Re: [Samba] Getting info from Windows AD 2003 domain
On Friday 27 June 2008 23:08:31 Brian Campbell wrote: > I have samba set up and installed on a ubuntu server with winbind running > and joined to the domain. I can successfully return a list of all users > (wbinfo -u) and all groups (wbinfo -g) from the domain. My question is > this: Is it possible (and if so how) to use wbinfo to retrieve a list of > users for a specific group only (as opposed to the whole domain users > listed with the -u option)? Stated another way I would like to get the > members of a Windows group called foo through the use of samba and put > those users into a list on the linux side. Suggest you check out chapter 7 of Samba3-ByExample. Email me direct if this does not satisfy your needs. http://www.samba.org/samba/docs/Samba3-ByExample.pdf Cheers, John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba "Preferred Platform"
On Friday 27 June 2008 23:10:55 William W. Hammond wrote: > I have set up several OpenSuSE 10.3 File Servers... > > These are small environments, 5 - 15 workstations. > > They are purely File (and possibly Application) Servers > > All are AMD64. > > Since the Servers only purpose in life is to support Samba. > > 1.) Is there a platform Linux/Unix, where Samba is better supported...? OpenSUSE is OK. Red Hat Fedora or Ubuntu Server will work just as well. It's all a matter of how well you set things up and manage them. > 2.) Does Samba utilize a 64 bit environment, or is it better to > install 32 bit for compatibility..? Samba is 64-bit enabled. On OpenSUSE, Red Hat Fedora, Ubuntu 8.04 64-bit OS installations Samba is capable of running as a full 64-bit application. > > A GUI is nice, I can get around in the CLI, but by no means am I > proficient. So long as your Samba PDC is correctly configured, user and group administration can be done from a MS Windows client using: a) The NT4 Domain User Manager Note: Some things (like user rights and privilege management) will no longer work from a Windows 2000/2003/XPPro/Vista client using this old NT4 tool. b) The LDAP Admin tool See: http://ldapadmin.sourceforge.net/ If you follow the implementation of Samba3-ByExample, chapter 4 or 5, you will be able to use the above tools to manage your Samba network. Some things will need to be done from the CLI, that is life! I hope this answers your questions/concerns. Cheers, John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba "Preferred Platform"
I have set up several OpenSuSE 10.3 File Servers... These are small environments, 5 - 15 workstations. They are purely File (and possibly Application) Servers All are AMD64. Since the Servers only purpose in life is to support Samba. 1.) Is there a platform Linux/Unix, where Samba is better supported...? 2.) Does Samba utilize a 64 bit environment, or is it better to install 32 bit for compatibility..? A GUI is nice, I can get around in the CLI, but by no means am I proficient. Performance Technology Systems Design "Never Promise more than you can deliver... Always Deliver more than you promise.." -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Getting info from Windows AD 2003 domain
I have samba set up and installed on a ubuntu server with winbind running and joined to the domain. I can successfully return a list of all users (wbinfo -u) and all groups (wbinfo -g) from the domain. My question is this: Is it possible (and if so how) to use wbinfo to retrieve a list of users for a specific group only (as opposed to the whole domain users listed with the -u option)? Stated another way I would like to get the members of a Windows group called foo through the use of samba and put those users into a list on the linux side. Thanks, Brian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC: Vmware Problem
would interfaces = eth0 x.x.x.x hosts deny = ALL hosts allow = x.x.x.x 127.0.0.1 in your smb.conf work? On Sat, 28 Jun 2008 00:21:20 +0530 "Go Wow" <[EMAIL PROTECTED]> wrote: > Heya All > > I'm having a Samba PDC on Centos machine from past 4-5 months > everything went one coolly untill I installed vmware on this same > machine to put a new server, as the hardware of the computer was very > good to support it. No worried with the vmware even both the servers > are running properly. > > My Samba was set to use Interface eth0 with ip 192.168.50.56 . Upon > installation the Vmware installed two new interface called vmnet0 > having the ip 192.168.219.1 and vmnet8 having the ip 172.16.237.1. > Now when my client computers try to contact the samba server there > are requesting either of these 2 interfaces for replies. Which I dont > want them to do. I want the client computers to request all the samba > stuff requests to 192.168.50.56and not to anyother IP's. How do I > achieve this? > > As a solution to the problem I tried to add in hosts file of the > client computer (WINXP) the domain name and the ip of the samba > server ( 192.168.50.56) but it didnt work. Anyone any idea to how to > make it it. > > Because of this sometimes the roaming profiles are getting loaded and > sometimes there are not. Thats a big risk I'm facing. > > Please help. Thanks for your support. > > Regards > Misbah -- Chris Jeter Senior IT Technician The World Company 785.312.6911 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC: Vmware Problem
sorry typed that on the phone, you wouldn't need the hosts allow and hosts deny entries. On Sat, 28 Jun 2008 00:21:20 +0530 "Go Wow" <[EMAIL PROTECTED]> wrote: > Heya All > > I'm having a Samba PDC on Centos machine from past 4-5 months > everything went one coolly untill I installed vmware on this same > machine to put a new server, as the hardware of the computer was very > good to support it. No worried with the vmware even both the servers > are running properly. > > My Samba was set to use Interface eth0 with ip 192.168.50.56 . Upon > installation the Vmware installed two new interface called vmnet0 > having the ip 192.168.219.1 and vmnet8 having the ip 172.16.237.1. > Now when my client computers try to contact the samba server there > are requesting either of these 2 interfaces for replies. Which I dont > want them to do. I want the client computers to request all the samba > stuff requests to 192.168.50.56and not to anyother IP's. How do I > achieve this? > > As a solution to the problem I tried to add in hosts file of the > client computer (WINXP) the domain name and the ip of the samba > server ( 192.168.50.56) but it didnt work. Anyone any idea to how to > make it it. > > Because of this sometimes the roaming profiles are getting loaded and > sometimes there are not. Thats a big risk I'm facing. > > Please help. Thanks for your support. > > Regards > Misbah -- Chris Jeter Senior IT Technician The World Company 785.312.6911 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba and anti-virus
Hi all Someone knows some interface to backend ClamAV anti-virus, and working with samba? I know the OpenAntivirus Project, that has vscan-samba. But this software don't working with newest version of samba. Well, at a least, I don't get this work in newest version. Someone knows other project? Thanks a lot Regards... -- Atenciosamente --- Gilberto Nunes MSN: [EMAIL PROTECTED] Fones: 47-3348-8020 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] samba and AD integration, Two questions
Nevermind, it would just be the Kerberos lifetimes of the tickets as set /etc/krb5.conf Thanks again, I tested it as per the webpage and it works... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Taylor Lewick Sent: Friday, June 27, 2008 1:25 PM To: Jeremy Allison Cc: samba@lists.samba.org Subject: RE: [Samba] samba and AD integration, Two questions Thank you, any idea how long it will cache the login info? -Original Message- From: Jeremy Allison [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2008 3:02 PM To: Taylor Lewick Cc: samba@lists.samba.org Subject: Re: [Samba] samba and AD integration, Two questions On Wed, Jun 25, 2008 at 12:06:06PM -0500, Taylor Lewick wrote: > Hi all. I've set up a test SuSe 10.2 linux machine that is > authenticating against our active directory. Right now we just create > users in AD, and then they can login to the unix box and using > pam_mkhomedir. We don't add users to the /etc/passwd file, in fact, if > you try and add a user using useradd -m once they've been setup in AD, > you get a message saying account already exists. > > So Kerberos, AD, Samba, PAM and Winbind are all working. > > Right now, if a user logins to the linux box for the first time using > ssh, it creates their home directory. Perfect. > > But I do have two questions. > > If they login to the box by mounting the samba share via windows, i.e. > \\servername\share two directories are created. One for their AD > username, and one for the machine name of their PC. Its not a big deal, > but is there a way to disable or stop it from creating the machine name > directory? We won't ever use that directory. > > Second, if for any reason we did lose connectivity to our domain > controllers, no one could login to the Linux box since there are no > accounts in /etc/passwd. So is there a way to set it up so that if the > linux machine can't talk to the domain controller, then someone could > still login to the box? Check out the "winbind offline logon" parameter for details on this : http://wiki.samba.org/index.php/PAM_Offline_Authentication Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba and AD integration, Two questions
On Fri, Jun 27, 2008 at 01:25:06PM -0500, Taylor Lewick wrote: > Thank you, any idea how long it will cache the login info? Like Windows, it will cache the logon info until it goes online again. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Replacing Samba with a new one
Dear all, I currently have an old machine running SuSE 8.1 and Samba (as installed out of the box) setup and working as a windows domain for a set of WinXP SP2 machines. Everything is working just splendid except that I am Running out of space on it because it has a 40GB drive. Recently I have been instructed to switch the machine's hard-disk with a brand new one which will be ofcourse larger in size to the 40GB capacity that the current one is. I am also thinking of reinstalling a fresh and brand-new installation of SuSE's latest version with the samba that comes with it. My question is how will I go about doing such a "switch" in order for the computers of the network NOT to undergo re-joining of Windows domain etc and to transfer all the files and users one-to-one to the new machine? The end of the task is for the users to switch on their WinXP computers and realize NO change at all, find their files in their homes directories etc, with the exception that their network space has increased. Any good suggestions? Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba PDC: Vmware Problem
Heya All I'm having a Samba PDC on Centos machine from past 4-5 months everything went one coolly untill I installed vmware on this same machine to put a new server, as the hardware of the computer was very good to support it. No worried with the vmware even both the servers are running properly. My Samba was set to use Interface eth0 with ip 192.168.50.56 . Upon installation the Vmware installed two new interface called vmnet0 having the ip 192.168.219.1 and vmnet8 having the ip 172.16.237.1. Now when my client computers try to contact the samba server there are requesting either of these 2 interfaces for replies. Which I dont want them to do. I want the client computers to request all the samba stuff requests to 192.168.50.56and not to anyother IP's. How do I achieve this? As a solution to the problem I tried to add in hosts file of the client computer (WINXP) the domain name and the ip of the samba server ( 192.168.50.56) but it didnt work. Anyone any idea to how to make it it. Because of this sometimes the roaming profiles are getting loaded and sometimes there are not. Thats a big risk I'm facing. Please help. Thanks for your support. Regards Misbah -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] samba and AD integration, Two questions
Thank you, any idea how long it will cache the login info? -Original Message- From: Jeremy Allison [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2008 3:02 PM To: Taylor Lewick Cc: samba@lists.samba.org Subject: Re: [Samba] samba and AD integration, Two questions On Wed, Jun 25, 2008 at 12:06:06PM -0500, Taylor Lewick wrote: > Hi all. I've set up a test SuSe 10.2 linux machine that is > authenticating against our active directory. Right now we just create > users in AD, and then they can login to the unix box and using > pam_mkhomedir. We don't add users to the /etc/passwd file, in fact, if > you try and add a user using useradd -m once they've been setup in AD, > you get a message saying account already exists. > > So Kerberos, AD, Samba, PAM and Winbind are all working. > > Right now, if a user logins to the linux box for the first time using > ssh, it creates their home directory. Perfect. > > But I do have two questions. > > If they login to the box by mounting the samba share via windows, i.e. > \\servername\share two directories are created. One for their AD > username, and one for the machine name of their PC. Its not a big deal, > but is there a way to disable or stop it from creating the machine name > directory? We won't ever use that directory. > > Second, if for any reason we did lose connectivity to our domain > controllers, no one could login to the Linux box since there are no > accounts in /etc/passwd. So is there a way to set it up so that if the > linux machine can't talk to the domain controller, then someone could > still login to the box? Check out the "winbind offline logon" parameter for details on this : http://wiki.samba.org/index.php/PAM_Offline_Authentication Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Solaris blastwave.org Version 3.0.23b doesn't read new information from /etc/passwd and /etc/group
Hi, How would I make samba re-read group and user information? Is there a .tdb file that needs to be deleted? I have recently added more supplementary groups for a user in /etc/group, but the information isn't coming through in the logs, all I get is this: [2008/06/27 07:51:24, 5] auth/auth_util.c:(474) UNIX token of user 11001 Primary group is 11000 and contains 0 supplementary groups There should definitely be more than 0 supplementary groups. e.g. # grep 11001 /etc/passwd bob:x:11001:11000::/home/bob:/bin/bash # grep bob /etc/group everyone_otl::11000:bob operators_otl::11002:bob svneditors_otl::11003:bob Cheers -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Windows 2008 + FreeBSD 7.0 & Samba
Hello good people, I'm in a need of your help, authenticating samba users through AD. I'm running samba 3.0.28 on FreeBSD 7.0 i386. Also Windows 2008 Enterprise server. When I try to join the domain I get an error message "Failed to join domain: Improperly formed account name" here is my smb.conf file: [global] workgroup = LAB realm = setup.net server string = SambaServer security = ads logon path = \\samba\home\share\%U guest account = pcguest log file = /var/log/samba/log.%m max log size = 50 password server = safad.setup.net allow trusted domains = yes auth methods= guest sam winbind available = yes realm = SETUP.NET passdb backend = tdbsam socket options = SO_RCVBUF=8192 SO_SNDBUF=8192 local master = no os level = 33 domain master = no preferred master = no domain logons = no ldap admin dn = cn=root,dc=lab,dc=net logon script = %U.bat logon path = \\%L\Profiles\%U wins server = safad.setup.net wins proxy = no winbind uid = 1-2 winbind gid = 1-2 winbind separator = / winbind use default domain = yes dns proxy = no display charset = koi8-r unix charset = koi8-r dos charset = cp866 store dos attributes = yes map hidden = no map system = no map archive = no nt acl support = yes inherit acls = yes map acl inherit = yes add user script = /usr/sbin/useradd %u AND my "net ads join -U Administrator -d 10 %net ads join -U Administrator -d 10 [2008/06/27 09:09:42, 5] lib/debug.c:debug_dump_status(391) INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 acls: False/0 locking: False/0 msdfs: False/0 dmapi: False/0 [2008/06/27 09:09:42, 3] param/loadparm.c:lp_load(5031) lp_load: refreshing parameters [2008/06/27 09:09:42, 3] param/loadparm.c:init_globals(1430) Initialising global parameters [2008/06/27 09:09:42, 3] param/params.c:pm_process(572) params.c:pm_process() - Processing configuration file "/usr/local/etc/smb.conf" [2008/06/27 09:09:42, 3] param/loadparm.c:do_section(3770) Processing section "[global]" doing parameter workgroup = LAB doing parameter realm = setup.net doing parameter server string = SambaServer doing parameter security = ads doing parameter logon path = \\samba\home\share\%U doing parameter guest account = pcguest doing parameter log file = /var/log/samba/log.%m doing parameter max log size = 50 doing parameter password server = safad.setup.net doing parameter allow trusted domains = yes doing parameter auth methods = guest sam winbind doing parameter available = yes doing parameter realm = SETUP.NET doing parameter passdb backend = tdbsam doing parameter socket options = SO_RCVBUF=8192 SO_SNDBUF=8192 doing parameter local master = no doing parameter os level = 33 doing parameter domain master = no doing parameter preferred master = no doing parameter domain logons = no doing parameter ldap admin dn = cn=root,dc=lab,dc=net doing parameter logon script = %U.bat doing parameter logon path = \\%L\Profiles\%U doing parameter wins server = safad.setup.net doing parameter wins proxy = no doing parameter winbind uid = 1-2 doing parameter winbind gid = 1-2 doing parameter winbind separator = / doing parameter winbind use default domain = yes doing parameter dns proxy = no doing parameter display charset = koi8-r [2008/06/27 09:09:42, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UCS-2LE [2008/06/27 09:09:42, 5] lib/iconv.c:smb_register_charset(113) Registered charset UCS-2LE [2008/06/27 09:09:42, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UTF-16LE [2008/06/27 09:09:42, 5] lib/iconv.c:smb_register_charset(113) Registered charset UTF-16LE [2008/06/27 09:09:42, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UCS-2BE [2008/06/27 09:09:42, 5] lib/iconv.c:smb_register_charset(113) Registered charset UCS-2BE [2008/06/27 09:09:42, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UTF-16BE [2008/06/27 09:09:42, 5] lib/iconv.c:smb_register_charset(113) Registered charset UTF-16BE [2008/06/27 09:09:42, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UTF8 [2008/06/27 09:09:42, 5] lib/iconv.c:smb_register_charset(113) Registered charset UTF8 [2008/06/27 09:09:42, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UTF-8 [2008/06/27 09:09:42, 5] lib/iconv.c:smb_register_charset(113) Registered charset UTF-8 [2008/06/27 09:09:42, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset ASCII [2008/06/27 09:09:42, 5] lib/iconv.c:smb_r
[Samba] Re: Help needed. Samba 3.2.0rc2 - IDMAP - Windows 2008 Server - ADS Integration - Winbind
Hi again, On Fri, 2008-06-27 at 13:31 +0200, Samba-Liste wrote: > Hi, > > I read at least 100 different documentations during the last week and > didn't get it. So I decided to ask the list for help :) > - the problem is solved now. I found this in the logs on linux-side: log.winbindd: Error loading module '/usr/lib/samba/nss_info/rfc2307.so': /usr/lib/samba/nss_info/rfc2307.so: cannot open shared object file: No such file or directory - which took me to this message of Jerry Carter: http://lists.samba.org/archive/samba/2008-April/140030.html - So I went to /usr/lib/samba - created the nss_info directory - in there I made a symbolic link rfc2307.so to ../idmap/ad.so - restarted samba and winbind and all is fine I'll contact the maintainer of the debian experimental samba 3.2.0 packages. Maybe he can fix this in the build description. Jerry, thanks for all your magic posts :) best regards Daniel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Test
On Friday 27 June 2008 07:29:02 Gilberto Nunes wrote: > It's just a test. > > If someone can reply, thanks! > > > > -- > Esta mensagem foi verificada pelo sistema de antivírus e > acredita-se estar livre de perigo. Looks like you passed the test. - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] parsing smb.conf in a script (adding, removing, changing values)?
What do you use to parse smb.conf files in a somehow automated/scripted manner? Let's say this is a part of smb.conf: [homes] valid users = user1, user2 [data] valid users = user1, user2 And we want to add "user3" to "valid users" in [homes]. How would you do it? Is there a tool which basically does: # smb-conf-parser [action] [section] [key] [value] For example, add "user3" to "valid users" in [homes] would be: # smb-conf-parser add homes "valid users" user3 Removing "user1" from "valid users" in [data] would be: # smb-conf-parser del data "valid users" user1 ? -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Best Resource for Windows ACL Mapping
eric wrote: Hi, Do you use acl FS ? Derrick. Yes. ext3 mounted with acl support. Andy Liebman a écrit : Can anyone recommend a good "how to" for mapping Windows ACLs onto a Samba Share? I have a very specific Windows permission setting that I'm trying to create and I can't quite figure out how to do it. In specific, I'm using an application that doesn't respond optimally to read only files unless the Security settings come up with just the following "Advanced" properties: List Folder/Read Data Yes Read Attributes Yes Read Extended Attributes Yes Read Permissions Yes Everything else must be unchecked. This is my observation from seeing how the application deals with Read Only files on a local NTFS filesystem. My assumption is that I must recreate the exact same permission on files stored on the Samba share. Ideally, somebody has a chart that displays in one column "desired Windows ACLS" and in a second column what you have to do to create this with Samba? Andy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba with pam: ad accounts ok, local ones not
Ryan Bair wrote: > > Did you create NT passwords for the local users with smbpasswd -a? > > Also, why is your security setting on share? That seems a bit odd for > AD integration. > > --Ryan > > On Thu, Jun 26, 2008 at 6:06 AM, alex.blackbit > <[EMAIL PROTECTED]> wrote: >> >> hi, >> >> my smb.conf looks like this: >> >>... >>security = share >> >>update encrypted = yes >>encrypt passwords = no >>... >> >> /etc/pam.d/samba: >> >>#%PAM-1.0 >>auth required pam_nologin.so >>auth required pam_stack.so service=system-auth >>accountrequired pam_stack.so service=system-auth >>sessionrequired pam_stack.so service=system-auth >>password required pam_stack.so service=system-auth >> >> >> pam is configured so that local and active directory accounts can login >> (e.g. with ssh). >> samba works correctly with ad accounts, but does not with local accounts. >> what could be the problem? >> >> thanks for the help. >> -- >> View this message in context: >> http://www.nabble.com/samba-with-pam%3A-ad-accounts-ok%2C-local-ones-not-tp18130507p18130507.html >> Sent from the Samba - General mailing list archive at Nabble.com. >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/listinfo/samba >> > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > > in the current setup i have "security = user" and "encrypt passwords = yes", but now i get "NT_STATUS_NO_SUCH_USER" in the client log file on the samba server with "log level = 3" when i try to log in with a PAM account. it seems like PAM stuff does not work this way. what could i have done wrong? and please answer the following question: under which circumstances does a user need to have been added with "smbpasswd -a" ? and under which not? i can still login to the machine directly over pam using both local and remote accounts. thanks for the support let's forget about the local -- View this message in context: http://www.nabble.com/samba-with-pam%3A-ad-accounts-ok%2C-local-ones-not-tp18130507p18154829.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Best Resource for Windows ACL Mapping
Hi, Do you use acl FS ? Derrick. Andy Liebman a écrit : Can anyone recommend a good "how to" for mapping Windows ACLs onto a Samba Share? I have a very specific Windows permission setting that I'm trying to create and I can't quite figure out how to do it. In specific, I'm using an application that doesn't respond optimally to read only files unless the Security settings come up with just the following "Advanced" properties: List Folder/Read Data Yes Read Attributes Yes Read Extended Attributes Yes Read Permissions Yes Everything else must be unchecked. This is my observation from seeing how the application deals with Read Only files on a local NTFS filesystem. My assumption is that I must recreate the exact same permission on files stored on the Samba share. Ideally, somebody has a chart that displays in one column "desired Windows ACLS" and in a second column what you have to do to create this with Samba? Andy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Domain Crontroller migration
On Thu, Jun 26, 2008 at 9:15 AM, Rafael Santos <[EMAIL PROTECTED]> wrote: > My actual server is a Samba-3 PDC with a non-LDAP backend, using smbpasswd. > It has users shares and profiles on it. > Migrating from a old server to a new server what steps? > There is some good information here: http://www.informit.com/articles/article.aspx?p=419048&seqNum=3 > - Keep users and machines (copy smbpasswd file to new server? useradd and > groupadd again?) > copy the /etc/passwd, /etc/shadow, and /etc/group from the old to the new. > > - Keep profile and share permissions > use rsync to sync files after you have the /etc/password ... files the same > > Make the old server as BDC is the best way? > May not be the case in your situation. > What steps to do that without desktop users interaction? > Make sure the SID is the same. And you probably want to set the net bios name and ip address to the same as the old after you have verified that samba works as expected. I would do this on a network (with samba and 1 client) that is not connected to your live network. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Test
It's just a test. If someone can reply, thanks! -- Esta mensagem foi verificada pelo sistema de antivírus e acredita-se estar livre de perigo. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Best Resource for Windows ACL Mapping
Can anyone recommend a good "how to" for mapping Windows ACLs onto a Samba Share? I have a very specific Windows permission setting that I'm trying to create and I can't quite figure out how to do it. In specific, I'm using an application that doesn't respond optimally to read only files unless the Security settings come up with just the following "Advanced" properties: List Folder/Read Data Yes Read Attributes Yes Read Extended Attributes Yes Read Permissions Yes Everything else must be unchecked. This is my observation from seeing how the application deals with Read Only files on a local NTFS filesystem. My assumption is that I must recreate the exact same permission on files stored on the Samba share. Ideally, somebody has a chart that displays in one column "desired Windows ACLS" and in a second column what you have to do to create this with Samba? Andy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Help needed. Samba 3.2.0rc2 - IDMAP - Windows 2008 Server - ADS Integration - Winbind
Hi, I read at least 100 different documentations during the last week and didn't get it. So I decided to ask the list for help :) Unfortunately we have to move to a Windows 2008 Server ADS in our company as this is required for some other projects. But we want to keep our nice 5+ samba-server providing fast 50TB+ of storage. So we have to find a way to nicely integrate the storage with the new ADS installed. Therefor I installed a Testlab consisting of 2 debian etch storage-servers with each 12TB lvm-based storage attached. Also we have 2 MS 2008 Server SP1 as PDC and BDC. Further we have some Windows XP 32 and 64 Bit clients as workstations for testing. Now we setup everything and decided to use samba 3.2.0 as there are some bugs related to W2k8 server are solved. So I build debian packages from experimental for etch an installed them. Then I set up kerberos and samba using "security = ads". Everythings works great. I can get a kerberos ticket with kinit also I can join the ADS with "net ads join -Uadministrator". I set up /etc/nssswitch to use winbind and I can request user information successfully. But now I have to set up shared IDMAP for my samba servers to have the same UIDs and GIDs on all machines. As it would be nice to have all that on the ADS server I tried the following for days without success and that is where I need help: - I installed the "MS Identity Management for Unix" - I added UID, Homedir, Shell and "Default Group" to the AD User - I set "Unix Attr" for my groups - I configured samba to as followed: - snip - [global] workgroup = TESTLAB realm = TESTLAB.COMPANY.COM netbios name = filesrv001 server string = Samba Storage Fileserver 001 (%v) security = ADS idmap domains = BUILTIN, TESTLAB idmap config TESTLAB:backend = ad idmap config TESTLAB:default = yes idmap config TESTLAB:schema_mode = rfc2307 idmap config BUILTIN:backend= tdb idmap config BUILTIN:base_rid = 800 idmap config BUILTIN:range = 800-999 winbind nss info = rfc2307 winbind use default domain = yes winbind nested groups = Yes password server = WIN-RXYDW1KO5DH.testlab.company.com wins server = WIN-RXYDW1KO5DH.testlab.company.com socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 hide unreadable = yes hide dot files = yes unix charset = LOCALE log level = 5 [big_data] comment = Very Big Share path = /SERV browseable = yes guest ok = no valid users = "@STGT\entenhausen" create mask = 660 directory mode = 770 writeable = yes readonly = no force group = "STGT\entenhausen" - snip - - I cleaned /var/run/samba, /var/log/samba, /var/lib/samba - I delete the Join on the ADS - Then I rebooted the Linux-Server, re-joined the ADS - And I can retrieve the user with getent and it has IT UID filesrv001:/var/log/samba# getent passwd tic.tic tic.tic:*:20007:10001::/home/STGT/tic.tic:/bin/false - But the default group, the home-dir and the shell is not right - seems like the values are not retrieved correctly from ADS - also strange: I set up the second storage with the same configs - only changed names - if I retrieve the user-information there - it looks like this getent passwd tic.tic tic.tic:*:20007:1:Tic Tic:/home/STGT/tic.tic:/bin/false - so the default-group is changing - but its still not the value listed in the ADS Any ideas on that? Did I get something completely wrong? I'll now take a closer look to the Win 2008 logfiles and I'll check the communication with tcpdump. But I'm mostly stuck and really could need some hints. Or should I try another solution? IDMAP-RID cannot be used as we are planning a "trust domain" setup Thank you and best regards Daniel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [3.0.28a] Telling XP to save password?
On Fri, Jun 27, 2008 at 6:39 AM, Gilles <[EMAIL PROTECTED]> wrote: > Hello > >We're successfully running Samba 3.0.28a on a FreeBSD server and > sharing files with XP clients. There's only one problem: By default, > XP doesn't let the user save the password, so they have to type it > every time they reboot. > > Is there a way to tell XP to remember the password between > reboots/sessions? > Although this has nothing at all to do with samba and is a huge security risk. Here is a link: http://technet.microsoft.com/en-us/sysinternals/bb963905.aspx John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [3.0.28a] Telling XP to save password?
Hello Gilles, FreeBSD, and Samba friends, On Fri, Jun 27, 2008 at 12:39:46PM +0200, Gilles wrote: > Hello > > We're successfully running Samba 3.0.28a on a FreeBSD server and > sharing files with XP clients. There's only one problem: By default, > XP doesn't let the user save the password, so they have to type it > every time they reboot. > > Is there a way to tell XP to remember the password between > reboots/sessions? > > Thank you. > > -- In general, saving a password isn't a good idea. It is annoying to remember a password by heart and to retype it again and again, but it is the best option. So probably there is a way to ``tell XP to remember the password between reboots/sessions``, but that is most probably not what you want. I advice you to re-consider the issue to find a proper solution. In order to help you in a more detailed way, you need to be more verbose and explicit to your problem when mailing it to the list. -- Met vriendelijke groeten, With kind regards, Mit freundlichen Gruessen, De jrus wah, Willy * Dr. W.K. Offermans CAT Postdoctoral Fellow CAT Catalytic Center Institut für Technische und Makromolekulare Chemie RWTH Aachen Worringerweg 1, Raum 38C-133 D-52074 Aachen, Germany Phone: +49 241 80 28591 Home: +31 45 544 49 44 Mobile: +31 653 27 16 23 e-mail: [EMAIL PROTECTED] e-mail: [EMAIL PROTECTED] Powered by (__) \\\'',) \/ \ ^ .\._/_) www.FreeBSD.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [3.0.28a] Telling XP to save password?
On 6/27/2008, Gilles ([EMAIL PROTECTED]) wrote: Is there a way to tell XP to remember the password between reboots/sessions? Why on gods green earth would you want to do that? I know you can configure XP to auto-login with a certain username/password, but I've never even considered attempting that on a domain member so don't know if it will work in that context... -- Best regards, Charles -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] [3.0.28a] Telling XP to save password?
Hello We're successfully running Samba 3.0.28a on a FreeBSD server and sharing files with XP clients. There's only one problem: By default, XP doesn't let the user save the password, so they have to type it every time they reboot. Is there a way to tell XP to remember the password between reboots/sessions? Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba