Re: [Samba] Q: Samba Proxy or SAMBA Cluster?
Jason Haar wrote: Michael Heydon wrote: Hi, The main samba server holds all files and all user information. The CIFS Proxy in the remote location have a copy of all files and a copy of the user database. What about just using Samba as a front-end to a shared NFS backend? I know that under Linux at least Samba and NFS can both ack locks due to the "kernel oplocks" option. Shouldn't that do what you want? Someone opens a file on Samba-Site1, and the central NFS server locks it for the rest? I don't think the locks are the main issue, the "CIFS Proxy in the remote location have a copy of all files" is the interesting bit. NFS wouldn't provide any form of caching so performance wouldn't be substantially different to just running smb over the wan and using dfs to redirect clients. -- Michael Heydon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Q: Samba Proxy or SAMBA Cluster?
On Fri, Mar 09, 2007 at 03:28:57PM +1300, Jason Haar wrote: > What about just using Samba as a front-end to a shared NFS backend? I > know that under Linux at least Samba and NFS can both ack locks due to > the "kernel oplocks" option. This is exactly the same as discussed a couple of weeks ago: Please NEVER export the same file space via different Samba nodes, this leads to data corruption because the locks propagated have the wrong semantics. Volker pgpumnYApPzcf.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Q: Samba Proxy or SAMBA Cluster?
Michael Heydon wrote: > Hi, > >> >> The main samba server holds all files and all user information. The >> CIFS Proxy in the remote location have a copy of all files and a copy >> of the user database. >> >> If a user open a file the file will be locked on all servers (main >> server and all cifs proxy). If the user write a file (new file or >> file change) the file will be still locked until the file is written >> on all servers. What about just using Samba as a front-end to a shared NFS backend? I know that under Linux at least Samba and NFS can both ack locks due to the "kernel oplocks" option. Shouldn't that do what you want? Someone opens a file on Samba-Site1, and the central NFS server locks it for the rest? Obviously performance will be an issue as I assume you are talking about sites being geographically separate. Neither NFS nor Samba/SMB perform well over a WAN. -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba profiles and homes
What you need is Windows folder redirection. http://isg.ee.ethz.ch/tools/realmen/det/skel.en.html http://wiki.samba.org/index.php/Samba_&_Windows_Profiles On 3/6/07, Chechu <[EMAIL PROTECTED]> wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 hi, I like my homes and profiles don't do roaming...i mean work directly to the server...I have a pdc in samba over ldap...and i want winxp mount the units in net for homes and profiles and work over them instead download at first and upload and the end of session...someone know how can i do... thanks -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF7fASu1kTJztljjMRAtlJAJ4j3XDhN83qIRG/UF3Ct71WEJHVfACeJtVf xeRh+zXwbkdl/u8GAeBWijU= =GjE4 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- *** Cleber P. de Souza -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ldap
Using samba+ldap you could create a central LDAP Server with all your teachers/students accounts and set permissions accordingly your needs. On each samba server you could set the 'passdb backend' to your LDAP Server. These references should help you: http://wiki.samba.org/index.php/Samba_&_LDAP http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/passdb.html On 3/8/07, Pascal Legrand <[EMAIL PROTECTED]> wrote: hello in first i made a test with a single machine with samba and ldap authentication, everything works fine. my qestion is the following : we have 2 samba server (pdc 2domains), one for the teachers population, and another for the students/teachers population. i dont know how to do to make it works with an ldap authentication. how to "tell" to ldap that the user "teacher1" has an account on the 2 samba servers. anybody could help me (with ldif exemple) thank you -- --- Pascal Legrand *IUT de Chartres* - _Service Informatique_ --- 1, place Roger Joly 28000 Chartres Tel : 02 37 91 83 36 - Fax: 02 37 91 83 01 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- *** Cleber P. de Souza -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] recommended filesystems with NT/Posix ACL's ?
Greeting IP Guy, You can choose EXT, ReiserFS, XFS or JFS. All this filesystem have advantages or cons. But a point interesting, it's the number of entries you can use with the ACL(EA). - EXT2/3 have a maximum of 32 entries with only 28 usable. - ReiserFS3/4 and JFS have a maximum of 8191 entries with 8187 usable. - XFS have a maximum of 25 entries with only 21 usable. This mean that with XFS you have the 4 regular entries (owner, group, other and the mask) plus a possibility to add 21 users or groups for the permission. I have use EXT3 with the ACL(EA) and I have no problem at all. If in your business you use MSOffice, add five more entries in your planification. Robert On Thu, Mar 08, 2007 at 12:16:10PM +0100, mourik jan heupink wrote: i'm about to upgrade from samba 2.x to a samba 3.x domain member server and wanted to fact ACL support into the equation. what is the recommended ACL file system for samba ? I use xfs everywhere, I've recently tried reiserfs, but am less happy with it. In future I'll stick with xfs again. It supports ACL (like most others do as well) and additionally it has a very good quota system: it doesn't need quotacheck. (which can take quite a while) Yes I agree. I really like XFS (but I'm an old SGI'er :-). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Q: Samba Proxy or SAMBA Cluster?
Hi, The main samba server holds all files and all user information. The CIFS Proxy in the remote location have a copy of all files and a copy of the user database. If a user open a file the file will be locked on all servers (main server and all cifs proxy). If the user write a file (new file or file change) the file will be still locked until the file is written on all servers. This sounds really neat and I would love to get something similar running on our network. A lot of the issues that would need to be addressed for this to work are discussed in the high availability chapter of the samba-howto. To the best of my knowledge samba doesnt support anything quite like this (yet?). It can do DFS which can be used to make files appear to be on a local server however I dont believe it does any form of caching. A while ago I considered using Coda between servers and then using samba to share out the data to the clients. Coda already addresses many of the issues you would face such as offline operation and change conflicts. At the time I didn't feel that setup would be stable enough for my production environment. Maybe in the future I will look into it again. -- Michael Heydon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Workstation SID Variability in Samba-Controlled Domains
Hi Vincent, Does SAMBA regularly re-negotiate SID identity with member workstations. If so, can this feature be disabled? I do not believe any server will change the SIDs however NT clients on a domain will change their machine account password. This is a function of the clients not the server. It is then necessary to re-do the tedious domain re-join procedure, which defeats the whole purpose. It is possible to reset the machine account password without rejoining the domain (i dont remember how off the top of my head, try googling "reset machine account password"). Having said that I guess you probably want a solution rather than a workaround. You could try disallowing the account password change rights (sambaPwdCanChange in ldap). This would mean that only the server needs to change however it may well cause problems when the password is more than 30 days old, the clients may refuse to connect if the password isnt reset. If you dont like the sounds of that, have a look in the local security policy of the clients, under Local Policies, Security Options there are a few options regarding machine account passwords. This is probably the safer (and correct) way of doing things. -- Michael Heydon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbindd has still bottlenecks when used with interdomain trusts.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I am already making tests with samba 3.0.25pre1 but because of this core dump problem, I tell you more about my stuff concerning the older samba versions, because I think there is a main design problem in winbindd. > > So you basically want the apache prefork model to be able to have a poll of children to answer application requetssts for a domain. Correct ? > Exactly! > Is is specifically the idmap lookups that are causing you pain ? I've having a hard time understanding exactly what your problem is. > No. The functions that are called on the trusting domain are most of the time (3.0.14a): winbindd_gid_to_sid and check_ntlm_password This means my problem seems to be idmapping AND the authentication. In fact these functions are called for every authentication request and they are executed one after the other. Imagine: 30 users, everyone accessing netlogon, profiles and two shares these functions are called 120 times, each call executed one after the other using one winbindd connection to the trusted domain... that is causing huge delays when people logging in and sometimes the users cannot login at all! If we had multiple winbindd workers the problem would be eliminated. I will send you personally a graphical exposition of the problem (about 100Kb). For it is in german, but you will understand it (if not, tell me and I am going to create an english version) I did also a test with 3.0.24a: there occurs only check_ntlm_password for each request, but also serialized. That is indeed a great improvement but will still cause problems when too many users performing any kind of interdomain trust authentication (logon, mounting, profiles...) at the same time. It is THE BOTTLENECK! Do you think it would be good idea to work on an parallelized improvement of winbindd for these check_ntlm_passwod calls? Best regards Harald Strack -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFF8I0JczpSApoeLSQRAh1lAJsH1jCsCFvSrvLwLPBC6znZwiJZzgCeOeYp aiodwry/fP9LF0aSG2g9kh8= =CD7g -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Debian Vmware Vista problem
I know the subject reads like a recipe for desaster :-) I run debian within a vmware virtual machine on an xp system, with samba, and all is fine. I am now trying to replicate this setup on a new machine I bought, that came with Vista. I have no idea whether Vista has anything to do with it, but I am having problems, i.e. sometimes don't see the virtual machine on vista, and sometimes I see it but cannot browse into it (or ping it by computername, IP always works). On the virtual debian machines (both the one on XP and the one on Vista) I used these simple steps to install samba: - get-apt samba 3.0.14a-Debian (as reported by smbstatus) - put info into the installed smb.conf (identical, except for 'encrypt passwords = true' vs. 'encrypt password = yes' no idea why that difference) - cat /etc/passwd | /usr/sbin/mksmbpasswd > /etc/samba/smbpasswd - smbpasswd myuser (the username is the same on windows, as is the password) - /etc/init.d/samba restart At this point, I can go do these things with the virtual debian machine that's running on XP: - see the machine in the network neighborhood, click on it, and browse the directory on the debian machine - get into the machine using putty by using the name of the debian machine - ping the machine by name from XP On the virtual debian machine that's running on Vista, - sometimes I can do all I can do on XP - sometimes the machine is visible in network neighborhood, but when I click on it, it's "not accessible" - sometimes the machine isn't even visible in network neighborhood - HOWEVER, all along I can ping the machine by IP, and I can putty into the machine by IP I am sure this is something real simple, but not simple for me! Abu Mats -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] recommended filesystems with NT/Posix ACL's ?
On Thu, Mar 08, 2007 at 12:16:10PM +0100, mourik jan heupink wrote: > > >>i'm about to upgrade from samba 2.x to a samba 3.x domain member > >>server and > >>wanted to fact ACL support into the equation. > >>what is the recommended ACL file system for samba ? > > I use xfs everywhere, I've recently tried reiserfs, but am less happy > with it. In future I'll stick with xfs again. > It supports ACL (like most others do as well) and additionally it has a > very good quota system: it doesn't need quotacheck. (which can take > quite a while) Yes I agree. I really like XFS (but I'm an old SGI'er :-). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unable to follow dfs referral - still a problem for smbclient & also freebsd smbfs
On Thu, Mar 08, 2007 at 09:43:39AM +0100, werner maes wrote: > At 20:46 7/03/2007, Jeremy Allison wrote: > >On Mon, Mar 05, 2007 at 01:56:56PM +0100, werner maes wrote: > >> > >> hello > >> > >> I'm also interested to know whether this patch has made it to smbclient. > > > >I've just merged this from SAMBA_3_0 to SAMBA_3_0_25 and in simple > >testing it works following the DFS referral. > > > >I can't fix the *BSD smbfs of course, but smbclient should now > >work in these cases. > > > >Jeremy. > > tnank you > I'll try it out as soon as 3.0.25 is available. > has this patch made it into 3.0.25rc1? No, I'm actually re-working the smbclient dfs code right now (making sure it works with posix pathnames etc.). I should be checking something in this week, so it'll be in 3.0.25pre2, not pre1. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Share problem between Windows and Linux
When a Windows (XP SP2 with automatic updates) user create a file on a SMB share I can read it, but if I (Linux Slackware 11.0 with updates applied) create a new file or overwrite an existing one, then the Windows user can not access the file anymore. Is this a known problem ? I asked Google, to no avail. looks like a permission problem, if I had to guess. Look into chown/chmod for the linux user. -- [ chris wright ] [EMAIL PROTECTED] http://softpixel.com/~cwright/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Share problem between Windows and Linux
Hi list, When a Windows (XP SP2 with automatic updates) user create a file on a SMB share I can read it, but if I (Linux Slackware 11.0 with updates applied) create a new file or overwrite an existing one, then the Windows user can not access the file anymore. Is this a known problem ? I asked Google, to no avail. We use the following configuration on our server : samba-client-3.0.10-1.fc2 samba-3.0.10-1.fc2 system-config-samba-1.2.22-0.fc2.1 samba-common-3.0.10-1.fc2 And this is what I use on my workstation (mount options : rw,noauto,users,username=myusername): samba-3.0.24 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Local and Roaming profiles
We're trying to implement a mixed environment with both roaming and local profiles. To differentiate between local and roaming profiles, we use the documented logon path = path for local accounts and logon path = /some/path for roaming accounts. for the logon path to be different, we use include files, since many people have indicated success using this setup. However, we have found that this doesn't work in our configuration. We're trying to figure out if we've missed something, or if there are bugs with the include implementation. our abbreviated smb.conf is as follows: [global] workgroup = DomainName server string = ServerName netbios name = servername unix charset = UTF8 name resolve order = host smb ports = 139 wins support = yes domain logons = yes domain master = yes local master = yes preferred master = yes os level = 65 security = user encrypt passwords = yes passdb backend = tdbsam:/path/to/passdb.tdb username map = /path/to/smbusers # default is local profile... logon path = login script = login.bat # ... unless their config says otherwise include /path/to/userconf/%U.conf log level = 2 # netlogon share stuff # ipc share stuff [Profiles] comment = User Profiles path = /path/to/profile [homes] comment = Home Directories path = /path/to/profile/data our include files look like this: logon path = //servername/Profiles/%U From our testing, we know that the user configs are parsed (parse errors in the configs get logged), but the logon path is never applied. We've also discovered that having a user config for both local and roaming profiles, and striking the logon path = [blank] in smb.conf doesn't seem to work either. We're using samba 3.0.24. Just wondering if anyone's had success with mixed environments, or if we're missing something with configuration. Thanks! -- [ chris wright ] [EMAIL PROTECTED] http://softpixel.com/~cwright/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] https://bugzilla.samba.org/show_bug.cgi?id=765
On Thu, Mar 08, 2007 at 09:41:57AM -0500, Scott Armstrong wrote: > I don't mean to ruffle any feathers, but has this been properly resolved? > It shows that a patch has been submitted to allow connections over > TLS, and that the bug has been closed, but the solution supplied > doesn't actually address the problem - running Samba in ads mode in a > domain with ldap signing. We recently figured out how to do this even with stock OpenLDAP libs, it is so "just" a matter of doing. But nobody has found the time and budget to actually do it. Volker pgpyuArVGMU5l.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] ldap
hello in first i made a test with a single machine with samba and ldap authentication, everything works fine. my qestion is the following : we have 2 samba server (pdc 2domains), one for the teachers population, and another for the students/teachers population. i dont know how to do to make it works with an ldap authentication. how to "tell" to ldap that the user "teacher1" has an account on the 2 samba servers. anybody could help me (with ldif exemple) thank you -- --- Pascal Legrand *IUT de Chartres* - _Service Informatique_ --- 1, place Roger Joly 28000 Chartres Tel : 02 37 91 83 36 - Fax: 02 37 91 83 01 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] https://bugzilla.samba.org/show_bug.cgi?id=765
I don't mean to ruffle any feathers, but has this been properly resolved? It shows that a patch has been submitted to allow connections over TLS, and that the bug has been closed, but the solution supplied doesn't actually address the problem - running Samba in ads mode in a domain with ldap signing. We do not have the ability to change that setting in the policy. Thank you, Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Lost trust relationship with domain controller
Hi all, Not less than 3 months ago we had our Solaris 9 samba server working happily. This is with samba 3.0.24 without ads support. The pertinent sections of the smb.conf file follow: [global] # workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH workgroup = mydomain security = domain We created the machine trust acount on the server than used > net rpc join -U administrator%passwd to join the domain. Great huh?! Well, now when we try to access the samba server we get a message saying the trust relationship has been lost. We have tried shuting down and restarting samba numerous time and also deleting and recreating the trust account several times. When I try to run the net join command I get: # ./net join -U administrator%passwd Could not initialise lsa pipe [2007/03/08 08:53:14, 0] utils/net_rpc_join.c:net_rpc_join_ok(70) net_rpc_join_ok: failed to get schannel session key from server for domain mydomain. Error was NT_STATUS_ACCESS_DENIED Unable to join domain mydomain. Nothing was changed in the smb.conf file and my win admin states nothing changed on his end. Time is sketchy, but he promises the SP1 update to the domain controller happened before the problems started. I'm not convinved. Any ideas and suggestions are GREATLY appreciated. Many thanks, Kris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind fails "getent passwd eknuds"
* Eric Knudstrup <[EMAIL PROTECTED]> [070307 20:16]: > Now I'm trying to make it so the Samba accounts can be used for user > logins as well. Unfortunately I'm having a bit of trouble with winbind. > Whenever I try to do a "getent passwd eknuds", it find the entry in the > ldap sam, but the winbind log for my domain comes up with this and the > getent displays nothing: what did you set for the 'idmap backend' parameter in your smb.conf file? What does wbinfo -u produce? It should list every username known to your ldap backend. what do these produce: wbinfo -n eknuds wbinfo -s S-1-5-21-3868333197-704855571-3977030669-3012 On rare occasion, I have a similar problem, and typically, if I stop winbind, delete the local /var/lib/samba/winbindd_idmap.tdb and restart winbind, the problem is solved. I'm running v3.0.22. - Jon > [2007/03/07 15:48:46, 2] passdb/pdb_ldap.c:init_sam_from_ldap(541) > init_sam_from_ldap: Entry found for user: eknuds > [2007/03/07 15:48:46, 0] passdb/pdb_get_set.c:pdb_get_group_sid(164) > pdb_get_group_sid: Failed to find Unix account for eknuds > [2007/03/07 15:48:46, 1] > nsswitch/winbindd_user.c:winbindd_dual_userinfo(151) > error getting user info for sid > S-1-5-21-3868333197-704855571-3977030669-3012 > > I have my nsswitch.conf set to: > passwd: files winbind > shadow: files winbind > group: files winbind > > #passwd:compat > #group: compat > > hosts: files wins dns > networks: files dns > > services: files ldap > protocols: files > rpc:files > ethers: files > netmasks: files > netgroup: files ldap > publickey: files > > bootparams: files > automount: files nis > aliases:files ldap > passwd_compat: winbind > group_compat: winbind > > Do I need to bite the bullet and add accounts to the local Unix passwd > file? > > Thanks, > > Eric > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba -- Happy Landings, Jon Detert IT Systems Administrator, Milwaukee School of Engineering 1025 N. Broadway, Milwaukee, Wisconsin 53202, U.S.A. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Vanishing options in hp printer drivers
We're using a couple of HP printers (2200, 4200, 3390) using the HP PCL 6 printer driver. Printer drivers are installed on the samba (3.0.24) box, connecting, driver installation and printing work OK. Problem: using the same driver version with the printer shared by a windows box gives some additional options like - brochure printing - putting serveral pages on one sheet Any Idea why those options are gone from printer settings if the printer is sahred by a samba box and/or how to get them back? Thanks, Martin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Q: Samba Proxy or SAMBA Cluster?
Hello, we have here a SAMBA Server with Shares for worldwide Projects. Now the problem is the slow access from some branches. We have now the idea to use a CIFS Proxy or a Cluster to provide the files localy. The Idea: The main samba server holds all files and all user information. The CIFS Proxy in the remote location have a copy of all files and a copy of the user database. If a user open a file the file will be locked on all servers (main server and all cifs proxy). If the user write a file (new file or file change) the file will be still locked until the file is written on all servers. It hears simple, but there are many problems. What happens, when the connection go down, the main server due to maintanace will be shut off, a client dies while he edit a file... Is there a working solution available (Samba3)? Otmar -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] chown/chgrp for winbind users doesn`t work
Hello, I have two Samba Domains and each trust each other (PDCs run 3.0.22). Also I have a samba member server (3.0.24) that runs winbind. When I use wbinfo I can see the user and groups of both domains. I also can chown/chgrp files with users of the domain the server is member of. But I can`t chown/chgrp with accounts of the trusted domain. chown doesn`t work at all. chgrp works, but then only the gid (from winbind) is shown: # chown "TRUSTDOM+muehlfeld" file.txt chown: `TRUSTDOM+muehlfeld': invalid user # chgrp "TRUSTDOM+group" file.txt # ls -la file.txt -rw-r--r-- 1 root 10051 0 Mar 8 12:32 file.txt I also have a Win2003r2 Member Server. When I add rights to a file for a user of the trusted domain, I see the name. But when I close the window and then open it again, the name of the user/group changed into the SID. So I guess it`s a problem or misconfiguration from the two PDCs, and not of the member servers. This are my winbind settings: idmap backend = ldap:ldap://192.168.29.4 idmap uid = 1-2 idmap gid = 1-2 winbind separator = + winbind enum users = yes winbind enum groups = yes template homedir = /home/%U template shell = /bin/false winbind nested groups = yes winbind cache time = 300 winbind nss info = template winbind use default domain = yes winbind trusted domains only = yes Any idea what could be wrong? Also one more question: Any plans, when winbind on a PDC could handle local users and from the trusted domains? Best regards Marc Muehlfeld -- Marc Muehlfeld Zentrum fuer Humangenetik und Laboratoriumsmedizin Dr. Klein und Dr. Rost Lochhamer Str. 29 - D-82152 Martinsried Telefon: +49(0)89/895578-0 - Fax: +49(0)89/895578-78 http://www.medizinische-genetik.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] CUPS errors when not using CUPS - Breaks printing
>Any attempt to connect to a printer (e.g. Start|Run|\\server\printer ) >results in an XP error message 'Incorrect Function'. > We believe (as best as we can tell) that this _has_ worked on 3.0.24 (since we upgraded from 3.0.22) Can anyoune suggest what we need to do to make this work? We think it would involve telling Samba not to even bother looking for CUPS like services in the first place. Mac Assistant Systems Administrator @nibsc.ac.uk [EMAIL PROTECTED] Work: +44 1707 641565 Everything else: +44 7956 237670 (anytime) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] CUPS errors when not using CUPS - Breaks printing
Hi All, We appear to have a CUPS problem that is breaking our (LPRng) based printing. We now have loads of errors of the form:_ [2007/03/08 12:21:36, 0, pid=23877] printing/print_cups.c:cups_cache_reload(85) Unable to connect to CUPS server localhost - Connection refused filling up the log.smbd file We using printing=lprng in smb.conf, and there isn't (nor has there ever been) any CUPS on the server. Any attempt to connect to a printer (e.g. Start|Run|\\server\printer ) results in an XP error message 'Incorrect Function'. This is Samba 3.0.24 compiled from source on Solaris 9. Mac Assistant Systems Administrator @nibsc.ac.uk [EMAIL PROTECTED] Work: +44 1707 641565 Everything else: +44 7956 237670 (anytime) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Shares losing group entries
Hello, The getent issue has been resolved by adding winbind enum users = yes winbind enum groups = yes in smb.conf... Thank you, On 3/7/07, Mostro Mostro <[EMAIL PROTECTED]> wrote: Hi Felipe, A1. Samba is setup as a domain member server. It will be used as a file server in a Windows 2000 Active Directory domain. wbinfo -u and wbinfo -g display the Active Directory users and groups. getent passwd only works when I specify the domain. For example: venencia:~ # getent passwd CAPRI\\owa-check CAPRI\test:*:20056:20002:test:/home/CAPRI/test/bin/false When I use getent passwd alone stdout displays the local password database Thanks On 3/7/07, Felipe Augusto van de Wiel < [EMAIL PROTECTED]> wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 03/06/2007 08:01 PM, Mostro Mostro wrote: > > Hello, > > > > This my first post to this list. I just spent the last day an a half > > building a Samba server for our corporate network. Our Windows file > > server crashed so I stepped up and decided to go with Samba 3.023d on > > Suse 10.2. > > Ok, so SAMBA is now the PDC or something like that? Or > it is playing with other windows on the neighborhood? > > > > Anyway, I am using Winbindd to control access. The problem I am > > currently faced with has to do with security permissions sticking to > > the share. From the Windows MMC I right click the share, go to the > > security tab, select advanced and try to assign the "Domain Users" > > group and a few others. After clicking ok all the way through I go > > back in to verify an see my groups have been replaces with SIDs. > > It seems to be a problem with the ROLE model, if this > Samba Server is now in charge of the network, IMHO, you don't > need winbind, you should use tdbsam or LDAP. > > On the other hand, if you still have a password server > and your Samba Server will query it, then the problem should be > related to the winbind (and related info, uid/gid maps, queries > and so on). > > If you use getent you are able to see your winbind users? > > [...] > > Kind regards, > > - -- > Felipe Augusto van de Wiel <[EMAIL PROTECTED]> > Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE > http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.6 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFF7sTsCj65ZxU4gPQRAvDqAJkB+PCasPga2UwIGvIys1EKBFfxjACfSHDp > kKSqVBzkhNOMfsjE8PemOQs= > =Vkxl > -END PGP SIGNATURE- > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] WG: Samba Version 3.0.24 and 3.0.25 Winbind lost connection (Connection reset by peer) to W2K3-DC on Port 445 \lsarpc failure
Hello ! I have the following problem running Samba 3.0.24 under AIX 5.3 : It seems that the pipe winbind to \lsarpc breaks The Error Message in the Winbindd log is the following: read_socket_with_timeout: timeout read. read error = Connection reset by peer. [2007/03/07 14:49:52, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790) rpc_api_pipe: Remote machine SHHDC3 pipe \lsarpc fnum 0x400areturned critical error. Error was Read error: Connection reset by peer Evertime this message appears, the group Mapping in the Filesystem is lost and the access control to the files doesn't work properly. Does anybody have an idea where the problem can be? Regards Markus -- VERTRAULICHKEIT: Diese Nachricht ist ausschließlich für denjenigen bestimmt, an den sie adressiert ist und kann vertrauliche Informationen enthalten. Falls Sie nicht der Empfänger dieser Nachricht sind, weisen wir Sie darauf hin, dass die unberechtigte Weitergabe oder Verwendung sowie das unberechtigte Verteilen oder Kopieren dieser Nachricht strikt untersagt sind. Falls Sie diese Nachricht irrtuemlich erhalten haben, vernichten Sie sie bitte sofort. CONFIDENTIALITY: This message is intended only for the use of the individuality or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure. If you are not the intended recipient you are notified that any dissemination, distribution, use or copying of this communication is strictly prohibited. If you received this message in error, please immediately destroy this message. To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] recommended filesystems with NT/Posix ACL's ?
i'm about to upgrade from samba 2.x to a samba 3.x domain member server and wanted to fact ACL support into the equation. what is the recommended ACL file system for samba ? I use xfs everywhere, I've recently tried reiserfs, but am less happy with it. In future I'll stick with xfs again. It supports ACL (like most others do as well) and additionally it has a very good quota system: it doesn't need quotacheck. (which can take quite a while) Mourik Jan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Workstation SID Variability in Samba-Controlled Domains
Hi, Does SAMBA regularly re-negotiate SID identity with member workstations. If so, can this feature be disabled? I am given to understand that Microsoft domain controllers "regularly" re-negotiate SID updates with member workstations. There is an understandable security premise for doing this, however, it is a serious problem for installations which deploy workstation "self-restore" functionality using Norton Ghost or such like. After a few weeks, the self restore will not work because the original workstation SID is no longer current in the server machine database. It is then necessary to re-do the tedious domain re-join procedure, which defeats the whole purpose. BTW, I am new to SAMBA and extremely pleased thus far!!! Thanks to you guys for excellent work! Regards, Vincent Callanan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbldap-tools problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 hey , I installed smbldap tools for have sync linux and win passwd, and it worked. But today i did some modifies to the script smbldap-passwd and it doesn't work. I check that win when try to change the password don't use it now...i try to reinstall again but still no working...this is my smb.conf someone can help me..? thanks [global] workgroup = IRONMAN netbios name = SHOGUN server string = SAMBA-LDAP PDC server ; wins support = no ; wins server = w.x.y.z interfaces = eth1 ; pam password change = Yes dns proxy = no log file = /var/log/samba/log.%m max log size = 1000 ; syslog only = yes syslog = 0 panic action = /usr/share/samba/panic-action %d name resolve order = lmhosts host wins bcast AUTENTIFICACION## security = user encrypt passwords = true passdb backend = ldapsam:ldaps://shogun.ironman.es:636 ; ldap passwd sync = only ; guest account = guest invalid users = root unix password sync = no ; ldap password sync = yes passwd program = /usr/local/sbin/smbldap-passwd -o %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . ; obey pam restrictions = yes ; pam password change = no #KERBEROS use kerberos keytab = yes realm = IRONMAN.ES ;security = ads ;ads server = 192.168.2.3 #LDAP# ldap admin dn = cn=admin,dc=ironman,dc=es ldap ssl = on ldap delete dn = no ldap suffix = dc=ironman,dc=es ldap user suffix = ou=people ldap group suffix = ou=groups ldap machine suffix = ou=machines ## Printing ## # If you want to automatically load your printer list rather # than setting them up individually then you'll need this load printers = yes # lpr(ng) printing. You may wish to override the location of the # printcap file ; printing = bsd ; printcap name = /etc/printcap # CUPS printing. See also the cupsaddsmb(8) manpage in the# When using [print$], root is implicitly a 'printer admin', but you can # also give this right to other users to add drivers and set printer # properties printer admin = @domainprintoperators ###PDC###3 os level = 80 preferred master = yes domain master = yes local master = yes domain logons = yes logon path = //SHOGUN/profiles/%u logon drive = V: logon home = //SHOGUN/%u logon script =%u.bat ; domain admin group = @domainadmins add user script = /usr/local/sbin/smbldap-useradd -w %u Misc socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 idmap uid = 1-2 idmap gid = 1-2 template shell = /bin/bash add user script = /usr/local/sbin/smbldap-useradd -w %u File sharing # Name mangling options ; preserve case = yes ; short preserve case = yes # cupsys-client package. printing = cups printcap name = cups -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF7+Eou1kTJztljjMRAoz/AJ49j5RkqzWNIr6ltQfeDOW9MMUwiQCbBdPg pO1sowR4osRFd17ZQoeu54Q= =05IU -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unable to follow dfs referral - still a problem for smbclient & also freebsd smbfs
At 20:46 7/03/2007, Jeremy Allison wrote: On Mon, Mar 05, 2007 at 01:56:56PM +0100, werner maes wrote: > > hello > > I'm also interested to know whether this patch has made it to smbclient. I've just merged this from SAMBA_3_0 to SAMBA_3_0_25 and in simple testing it works following the DFS referral. I can't fix the *BSD smbfs of course, but smbclient should now work in these cases. Jeremy. tnank you I'll try it out as soon as 3.0.25 is available. has this patch made it into 3.0.25rc1? werner Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
