Re: [Samba] PDC and "group" question
Am Mittwoch, den 06.05.2009, 12:31 -0700 schrieb MargoAndTodd: > Hi All, > >I just upgraded a workstation server to a PDC server. > I am using tbdsam as my user database. > > Question 1: As a workgroup server, I created my groups > in /etc/group (groupadd). Is this still the case? > Do I also need to tell Samba about a different database > for groups? I am not quite sure, I understand your question correctly: probably you will want to use commands like # net groupmap add ntgroup="Domain Admins" unixgroup=wheel type=d rid=512 which would map the Windows group "Domain Admins" to the local UNIX group wheel and so on. See the documentation on samba.org for more details examples. Greetings Uli. > Question 2: occasionally I get asked for the user > with "administrator's" privileges. Do I need to create > a group called "administrators" (with an "s") and > populate it with "root", "todd" (me), etc.? > > Many thanks, > -T -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] I have to keep removing and readding systems to my domain:
On Wed, 4 Oct 2006, Bruce Ballou wrote: Hello, Issue: I have to keep removing and readding systems to my domain: I have a FreeBSD (4.2) back end running samba-2.2.8a At the end/beginning of each month a lot of my Windows XP (sp2) clients have to be removed from the domain and then readded. I cannot isolate why this is happening, and it is driving me crazy... I have been running Samba-2.x and 3.x on FreeBSD 4.x , 5.x and 6.1 with WinNT4, Win2k and WinXP clients and never seen anything like that. - Perhaps your server hardware is growing old? (Defect CPU fans, system clocks cause extremly strange problems, not to talk about bad NICS) - Perhaps one of your switches/routers is defect? (Everything including a complete freeze of the server might happen. Do your clients perhaps hang on the same switch?) This might be a good chance for you to acquire/test/setup some new Hardware :-) Regards, Uli. +-+ | Peter Ulrich Kruppa | | - Wuppertal - | | Germany | +-+ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] XP/W2K on Samba 3
On Wed, 4 Oct 2006, Paul-Erik Törrönen wrote:
I'm going to side on B_Kloss here, since I grew frustrated with the
local profiles a long time ago.
On Tue, 2006-10-03 at 19:46 +0200, Peter Ulrich Kruppa wrote:
This is working fine, but as soon as a user is logging into the
domain on one of the WIN2000 or XP-clients for the first time on this
client, the client is creating a local user-directory.
Are you sure this is a problem?
As long as you have enough diskspace, I don't see what should be
Remember that all the settings are also per computer, which in turn
means that the user will in the end do a set up of his desktop n times
(n equals the computers available). Also the application settings need
to be manually copied/set each time. This becomes very frustrating in no
time for the normal user, and roaming profiles can fix that. And if the
user decides to change some setting, well...
This is absolutely correct, but B_Kloss mentioned Win98 clients.
I don't think they can use Win2k/WinXP roaming profiles.
If B_Kloss' users tend to use just 2 or 3 favourite computers,
this won't be too much setup for them and he will save a lot of
network traffic, produced by down- and uploading the profiles.
However there are a few things which needs to be addressed, as pointed
earlier.
1. The mixing of W2k and WXP will create some fabulous fireshows,
non-lethal but nonetheless spectacular.
Yes, but this will surely work.
2. Due to the way how the profile is managed in Windows,
copy-all-on-login-from-server, copy-all-on-logout-to-server, the normal
user must be made aware of this. Don't save anything on the desktop,
instead use the X: (automatically mounted to \\yourserver\).
Minimize the browser cache. Configure applications to explicitly use a
local tmp-dir (usually setting the TMP and TEMP-variables on the
workstation suffices). And anything else that minimizes the size of the
profile directory.
Just out of interest: Do you delete the roaming profiles
after log off or do you leave them on the local machine?
3. Occasionally the profile goes *bonk* on the workstation. Usually
removing the local copy is enough but nonetheless requires
administrative action.
And probably some other things which my scarred memory supresses.
As for setting up the shared profiles, the keywords in smb.conf are:
[Global]
logon drive = X:
logon path = \\%L\profiles\%U
logon script = scripts\logon.bat
[netlogon]
path = /path/to/netlogon
read only = no
nt acl support = Yes
[profiles]
comment = Roaming Profile Share
path = /path/to/profiles
read only = no
profile acls = Yes
nt acl support = Yes
Uli.
+-----+
| Peter Ulrich Kruppa |
| - Wuppertal - |
| Germany |
+-+--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] XP/W2K on Samba 3
On Tue, 3 Oct 2006, B_Kloss wrote: Okay, let me try to explain it the simple way as I understand it. We are running a debian-server with debian-clients and also a mixture of WIN98SE, WIN2000 and XP-clients. Users are logging in from all these four types of clients. They have one personal share on /home/username accessible from all types of clients (via SAMBA for Win-clients). This is working fine, but as soon as a user is logging into the domain on one of the WIN2000 or XP-clients for the first time on this client, the client is creating a local user-directory. Are you sure this is a problem? As long as you have enough diskspace, I don't see what should be wrong about that. All your users have to know is, that they have to save their work in their home shares to make it accessible from all machines. And your Linux Boxes can't use Windows profiles anyway. Regards, Uli. In a first step I would like to avoid this creating of local user-directories, because after a while each user has a local home-directory on every win2000/XP-client. Opening the explorer he should only find one home directory, which is his samba-share on the server. In a second step it would be great, if he is trying to save data, WORD or what ever automatically offers the users samba-share for saving data. What I do not want to offer is a personal desktop that is available from every computer he is logging in. I want to have the Win2000 or XPdesktop the same for all users. They can use the Linux-KDE-computers if they want their own desktop. How can this be achieved? Thank you for helping. Am Dienstag, 3. Oktober 2006 15:09 schrieb Aaron Kincer: I am not sure from Bernd's email what he is trying to accomplish, but there are things to consider if you are trying to do roaming profiles. With the volume of data often stored in today's profile, it is non-trivial to enable this option and I do not recommend doing so for the average user. There are other ways to accomplish some of the benefits of profiles without the mess. The first thing is to decide what you want to accomplish and then find the solution that best fits those needs. Bruno Rodrigues Neves wrote: Greetings! So Bernd, previously I wanted do the same, but I didn´t get success because the profiles from Windows 2000 and Windows XP are differents (when a user logs in on a Windows 2000 and after that he tries to log in on a Windows XP, it returns some errors)... But, if you want, you can look for the "profiles section" that will avoid you do that. When you configure it with this option, the Windows client will use remote profiles automagically! : ) [ ]´s On 10/3/06, Bernd Kloss <[EMAIL PROTECTED]> wrote: Hello, maybe it is not the right place to ask Windows-related questions, but i'll give it a try. I am running a Debian-Etch-Server with Samba 3 and Windows2000 and XP-clients. Everything is working fine except: For every user logging in from a Win-client, the client generates a local user-profile and local user-directories. What has to be done within Samba and what has to be done on the clients to avoid that and get all userdata stored in the user's share. Thank you! ___ Viren-Scan für Ihren PC! Jetzt für jeden. Sofort, online und kostenlos. Gleich testen! http://www.pc-sicherheit.web.de/freescan/?mc=02 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba +---------+ | Peter Ulrich Kruppa | | - Wuppertal - | | Germany | +-+-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Domain users can't use local hardware peripherals
Hi! I wonder if there is a way to permit domain users to access hardware connected locally to their workstations (CD/DVD burner, scanner)? On Win2k and XP this only seems to be possible for local users - or am I missing something? (BTW my PDC runs Samba-3.0.5.) Thanks and regards, Uli. +-+ | Peter Ulrich Kruppa | | - Wuppertal - | | Germany | +-+ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] admin users
Hi!
I have setup a PDC with Samba-3.0.5 and I want to give root and
@wheel administrative rights on all workstations
(partcularily for installing software). It seems, setting
admin users = root, @wheel
in [global] doesn't suffice. Am I missing something?
Regards and
thanks for your answers,
Uli.
+-+
| Peter Ulrich Kruppa |
| - Wuppertal - |
| Germany |
+-+
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] nmbd absolutely needed?
On Thu, 1 Jul 2004, Dan Hollis wrote:
Replies in email as im not subscribed to the list.
If we have all our windows clients accessing our samba shares by ip
address, do we need to have nmbd running or can I shut it off?
Theoretically: no.
Since we don't know any details about your network layout:
Kill nmbd (or stop it in swat) and see what happens. I guess you
won't be able to browse your network-enviroment anymore.
Perhaps you can't find printers attached to some machines
anymore?
Uli.
-Dan
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
+-+
| Peter Ulrich Kruppa |
| - Wuppertal - |
| Germany |
+-+
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] XP-client logs in, but does not load profile from server and only uses a local one.
On Mon, 28 Jun 2004, Navid Zamani wrote:
Hi to all,
i'm new to the mailing list, because i already searched the whole list and
google fot this, but i could not find anything:
I have set up a cute Samba 3 PDC as described here:
http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection.html#id2498710
In fact the setup is nearly exactly the same. (I've just added one more
share.)
In fact setting up the profiles is the biggest problem with
samba. Here are some things you might check:
Then i used a XP client to load a local profile to \\%L\Profiles\%u\ like
described in the howtos (forgot where it was) and logged in with that new
user in the domain.
1) You have distinguish the share name in [...] from the the unix
path. So if your service is called \\%L\Profiles\%u\ in
[global] section, then you need to have a section [Profiles]
with the correct UNIX path, p.ex. /usr/local/profiles .
Small typos like /usr/local/Profiles or [profile] will make it
unavailable.
By the way: I use a capital %U and no slash at the end. I
don't know if that makes a difference.
2) The user profile directory has to exist before the first
login. XP can fill up the user profile directory but not
create one. You can create the directories manually or in case
you need very many profiles, there exist simple scripts which
create them for you.
3) The user needs to own his profile and he needs full
permissions on it. See your system's manuals about chown and
chmod .
These were my ideas: I hope one of them helps.
Uli.
+-+
| Peter Ulrich Kruppa |
| - Wuppertal - |
| Germany |
+-+
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3.0.4 : cannot join domain with w2k clients.
On Fri, 25 Jun 2004, HM wrote:
Hello all.
I'm trying since a few jours to get my w2k clients join my domain, managed by
my samba 3.0.4 PDC, without success. I can browse the server, share files
with it with my station, but i can't join the domain. When i try to, i get
the following message (sorry for the poor translation) :
The following error occurred while trying to join domain 'SLS' :
Failed to open a session : username unknown or invalid password.
And another useful (?) hint:
1) Completely delete the samba machine account:
# smbpasswd -x machine$
2) Do check ../private/smbpasswd if it is really gone and
nothing like machine without $ is still in there.
3) Setup the account anew
# smbpasswd -a -m machine$
Good Luck,
Uli.
+-+
| Peter Ulrich Kruppa |
| - Wuppertal - |
| Germany |
+-+
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba config
On Thu, 24 Jun 2004, chris wrote: Hi Im having difficulty configuring Samba running on FreeBSD. Samba version is 2.2.8a. The scenario is that we have an NT4 domain and I am looking to migrate the printers onto Samba. All of the printers are connected via print servers, mainly HP JetDirect. As far as security is concerned I am happy for guest/anonymous logon as the server will only be used for printing but I have set security to domain and added samba to the domain. Here is a smb.conf file for a standalone printer server with cups on FreeBSD: . # Global parameters [global] netbios name = SMALL security = SHARE passdb backend = guest ldap ssl = no hosts allow = 192.168.10. [hpdj] path = /var/spool/samba guest ok = Yes printable = Yes use client driver = Yes /var/spool/samba is set to drwxrwxrwt 2 root wheel512 19 Jun 11:47 samba (You do this with # mkdir samba # chmod 1777 samba ) And: enable application/octet-streamin /usr/local/etc/cups/mime.types and application/octet-streamapplication/vnd.cups-raw 0 - in /usr/local/etc/cups/mime.convs Hope this helps, Uli. +-+ | Peter Ulrich Kruppa | | - Wuppertal - | | Germany | +-+-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming profiles on a small network
On Sun, 14 Mar 2004, Matt Janes wrote:
> Hi list,
>
> I intend to run an old pentium 133 as a linux-based fileserver on my home
> network (I have to use windows for my main machine and laptop!) Im having
> great diffiuculty synching the data, email, etc on my laptop and desktop, so
> I thought I might configure samba to act as a DC and use roaming profiles to
> make sure that my data is always synched.
Last summer I did a setup like this for learning purposes on a
P75 with 16MB RAM and it worked (not really fast of course, but
it was ok.).
It even worked with more then two machines and users.
> My question is this: is it worth
> the effort?
Yes, if you want to learn something about Linux and networking,
but this will need some time and a lot of trial and error.
The simplier way would be to use a webmail account and to save
your files on a USB stick, which can be plugged in and out
everywhere.
Regards,
Uli.
+-+
| Peter Ulrich Kruppa |
| - Wuppertal - |
| Germany |
+-+
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: AW: [Samba] [profiles] server seperate from PDC ?
Hi matze!
On Fri, 12 Mar 2004, Matthias Spork wrote:
> Then mount this share at the old server and move the
> profiles with all permissions to the new server.
Is this the way it works?
I tried the other way round today: I smbmounted the old share on
the new server and all profiles I could see were owned by root:wheel
(which wouldn't work).
Or do you use nis/nfs?
Uli.
+-+
| Peter Ulrich Kruppa |
| - Wuppertal - |
| Germany |
+-+
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] [profiles] server seperate from PDC ?
Hi! Due to performance problems (old donated hardware) I would like to move [profiles] service from our Samba 2.2.8a PDC to a seperate samba server. 1) Is this at all possible and 1b) how do I make this profile server know all necessary user data and file permissions? - Does it simply have to become a domain member server? Or do I have to transfer the UNIX accounts, too? or 2) are there better alternatives? Thanks for all ideas or hints. Please tell me if you need more information. Regards, Uli. +-+ | Peter Ulrich Kruppa | | - Wuppertal - | | Germany | +-+ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] WINS, must be master browser?
On Mon, 2 Feb 2004, Thomas Spuhler wrote: > I do the settings with SWAT No problem: Klick on the "View"-Button. There you will see all settings you did for section [global] . Uli. > Tom > > On Mon, 2004-02-02 at 15:07, Peter Ulrich Kruppa wrote: > > On Fri, 30 Jan 2004, Peter Ulrich Kruppa wrote: > > > > > On Fri, 30 Jan 2004, Tim Smith wrote: > > > > > > So you want to make your samba machine a Primary Domain > > > Controller (PDC) ?! > > > > > > > > > > > here is the global section of my smb.conf > > > > [global] > > > > workgroup = laboratory > > > > os level = 2 > > > > kernel oplocks = No > > > > security = user > > > > encrypt passwords = Yes > > > > guest account = Nobody > > > > map to guest = Bad User > > > > > > > > in this config samba will not win browser elections. I know the NT4 > > > > machine will win all browser elections, it's the only difference i can > > > > think of. > > > You will also need something like this: > > > wins support = yes > > > local master = yes > > > preferred master = yes > > > os level = 65 > > And you also set this stuff in [global] ? > > > > > > > > Anyway, you should read the Samba-Howto-Collection for details > > > (either found locally via swat or on www.samba.org ---> > > > documentation). > > > > Uli. > > > > +-+ > > | Peter Ulrich Kruppa | > > | - Wuppertal - | > > | Germany | > > +-+ > -- > > +-+ | Peter Ulrich Kruppa | | - Wuppertal - | | Germany | +-+ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] WINS, must be master browser?
On Fri, 30 Jan 2004, Peter Ulrich Kruppa wrote: > On Fri, 30 Jan 2004, Tim Smith wrote: > > So you want to make your samba machine a Primary Domain > Controller (PDC) ?! > > > > > here is the global section of my smb.conf > > [global] > > workgroup = laboratory > > os level = 2 > > kernel oplocks = No > > security = user > > encrypt passwords = Yes > > guest account = Nobody > > map to guest = Bad User > > > > in this config samba will not win browser elections. I know the NT4 > > machine will win all browser elections, it's the only difference i can > > think of. > You will also need something like this: > wins support = yes > local master = yes > preferred master = yes > os level = 65 And you also set this stuff in [global] ? > > Anyway, you should read the Samba-Howto-Collection for details > (either found locally via swat or on www.samba.org ---> > documentation). Uli. +-+ | Peter Ulrich Kruppa | | - Wuppertal - | | Germany | +-+ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] WINS, must be master browser?
On Fri, 30 Jan 2004, Tim Smith wrote:
> i have an NT4 server and a linux samba server. the NT4 server is
> currently the WINS server. it works perfectly. i want to ditch it and
> use my samba server as the WINS server, however WINS simply does not
> work. could this be becuase the WINS server also needs to be the local
> master browser?
So you want to make your samba machine a Primary Domain
Controller (PDC) ?!
>
> here is the global section of my smb.conf
> [global]
> workgroup = laboratory
> os level = 2
> kernel oplocks = No
> security = user
> encrypt passwords = Yes
> guest account = Nobody
> map to guest = Bad User
>
> in this config samba will not win browser elections. I know the NT4
> machine will win all browser elections, it's the only difference i can
> think of.
You will also need something like this:
wins support = yes
local master = yes
preferred master = yes
os level = 65
Anyway, you should read the Samba-Howto-Collection for details
(either found locally via swat or on www.samba.org --->
documentation).
Regards,
Uli.
+-+
| Peter Ulrich Kruppa |
| - Wuppertal - |
| Germany |
+-+
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Username/Password not passed to Samba
username and password I typed in the > WinXP log-on dialog box. Am I right and if so can anybody tell me what's > wrong? I've tried with and without the registry hack, I've tried the two > regular users in my smbpasswd file and root. Also, there is a machine > account for this machine. Lastly, don't know how it could make a difference > but, another WinXP box was joined to the domain with the same netbios name > during testing. > > Thanks in advance, > Daniel Auman > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > +-+ | Peter Ulrich Kruppa | | - Wuppertal - | | Germany | +-+ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Anonymous printing and howto, dumb questions :-)
On Mon, 29 Dec 2003, Beast wrote: > > In samba howto collection it says : > ... > Dont use it if you want to protect your passwords. Better share the printer in > a way that does not require a password! Printing will only work if you have a > working netbios > name resolution up and running. > > How to set "anonymous shared printer" in Win 2000? > even if I give permision to anyone, Win refuses to gives list. I guess you want is a standalone printer which serves everyone on your local network. I use cups and this simple smb.conf # Samba config file created using SWAT # from 127.0.0.1 (127.0.0.1) # Date: 2003/12/29 08:09:35 # Global parameters [global] netbios name = SMALL security = SHARE passdb backend = guest ldap ssl = no hosts allow = 192.168.10. [hpdj] path = /var/spool/samba guest ok = Yes printable = Yes use client driver = Yes My /var/spool/samba is set to drwxrwxrwt . For the details - of course - you have to google around, since I don't know your OS and your printer. Hope that helps a bit. Uli. > > [EMAIL PROTECTED] SAMBA-NEW]# smbclient -L nt10-jkt > Password: > Anonymous login successful > > Sharename Type Comment > - --- > Error returning browse list: NT_STATUS_ACCESS_DENIED > Anonymous login successful > > > > --beast > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > +-+ | Peter Ulrich Kruppa | | - Wuppertal - | | Germany | +-+ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] user name with a dot not working
On Tue, 16 Dec 2003, Robert Nedbal wrote: > Hello, > I'm having problems with user names containing a dot. For example > "j.smith". I always use j_smith . This works without mapping and does the same. Regards, Uli. > > In our network we have Win2K PDC and a Samba server. smb.conf contains > this: > [global] > security = domain > password server = MYSERVER > username map = /etc/samba/smbusers > [myshare] > valid users = j.smith > write list = j.smith > etc... > > /etc/samba/smbusers file contains this: > jsmith = j.smith > > And Linux box with Samba server has an account for user 'jsmith' > (/home/jsmith). > > So I'm trying to map 'j.smith' (windows user name) to 'jsmith' (linux user > name). But the problem is that when I try to access shares on samba server > I get NT_STATUS_WRONG_PASSWORD. I'm sure the password is entered > correctly. > > [EMAIL PROTECTED] me]$ smbclient //SAMBASRV/webpages -U 'j.smith' > added interface ip=10.92.32.33 bcast=10.92.255.255 nmask=255.255.0.0 > Password: > Domain=[MYDOMAIN] OS=[Unix] Server=[Samba 2.2.7a-security-rollup-fix] > tree connect failed: NT_STATUS_WRONG_PASSWORD > > and in a log file on samba server I see: > [2003/12/16 17:53:39, 0] smbd/password.c:authorise_login(863) > authorise_login: rejected invalid user nobody > ^ <-- this is strange! > (why nobody?) > The same error I get from windows clients. > > When I intentionally enter wrong password, I get in log file this: > [2003/12/16 17:11:50, 0] smbd/password.c:domain_client_validate(1619) > domain_client_validate: unable to validate password for user J.SMITH in > domain MYDOMAIN to Domain controller MYSERVER. Error was > NT_STATUS_WRONG_PASSWORD. > > When I inetntionally enter wrong user name, I get in log file this: > [2003/12/16 17:12:02, 0] smbd/password.c:domain_client_validate(1619) > domain_client_validate: unable to validate password for user X.SMITH in > domain MYDOMAIN to Domain controller MYSERVER. Error was > NT_STATUS_NO_SUCH_USER. > > > When I remove 'jsmith = j.smith' from /etc/samba/smbusers and change unix > user to 'j.smith', everythig starts working. But I would like to use on > Linux usernames without a dot. > > Thanks for your help, any ideas? > > Best regards, > Robert > > -- > > Robert Nedbal - Czech Technical University in Prague, Czech Republic > email: [EMAIL PROTECTED] http://www.sh.cvut.cz/~robik/ > /* Debuggers are evil. Never ever trust them. */ > ---- > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > +-+ | Peter Ulrich Kruppa | | - Wuppertal - | | Germany | +-+ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Forcing Users to change passwords.
On Fri, 12 Dec 2003, Todd O'Bryan wrote: > Does anyone know of an add-on you can use with a Windows domain to > check the security of the password before it allows a change? With a > terminal server system I had, the server complained if the password was > too close to a dictionary word, too close to the student login, 7 > digits (i.e., looked like a phone number), etc. > > I'm sure my students (I teach high school, too) have picked really bad > passwords, too, but I have no good way to enforce the picking of good > ones. I wouldn't worry about that: My students either forget their passwords automatically after 90 days or they tell them their 15 best friends. The only real security problem are my colleagues: they write them on the cover of their calendars. Better watch out which permissions you give to whom. Regards, Uli. > > Todd > > On Dec 12, 2003, at 3:30 AM, Ross McInnes (Systems) wrote: > > > i totally agree. unfortunatly my user base is mostly 16-18 year olds. > > getting them to put anything other than thier football team, phone > > number > > or boyfriend/girlfriend's name is quite a task in it self. > > > > Many Thanks > > > > Ross McInnes > > > > On Wed, 10 Dec 2003, Todd O'Bryan wrote: > > > >> What's the latest research on this? I heard it's better to make users > >> pick something secure and stick with it, because if you force people > >> to > >> change, they're likely to pick less secure passwords and do stupid > >> things with them, like write them down or something. Changing every 3 > >> months doesn't seem terrible, but it's still a big pain. > >> > >> Todd O'Bryan > >> On Dec 10, 2003, at 8:28 AM, Ross McInnes (Systems) wrote: > >> > >>> Recently we were audited and as part of that they looked at our > >>> systems > >>> and policies etc and produced a report. > >>> > >>> As part of that report they mentioned about forcing users to change > >>> thier > >>> passwords every 90 days or so. > >>> > >>> They also mentioned about disabling accounts after 3 login attempts. > >>> > >>> Im pretty sure both can be done on NT, but id rather stick with rh > >>> and > >>> samba thanks ever so much. > >>> > >>> Can samba does these things? even if its a tinkering kind of job? > >>> > >>> Many thanks > >>> > >>> Ross McInnes > >>> > >>> -- > >>> To unsubscribe from this list go to the following URL and read the > >>> instructions: http://lists.samba.org/mailman/listinfo/samba > >> > >> > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > +-+ | Peter Ulrich Kruppa | | - Wuppertal - | | Germany | +-+ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba as PDC
On Tue, 9 Dec 2003, Matthew D. Smith wrote: > I do not have it setup as a wins server, wasnt sure if i needed to or > not. You have to, if you whish to set up a real PDC with logon service, server based user homes, profiles and so on. If you just want to share some some directories or printers, you don't. You also would have to set wins support = yes in your global section. Uli. > And when i turn on pings with my firewall, yes I can ping my > PDC. > > Thanks for the help so far. > > > Peter Ulrich Kruppa wrote: > > >On Mon, 8 Dec 2003, Matthew D. Smith wrote: > > > > > > > >>Trying to setup samba as a PDC, but i cannot get my windows XP Pro boxes > >>to join the domain. When i go to join them, it tells me that the domain > >>server cannot be found. > >> > >> > >Did you set your PDC's IP as WINS server on your XP box? > >(And, of course, can you ping the PDC from your XP machine?) > > > >Regards, > > > >Uli. > > > > > > > >>Below is my smb.conf file. I have already > >>applied the necessary XP pro registry patch. I have followed the > >>directions as outlined @ > >>http://www-106.ibm.com/developerworks/eserver/tutorials/samba.html and > >>have also referenced the Samba-PDC how-to. Any suggestions? > >> > >>BEGIN SMB.CONF > >>_ > >> > >># Global Parameters > >> > >>workgroup = synner > >>netbios name = samba > >>encrypt passwords = yes > >>security = user > >>domain logons = yes > >> > >>os level = 65 > >>preferred master = yes > >>domain master = yes > >>local master = yes > >> > >>logon path = \\%n\profiles\%u > >> > >>logon drive = s: > >>logon home = \\samba\%u > >> > >>add user script = /usr/sbin/useradd -d /dev/null -g machines -s > >>/bin/false -M %u > >> > >>[netlogon] > >>; comment = Network Logon Service > >>path = /var/lib/samba/netlogon > >>guest ok = yes > >>writeable = no > >>share modes = no > >> > >>[homes] > >>read only = no > >>browseable = no > >> > >>[music] > >>path = /data/mp3 > >>browseable = yes > >>public = yes > >> > >>[apps] > >>path = /data/apps > >>browseable = yes > >>valid users = @admins, root > >>write list = @admins, root > >> > >>Thanks for all your help. > >> > >>-Matt > >> > >> > >> > >> > >>-- > >>To unsubscribe from this list go to the following URL and read the > >>instructions: http://lists.samba.org/mailman/listinfo/samba > >> > >> > >> > > > > +-+ > > | Peter Ulrich Kruppa | > > | - Wuppertal - | > > | Germany | > > +-+ > > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > +-+ | Peter Ulrich Kruppa | | - Wuppertal - | | Germany | +-+ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba as PDC
On Mon, 8 Dec 2003, Matthew D. Smith wrote: > Trying to setup samba as a PDC, but i cannot get my windows XP Pro boxes > to join the domain. When i go to join them, it tells me that the domain > server cannot be found. Did you set your PDC's IP as WINS server on your XP box? (And, of course, can you ping the PDC from your XP machine?) Regards, Uli. > Below is my smb.conf file. I have already > applied the necessary XP pro registry patch. I have followed the > directions as outlined @ > http://www-106.ibm.com/developerworks/eserver/tutorials/samba.html and > have also referenced the Samba-PDC how-to. Any suggestions? > > BEGIN SMB.CONF > _ > > # Global Parameters > > workgroup = synner > netbios name = samba > encrypt passwords = yes > security = user > domain logons = yes > > os level = 65 > preferred master = yes > domain master = yes > local master = yes > > logon path = \\%n\profiles\%u > > logon drive = s: > logon home = \\samba\%u > > add user script = /usr/sbin/useradd -d /dev/null -g machines -s > /bin/false -M %u > > [netlogon] > ; comment = Network Logon Service > path = /var/lib/samba/netlogon > guest ok = yes > writeable = no > share modes = no > > [homes] > read only = no > browseable = no > > [music] > path = /data/mp3 > browseable = yes > public = yes > > [apps] > path = /data/apps > browseable = yes > valid users = @admins, root > write list = @admins, root > > Thanks for all your help. > > -Matt > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > +-+ | Peter Ulrich Kruppa | | - Wuppertal - | | Germany | +-+ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba PDC on FreeBSD question
On Tue, 4 Nov 2003, [EMAIL PROTECTED] wrote: > Evening everyone. > > I am going to be changing our current Samba PDC running Red Hat, to a > FreeBSD server. > > I was curious if anyone out there, who is currently using FreeBSD as a PDC > could give me their feedback on how it is working. Also, if they had any > suggestions or recommendations regarding Samba on FreeBSD. Maybe even what > they like and dislike about it. I started running a Samba (2.2.8a)PDC on FreeBSD (4.8-RELEASE) in our school in summer. It seems to work well. > > I would imagine, it should be the same as on Linux, but I thought i'd ask > here, to see what other peoples experiences were with FreeBSD and Samba. > > I'm also thinking about using OpenLDAP as well, on the backend for accounts > as well. I tried that, but gave up - too complicated (for me). Uli. > > I appreciate everyone who shares their experiences with me. > > Cheers, > > Jason > > > mail2web - Check your email from the web at > http://mail2web.com/ . > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
=?x-unknown?q?Re=3A_R=E9f=2E_=3A_=5BSamba=5D_Samba_PDC_and_?==?x-unknown?q?Windows_2000_roaming_profiles_problem?=
On Thu, 30 Oct 2003, Pete wrote: > The nt acl support is yes by default if I read the man pages correct. When I > tried to put profile acls = yes, during user login process the windows > complain error about could not load profile and made a copy from existing > profile (user.001). Any other ideas? Did you check the UNIX-permissions of your profile directories? Each profile directory should be owned by its user and he should have read-write-execute permission in it. Regards, Uli. > > Pete > > > >From: [EMAIL PROTECTED] > >To: "Pete " <[EMAIL PROTECTED]> > >Subject: Réf. : [Samba] Samba PDC and Windows 2000 roaming profiles problem > >Date: Thu, 30 Oct 2003 09:00:23 +0100 > > > > > >could you add these parameters : > > > >nt acl support = yes > >profile acls = yes > > > >--- > >Stéphane PURNELLE [EMAIL PROTECTED] > >Service Informatique Corman S.A. Tel : 00 32 087/342467 > > > > > > > > "Pete " <[EMAIL PROTECTED]> > > Envoyé par : > >Pour : [EMAIL PROTECTED] > > [EMAIL PROTECTED] > >cc : > > .samba.org > >Objet : [Samba] Samba PDC and Windows 2000 roaming profiles problem > > > > > > 30/10/2003 08:28 > > > > > > > > > > > > > >I have strange problem with Samba PDC and windows 2000 pro (sp3 and sp4) > >clients. The Samba is acting as PDC and the windows are joined in the > >domain > >with roaming profiles to users. Everything works fine until I log out from > >windows or shutdown the workstation. During logout or shutdown process the > >roaming profile is unloaded back to Samba server. When I next time log in > >or > >start the windows and examine the windows aplication log I found the > >following: > > > >Windows cannot unload your registry file. If you have a roaming profile, > >your settings are not replicated. Contact your administrator. > > > >DETAIL - Access is denied. , Build number ((2195)) > > > >This happens randomly and when it happens the logout from windows took > >quite > >long time. At same time the files under roaming profile aren´t updated. > >Atleast timestamps in the files are not updated (example NTUSER.DAT). It > >seems that this happens in Samba versions 2.2.5 and 2.2.7. File permissions > > > >are set 1757 at the /home/samba/profiles and the profiles sections in > >smb.conf is following: > > > >[profiles] > > path = /home/samba/profiles > > browseable = no > > read only = no > > create mask = 0700 > > directory mask = 0700 > > > > > >Pete > > > >_ > >Add photos to your e-mail with MSN 8. Get 2 months FREE*. > >http://join.msn.com/?page=features/featuredemail > > > >-- > >To unsubscribe from this list go to the following URL and read the > >instructions: http://lists.samba.org/mailman/listinfo/samba > > > > > > > > > > _ > STOP MORE SPAM with the new MSN 8 and get 2 months FREE* > http://join.msn.com/?page=features/junkmail > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows 2003 Joins SambaPDC but cant login
On Thu, 30 Oct 2003, Ariel Molina Rueda wrote: > > I have a Samba as Primary Domain Controller, and a Windows 2003 Server > machine that joins to the Domain, but when i reboot i cant log in. I > receive a message like: Cant login, the Doiman Controller is not avaiable > or unreachable. Thus i cant login to the domain. I had exactly the same problem with some Win2k workstations: I set up new machine accounts with new names and changed (as local Administrator) the workstations's names to the new ones. "Somehow it worked" (registered trademark :-) ) Uli. > > I know the win2003 machine can see the Samba Machine 'cause i can use the > shares, it is not a problem of the users, i have added and enabled some > users. I have the Machine Account, everything seems to be ok. > > I has been very difficult to me to search the web as windows 2003 has many > different typos: win2k3, windows 2003, win2003, windows2k3, bla, blah... > > Can anybody point me to some docs, i have read all the sambaPDC FAQ and > everything on samba.org. I would really aprecciate if you point me to docs > about Windows 2003 as a member of a Samba as Primary Domain Controller > > > [global] > ; Basic server settings > netbios name = COCOLISO > workgroup = POPEYE > > ; we should act as the domain and local master browser > os level = 64 > preferred master = yes > domain master = yes > local master = yes > > ; security settings (must user security = user) > security = user > > ; encrypted passwords are a requirement for a PDC > encrypt passwords = yes > > ; support domain logons > domain logons = yes > > ; where to store user profiles? > logon path = \\%N\profiles\%u > > ; where is a user's home directory and where should it > ; be mounted at? > logon drive = H: > logon home = \\COCOLISO\%u > > ; specify a generic logon script for all users > ; this is a relative **DOS** path to the [netlogon] share > logon script = logon.cmd > > add user script = /usr/sbin/useradd -d /dev/null -s /bin/false -M %u > > ; necessary share for domain controller > [netlogon] > path = /usr/local/samba/lib/netlogon > read only = yes > write list = ntadmin > > ; share for storing user profiles > [profiles] > path = /export/smb/ntprofile > read only = no > create mask = 0600 > directory mask = 0700 > > > > > -- > > | Ariel Molina Rueda > | > | [EMAIL PROTECTED] > | www.artesann.com >___ > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain unavaliable
On Tue, 9 Sep 2003, James Kreuziger wrote: > With that being said, I'm having problems with my > Samba PDC. I'm running Samba 2.2.8a on a Solaris 8 > box. We have recently moved our lab from one > facilty to another, which forced us to change all > of our system names and IP's. Luckily, only the > domain part of the name changed, as well as the IP's. > > I updated the smb.conf to reflect the new subnet and IP's. However, > I have recently noticed that people are getting alot of > "Domain LABDOM is unavailable" messages when trying to > logon from Win2k. This may last anywhere from 2 minutes to 30 > minutes. Then, for no apparent reason, they will be able to logon. What about a broken cable, a defect switch port, a loose NIC ? These things may work for some time and suddenly stop or the other way round. You could take a laptop and try to track down the weak point in your lan . Regards, Uli. > > I'm thinking that it has to do with my hosts allow and > hosts deny settings. Before the move, we were on a subnet > with a netmask setting of 255.255.255.0. So my hosts allow > setting were this (IP's have been changed to protect the innocent): > > hosts allow = 10.0.33. 127.0.0.1 > host deny = ALL EXCEPT 10.0.33. 127.0.0.1 > > We are now on a much more restricted subnet, and > can't have the full range to ourselves. Consequently, > our subnet mask is now 255.255.255.224, and the IP > address space is from 10.0.236.38 - 10.0.236.61 > (this takes into account the network devices). > > I'm wondering if my problem is related to this. > I'm thinking that that I should restrict my hosts > allow with the network/netmask combo: > > hosts allow = 10.0.236.32/255.255.255.224 > > Is this what I'm looking for? I've included the > global part of my conf below. > > Thanks, > > -Jim > > * > Jim Kreuziger > [EMAIL PROTECTED] > * > > [global] > workgroup = LABDOM > preexec = csh -c `echo /usr/local/samba/bin/smbclient \ > -M %m -I %I` & > server string = Samba %v on (%L) > security = user > domain logons = yes > domain admin group = @domadm > encrypt passwords = Yes > password level = 3 > log level = 2 > log file = /samba/current/var/log.smbd.%m > max log size = 2000 > wins support = Yes > name resolve order = lmhosts wins hosts bcast > dns proxy = yes > deadtime = 0 > keepalive = 3600 > client code page = 437 > os level = 65 > preferred master = Yes > domain master = Yes > guest account = samba > invalid users = daemon bin sys lp smtp uucp nuucp listen dcs consult dumper > nobody > hosts allow = 10.0.236. 10.0.33. 10.0.126. 127.0.0.1 > hosts deny = ALL EXCEPT 10.0.236. 10.0.33. 10.0.126. 127.0.0.1 > veto oplock files = /*.mdb/*.dbm/*.doc/*.xls > socket options = TCP_NODELAY IPTOS_LOWDELAY > getwd cache = yes > logon script = %U.bat > logon path = \\ralopib\profile\%U > remote announce = 10.0.126.208/IMHH > utmp = True > username map = /samba/current/lib/usermap.txt > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problems joining a Samba domain
Hi, I am trying to set up a SAMBA-PDC for our school's network and find a strange Problem with two Win2k workstations. When I try to join the SAMBA domain I receive an error which says the user account - I am using root - is unknown. I call this "strange" because other Win2k machines on the very same subnet work correctly - and what is even stranger: I can manually access all server shares, when I use root's account. (Of course I did a net use * /dand set back the machines to a workgroup before I tried to join the domain) Ah yes: I am running samba2.2.8 on a FreeBSD 4.8-RELEASE . Please mail any ideas, I have got to get things working the next days. Regards and thanks, Uli. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
