Re: [Samba] Re: Simple LDAP backend question

[Ryan Novosielski]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Jamrock wrote:
> "Ryan Novosielski" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> Is it required to use LDAP for both POSIX/UNIX accounts and for Samba,
>> or can one move only the smbpasswd file to LDAP without impacting the
>> standard UNIX passwd file at all?
> 
> Interesting question.  Just a little background info. so we are all on the
> same page.
> 
> Each Samba user must have a Linux (POSIX) account in order to access the
> Linux machine.  It must also have some Samba (Windows) information for it to
> work as a Windows domain controller.
> 
> If you use the smbldap tools to manage the addition and deletion of users,
> they will add the POSIX and the Samba user info to the LDAP directory.  This
> will happen because your add user script in the smb.conf file will point to
> the relevant smbldap add user script.
> 
> You would typically configure the /etc/nsswitch.conf file to tell the Linux
> machine to look for user names and passwords in the LDAP directory.  That
> way the user does not need to exist in the /etc/passwd file.
> 
> So far so good.
> 
> I understand from what you are saying that you want to
> separate the POSIX (Linux) information from the Samba information.  You want
> to keep the POSIX information in the /etc/passwd file and the Samba
> information in the LDAP directory.  Each user's authentication information
> will be stored in both locations.
> 
> To do this you should not use the add user script from the smbldap tools.
> Instead use the standard Linux "add user" command in a script to add the
> user.  I have done this in the past.  It adds Samba info. to LDAP and
> creates the user account in the /etc/passwd file.
> 
> Your smb.conf file should look something like
> 
> add user script = /usr/sbin/useradd -m '%u'
> 
> add machine script = /usr/sbin/useradd -M '%u'
> 
> add group script = /usr/sbin/groupadd '%g'
> 
> Typically I use the User Manager for Domains to add and delete users.  Not
> sure how things will work with other tools.
> 
> I guess you can use the smbldap tools to populate the LDAP database with the
> standard Windows users and groups but use the Linux commands in the add user
> script.
> 
> I haven't tried this since the early versions of Samba 3.x.  Let me know how
> it works out.

Sounds rather much like what I'm looking for. I really don't use the add
user/group script right now anyway, just add machine.

What is seems like you're saying is that I can migrate all of the stuff
from /etc/passwd to LDAP and then just never change nsswitch for UNIX
and only make Samba use the ldap, and setting the parameters as above.

- --
  _  _ _  _ ___  _  _  _
 |Y#| |  | |\/| |  \ |\ |  | |Ryan Novosielski - Systems Programmer II
 |$&| |__| |  | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922)
 \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHfcD1mb+gadEcsb4RAoU/AKCuF+4gO9FQMxQ8a3SyKv8giqLe6QCg4SYJ
vimuQInaWkyU5fv9L2/ZSic=
=rrvN
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Simple LDAP backend question

[Jamrock]

"Ryan Novosielski" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Is it required to use LDAP for both POSIX/UNIX accounts and for Samba,
> or can one move only the smbpasswd file to LDAP without impacting the
> standard UNIX passwd file at all?

Interesting question.  Just a little background info. so we are all on the
same page.

Each Samba user must have a Linux (POSIX) account in order to access the
Linux machine.  It must also have some Samba (Windows) information for it to
work as a Windows domain controller.

If you use the smbldap tools to manage the addition and deletion of users,
they will add the POSIX and the Samba user info to the LDAP directory.  This
will happen because your add user script in the smb.conf file will point to
the relevant smbldap add user script.

You would typically configure the /etc/nsswitch.conf file to tell the Linux
machine to look for user names and passwords in the LDAP directory.  That
way the user does not need to exist in the /etc/passwd file.

So far so good.

I understand from what you are saying that you want to
separate the POSIX (Linux) information from the Samba information.  You want
to keep the POSIX information in the /etc/passwd file and the Samba
information in the LDAP directory.  Each user's authentication information
will be stored in both locations.

To do this you should not use the add user script from the smbldap tools.
Instead use the standard Linux "add user" command in a script to add the
user.  I have done this in the past.  It adds Samba info. to LDAP and
creates the user account in the /etc/passwd file.

Your smb.conf file should look something like

add user script = /usr/sbin/useradd -m '%u'

add machine script = /usr/sbin/useradd -M '%u'

add group script = /usr/sbin/groupadd '%g'

Typically I use the User Manager for Domains to add and delete users.  Not
sure how things will work with other tools.

I guess you can use the smbldap tools to populate the LDAP database with the
standard Windows users and groups but use the Linux commands in the add user
script.

I haven't tried this since the early versions of Samba 3.x.  Let me know how
it works out.



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Access Denied when installing drivers using APW

[Scott Vintinner]

I'm trying to install print drivers onto my samba 3.0.28 server (Fedora Core 
8) following the Add Printer Wizard Driver Installation directions here:


http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/classicalprinting.html#id388379

Unfortunately, when I try to add the print driver, I receive a Windows "Add 
Printer Driver Wizard : Unable to install Ghostscript PDF, Windows 2000 or 
XP, Intel driver. Access is Denied" error message.  Trying to add a printer 
using the Add Printer wizard results in a similar "Add Printer Wizard : 
Printer driver was not installed.  Access is denied."


The Samba server is a stand-alone server.  I'm connecting to the Samba 
server from an XP machine, using the net use \\acro1\print$ /user:root 
command to make sure that I'm connected as root.  I've also run smbstatus to 
ensure that I'm connected as root:


[EMAIL PROTECTED] samba]# smbstatus

Samba version 3.0.28-0.fc8
PID Username  Group Machine
---
 2234   root  root  xp-vinsco(10.1.1.147)

Service  pid machine   Connected at
---
print$   2234   xp-vinsco Thu Jan  3 16:09:40 2008
IPC$ 2234   xp-vinsco Thu Jan  3 16:16:27 2008

Locked files:
Pid  UidDenyMode   Access  R/WOplock 
SharePath   Name   Time

--
2234 0  DENY_NONE  0x11RDONLY NONE 
/etc/samba/drivers   .   Thu Jan  3 16:10:00 2008



The server is not running SELINUX, and the samba install seems to work fine 
otherwise (meaning I can connect to a test share as root and edit files just 
fine).  Below is my smb.conf.  Note that this server is being setup to use 
Acrophobia (http://acrophobia.sourceforge.net), which is where the ePDF.py 
scripts are from.  I've contacted the author, but Acrophobia is currently 
only supported on Fedora Core 3.  It's also my inexperienced feeling that my 
problem is a SAMBA problem rather than a problem with one of his scripts.


Any help or other ideas for debugging this would be greatly appreciated.

Scott



#Global Settings =

[global]
addprinter command = /usr/bin/ePDF.py --addprinter
map to guest = Bad User
guest account = pcguest
show add printer wizard = Yes

workgroup = rbh
server string = Linux ePDF Server

log file = /var/log/samba/log.%m
max log size = 50

security = user
passdb backend = smbpasswd

local master = no
wins server = 10.1.19.84
load printers = yes
cups options = raw
printing = lprng


#Share Definitions ==

[homes]
comment = Home Directories
browseable = no
writable = yes

[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes

[print$]
comment = Print Drivers
path = /etc/samba/drivers
guest ok = yes
write list = root

[test]
path = /etc/samba
guest ok = no
writable = yes
write list = root

[basepdf]
comment =
queueresume command = /usr/bin/ePDF.py  --endbatch --user %U
printable = yes
print command = /usr/bin/ePDF.py  --jobname '%J' --user %U %s
guest ok = yes
path = /var/spool/ePDF/basepdf
printer name = Acrophobia PDF Printer
queuepause command = /usr/bin/ePDF.py  --startbatch --user %U
lpq command = /usr/bin/ePDF.py  --qstat --workdir '[%S]' --user %U

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: Re: [Samba] Another Uploading Printer drivers problem.

[Willy Offermans]

Hello Richard and Samba Friends,

On Thu, Jan 03, 2008 at 10:15:01PM +0900, Richard Chapman wrote:
> Hi Willy, Dale, Ryan and others
> 
> Many thanks for hte feedback. I had read the man samba.conf section on 
> "use client driver" - but I interpreted the "MUST not be enabled when 
> valid printer drivers are loaded on the Samba server" to mean the case 
> where the drivers were "loaded on and RUNNING on the server" as opposed 
> to "loaded on the server simply to allow them to be loaded onto the 
> windows box". These are presumably different cases - and it is clearly 
> desirable to upload the drivers on the server JUST for download to the 
> windows box even when (especially when) the drivers are running on the 
> client side.

Drivers are always loaded and running on the client, whatever you do.
However I noticed that some settings are stored on the server side, if
you upload the driver and change the settings on the server side.

> 
> I have tried removing the directive - and I immediately get back the 
> "access denied" status in the windows printers and faxes window, just as 
> the man pages suggest I should. Since removing the directive (and 
> restarting samba) I have tried again to upload the drivers - but the 
> result is the same. It goes through the motions - and doesn't give an 
> error - but still uploads to the c:\windows..  on the client rather than 
> the print$ share on the samba server.

Did you follow the right procedure. I always use a windows domain
client to upload the drivers. I follow the procedure: use start - run,
type \\server (your samba server) and press OK. Goto Printers and
Faxmachines, right click mouse and choose server properties. Choose tab
drivers and add new driver. Finally connect driver to printer. That's
it. Probably it is also described in many Howto's.

> 
> Thanks for your references too Dale - but my "Access Denied" error is 
> seen on the printer and fax status window - rather than when trying to 
> upload drivers. I do not get any errors when uploading the drivers. They 
> just go to the wrong place. No doubt when I get them going to the right 
> place - I may then need to resolve the privileges issue. I will however 
> have a good browse of the howto link you provided.

Probably you are doing something wrong. Explain us how you are
uploading.

> 
> I guess it does appear that the "use client driver" is preventing me 
> from uploading the drivers. Can anyone suggest the best way around this? 
> There are a few linux drivers around for the printer - but they all seem 
> to have problems. Can I install a linux driver - but not use it and 
> still use the windows client side drivers. Will this overcome my problem 
> - and allow me to upload the Windows drives to the linux share?

The "use client driver" directive does not put the driver in the wrong
place, e.g. C:\Windows\blahblah, but causes an error message when you
try uploading the drivers.

> 
> Alternatively - can I run the system with a "raw" mode linux printer - 
> but avoid the "use client driver". Is there some other way to get rid of 
> "access denied" errors - or can I just ignore them? In this case - with 
> no linux driver installed - can I still upload windows printer drivers?
> 
> One simple question you may be able to answer: Is it the presence of the 
> "use client driver" directive or the absence of the linux driver which 
> prevents me from uploading? My tests today suggest the latter.

The "use client driver" issue has been discussed and explained. By now
you should now what to do. I do not understand the linux driver issue
and therefore I cannot comment on that. I have the feeling that you are
not clear on what you want.

> 
> Many thanks again.
> 
> Richard.
> 

You are welcome,

Willy

> 
> 
> 
> 
> 
> 
> 
> Willy Offermans wrote:
> >Hello Richard,
> >
> >On Wed, Jan 02, 2008 at 11:19:04PM +0900, Richard Chapman wrote:
> >  
> >>Hi. I have been following another thread describing problems uploading 
> >>printer drives - but I think I have a different problem.
> >>In my case I have a Samsung CLP510 colour laser physically connected to 
> >>a Centos 5.1 X86-64 Linux box with Samba 3.0251514 (3.0.25b-1.el5_1.4 
> >>).
> >> 
> >>The Printer is intended to be shared by windows boxes on the network. I 
> >>have installed the printer as a "raw" printer - so that windows clients 
> >>use their own drivers. In order to get rid of the "Access Denied" errors 
> >>in the "Printers and Faxes" status - I have put the "use client driver" 
> >>directive into smb.conf.
> >>
> >>I was hoping that I could still install windows printer drivers on the 
> >>Linux server so that new windows client machines would not have to find 
> >>the driver elsewhere. I can't see any reason why this should not be 
> >>possible. I have created the print$ share and the folders described here:
> >>http://wiki.sa

Re: [Samba] Sharing a shared folder

[Yan Seiner]

simo wrote:

On Tue, 2007-10-09 at 12:34 -0600, Brandon Pedersen wrote:
  

Hey,

So, I have a Linux server that is mounting a CIFS share. The server then
shares that share to everyone else. My question is does having it routed
this way cause a major slow down? Do the files need to be copied to the
mediator server before going out to the device that is requesting the file?
Or is it able to forward the request to the other server to grab the files
directly from there?

I am curious about this because we have a big imaging server with a whole
bunch of images on it and we are setting up this new server and don't want
to move all the images over, thus we just mounted the images directory on
the new server.

What would you do?



Use a DFS Root, and redirect clients.
  


Could you please elaborate on this?

How do I redirect clients to a remote samba server?

I am trying to set up a connection via a VPN.

--Yan
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Fedora configuration options

[Quinn Fissler]

If you grab the source package, you can look at the samba.spec file which
has the compile opts.



On 03/01/2008, Deas, Jim <[EMAIL PROTECTED]> wrote:
>
> Can anyone tell me where to find the original config options used by the
> Fedora team to build this package?
> I want to add the pam and ldap options. I have downloaded the complete
> samba package from the Fedora website. This package included all the
> patch files but I have yet to find a document that shows the options
> used by the fedora team to set all the directories and options.
> After adding the ldap and pam development stuff, I can compile and
> execute the program but I still am having troubles with ldap
> authentication.
> Before I go further down this trail I just want to clean up the compile
> by using the confirmed original config options along with my additions
> for ldap/pam
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Simple LDAP backend question

[John Drescher]

> Is it required to use LDAP for both POSIX/UNIX accounts and for Samba,
> or can one move only the smbpasswd file to LDAP without impacting the
> standard UNIX passwd file at all?
> - --
With ldap you have both the users that are in the ldap server + the
/etc/passwd file.

John
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Simple LDAP backend question

[John Drescher]

> John Drescher wrote:
> >> Is it required to use LDAP for both POSIX/UNIX accounts and for Samba,
> >> or can one move only the smbpasswd file to LDAP without impacting the
> >> standard UNIX passwd file at all?
> >> - --
> > With ldap you have both the users that are in the ldap server + the
> > /etc/passwd file.
>
> So then, do you get POSIX and Samba accounts in the LDAP, and then the
> /etc/passwd is also used?
>
Yes. Both are specified in the nsswitch and both are used.

>
> What I really want is to move smbpasswd users to LDAP, but we have
> process that interact with /etc/passwd, but I would like LDAP to be only
> used by Samba. I suppose if nsswitch did not say to use LDAP, ssh/etc.
> would not check LDAP for user logins?
>
I have never tried that so I am not sure.

John
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Fedora samba and ldap (resend)

[Adam Tauno Williams]

> I am currently using the Fedora Open directory with a posix structure
> user information to authenticate several hundred Mac users.
> Currently this is being done using the netatalk package for userId, UID,
> GID, password, home directory.
> What I am looking for is a way to move from netatalk to Samba without
> losing my LDAP capabilities.

Migrating from a POSIX (RFC2307) configuration should be *very* straight
forward.

> I have seen several post related to doing this but none that give me
> specific information on Fedora 7 and its precompiled version of Samba.

If Samba is linked against the LDAP libraries it should have everythingh
you need.

ldd /usr/sbin/smbd  | grep -i ldap

> Can someone confirm for me that this distribution is PAM enabled and
> that ldap using posix user info is compatible?

It is, as is every mainline Linux distro.
-- 
  Consonance: an Open Source .NET OpenGroupware client.
 Contact:[EMAIL PROTECTED]   http://freshmeat.net/projects/consonance/

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Simple LDAP backend question

[Ryan Novosielski]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

John Drescher wrote:
>> Is it required to use LDAP for both POSIX/UNIX accounts and for Samba,
>> or can one move only the smbpasswd file to LDAP without impacting the
>> standard UNIX passwd file at all?
>> - --
> With ldap you have both the users that are in the ldap server + the
> /etc/passwd file.

So then, do you get POSIX and Samba accounts in the LDAP, and then the
/etc/passwd is also used?

What I really want is to move smbpasswd users to LDAP, but we have
process that interact with /etc/passwd, but I would like LDAP to be only
used by Samba. I suppose if nsswitch did not say to use LDAP, ssh/etc.
would not check LDAP for user logins?

- --
  _  _ _  _ ___  _  _  _
 |Y#| |  | |\/| |  \ |\ |  | |Ryan Novosielski - Systems Programmer II
 |$&| |__| |  | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922)
 \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHfS9Nmb+gadEcsb4RApoyAJ0bzAtFlSkoZaccE4oZW/nwyJ1OkwCgivoo
OuNhdmPGlaBokt5Uh3BoKvo=
=pVMJ
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Simple LDAP backend question

[Ryan Novosielski]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Is it required to use LDAP for both POSIX/UNIX accounts and for Samba,
or can one move only the smbpasswd file to LDAP without impacting the
standard UNIX passwd file at all?
- --
  _  _ _  _ ___  _  _  _
 |Y#| |  | |\/| |  \ |\ |  | |Ryan Novosielski - Systems Programmer II
 |$&| |__| |  | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922)
 \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHfSwomb+gadEcsb4RAvXNAJ9k0Uw2fVYRspDO+rTRFxBYfefw3wCgyvSJ
npPNBznEw287gOv1SH3zN88=
=eAkV
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Fedora samba and ldap (resend)

[Quinn Fissler]

It's trivial to compile your own samba to include what you need.

FYI, on a recently updated FC7 near here I can see 3.0.28 with pam support
enabled.

(Looking at /var/log/rpmpkgs I can see that 3.0.25 was installed
originally.)

You will have to update fc7 anyway (bad kernel)

samba works alongside posix ldap schema with no issues -  you only have a
problem if you need passwords in sync - even then, it is solvable - I
believe that samba is doing more to support this - ie functionality in this
area is changing - in my view, that makes it slightly difficult - you have
to work to get the right way for the current combination of libs and app
versions.

Good luck,

Q


On 02/01/2008, Deas, Jim <[EMAIL PROTECTED]> wrote:
>
> I am currently using the Fedora Open directory with a posix structure
> user information to authenticate several hundred Mac users.
>
> Currently this is being done using the netatalk package for userId, UID,
> GID, password, home directory.
>
>
>
> What I am looking for is a way to move from netatalk to Samba without
> losing my LDAP capabilities.
>
>
>
> I have seen several post related to doing this but none that give me
> specific information on Fedora 7 and its precompiled version of Samba.
>
>
>
> Can someone confirm for me that this distribution is PAM enabled and
> that ldap using posix user info is compatible?
>
>
>
> Thanks,
>
> JD
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] require_membership_of being ignored?

[Mike Husmann]

Hi, I'm setting up a Gentoo samba server for home directories on a 2003 ADS
network.

I've decided to use pam_mkhomedir.to have the fileserver automagically create
their home when they first log in. But we don't want everyone to log in, just
the members of the AD group filesurfer-users.

The problem: Regardless of what I put as a require_membership_of= in the samba
pam file, any domain user can log in and a home directory is created.

I've attached a copy of /etc/pam.d/samba and /etc/samba/smb.conf.

Any help would be greatly appreciated.

/etc/pam.d/samba:
--
#%PAM-1.0

# Require membership of filesurfer-users group
account requiredpam_winbind.so require_membership_of=(SID)

session requiredpam_winbind.so require_membership_of=(SID)
session optionalpam_mkhomedir.so skel=/etc/mside-skel umask=0077


Smb.conf:
[global]
workgroup = DOMAIN
netbios aliases = FILESURFER
server string = FileSurfer
log file = /var/log/samba/%m.log
max log size = 50
security = ADS
realm = DOMAIN.SCHOOL.EDU
encrypt passwords = yes
server signing = auto
smb passwd file = /etc/samba/smbpasswd
admin users = @"DOMAIN+Domain Admins"
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password*
%n\n*passwd:*all*authentication*tokens*updated*successfully*
pam password change = yes
obey pam restrictions = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = no
allow trusted domains = no
idmap backend = rid
idmap uid = 1-100
idmap gid = 1-100
winbind use default domain = yes
winbind separator = +
winbind enum users = yes
winbind enum groups = yes
template shell = /bin/bash
template homedir = /home/%U
local master = no
inherit permissions = yes
dos filemode = yes
   recycle:exclude = *.tmp *.temp *.o *.obj ~$*
   recycle:keeptree = True
   recycle:touch = True
   recycle:versions = True
   recycle:noversions = .doc|.xls|.ppt
   recycle:repository = /home/trash/%U
   recycle:maxsize = 1000
vfs objects = recycle

[homes]
   comment = Home Directories
   create mask = 0700
   browseable = no
   writable = yes
   valid users = %U
   nt acl support = yes


Thanks in advance,

Mike

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Rename Samba Domain?

[Quinn Fissler]

I've done it - it can be done without pain.
I was using ldap - I backed up my db first - I also change SIDs by using a
large scale edit and re-imported.

If you want client machines to stay joined to the domain, you have a bigger
problem - depending on the number of clients, it might be easier to unjoin
before the name change and rejoin afterwards, otherwise, the clients will
look for the old DC, even to leave the domain.

Have fun :-)


On 03/01/2008, Charles Marcus <[EMAIL PROTECTED]> wrote:
>
> Is it possible? Is it advised? Is there a 'right way'?
>
> Thanks,
>
> --
>
> Best regards,
>
> Charles
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] net groupmap add

[Schreiber, Martin]

Hi List,
 
We have a pretty complex samba configuration running version 3.0.21 , this 
worked for about 2 years , but due to security reasons we need to upgrade to 
latest version 3.0.28.
I have no local unix users created on our host all access is regulated via the 
valid user = @AD+group statement . and the net groupmap add command. This 
worked great , but seems broken in latest versions since 3.0.23
 
I checked the latest howtos , but no success , seems that i overlooked some 
essentials...
 
Now my smb.conf  (only the relevant lines)
 

 
 workgroup = WWxxx
server string = [EMAIL PROTECTED]
security = DOMAIN
netbios name = ATWS26QC
encrypt passwords = Yes
client schannel = no
client use spnego = no
server signing = auto
config file = /usr/local/samba/lib/smb.conf
password server = vieg10wa
passdb expand explicit = no
password level = 1
winbind uid = 10-13
winbind gid = 10-12
winbind enum users = yes
winbind enum groups = yes
winbind separator = +
winbind use default domain = yes
winbind nested groups = yes
#the shares
[home2]
path = /home2
valid users@sbs_ors_ux @sbs_ors
read only = no
browseable = yes

--
 
output from net groupmap list
--
# bin/net groupmap list
Administrators (S-1-5-32-544) -> 10
sbs_ors (S-1-5-21-3932861455-2822179577-2594212704-125693) -> sbs_ors_ux  > 
thats the relevant group 
Users (S-1-5-32-545) -> 11

 
 But I cant get it to work , I´m allways asked for a password , but should work 
seemless , as it does with "old" samba version
 
Hope theres someone who can give me some hints , like a working smb.conf and or 
a howto to manage the "net groupmap add" command in the proper way
 
 
Best regardsMartin
 
 

 

  Martin Schreiber

  Siemens IT Solutions and Services GmbH

  Gudrunstrasse 11 
  A-1101 Wien 
   Tel: +43(0)51707 47565
  Fax: +43(0) 51707 57560
 
  [EMAIL PROTECTED] 
  http://www.siemens.at/it-solutions

Siemens IT Solutions and Services GmbH, DVR 1009192, FN 180547k, Handelsgericht 
Wien, Firmensitz Wien

Wichtiger Hinweis: Diese E-Mail kann Betriebs- oder Geschäftsgeheimnisse oder 
sonstige vertrauliche Informationen enthalten. Sollten Sie diese E-Mail 
irrtümlich erhalten haben, ist Ihnen eine Kenntnisnahme des Inhalts, eine 
Vervielfältigung oder Weitergabe der E-Mail ausdrücklich untersagt. Bitte 
benachrichtigen Sie uns und vernichten Sie die empfangene E-Mail. Vielen Dank.

Important Note: This e-mail may contain trade secrets or privileged, 
undisclosed or otherwise confidential information. If you have received this 
e-mail in error, you are hereby notified that any review, copying or 
distribution of it is strictly prohibited. Please inform us immediately and 
destroy the original transmittal. Thank you for your cooperation

 

 
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Another Uploading Printer drivers problem.

[Chris Smith]

On Thursday 03 January 2008, Richard Chapman wrote:
> I guess it does appear that the "use client driver" is preventing me
> from uploading the drivers. Can anyone suggest the best way around
> this?

I think "use client driver" is pretty clear. If you want a driver on the 
server to automagically install then you don't want to set "use client 
driver". You seem to be entering non-sequitor-ville here.

If you want client drivers available for central distribution just 
unpack the drivers (if desired) and place them on a read only share 
that the users have access to. They wont automagically install but 
you'll avoid sneakernetting, etc.

If you would really prefer to use server drivers but it's just an upload 
issue than follow the docs and focus on resolving that.

> There are a few linux drivers around for the printer - but they 
> all seem to have problems. Can I install a linux driver - but not use
> it and still use the windows client side drivers. Will this overcome
> my problem - and allow me to upload the Windows drives to the linux
> share?

I tend to always use the MS/Adobe PS drivers with the CUPS 6 Windows 
drivers. Works quite well. But then I never purchase non-PS capable 
printers. And it's easy to setup using cupsaddsmb, avoiding uploading 
from a client.

There are other ways to get the driver installed on the server (see 
docs - cupsaddsmb, rpc) without uploading from a client, but if your 
system is setup correctly uploading shouldn't be an issue in most 
cases. There may, however, be some drivers that just wont play nice.

-- 
Chris
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Another Uploading Printer drivers problem.

[Ryan Novosielski]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Richard Chapman wrote:
> Hi Willy, Dale, Ryan and others
> 
> Many thanks for hte feedback. I had read the man samba.conf section on
> "use client driver" - but I interpreted the "MUST not be enabled when
> valid printer drivers are loaded on the Samba server" to mean the case
> where the drivers were "loaded on and RUNNING on the server" as opposed
> to "loaded on the server simply to allow them to be loaded onto the
> windows box". These are presumably different cases - and it is clearly
> desirable to upload the drivers on the server JUST for download to the
> windows box even when (especially when) the drivers are running on the
> client side.

Misinterpretation. With Samba, the only thing you can do is have them
available for download. The drivers always run on the client side
(HP-UX, in my example, isn't actually going to do anything server-side
with the drivers). Use client driver means something like "completely
ignore the server side drivers and use a local one."

> I have tried removing the directive - and I immediately get back the
> "access denied" status in the windows printers and faxes window, just as
> the man pages suggest I should. Since removing the directive (and
> restarting samba) I have tried again to upload the drivers - but the
> result is the same. It goes through the motions - and doesn't give an
> error - but still uploads to the c:\windows..  on the client rather than
> the print$ share on the samba server.

You don't say how you're doing this -- this might be part of the
problem. You may also have said before, but is this a domain, or just a
workgroup? That may make a difference.

> Thanks for your references too Dale - but my "Access Denied" error is
> seen on the printer and fax status window - rather than when trying to
> upload drivers. I do not get any errors when uploading the drivers. They
> just go to the wrong place. No doubt when I get them going to the right
> place - I may then need to resolve the privileges issue. I will however
> have a good browse of the howto link you provided.
> 
> I guess it does appear that the "use client driver" is preventing me
> from uploading the drivers. Can anyone suggest the best way around this?
> There are a few linux drivers around for the printer - but they all seem
> to have problems. Can I install a linux driver - but not use it and
> still use the windows client side drivers. Will this overcome my problem
> - and allow me to upload the Windows drives to the linux share?

No.

> Alternatively - can I run the system with a "raw" mode linux printer -
> but avoid the "use client driver". Is there some other way to get rid of
> "access denied" errors - or can I just ignore them? In this case - with
> no linux driver installed - can I still upload windows printer drivers?

Yes. Not knowing really what you did wrong (you may very well have said
but I did not have the time to follow it), I can't really tell you, but
I can say that I followed the HOWTO and it does work as expected.

> One simple question you may be able to answer: Is it the presence of the
> "use client driver" directive or the absence of the linux driver which
> prevents me from uploading? My tests today suggest the latter.

Linux drivers are irrelevant. Printing in Samba doesn't actually do any
printing (communicating with a physical device), it is basically like a
write-only file share with generates a spool file and passes it off to
your real printing system. Samba will then also interface with this
printing system to check printer status. You have not gotten that far,
however.

> Many thanks again.
> 
> Richard.
> 
> Willy Offermans wrote:
>> Hello Richard,
>>
>> On Wed, Jan 02, 2008 at 11:19:04PM +0900, Richard Chapman wrote:
>>  
>>> Hi. I have been following another thread describing problems
>>> uploading printer drives - but I think I have a different problem.
>>> In my case I have a Samsung CLP510 colour laser physically connected
>>> to a Centos 5.1 X86-64 Linux box with Samba 3.0251514
>>> (3.0.25b-1.el5_1.4
>>> ).
>>> The Printer is intended to be shared by windows boxes on the network.
>>> I have installed the printer as a "raw" printer - so that windows
>>> clients use their own drivers. In order to get rid of the "Access
>>> Denied" errors in the "Printers and Faxes" status - I have put the
>>> "use client driver" directive into smb.conf.
>>>
>>> I was hoping that I could still install windows printer drivers on
>>> the Linux server so that new windows client machines would not have
>>> to find the driver elsewhere. I can't see any reason why this should
>>> not be possible. I have created the print$ share and the folders
>>> described here:
>>> http://wiki.samba.org/index.php/Samba_as_a_print_server
>>>
>>> It looks like some parts of this wiki are rather incomplete.
>>>
>>> The printer wor

[Samba] Embedded samba 2.0.26 problems

[Yan Seiner]

I've built an embedded version of samba 3.0.26b.

I'm having a problem getting it started, though - it fails to start.  A 
bit of tracing and I *think* it's failing to find secrets.tdb.


strace is showing smbd dying after failing to find secrets.tdb - in the 
wrong place.  I think the script below should take care of that, but for 
some reason it's looking for secrets\.tbd in the build tree and not in 
the embedded fs tree


Can anyone more experienced in building samba perhaps look to see where 
I'm going wrong?


Thanks.

Here's the guts of the build script:

   ./autogen.sh; \
   $(TARGET_CONFIGURE_OPTS) \
   $(TARGET_CONFIGURE_ARGS) \
   samba_cv_HAVE_GETTIMEOFDAY_TZ=yes \
   samba_cv_USE_SETREUID=yes \
   samba_cv_HAVE_KERNEL_OPLOCKS_LINUX=yes \
   samba_cv_HAVE_KERNEL_OPLOCKS_LINUX=no \
   SMB_BUILD_CC_NEGATIVE_ENUM_VALUES=yes \
   libreplace_cv_READDIR_GETDIRENTRIES=no \
   libreplace_cv_READDIR_GETDENTS=no \
   linux_getgrouplist_ok=no \
   samba_cv_REPLACE_READDIR=no \
   samba_cv_HAVE_WRFILE_KEYTAB=no \
   ./configure \
   --target=$(GNU_TARGET_NAME) \
   --host=$(GNU_TARGET_NAME) \
   --build=$(GNU_HOST_NAME) \
   --with-lockdir=/var/cache/samba \
   --with-piddir=/var/run \
   --with-privatedir=/etc/samba \
   --with-logfilebase=/var/log/samba \
   --with-configdir=/etc/samba \
   --without-ldap \
   --without-libaddns \
   --with-included-popt \
   --with-included-iniparser \
   --with-smbmount \
   --disable-cups \
   --disable-static \
   );

   mkdir -p $(PKG_INSTALL_DIR)/usr/share/samba
   mkdir -p $(PKG_INSTALL_DIR)/var/log
   $(MAKE) -C $(PKG_BUILD_DIR)/source \
   prefix="$(PKG_INSTALL_DIR)/usr" \
   BASEDIR="$(PKG_INSTALL_DIR)/usr" \
   BINDIR="$(PKG_INSTALL_DIR)/usr/bin" \
   SBINDIR="$(PKG_INSTALL_DIR)/usr/bin" \
   LIBDIR="$(PKG_INSTALL_DIR)/usr/lib" \
   VARDIR="$(PKG_INSTALL_DIR)/var/log/samba" \
   MANDIR="$(PKG_INSTALL_DIR)/usr/share/man" \
   PRIVATEDIR="$(PKG_INSTALL_DIR)/etc/samba" \
   SWATDIR="$(PKG_INSTALL_DIR)/usr/swat" \
   LOCKDIR="$(PKG_INSTALL_DIR)/var/run/samba" \
   SAMBABOOK="$(PKG_INSTALL_DIR)/usr/swat/using_samba" \
   CODEPAGEDIR="$(PKG_INSTALL_DIR)/usr/share/samba" \
   installservers installbin installcifsmount

Samba dies with:

open("/data/home/yan/openwrt/trunk/build_dir/mipsel/samba-3.0.26a/ipkg-install/etc/samba/secrets.tdb", 
O_RDWR|O_CREAT|O_LARGEFILE, 0600) = -1 ENOENT (No such file or directory)

brk(0x55aa2000) = 0x55aa2000
brk(0x55aa3000) = 0x55aa3000
ioctl(2147483647, TIOCNXCL, 0x7fff7520) = -1 EBADF (Bad file descriptor)
brk(0x55aa4000) = 0x55aa4000
time(NULL)  = 1199373424
open("/etc/TZ", O_RDONLY)   = -1 ENOENT (No such file or 
directory)

time(NULL)  = 1199373424
open("/etc/TZ", O_RDONLY)   = -1 ENOENT (No such file or 
directory)
open("/etc/TZ", O_RDONLY)   = -1 ENOENT (No such file or 
directory)
open("/etc/TZ", O_RDONLY)   = -1 ENOENT (No such file or 
directory)

geteuid()   = 0
fstat64(5, {st_mode=S_IFREG|0644, st_size=2335, ...}) = 0
ioctl(2147483647, TIOCNXCL, 0x7fff7510) = -1 EBADF (Bad file descriptor)
write(5, "[2008/01/03 15:17:04, 0] passdb/"..., 59) = 59
geteuid()   = 0
ioctl(2147483647, TIOCNXCL, 0x7fff71a8) = -1 EBADF (Bad file descriptor)
write(5, "  Failed to open /data/home/yan/"..., 112) = 112
fork()  = 578
--- SIGCHLD (Child exited) @ 0 (0) ---
exit(0) = ?
Process 577 detached
[EMAIL PROTECTED]:/#

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Fedora configuration options

[Deas, Jim]

Can anyone tell me where to find the original config options used by the
Fedora team to build this package?
I want to add the pam and ldap options. I have downloaded the complete
samba package from the Fedora website. This package included all the
patch files but I have yet to find a document that shows the options
used by the fedora team to set all the directories and options.
After adding the ldap and pam development stuff, I can compile and
execute the program but I still am having troubles with ldap
authentication.
Before I go further down this trail I just want to clean up the compile
by using the confirmed original config options along with my additions
for ldap/pam
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Using "include" for shares between servers

[Roach, Duane]

Roel writes: 

> You could also move the smb-XXX.conf in or out of place, or rename
them, 
> based on whether or not that particular server is active.  The
included file 
> does not *need* to be present, it is only used if it is there.

I have been testing moving a smb-hatest.conf (net bios name =
SAMBAHATEST) in and out that is controlled by the HA software.  While
the smb-hatest.conf share (HA_Test)) becomes available I do have a
problem.  The original smb.conf (net bios name = SAMBATEST) is no longer
available.  When I try and map a drive to it show that it is not
associated with a domain.

Is it possible that the last entry in wins and that the others are over
written?  Both conf file have the realm and domains listed the same.

Duane
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Migrate Windows 2000 (Active Directory Integrated) Domain to Samba

[Charles Marcus]

I read everywhere about migrating an NT4 domain, but nowhere says you 
can do the same with a Windows 2000 (NOT mixed mode) domain...


This client does NOT currently use AD for anything special (GPO, etc).

Is this possible? Advised?

--

Best regards,

Charles
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Rename Samba Domain?

[Charles Marcus]

Is it possible? Is it advised? Is there a 'right way'?

Thanks,

--

Best regards,

Charles
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: Re: [Samba] Another Uploading Printer drivers problem.

[Richard Chapman]

Hi Willy, Dale, Ryan and others

Many thanks for hte feedback. I had read the man samba.conf section on 
"use client driver" - but I interpreted the "MUST not be enabled when 
valid printer drivers are loaded on the Samba server" to mean the case 
where the drivers were "loaded on and RUNNING on the server" as opposed 
to "loaded on the server simply to allow them to be loaded onto the 
windows box". These are presumably different cases - and it is clearly 
desirable to upload the drivers on the server JUST for download to the 
windows box even when (especially when) the drivers are running on the 
client side.


I have tried removing the directive - and I immediately get back the 
"access denied" status in the windows printers and faxes window, just as 
the man pages suggest I should. Since removing the directive (and 
restarting samba) I have tried again to upload the drivers - but the 
result is the same. It goes through the motions - and doesn't give an 
error - but still uploads to the c:\windows..  on the client rather than 
the print$ share on the samba server.


Thanks for your references too Dale - but my "Access Denied" error is 
seen on the printer and fax status window - rather than when trying to 
upload drivers. I do not get any errors when uploading the drivers. They 
just go to the wrong place. No doubt when I get them going to the right 
place - I may then need to resolve the privileges issue. I will however 
have a good browse of the howto link you provided.


I guess it does appear that the "use client driver" is preventing me 
from uploading the drivers. Can anyone suggest the best way around this? 
There are a few linux drivers around for the printer - but they all seem 
to have problems. Can I install a linux driver - but not use it and 
still use the windows client side drivers. Will this overcome my problem 
- and allow me to upload the Windows drives to the linux share?


Alternatively - can I run the system with a "raw" mode linux printer - 
but avoid the "use client driver". Is there some other way to get rid of 
"access denied" errors - or can I just ignore them? In this case - with 
no linux driver installed - can I still upload windows printer drivers?


One simple question you may be able to answer: Is it the presence of the 
"use client driver" directive or the absence of the linux driver which 
prevents me from uploading? My tests today suggest the latter.


Many thanks again.

Richard.








Willy Offermans wrote:

Hello Richard,

On Wed, Jan 02, 2008 at 11:19:04PM +0900, Richard Chapman wrote:
  
Hi. I have been following another thread describing problems uploading 
printer drives - but I think I have a different problem.
In my case I have a Samsung CLP510 colour laser physically connected to 
a Centos 5.1 X86-64 Linux box with Samba 3.0251514 (3.0.25b-1.el5_1.4 
). 
The Printer is intended to be shared by windows boxes on the network. I 
have installed the printer as a "raw" printer - so that windows clients use 
their own drivers. In order to get rid of the "Access Denied" errors in the 
"Printers and Faxes" status - I have put the "use client driver" directive 
into smb.conf.


I was hoping that I could still install windows printer drivers on the 
Linux server so that new windows client machines would not have to find 
the driver elsewhere. I can't see any reason why this should not be 
possible. I have created the print$ share and the folders described here:

http://wiki.samba.org/index.php/Samba_as_a_print_server

It looks like some parts of this wiki are rather incomplete.

The printer works fine from the clients now (if I provide the client 
driver elsewhere) - but I cannot get the drivers to load on the server.


If I browse the network - from a windows client - and select the 
properties of the printer within the "Printers and Faxes" folder - then 
select "Advanced", and then select "New Driver" - it starts the "Add 
Printer driver" wizard. I can select the driver I want and "Finish" the 
wizard - but it uploads the driver to the 
/windows/system32/spool/drivers folder on the local client rather than 
the server.


Can anyone tell me if I am doing something wrong - or if there is 
something wrong with my configuration which prevents me from uploading 
the driver to the server?


Many thanks.

Richard.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba



If I recall correctly, then the "use client driver" directive prohibits
the up-/download of printer drivers from the server. Please search the
net to be 100% sure. I remember there was a hint about the issue in
`man smb.conf`:


  use client driver (S)



 If  this  parameter is enabled for a printer, then any attempt to
 open the printer  with  the  PRINTER_ACCESS_ADMI

[Samba] printers stop working

[armin walland]

hi!

we seem to have a weird problem with our samba server and i hope somebody can 
point me in the right direction to find the cause of this problem


setup:
smbAT02:~# uname -a
Linux smbAT02 2.6.18-5-amd64 #1 SMP Sat Dec 22 20:43:59 UTC 2007 x86_64 
GNU/Linux
.) the OS is debian stable (etch)
.) samba version is 3.0.24-6etch9
.) the server has 8GB of RAM, 2 quad core intel cpus, about 1.5 TB of user 
data and between 40 and 100 concurrent users.

we use CUPS as printing backend and in general everything is working just fine 
but since we initially installed the server about 1 month ago we had 3 
incidents where printing on one of the configured network printers 
(configured as RAW printers in cups) just stopped working. the windows 
clients just displayed an 'access denied' message. printing directly via CUPS 
worked so we figured the problem must be samba.

please take a look at this (HPCLJ4600 was working, HPCLJ4700 was not):

# smbclient smbat02\\HPCLJ4600 -U username
Password:
Domain=[FOCUS-AT-01] OS=[Unix] Server=[Samba 3.0.24]
smb: \> print /exports/samba/home/username/test.txt
putting file /exports/samba/home/username/test.txt as test.txt-9135 (2.7 kb/s) 
(average 2.7 kb/s)
smb: \> exit

# smbclient smbat02\\HPCLJ4700 -U username
Password:
Domain=[FOCUS-AT-01] OS=[Unix] Server=[Samba 3.0.24]
smb: \> print /exports/samba/home/username/test.txt
NT_STATUS_DISK_FULL opening remote file test.txt-9160

the [printers] section from smb.conf looks like this:

[printers]
comment = Printers
path = /tmp
browseable = No
printable = Yes
guest ok = Yes

during all this there was plenty of space left on /tmp and also 
on /var/cache/samba/printing where the tdb files reside so i really don't get 
the DISK_FULL error message. 

the problem turned out to be solvable by removing or renaming the 
corresponding printer's tdb file. the funny thing is, that the tdb files seem 
completely ok:

(HPCLJ4700.tdb.bak is the one with which printing did not work)

# tdbbackup -v HPCLJ4700.tdb.bak
HPCLJ4700.tdb.bak : 1007 records

# tdbbackup -v HPCLJ4700.tdb
HPCLJ4700.tdb : 634 records

the same with a different printer:
# tdbbackup -v HPLJ9050.tdb.bak
HPLJ9050.tdb.bak : 1009 records

# tdbbackup -v HPLJ9050.tdb
HPLJ9050.tdb : 54 records

we are using mostly windows 2000 and some windows XP client machines.
big thanks in advance for any ideas that could help me resolve that...3 broken 
printers in about a month is really not too good.

are there any limits on filesizes or maximum records that can be in a 
printer's tdb file? any other ideas what could have caused this?

-- 
best rgds, armin walland

focus market research
IT :: development, administration
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Name Resolution (Network Browsing) in Samba4 server with Vista Client?

[Timothy Bisson]

Hello,

I'm trying to get a samba4 server to show up while "network browsing"  
on a Vista client, but with no success. I've scoured the web and tried  
many things, but most documentation is for samba3. I can however mount  
the samba4 share using it's UNC path, but I really want netbios name  
resolution to work.


With samba 3.0.28, as soon as I start smbd and nmbd, I can view my  
samba server through Network Browsing.


Does Samba4 support name resolution?
-If so, how would one configure samba4 to do so?
-If not, what I really want is SMB2 support. How much effort would it  
take to backport smb2 to samba 3.2? Would the best approach be to  
incorporate the smb_server/smb2 code into samba3/smbd code, or to  
completely replace the samba3/smbd code with the samba4/smbd and  
samba4/smb_server code?


I'm not really sure what else to try so any suggestions are greatly  
appreciated.


Thanks, Tim

Here is my setup
--

I checked out Samba_4_0 build 26646. I'm using parallels with vista as  
one virtual machine and ubuntu 7.04 as another virtual machine. Both  
are on the same subnet. The workgroup name on the vista box is  
WORKGROUP.


From looking at ethereal output on the vista box, it looks like  
samba4 isn't broadcasting itself as a server, so the vista client  
isn't seen the samba, if that makes any sense.


samb3 smb.conf configuration file:
[globals]
   netbios name= TIM-DESKTOP
   workgroup   = WORKGROUP
   security = share
   domain master = yes
   wins support = yes
   public = yes
   browseable = yes

[public]
   path = /home/tim/public
   browseable = yes
   public = yes
   read only = no


samba4 smb.conf:
[globals]
   netbios name= TIM-DESKTOP
   workgroup   = WORKGROUP
   realm   = WORKGROUP
   server role = domain controller
   security = share
   server max protocol = smb2
   wins support = yes
   local master = yes
   preferred master = yes
   dcerpc endpoint servers = epmapper samr lsarpc netlogon rpcecho
   lanman auth=yes
   use spnego = yes
   name resolve order = wins lmhosts hosts bcast
   browseable = yes
   auto services = yes

[netlogon]
   path = /root/svnsamba/var/locks/sysvol/workgroup/scripts
   read only = no

[sysvol]
   path = /root/svnsamba/var/locks/sysvol
   read only = no

[public]
   path = /home/tim/public
   browseable = yes
   read only = no


the provsioning step
$./setup/provision  --realm=WORKGROUP --adminpass=wyo123 -- 
domain=WORKGROUP  --server-role='domain controller'


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba PDC Ldap integration

[Mike Eggleston]

On Thu, 03 Jan 2008, Andy might have said:

> Hello all
> 
> I have set up a Debian etch server with a samba and ldap integration.
> 
>domain master = yes
>domain logons = yes
>os level = 33
>preferred master = yes
>local master = yes
>passdb backend = ldapsam:ldap://localhost/
> 
>ldap admin dn = cn=admin,dc=test,dc=net
> 
>ldap suffix =dc=test,dc=net
>ldap user suffix = ou=users
>ldap machine suffix = ou=machines
>ldap group suffix = ou=groups
> 
>ldap password sync = yes
> 
> I have added the machine into LDAP as a samba 3 machine.
> I have added a user to the domain admins group.
> 
> When I try to connect a PC to the domain a error message pops up saying "the
> following error occurred attempting to join the domain "test": The specific
> network name is no longer available"
> 
> Would some know the cause of this?

I don't have any data on a possible cause. My portions of the config for this 
are:

workgroup = MYDOMAIN
netbios name = smbhost
netbios aliases = loghost, mailhost, backuphost, ldaphost
server string = Samba Server (%h)
logon drive = H:
logon home = \\%h\%U
logon path = \\%h\profiles\%U
logon script = logon.bat
ldap delete dn = Yes
ldap suffix = dc=MYDOMAIN,dc=com
ldap admin dn = cn=manager,dc=MYDOMAIN,dc=com
ldap user suffix = ou=people
ldap group suffix = ou=groups
ldap machine suffix = ou=machines
ldap ssl = off
ldapsam:trusted = Yes
ldap timeout = 15
utmp directory = /var/run
wtmp directory = /var/log
utmp = Yes

encrypt passwords = Yes
password level = 0
password server = ldaphost.MYDOMAIN.com
passdb backend = ldapsam:ldap://ldaphost.MYDOMAIN.com
ldap passwd sync = Yes
unix password sync = No
passwd program = /usr/sbin/smbldap-passwd %u
#pam password change = Yes
passwd chat = "Changing * password*for*\nNew password*" %n\n "*Retype new 
password*" %n\n
passwd chat debug = Yes
#client use spnego = No
#use spnego = No

os level = 66
preferred master = Yes
local master = Yes
domain master = Yes
domain logons = Yes
allow trusted domains = Yes

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba Share only works when NFS exported to another machine?

[Paul Hobbs]

Hi,

We have an Areca ARC-1170 SATA RAID Controller with 6 x 1TB Seagate
Barracuda ST31000340NS drives.
These drives are configured as a raid 5 (giving a total of 4.5 TB ext3
filesystem) we have used the
64bit LBA option because our array is greater than 2TB.

This all works fine until we try to use it as a Samba share, when we try to
access the share it does
not allow access, however if we NFS export the 4.5TB filesystem to another
machine and then create the
Samba share on the other machine it works fine. Has anyone seen this before
or have any idea as to what
could be causing this problem?

Many Thanks

Paul

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba