[Samba] Mapping directories based on group membership
I'm using Samba 3.0.2 and LDAP backend. I have users assigned to groups based on their departments. I also have a directory created for each department. What I want to do is map a drive letter to a user's department directory. The groups are also secondary groups as the primary group for every user is 'Domain Users'. Does anyone know a way to accomplish this? What I'm kind of looking for is a group home directory type situation? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] SAMBA 3 as PDC - W2K/WXP Pro logon trouble
The machine accounts will show with the users they will be suffixed with a $. In the LDAP backend I have an SID for the domain name and an SID for the server itself which is not contained in LDAP. Then each computer and each user had two SID's (sambaSID and sambaPrimaryGroupSID) and the groups only have one SID (sambaSID). My discrepancy was in the domain name SID which was different than the servers SID. The groups and users matched the servers SID but the computers matched both the servers SID (sambaPrimaryGroupSID) and the wrong domain name SID from the LDAP entry (sambaSID). When I made all match the servers SID everything started working. I haven't worked with the smbpasswd as a PDC so I'm not sure where all the SID's are stored. > -Original Message- > From: Stumpfl Markus [mailto:[EMAIL PROTECTED] > Sent: Wednesday, March 03, 2004 11:30 PM > To: 'Scott Gross' > Cc: MailingList_Samba > Subject: AW: [Samba] SAMBA 3 as PDC - W2K/WXP Pro logon trouble > > Oh, so you are using ldap..., well I'm still working with smbpasswd as > backend :-( > > Anyway, I tried 'net getlocalsid' for the domain-sid -> ok > Next 'net usersidlist' which should show me the user-sids -> didn't > work: "[2004/03/04 06:40:05, 0, pid=31232, effective(0, 0), real(0, 0)] > utils/net_rpc.c:net_usersidlist(2158) > Could not get the user/sid list" > > So used 'net user' instead, which then gave me the user list!? > > What am I missing here? And is there a way to see the machine sids too? > Or are they included in the users? > > Thanks in advance, > > Markus > > > > > -Ursprüngliche Nachricht- > > Von: Scott Gross [mailto:[EMAIL PROTECTED] > > Gesendet: Mittwoch, 03. März 2004 18:29 > > An: Stumpfl Markus > > Betreff: RE: [Samba] SAMBA 3 as PDC - W2K/WXP Pro logon trouble > > Wichtigkeit: Hoch > > > > I use a little windows gui program called LDAP browser to look at my > LDAP > > entries and I was just looking through the entries at the SID's since > > someone suggested it might be an SID problem and noticed the > discrepancy > > on > > the domain name entry. I changed it to match all the others just to > see > > if > > it would have any effect and wallah it worked. > > > > > -Original Message- > > > From: Stumpfl Markus [mailto:[EMAIL PROTECTED] > > > Sent: Tuesday, March 02, 2004 10:52 PM > > > To: 'Scott Gross' > > > Subject: AW: [Samba] SAMBA 3 as PDC - W2K/WXP Pro logon trouble > > > > > > Thx, but how did you find out? With what commands? Sry for the > stupid > > > questions, but I'm kinda knew to samba. > > > > > > Thanks in advance, > > > > > > Stumpfl Markus > > > > > > > > > > > > > -Ursprüngliche Nachricht- > > > > Von: Scott Gross [mailto:[EMAIL PROTECTED] > > > > Gesendet: Dienstag, 02. März 2004 18:14 > > > > An: Stumpfl Markus; Scott Gross > > > > Betreff: RE: [Samba] SAMBA 3 as PDC - W2K/WXP Pro logon trouble > > > > > > > > I got mine working it was SID mismatch. The Domain name SID was > > > different > > > > from the server and the users. > > > > > > > > > > > > > -Original Message- > > > > > From: Stumpfl Markus [mailto:[EMAIL PROTECTED] > > > > > Sent: Monday, March 01, 2004 11:22 PM > > > > > To: 'Scott Gross' > > > > > Subject: AW: [Samba] SAMBA 3 as PDC - W2K/WXP Pro logon trouble > > > > > > > > > > Do you get the problem (when trying domain logon): "invalid > password > > > or > > > > > domain"? > > > > > I've got the same prob... > > > > > > > > > > I'll tell you, when it's working and vice versa, hopefully ;-) > > > > > > > > > > Stumpfl Markus > > > > > > > > > > > > > > > > > > > > > -Ursprüngliche Nachricht- > > > > > > Von: [EMAIL PROTECTED] > > > > > > > [mailto:[EMAIL PROTECTED] > > > Im > > > > > > Auftrag von Scott Gross > > > > > > Gesendet: Freitag, 27. Februar 2004 18:25 > > > > > > An: [EMAIL PROTECTED] > > > > > > Betreff: [Samba] SAMBA 3 as PDC - W2K/WXP Pro logon trouble > > > > > > > > > > > > I have a Samba 3
RE: [Samba] Workstation crash after login to PDC
No reference to Unicode, I was trying to log in as root to the workstation as I hadn't created any other users except Administrator. When I log in as the Administrator the clients don't crash only when I log in as root. I created other users and they work too. This isn't a problem as I was going to disable root to log into samba anyway. > -Original Message- > From: Andrew Bartlett [mailto:[EMAIL PROTECTED] > Sent: Tuesday, March 02, 2004 4:19 AM > To: Scott Gross > Cc: [EMAIL PROTECTED] > Subject: Re: [Samba] Workstation crash after login to PDC > > On Tue, 2004-03-02 at 11:12, Scott Gross wrote: > > Finally figured out why I couldn't login to my samba 3.0.2a PDC, I had a > > mismatch in one of the SID's. Now that I have that figured out my > > workstations crash when logging in after applying the personal settings. > > The error is in a window titled SAS window:winlogon.exe - Application > Error > > with the message being instruction at 0x00450056 referenced memory at > > 0x the memory could not be written. That is on the WinXP > > workstation. The Win2K workstation just reboots. Anyone have any > ideas? > > Ensure you have no reference to 'unicode' in your smb.conf. It must be > 'yes', which is the default. Anything else can and *will* crash > clients. I intend to remove it in future versions of Samba. > > Andrew Bartlett > > -- > Andrew Bartlett [EMAIL PROTECTED] > Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] > Student Network Administrator, Hawker College [EMAIL PROTECTED] > http://samba.org http://build.samba.org http://hawkerc.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] SAMBA 3 as PDC - W2K/WXP Pro logon trouble
I have a Samba 3 PDC running with an LDAP backend on Red Hat 8. All authentication appears to be working correctly but I can't login to the domain from a W2K or WXP Pro workstation after I have successfully joined them to the domain. If I login locally to the workstation I can browse the Samba shares just fine. I have checked the schannel and sign or seal settings on both the workstations and the server and made sure they were set to disable but still no luck. Can anyone give me any ideas on how to solve this problem. TIA Scott Smb.conf # Samba config file created using SWAT # from 0.0.0.0 (0.0.0.0) # Date: 2003/11/25 10:42:04 # Global parameters [global] workgroup = FIFEDEV netbios name = Dev null passwords = Yes passdb backend = ldapsam passwd program = /usr/local/bin/smbldap-passwd.pl -o %u passwd chat = *new*password* %n\n *new*password:* %n\ *successfully* passwd chat debug = Yes log file = /var/log/samba/%m.log socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 add user script = /usr/local/sbin/smbldap-useradd.pl -a "%u" delete user script = /usr/local/sbin/smbldap-useradd.pl -d "%u" add group script = /usr/local/sbin/smbldap-useradd.pl -a -g "%g% delete group script = /usr/local/sbin/smbldap-useradd.pl -d -g "%g" add user to group script = /usr/local/sbin/smbldap-useradd.pl -j -u "%u" -g "%g" delete user from group script = /usr/local/sbin/smbldap-useradd.pl -j -u "%u" -g "%g" set primary group script = /usr/local/sbin/smbldap-useradd.pl -m -u "%u" -gid "%g" add machine script = /usr/local/sbin/smbldap-useradd.pl -a -w "%m" logon script = logon.bat logon path = logon drive = domain logons = Yes os level = 22 preferred master = Yes domain master = Yes wins support = Yes wins proxy = No ldap suffix = dc=test,dc=com ldap machine suffix = ou=_COMPUTERS_ ldap user suffix = ou=_USERS_ ldap group suffix = ou=_GROUPS_ ldap admin dn = "cn=Manager,dc=test,dc=com" ldap ssl = No ldap passwd sync = yes comment = Samba-PDC Server public = No browseable = Yes writable = No client schannel = No server schannel = No client signing = No server signing = No [netlogon] path = /usr/local/samba/lib/netlogon read only = Yes write list = ntadmin locking = No [tmp] path = /tmp guest ok = Yes read only = Yes [profiles] path = /profiles read only = No writable = Yes create mask = 0600 directory mask = 0700 [homes] comment = Home Directories browsable = no writeable = yes valid users = %S create mask = 0700 directory mask = 0700 hide dot files = yes testparm -v (output) # Global parameters [global] dos charset = CP850 unix charset = UTF-8 display charset = LOCALE workgroup = FIFEDEV realm = afs username map = netbios name = DEV netbios aliases = netbios scope = server string = Samba 3.0.1 interfaces = bind interfaces only = No security = USER auth methods = encrypt passwords = Yes update encrypted = No client schannel = No server schannel = No allow trusted domains = Yes hosts equiv = min passwd length = 5 map to guest = Never null passwords = Yes obey pam restrictions = No password server = * smb passwd file = /usr/local/samba/private/smbpasswd private dir = /usr/local/samba/private passdb backend = ldapsam algorithmic rid base = 1000 root directory = guest account = nobody pam password change = No passwd program = /usr/local/bin/smbldap-passwd.pl -o %u passwd chat = *new*password* %n\n *new*password:* %n\ *successfully* passwd chat debug = Yes passwd chat timeout = 2 username map = password level = 0 username level = 0 unix password sync = No restrict anonymous = 0 lanman auth = Yes ntlm auth = Yes client NTLMv2 auth = No client lanman auth = Yes client plaintext auth = Yes preload modules = log level = 0 syslog = 1 syslog only = No log file = /var/log/samba/%m.log max log size = 5000 timestamp logs = Yes debug hires timestamp = No debug pid = No debug uid = No smb ports = 445 139 protocol = NT1 large readwrite = Yes
[Samba] Workstation crash after login to PDC
Finally figured out why I couldn't login to my samba 3.0.2a PDC, I had a mismatch in one of the SID's. Now that I have that figured out my workstations crash when logging in after applying the personal settings. The error is in a window titled SAS window:winlogon.exe - Application Error with the message being instruction at 0x00450056 referenced memory at 0x the memory could not be written. That is on the WinXP workstation. The Win2K workstation just reboots. Anyone have any ideas? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] WinXP PDC logon problem...
Check your domain SID's. I was having similar problem and found that somehow I had a different SID for the SambaDomainName entry in my LDAP. I'm finally able to get passed the username/password error but my workstations now crash hard during the login. > -Original Message- > From: Ryan Lohan [mailto:[EMAIL PROTECTED] > Sent: Monday, March 01, 2004 3:41 PM > To: Spam > Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: Re: [Samba] WinXP PDC logon problem... > > The only change here is the requiresignorseal value, > which I've changed - it doesn't work on WinXP (SP1). > > Still can't login to the domain after joining it > successfully. > > Cheers, > Ryan > > :-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:- >,-_|\ Ryan LohanEmail : > [EMAIL PROTECTED] > / \ Systems Engineer Phone : > +61 2 9466 9400 > \_,-\_* NSW Sales, North Sydney Direct : > +61 2 9466 9716 >v Sun Microsystems AustraliaFax : > +61 2 9466 9415 > :-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:- > "It may be that the sole purpose of your life is > simply to serve as a warning to others..." > > > - Original Message - > From: Spam <[EMAIL PROTECTED]> > Date: Monday, March 1, 2004 4:46 pm > Subject: Re: [Samba] WinXP PDC logon problem... > > > > > There was a registry file distributed with Samba > before. This is the > > one I have from Samba 2.x: > > > > PDCLogon.reg: > > > > ~~~START~~~ > > > > Windows Registry Editor Version 5.00 > > > > > [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netlogon\Parameters] > > "DisablePasswordChange"=dword: > > "maximumpasswordage"=dword:001e > > "requiresignorseal"=dword: > > "requirestrongkey"=dword: > > "sealsecurechannel"=dword:0001 > > "signsecurechannel"=dword:0001 > > "Update"="no" > > > > > > ~~~END~~~ > > > > > > > > > > > > > > > Hi all, > > > > > I've seen this raised as an issue on other mailing > > > lists, but I've not seen a solution, and I've seen a > > > number of notes to post to this alias instead, so > > > here I am. > > > > > I've setup Samba as a PDC running on Solaris. I have > > > a WinXP (latest patch levels) PC which I want to > > > join to the domain. I can successfully join the > > > domain using root authentication, but I am unable to > > > logon with any of my NIS users (stored in both > > > /etc/passwd and smbpasswd)...? > > > > > I've seen a comment to edit a Windows registry > > > setting (requiresignorseal) and I tried this, but > > > nothing changed. > > > > > Is there a solution to this issue, or will I be > > > fored back to the hell of an Active Directory/WinNT > > > PDC? :( > > > > > Cheers, > > > Ryan > > > > > > > > > > > > > > > > > > > > UTS CRICOS Provider Code: 00099F > > DISCLAIMER > > This email message and any accompanying attachments may contain > confidential information. If you are not the intended recipient, do not > read, use, disseminate, distribute or copy this message or attachments. > If you have received this message in error, please notify the sender > immediately and delete this message. Any views expressed in this message > are those of the individual sender, except where the sender expressly, > and with authority, states them to be the views the University of > Technology Sydney. Before opening any attachments, please check them for > viruses and defects. > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Can't login to Samba PDC
Sorry, when I was hitting reply I thought it was going back to the list not just to you. I wasn't paying attention to the address line in the e-mail. I'm not using the windows wizard to join the domain but I am doing the join from the windows workstation. I'm not big on some of the wizards so I use the change button (from windows XP computer name screen) or the properties button (from Win2K network identification screen). The computer is being added to the _COMPUTERS_ container in my LDAP with the appropriate trailing $ (uid=fife3400sales02$,ou=_COMPUTERS_). The domain portion of all SID's is the same (User-Group-Computer-sambaDomainName). When the workstation tries to authenticate the user I can see the connection to IPC$ on the samba server. 'uid=root,ou=_USERS_' is a sambaSamAccount and is a member of 'cn=Domain Users,ou=_GROUPS_'. I did just notice that 'cn=Domain Computers,ou=_GROUPS_' doesn't have any members in it. Do I need to add the computers to this group? > -Original Message- > From: Craig White [mailto:[EMAIL PROTECTED] > Sent: Monday, March 01, 2004 10:16 AM > To: Scott Gross > Cc: [EMAIL PROTECTED] > Subject: RE: [Samba] Can't login to Samba PDC > > On Mon, 2004-03-01 at 10:42, Scott Gross wrote: > > First thing is what list do you keeping talking about? Am I not > supposed to > > be asking about Samba things in this list? > > > --- > The Samba list is the list I am specifically referring to. Everytime you > hit the 'reply' button, it replies only to me. If you hit 'reply to all' > it will also reply to the samba list. Every reply I have hit, I have > added the [EMAIL PROTECTED] to the address because you seem to only > want to reply to me. Thus, you would be asking Samba things to the samba > list if you would only include the samba list in your replies. > --- > > Second is the domain names are different. That is how you can tell > which > > domain you are logging into. Why don't you try helping with the problem > or > > let someone else if you don't want to. > > > --- > I would be happy to let someone else help you - you have to actually > post to the list instead of just emailing me. > > If the domain names are different, then your usage of the term migrate > in your original email was misleading and I'm sorry it took me 4 emails > to get this information out of you. > > Evidently, the method you are using to 'join' the domain with the > computer isn't functioning properly. Are you putting the computer > accounts in the 'People' container? Is root a samba member? Do you use > the Win2K/WinXP wizard to join the domain? > > Craig > > > > > > -Original Message- > > > From: Craig White [mailto:[EMAIL PROTECTED] > > > Sent: Monday, March 01, 2004 9:43 AM > > > To: Scott Gross > > > Cc: [EMAIL PROTECTED] > > > Subject: RE: [Samba] Can't login to Samba PDC > > > > > > First thing is...please keep this on list > > > > > > Second thing is...if NT is a PDC, then machine accounts should be > > > created on that system - You can't simulataneously have a Windows & > > > Samba PDC/BDC of any combination. How would you be sure which machine > is > > > getting the machine accounts and which machine is handling the > > > authentication? > > > > > > Craig > > > > > > On Mon, 2004-03-01 at 09:48, Scott Gross wrote: > > > > First thing is first. I need to be able to join a machine to the > domain > > > and > > > > be able to login to the domain. This is just to test and make sure > the > > > new > > > > Samba server is working. This is the problem I'm having and what > I'm > > > > looking for help on. Not how to migrate my users. > > > > > > > > > -Original Message- > > > > > From: Craig White [mailto:[EMAIL PROTECTED] > > > > > Sent: Monday, March 01, 2004 8:52 AM > > > > > To: Scott Gross > > > > > Cc: [EMAIL PROTECTED] > > > > > Subject: RE: [Samba] Can't login to Samba PDC > > > > > > > > > > Please keep this on list... > > > > > > > > > > The logical thing to do would be to keep your NT server as the > PDC. > > > Set > > > > > up samba not to be a domain controller at all but as a member > server > > > to > > > > > the domain (join that machine to the domain - using password > server = > > > >
[Samba] Can't login to Samba PDC
We're trying to migrate from a windows NT domain to a Samba domain. I've installed Samba 3.0.2a with an LDAP backend. The server seems to be running fine as I can browse the shares from a non-domain Win2k workstation after a successful password check. The workstations join the domain just fine but after I join them to the domain I can't log in to them. I've checked my schannel and sign or seal settings in the Samba server and the workstation but still no luck. Any help is greatly appreciated, I've been working at this for about two months now and I'm just getting frustrated. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] SAMBA 3 as PDC - W2K/WXP Pro logon trouble
I have a Samba 3 PDC running with an LDAP backend on Red Hat 8. All authentication appears to be working correctly but I can't login to the domain from a W2K or WXP Pro workstation after I have successfully joined them to the domain. If I login locally to the workstation I can browse the Samba shares just fine. I have checked the schannel and sign or seal settings on both the workstations and the server and made sure they were set to disable but still no luck. Can anyone give me any ideas on how to solve this problem. TIA Scott Smb.conf # Samba config file created using SWAT # from 0.0.0.0 (0.0.0.0) # Date: 2003/11/25 10:42:04 # Global parameters [global] workgroup = FIFEDEV netbios name = Dev null passwords = Yes passdb backend = ldapsam passwd program = /usr/local/bin/smbldap-passwd.pl -o %u passwd chat = *new*password* %n\n *new*password:* %n\ *successfully* passwd chat debug = Yes log file = /var/log/samba/%m.log socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 add user script = /usr/local/sbin/smbldap-useradd.pl -a "%u" delete user script = /usr/local/sbin/smbldap-useradd.pl -d "%u" add group script = /usr/local/sbin/smbldap-useradd.pl -a -g "%g% delete group script = /usr/local/sbin/smbldap-useradd.pl -d -g "%g" add user to group script = /usr/local/sbin/smbldap-useradd.pl -j -u "%u" -g "%g" delete user from group script = /usr/local/sbin/smbldap-useradd.pl -j -u "%u" -g "%g" set primary group script = /usr/local/sbin/smbldap-useradd.pl -m -u "%u" -gid "%g" add machine script = /usr/local/sbin/smbldap-useradd.pl -a -w "%m" logon script = logon.bat logon path = logon drive = domain logons = Yes os level = 22 preferred master = Yes domain master = Yes wins support = Yes wins proxy = No ldap suffix = dc=test,dc=com ldap machine suffix = ou=_COMPUTERS_ ldap user suffix = ou=_USERS_ ldap group suffix = ou=_GROUPS_ ldap admin dn = "cn=Manager,dc=test,dc=com" ldap ssl = No ldap passwd sync = yes comment = Samba-PDC Server public = No browseable = Yes writable = No client schannel = No server schannel = No client signing = No server signing = No [netlogon] path = /usr/local/samba/lib/netlogon read only = Yes write list = ntadmin locking = No [tmp] path = /tmp guest ok = Yes read only = Yes [profiles] path = /profiles read only = No writable = Yes create mask = 0600 directory mask = 0700 [homes] comment = Home Directories browsable = no writeable = yes valid users = %S create mask = 0700 directory mask = 0700 hide dot files = yes -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
