[Samba] libpam-cracklib or libpam-passwdqc break SWAT
Hi all, Ubuntu 10.04 LTS Samba/Swat 3.4.7~dfsg-1u I'm required to use cracklib or passwdqc in pam.d But turns out that the above pam module break SWAT. Swat says: SAMR connection to machine NT_STATUS_ACCESS_DENIED failed. Error was 127.0.0.1, but LANMAN password changed are disabled The passwd has NOT been changed. log.smbd: [2012/03/29 17:34:28, 0] auth/pampass.c:705(smb_pam_chauthtok) PAM: UNKNOWN PAM ERROR (19) for User: user2 I have confirmed that this is because of the pam modules. Removing the pam modules restore SWAT ok again. Anyone has similar experience and workaround? Thank you. -- Fajar. http://linux3.arinet.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] A very strange SWAT: unix and samba password
Hi all, My setup is: Ubuntu 10.04.3 LTS Samba/Swat 3.4.7~dfsg-1ubuntu3.8 I apply min password age both on Unix and Samba. I test SWAT and it seems to be working fine, except after few days I notice that changing password from SWAT doesn't modify the Last password change on unix password. As the result now the info on my account is: - Unix last password change: Mar 25, 2012 - Samba last password change: Mar 26, 2012. I try to change password from SWAT again today (Mar 26), and surely SWAT says: machine 127.0.0.1 rejected the password change: Error was : Account restriction. The passwd has NOT been changed. In /var/log/log.smbd: [2012/03/26 15:33:30, 1] smbd/chgpasswd.c:1124(change_oem_password) user fajar cannot change password now, must wait until Tue, 27 Mar 2012 15:33:30 SGT This is the funny thing begins: - Unix account is changed by SWAT. But the Last password change is still Mar 25. - Samba account not changed. But after 1 minute (I think), samba password is changed too. Match the unix password!!! smb.conf: security = user encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes Why so strange? - Why SWAT manages to change the unix password but not update the Last password change date? - Why after 1 minute, the samba password got synched with unix password? Any more info you need from me, pls me know. Thank you. -- Fajar. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Swat chaging password on remote machine
Hi all, I want to use SWAT for user to change password. I have setup 2 identical Samba server on Ubuntu 10.04. samba1, samba2 Just a basic smb.conf. Locally SWAT works. But, when I try the Client/Server Password Management from samba1 to change password on samba2, nothing happens. In samba1 SWAT log I see this. While on samba2 nothing. Anything I miss? [2012/03/15 17:37:19, 2] param/loadparm.c:7743(do_section) Processing section [homes] [2012/03/15 17:37:19, 2] param/loadparm.c:7743(do_section) Processing section [printers] [2012/03/15 17:37:19, 2] param/loadparm.c:7743(do_section) Processing section [print$] [2012/03/15 17:37:19, 2] lib/interface.c:340(add_interface) added interface eth1 ip=fe80::20c:29ff:fe9e:fbad%eth1 bcast=fe80:::::%eth1 netmask=::::: [2012/03/15 17:37:19, 2] lib/interface.c:340(add_interface) added interface eth1 ip=10.1.17.253 bcast=10.1.19.255 netmask=255.255.252.0 [2012/03/15 17:37:19, 3] printing/pcap.c:136(pcap_cache_reload) reloading printcap cache [2012/03/15 17:37:19, 0] printing/print_cups.c:103(cups_connect) Unable to connect to CUPS server localhost:631 - Connection refused [2012/03/15 17:37:19, 2] printing/print_cups.c:545(cups_async_callback) cups_async_callback: failed to read a new printer list [2012/03/15 17:37:19, 3] printing/pcap.c:243(pcap_cache_reload) reload status: error [2012/03/15 17:37:19, 2] lib/util_tdb.c:385(tdb_log) tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/lang_en.tdb: Permission denied [2012/03/15 17:37:19, 2] param/loadparm.c:7743(do_section) Processing section [homes] [2012/03/15 17:37:19, 2] param/loadparm.c:7743(do_section) Processing section [printers] [2012/03/15 17:37:19, 2] param/loadparm.c:7743(do_section) Processing section [print$] [2012/03/15 17:37:19, 2] lib/interface.c:340(add_interface) added interface eth1 ip=fe80::20c:29ff:fe9e:fbad%eth1 bcast=fe80:::::%eth1 netmask=::::: [2012/03/15 17:37:19, 2] lib/interface.c:340(add_interface) added interface eth1 ip=10.1.17.253 bcast=10.1.19.255 netmask=255.255.252.0 [2012/03/15 17:37:19, 3] printing/pcap.c:136(pcap_cache_reload) reloading printcap cache [2012/03/15 17:37:19, 0] printing/print_cups.c:103(cups_connect) Unable to connect to CUPS server localhost:631 - Connection refused [2012/03/15 17:37:19, 2] printing/print_cups.c:545(cups_async_callback) cups_async_callback: failed to read a new printer list [2012/03/15 17:37:19, 3] printing/pcap.c:243(pcap_cache_reload) reload status: error [2012/03/15 17:37:19, 2] lib/util_tdb.c:385(tdb_log) tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/lang_en.tdb: Permission denied [2012/03/15 17:37:19, 2] param/loadparm.c:7743(do_section) Processing section [homes] [2012/03/15 17:37:19, 2] param/loadparm.c:7743(do_section) Processing section [printers] [2012/03/15 17:37:19, 2] param/loadparm.c:7743(do_section) Processing section [print$] [2012/03/15 17:37:19, 2] lib/interface.c:340(add_interface) added interface eth1 ip=fe80::20c:29ff:fe9e:fbad%eth1 bcast=fe80:::::%eth1 netmask=::::: [2012/03/15 17:37:19, 2] lib/interface.c:340(add_interface) added interface eth1 ip=10.1.17.253 bcast=10.1.19.255 netmask=255.255.252.0 [2012/03/15 17:37:19, 3] printing/pcap.c:136(pcap_cache_reload) reloading printcap cache [2012/03/15 17:37:19, 0] printing/print_cups.c:103(cups_connect) Unable to connect to CUPS server localhost:631 - Connection refused [2012/03/15 17:37:19, 2] printing/print_cups.c:545(cups_async_callback) cups_async_callback: failed to read a new printer list [2012/03/15 17:37:19, 3] printing/pcap.c:243(pcap_cache_reload) reload status: error [2012/03/15 17:37:19, 2] lib/util_tdb.c:385(tdb_log) tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/lang_en.tdb: Permission denied -- Thank you. Fajar. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba LDAP passthrough authentication to another openLDAP
Hi all, I have a setup like this. Pls let me know if it's possible or not. SAMBA + Local LDAP --- SASLAUTHD -- Global LDAP Desc: I'd like to do Samba authentication to LDAP, passthrough to another LDAP using SASL. The current situation is: SSH authentication from LDAP user to that Samba box works. However, smb authentication doesn't work (yet). This is what's shown in syslog when doing Samba authentication: Feb 16 20:47:05 sglabldap slapd[1393]: = access_allowed: read access to uid=fajar,ou=people,dc=example,dc=com userPassword requested Feb 16 20:47:05 sglabldap slapd[1393]: = acl_get: [1] attr userPassword Feb 16 20:47:05 sglabldap slapd[1393]: = acl_mask: access to entry uid=fajar,ou=people,dc=example,dc=com, attr userPassword requested Feb 16 20:47:05 sglabldap slapd[1393]: = acl_mask: to value by , (=0) Feb 16 20:47:05 sglabldap slapd[1393]: = check a_dn_pat: cn=admin,dc=example,dc=com Feb 16 20:47:05 sglabldap slapd[1393]: = check a_dn_pat: anonymous Feb 16 20:47:05 sglabldap slapd[1393]: = acl_mask: [2] applying read(=rscxd) (stop) Feb 16 20:47:05 sglabldap slapd[1393]: = acl_mask: [2] mask: read(=rscxd) Feb 16 20:47:05 sglabldap slapd[1393]: = slap_access_allowed: read access granted by read(=rscxd) Feb 16 20:47:05 sglabldap slapd[1393]: = access_allowed: read access granted by read(=rscxd) Feb 16 20:47:05 sglabldap slapd[1393]: conn=1062 op=1 ENTRY dn=uid=fajar,ou=people,dc=example,dc=com Feb 16 20:47:05 sglabldap slapd[1393]: = send_search_entry: conn 1062 exit. Feb 16 20:47:05 sglabldap slapd[1393]: send_ldap_result: conn=1062 op=1 p=3 Feb 16 20:47:05 sglabldap slapd[1393]: send_ldap_result: err=0 matched= text= Feb 16 20:47:05 sglabldap slapd[1393]: send_ldap_response: msgid=2 tag=101 err=0 Feb 16 20:47:05 sglabldap slapd[1393]: conn=1062 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Feb 16 20:47:05 sglabldap slapd[1393]: daemon: activity on 1 descriptor Feb 16 20:47:05 sglabldap slapd[1393]: daemon: activity on: Feb 16 20:47:05 sglabldap slapd[1393]: 15r In /var/log/samba/log.smbd: [2012/02/16 21:05:46, 3] smbd/negprot.c:672(reply_negprot) Selected protocol NT LANMAN 1.0 [2012/02/16 21:05:57, 3] auth/auth.c:222(check_ntlm_password) check_ntlm_password: Checking password for unmapped user [MYGROUP]\[fajar]@[SG-ROUTER0] with the new password interface [2012/02/16 21:05:57, 3] auth/auth.c:225(check_ntlm_password) check_ntlm_password: mapped user is: [LDAPCLIENT]\[fajar]@[SG-ROUTER0] [2012/02/16 21:05:57, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/02/16 21:05:57, 2] lib/smbldap.c:890(smbldap_open_connection) smbldap_open_connection: connection opened [2012/02/16 21:05:57, 3] lib/smbldap.c:1101(smbldap_connect_system) ldap_connect_system: successful connection to the LDAP server [2012/02/16 21:05:57, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: fajar [2012/02/16 21:05:57, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2012/02/16 21:05:57, 3] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2012/02/16 21:05:57, 2] passdb/pdb_ldap.c:2434(init_group_from_ldap) init_group_from_ldap: Entry found for group: 11000 [2012/02/16 21:05:57, 3] libsmb/ntlm_check.c:350(ntlm_password_check) ntlm_password_check: NT MD4 password check failed for user fajar [2012/02/16 21:05:57, 2] passdb/pdb_ldap.c:1199(init_ldap_from_sam) init_ldap_from_sam: Setting entry for user: fajar [2012/02/16 21:05:57, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/02/16 21:05:57, 2] auth/auth.c:320(check_ntlm_password) check_ntlm_password: Authentication for user [fajar] - [fajar] FAILED with error NT_STATUS_WRONG_PASSWORD [2012/02/16 21:05:57, 3] smbd/error.c:60(error_packet_set) error packet at smbd/sesssetup.c(122) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE [2012/02/16 21:05:57, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/02/16 21:05:57, 3] smbd/connection.c:31(yield_connection) Yielding connection to [2012/02/16 21:05:57, 3] smbd/server.c:849(exit_server_common) Server exit (failed to receive smb request) -- This is what's shown in syslog when doing SSH authentication: Feb 16 20:59:17 sglabldap slapd[1393]: conn=1064 op=2 do_bind Feb 16 20:59:17 sglabldap slapd[1393]: dnPrettyNormal: uid=fajar,ou=people,dc=example,dc=com Feb 16 20:59:17 sglabldap slapd[1393]: dnPrettyNormal: uid=fajar,ou=people,dc=example,dc=com, uid=fajar,ou=people,dc=example,dc=com Feb 16 20:59:17 sglabldap slapd[1393]: conn=1064 op=2 BIND dn=uid=fajar,ou=people,dc=example,dc=com method=128 Feb 16 20:59:17 sglabldap slapd[1393]: do_bind: version=3 dn=uid=fajar,ou=people,dc=example,dc=com method=128 Feb 16 20:59:17 sglabldap slapd[1393]: == hdb_bind: dn: uid=fajar,ou=people,dc=example,dc=com Feb 16 20:59:17 sglabldap slapd[1393]:
Re: [Samba] All read and write
On Wed, Dec 14, 2011 at 8:28 AM, Jessica Guynn jessgu...@gmail.com wrote: I have problems in creating all read and write samba connection. I am mounting an Ubuntu share to windows. A program I used in windows is able to create folders and files but unable to have ownership of the folder or write on the folder because once the folder is created, it is lock. What smbd.log says about it? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] FreeNAS/Samba Group Permissions with LDAP
On Fri, Dec 9, 2011 at 5:50 AM, Charles Tryon charles.tr...@gmail.com wrote: I'm not sure if this is an LDAP issue, a Samba issue, a BSD issue or a FreeNAS issue... However, my observation in FreeNAS is that, using LDAP, THIS DOESN'T WORK. If I set the Unix folder permissions in a share to 770, then the actual owner of the file/folder can open it up, but not other users who are in the group. The only way to grant access to other users is to set the permissions to 777 and open it up to the world. Also, the valid users parameter in the Samba conf file doesn't work with a group name. If I specify a group, then noone can map the share. Hi Charles, As you can see in my earlier post, my problem may be a bit similar. Mine is samba on zfs with 100+ users. I put all users in the same group as 2ndary member (usermod -G groupname username). I've setup LDAP authentication on the system. The samba shares is 2770 where every users in the group have rwx access. IT WORKS, but after a while some users are reporting they can only READ, not WRITE. Samba log shows this error: NT_NAME_COLLISION... I've googled, ask everywhere.. seen similar things, but So no solution, luckily I found a workaround. Creating a cronjob to restart Samba once a day seems to eliminate the problem. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Exporting tdbsam
Hi all, I'm trying to export the tdbsam: pdbedit -e tdbsam:backup-tdbsam_2028 tdbsam_open: Converting version 0 database to version 3. Looks successful, but the resulting file is only 4K, whereas the passdb.tdb file is 60K. Does it successfully exported? -- http://linux3.arinet.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Very strange permission problem: samba on zfs-fuse
On Tue, Nov 29, 2011 at 5:10 AM, Jeremy Allison j...@samba.org wrote: On Mon, Nov 28, 2011 at 10:51:22AM +0800, Fajar Priyanto wrote: Hi all, Centos 5.7 samba-common-3.0.33-3.29.el5_7.4 samba-3.0.33-3.29.el5_7.4 zfs-fuse-0.6.9_p1-6.20100709git.el5.1 Does anyone has ever encounter this problem? 3.0.x is a *very* old release. If you can reproduce with 3.5.x or 3.6.x you'll get much more response for a fix. Hi Jeremy, thanks for the reply. It comes from the standard Centos 5.7. Are you suggesting that I should try to somehow upgrade the Samba? Let me see if I can do that without replacing the Centos. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Very strange permission problem: samba on zfs-fuse
Hi all, Centos 5.7 samba-common-3.0.33-3.29.el5_7.4 samba-3.0.33-3.29.el5_7.4 zfs-fuse-0.6.9_p1-6.20100709git.el5.1 smb.conf [depot] path = /data/depot public = no writable = yes directory mask = 2775 create mask = 0664 vfs objects = recycle recycle:repository = .deleted/%U recycle:keeptree = Yes recycle:touch = Yes recycle:versions = Yes recycle:maxsixe = 0 recycle:exclude = *.tmp recycle:exclude_dir = /tmp recycle:noversions = *.doc I have asked this in zfs-fuse list, but still in discussion I have setup this samba share on a zfs-fuse filesystem. drwxrwsr-x 16 backup userlab 27 Nov 28 10:12 depot All samba users are secondary member of 'userlab' group. (usermod -G userlab user1, etc) The problem I have is that after some time, some users begin experiencing permission denied when try to put files or create directories on the samba share. smbd.log shows: [2011/11/28 10:13:29, 2] smbd/open.c:open_directory(2092) open_directory: unable to create New Folder (2). Error was NT_STATUS_ACCESS_DENIED [2011/11/28 10:13:29, 2] smbd/open.c:open_directory(2092) open_directory: unable to create .. Error was NT_STATUS_OBJECT_NAME_COLLISION [2011/11/28 10:13:29, 2] smbd/open.c:open_directory(2092) Strange thing is, I experimenting by making 'userlab' as my 'fajar' user's primary group (usermod -g userlab fajar). And my 'fajar' account doesn't have this permission denied problem. I don't know yet if this is a permanent fix or not. Does anyone has ever encounter this problem? Thank you, Fajar. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba hijack the connection?
On Monday 22 October 2007 12:35:23 Michael Heydon wrote: It sounds like you want a trust relationship. If you have DomainA and DomainB and a two way trust between them then users from DomainA can log on to computers in DomainB and vice versa. If you had something like ADMT you could do your migration in one shot quite quickly, that way you wouldn't have to worry so much about legacy users, etc. Does anyone know if ADMT can migrate to Samba? I know it can migrate from NT4 so I suspect from Samba should be ok. I'm not so sure about going to it though. Either way, a trust is a prerequisite for using ADMT. Hello Michael, Yes. I have setup inter-domain trust between the samba and w2k. So, with interdomain trust working, it makes changing domain membership in wxp becomes unnecessary, right? -- Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial http://linux2.arinet.org 13:28:48 up 3:33, 2.6.20-16-generic GNU/Linux Let's use OpenOffice. http://www.openoffice.org The real challenge of teaching is getting your students motivated to learn. pgpOfhImWwmkj.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba hijack the connection?
On Monday 22 October 2007 12:01:48 herman wrote: You can force WinXP to leave the Samba domain and join another using the 'netdom' command. The syntax of this command is: NETDOM JOIN machine /Domain:domain [/OU:ou path][/UserD:user] [/PasswordD:[password | *]] [UserO:user] [/PasswordO:[password | *]] [/REBoot[:Time in seconds]] Ok Herman, So, I guess the conclusion is: 1. Winxp cannot be a member of multiple domain at a time. 2. We need to join-rejoin Winxp everytime we want to logon to a different domain. 3. The above procedure is rather unnecessary if we have setup interdomain trust. But still confusing why if we join the XP to WIN domain, we can select in the logon screen to logon to JUPITER.COM domain (samba). -- Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial http://linux2.arinet.org 12:18:52 up 2:23, 2.6.20-16-generic GNU/Linux Let's use OpenOffice. http://www.openoffice.org The real challenge of teaching is getting your students motivated to learn. pgpzIo9SMwudn.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba hijack the connection?
On Monday 22 October 2007 14:12:13 Michael Heydon wrote: From another message: But still confusing why if we join the XP to WIN domain, we can select in the logon screen to logon to JUPITER.COM domain (samba). Is this after the trust is setup? if so, that is normal behavior. That is how you tell it which domain the user is part of. Are you still having trouble logging onto the trusted domain with this setup? Yes, that is after the interdomain trust is set. We don't have any trouble logon to JUPITER.COM and then accessing resource in WIN.COM. However we need to setup the same user in that domain. I try to setup winbind in Samba, but since I'm using Zimbra, I still haven't been able to make winbind works. I guess this is for another thread :) -- Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial http://linux2.arinet.org 14:21:36 up 4:26, 2.6.20-16-generic GNU/Linux Let's use OpenOffice. http://www.openoffice.org The real challenge of teaching is getting your students motivated to learn. pgpa4qnBnlSkf.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba hijack the connection?
On Monday 22 October 2007 14:19:21 simo wrote: Btw, usually it is better to avoid dots in netbios domain names ... Oww.. I'll correct that. Is there any particular reason? Thanks Simo. -- Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial http://linux2.arinet.org 14:25:17 up 4:29, 2.6.20-16-generic GNU/Linux Let's use OpenOffice. http://www.openoffice.org The real challenge of teaching is getting your students motivated to learn. pgpugfAaHKh8U.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] AD Auth, but Unix users and groups
On Saturday 20 October 2007 02:21:53 Gary Algier wrote: Hello All: I have a Samba server (running 3.0.11) that uses an LDAP SAM for authentication. We now have AD (native mode) running in house. Since everyone has a login there, I would like to use the AD credentials for authentication. However, I would like to continue to use the Unix user ids and group ids, etc. All the documentation for AD authentication talks about ID mapping, etc. I don't think I need this. I already have ids. I don't need to map them. Is there an easy way to do what I want? I have tried to make it work by picking up the latest Blastwave distribution and I installed it with configurations like: -- [global] unix charset = LOCALE workgroup = ULTICOM realm = ULTICOM.COM netbios name = CARP server string = Carp -- a test instance of Corp interfaces = 172.25.0.9 bind interfaces only = Yes security = ADS smb passwd file = /etc/csw/samba/carp/private/smbpasswd private dir = /etc/csw/samba/carp/private log level = 1 syslog = 0 log file = /var/csw/samba/log/carp.smbd.log max log size = 50 printcap name = CUPS ldap ssl = no lock directory = /etc/csw/samba/carp/locks pid directory = /etc/csw/samba/carp/locks include = /etc/csw/samba/carp/smb.conf.shares [homes] ... -- With this configuration, I can do an smbclient -L carp just fine, but I can't do smbclient //carp/gaa. I get: -- Domain=[ULTICOM] OS=[Unix] Server=[Samba 3.0.23b] tree connect failed: NT_STATUS_ACCESS_DENIED -- This sure sounds like the login works but the user ids don't allow access. (If I type my password wrong, I get a NT_STATUS_LOGON_FAILURE). Any other ideas? Hello Gary, I'm a newbie, so pls pardon me if I'm saying something here. AFAIK, security = ADS is used when we want our samba to act as middle-man only, that is it forwards the authentication request to the AD. So, it's self doesn't do the authentication. You might want to set it up as Samba PDC instead and then do interdomain trust from there to the AD. CMIIW, -- Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial http://linux2.arinet.org 20:43:14 up 30 min, 2.6.20-16-generic GNU/Linux Let's use OpenOffice. http://www.openoffice.org The real challenge of teaching is getting your students motivated to learn. pgp06wedKFuMU.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] AD Auth, but Unix users and groups
On Monday 22 October 2007 21:01:54 Gerald (Jerry) Carter wrote: Fajar, I'm a newbie, so pls pardon me if I'm saying something here. AFAIK, security = ADS is used when we want our samba to act as middle-man only, that is it forwards the authentication request to the AD. So, it's self doesn't do the authentication. Not correct.When performing Krb5 authentication in an AD domain, smbd decrypts the service ticket oin the client's session setup request to validate the user. The DC is not contacted at all. You are referring to security = domain or other NTLM based auth mechanisms. Hello Jerry, thanks for the exact info :) I'm happy that the list is still monitored by the samba team. Salut! :) -- Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial http://linux2.arinet.org 21:26:01 up 1:13, 2.6.20-16-generic GNU/Linux Let's use OpenOffice. http://www.openoffice.org The real challenge of teaching is getting your students motivated to learn. pgp7u9VwRU0OT.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba hijack the connection?
Dear all, I have 2 domains: JUPITER.COM (Samba 3.0.23c - Centos5) and WIN.COM (Windows 2000 Adv Srv). I join a windows XP SP1 (MOON), first to Windows domain and then to Samba's. The problem is when I join the XP to Samba's and then try to logon to WIN.COM, the XP is instead logon to Samba, thus the username is not found. The DNS is not a problem, I set the DNS of the XP to Windows' DNS. Here's what the Samba log says: Oct 21 15:36:06 centos5 smbd[7680]: [2007/10/21 15:36:06, 2] smbd/reply.c:reply_special(496) Oct 21 15:36:06 centos5 smbd[7680]: netbios connect: name1=CENTOS5 name2=MOON Oct 21 15:36:06 centos5 smbd[7680]: [2007/10/21 15:36:06, 2] smbd/reply.c:reply_special(503) Oct 21 15:36:06 centos5 smbd[7680]: netbios connect: local=centos5 remote=moon, name type = 0 Oct 21 15:36:06 centos5 smbd[7680]: [2007/10/21 15:36:06, 2] smbd/sesssetup.c:setup_new_vc_session(799) Oct 21 15:36:06 centos5 smbd[7680]: setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. Oct 21 15:36:06 centos5 smbd[7680]: [2007/10/21 15:36:06, 2] smbd/sesssetup.c:setup_new_vc_session(799) Oct 21 15:36:06 centos5 smbd[7680]: setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. Oct 21 15:36:06 centos5 smbd[7680]: [2007/10/21 15:36:06, 2] lib/smbldap.c:smbldap_open_connection(788) Oct 21 15:36:06 centos5 smbd[7680]: smbldap_open_connection: connection opened Oct 21 15:36:06 centos5 smbd[7680]: [2007/10/21 15:36:06, 2] smbd/reply.c:reply_tcon_and_X(711) Oct 21 15:36:06 centos5 smbd[7680]: Serving IPC$ as a Dfs root Oct 21 15:36:07 centos5 smbd[7680]: [2007/10/21 15:36:07, 0] auth/auth_util.c:smb_create_user(55) Oct 21 15:36:07 centos5 smbd[7680]: smb_create_user: Running the command `/usr/sbin/useradd test2' gave 126 Oct 21 15:36:07 centos5 smbd[7680]: [2007/10/21 15:36:07, 0] libsmb/samlogon_cache.c:netsamlogon_cache_store(124) Oct 21 15:36:07 centos5 smbd[7680]: netsamlogon_cache_store: cannot open netsamlogon_cache.tdb for write! Oct 21 15:36:07 centos5 smbd[7680]: [2007/10/21 15:36:07, 2] auth/auth.c:check_ntlm_password(319) Oct 21 15:36:07 centos5 smbd[7680]: check_ntlm_password: Authentication for user [test2] - [test2] FAILED with error NT_STATUS_NO_SUCH_USER Oct 21 15:36:07 centos5 smbd[7680]: [2007/10/21 15:36:07, 2] smbd/reply.c:reply_tcon_and_X(711) Oct 21 15:36:07 centos5 smbd[7680]: Serving IPC$ as a Dfs root Why does Samba still handle the logon request? One more info, if I then join the XP back to Windows' and then try to logon both to Samba and Windows, the logon process is OK. Any insight and comments are very welcome. -- Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial http://linux2.arinet.org 08:20:32 up 13 min, 2.6.20-16-generic GNU/Linux Let's use OpenOffice. http://www.openoffice.org The real challenge of teaching is getting your students motivated to learn. pgpNBJIQ1VWy5.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba hijack the connection?
On Monday 22 October 2007 08:31:46 Fajar Priyanto wrote: Dear all, I have 2 domains: JUPITER.COM (Samba 3.0.23c - Centos5) and WIN.COM (Windows 2000 Adv Srv). I join a windows XP SP1 (MOON), first to Windows domain and then to Samba's. The problem is when I join the XP to Samba's and then try to logon to WIN.COM, the XP is instead logon to Samba, thus the username is not found. The DNS is not a problem, I set the DNS of the XP to Windows' DNS. Why does Samba still handle the logon request? One more info, if I then join the XP back to Windows' and then try to logon both to Samba and Windows, the logon process is OK. Any insight and comments are very welcome. From google I found this: http://www.5starsupport.com/xp-faq/1-102.htm Problem: In Windows XP Pro, is it possible to have multiple domains to login to? Currently, I only have a single domain option. I would like be able to choose from a list of domains when I login. Answer: In one word, no. A computer can only be part of a single domain. However, multiple users from other trusted domains may have permissions to access certain domains while still being logged in to their own domain. This is all part of an Active Directory process. Is that true? -- Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial http://linux2.arinet.org 11:19:09 up 1:23, 2.6.20-16-generic GNU/Linux Let's use OpenOffice. http://www.openoffice.org The real challenge of teaching is getting your students motivated to learn. pgp48swGPDyIr.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba hijack the connection?
On Monday 22 October 2007 11:24:47 herman wrote: In Win XP, you can log into any one of a list of domains. However, you cannot be logged into more than one at a time. Hello Herman, Thanks for the reply. No, I don't want to logon to more than one domain at a time. The reason why we need this is because we're in the migration process. There is already a w2k domain (WIN) and then we setup a samba domain (Jupiter.com). We migrate the users little by little by joining them to Jupiter.com. However, there is a requirement when the management want they would still able to logon back to WIN. This is when the error occurs. Here's the screenshot. -- Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial http://linux2.arinet.org 11:33:05 up 1:37, 2.6.20-16-generic GNU/Linux Let's use OpenOffice. http://www.openoffice.org The real challenge of teaching is getting your students motivated to learn. pgpGj1eIztWc3.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
We need to join-rejoin everytime we want to logon to another domain? wasRe: [Samba] Samba hijack the connection?
On Monday 22 October 2007 11:36:49 Fajar Priyanto wrote: On Monday 22 October 2007 11:24:47 herman wrote: In Win XP, you can log into any one of a list of domains. However, you cannot be logged into more than one at a time. Hello Herman, Thanks for the reply. No, I don't want to logon to more than one domain at a time. The reason why we need this is because we're in the migration process. There is already a w2k domain (WIN) and then we setup a samba domain (Jupiter.com). We migrate the users little by little by joining them to Jupiter.com. However, there is a requirement when the management want they would still able to logon back to WIN. This is when the error occurs. Here's the screenshot. http://techrepublic.com.com/5208-6230-0.html?forumID=47threadID=197196messageID=2061481 Says this: configuring windows xp client to access two distinct domains Question - Post 4 of 4 I had this challenge earlier this year. I have... I had this challenge earlier this year. I have a domain at home, and I use my laptop at work, where I manage another domain. Simple solution? Not really. But I can still access everything I need to access at work on my laptop because I am the administrator and have full access to set security rights on anything. For e-mail, on our exchange server, I've enabled IMAP and I just connect Outlook that way, if that's one of your challenges. The only way I was able to connect to the domains was to actually join each domain every day, which is a complete pain in the ass. No thanks! -- Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial http://linux2.arinet.org 11:47:04 up 1:51, 2.6.20-16-generic GNU/Linux Let's use OpenOffice. http://www.openoffice.org The real challenge of teaching is getting your students motivated to learn. pgpHgQtcKbpb5.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can't see or change ACLs on Windows
On Thursday 18 October 2007 03:29:59 Eric Diven wrote: I have samba server joined to a domain that I'm trying to use ads security and acls on. I can set acls on the Unix file system, and access from a windows client seems to honor them. I can't view the acls under the security tab, all I see are the standard Unix permissions instead. If I try to add an entry to the acl, I get an access denied error, even if the user is on the list of admin users. Samba version is 3.0.24, OS is Solars 10. Winbind works smoothly, I can set an entry in an ACL to a domain user or group using setfacl on the unix side, and I see it correctly with getfacl. Any ideas please? Hi Eric, Isn't it normal that Windows cannot see Unix ACL? As far as I know, since it cannot see it, it will then just translate the ACL into a more general ones. -- Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial http://linux2.arinet.org 17:58:23 up 4:52, 2.6.20-16-generic GNU/Linux Let's use OpenOffice. http://www.openoffice.org The real challenge of teaching is getting your students motivated to learn. pgpk3kCLK8PG2.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Prevent 'BDC' overtaking 'PDC'
Hello all, I have 2 PC setup as PDC and BDC (both Centos5, with samba 3.0.23c-2). The problem is, quite often client logon to BDC instead of PDC. I tried to tweak the OS level, but seems not affecting the problem. My understanding is that BDC will only taking charge of client logons when PDC is unavailable. Or is it that BDC will work hand-in-hand at the same time with PDC regarding domain logon? (Just like W2K DC?) I'm chatting in #samba IRC channel right now, and someone make a point by telling me that IT IS BDC role to handle logon. But, my concern is regarding roaming profiles. If we cannot predict in a consitent way into which server the clients logon into, it means that there will be 2 instances of roaming profiles (in PDC and BDC) and we won't be able to know which one holds the latest copy of it. Am I right? What is the proper way to setup this kind of PDC and BDC? This is the relevant smb.conf: PDC: OS level = 33 domain master = yes prefered master = yes domain logon = yes BDC: OS level = 66 domain master = no prefered master = no domain logon = yes Thank you so much for any clue/hints/directions, -- Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial http://linux2.arinet.org 13:36:26 up 2:10, 2.6.20-16-generic GNU/Linux Let's use OpenOffice. http://www.openoffice.org pgpTaXLybSM17.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Samba ACLs?
On Friday 24 August 2007 08:49:34 Chuck Kollars wrote: From: Chuck Kollars ckollars9 at yahoo.com Subject: Samba ACLs? Date: 2006-08-19 02:46:45 GMT How exactly do Samba 3.x and ACLs interrelate? ... I started out naively assuming that the *nix uidNumber/gidNumber Samba mapped the end user to would behave exactly the same whether they were a Samba user or were logged on locally. ... After a year I think I understand well enough to answer my own question (of course I may be wrong anyway:-): The overdefined term ACL may refer to _either_ Windows file permissions (including the NT variant) _or_ the Linux/Posix file permissions extension. In the Samba context questions about ACLs can be indeterminate and often elicit answers from the other point of view. At root, Samba does everything in terms of the Windows ACL, then maps the result as best it can to *nix permissions. Samba offers a number of configuration options for tweaking the way it handles Windows ACLs, including some methods that have no exact analogue in the Windows world. Samba lets you mash --within limits-- the *nix permission bits it calculates. Recent versions of Samba are pretty good --again within limits-- at being compatible with Linux/Posix ACLs and assigning a Linux/Posix ACL to every file and folder when it's created. But despite all the possible tweaks, the unchanging core is that Samba always calculates the initial *nix permissions according to its mapping of permissions from the Windows world. So even though most of a Linux/Posix ACL may be retained and even honored, Samba ignores the default:user::xxx and default:group::xxx parts of a Linux/Posix ACL. There's no way to configure Samba so it assigns permissions to new files and folders _exactly_ the same way a native Linux user would see them. Hello Chuck, Thank you for your persistence and willingness to share your experience. Really interesting. I found an interesting thing too this morning. I'm using Samba LDAP. When I'm setting up a shared directory using ACL. [EMAIL PROTECTED] profiles]# getfacl profiles/userjauh1/ # file: userjauh1 # owner: userjauh1 # group: root user::rwx user:salesjauh1:rwx group::r-x mask::rwx other::r-x When client's XP logon as userjauh1 and share his directory to salesjauh1, it shows in Linux'es ACL. [EMAIL PROTECTED] profiles]# getfacl userjauh1/New\ Folder # file: New\040Folder # owner: userjauh1 # group: w2kfinance user::rwx user:salesjauh1:rwx group::r-x mask::rwx other::r-x default:user::rwx default:user:salesjauh1:rwx default:group::--- default:mask::rwx default:other::--- What do you think? -- Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial http://linux2.arinet.org 14:08:23 up 2:42, 2.6.20-16-generic GNU/Linux Let's use OpenOffice. http://www.openoffice.org pgpNSGpdKmWxW.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Can someone help? Strange behaviour of establishing trust
Hello all, I'm using Samba on Centos5: [EMAIL PROTECTED] ~]# rpm -qa | grep samba system-config-samba-1.2.39-1.el5 samba-client-3.0.23c-2 samba-common-3.0.23c-2 samba-3.0.23c-2 I'm trying to establish a interdom trust with a w2k domain (POLY): [EMAIL PROTECTED] ~]# net rpc trustdom establish POLY Password: Could not connect to server POLY123 [2007/07/31 14:46:51, 0] utils/net_rpc.c:rpc_trustdom_establish(5665) NetServerEnum2 error: Couldn't find primary domain controller for domain POLY Trust to domain POLY established [EMAIL PROTECTED] ~]# net rpc trustdom list Password: Trusted domains list: POLYS-1-5-21-725345543-413027322-2146892821 none Trusting domains list: POLYS-1-5-21-725345543-413027322-2146892821 Despite the error, I can create a share in w2k domain POLY and when I'm trying to retrive the User and Group from PLUTO (my samba domain), only Groups appear (no User), but I can select users manually by typing their username. Is it ok? What is causing the NetServerEnum2 error: Couldn't find primary domain controller for domain POLY error? Thanks. -- Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial http://linux2.arinet.org 14:53:17 up 8:07, 2.6.20-16-generic GNU/Linux Let's use OpenOffice. http://www.openoffice.org pgpXh0MtLEihW.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can someone help? Strange behaviour of establishing trust
Ok Frederic, here it is: (something's wrong? I guess it's the default values since I don't set anything about winbind) [EMAIL PROTECTED] doc]# testparm -sva | grep winbin Load smb config files from /etc/samba/smb.conf Processing section [homes] Processing section [netlogon] Processing section [profiles] Processing section [printers] Processing section [music] Loaded services file OK. Server role: ROLE_DOMAIN_PDC winbind separator = \ winbind cache time = 300 winbind enum users = No winbind enum groups = No winbind use default domain = No winbind trusted domains only = No winbind nested groups = Yes winbind nss info = template winbind refresh tickets = No winbind offline logon = No Cheers :) On Tuesday 31 July 2007 16:06:51 Frederic Descamps wrote: Fajar, you should put the result of the following command : testparm -sva | grep winbin On Tue, 2007-07-31 at 16:00 +0700, Fajar Priyanto wrote: Sorry for top posting. Thank you to Daniel and Frederick who have helped me. Despite the error, client can browse the shares OK. Just a luck? Well, I'll try to set it until there's no error. Btw, this is my testparm result: [EMAIL PROTECTED] doc]# testparm Load smb config files from /etc/samba/smb.conf Processing section [homes] Processing section [netlogon] Processing section [profiles] Processing section [printers] Processing section [music] Loaded services file OK. Server role: ROLE_DOMAIN_PDC Press enter to see a dump of your service definitions Cheers, On Tuesday 31 July 2007 15:51:14 you wrote: Hello, winbind enume users should be at no check this with testparm On Tue, 2007-07-31 at 14:59 +0700, Fajar Priyanto wrote: Hello all, I'm using Samba on Centos5: [EMAIL PROTECTED] ~]# rpm -qa | grep samba system-config-samba-1.2.39-1.el5 samba-client-3.0.23c-2 samba-common-3.0.23c-2 samba-3.0.23c-2 I'm trying to establish a interdom trust with a w2k domain (POLY): [EMAIL PROTECTED] ~]# net rpc trustdom establish POLY Password: Could not connect to server POLY123 [2007/07/31 14:46:51, 0] utils/net_rpc.c:rpc_trustdom_establish(5665) NetServerEnum2 error: Couldn't find primary domain controller for domain POLY Trust to domain POLY established [EMAIL PROTECTED] ~]# net rpc trustdom list Password: Trusted domains list: POLYS-1-5-21-725345543-413027322-2146892821 none Trusting domains list: POLYS-1-5-21-725345543-413027322-2146892821 Despite the error, I can create a share in w2k domain POLY and when I'm trying to retrive the User and Group from PLUTO (my samba domain), only Groups appear (no User), but I can select users manually by typing their username. Is it ok? What is causing the NetServerEnum2 error: Couldn't find primary domain controller for domain POLY error? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial http://linux2.arinet.org 16:15:55 up 9:29, 2.6.20-16-generic GNU/Linux Let's use OpenOffice. http://www.openoffice.org pgpD6i5wJ50b4.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can someone help? Strange behaviour of establishing trust
Sorry for top posting. Thank you to Daniel and Frederick who have helped me. Despite the error, client can browse the shares OK. Just a luck? Well, I'll try to set it until there's no error. Btw, this is my testparm result: [EMAIL PROTECTED] doc]# testparm Load smb config files from /etc/samba/smb.conf Processing section [homes] Processing section [netlogon] Processing section [profiles] Processing section [printers] Processing section [music] Loaded services file OK. Server role: ROLE_DOMAIN_PDC Press enter to see a dump of your service definitions Cheers, On Tuesday 31 July 2007 15:51:14 you wrote: Hello, winbind enume users should be at no check this with testparm On Tue, 2007-07-31 at 14:59 +0700, Fajar Priyanto wrote: Hello all, I'm using Samba on Centos5: [EMAIL PROTECTED] ~]# rpm -qa | grep samba system-config-samba-1.2.39-1.el5 samba-client-3.0.23c-2 samba-common-3.0.23c-2 samba-3.0.23c-2 I'm trying to establish a interdom trust with a w2k domain (POLY): [EMAIL PROTECTED] ~]# net rpc trustdom establish POLY Password: Could not connect to server POLY123 [2007/07/31 14:46:51, 0] utils/net_rpc.c:rpc_trustdom_establish(5665) NetServerEnum2 error: Couldn't find primary domain controller for domain POLY Trust to domain POLY established [EMAIL PROTECTED] ~]# net rpc trustdom list Password: Trusted domains list: POLYS-1-5-21-725345543-413027322-2146892821 none Trusting domains list: POLYS-1-5-21-725345543-413027322-2146892821 Despite the error, I can create a share in w2k domain POLY and when I'm trying to retrive the User and Group from PLUTO (my samba domain), only Groups appear (no User), but I can select users manually by typing their username. Is it ok? What is causing the NetServerEnum2 error: Couldn't find primary domain controller for domain POLY error? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial http://linux2.arinet.org 15:58:03 up 9:11, 2.6.20-16-generic GNU/Linux Let's use OpenOffice. http://www.openoffice.org pgpesbT2SvBfI.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain and local user permissions
On Tuesday 31 July 2007 23:38:54 Julian Pilfold-Bagwell wrote: Hi all, I have a question regarding the seperation of domain and local permissions. I have a Samba PDC and BDC setup with three member servers authenticating from them. I've set all the boxes up to use nss_ldap for the Posix side so that all the groupmapping between domain and unix groups across the servers is consistent. All seems to be fine but I can't find any info about setting domain user permissions. When I create a folder or file, I can view the permissions in the Windows properties but these show the owner to be Unix User\username instead of Domain User\username in Windows. I can set the permissions correctly via Windows but pre Samba 3.0.8 (as shown in the docs), chowning a file in Linux would show as a change to the Windows domain account. Is MMC the easiest way to set domain user permissions with the new setup or can I do it easily from a Linux terminal. Thanks, Julian PB Hello Julian, I'm wondering exactly like yours. I have setup an interdomain trust between Samba PDC and W2K DC. From W2K I can easily setup sharing permission such as adding a user/group from Samba. But, when I'm creating a sharing in Samba, I'm confused on how to do that from CLI. Do you know the syntax? Thanks. -- Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial http://linux2.arinet.org 08:32:02 up 1:19, 2.6.20-16-generic GNU/Linux Let's use OpenOffice. http://www.openoffice.org pgpWvVZU4J5yq.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Is the term 'home dir' and 'roaming profiles' different?
Hello, I've just been exploring Samba again after some time, and this time I'm setting a Samba PDC with LDAP. Thanks for great tutorial from Samba website, I think I got it working fine :) However, I've been browsing the list too, and am a bit confused with the term: 'homedir' and 'roaming profiles'. Is it different? If I'm not mistaken, homedir is for Win9X only? When my XP client logon to the Samba PDC, it automatically mount drive X: and then when he logoffs, his Xp profile will be copied to /var/lib/samba/profiles/username However, the /var/lib/samba/profiles/username directory is not created automatically, I have to create it by hand. Now, in the list archive a lot of people were asking how to make the creation of homedir to be automatic, do their questions and solutions apply to the creation of 'roaming profile dir' too? Thank you very much. PS. This is my smb.conf: [global] workgroup = pluto.com netbios name = ubuntu os level = 33 preferred master = yes enable privileges = yes server string = %h server (Samba, Ubuntu) wins support = yes dns proxy = no name resolve order = wins bcast hosts log file = /var/log/samba/log.%m log level = 3 max log size = 1000 syslog only = no syslog = 3 panic action = /usr/share/samba/panic-action %d security = user encrypt passwords = true ldap passwd sync = yes passdb backend = ldapsam:ldap://ubuntu.pluto.com/ ldap admin dn =uid=ubuntu,cn=admins,cn=ubuntu ldap suffix = dc=pluto,dc=com ldap group suffix = ou=groups ldap user suffix = ou=people ldap machine suffix = ou=machines obey pam restrictions = no passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUnix\spassword:* %n\n *Retype\snew\sUnix\spassword:* %n\n *password\supdated\ssuccessfully* domain logons = yes logon path = \\ubuntu.pluto.com\profiles\%U logon home = \\ubuntu.pluto.com\profiles\%U logon drive = X: logon script = scripts\logon.bat add user script = /usr/sbin/adduser --quiet --disabled-password --gecos %u add machine script = /usr/sbin/adduser --shell /bin/false --disabled-password --no-create-home --quiet --gecos machine account --force-badname %u Machine -s /sbin/nologin -M %m$ socket options = TCP_NODELAY domain master = yes local master = yes show add printer wizard = yes printing = cups printer admin = root [homes] comment = Home directories browseable = no read only = no valid users = %S [netlogon] comment = Network logon service path = /var/lib/samba/netlogon guest ok = yes locking = no [profiles] comment = User profiles path = /var/lib/samba/profiles read only = no profile acls = yes [profdata] comment = Profile data share path = /var/lib/samba/profdata read only = no profile acls = yes [printers] comment = All printers browseable = no path = /var/spool/samba printable = yes guest ok = yes writable = no [print$] comment = Printer drivers path = /var/lib/samba/printers browseable = yes read only = yes guest ok = no [music] comment = kumpulan music path = /opt/music read only = no -- Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial http://linux2.arinet.org 1:46pm up 5:38, 2.6.18.2-34-default GNU/Linux Let's use OpenOffice. http://www.openoffice.org pgpGIeHVxVtHQ.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Opensuse: Samba LDAP useradd fails
Hello all, I'm troubleshooting Zimbra + Samba LDAP on opensuse10.2. When trying to useradd manually: fajar102:~ # useradd --service ldap --binddn uid=zimbra,cn=admins,cn=zimbra -g 20002 test2 Enter LDAP Password: Cannot find base ou for new users. LDAP information update failed: Operations error In /var/log/messages: Jul 5 16:01:04 fajar102 useradd[14606]: new account added - account=test2, uid=20003, gid=100, home=/home/test2, shell=/bin/bash, by=0 But the user is not added. From zimbra tutorial on Ubuntu, they use this command: add user script = /usr/sbin/adduser --quiet --disabled-password --gecos %u add machine script = /usr/sbin/adduser --shell /bin/false --disabled-password --quiet machine account --force-badname %u But, looks like it's not compatible with Opensuse, eventhough I changed adduser to useradd. Any hints are appreciated. Thanks. -- Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial http://linux2.arinet.org 4:29pm up 1:34, 2.6.18.2-34-default GNU/Linux Let's use OpenOffice. http://www.openoffice.org pgpvyNmqnb9oK.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Advance filesystem permission
Hi all, Is it possible to have a filesystem permission like the one in w2k? For example: - Allow to see file list but not allow to read the file - Allow to list folder but not allow to enter it A friend of mine is migrating from w2k to samba and ask me about those features. Thank you, -- Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial http://linux2.arinet.org 10:35:40 up 2:46, 2.6.11-1.1369_FC4 GNU/Linux Let's use OpenOffice. http://www.openoffice.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] How to preserve capital letter
Hi all, I'm not sure whether it is samba related, but I've got this situation: I'm sharing a clipper program with samba, and then user access it using dosemu installed in each workstation. The program runs fine, except, when it creates a temporary file, it creates the filename in small letter (not in capital letter when run in DOS). Seems that the program is having trouble with this filename differences. Can anyone give a clue? Thanks -- Fajar Priyanto | Reg'd Linux User #327841 | http://linux2.arinet.org 11:18:54 up 48 min, 2.6.11-1.1369_FC4 GNU/Linux public key: https://www.arinet.org/fajar-pub.key -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] how to access password-protected share in winxp
Hi guys, I'm using smb3.0.10 in Mdk10. I can access shares on winxp that is not protected by password. But when the shares are password-protected, I cannot access them, eventhough I use the correct username and password. Btw, I try it using Konqueror, smb4k. From googling around, I believe that this is related to kerberos thing? How do I solve this? Any directions will be much appreciated. Thanks. -- Fajar Priyanto | Reg'd Linux User #327841 | http://linux2.arinet.org 01:39:56 up 3:20, Mandrakelinux release 10.1 (Official) for i586 public key: https://www.arinet.org/fajar-pub.key -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] NT doesn't like that, you should fix it
access # to the directory and share definition to be able to upload the drivers. # For more information on this, please see the Printing Support Section of # /usr/share/doc/samba3-version/docs/Samba-HOWTO-Collection.pdf # # A special case is using the CUPS Windows Postscript driver, which allows # all features available via CUPS on the client, by publishing the ppd file # and the cups driver by using the 'cupsaddsmb' tool. This requires the # installation of the CUPS driver (http://www.cups.org/windows.php) # on the server, but doesn't require you to use Windows at all :-). [print$] path = /var/lib/samba3/printers browseable = yes write list = @adm root guest ok = yes inherit permissions = yes # Settings suitable for Winbind: ; write list = @Domain Admins root ; force group = +@Domain Admins # A useful application of samba is to make a PDF-generation service # To streamline this, install windows postscript drivers (preferably colour) # on the samba server, so that clients can automatically install them. # Note that this only works if 'printing' is *not* set to 'cups' [pdf-generator] path = /var/tmp guest ok = No printable = Yes comment = PDF Generator (only valid users) #print command = /usr/share/samba3/scripts/print-pdf file path win_path recipient IP print command = /usr/share/samba3/scripts/print-pdf %s ~%u //%L/%u %m %I %J # This one is useful for people to share files [tmp] comment = Temporary file space path = /tmp read only = no public = yes # A publicly accessible directory, but read only, except for people in # the staff group [public] comment = Public Stuff path = /home/samba3/public public = yes writable = no write list = @staff [fredsprn] comment = Fred's Printer valid users = fred path = /homes/fred printer = freds_printer public = no writable = no printable = yes [fredsdir] comment = Fred's Service path = /usr/somewhere/private valid users = fred public = no writable = yes printable = no [pchome] comment = PC Directories path = /usr/pc/%m public = no writable = yes [public] path = /usr/somewhere/else/public public = yes only guest = yes writable = yes printable = no [myshare] comment = Mary's and Fred's stuff path = /usr/somewhere/shared valid users = mary fred public = no writable = yes printable = no create mask = 0765 [netware] path = /var/lib/samba3/netware-bpk public = no valid users = test1 test2 writable = yes browseable = no Thanks - -- Fajar Priyanto | Reg'd Linux User #327841 | http://linux.arinet.org 15:56:13 up 8:00, Mandrake Linux release 9.2 (FiveStar) for i586 public key: https://www.arinet.org/fajar-pub.key -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFA7mGdkp5CsIXuxqURAnBXAKCAltfB45HLXx3YO2RlQdbfvD0uwACfclEi 836egEZFISG6YmPWwa1TsY4= =Ixss -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
