. I think the rights on the server are ok. When I try to set the home for Administrator in AD I get the answer: The system could not create the startfolder (\\fileserver\homes\Administrator), because can't find path. Is there anybody who can use this functionality? Please help. Thanks for the replies. Chris Samba 4.0.x has two operation modes: 1. Active directory domain controller 2. Member or standalone server (or classic (NT4 style) domain controller) 2. behaves the same way (regarding shares) as Samba 3.x.y 1. has some limitation in this regard, for example the missing home metashare (in 3.x.y you shouldn't specify a path as it would be deduced based on the connected users home directory) You could emulate a behavior similar to the 3.x.y one with the AD mode if you specify hide unreadable = yes and set the folder rights for each home directory accordingly. As a sidenote: 4.0.1 is quite old, especially if you want to run your AD DC as a fileserver at least 4.0.4 is recommended. Regards Geza Gemes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] network neighborhood
You can try, [global] announce as = system type You are running in an windows ADS there is no netbios but dns. So it could be PCs are not show up In the neighborhood. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von fe...@epepm.cupet.cu Gesendet: Donnerstag, 21. März 2013 16:04 An: samba@lists.samba.org Betreff: [Samba] network neighborhood Mensaje original Asunto: network neighborhood De: fe...@epepm.cupet.cu Fecha: Mie, 20 de Marzo de 2013, 8:07 am Para: samba@lists.samba.org -- Hello: I would like to know what is wrong in my configuration. I can't see this server in network neighborhood. samba 3.5.6 joined to my active directory domain. [global] # message command = /bin/sh -c '/usr/bin/linpopup %f %m %s; rm %s' security = ADS netbios name = dos realm = EPEPM.CUPET.CU password server = ad.epepm.cupet.cu workgroup = EPEPM log level = 1 syslog = 0 idmap uid = 1-2 idmap gid = 1-2 winbind separator = + winbind enum users = yes winbind enum groups = yes winbind use default domain = yes template homedir = /home/%D/%U template shell = /bin/bash client use spnego = yes domain master = no server string = Servidor Dos encrypt passwords = true any ideas? Best regards, Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 AD DC and BIND
/usr/local/samba/bin/samba-tool dns query yourdnshost.your.domain your.domain @ ALL Ex: samba-tool dns query samba4.tplechler.kkh tlechler.kkh @ ALL Will do: Password for [administra...@tplechler.kkh]: Greetings Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Gerry Reno Gesendet: Mittwoch, 20. März 2013 04:06 An: samba@lists.samba.org Betreff: Re: [Samba] Samba 4 AD DC and BIND On 03/19/2013 10:57 PM, Ricky Nance wrote: Try first a kinit administrator, then enter the administrator password, then /usr/local/samba/bin/samba-tool dns query COMPANY.company.com http://COMPANY.company.com company.com http://company.com/ @ ALL (notice no -U this time, and the format of host.realm instead of just host... I mistyped that in the last message) and see if it works, this will cause that tool to use kerberos instead of the regular login. Ricky Nope. Did the kinit and got a good ticket. # /usr/local/samba/bin/samba-tool dns query COMPANY.company.com company.com @ ALL ERROR(runtime): uncaught exception - (-1073741772, 'NT_STATUS_OBJECT_NAME_NOT_FOUND') File /usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/dns.py, line 970, in run dns_conn = dns_connect(server, self.lp, self.creds) File /usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/dns.py, line 37, in dns_connect dns_conn = dnsserver.dnsserver(binding_str, lp, creds) -Gerry -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 AD DC and BIND
It looks as if the script does not like reverse lookups!??? --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Gerry Reno Gesendet: Mittwoch, 20. März 2013 13:59 An: samba@lists.samba.org Betreff: Re: [Samba] Samba 4 AD DC and BIND On 03/20/2013 02:59 AM, Daniel Müller wrote: /usr/local/samba/bin/samba-tool dns query yourdnshost.your.domain your.domain @ ALL Ex: samba-tool dns query samba4.tplechler.kkh tlechler.kkh @ ALL Will do: Password for [administra...@tplechler.kkh]: Greetings Daniel Hi Daniel, yes you're correct. That works with my BIND9 DLZ backend. When I use dns name for the samba machine, eg: samba.company.com then it works both with and without Kerberos auth. But if I use anything else, even the machine IP, it fails. Seems like it should work if you use the machine IP but it doesn't -Gerry -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 AD DC and BIND
This should do the reverse lookup: Ex: samba-tool dns query 192.168.132.123 132.168.192.in-addr.arpa @ All Name=, Records=3, Children=0 SOA: serial=6, refresh=900, retry=600, expire=86400, ns=linux2.tplechler.kkh., email=hostmaster.tplechler.kkh. (flags=60f0, serial=6, ttl=3600) NS: linux2.tplechler.kkh. (flags=60f0, serial=1, ttl=0) NS: samba4.tplechler.kkh. (flags=60f0, serial=5, ttl=0) Name=kkh, Records=0, Children=1 Name=123, Records=1, Children=0 PTR: linux2.tplechler.kkh (flags=f0, serial=2, ttl=0) Name=132, Records=1, Children=0 PTR: samba4.tplechler.kkh (flags=f0, serial=3, ttl=0) Samba-tool dns query IP.YOUR.DNS:SERVER reverse.dns.zone.in-addr.arpa @ ALL --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Daniel Müller Gesendet: Mittwoch, 20. März 2013 14:15 An: 'Gerry Reno'; samba@lists.samba.org Betreff: Re: [Samba] Samba 4 AD DC and BIND It looks as if the script does not like reverse lookups!??? --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Gerry Reno Gesendet: Mittwoch, 20. März 2013 13:59 An: samba@lists.samba.org Betreff: Re: [Samba] Samba 4 AD DC and BIND On 03/20/2013 02:59 AM, Daniel Müller wrote: /usr/local/samba/bin/samba-tool dns query yourdnshost.your.domain your.domain @ ALL Ex: samba-tool dns query samba4.tplechler.kkh tlechler.kkh @ ALL Will do: Password for [administra...@tplechler.kkh]: Greetings Daniel Hi Daniel, yes you're correct. That works with my BIND9 DLZ backend. When I use dns name for the samba machine, eg: samba.company.com then it works both with and without Kerberos auth. But if I use anything else, even the machine IP, it fails. Seems like it should work if you use the machine IP but it doesn't -Gerry -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] There are no currently logon servers available when mappingwith net use
Look at the authentication of your member server, does the server authenticate right against your PDC/BDC? Which version of Samba? what about using dfs or dfs proxy on your PDC/BDC to map the share? Do you use WINS? --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Jim Potter Gesendet: Sonntag, 17. März 2013 21:33 An: c.koe...@live.com Cc: samba@lists.samba.org Betreff: Re: [Samba] There are no currently logon servers available when mappingwith net use Hi, There is a setting in gpedit.msc somewhere to tell the PC to wait for network connectivity before showing the login box. (no idea where - find it yourself - sorry) Anothe option - I have one user woth a similar problem. She keeps getting 'duplicate machine name exists' popups appearing regardless of what I name her machine. The laptop caches her user details so she can log in fine, but generally has weird problems connecting to new shares. You might see the behaviour you are getting if there were machines with duplicate names - one would join the domain properly, wheras the other's trust account would fail but could log in with cached credentials and then have problems connecting to domain repated stuff. hope that helps Jim On 15/03/2013 23:26, TMason wrote: Marcio Oli wrote in message news:CANpJy9WD=CLxbB=BQhgS==1mt-rktxt0hvmi6muymz5rkxm...@mail.gmail.com... Hi people, I have a problem and I need so much of your help. I have a login script in \\server1\netlogon\script.bat (on my PDC and BDC) that runs net use commands to map some shares in time of the logon. This login tries to map share in another server (samba member of domain \\server2). So, I put the result at a log and appears these lines: System error 1311 has occurred. There are currently no logon servers available to service the logon request. This is a recurrent problem, but neither always this happens. Sometimes, everything is wonderful and works very well mapping all shares, but is unstable. -- -- Windows clients have this problem regardless of the type of PDC/BDC you have (Windows or Samba). The problem is that Windows is generally ready to let people log in before all of the network services are ready and as such people can't log in. Are your servers on static IPs? Also, what kind of DNS/DHCP server do you have? This will help in troubleshooting. TMason -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4.0.3 on CentOS 6.3 as PDC.
I had an issue with portreserve running. After shutdown the service samba4 on Centos 6.3 did run. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Thomas Simmons Gesendet: Samstag, 16. März 2013 18:26 An: Mike Stroven Cc: samba@lists.samba.org Betreff: Re: [Samba] Samba 4.0.3 on CentOS 6.3 as PDC. On Tue, Feb 26, 2013 at 8:23 AM, Mike Stroven mike.stro...@visole-energy.com wrote: Any help here? I have included all of the output of the suggested diags that Thomas said I should run, but I admit that I'm not sure what I'm looking for, as I'm not familiar with RPC functionality on Linux. Something is not working with RPC on my Samba 4.0.3 server. (FWIW, it doesn't work with IPTables stopped either.) On Mon, Feb 25, 2013 at 2:21 PM, Mike Stroven wrote: I finally have everything working that can be verified from the server command line. Running Bind9.8 with DLZ support. Verified Kerberos 5 running. Now attempting to join Windows XP machines to the domain, and am getting an error: The RPC server is unavailable. Any pointers? On Mon, Feb 25, 2013 at 6:55 PM, Thomas Simmons wrote: You're likely to get more support on the user's list ( samba@lists.samba.org). If you're certain everything is working on the server and the client network config is correct (you have the DC's IP as the primary DNS server), then my first guess would be iptables or selinux. If you need further assistance, output from the following commands would be useful: # test samba [root@grumpy ~]# /usr/local/samba/bin/smbclient //grumpy/netlogon -UAdministrator%'**' -c ls Domain=[TROY] OS=[Unix] Server=[Samba 4.0.3] . D0 Mon Feb 25 09:53:33 2013 .. D0 Fri Feb 22 17:09:24 2013 40757 blocks of size 131072. 20332 blocks available # test kerberos [root@grumpy ~]# kinit administra...@visole-energy.com Password for administra...@visole-energy.com: Warning: Your password will expire in 41 days on Mon Apr 8 18:14:03 2013 # check iptables [root@grumpy ~]# iptables -nL Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- 0.0.0.0/00.0.0.0/0 state RELATED,ESTABLISHED ACCEPT icmp -- 0.0.0.0/00.0.0.0/0 ACCEPT all -- 0.0.0.0/00.0.0.0/0 ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:22 /* SSH */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:53 /* DNS */ ACCEPT udp -- 0.0.0.0/00.0.0.0/0 state NEW udp dpt:53 /* DNS UDP */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:80 /* HTTP */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:88 /* Kerberos */ ACCEPT udp -- 0.0.0.0/00.0.0.0/0 state NEW udp dpt:123 /* NTP */ ACCEPT udp -- 0.0.0.0/00.0.0.0/0 state NEW udp dpt:135 /* RPC UDP */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:135 /* RPC TCP */ ACCEPT udp -- 0.0.0.0/00.0.0.0/0 state NEW udp dpt:138 /* NetBIOS Netlogon and Browsing */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:139 /* NetBIOS Session */ ACCEPT udp -- 0.0.0.0/00.0.0.0/0 state NEW udp dpt:389 /* LDAP UDP */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:443 /* HTTPS */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:445 /* SMB CIFS */ ACCEPT udp -- 0.0.0.0/00.0.0.0/0 state NEW udp dpt:445 /* SMB CIFS UDP */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:464 /* Kerberos Password Management */ ACCEPT udp -- 0.0.0.0/00.0.0.0/0 state NEW udp dpt:464 /* Kerberos Password Management UDP */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:636 /* LDAP SSL */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:3268 /* LDAP Global Catalog */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:3269 /* LDAP Global Catalog SSL */ ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:1 /* Webmin */ REJECT all -- 0.0.0.0/00.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD
Re: [Samba] DNS Replication Between Samba4 DCs
The same issue with me. No master slave config. possible if using DIND9_DLZ directly. Power off the Master ADS and there is no nslookup my.ads.domain possible anymore. Doing a flat-file config with bind you are up and running. Is there someone who solved that issue? --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Andrew Hamilton Gesendet: Mittwoch, 27. Februar 2013 22:14 An: samba@lists.samba.org Betreff: [Samba] DNS Replication Between Samba4 DCs I have been able to successfully install and configure a primary DC with Ubuntu 12.04 and the samba4 package as well as configure and join a secondary DC to the primary. However, I cannot DNS entries to replicate from the primary to the secondary (I haven't tried the other way around but I would like that working as well). Both are using BIND9_DLZ. Is DNS replication even supported with this setup or do I have to use the SAMBA INTERNAL setting? -Andrew Hamilton Project Engineer www.facilityone.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 - PDC to DC file replication
Look at glusterfs or drbd --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von C Waddy Gesendet: Donnerstag, 28. Februar 2013 06:38 An: samba@lists.samba.org Betreff: [Samba] Samba4 - PDC to DC file replication Hi, I have built two samba4 boxes, one as a PDC and the as a DC, all working perfectly. If I create a user through the mmc snapin then turn off the PDC, I can still login to the domain using the DC which is great. The problem is their file permissions. I have assigned user and group rights using windows explorer to certain folders, i.e granted user1 full permissions to that folder The problem I have is trying to replicate the users data/files from PDC to DC whilst keeping the NTFS permissions that have been set. Rysnc doesnt seem to keep the ntfs permissions The reason for this is if the PDC goes down, user logs on using the DC and can access their files which have retained their files and permissions. Is there some way to achieve this? Any help appreciated. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4.0.3 join a ads AS dc
Dear all, I do a lot of testing with samba4 at this time. Set up a samba 4 server on centos 6.3 working just fine. Now tried to join a second samba4 to the existing domain by : samba-tool domain join tplechler DC -Uadministrator --realm=tplechler.kkh --dns-backend=BIND9_DLZ This worked without any errors. But samba_dnsupdate --verbose --all-names ends up with errors: dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Failed update of 20 entries The dns-keytab file was generated on domain joining!? samba-tool drs showrepl is ok: Default-First-Site-Name\SAMBA4 DSA Options: 0x0001 DSA object GUID: 9ed1322c-6044-4e17-b109-ce2809a52487 DSA invocationId: c2a9094f-afa6-4904-a5d3-b341be2b919d INBOUND NEIGHBORS CN=Schema,CN=Configuration,DC=tplechler,DC=kkh Default-First-Site-Name\LINUX2 via RPC DSA object GUID: a6f6ec2d-5b27-4dff-a2fc-581488411b99 Last attempt @ Tue Mar 12 10:02:29 2013 CET was successful 0 consecutive failure(s). Last success @ Tue Mar 12 10:02:29 2013 CET DC=ForestDnsZones,DC=tplechler,DC=kkh Default-First-Site-Name\LINUX2 via RPC DSA object GUID: a6f6ec2d-5b27-4dff-a2fc-581488411b99 Last attempt @ Tue Mar 12 10:02:29 2013 CET was successful 0 consecutive failure(s). Last success @ Tue Mar 12 10:02:29 2013 CET DC=tplechler,DC=kkh Default-First-Site-Name\LINUX2 via RPC DSA object GUID: a6f6ec2d-5b27-4dff-a2fc-581488411b99 Last attempt @ Tue Mar 12 10:02:29 2013 CET was successful 0 consecutive failure(s). Last success @ Tue Mar 12 10:02:29 2013 CET CN=Configuration,DC=tplechler,DC=kkh Default-First-Site-Name\LINUX2 via RPC DSA object GUID: a6f6ec2d-5b27-4dff-a2fc-581488411b99 Last attempt @ Tue Mar 12 10:02:29 2013 CET was successful 0 consecutive failure(s). Last success @ Tue Mar 12 10:02:29 2013 CET DC=DomainDnsZones,DC=tplechler,DC=kkh Default-First-Site-Name\LINUX2 via RPC DSA object GUID: a6f6ec2d-5b27-4dff-a2fc-581488411b99 Last attempt @ Tue Mar 12 10:02:29 2013 CET was successful 0 consecutive failure(s). Last success @ Tue Mar 12 10:02:29 2013 CET OUTBOUND NEIGHBORS KCC CONNECTION OBJECTS Connection -- Connection name: 7dcfeeaa-a228-4275-bce6-bba8f787a350 Enabled: TRUE Server DNS name : linux2.tplechler.kkh Server DN name : CN=NTDS Settings,CN=LINUX2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=tplechler,DC=kkh TransportType: RPC options: 0x0001 Warning: No NC replicated for Connection! --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Andrew Bartlett Gesendet: Montag, 11. März 2013 23:34 An: d tbsky Cc: samba@lists.samba.org Betreff: Re: [Samba] samba4 AD DC as file server? On Tue, 2013-03-12 at 01:30 +0800, d tbsky wrote: hi: I want to setup a small samba4 server with AD and file server function. I know that samba4 AD DC has no netbios browsing support. are there other missing functions, like winbindd or something else? The next release will include this patch, which avoids mistakenly creating world-writeable files in additional file shares. and if I install two samba4 instance, one to /usr/local/samba(for file server), one to /usr/local/samba-ad(for AD DC). and give them two seprate ip to bind. will it work better? No, it would need to be a different virtual machine (you can only have one winbind per machine, and the different winbind is most important difference between the operating modes). Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 AD DC and BIND
I think it is NO.
If you think about what bind is doing?!: bind needs to read/write in
ex.:/usr/local/samba/private/dns and reads
/usr/local/samba/private/named.conf.
In my case the named conf:
dlz AD DNS Zone {
# For BIND 9.8.0
database dlopen /usr/local/samba/lib/bind9/dlz_bind9.so;
In my production environment I point bind on my samba4 ads to addresses
outside the domain with the forwarder option to another
bind running.
Greetings
Daniel
---
EDV Daniel Müller
Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: muel...@tropenklinik.de
Internet: www.tropenklinik.de
---
-Ursprüngliche Nachricht-
Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im
Auftrag von Gerry Reno
Gesendet: Sonntag, 10. März 2013 14:14
An: samba@lists.samba.org
Betreff: [Samba] Samba 4 AD DC and BIND
When setting up Samba 4 AD DC to use BIND DNS is it possible to use BIND
located on a separate server?
Or do you need to run BIND on the same machine as Samba 4 AD DC?
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Logon scripts
The welcome screen? The welcome screen is first logoff and then login again. All work of the user will be lost!? The locked screen is an item of security and it protects the authenticated users desktop. And as long the user is authenticated no other users has the right to drop in. Every other rule would be chaos. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Terry Austin Gesendet: Freitag, 8. März 2013 23:38 An: samba@lists.samba.org Betreff: Re: [Samba] Logon scripts OK, once I found the Group Policy editor, I got what I needed (which was to enforce a screen saver with a password). Thanks. Anybody know how to (ir if you can) get XP Pro to go to the welcome screen instead of the locked screen when it comes out of the screen saver? Unlocking can only be done by whoever was logged in at the time, or an admin, and the admin options forcibly logs out the other user. (The correct solution, of course, is upgrading to Win7, but that's a time consuming and expensive process, and we're not there yet.) On 8 Mar 2013 at 14:15, Ricky Nance wrote: Hello Terry, You will need to define a logon script for each user in the Active Directory Users and Computers (ADUC) tool or you can do this through user GPO's (there is a logon script option under the user module). In ADUC, select a user (or highlight several users) then under the profiles tab add the filename (logon.bat for me, your's may be different) and ensure that the logon.bat exists in the netlogon share. For the GPO option you can open Group Policy MMC and select your users OU, then create new policy, name it something useful (map homes share, or run logon script for instance), edit it, and under User Configuration, click Windows Settings, scripts (logon/logoff), then double click the logon option, and add your file to the GPO under the show files button, then click Add, and select the file you just added (or created) there. Ricky On Fri, Mar 8, 2013 at 2:02 PM, Terry Austin te...@crownhardware.comwrote: Is there a detailed howto on setting up logon scripts on Samba 4? Or is it the same as for 3? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 logon script not executed
The behaviour of windows 7 concerning logon scripts (ingroup-feature) is quiet different to xp. Without posting your script there is no chance to help you. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von List Mik Gesendet: Montag, 11. März 2013 12:13 An: samba@lists.samba.org Betreff: [Samba] Windows 7 logon script not executed Hello, the configuration below, works like a charm for WinXP Prof. Clients: samba 3.5.6, configured as PDC, netlogon share, logon script is users.bat. The primary group of the Domainusers is users. the relevant parts of smb.conf: logon script = %G.bat [netlogon] path = /home/samba/netlogon public = yes writeable = no browseable = yes valid users = @Domain Users,@users Logging in from WinXP Prof. SP3 machines, the logon script is executed without problems. Logging in from Win7 Prof. SP1 machines (as same domain user), does not execute the logon script. Domain logins from Win7 Pcs in general work, roaming profiles as well, only the logon script is not executed. here comes the log of the logon process (/var/log/samba/log.testpc): [2013/03/11 11:11:41.889891, 1] smbd/service.c:1070(make_connection_snum) testpc (:::192.168.100.100) connect to service profiles initially as user testuser (uid=1011, gid=1001) (pid 17853) [2013/03/11 11:11:41.930769, 1] smbd/service.c:1070(make_connection_snum) testpc (:::192.168.100.100) connect to service profiles initially as user testpc$ (uid=1064, gid=515) (pid 17853) [2013/03/11 11:11:41.932278, 1] smbd/vfs.c:932(check_reduced_name) check_reduced_name: couldn't get realpath for testuser.v2/ntuser.ini [2013/03/11 11:11:42.312102, 0] smbd/nttrans.c:2204(call_nt_transact_ioctl) call_nt_transact_ioctl(0x1401c4): Currently not implemented. [2013/03/11 11:11:43.082440, 1] smbd/service.c:1070(make_connection_snum) testpc (:::192.168.100.100) connect to service testuser initially as user testuser (uid=1011, gid=1001) (pid 17853) [2013/03/11 11:11:43.174407, 1] smbd/service.c:1070(make_connection_snum) testpc (:::192.168.100.100) connect to service netlogon initially as user testuser (uid=1011, gid=1001) (pid 17853) [2013/03/11 11:11:56.462383, 1] smbd/service.c:1251(close_cnum) testpc (:::192.168.100.100) closed connection to service profiles [2013/03/11 11:11:56.465834, 1] smbd/service.c:1251(close_cnum) testpc (:::192.168.100.100) closed connection to service testuser [2013/03/11 11:11:56.466887, 1] smbd/service.c:1251(close_cnum) testpc (:::192.168.100.100) closed connection to service netlogon [2013/03/11 11:12:08.458230, 1] smbd/service.c:1251(close_cnum) testpc (:::192.168.100.100) closed connection to service profiles Somehow it seems, that the win7 clients, when they do a domain logon, do not consider the group users as primary group of the domain user. Any help appreciated, thanks Mik -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 logon script not executed
No it does! There should be a link to where the users has the right to write: [homes] ... %u preexec = echo %u is in %G /homedirectoryOfTheUser/groupname.txt or if you leave it this should work: root preexec = echo %u is in %G /home/samba/netlogon/groupname.txt --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von List Mik Gesendet: Montag, 11. März 2013 13:58 An: samba@lists.samba.org Betreff: Re: [Samba] Windows 7 logon script not executed Very interesting, i tried that, but the file groupname.txt was not created at all. Maybe Win7 domain logon ignores the netlogon share completely? Thanks Mik Am 11.03.2013 13:30, schrieb Ricky Nance: Just for testing add the following line to your [netlogon] root preexec = echo %u is in %G /home/samba/netlogon/groupname.txt then try a windows logon (it won't tell windows anything, but will create the file /home/samba/netlogon/groupname.txt), then on the samba server, cat /home/samba/netlogon/groupname.txt and see what is going on. As soon as you are done testing either comment out that line, or just remove it completely. Ricky On Mon, Mar 11, 2013 at 7:13 AM, Daniel Müller muel...@tropenklinik.de mailto:muel...@tropenklinik.de wrote: The behaviour of windows 7 concerning logon scripts (ingroup-feature) is quiet different to xp. Without posting your script there is no chance to help you. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de mailto:muel...@tropenklinik.de Internet: www.tropenklinik.de http://www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org mailto:samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org mailto:samba-boun...@lists.samba.org] Im Auftrag von List Mik Gesendet: Montag, 11. März 2013 12:13 An: samba@lists.samba.org mailto:samba@lists.samba.org Betreff: [Samba] Windows 7 logon script not executed Hello, the configuration below, works like a charm for WinXP Prof. Clients: samba 3.5.6, configured as PDC, netlogon share, logon script is users.bat. The primary group of the Domainusers is users. the relevant parts of smb.conf: logon script = %G.bat [netlogon] path = /home/samba/netlogon public = yes writeable = no browseable = yes valid users = @Domain Users,@users Logging in from WinXP Prof. SP3 machines, the logon script is executed without problems. Logging in from Win7 Prof. SP1 machines (as same domain user), does not execute the logon script. Domain logins from Win7 Pcs in general work, roaming profiles as well, only the logon script is not executed. here comes the log of the logon process (/var/log/samba/log.testpc): [2013/03/11 11:11:41.889891, 1] smbd/service.c:1070(make_connection_snum) testpc (:::192.168.100.100) connect to service profiles initially as user testuser (uid=1011, gid=1001) (pid 17853) [2013/03/11 11:11:41.930769, 1] smbd/service.c:1070(make_connection_snum) testpc (:::192.168.100.100) connect to service profiles initially as user testpc$ (uid=1064, gid=515) (pid 17853) [2013/03/11 11:11:41.932278, 1] smbd/vfs.c:932(check_reduced_name) check_reduced_name: couldn't get realpath for testuser.v2/ntuser.ini [2013/03/11 11:11:42.312102, 0] smbd/nttrans.c:2204(call_nt_transact_ioctl) call_nt_transact_ioctl(0x1401c4): Currently not implemented. [2013/03/11 11:11:43.082440, 1] smbd/service.c:1070(make_connection_snum) testpc (:::192.168.100.100) connect to service testuser initially as user testuser (uid=1011, gid=1001) (pid 17853) [2013/03/11 11:11:43.174407, 1] smbd/service.c:1070(make_connection_snum) testpc (:::192.168.100.100) connect to service netlogon initially as user testuser (uid=1011, gid=1001) (pid 17853) [2013/03/11 11:11:56.462383, 1] smbd/service.c:1251(close_cnum) testpc (:::192.168.100.100) closed connection to service profiles [2013/03/11 11:11:56.465834, 1] smbd/service.c:1251(close_cnum) testpc (:::192.168.100.100) closed connection to service testuser
Re: [Samba] Windows 7 logon script not executed
If all all users have the same users.bat!? Why not set: logon script = users.bat!? The differences per Group then could be done within this batch. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von List Mik Gesendet: Montag, 11. März 2013 13:42 An: samba@lists.samba.org Betreff: Re: [Samba] Windows 7 logon script not executed Hi, The Script is a regular Dos/Windows batch file (users.bat) with net use commands, like: ... net use P: \\MyDomain\MySharename ... Thanks Mik Am 11.03.2013 13:13, schrieb Daniel Müller: The behaviour of windows 7 concerning logon scripts (ingroup-feature) is quiet different to xp. Without posting your script there is no chance to help you. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von List Mik Gesendet: Montag, 11. März 2013 12:13 An: samba@lists.samba.org Betreff: [Samba] Windows 7 logon script not executed Hello, the configuration below, works like a charm for WinXP Prof. Clients: samba 3.5.6, configured as PDC, netlogon share, logon script is users.bat. The primary group of the Domainusers is users. the relevant parts of smb.conf: logon script = %G.bat [netlogon] path = /home/samba/netlogon public = yes writeable = no browseable = yes valid users = @Domain Users,@users Logging in from WinXP Prof. SP3 machines, the logon script is executed without problems. Logging in from Win7 Prof. SP1 machines (as same domain user), does not execute the logon script. Domain logins from Win7 Pcs in general work, roaming profiles as well, only the logon script is not executed. here comes the log of the logon process (/var/log/samba/log.testpc): [2013/03/11 11:11:41.889891, 1] smbd/service.c:1070(make_connection_snum) testpc (:::192.168.100.100) connect to service profiles initially as user testuser (uid=1011, gid=1001) (pid 17853) [2013/03/11 11:11:41.930769, 1] smbd/service.c:1070(make_connection_snum) testpc (:::192.168.100.100) connect to service profiles initially as user testpc$ (uid=1064, gid=515) (pid 17853) [2013/03/11 11:11:41.932278, 1] smbd/vfs.c:932(check_reduced_name) check_reduced_name: couldn't get realpath for testuser.v2/ntuser.ini [2013/03/11 11:11:42.312102, 0] smbd/nttrans.c:2204(call_nt_transact_ioctl) call_nt_transact_ioctl(0x1401c4): Currently not implemented. [2013/03/11 11:11:43.082440, 1] smbd/service.c:1070(make_connection_snum) testpc (:::192.168.100.100) connect to service testuser initially as user testuser (uid=1011, gid=1001) (pid 17853) [2013/03/11 11:11:43.174407, 1] smbd/service.c:1070(make_connection_snum) testpc (:::192.168.100.100) connect to service netlogon initially as user testuser (uid=1011, gid=1001) (pid 17853) [2013/03/11 11:11:56.462383, 1] smbd/service.c:1251(close_cnum) testpc (:::192.168.100.100) closed connection to service profiles [2013/03/11 11:11:56.465834, 1] smbd/service.c:1251(close_cnum) testpc (:::192.168.100.100) closed connection to service testuser [2013/03/11 11:11:56.466887, 1] smbd/service.c:1251(close_cnum) testpc (:::192.168.100.100) closed connection to service netlogon [2013/03/11 11:12:08.458230, 1] smbd/service.c:1251(close_cnum) testpc (:::192.168.100.100) closed connection to service profiles Somehow it seems, that the win7 clients, when they do a domain logon, do not consider the group users as primary group of the domain user. Any help appreciated, thanks Mik -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 logon script not executed
Believe me you can discuss about it or you can accept it. To have 50 per cent of my clients setup on Windows 7 was a lot of try and error. I had to reeingener all my policies and scripts. Good Luck Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von List Mik Gesendet: Montag, 11. März 2013 14:41 An: samba@lists.samba.org Betreff: Re: [Samba] Windows 7 logon script not executed i have about 100 users, with prim. group users, which should execute users.bat i have about 40 users, with prim. group exts, which should execute exts.bat i have ... yes, i could query the groupmemberships in one batch file, but i don't want to reengineer my current logon script structure, as it works for my XP Clients. i am asking, how win7 prof., logging in to a samba 3.5.6 PDC, does handle the netlogon share und groupmembership different, than WinXP Thanks Mik Am 11.03.2013 14:06, schrieb Daniel Müller: If all all users have the same users.bat!? Why not set: logon script = users.bat!? The differences per Group then could be done within this batch. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von List Mik Gesendet: Montag, 11. März 2013 13:42 An: samba@lists.samba.org Betreff: Re: [Samba] Windows 7 logon script not executed Hi, The Script is a regular Dos/Windows batch file (users.bat) with net use commands, like: ... net use P: \\MyDomain\MySharename ... Thanks Mik Am 11.03.2013 13:13, schrieb Daniel Müller: The behaviour of windows 7 concerning logon scripts (ingroup-feature) is quiet different to xp. Without posting your script there is no chance to help you. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von List Mik Gesendet: Montag, 11. März 2013 12:13 An: samba@lists.samba.org Betreff: [Samba] Windows 7 logon script not executed Hello, the configuration below, works like a charm for WinXP Prof. Clients: samba 3.5.6, configured as PDC, netlogon share, logon script is users.bat. The primary group of the Domainusers is users. the relevant parts of smb.conf: logon script = %G.bat [netlogon] path = /home/samba/netlogon public = yes writeable = no browseable = yes valid users = @Domain Users,@users Logging in from WinXP Prof. SP3 machines, the logon script is executed without problems. Logging in from Win7 Prof. SP1 machines (as same domain user), does not execute the logon script. Domain logins from Win7 Pcs in general work, roaming profiles as well, only the logon script is not executed. here comes the log of the logon process (/var/log/samba/log.testpc): [2013/03/11 11:11:41.889891, 1] smbd/service.c:1070(make_connection_snum) testpc (:::192.168.100.100) connect to service profiles initially as user testuser (uid=1011, gid=1001) (pid 17853) [2013/03/11 11:11:41.930769, 1] smbd/service.c:1070(make_connection_snum) testpc (:::192.168.100.100) connect to service profiles initially as user testpc$ (uid=1064, gid=515) (pid 17853) [2013/03/11 11:11:41.932278, 1] smbd/vfs.c:932(check_reduced_name) check_reduced_name: couldn't get realpath for testuser.v2/ntuser.ini [2013/03/11 11:11:42.312102, 0] smbd/nttrans.c:2204(call_nt_transact_ioctl) call_nt_transact_ioctl(0x1401c4): Currently not implemented. [2013/03/11 11:11:43.082440, 1] smbd/service.c:1070(make_connection_snum) testpc (:::192.168.100.100) connect to service testuser initially as user testuser (uid=1011, gid=1001) (pid 17853) [2013/03/11 11:11:43.174407, 1] smbd/service.c:1070(make_connection_snum) testpc (:::192.168.100.100) connect to service netlogon initially as user testuser (uid=1011, gid=1001) (pid 17853) [2013/03/11 11:11:56.462383, 1] smbd/service.c:1251(close_cnum) testpc (:::192.168.100.100) closed connection
Re: [Samba] samba4 PDC to BDC file replication
Use glusterfs. And samba4 in replication mode. Good Luck --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von C Waddy Gesendet: Freitag, 1. März 2013 07:19 An: Greg Sloop Cc: samba@lists.samba.org Betreff: Re: [Samba] samba4 PDC to BDC file replication Hi Greg, Thanks for the info, its a tough one. I was hoping the msdsf would replicate data but it appears it doesnt appear to or am i missing something? I used a program in the past called File replication pro on Suse/novell and it worked. I haave emailed their support and asked if it will work in our situation. I am going to give it a go in the Samba4 test environment over the weekend, ill let you know if it works. On Fri, Mar 1, 2013 at 3:13 PM, Gregory Sloop gr...@sloop.net wrote: CW I have built two samba4 boxes, one as a PDC and the as a DC, all working CW perfectly. If I create a user through the mmc snapin then turn off CW the PDC, CW I can still login to the domain using the DC which is great. The problem is CW their files and ntfs permissions on BDC. CW I have assigned user and group rights using windows explorer to CW certain folders, i.e granted user1 full permissions to that folder CW The problem I have is trying to replicate/snc the users data/files from PDC CW to DC whilst keeping the NTFS permissions that have been set. CW Rysnc doesnt CW seem to keep the ntfs permissions CW The reason for this is if the PDC goes down, user logs on using CW the DC and CW can access their files which have retained their files and permissions. CW Is there some way to achieve this? I'm in the same boat, and I'm only aware of two possibilities. 1) Robocopy - using a Windows client. BUT Robocopy doesn't do file deltas - changed files are copied in their entirety. Which isn't a problem if you don't have large files. But if you've got a 10G file that changes often, then this probably isn't the best alternative. 2) http://www.bvckup.com/support/ [Bvckup] This also appears to be a Windows utility, but does handle file delta's. I have never used this tool and so can't vouch for it in any way. If you find a functional solution, that preferably can be used on the two Linux/Samba boxes to do file-deltas and still maintain the permissions - that would be best. One other option that might work: Rsync the data, and use robocopy to simply duplicate the permissions structure. [I believe this is possible.] This last idea sounds bat$hit insane - but hey, it might actually work reasonably well. :) -Greg -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Synchronising password of some AD users with an external LDAP?
Apache can authenticate against samba4 ads the same way as if it were openldap. http://wiki.samba.org/index.php/Samba4/beyond Good Luck Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Pekka L.J. Jalkanen Gesendet: Dienstag, 26. Februar 2013 15:01 An: samba@lists.samba.org Betreff: [Samba] Synchronising password of some AD users with an external LDAP? I'm in a situation where I should establish an external (i.e. non-AD) LDAP directory for my employer for various web-based authentication purposes. I don't think that Samba--or Windows AD, for that matter--in and itself would be the best tool for this purpose; so far I've been reviewing 389 DS, ApacheDS, OpenDJ and plain old OpenLDAP, but have made no final decision yet. Now however, it would be beneficial, even if not strictly speaking necessary, if I could automatically synchronise the passwords of certain accounts between that LDAP and our AD; most sensible solution here would probably be to do it between the LDAP users having a corresponding AD account belonging to a specific AD OU. Other than passwords, the accounts and their attributes themselves should stay separate. I know that if I were running a Windows AD, I could most likely accomplish what I want with--if nothing else--the 389 DS by using DS-provided Password Sync Service (see https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Directory_Server/9.0/ html/Administration_Guide/Windows_Sync-Configuring_Windows_Sync.html for more information). However, our goal is to completely migrate our AD to Samba 4, so committing to any software that depends on the continued availability of a Windows DC simply won't do. How could I accomplish this synchronisation with Samba 4? Can anyone nudge me to the right direction? Or is possible at all? Pekka L.J. Jalkanen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Cross-subnet browsing with LMBs + remote browse sync + samba4WINS
NO, you do not need remote browse sync if you have samba4wins working. And you need only following to make it work in your LMB smb.conf wins server = your.samba4wins.host If your smaba4wins is on the same host as your LMB, put this is your samba4wins Samba4wins.conf: bind interfaces only=yes interfaces=your.samba4wins.ip (suggestion use a virt ip not used by samba) ntpd:disable_broadcast=yes wins server=your.samba4wins.ip In your windows clients network configuration set wins1 your first samba4wins and wins2 the second samba4wins. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von TAKAHASHI Motonobu Gesendet: Sonntag, 24. Februar 2013 16:37 An: v...@freemail.gr Cc: samba@lists.samba.org Betreff: Re: [Samba] Cross-subnet browsing with LMBs + remote browse sync + samba4WINS From: vagy v...@freemail.gr Date: Sun, 24 Feb 2013 13:34:37 +0200 i am about to implement cross subnet browsing/sharing and I was wondering if the following configuration would do it, so i would like your opinion: 1. There are two subnets separated by a simple router (no firewalls) 2. Each subnet will have a mixture of Win7/WinXP and Linux hosts. 3. Each subnet will have its own Samba3 LMB (but not DMB) and its own samba4WINS server. Each client host in each subnet will be DHCP configured with their respective WINS server. The LMB will also be configured to use the samba4WINS server. 4. The two samba3 LMB servers will remote browse sync with each other. Thats how the browse lists will be exchanged. 5. The two samba4WINS servers will replicate with each other. Thats how the host names will be exchanged. Do you think that will turn out to be a working configuration? As far as I examined, remote browse sync did not work as I expected. Sample smb.conf that I examined the behavior is: - [global] workgroup = SAMBAxx domain master = yes wins support = yes remote browse sync = x.x.x.x - Samba has to be WINS server and DMB. --- TAKAHASHI Motonobu mo...@monyo.com / @damemonyo facebook.com/takahashi.motonobu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba how to use wins.tdb
Which version of samba, 3 or 4? With samba 4 there is no need of a wins server any more. With samba 3 you are better with samba4wins a real Microsoft wins substitute. Can push and pull with w1008 r2 wins. Tested in my production environment. Greetings Daniel --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Amos.Huang Gesendet: Mittwoch, 20. Februar 2013 08:38 An: samba@lists.samba.org Betreff: [Samba] Samba how to use wins.tdb Hi all! Now I want to use program dynamicly add entries to wins server. Can I use /var/lib/samba/wins.tdb? And how use it? I tired writing entries to /var/lib/samba/wins.dat, but the entry bean clean presently. Thx!!! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Centos samba-3x / samba-3.6.6 - win7 will not join domain
Did you join the win7 client to the samba3 domain using smbpasswd -m. Did you set the registry hacks on the win 7 client. Sometimes the win 7 machines need to set the wins server to your Samba/pdc and netbios enabled. Good luck Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von peter lawrie Gesendet: Montag, 18. Februar 2013 00:59 An: Thomas Simmons Cc: samba@lists.samba.org Betreff: Re: [Samba] Centos samba-3x / samba-3.6.6 - win7 will not join domain Hi Thanks, but I've already done that. Now I'm getting active directory domain controller could not be contacted. I have renamed my win7 PC as pjl-win7 and restarted PC, server and router to ensure all match I also changed the workgroup in Samba from Glendiscovery to glendisc, my PC is still on the windows workgroup and can access the shares. There is also an XP machine, computer1 on 'workgroup', once I've fixed the win7 problem, I'll be checking it can also join the domain. browse.dat has: GLENDISCc0001000 CENTOS55GLENDISC CENTOS55408c9a23 Samba Server Version 3.6.6-0.129.el5 GLENDISC WORKGROUP c0001000 COMPUTER1 WORKGROUP GLENDISCOVERY c0001000 PJL-WIN7 GLENDISCOVERY I was recommended to add some lines to smb.conf, so it now has [root@centos55 samba]# cat smb.conf # Samba config file created using SWAT # from UNKNOWN (0.0.0.0) # Date: 2013/02/17 23:16:46 [global] lanman auth = yes log file = /var/log/samba/%m.log name resolve order = bcast host lmhosts wins socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 obey pam restrictions = Yes client ntlmv2 auth = yes logon drive = z: ntlm auth = Yes domain master = Yes idmap config * : range = time server = Yes wins proxy = No passwd program = /usr/bin/passwd %u wins support = true netbios name = centos55 cups options = raw server string = Samba Server Version %v password server = none logon script = scripts\%U.bat unix password sync = Yes idmap config * : backend = tdb workgroup = GLENDISC logon path = os level = 64 auto services = global printcap name = cups preferred master = yes max log size = 50 pam password change = Yes [homes] valid users = %S read only = No browseable = No [netlogon] comment = netlogon path = /datastore/netlogon valid users = @adm, @users read only = No [company] comment = company share path = /datastore/company valid users = @adm, @users force group = users read only = No create mask = 0775 force create mode = 0775 directory mask = 0775 force directory mode = 0775 inherit permissions = Yes use sendfile = Yes [printers] comment = All Printers path = /var/spool/samba printable = Yes print ok = Yes browseable = No On 17 February 2013 23:47, Thomas Simmons twsn...@gmail.com wrote: Have you made the necessary registry changes on the Win7 workstation (see link)? If properly configured, Win7 works perfectly fine with current versions of Samba 3. https://wiki.samba.org/index.php/Windows7 On Sun, Feb 17, 2013 at 3:40 PM, peter lawrie peter.law...@glendiscovery.co.uk wrote: Hi Some advice needed on samba-3.6.6 for win7 Since getting my win7 ultimate pc, I've only used my centos server with samba for a workgroup connection. Previously I had an XP client on this domain. I've updated today (17 feb 2013) to the latest centos5.9 (Linux 2.6.18-348.1.1.el5.centos.plus on i686) which includes samba3x with samba-3.6.600.129_el5 passdb backend has to be tdbsam now for win7, not smbpasswd I've tried repeatedly to join the domain without success. My win7 ultimate machine supposedly has the ability to join a domain Provided I ensure that nmbd as well as smbd is running, it gives the username and password login form and then The following error occurred attempting to join the domain glendisc The specified domain either does not exist or could not be contacted Since getting the win7 PC I have been connecting to workgroup 'glendiscovery' by the server IP address, so it has not previously been on the domain. I deliberately changed the name to glendisc to avoid possible issues. I can still connect to my workgroup shares I noted that the samba user root had
Re: [Samba] rsync'ing samba shares
Use glusterfs on a raid. It is just easy to setup. Real-time syncing between file shares HA. Block devices like drbd are limited to have only two nodes, glusterfs can have as many as you like. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Christian Rost Gesendet: Donnerstag, 14. Februar 2013 07:52 An: Greg Sloop; Gregory Sloop; samba@lists.samba.org Betreff: Re: [Samba] rsync'ing samba shares Hi Greg, the answer to your question can be quite complex, depending on your needs and your setup. If we are sticking with file-syncing than you can use robocopy as well as rsync. It depends on the amount of data hat needs to be synced, how often you want to sync, how can the DCs reach each other, ... If you link your DCs together via a separate sync-only network, I would prefer rsync. That way you do not interfere with the regular network. Anyway, syncing by rsync/ robocopy has the drawback that it is always lagging behind. If both machines are in the same network consider using a distributed filesystem/ block device that syncs the data between the nodes on the fly. Cheers, Christian Gregory Sloop gr...@sloop.net schrieb: I know this has come up a bit in the past, but consider this situation: Two Samba4 DC's - and I want to mirror the data shares to the backup DC in case we lose the primary DC and it's file shares. [A cheap, dirty, poor-mans semi-CTDB. How did you ever guess that Red Green was helping me?!] The easiest way is probably rsync'ing the data. However, will that include all the ACL's and extra data associated with the files. I understand that to a disk on part of the DC, it might not. But on the second DC, all the relevant users, AD group etc do all exist. So, is using rsync in such a situation reasonable/workable, or should we use some windows based utility - say robocopy to handle this? TIA -Greg -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Dipl.-Ing. Christian Rost [T.I.S.P.] roCon - Informationstechnologie Ulmenstraße 45 44534 Lünen fon: +49 (0) 2306 910 658 fax: +49 (0) 2306 910 664 url: http://www.rocon-it.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba3.5 + OpenLDAP config/install problem
Hi, did you try to do it with winbind, ldap-sam:trusted=yes ldapsam:editposix=yes net sam provision --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Wes Modes Gesendet: Dienstag, 12. Februar 2013 23:04 An: samba@lists.samba.org Betreff: [Samba] Samba3.5 + OpenLDAP config/install problem System Summary: centos 6.2 samba 3.5 smbldap-tools 0.9.6 openldap 2.4.23 Hello, I am installing smb 3.5 on a CentOS 6.2 host using smbldap-tools. I've previously installed a similar configuration on RHEL4 using smb 3.0 but CentOS now uses nss-pam-ldapd and nslcd instead of nss_ldap, so the configurations cannot be moved straight across. Currently, when I attempt to connect to an smb share with a valid ldap user and group on this host, I get tree connect failed: NT_STATUS_ACCESS_DENIED The LDAP server is currently serving as the directory server for the existing Samba3.0 server. I can connect to the identical share on that server as that user, so I know the user and group are okay. With log level 2, I get: [2013/02/11 17:11:00.701864, 2] lib/smbldap.c:950(smbldap_open_connection) smbldap_open_connection: connection opened [2013/02/11 17:11:00.704794, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: wmodes [2013/02/11 17:11:00.735092, 2] auth/auth.c:304(check_ntlm_password) check_ntlm_password: authentication for user [wmodes] - [wmodes] - [wmodes] succeeded [2013/02/11 17:11:00.735608, 1] passdb/pdb_ldap.c:2569(ldapsam_getgroup) ldapsam_getgroup: Duplicate entries for filter ((objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544)): count=2 [2013/02/11 17:11:00.736254, 1] passdb/pdb_ldap.c:2569(ldapsam_getgroup) ldapsam_getgroup: Duplicate entries for filter ((objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544)): count=2 [2013/02/11 17:11:00.740024, 2] lib/access.c:409(check_access) Allowed connection from :::128.114.163.34 (:::128.114.163.34) [2013/02/11 17:11:00.741041, 2] lib/access.c:409(check_access) Allowed connection from :::128.114.163.34 (:::128.114.163.34) [2013/02/11 17:11:00.742383, 2] passdb/pdb_ldap.c:2446(init_group_from_ldap) init_group_from_ldap: Entry found for group: 30001 [2013/02/11 17:11:00.743305, 2] passdb/pdb_ldap.c:2446(init_group_from_ldap) init_group_from_ldap: Entry found for group: 30034 [2013/02/11 17:11:00.744600, 2] passdb/pdb_ldap.c:2446(init_group_from_ldap) init_group_from_ldap: Entry found for group: 1001 [2013/02/11 17:11:00.745181, 2] smbd/service.c:598(create_connection_server_info) user 'wmodes' (from session setup) not permitted to access this share (cns) [2013/02/11 17:11:00.745225, 1] smbd/service.c:678(make_connection_snum) create_connection_server_info failed: NT_STATUS_ACCESS_DENIED It seems like I was auth'd okay, my group was okay, but still it failed. Here we are again at log level 3: [root@edgar2 samba]# tail -n 0 -f log.smbd 2013/02/11 17:40:43.096677, 3] smbd/sesssetup.c:1254(reply_sesssetup_and_X_spnego) NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] [2013/02/11 17:40:43.096780, 3] libsmb/ntlmssp.c:747(ntlmssp_server_auth) Got user=[wmodes] domain=[MYGROUP] workstation=[MONITOR] len1=24 len2=24 [2013/02/11 17:40:43.096974, 2] lib/smbldap.c:950(smbldap_open_connection) smbldap_open_connection: connection opened [2013/02/11 17:40:43.099000, 3] lib/smbldap.c:1166(smbldap_connect_system) ldap_connect_system: successful connection to the LDAP server [2013/02/11 17:40:43.099455, 3] auth/auth.c:216(check_ntlm_password) check_ntlm_password: Checking password for unmapped user [MYGROUP]\[wmodes]@[MONITOR] with the new password interface [2013/02/11 17:40:43.099475, 3] auth/auth.c:219(check_ntlm_password) check_ntlm_password: mapped user is: [MCHSTAFF]\[wmodes]@[MONITOR] [2013/02/11 17:40:43.100076, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: wmodes [2013/02/11 17:40:43.129095, 3] auth/auth.c:265(check_ntlm_password) check_ntlm_password: sam authentication for user [wmodes] succeeded [2013/02/11 17:40:43.129173, 2] auth/auth.c:304(check_ntlm_password) check_ntlm_password: authentication for user [wmodes] - [wmodes] - [wmodes] succeeded [2013/02/11 17:40:43.129785, 1] passdb/pdb_ldap.c:2569(ldapsam_getgroup) ldapsam_getgroup: Duplicate entries for filter ((objectClass
Re: [Samba] Samba DC Backup Best Practices
Best working for me 2 physical hosts PDC/Openldap BDC/Openldap Ldap Master-Master Replication. So PDC is down BDC will serv authentication and shares This is done with : Ucarp servs a unique IP for the domain only the master holds the ip. When the master is down the bdc gets the ip. The shares run on a glusterfs brick and are replicated in real time from PDC to BDC. For Wins samba4wins (http://www.enterprisesamba.org/samba4wins/) running two wins server one on PDC the other on BDC Push and Pull. Both set in the network config of the windows clients. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Chris Nighswonger Gesendet: Dienstag, 5. Februar 2013 15:35 An: samba Betreff: [Samba] Samba DC Backup Best Practices I recently suffered the misfortune of a corrupted winbindd_idmap.tdb file on my Samba PDC. Since we run several other Samba servers (file, print, proxy, etc.) as well as around 50 Win32 clients, the recovery and clean up was a pain. I'm glad we do not have 1000 clients... To this point I was not running a BDC. I realize now that this was probably a bad thing. However, in addition to adding a BDC, are there any best practices for backing up critical Samba files in an effort to make recovery easier? I have read a multiplicity of opinions offered to me by the oracle at Google, but am wondering if the Samba community has some established best practices. It was sort of nightmarish having 50+ users sitting around waiting for their network to be fixed, and I'd rather not go that way again so feel free to tell me how stupid it was to not have addressed this before. ;-) Samba: 3.6.6 Ubuntu: 10.4.4 LTS Kind Regards, Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6.9 - Redundancy (HA/BDC/DRBD)
If you do not like the BDC stuff. Just set up a proxmox 2 node cluster. Virtualize your PDC. Set up your virtualized Machine a proxmox storage on glusterfs, make it HA. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Florian Götz Gesendet: Mittwoch, 6. Februar 2013 09:05 An: samba@lists.samba.org Betreff: [Samba] Samba 3.6.9 - Redundancy (HA/BDC/DRBD) Hi everybody, our university uses a Samba 3.6.9 server as PDC for a windows domain on a single physical server (external LDAP on another server is used). To get some redundancy up running a second physical machine was bought, which is exactly the same as the one running. Now I´m searching for the best way to get the job done. The first thought was to build a HA-Cluster with Corosync/Pacemaker etc. and mirror the data partitions via drbd. So I would have two identical PDCs in an active/passive setup. The question is, is there a better way to do this without scrambling my whole configuration? If I configure a BDC (as far as I understood the BDC concept), the BDC is a read-only copy of the PDC. But I would have to sync the userdata (home dirs, profiles etc) by myself (drbd for example). So users could authenticate and login to the domain, but no changes could be made, right? So how do you deal with the high availablity of your DCs? Regards Florian Götz -- Mit freundlichen Grüßen Florian Götz - Dipl.-Inf. (FH) Florian Götz Rechenzentrum Hochschule Mannheim Paul-Wittsack-Straße 10 68163 Mannheim Tel: 0621/292-6232 EMail: f.go...@hs-mannheim.de Internet: http://www.rz.hs-mannheim.de - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Does Samba 3 work in a Windows 2008 R2 with NO WINS and NO NETBIOS
As member server, domain=ads You have to configure winbind Good Luck --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Andrew Watkins Gesendet: Mittwoch, 6. Februar 2013 15:30 An: samba@lists.samba.org Betreff: [Samba] Does Samba 3 work in a Windows 2008 R2 with NO WINS and NO NETBIOS Hopefully a quick question. My Windows AD administrator is moving to Windows 2008R and is about to switch off the last Windows 2003 domain controller. He also wants to switch off the compatible WINS and NETBIOS off as well. Does samba 3 work in this environment or do I need to tell him to keep then working? Cheers, Andrew -- Andrew Watkins * Birkbeck, University of London * Computer Science * * UKOUG Solaris SIG Co-Chair * http://notallmicrosoft.blogspot.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Cannot logon Samba 4 via plaintext password
I do not think so. Why not just download samba4 gzipped from sama.org. unzip it and compile anew. You need this samba tool to administrate samba 4 On Mon, 4 Feb 2013 17:32:29 +, Benjamin Huntsman bhunts...@mail2.cu-portland.edu wrote: There is no samba-tool binary in my build. I built 4.0.2 using the original build system, since the WAF-baed one doesn't work on AIX. Can the same effect be achieved through editing smb.conf? Thanks! -Ben From: Daniel Müller [muel...@tropenklinik.de] Sent: Sunday, February 03, 2013 10:59 PM To: 'TAKAHASHI Motonobu'; Benjamin Huntsman Cc: samba@lists.samba.org Subject: AW: [Samba] Cannot logon Samba 4 via plaintext password Did you try samba-tool: pwsettings Sets password settings set -H --quiet --complexity=on|off|default --store-plaintext=on|off|default --history-length= --min-pwd-length= --min-pwd-age= --max-pwd-age= --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von TAKAHASHI Motonobu Gesendet: Sonntag, 3. Februar 2013 17:27 An: bhunts...@mail2.cu-portland.edu Cc: samba@lists.samba.org Betreff: Re: [Samba] Cannot logon Samba 4 via plaintext password From: Benjamin Huntsman bhunts...@mail2.cu-portland.edu Date: Fri, 1 Feb 2013 21:42:29 + So, I have working builds of Samba 3.6.10, and 4.0.2 using the traditional build system on AIX, both built with XLC. For historical reasons, we're needing to use 'encrypt passwords = no', so that Samba uses the OS password. The odd thing, is, the 3.6.10 Samba works just fine, but the 4.0.2 doesn't allow connections. Here's the Samba config I'm using on both: I reproduced this problem on Linux box. I see packet captures and confirm that Samba replies to enable plaintext password, Windows client sends a plaintext password, and at last Samba replies logon failure to client. My smb.conf is: - [global] encrypt passwords = no server max protocol = nt1 ntlm auth = yes [tmp] path = /tmp writeable = yes - Hmmm, I think it is a bug... --- TAKAHASHI Motonobu mo...@monyo.com / @damemonyo facebook.com/takahashi.motonobu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] msdfs proxy question
So If you have done your openvpn config on a per client. You can restrict in this config the things users can do. Ex.: Client 1 can only see a specific host. Client 2 has full access to the fileserver and the net behind it. Group one is distributed with Client 1. Group two is distributed with Client 2. The second part is with Samba. Only the IP-Range that is distributed with Client 2 can logon and work with files. Then set the samba groups according to your needs and you are up and running. Ex. OPENVPN config with logon to Samba 3 Server: Server: local your.server.i.p port 1194 proto udp dev tun #your keys ca keys/ca.crt cert keys/server.crt key keys/server.key dh keys/dh1024.pem server 10.0.9.0 255.255.255.0 #your clients config directory client-config-dir ccd client-to-client duplicate-cn push dhcp-option DNS here.your.dns.server push dhcp-option WINS here.your.wins.server###openvpn provides netbios push dhcp-option DOMAIN your.domain ##your routes route 192.168.135.0 255.255.255.0 push route 192.168.135.0 255.255.255.0 push route 192.168.134.0 255.255.255.0 push route 192.168.133.0 255.255.255.0 push route 192.168.132.0 255.255.255.0 max-clients 20 keepalive 10 120 comp-lzo persist-key persist-tun status server-tcp.log verb 3 #auth against samba/openldap on connect through openvpn client auth-user-pass-verify /etc/openvpn/ccd/login.sh via-env Client: client dev tun proto udp port 1194 remote your.remote.loginserver 1194 ## resolv-retry infinite nobind persist-key persist-tun ##Where are your certs? ca C:\\openvpn\\config\\ca.crt cert C:\\openvpn\\config\\client1.crt key C:\\openvpn\\config\\client1.key ns-cert-type server comp-lzo verb 3 pull ##prompt for samba/openldap user--pass auth-user-pass auth-nocache route-method exe ##-- you need this entries route-delay 2 ##-- for windows to log on --explicit-exit-notify 2 ##Below if you need a script the name need to be client_up.bat or client_down.bat ##--up C:\\openvpn\\config\\client_up.bat Login.sh (So you can be certain only a authenticated user to samba see the files): #!/bin/sh ##login script openvpn 071209 dm ## LDAP=xxx.xxx.xxx.xxx ##pruefen ob leer username/passwort o anonymous if [$username = anonymous || $username = Anonymous || -z $username || -z $password ]; then exit 1; fi ###test bind ldapwhoami -x -h $LDAP -D uid=$username,ou=users,dc=your,dc=domain -w $password ### if [ $? = 0 ]; then exit 0; else exit 1; fi exit 1; In your smb.conf, Hosts allow= 10.0.9.0/24 --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: Michael Wilke [mailto:m...@1982.cc] Gesendet: Montag, 4. Februar 2013 09:07 An: samba@lists.samba.org Cc: muel...@tropenklinik.de Betreff: Re: AW: [Samba] msdfs proxy question Hi Daniel, that is exactly the problem, the samba server has an OpenVPN server, but the VPN user group includes people who are not directly working for the company so they should'nt have access to the internal network. So even if I could set up the samba box as gw and limit the access to the file server by firewall rules, I'm not sure I can restrict the access to the file server itself and they could see way to much than what they should. Is there any other possibility to do that? On Mon, 2013-02-04 at 08:33 +0100, Daniel Müller wrote: If you have no route to the network nothing will work. Samba is not a Gateway nor does it VPN connections or something like that. If your second network is a external one you will be better in the first with openvpn And set your routes to your needs. If your second network is internal you need to set up a gateway that can be reached from both Networks. Good Luck Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Michael Wilke Gesendet: Montag, 4. Februar 2013 08:05 An: samba@lists.samba.org Betreff: [Samba] msdfs proxy question Hi List, I am struggling a little bit with the msdfs proxy parameter. I want the samba server as a kind of a bridge between two networks, that the samba server only shares some of the shares provided by our file server to a second network. I don't want the samba srv to be a gw or give the clients a route to the internal network, because it is a total different user group. I first tried to do so with an msdfs root directory and symlinks but for sure
Re: [Samba] Web Site E-mail Server authentication with Samba4
If you are not fixed to Zimbra you can have a look at SOGo (http://www.sogo.nu/). --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Vijay Thakur Gesendet: Montag, 4. Februar 2013 07:46 An: samba@lists.samba.org Betreff: [Samba] Web Site E-mail Server authentication with Samba4 Hi all, I have a running Samba4 Server. I am able to authenticate Windows and Linux Clients very. (1) I want to use samba4 as SSO. In this regard my next step is to authenticate our web site users from samba4 server. In this web site, at home page our corporate users give their e-mail address usern...@companydomain.com and password (not e-mail password). (2) Our E-mail server is hosted on cloud. We want to deploy our own in-house E-mail Server. The users of E-mail server will be authenticated from Samba4. In precise, i want to turn my samba server a SSO in my required two scenario. Kindly help me and suggest that how can i achieve these two targets. For e-mail Server i will use Zimbra Collaboration Server. Thanks in advance. Vijay Thakur -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Cannot logon Samba 4 via plaintext password
Did you try samba-tool: pwsettings Sets password settings set -H --quiet --complexity=on|off|default --store-plaintext=on|off|default --history-length= --min-pwd-length= --min-pwd-age= --max-pwd-age= --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von TAKAHASHI Motonobu Gesendet: Sonntag, 3. Februar 2013 17:27 An: bhunts...@mail2.cu-portland.edu Cc: samba@lists.samba.org Betreff: Re: [Samba] Cannot logon Samba 4 via plaintext password From: Benjamin Huntsman bhunts...@mail2.cu-portland.edu Date: Fri, 1 Feb 2013 21:42:29 + So, I have working builds of Samba 3.6.10, and 4.0.2 using the traditional build system on AIX, both built with XLC. For historical reasons, we're needing to use 'encrypt passwords = no', so that Samba uses the OS password. The odd thing, is, the 3.6.10 Samba works just fine, but the 4.0.2 doesn't allow connections. Here's the Samba config I'm using on both: I reproduced this problem on Linux box. I see packet captures and confirm that Samba replies to enable plaintext password, Windows client sends a plaintext password, and at last Samba replies logon failure to client. My smb.conf is: - [global] encrypt passwords = no server max protocol = nt1 ntlm auth = yes [tmp] path = /tmp writeable = yes - Hmmm, I think it is a bug... --- TAKAHASHI Motonobu mo...@monyo.com / @damemonyo facebook.com/takahashi.motonobu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] msdfs proxy question
If you have no route to the network nothing will work. Samba is not a Gateway nor does it VPN connections or something like that. If your second network is a external one you will be better in the first with openvpn And set your routes to your needs. If your second network is internal you need to set up a gateway that can be reached from both Networks. Good Luck Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Michael Wilke Gesendet: Montag, 4. Februar 2013 08:05 An: samba@lists.samba.org Betreff: [Samba] msdfs proxy question Hi List, I am struggling a little bit with the msdfs proxy parameter. I want the samba server as a kind of a bridge between two networks, that the samba server only shares some of the shares provided by our file server to a second network. I don't want the samba srv to be a gw or give the clients a route to the internal network, because it is a total different user group. I first tried to do so with an msdfs root directory and symlinks but for sure it didn't work, because the clients don't have a route to the source server. But msdfs proxy doesn't work either: smb.conf: --- [software-new] msdfs root = yes msdfs proxy= \gunter\software --- When I try to access the share from a computer in the sec. network the log shows: --- Client requested device type [?] for share [SOFTWARE-NEW] refusing connection to dfs proxy share 'software-new' (pointing to \gunter\software) error packet at smbd/reply.c(803) cmd=117 (SMBtconX) NT_STATUS_BAD_NETWORK_NAME --- The server is accessible from the samba box and smbclient connects fine: root@samba:~# smbclient -L '\\gunter' -U 'DOMAIN\micha' WARNING: The idmap uid option is deprecated WARNING: The idmap gid option is deprecated Enter DOMAIN\micha's password: Domain=[DOMAIN] OS=[Windows Server 2003 R2 3790 Service Pack 2] Server=[Windows Server 2003 R2 5.2] Sharename Type Comment - --- ... softwareDisk Software ... If I access the msdfs share from the sec. network (10.10.12.0) with an IP in the first network (10.10.10.0) then the connection redirects me to the gunter server and everything works, but I need a proxy not a standard msdfs redirect. Any advice appreciated Michael -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] OpenLDAP domain registering
Hello, If your fileserver is part of a domain it is: Security=domain -- all your authentication will be transmited to the PDC Did you join your fileserver to the domain ? --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von arun.sa...@wipro.com Gesendet: Donnerstag, 31. Januar 2013 07:06 An: samba@lists.samba.org Betreff: [Samba] OpenLDAP domain registering Hello Team, I am using samba 3.6.3 in ubuntu as file server and also I have a domain controller in my organization both are different servers. I am able to register SAMBA as domain controller successfully, and I could see SAMBA Domain with SID populated in my OpenLDAP. But my problem is when I configure samba as file server. SAMBA is pulling the host name and registering to OpenLDAP as domain. Example My Domain name is test. My file server host name is fileserver01 I could see test and fileserver01 in my openldap with SID. why this is happening, since this is just configured as file server. and also I do not have winbind configured in my file server. below are my configuration details. [global] workgroup = test server string = %h server (Samba, Ubuntu) wins server = 192.168.1.2 dns proxy = no name resolve order = lmhosts host wins bcast disable spoolss = no spoolss : architecture = Windows x64 log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d security = user encrypt passwords = true passdb backend = ldapsam:ldap://servername ldap suffix = dc=aa,dc=bb,dc=com ldap user suffix = ou=People ldap group suffix = ou=Groups ldap machine suffix = ou=Computers ldap idmap suffix = ou=Idmap ldap admin dn = cn=admin,dc=aa,dc=bb,dc=com ldap ssl = no map to guest = bad user domain logons = yes load printers = yes printing = cups printcap name = cups socket options = TCP_NODELAY domain master = no usershare allow guests = yes [homes] create mask = 0700 directory mask = 0700 browseable = no comment = Home Directories valid users = %S writable = yes available = no [printers] comment = All Printers public = yes printable = yes path = /var/spool/samba # Windows clients look for this share name as a source of downloadable # printer drivers [print$] comment = Printer Drivers writeable = yes public = yes path = /var/lib/samba/printers write list = root,@Onsite-Admins [iMigrate] force create mode = 770 valid users = @Onsite-Admins create mode = 770 path = /data/imigrate write list = @Onsite-Admins force directory mode = 770 directory mode = 770 The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Questions for minimal AD DC, DNS setup and Posix use
For your POSIX issue there could be an interesting hint:
https://wiki.samba.org/index.php/Samba4/beyond
Good Luck
Daniel
---
EDV Daniel Müller
Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: muel...@tropenklinik.de
Internet: www.tropenklinik.de
---
-Ursprüngliche Nachricht-
Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im
Auftrag von Dewayne
Gesendet: Donnerstag, 31. Januar 2013 06:55
An: samba@lists.samba.org
Betreff: [Samba] Questions for minimal AD DC, DNS setup and Posix use
Our plan is to have one AD DC running in Head Office, RODC's at Branches and
a second writeable DC at a contingency site. Fileshares will run on separate
servers. The Windows 2003/2008 Servers use authentication services from
samba4 and run applications. Our current environment is Samba-3.6.9
PDC,BDCs fileshares, openldap stores samba, posix and acts as heimdal
backend - for SSO.
My questions are:
AD DC
Are smbd and winbindd necessary on the AD DC. I would prefer to start samba
with only what it needs to function. When I kill the smbd and winbindd
processes, the kerberos, ldap dns functionality remain. How can I produce
a minimal AD DC:
1) Do I need smbd to parse the smb.conf for samba4 to start correctly?
2) If not, is there a better way than kill -9 to achieve the result of
samba4 without smbd, winbindd?
For readers new to RODC, this is useful:
http://technet.microsoft.com/en-us/library/cc772234(v=ws.10).aspx
DNS
DNS is required in Samba4 AD DC as explained here
http://blog.tridgell.net/?p=122 (Coming from a samba3 background, Tridge's
article is informative).
The internal DNS works like a dream. However the internal DNS doesn't slave
to a master DNS, so --dns-backend=BIND9_DLZ is the best option for a complex
environment using Windows servers as members or DC's. However:
3) For Samba4 AD DC to act purely as an authentication engine, within a UNIX
only servers where PCs and WinServers are effectively desktops for users;
can I use --dns-backend=NONE without loss of DRS or RODC functionality. (Or
are these contradictory requirements).
4) If we need to redesign our DNS infrastructure, is it sufficient that a
dhcp server, provide updates to bind9-DLZ (as a component of Samba4 AD DC)?
Posix
In a Samba3 world, I rely upon smbldap-tools
(http://gna.org/projects/smbldap-tools) to manipulate user/group
information, including assignment of uidNumber/gidNumber that is unique to
an individual, per IT audit instruction.
I would greatly appreciate guidance on how to set/use posix on Samba4. I've
spent 4 hours trolling the web and mailing list searches with hints or
scripts, so
5) Do I need to manually add the ldap posixAccount object to each users'
ldap record, or is there an option in samba-tool user create that I haven't
found? Next issue is how to manage as the uidNumber/gidNumber content?
{This was being worked:
http://samba.2283325.n4.nabble.com/Enabling-idmap-ldb-use-rfc2307-yes-on-2-D
Cs-td4637386.html ?}
6) Is there any mechanism that allows me to change the uid's being assigned
to files that are created by Samba AD DC to being the same as pre-existing
uid's used by Samba3. For example changing uid 320 to 1046, or gid
319 to 1001?
Miscellaineous
7) Will the list of smb.conf options described in samba4 source folder
source4/TODO be updated to reflect what appears in testparm -vss? It's a
little confusing as to which takes precedence?
With some instruction, I'd be happy to update/maintain some wiki information
for others' benefit.
Regards, Dewayne.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] fail-over, redundancy, bdc, multi-dc-domain
For me working: Centos5 old Samba3 PDC/BDC with openldap (Master/Master Multi-Master-Replication), ucarp for failover Ip/ Glusterfs Replicating Brick 2 node for samba shares/netlogon...Sa Ba4wins(Sernet), two wins-server push and pull. Running without any trouble. Greetings Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Andrew Bartlett Gesendet: Montag, 28. Januar 2013 15:41 An: Greg Sloop Cc: samba@lists.samba.org Betreff: Re: [Samba] fail-over, redundancy, bdc, multi-dc-domain On Tue, 2013-01-22 at 10:53 -0800, Gregory Sloop wrote: I'm aware of, at least generally, how one would have done a BDC/Redundant server under OpenLDAP Samba3. However, rolling your own multi-domain-controller was fairly daunting [for me] under Samba3 / OpenLDAP. I've been very interested in Samba4 for the more integrated nature of having LDAP/DNS/Samba all under one roof. [i.e. Fewer places where I can screw it up horribly.] Most of our users find that Samba 4.0 'just works' for them as an AD DC, even replicating to a second DC. However I'm also interested in how one can handle fail-over. I don't need something totally seamless and big-iron style. A backup box that would need some manual intervention would be fine. Just replicating to a second DC should be fine. You will need to manually replicate the sysvol share, but that shouldn't be hard. So, something like an rsync'd backup box where the shared files/accounts/etc are perhaps an hour out of date, and that would require 15 minutes to bring up as a primary would be an acceptable solution. I would not recommend just rsyncing anything, except the sysvol files. The reason is that rsync will not get a consistent snapshot of the databases. Joining a second DC will be much more seamless. That's not to say I wouldn't want something better, but that's kind of the low end of the acceptable scale. I've done some searches on the list and spent a while looking for examples but I don't easily find any. [Using searches with: samba4 bdc, redundant, backup, etc. There are a ton of very old articles on the list, but almost nothing I could find specifically on Samba4.] Could some kind soul point me either to: 1) Search terms more likely to produce results, or some discussion threads or 2) wiki/how-to's on how to accomplish something in the neighborhood on this subjet? The main HOWTO contains information on joining to an existing domain. That is what you need to do on your second DC. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] MS AD Tools
Hello, what kind of web services do you need? For Exchange there should be a solution with SOGo/Openchange. You need Virtual Desktop you can look at Ulteo Open Virtual Desktop v3. Greetings Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Andrew Bartlett Gesendet: Donnerstag, 24. Januar 2013 03:25 An: Michael Ray Cc: samba@lists.samba.org Betreff: Re: [Samba] MS AD Tools On Wed, 2013-01-23 at 18:18 -0600, Michael Ray wrote: Hello all, I'm in the process of trying to get Samba4 up and running as AD for my company. It's been a bumpy, but productive road. However, one thing that I'd like clarification on before we go live (which hopefully isn't too far out), is the use of MS Administrative Tools. The wiki mentioned using 'Users and Computers'. I have used that successfully; however there are several other things I'd like to use that appear to be missing functionality (e.g. 'Administrative Center' can't find the Active Directory Web Service, 'Users and Computers' can't get the Global Catalog). Are these things that have yet to be implemented or perhaps have I botched a configuration script somewhere? Unless you try really hard, a successful Samba AD DC install will do everything we can do out of the box. Many features remain unimplemented - we don't do web services for example. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 AD Groups Problem
Did you use MS ADS-Tool to set your permissions on that share. In some cases it is usefull to do so. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Lukas Gradl Gesendet: Dienstag, 15. Januar 2013 09:00 An: samba@lists.samba.org Betreff: Re: [Samba] Samba4 AD Groups Problem Zitat von Bob Miller b...@computerisms.ca: On Mon, 2013-01-14 at 16:26 +, Lukas Gradl wrote: Zitat von Nishant Sharma codemarau...@gmail.com: Hi Lukas, On Monday 14 January 2013 07:48 PM, Lukas Gradl wrote: there without any problem. But setting read only = yes and write list = @TEST\Domain Admins doesn't work - I get access denied on the windows host, despite I'm logged on as TEST\Administrator [testshare] Comment = Test share path = /space/testshare read only = Yes write list = @TEST\Domain Admins Change it to: write list = @Domain Admins,TEST\Administrators,administrator With the same result. I tried several combinations with the @ before and after the , with and without the TEST\ in Front - no result. Maybe this is stating the obvious, but did you make sure the actual file system permissions are correct? (ie chgrp -R Domain Admins /home/testshare) As written in the original post: I did a chmod 777 /home/testshare. So file system permissions should not be the problem. Additionally i can write through samba when I do a read only = no - so file system should be ok... But I want to write as a Domain Admins group member only... regards Lukas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] SAMBA 4 acting as Domain Server- Is Exchange 2010 capable of being installed?
I think you would be better with SOGo/Openchange as substitute of Exchange. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Matthew Gear Gesendet: Freitag, 11. Januar 2013 05:03 An: samba@lists.samba.org Betreff: [Samba] SAMBA 4 acting as Domain Server- Is Exchange 2010 capable of being installed? Hello All, SAMBA 4 is a great advancement, and I have it up and running in a lab environment authenticating Cisco UCM LDAP queries... I am attempting to install an Exchange 2010 deployment for integrated UM testing. As I attempted to extend the schema of the SAMBA 4 AD (setup /ps), the setup program came back and reported the following: The Domain Controller 'smb4.homelab.int' is running the 4.0.0 version of the operating system. Minimal requested version is 5.2 (3790) Service Pack 1. Is it possible to install Exchange 2010 in a Samba4 Active Directory environment ? Is Exchange supported? Many Thanks, -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] SAMBA 4 acting as Domain Server- Is Exchange 2010 capable of being installed?
I it is only for authentication this my work EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de Von: Matthew Gear [mailto:matthewj.g...@gmail.com] Gesendet: Freitag, 11. Januar 2013 09:15 An: muel...@tropenklinik.de Cc: samba@lists.samba.org Betreff: Re: [Samba] SAMBA 4 acting as Domain Server- Is Exchange 2010 capable of being installed? Thank you for the reply Daniel! Unfortunately, in my test scenario, Openchange does not have UM (Voicemail) capabilities, and hence the reason I am attempting to install Exchange (with UM). This is a Call Manager Cluster integrated with SAMBA4, and hence I am trying to setup a VM system with this cluster. Asterisk will not work for this integration either, I would like to use SAMBA4 as my DC userbase resource, but if I cannot, I might have to go back to the windows DC :( On Fri, Jan 11, 2013 at 3:03 AM, Daniel Müller muel...@tropenklinik.de wrote: I think you would be better with SOGo/Openchange as substitute of Exchange. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Matthew Gear Gesendet: Freitag, 11. Januar 2013 05:03 An: samba@lists.samba.org Betreff: [Samba] SAMBA 4 acting as Domain Server- Is Exchange 2010 capable of being installed? Hello All, SAMBA 4 is a great advancement, and I have it up and running in a lab environment authenticating Cisco UCM LDAP queries... I am attempting to install an Exchange 2010 deployment for integrated UM testing. As I attempted to extend the schema of the SAMBA 4 AD (setup /ps), the setup program came back and reported the following: The Domain Controller 'smb4.homelab.int' is running the 4.0.0 version of the operating system. Minimal requested version is 5.2 (3790) Service Pack 1. Is it possible to install Exchange 2010 in a Samba4 Active Directory environment ? Is Exchange supported? Many Thanks, -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 master browser on two networks plus WINS
Try this, samba4wins (http://www.enterprisesamba.org/samba4wins/)! A real wins server can interact with microsoft wins server push and pull partner! Let one samba be your pdc the other the bdc point both to the samba4wins host, point all your windows clients to the samba4wins host and you are up and running. Working here with 3 subnets and two windows 2008 wins servers as replication partners. On Thu, 03 Jan 2013 09:13:06 -0500, Gaiseric Vandal gaiseric.van...@gmail.com wrote: Is samba bound to a subnet1 interface only or all interfaces. Can subnet2 clients connect to samba via either IP? Are subnet2 clients supposed to be using samba services via the subnet1 IP or the subnet2 IP on the server?The first would involve going thru the firewall, which seems unnecessary with a dual homed samba server.The 2nd, however, probably rules out using WINS for the subnet2 clients since you would NOT want traffic going thru the firewall. What IP are the clients on subnet2 using for a WINS server? Can you try having the clients on subnet2 use samba server subnet1 IP as the WINS server? I haven't tried running WINS on a dual homed system. I would guess it you cat the wins.dat file (or tdbdump wins.tbd) you will only see registrations for subnet1. Have you specified any ports in the smb.conf file? Samba 3 uses NT4 type smb-over-NBT (ports 137,138,139 and not 445) BUT I have found that explicitly specifying ports in smb.conf breaks more things than it fixes. On 01/03/13 04:01, Gala Dragos wrote: I'm banging my head against the wall here with a problem that I have. I have one Samba 3 server on a linux box with 2 ethernet interfaces, each given a different subnet. The same box does dhcp leases on both networks, with wins option pointing to this server. Firewall was configured to allow the best unobtrusive communication between the two subnets, I can ping between the subnets and receive response, I can also access some other services, like http, from one subnet to the other. I have setup on this server a common Public share, which works. Now I'm trying to get the Samba PC from subnet 1 to see the Samba PC from subnet 2 and viceversa, but to no avail. On subnet 1 I can see access the server via it's NetBIOS name, but on subnet 2 I can only see the server and access it via it's IP. No other Samba PC's can be seen across the subnets! All pc's have the same workgroup. What to enable in configuration in order to be able to do cross subnet browsing with samba ? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 and Exchange 2010
Install SOGo/SAMBA4/Openchange this will substitute Exchange: http://www.sogo.nu/ --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Jaymzwise Jaymzwise Gesendet: Mittwoch, 19. Dezember 2012 08:26 An: samba@lists.samba.org Betreff: [Samba] Samba4 and Exchange 2010 Hi, I have successfully installed the stable version of Samba4 with AD role on a Debian Weezy yesterday. I managed to join a Windows 7 workstation and a Windows 2008 Server to my domain but I can't install Exchange 2010 on that server, when I try to launch the Setup /PrepareSchema command to configure Active Directory the following message appears : The Domain Controller 'smb4.intra.loc' is running the 4.0.0 version of the operating system. Minimal requested version is 5.2 (3790) Service Pack 1. Is it possible to install Exchange 2010 in a Samba4 Active Directory environment ? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba3 PDC and Windows 8 RTM
It will not work at this time. You need to test samba4. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Didster Gesendet: Montag, 3. Dezember 2012 14:57 An: samba@lists.samba.org Betreff: [Samba] Samba3 PDC and Windows 8 RTM Hi there, I have just purchased a new PC that came with Windows 8 Pro (Shudder...). I have been trying to add this machine to my Samba3 based domain. I'm getting the following error when doing so: The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain blah: The error was: DNS name does not exist. (error code 0x232B RCODE_NAME_ERROR) The query was for the SRV record for _ldap._tcp.dc._msdcs.blah I have applied the Windows 7 registry patches: HKLM\System\CCS\Services\LanmanWorkstation\Parameters DWORD DomainCompatibilityMode = 1 DWORD DNSNameResolutionRequired = 0 Which others seem to suggest work - at least with Beta versions of Win8 - but the error message suggests these are not doing anything? I have also specified the DNS suffix of the network manually. I have also applied all available Windows updates. Its Windows 8 Pro (on a Dell machine, if that matters) and Samba 3.6.6-3 running under Debian Wheezy. Nothing at all in the Samba logs - but I guess thats as its not even trying NT4 domain style. Any help appreciated. Thanks Simon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba3 PDC and Windows 8 RTM
I know no one running windows 8 in a way fitting in production, as with samba4. Myself has tested samba4 in a small ADS without any problems. For normal use it should be acceptable. EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de Von: Didster [mailto:dids...@gmail.com] Gesendet: Montag, 3. Dezember 2012 15:21 An: muel...@tropenklinik.de Cc: samba@lists.samba.org Betreff: Re: [Samba] Samba3 PDC and Windows 8 RTM Hi, You say at this time does that mean ever? I've looked at Samba4 and it doesnt yet seem stable enough to for a role out. How come there are lots of people saying they have had Win8 working with Samba3? Or has this functionality been taken out by MS? Cheers On Mon, Dec 3, 2012 at 2:16 PM, Daniel Müller muel...@tropenklinik.de wrote: at this time -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] WINs service of Samba
To have an real wins server running for your samba domain: http://ftp.sernet.de/pub/samba4WINS/ Can be a push and pull partner for W2008 R2 wins server. Greetings Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von ? ?? Gesendet: Montag, 26. November 2012 12:50 An: samba@lists.samba.org Betreff: [Samba] WINs service of Samba I use Samba 3.14.17 and later test Samba 3.6.9. The computer is WINs server on Samba. wins support = yes All work good. But now I see that NetBIOS clients cannot to re-register their names on WINs, when he change IP. From WinXP SP3 I do nbtstat -RR Answer: NetBIOS-names registered by this computer were changed. From server: relay2# nmblookup -U 10.0.0.1 -R -S aiy querying aiy on 10.0.0.1 10.0.0.14 aiy00 This is old IP Looking up status of 10.0.0.14 No reply from 10.0.0.14 Only help if I stop samba, delete record from wins.dat, start samba and repeat from client nbtstat -RR. I am not undestand why WINs on Samba not re-register names if client change IP. That it is possible to make that function of a re-registration of the names NetBIOS worked? Excuse me for bad English. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] MS Sharepoint 2010 configuration fails with Samba/Openldap PDC
Using Alfresco for certain Sharepoint things would do the job with samba3/Ldap. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Andrew Bartlett Gesendet: Dienstag, 20. November 2012 22:49 An: Andreas Krupp Cc: samba@lists.samba.org Betreff: Re: [Samba] MS Sharepoint 2010 configuration fails with Samba/Openldap PDC On Tue, 2012-11-20 at 19:12 +0100, Andreas Krupp wrote: Hello, I hope this is the right mailing list for troubleshooting. My environment is: -CentOs 6.3 x64 -Samba as PDC -OpenLdap -Bind I followed this very nice tutorial to set-up the environment as PDC: http://www.server-world.info/en/note?os=CentOS_6 http://www.server-world.info/en/note?os=CentOS_6p=sambaf=4 p=sambaf=4 And actually almost everything is working. I can add Windows Server 2008 R2 to the domain, use users and service accounts from samba/ldap and e.g. run SQL Server over such a service account. However, my Sharepoint 2010 Configuration Wizard fails every time I am trying to configure Sharepoint. The normal resolution for this problem is to do the installation while the Sharepoint Server is connected to the Domain. In my case, I am connected to the domain but it does not work. The error message from sharepoint is: The .GetDomainControllerToSearch function that does not get the right result made me dig into the LDAP requests that the Sharepoint Installation is sending to the PDC. And I could isolate a couple of requests with 0 results that I thought were causing the trouble. After I added the group Domain Controllers to the LDAP, added the PDC to that group and made several DNS modification to match those of a Windows PDC. I still cannot get rid of the error. So here are the remaining LDAP queries without response: If sharepoint is expecting an AD DC, then you really have no option but to run an AD DC. See our wiki at https://wiki.samba.org/index.php/Samba4/samba3upgrade/HOWTO for an explanation of the process of upgrading to Samba 4.0 as an AD DC. An OpenLDAP server simply won't have the right structure that sharepoint is looking for. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Domain DFS on samba 4
For data replication just use glusterd/glusterfs. This would do the job . Running for me without trouble. Greetings Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Ludovic Rouse-Lamarre Gesendet: Samstag, 3. November 2012 21:56 An: samba@lists.samba.org Betreff: Re: [Samba] Domain DFS on samba 4 On 2012-10-28 13:01, Robert Schetterer wrote: To set up a load-balancing Dfs share, create the symbolic link like this: # ln -s 'msdfs:toltec\data,msdfs:mixtec\data' lb-data Ok well anyway it seems samba DFS doesn't include data replication. I have been looking around and I think maybe the Unison project would do the job for us. In response to AB, if possible we prefer to avoid the latency penalty for everyone. I have reconsidered using domain DFS. I think a stand-alone DFS root would be sufficient. I am interested in setting up a load-balancing Dfs share but I need clarifications regarding the selection process. Let's say I define my load balancing share like this: ln -s 'msdfs:serverindatacenter\data,msdfs:nasinremoteoffice\data' lb-data If both shares specified in the load balancing Dfs share are available, can I be sure the clients in our remote office will always be accessing their own NAS rather than the server available over the WAN? In other words is it possible they will connect to the server available with a higher latency or can I be sure they will always connect to the server directly on the LAN? Please take note the remote office is connected to the central server through a VPN. -- Ludovic Rouse-Lamarre, ing. jr Coordonnateur au support technique ludovic.rouse-lama...@xyzcivitas.com Groupe XYZCivitas Inc. 4000 rue Saint-Ambroise Bureau 190 Montréal, Québec, H4C 2C7 http://www.xyzcivitas.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 8 Pro no domain logon possible
By the way, the only success to join a windows 8 pro to a domain was to set up samba4 ads and join it successfully. I did not succeed in any way else. Greetings Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Roland Schwingel Gesendet: Donnerstag, 20. September 2012 11:30 An: samba@lists.samba.org Betreff: [Samba] Windows 8 Pro no domain logon possible Hi Some days ago I installed windows 8 pro from MSDN on one of my machines. I got a serious problem with it. I cannot logon as domain user. I first tried joining my domain from win8 with an unchanged win8 installation. This did fail. Afterwards I applied the usual windows 7 registry patches to allow a samba domain join and rebooted. Afterwards I could join my domain with no trouble. I rebooted and tried to log in as domain user. No chance. It fails. In the windows eventviewer I can find a message from Netlogon about a missing RPC server and that it cannot create a secure session with the domain controller (translated from german). In the samba log I can find this: [2012/09/20 10:03:56.934783, 0] rpc_server/netlogon/srv_netlog_nt.c:976(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client DEVINTEL-2 machine account DEVINTEL-2$ My PDC is running samba 3.6.6 with smb2 enabled. My samba is ldap backed. The trust account looks as it should when I look into the informations. I already had the same problems with the release preview of windows 8 some weeks ago (at that time my pdc was still 3.6.3). All versions of windows 8 before the release preview did work without trouble. Does anyone have the same problems? Has anyone already got a working windows 8 pro in a domain? This is very annoying. Any help is greatly appreciated. Roland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Custom SAMBA4/OpenChage ZEG applicance
Have a look at SOGo 2.0. They have the fitting rpms to get a exchange substitute run. http://www.sogo.nu/ Good Luck Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von John Russell Gesendet: Montag, 10. September 2012 18:42 An: samba@lists.samba.org Betreff: Re: [Samba] Custom SAMBA4/OpenChage ZEG applicance Decided to change distributions and use Debian, but now I'm having early issues. I am using Debian 6.0.5 Squeeze OpenChange from svn co -r 4145 https://svn.openchange.org/openchange/branches/sogo SAMBA4 - SAMBA-4.0.0BETA5 First I had to modify the installsamba4.sh file and remove any references to --disable-tdb2 That will allow make samba to run successfully. Next I run: ./autogen.sh ./configure --prefix=/usr/local/samba No issues here but when I run make I get the following error several minutes into the compiling process: Linking sample application bin/libmapixx-test /usr/local/samba/lib/private/libkrb5-samba4.so.26: undefined reference to `rep_strerror_r@SAMBA_4.0.0BETA5' collect2: ld returned 1 exit status make: *** [bin/libmapixx-test] Error 1 I have a feeling it has something to do with a reference in a script to the SAMBA version, but the wrong ascii character is being used for quotes. Notice `rep_strerror_r@SAMBA_4.0.0BETA5' better written as char(96) rep_strerror_r@SAMBA_4.0.0BETA5char(39). Let me know if I am even in the ballpark with this one or if anyone else has run into this issue. Thanks On Tue, Apr 17, 2012 at 1:20 PM, John Russell jb.fr...@gmail.com wrote: Question following HowTo build your own OpenChange/SOGo appliance: I have been building my own SAMBA4/OpenChange appliance *MOSTLY*following the instructions at http://tracker.openchange.org/projects/openchange/wiki/HowTo_build_you r_own_OpenChangeSOGo_appliance . I am using Ubuntu-Server 12.04 LTS (Precise Pangolin) precise-server-amd64.iso OpenChange from svn co -r 3923 https://svn.openchange.org/openchange/branches/sogo SAMBA4 - Samba-4.0.0Alpha18 At the step titled Configure DNS service # cd /etc/bind # mkdir samba # cp /usr/local/samba/private/named.* samba/ # cp rfi /usr/local/samba/private/dns samba/ my named.* files are actually in /usr/local/samba/share/setup/ (no big deal) logically I would assume my dns files would be in /usr/local/samba/share/setup/dns but no cookie :( Find reveals: find / -name dns /openchange/sogo/samba4/lib/dnspython/dns /openchange/sogo/samba4/libcli/dns /openchange/sogo/samba4/bin/default/libcli/dns /openchange/sogo/samba4/bin/default/source4/dsdb/dns /openchange/sogo/samba4/source4/selftest/provisions/alpha13/private/dn s /openchange/sogo/samba4/source4/dsdb/dns /usr/share/pyshared/dns /usr/lib/python2.7/dist-packages/dns /usr/src/linux-headers-3.2.0-23-generic/include/config/ceph/lib/use/dn s /usr/src/linux-headers-3.2.0-23-generic/include/config/dns Does anyone know the correct dns file or directory to copy to the bind directory? Thanks -- It's better to be boldly decisive and risk being wrong than to agonize at length and be right too late. Marilyn Moats Kennedy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samber server in openvz container - venet oder veth0?
Did you set in your registry: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters] DomainCompatibilityMode=dword:0001 DNSNameResolutionRequired=dword: Which version of samba do you use? With samba4 you do not use any wins anymore. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Birgit Berger (UV Wien) Gesendet: Dienstag, 14. August 2012 15:12 An: nka...@gmail.com Cc: samba@lists.samba.org Betreff: Re: [Samba] samber server in openvz container - venet oder veth0? Nico Kadel-Garcia nka...@gmail.com schreibt: On Fri, Aug 10, 2012 at 2:44 PM, Birgit Berger (UV Wien) birgit.ber...@oeh.univie.ac.at wrote: sorry, to bother you again. I cannot join win7 or winXP clients to my samba domain sever located on a debian server in a VE (openvz) unless I set up the server and clients to use WINS. But the recommendation is not to use WINS. openvz natively uses venet. venet makes broadcasting impossible. I guess DNS is sufficient for name-IP resolution but not for NetBios name-IP resolution (it doesn' know name types and maybe that's why it cannot find DMB and logon server?) and that's why my win7 and winXP clients cannot join the domain. Why don't the netbios names match the DNS names? Is your VPN not setting your default domain names? the computer names are exactly the same as the names registered in DNS. e.g. hostname PC5 the entry in DNS ist PC5.oeh.univie.ac.at so it should work. but it doesn't. windows 7 and windows xp computers cannot join the domain. (unless i set a WINS server in the tcp/ip settings on each client. Then they can join the domain and machine accounts are created.) Without WINS server set in the tcp/ip settings on each client I get the error message (see below), when I try to join the domain in Computer-Eigenschaften-Einstellungen ändern-Ändern-Domäne (where I type the domain name)-OK (The error message in win XP is exactly the same as the one in windows 7) Why does it necessarily ask for a WINS server? it should be possible without WINS server, shouldn't it? Or do I have to use WINS server when I user samba in a VE (openvz) with venet? And why DNS isn't enough for joining client machines to the domain? dcdiag.txt: Der Domänenname OEH ist möglicherweise ein NetBIOS-Domänenname. Sollte dies der Fall sein, stellen Sie sicher, dass der Name bei WINS registriert ist. Wenn Sie sicher sind, dass es sich nicht um einen NetBIOS-Domänennamen handelt, können folgende Informationen bei der Behandlung von Problemen mit der DNS-Konfiguration behilflich sein: Der folgende Fehler ist beim Abfragen von DNS über den Ressourceneintrag der Dienstidentifizierung (SRV) aufgetreten, der zur Suche eines Active Directory-Domänencontrollers für die Domäne OEH verwendet wird: Fehler: Der DNS-Name ist nicht vorhanden. (Fehlercode 0x232B RCODE_NAME_ERROR) Es handelt sich um die Abfrage des Dienstidentifizierungseintrags (SRV) für _ldap._tcp.dc._msdcs.OEH. Häufigste Fehlerursachen: - Die zum Ermitteln eines Active Directory-Domänencontrollers (AD DC) erforderlichen DNS-SRV-Einträge wurden nicht in DNS registriert. Diese Einträge werden automatisch bei einem DNS-Server registriert, wenn ein Active Directory-Domänencontroller einer Domäne hinzugefügt wird. Die Einträge werden vom Active Directory-Domänencontroller zu festgelegten Intervallen aktualisiert. Dieser Computer wurde zum Verwenden von DNS-Servern mit den folgenden IP-Adressen konfiguriert: 131.130.1.12 131.130.1.11 - Mindestens eine der folgenden Zonen enthalten keine Delegierung zu dieser untergeordneten Zone: OEH . (die Stammzone) == So given my virtual server setup with openvz, do you rather suggest to use WINS or to set up veth so I can use normal broadcasting? Or are there other ways to do name resolution with a samba server installed in a VE container which I oversaw. I'm a newbie and netbios name resolution is hard to understand. so I would be very happy to get any suggestions from people already using samba server in an open vz container do you guys use venet or veth or do you just activate WINS? birgit === thank you Johannes. no, I don't really need WINS but it was the only way I could join clients to the domain so far. so I activated it. DNS should be available and working too. /etc/nsswitch.conf looks like this: hosts: files dns Can I use venet with samba or should I change to veth? regards, birgit Johannes Truschnigg johan
Re: [Samba] Best way to add samba4 to existing domain
First both Samba4 dcs must know each other by dns. Do not provision the second samba4 as you want it to be in replication mode. Do not start samba on your new DC!! Then on your new DC: bin/net vampire your.realm. -Uadministrator --realm=your.realm If this is successful. Start samba on your new DC. Go on your 1st DC you setup. Now type: bin/ldbsearch -H /usr/local/samba/private/sam.ldb objectclass=ntdsdsa objectguid --cross-ncs EX result: # record 1 dn: CN=NTDS Settings,CN=NODE1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configur ation,DC=tuebingen,DC=tst,DC=loc objectGUID: 365d2a9f-bfe6-462d-965e-8622bfefc190 # record 2 dn: CN=NTDS Settings,CN=NODE2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configur ation,DC=tuebingen,DC=tst,DC=loc objectGUID: d6160c39-0810-4026-aa24-91c91797d892 Do not forget to update your dns settings after all. Good Luck Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Caleb O'Connell Gesendet: Dienstag, 7. August 2012 15:10 An: samba@lists.samba.org Betreff: [Samba] Best way to add samba4 to existing domain I have Samba4 running, and it had a win2k3 server joined to it. This is working great. I'd like to add another Ubuntu 12.04 server with samba4 beta5. What's the best join method? Do I provision the server as a member, then join using samba-tools domain join domain When I do it looks like it doesn't replicate the directory, just forwards? Should I provision as a DC with the same settings and then do the join? This fails with a IO_TIMEOUT sort of error. Is there another method that I just haven't discovered yet? Thanks in advance for all the great help. Caleb -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Domain member server - using domain part within authentication
The advantage to work with BDCs you will see when your PDC is down. EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de Von: Michal [mailto:timeo...@gmail.com] Gesendet: Dienstag, 7. August 2012 10:59 An: muel...@tropenklinik.de Cc: samba@lists.samba.org Betreff: Re: [Samba] Samba Domain member server - using domain part within authentication Hello Daniel, I understand the role of domain member server. But I have not understood why I have needed to type also domain name prefix during authentication - and this was changed in some of previous relases of samba - currently this needs to be explicitly defined that you want to map any domain name provided from computer to right domain name used in samba domain. On other way - I dont thnik that the better way is using BDC with direct connection to LDAP server... thanks michal On Mon, Jul 30, 2012 at 8:39 AM, Daniel Müller muel...@tropenklinik.de wrote: Hello, Memberserver: With security=domain, your auth request will be send to your dc and to its success it needs domain\user password. If your logon fails the memberserver tries to authenticate the user local. The better way: work with BDCs/LDAP Greetings Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Michal Bruncko Gesendet: Freitag, 27. Juli 2012 14:40 An: samba@lists.samba.org Betreff: [Samba] Samba Domain member server - using domain part within authentication Hello list, We are using several file servers in our enviroment in following way: - 1st fileserver is PDC - 2nd ... Xth are domain memeber server (with security = domain, and joined in domain via net rpc join command) When user is logging into 1st fileserver, he can be successfully authenticated with typing only username (without domain part) and his password from client computer which is NOT part of this domain. But when user is trying to log in to some domain member server, the authentication willl not be successful until hi use login in form DOMAIN\username and his password. I need to note here, that winbind is not running on member servers, just pure smbd and nmbd daemons. Is there any way how to authenticate to member servers without using domain part in authentication name? I am using: - on Server: samba on CentOS 6 - samba-3.5.10-125.el6.x86_64 - on Client: windows 7 many thanks michal -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] how to create a backup domain controller
Hello again, just setup a couple of Samba4 ads DC with DNS, replication each other. All the PDCs working on a failover clustered fileshare (DRBD or what better glusterfs). Or you use a virtual machine on a Proxmox failover cluster: http://pve.proxmox.com/wiki/File:Screen-startpage-with-cluster.png . Good Luck Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von deepak prasad Gesendet: Samstag, 4. August 2012 08:45 An: samba@lists.samba.org Betreff: [Samba] how to create a backup domain controller Hello everyone, I am using samba4 as my Primary Domain Controller in my company. But I am concerned if my DC goes down due to some reason then is there any way I can create a Backup Domain Controller or Secondary Domain Controller which can be used at that moment of time so that all my users can login to their respected machines with all the policies. I don't want my organization's work to be hampered in the mean time. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] documentation for configuring folder redirection
You think about something like this (it is tricky beware with windows 7 it is quiet different), done with kixtart, redirect all folders for clients other than windows 7: EX: ;we redirect folders tot he server ;wir setzen ein reg eintrag um zu prüfen ob wir schon was kopiert haben ;zunächst gibt es diesen Eintrag schon? ; we test on windows 7, if windows 7 no redirection If InStr(@PRODUCTTYPE, Windows 7) ?@userID ;copy C:\Users\@userID\* S:\@userID\ else $RETURNCODE=EXISTKEY(HKEY_CURRENT_USER\tpdc) ;if above reg key not exist create it IF NOT $RETURNCODE=0 ADDKEY(HKEY_CURRENT_USER\tpdc) ;the following entry will be deleted after all is done ADDKEY(HKEY_CURRENT_USER\tpdc\FIRST_LOGIN) ENDIF ; do only when FIRST_LOGIN $RETURNCODE=EXISTKEY(HKEY_CURRENT_USER\tpdc\FIRST_LOGIN) ;IF NOT $RETURNCODE=0 if 0 wenn the entry exists IF $RETURNCODE=0 ; $RETURNCODE=EXISTKEY(HKEY_CURRENT_USER\tpdc\profile_copied) IF NOT $RETURNCODE=0 ;if there is a profile folder IF EXIST(\\tpdc\@userID\@userID\profile) copy \\tpdc\@userID\@userID\profile\Eigene Dateien\* \\tpdc\@userID\ ENDIF ; windows 7? IF EXIST(\\tpdc\@userID\@userID\profile.V2) copy \\tpdc\@userID\@userID\profile.V2\Eigene Dateien\* \\tpdc\@userID\ ENDIF ;hint that Personal Folders are copied ADDKEY(HKEY_CURRENT_USER\tpdc\profile_copied) ;set the regs on the server WRITEVALUE(HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Expl orer\Shell Folders,Personal,\\tpdc\@userID,REG_SZ) WRITEVALUE(HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Expl orer\Shell Folders,My Pictures,\\tpdc\@userID\Meine Bilder,REG_SZ) WRITEVALUE(HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Expl orer\Shell Folders,My Music,\\tpdc\@userID\Meine Musik,REG_SZ) WRITEVALUE(HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Expl orer\Shell Folders,My Videos,\\tpdc\@userID\Meine Videos,REG_SZ) WRITEVALUE(HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Expl orer\User Shell Folders,Personal,\\tpdc\@userID,REG_SZ) WRITEVALUE(HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Expl orer\User Shell Folders,My Pictures,\\tpdc\@userID\Meine Bilder,REG_SZ) WRITEVALUE(HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Expl orer\User Shell Folders,My Music,\\tpdc\@userID\Meine Musik,REG_SZ) WRITEVALUE(HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Expl orer\User Shell Folders,My Videos,\\tpdc\@userID\Meine Videos,REG_SZ) ;jetzt sollen Server profile nicht mehr lokal gecached werden 16.07.07 wird über ntconfig.pol abgebildet ;$PFAD=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ If InStr(@PRODUCTTYPE, Windows 7) WRITEVALUE(HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\,DeleteRoamingCache,001,REG_DWORD) ENDIF ; ENDIF ;first login delete $RETURNVALUE=EXISTKEY(HKEY_CURRENT_USER\tpdc\FIRST_LOGIN) IF $RETURNVALUE=0 DELKEY(HKEY_CURRENT_USER\tpdc\FIRST_LOGIN) ENDIF ;ENDIF for Win7 ENDIF --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von John Heim Gesendet: Donnerstag, 2. August 2012 23:01 An: samba@lists.samba.org Betreff: [Samba] documentation for configuring folder redirection I believe that once you have roaming profiles configured, all you need to do to configure folder redirection is set some registry keys. I'd like to turn that job over to our Windows sys admin. Can someone provide me with their favorite documentation for configuring folder redirection? Keep in mind I am passing this link along to a Windows sys admin. Our backend is samba 3.6.3 if it matters. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] User administration
Forget about usrmgr on windows 7!!! --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Urs Forster Gesendet: Freitag, 3. August 2012 08:37 An: samba@lists.samba.org Betreff: [Samba] User administration Hi Using usrmgr.exe, the domain user manager from XP on a W7, I try to admin users in a domain. What I can do: - list users and groups - change existing users What I cannot: - add a user or a group - make a user a groupmember. Error: No permission What settings do I need to change? How can I debug, fix and test it? What better manager is there for W7? Thanks Urs -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC and Local Group Policies on XP
What did you use kixtart,poledit...? It seems that you did not set the rights on your netlogon the right way!? --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von benedikt.wies...@bw-systems.net Gesendet: Montag, 30. Juli 2012 18:39 An: samba@lists.samba.org Betreff: [Samba] Samba PDC and Local Group Policies on XP Hi *, I have reinstalled a server with the newest version of samba and configured it as PDC based on this tutorial (http://www.nicht-blau.de/2010/12/28/howto-samba-3-5-6-pdc-primary-domain-co ntroller-und-windows-7-2/). I then copied the old profiles folder onto the new server and set the permissions. But however before the reinstallation every Domainuser in the Domain accepted the Group Policies I set up at every Win XP computer (i.e. Setting a specific Wallpaper, Setting a specific design, deny access to system controls) and now they are consequently ignored. Example: I log on as Administrator (locally): - I have no access to system controls - I have my Wallpaper - I have my Design (Group policies are working) I log on as Domainuser: - I have full rights, I can do everything - I have a blue Wallpaper - Nothing happened to the design What the hell is going wrong? Why does a Domainuser has more rights than the administrator and why does the group policies do nothing? I hope somebody can help me. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba/Windows you do not have permission to access this
If there is a group accessing and writing the files set the sticky bit for groups on the shell Ex.: drwxrws--- 82 root Direktionv 4096 16. Jul 15:08 verwaltung In your smb.conf: read only=no directory mask=2770 force directory mode=2770 create mask = 2770 force create mode=2770 force security mode=2770 force directory security mode=2770 force group = Direktionv This will guarantee all users who own the group can manage the files --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: Craig Cameron [mailto:craig.came...@iongeo.com] Gesendet: Mittwoch, 1. August 2012 18:45 An: muel...@tropenklinik.de; samba@lists.samba.org Betreff: RE: [Samba] Samba/Windows you do not have permission to access this Yes it's down as writeable = yes in smb.conf If I change the file's ownership to myself it works - or if I then restart winbind and samba it then becomes accessible too. There's only an issue if the file owner is different from the person accessing it. Regards Craig -Original Message- From: Daniel Müller [mailto:muel...@tropenklinik.de] Sent: 01 August 2012 12:24 To: Craig Cameron; samba@lists.samba.org Subject: AW: [Samba] Samba/Windows you do not have permission to access this Did you configure the share as writeable=yes? --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Craig Cameron Gesendet: Mittwoch, 1. August 2012 13:07 An: samba@lists.samba.org Betreff: [Samba] Samba/Windows you do not have permission to access this I'm constantly running into the above error message when accessing files on a samba share under Win7. Files are fully accessible under Linux ie the group permissions are being honoured but Windows just locks me out if I'm not the owner. file: testfile owner: anotheruser group: mygroup user::rwx group::rwx other::--- default:user::rwx default:group::rwx default:other::--- Has anyone else experienced this? And if so can anyone suggest a fix? Thanks Craig This email and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If you are not the original recipient or the person responsible for delivering the email to the intended recipient, be advised that you have received this email in error, and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited. If you received this email in error, please immediately notify the sender and delete the original. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba This email and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If you are not the original recipient or the person responsible for delivering the email to the intended recipient, be advised that you have received this email in error, and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited. If you received this email in error, please immediately notify the sender and delete the original. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Access and group issues on domain member server (PDC is Samba as well)
Hi there, try : id youruser.ldap on the memberserver, ex.: [root@tuepdc ~]# id tester uid=1010(tester) gid=513(Domain Users) Gruppen=513(Domain Users),2154(orbis),34709(Dienstplan),61092(HS3),47140(DIFAEM),17162(agfa),29 998(OpenHearts),26630(Personal),27525(pflege),19307(agaterm),46212(TerminalS erver User) Should id not work there is something wrong. Maybe your ldapclient is not working properly. Good luck Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Philipp Felix Hoefler Gesendet: Mittwoch, 1. August 2012 11:52 An: samba@lists.samba.org Betreff: [Samba] Access and group issues on domain member server (PDC is Samba as well) Hi List, I created a domain member server in my samba domain. I start to realize that there are some issues when colleagues could not access some folders in the their shares. After searching for a solution I found that on that member server I have no samba groups available. First of all my setup: Domain controller: CentOS 6.2 x86_64, latest updates installed Samba 3.5.10 (from CentOS repo: samba-3.5.10-116.el6_2.x86_64) LDAP backend (OpenLDAP from CentOS repo: openldap-2.4.23-20.el6.x86_64) Domain member: exact same OS and versions as on domain controller also with LDAP backend I followed the instructions from http://www.samba.org/samba/docs/man/Samba-Guide/unixclients.html ( Procedure 7.1. Configuration of NSS_LDAP-Based Identity Resolution) for adding the member server. (BTW: If anyone on this list has access to this guide: Paragraph 8: the wbinfo --set-auth-user= has been replaced with net setauthuser) Both servers access the same LDAP directory for the linux accounts and for Samba incl. IDMAPs Everything in this guide worked as described. getent passwd and getent groups works successfully on both servers (shows all entries from LDAP) net rpc group list shows all groups correctly on the PDC net groupmap list shows all group mappings correctly on the PDC On the member server though: net rpc group list only gives me Administrators and Users net groupmap list only gives me: Administrators (S-1-5-32-544) - 16777216 Users (S-1-5-32-545) - 16777217 I also tried to run winbind on the domain member, domain member+PDC and whithout winbind at all (We only have this one domain, do I even need winbind then? As I understood it would only be needed if I have multiple domains running. Is this correct?) But these commands always show me the same output on the member server. Should this commands even produce more output on domain members? Or is it just for PDCs? smb.confs from both servers are added at the end. Thanks in advance! best regards, philipp PS: some additional info to our folder sharing system: All users only connect to their home-share. Inside this share we add symbolic links to the allowed group shares of the user. This group share folders are owned by root, group is one of the (allowed) Usergroups. Directory mask is 770, group-sticky bit is set. smb.conf from PDC: [root@srvad1 samba]# testparm Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section [netlogon] WARNING: The share modes option is deprecated Processing section [printers] Processing section [print$] Loaded services file OK. Server role: ROLE_DOMAIN_PDC Press enter to see a dump of your service definitions [global] workgroup = ATV server string = SRVAD1 interfaces = 192.168.249.0/24, 127.0.0.1/8 passdb backend = ldapsam:ldap://192.168.249.7/ log file = /var/log/samba/%m.log max log size = 50 smb ports = 139 time server = Yes unix extensions = No socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = CUPS add user script = /usr/sbin/smbldap-useradd -m add group script = /usr/sbin/smbldap-groupadd -p %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u add machine script = /usr/sbin/smbldap-useradd -w %u logon script = login.bat logon path = logon drive = U: logon home = \\SRVFILE1\%U domain logons = Yes os level = 65 preferred master = Auto domain master = Yes dns proxy = No wins support = Yes ldap admin dn = cn=Manager,dc=at-visions,dc=com ldap delete dn = Yes ldap group suffix = ou=Groups,o=default ldap machine suffix = ou=Computers,ou=Samba,ou=System ldap passwd sync = yes ldap suffix = dc=at-visions,dc=com ldap ssl = no ldap user suffix = ou=Users,o=default idmap uid
Re: [Samba] Samba/Windows you do not have permission to access this
Did you configure the share as writeable=yes? --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Craig Cameron Gesendet: Mittwoch, 1. August 2012 13:07 An: samba@lists.samba.org Betreff: [Samba] Samba/Windows you do not have permission to access this I'm constantly running into the above error message when accessing files on a samba share under Win7. Files are fully accessible under Linux ie the group permissions are being honoured but Windows just locks me out if I'm not the owner. file: testfile owner: anotheruser group: mygroup user::rwx group::rwx other::--- default:user::rwx default:group::rwx default:other::--- Has anyone else experienced this? And if so can anyone suggest a fix? Thanks Craig This email and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If you are not the original recipient or the person responsible for delivering the email to the intended recipient, be advised that you have received this email in error, and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited. If you received this email in error, please immediately notify the sender and delete the original. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Access and group issues on domain member server (PDC is Samba as well)
Did you miss this in your members smb.conf: passdb backend = ldapsam:ldap://192.168.249.7/ So your ldapclient is working but Samba does not now where to auth? Your config on memberserver: Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions [global] unix charset = LOCALE workgroup = ATV server string = SRVFILE1 interfaces = 192.168.249.0/24, 127.0.0.1/8 security = DOMAIN log level = 4 ads:10 auth:10 sam:10 syslog = 0 log file = /var/log/samba/%m.log max log size = 50 smb ports = 139 name resolve order = wins bcast hosts unix extensions = No socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 os level = 65 wins server = 192.168.249.1 ldap admin dn = cn=Manager,dc=at-visions,dc=com ldap group suffix = ou=Groups,o=default ldap idmap suffix = ou=Idmap,ou=Samba,ou=System ldap machine suffix = ou=Computers,ou=Samba,ou=System ldap suffix = dc=at-visions,dc=com ldap ssl = no ldap user suffix = ou=Users,o=default case sensitive = No veto files = /.*/ hide files = /.*/ locking = No wide links = Yes dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd A hint, to make your samba a full featured wins-server( even in replication with w2008) there is samba4wins: http://ftp.sernet.de/pub/samba4WINS/ --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: Philipp Felix Hoefler [mailto:p...@at-visions.com] Gesendet: Mittwoch, 1. August 2012 13:30 An: muel...@tropenklinik.de Cc: samba@lists.samba.org Betreff: Re: AW: [Samba] Access and group issues on domain member server (PDC is Samba as well) Hi Daniel, thank you for you response. [root@srvfile1 home]# id phoefler uid=1663(phoefler) gid=1105(VISIONS) groups=1105(VISIONS),512(Domain Admins),513(Domain Users),1103(IT),1069(Marketing),1079(TimeSheetReports) This is working correctly. Also all other linux - LDAP stuff is working without any problems. Only Samba seems to be unhappy :( best regards, philipp On 8/1/12 1:22 PM, Daniel Müller wrote: try : id youruser.ldap on the memberserver, ex.: [root@tuepdc ~]# id tester uid=1010(tester) gid=513(Domain Users) Gruppen=513(Domain Users),2154(orbis),34709(Dienstplan),61092(HS3),47140(DIFAEM),17162(ag fa),29 998(OpenHearts),26630(Personal),27525(pflege),19307(agaterm),46212(Ter minalS erver User) Should id not work there is something wrong. Maybe your ldapclient is not working properly. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Domain member server - using domain part within authentication
Hello, Memberserver: With security=domain, your auth request will be send to your dc and to its success it needs domain\user password. If your logon fails the memberserver tries to authenticate the user local. The better way: work with BDCs/LDAP Greetings Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Michal Bruncko Gesendet: Freitag, 27. Juli 2012 14:40 An: samba@lists.samba.org Betreff: [Samba] Samba Domain member server - using domain part within authentication Hello list, We are using several file servers in our enviroment in following way: - 1st fileserver is PDC - 2nd ... Xth are domain memeber server (with security = domain, and joined in domain via net rpc join command) When user is logging into 1st fileserver, he can be successfully authenticated with typing only username (without domain part) and his password from client computer which is NOT part of this domain. But when user is trying to log in to some domain member server, the authentication willl not be successful until hi use login in form DOMAIN\username and his password. I need to note here, that winbind is not running on member servers, just pure smbd and nmbd daemons. Is there any way how to authenticate to member servers without using domain part in authentication name? I am using: - on Server: samba on CentOS 6 - samba-3.5.10-125.el6.x86_64 - on Client: windows 7 many thanks michal -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4: 2DC domain. Which ldap:// address do I use, DC1 or DC2?
Thats it. In replication mode all information is equal. So it should not matter which DC you use. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: steve [mailto:st...@steve-ss.com] Gesendet: Montag, 30. Juli 2012 10:38 An: muel...@tropenklinik.de Cc: 'John Drescher'; samba@lists.samba.org Betreff: Re: AW: [Samba] Samba4: 2DC domain. Which ldap:// address do I use, DC1 or DC2? On 30/07/12 09:43, Daniel Müller wrote: If you use your DCs (using samba4 internal ldap)in replication mode all of your address-books on your Dcs should be equal. Hi Daniel I don't know what you mean by address books. I can scan the directory on OU=domain Controllers and pull out the fqdn's to use from there. Is that it? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba: read-only remote LDAP + additional local users
Why do not have all users work within samba? What is the reason? --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Arokux B. Gesendet: Montag, 23. Juli 2012 22:16 An: samba@lists.samba.org Betreff: [Samba] Samba: read-only remote LDAP + additional local users Hi all, my server has access to a read-only remote LDAP-server where information about 99% of user accounts is residing. On my server I want to configure Samba to use LDAP-sever for authentication. Now and then there will be some extra users that do not have an account on LDAP. How should I manage their authentication data and make Samba aware of it? From the Samba documentation: Early releases of Samba-3 implemented new capability to work concurrently with multiple account backends. This capability was removed beginning with release of Samba 3.0.23. Commencing with Samba 3.0.23 it is possible to work with only one specified passwd backend. So it seems Samba can support one authentication back-end only and if I make it use remote LDAP I cannot add any extra users with their accounts stored locally. Is there any workaround/solution for my scenario? Thanks for any help, Arokux -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
