There seems to be a problem with the sernet-samba-ad init script, at
least on CentOS.
Samba fails to start. The log file shows the following:
[2013/05/15 20:48:37, 0] ../source4/smbd/server.c:369(binary_smbd_main)
samba version 4.0.5-SerNet-RedHat-1.el6 started.
Copyright Andrew Tridgell
Regarding your latest samba.spec for version 4.0.4-0.1
If with_dc is activated, the build still fails with:
RPM build errors:
Installed (but unpackaged) file(s) found:
/usr/lib64/samba/ldb/ildap.so
As I reported before, there is an entry for ldbsamba_extensions.so
under # ldb libraries
I tested the .spec file you posted today. There's still a glitch remaining.
If built with the file as it is (%global with_dc 0) the packages build
cleanly.
However, if %global with_dc 1 is used, the build fails with the
following error:
RPM build errors:
Installed (but unpackaged)
I forgot something.
%{_libdir}/samba/libdfs_server_ad.so
%{_libdir}/samba/libposix_eadb.so
As I said before, those two entries MUST be within ### LIBS, under
%if %with_dc. Otherwise, the build completes cleanly but the install
process of samba-libs and samba fails with the following:
Definitely update to RHEL 6.4, if possible, and consider working from
my samba-4.0.3 backports at: https://github.com/nkadel/samba4repo This
is designed to check out all the other needed dependencies, and work
from there to build up a local yum repository with all the necessary
libtdb,
if i move a file from the first folder to the second folder by cutting it
out in windows (the share is mounted there) and inserting it in the 2nd
folder the 2nd group (sharepub) has no access to it. So basicly the first folder
keeps it's permissions.
i thought that the parent dir permissions
Good to know that it's a OS problem and not a samba problem.
I finnally know what to look for.
It is not a problem, it's a feature! If you think about it carefully,
you will see that this is a correct way to behave.
--
To unsubscribe from this list go to the following URL and read the
add machine script = /usr/sbin/smbldap-useradd -t 0 -w %u
Shouldn't that be -W (uppercase W)?
From smbldap-useradd:
-wis a Windows Workstation (otherwise, Posix stuff only)
-Wis a Windows Workstation, with Samba atributes (otherwise, Posix
stuff only)
--
To unsubscribe from this
But now I can't locate one that is a 3.6 with the security issue
fixed. I want to do a clean install, not a patch.
ftp://ftp.sernet.de/pub/samba/3.6/centos/5/
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Folder Redirection will always (I think - or maybe Samba has a way to
disable this, but I don't think it would be a good idea at all) store
local cached copy of those folders on the local computer... what it
accomplishes is it saves all of the copying back and forth when
logging in/out.
NO,
Isn't there a way with group policies to have the client delete the
roaming profile after the user logs out. I think that would solve the
OP''s problem.
Yes, there's a way to do that. But it doesn't solve the problem of
having to transfer maybe hundreds of megabytes or even worse each time
NO, IT DOESN'T!
Microsoft disagrees - see below.
You are introducing a new theme altogether: Offline Files. On a local
and *reliable* network, you can use folder redirection *without* Offline
Files. I did it and it works.
What you describe is the behavior of normal *roaming profiles*.
This is also worth reading:
http://technet.microsoft.com/en-us/library/ff183315%28WS.10%29.aspx
This is important:
«
Exclusion List
The Exclusion List feature reduces synchronization overhead and disk
space usage on the server, and speeds up backup and restore operations,
by excluding files
2. Is it correct that the profile files are not synced until the user
logs off?
That is the correct working of roaming profiles. If you want the files
only on the server, you should look into Folder redirection. The Samba
docs contain good info on that.
You can use roaming profiles only,
I'm trying to combine samba + ldap, I was successful in another
attempt what motivated me to create one. deb package that would make
the whole process, I installed this package, the ldap dit was created
successfully but when I try to insert a Windows machine in the Domain
I get the message that
To follow up and finalize, this is now SOLVED.
Thank you for your feedback on how you solved your issue. Without
feedback, we wouldn't be able to learn all that we can learn and we
wouldn't fully benefit from the experience of others.
First of all, I am using the IDEALX scripts (renamed
2) How can I force a browser election without
restarting the daemons? smbd doesn't seem
to respond to a SIGHUP. A command line would
be nice.
Look at the smbcontrol command.
os level = 65
Did you try to increase os level ?
Also, read the man page for the domain
I created a new user on our Samba domain master yesterday but the user
was unable to login from WinXP to the domain. I think they got an
error that a device connected to the system wasn't working. The user
was created using smbldap-useradd.
(...) The question is
where do I set the domain SID?
I didn't go too deeply on your issue, but it seems to me that since you
have:
ldap user suffix = ou=People
You cannot simply have:
dn: uid=testu...@mydomain.com,ou=mydomain,o=ndtc
But should have instead:
dn: uid=testu...@mydomain.com,ou=People,ou=mydomain,o=ndtc
Am I wrong?
--
To
I didn't go too deeply on your issue, but it seems to me that since
you have:
ldap user suffix = ou=People
You cannot simply have:
dn: uid=testu...@mydomain.com,ou=mydomain,o=ndtc
But should have instead:
dn: uid=testu...@mydomain.com,ou=People,ou=mydomain,o=ndtc
Am I wrong?
Nope.
I'd like to know the advantages out there in the field, using CUPS to print
from the PDC. To me it sounds like just adding another single point of
failure in the network, perhaps I am being blinded by windows printing
issues to see the advantage in running all the prints via a PDC box?
User Search failed!
There's something seriously wrong with your LDAP configuration. Are you
sure that the OUs exist and are in the proper place?
Can you use some LDAP client (LAM,phpldapadmin, LDAPAdmin, Apache
Directory Studio, etc) ro inspect the LDAP database?
--
To unsubscribe from
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: hostObject
objectClass: top
Your user entries do not contain Samba attributes. They MUST include the
following:
objectClass: sambaSamAccount
Are you sure that you enabled the samba.schema in /etc/openldap/slapd.conf?
passdb backend = ldapsam:ldaps://ldap1.example.com/
ldap ssl = no
You have ldap ssl = no and yet you are trying to connect to ldaps?
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
ldap user suffix = ou=people,dc=example,dc=com
ldap group suffix = ou=groups,dc=example,dc=com
ldap suffix = dc=example,dc=com
Since your suffix is already in ldap suffix, the other entries should be:
ldap user suffix = ou=people
ldap group suffix = ou=groups
Don't
[2011/10/06 13:48:38, 4] passdb/pdb_ldap.c:1600(ldapsam_getsampwnam)
ldapsam_getsampwnam: Unable to locate user [amore] count=0
[2011/10/06 13:48:38, 3] auth/auth_sam.c:282(check_sam_security)
check_sam_security: Couldn't find user 'amore' in passdb.
[2011/10/06 13:48:38, 2]
The Samba wiki page related to the use of Windows 7 with Samba contains
the following statements:
«
There are currently two registry settings required to be added on the
Windows 7 client prior to joining a Samba Domain. These are:
Workstations successfully registered with the PDC, users can login,
profiles are found and updated, network shares are all mounted during
login (logon script = %G.bat) except for the home directory of the user.
I met the same problem more than once and I found that I have to remove
the
On 2011-07-26 19:31, Miguel Medalha wrote:
Workstations successfully registered with the PDC, users can login,
profiles are found and updated, network shares are all mounted during
login (logon script = %G.bat) except for the home directory of the user.
I met the same problem more
I have a problem with Ms Access *.MDB files.
Are you using Access 2007? Of course you are aware that Access 2007
files have the .accdb extension?
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
As for diffs on Security and Advanced tab -- see MS.
(It's a feature...they don't show the exact same info...but close)...
Yes. They are often referred to as molecular and atomic permissions.
--
To unsubscribe from this list go to the following URL and read the
instructions:
As for diffs on Security and Advanced tab -- see MS.
(It's a feature...they don't show the exact same info...but close)...
Atomic vs Molecular permissions
Quoting from http://blog.emagined.com/2009/12/08/windows-security-part-7/
«
(...) Although the exact permissions available depend on
We currently run an older version (3.0.26a) of samba as PDC .
You version of Samba does not support Windows 7. You must use version
3.2.15 at least.
Look at this page:
http://wiki.samba.org/index.php/Windows7
--
To unsubscribe from this list go to the following URL and read the
You version of Samba does not support Windows 7. You must use version
3.2.15 at least.
Ooops! The minimum version is in fact 3.2.12. Sorry.
To be precise, I quote from http://wiki.samba.org/index.php/Windows7
Support for Windows 7 and Windows 2008 using Samba Domain Controllers
has been
I recently became interested in SSSD (System Security Services Daemon).
I am thinking about doing some experiments with it before going into
production servers.
Does anyone here have some experience with that combination and have
some comments about it?
Any information would be much
we are using ACLs (GPFS filesystem) - configured by default ACLs. When
a file is copied from another share, ACLs are set correct. When a file
is moved(!) from another folder / share the file keeps the ACLs from
the source location. But we want to set the ACLs as needed on the
destination
really? when I try this on a windows system (on local drives) the
permissions are set / inherited correct.
You can confirm this anywhere on the net: when a file is moved, it keeps
the original permissions; when a file is copied, it acquires the
permissions of the destination.
It seems
really? when I try this on a windows system (on local drives) the
permissions are set / inherited correct.
Well, I just did that on a Windows XP system, local drive, and the
behavior is the one I described.
--
To unsubscribe from this list go to the following URL and read the
This is an article by Microsoft:
How permissions are handled when you copy and move files and folders
http://support.microsoft.com/kb/310316
It seems that this behavior was modified in Vista, though.
The default behavior used to be modifiable by a registry setting.
With Windows 7, I recently
Did you investigate the map acl inherit parameter?
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Something indeed changed with Windows 7. Look at this discussion on a
Microsoft site:
http://social.technet.microsoft.com/Forums/en/winservergen/thread/b6bf1c70-1a29-450a-b8c9-cf93502e5b44
--
To unsubscribe from this list go to the following URL and read the
instructions:
i got a msdfs share running and now i want to hide folders from users who
got no access to them anyway
In smb.conf:
hide unreadable =yes
Maybe this does what you need. Consult the man page for smb.conf.
--
To unsubscribe from this list go to the following URL and read the
instructions:
On the Samba wiki page Samba3 Release Planning, the following is stated:
Thursday, February 2011 - Planned release date for Samba 3.5.7
Which of the February Thursdays will it be? 10, 17 or 24?
The quoted page resides here:
http://wiki.samba.org/index.php/Release_Planning_for_Samba_3.5
Thank
To put it simple id like to give our Domain Admins the same access to
Samba shares that the root user has and havent had much luck doing
this. Whenever I look this up I find that people are doing this
different ways but none seem to work. The only other thing that ive
seen people doing is
I was not looking for the rpm and did not check all links.
It is possible to download the same tar.gz file from the sources
directory:
http://download.gna.org/smbldap-tools/sources/0.9.6/
Anyway, I already notified the developers.
Regards
Miguel
--
To unsubscribe from this list go to
Version 0.9.6 of the very useful smbldap-tools is now available from the
project's page:
https://gna.org/projects/smbldap-tools/
A big thanks to the developer, Jerome Tournier.
--
To unsubscribe from this list go to the following URL and read the
instructions:
comment = Home Directory of '%u'
valid users = @Domain Group
browseable = no
writable = yes
create mask = 0600
directory mask = 0700
I suppose it should be:
valid users = %S
Otherwise, you will be granting access to a whole group instead of only
to the directory owner.
--
To unsubscribe
Entering port 138 on Google immediately gave me the following:
Port 138
Name:
netbios-dgm
Purpose:
NETBIOS Datagram Service
Description:
UDP NetBIOS datagrams packets are exchanged over this port, usually with
Windows machines but also with any other system running Samba (SMB).
These UDP
is it possible to add a wind 2003 machine as BDC to a samba domain.
The Samba3-HOWTO, Chapter 5, contains the following:
«
Samba-3 cannot participate in true SAM replication and is therefore not
able to employ precisely the same protocols used by MS Windows NT4. A
Samba-3 BDC will not
Did you try Webmin?
www.webmin.com
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
it's a text file, even a text editor rewrites the file when you save
it. it's how it has to be done.
if you care what the file looks like, why are you using a gui? or are
you saying it rewrites part of it wrong? file a bug report?
You didn't understand what the OP meant. SWAT rewrites the
I personally don't like swat either, and I don't run graphical
desktops on my servers, so gave up on a gui editor long, long ago.
For adhoc workstation shares, the user share stuff in nautilus (or
is it just ubuntu?) seems to work well enough. For hand it off to a
non-techie, I use a NAS
I am also under the impression that inheritance still does not work
properly, even after applying the acl jumbo patch to samba 3.5.6. I
don't want to be alarmist, though, so I am still testing.
--
To unsubscribe from this list go to the following URL and read the
instructions:
I have been able to get the unpatched versions to compile from git
successfully, though not with the patch implemented.
I just reproduced all your steps and it went well, without any glitch. I
am on CentOS 5.5. All the patches were applied correctly. Maybe you have
a path problem here?
I still cannot get a successful build with either the original set of patch
files or the diff file. Although I can compile samba without the patch,
could I this be dependency problem or an out of date git version?
It worked for me in both cases. I did it from the sources for 3.5.6
available
I have joined the Linux server (Suse 11.2) to the Windows domain (win2003) and
users can login to the server using their window's domain credentials. Also can
view all of the domain groups using 'wbinfo -g', however when I try to set the
acls on a local dir' I get the follow error;
#setfacl
The setfacl tool knows nothing about Windos domains, hence the error
you see.
Well it does if you're using winbindd to map DOMAIN\\groupname
to a group on the box :-).
I never used Samba with AD authentication, so I don't have direct
experience with that. But immediately *after* I pressed
By the way, does the Samba team have the intention to produce a command
line tool that can use the acl_xattr module to manipulate ACLs,
providing them to the OS? That would be very nice! Maybe I'm wrong, but
I see a big future there.
--
To unsubscribe from this list go to the following URL and
Not sure what you mean by providing them to the OS ? The store
in acl_xattr is a Samba-specific one. If you want the OS to use
them that means kernel changes.
Yes. A kernel module maybe, and a utility to manipulate the ACLs on xattr.
I really like your vfs_acl_xattr idea. Often I need to set
I just noticed that my question has two aspects to it.
Leaving aside, for now, the kernel connection, it would be very nice to
have a command line tool to manipulate the ACLs stored by the
vfs_acl_xattr module, even if it's only for Samba. There must be a way,
some utility to read and write
What I meant was: the vfs_acl_xattr is a very good idea. Is there some
other way to get/set the ACLs it stores other than using the Windows
graphic interface on a Windows client machine? If not, that's what I
find uncomfortable with this solution. That's why I asked for a command
line tool to
Ok, we're on the right track now. Do you mean that smbcacls is
compatible with the use of the vfs_acl_xattr module? Will the ACLs set
with that tool be passed to the module and stored in Extended Attributes?
I just made some quick tests and indeed smbcacls does show the ACLs
stored by the
I just built from source the Samba 3.5.6 RPM packages for CentOS
5.x/RHEL5.x.
I found some glitches in the included samba.spec file and I thought
someone else might benefit from my recent experience. The spec file for
RHEL/CentOS resides, on the sources tree, under
Dear Jeremy
Here you go :-). Download the jumbo patch for 3.5.6 here:
http://samba.org/~jra/samba-3-5-x-acl-jumbo-patch.tgz
Please test and give me feedback !
Thank you for caring about this.
I successfully patched the source code. Unfortunately, when I tried to
compile it, I hit some
So, for me the best bet is this: are you willing to include these
patches in the next release of Samba (3.5.7 ?)?
Yes, so long as all testing passes.
Ok, I managed to compile everything. I will start testing soon.
--
To unsubscribe from this list go to the following URL and read the
I came across this some time ago and I finally decided to report it:
When I input pdbedit -Lv root I get:
Primary Group SID:S-1-5-21-XX-XX-XX-513
But if I use smbldap-usershow root i get:
Primary Group SID:S-1-5-21-XX-XX-XX-512
If I
Is there really no way to make work samba 3.2.5 (as domain controller)with
windows 7.
No
If not, what is the best way?
use backport, compile the last samba version (wich version) or wait for the next
debian version
Very good quality, pre-compiled Enterprise Samba versions for several
I as a network administrator know that this is a normal behavior but our
users don't get it :(
So i need a solution.
I heard that there is the possibility to bypass this with a VFS module
As a network administrator, your best solution is to inform your users
instead of going along with bad
I had not realized that the ACL module would store both sets of information.
Please note that I *didn't* state that. What I said is that you can use
Extended Attributes to *also* store ACL information. ACL information
will be stored under a different attribute, which in this case is called
While testing my Samba configuration, I found that permissions are being set
to 'special' for directories being copied from Windows instead of the ACL
being fully populated. Does Samba 3.6 fully implement ACLS, or are there
further configuration steps for storing the ACL information for
FYI. I've just committed a jumbo ACL patch for v3-6-test (and am currently
looking at backporting this to 3.5.x) which I hope will fix several issues
with storing ACLs in xattrs and getting full Windows ACL compatibility.
That would be *very* nice, especially the backporting to 3.5.x part!
It seems that Samba in this version is sensitive to local characters in passwd
or tdb files (swedish in this case). In Samba 3.2.5 this wasn't an issue AFAIK.
Do you have the appropriate charset parameters for Swedish?
--
To unsubscribe from this list go to the following URL and read the
Note, I have used a TDB for ACLs since I have extended attributes enabled on
the file system level to store timestamp information.
As Michael Wood pointed out in a reply to you, the tdb is to be used
when your filesystem does
NOT support extended attributes.
You can use Extended Attributes
We've been using samba 3.3.9 with vfs_acl_xattr for some time now, and we do
have one issue - when someone moves a file from one place to another (in
Windows), it keeps the old ACLs instead of inheriting the new ones. I understand
why this is happening (moving as opposed to copying, which
Now, I have a few issues:
- profiles on the fileserver are created in $HOME/profile instead of what I
expected, /var/samba/profiles/) .
From the smb.conf man page:
logon path (G)
This parameter specifies the directory where roaming profiles (Desktop,
NTuser.dat, etc) are stored.
--
To
(My last suspision is, that win7 is doing the machine authentication
in a different [encryption)] way as the XP machine are doing
that as XP machines do not have that problem)
Maybe this is related to your problem:
At work we have a couple of Oki C5550MFP multifunction printers that
scan
I was in the process of setting up a new Samba 3.5.4 PDC with LDAP
backend, over CentOS 5.5, when I came across a very strange behavior.
After executing the smbladp-populate script, I was trying to grant the
needed privileges to the group Domain Admins in order no to use root
to manage the
This raises the following question:
With the privileges system in place, isn't the use of the username map
= /etc/samba/smbusers somewhat of a historical relic?
Perhaps the username map default should be changed to no value. It
could then be used if needed by some users but the current
I'm having trouble connecting my windows 7 machine to my Samba server that i
set up on a FreeBSD VM. The FreeBSD version is 7.2 and the samba version is
3.
You need at least version 3.3 of Samba.
There's useful information here:
http://wiki.samba.org/index.php/Windows7
hosts allow =
I got my samba PDC / LDAP system to the point, that users can login.
But they can't change there password from the windows pc.
Can somewone tell me which settings may I check? Or can point me to a
how to?
The posix password should be changed to.
I use ldap passwd sync = yes in
Miguel tip worked for me. In my smb.conf i't specified that users
should run %G.bat, so i removed this attribute ( smbldap-usermod -E
user ) and WORKED. This is something that is documented somewhere
and i missed?
I suspected that this would be the problem because I had already banged
my
But it happens that when i create a new user, the sambaLogonScript
entry in the ldap database is set to %G.bat, exactly the entry i MUST
NOT have to load the script. Since i'm expanding my network and tons
of new users are coming, i trying to keep things very organized. I'll
need to change
All my users are set with %G.bat in the ldap backend, but the vast
majority of the users are not running the scripts, or running partially.
I also have my logon scripts set to %G.bat and they run perfectly.
Are your scripts in DOS format? They must be, because they are read by
the Windows
One more thing: are your permissions correct? The users must have Read
access to the logon script files.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Maybe you should upgrade your smbldap-tools?
I am using both 0.9.5-1 and 0.9.6-pre1 and both create the entries you
describe in your first post.
I used the -a switch only and all the attributes you quote are filled.
With the versions I use it is also possible to specify custom LDAP
is there a current site that is maintaining smbldap-tools?
https://gna.org/projects/smbldap-tools/
where is 0.9.6?
At the maintainer's site:
http://www.iallanis.info/
It is currently unavailable but it happened before and it always came
back. Maybe it will one again.
Search for
Which version of smbldap-tools are you using?
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Is there any piece of software that I can use to run between a client
and a linux or windows server with a smb/cifs share that will test
network speed, latency, sustained read/writes, multiple file create,
read, write, close, etc.. etc.. over X period time?
iperf
That should really work. I have several Samba servers with Windows XP
clients and with all of them client-made changes are immediately
reflected in Windows Explorer.
Apparently the smb.conf setting fam change notify = yes represents the
default value
fam change notify? From version
ACLs?
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
I compiled and installed samba 3.5.2 on centos 5.4. Everything installed
successfully but starting smbd shows following error
./sbin/smbd: error while loading shared libraries: libwbclient.so.0: cannot
open shared object file: No such file or directory
Do you have some particular
May be this question asked earlier in list but i didn't able to search
exact . I have samba+ldap domain setup on RHEL 5.1 and samba version is
3.0.28. Today i got a windows 7 system , but i am not able to join that
system in our samba+ldap domain. Do i need to do any registry tweaking. I
On 2010-04-16 12:20, Miguel Medalha wrote:
May be this question asked earlier in list but i didn't able to search
exact . I have samba+ldap domain setup on RHEL 5.1 and samba version is
3.0.28. Today i got a windows 7 system , but i am not able to join that
system in our samba+ldap domain
From some time I am testing extended ACLs (acl_xattr and acl_tdb).
Could someone tell me why when I am syncing files over rsync the extended acls
are not moved
Are you using the appropriate rsync switch to copy Extended Attributes?
From rsync man page:
-X, --xattrs
This option causes rsync
A small test gives me total other numbers :-( .
xfs can store 21 to 26 ACEs. It depends on the size of gidnumber.
ext3 may store 503 to 513 ACEs, also depending on the size of gidnumber.
The test bed:
fresh created /home partitions with:
mkfs.xfs -f /dev/hda6
for xfs, and
mkfs.ext3
Shall I call you god now? :-)
No me. Err, wikipedia:
Why invoke wikipedia when man attr is at hand?
Quote:
This document describes the attr command, which is mostly compatible
with the IRIX command of the same name. It is thus aimed
Does anyone know how many ACLs can be stored on file system (xfs) using
acl_xattr module and in file file_ntacls.tdb?
There's something I would really like to know! But somehow it seems to
be a secret of the gods that us mere mortals are not allowed to penetrate...
--
To unsubscribe
If I remember correctly XFS used to have a size limit of 64KiB per
xattr.
What about ext3 ext4?
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
LDAP Account Manager (LAM) 3.0.0 - March 24th, 2010
===
LAM is a web frontend for managing accounts stored in an LDAP directory.
I just installed this new version on a CentOS machine and I immediately
got the following error:
Your PCRE
we have just upgraded one of our very old Linux/Samba servers to version
3.4.2. After the upgrade, the Windows 95/98 clients cannot login to the
server anymore. In the log I see 'NT_STATUS_ACCESS_DENIED' messages for
these clients.
The key word here is very old. Meanwhile, some Samba
1 - 100 of 272 matches
Mail list logo