Re: [Samba] Machine-level shares on Windows server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jeremy Evans wrote: I've found that I can't access the share (or even get the list of shares as in the examples below) using the -P (--machine-password) switch, so I get the choice of $smbclient -P -L //sbs Failed to open /var/lib/samba/secrets.tdb ERROR: Unable to open secrets database You don't appear to be root. Secrets.tdb is rw for root only. cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFInDDzIR7qMdg1EfYRAocgAJ9amQTW+5kgCzj/D4xW8G6ufl3ZTQCggPMU j6OaxuHX4URo91995r97XfA= =q0sR -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind IDMAP question.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chavez, James R. wrote: Hello all, I have joined my linux boxes to AD and can authenticate using Active Directory usernames and passwords using Winbind. I want to Authenticate to AD but have that user mapped to a local Unix or NIS ID otherwise the AD authentication is useless and only hinders with file permissions and such. Are you asking about local login via pam_winbind? or just via smbd? If the latter, then the username map should solve it. If the former, then I could probably do this in in likewise-open using the name alias support and some NSS ordering tricks. PS: The same patches are pending for upstream Samba. I just keep getting distracted everytime I try to prepare then to push. cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFInDHxIR7qMdg1EfYRAuqsAKDbjZTac3IGqhBso75J1BHAO9jSOQCfUHik NvIzOIqM5kOWKae6BjwPKyk= =jK/y -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbindd behaving oddly
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Glenn Bailey wrote: Hello folks, Been beating my head with an winbind and pam just behaving oddly. I have following various HOW-TO's, wiki's, and docs, and just can't seem to get past a wall. Here a some of the issues: If you just want desktop or server logins and not File/Print, you might want to try likewise-open (http://www.likewisesoftware.com/community/). - the 1st attempt at ssh'ing to a server gives me a 'Wrong Password' in the logs. Here's an exact snippet: Aug 6 18:45:40 mia21654bcu001 sshd[5371]: pam_winbind(sshd): request failed: Wrong Password, PAM error was Authentication failure (7), NT error was NT_STATUS_WRONG_PASSWORD I get this w/o even entering a password. If I break out and just hit it 2 more times it will lock the account out as expected. - require_membership_of seems to be flat out ignored. Works for me. but I define it in /etc/security/pam_winbind.conf authrequired /lib/security/$ISA/pam_env.so authsufficient/lib/security/$ISA/pam_unix.so likeauth nullok authsufficient/lib/security/$ISA/pam_winbind.so use_first_pass use_first_pass authrequired /lib/security/$ISA/pam_deny.so I stack pam_winbind before pam_unix account required /lib/security/$ISA/pam_unix.so account sufficient/lib/security/$ISA/pam_succeed_if.so uid 100 quiet account sufficient/lib/security/$ISA/pam_winbind.so use_first_pass account required /lib/security/$ISA/pam_permit.so Don't need use_first_pass passwordrequired /lib/security/$ISA/pam_cracklib.so retry=3 passwordsufficient/lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow passwordsufficient/lib/security/$ISA/pam_winbind.so use_first_pass passwordrequired /lib/security/$ISA/pam_deny.so need useauthtok and not use_first_pass here. session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so session required /lib/security/$ISA/pam_winbind.so use_first_pass require_membership_of=some_group The require- option is enforced in auth and not session. cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFInDO3IR7qMdg1EfYRAm7eAKC75KUD+LH4BJ5JmhoX2N87sPf/wQCg0qmt U3OgUlotANWOvyAWkLt+0mo= =M+6M -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] unable to map windows to unix groups
Please I need help. - Message transféré de [EMAIL PROTECTED] - Date : Wed, 30 Jul 2008 22:44:36 +0200 De : [EMAIL PROTECTED] Adresse de retour :[EMAIL PROTECTED] Sujet : unable to map windows to unix groups À : samba@lists.samba.org samba@lists.samba.org Hello. After fresh install. Samba and ldap seems to run normally ( I can join win2k workstation to linux samba pdc ). Using yast I create a system group named domadmin But I am unable to map Domain Admins to domadmin I am unable to map Domain Admins to existing ntadmin group I am unable to mofify mapping Domain Admins to domadmin group Thank you for helping. LINUX-SRV: # net groupmap add ntgroup=Domain Admins unixgroup=domadmin rid=512 type=d adding entry for group Domain Admins failed! LINUX-SRV: # LINUX-SRV: # net groupmap add ntgroup=Domain Admins unixgroup=ntadmin rid=512 type=d adding entry for group Domain Admins failed! LINUX-SRV: # LINUX-SRV: # net groupmap modify ntgroup=Domain Admins unixgroup=domadmin Can't map to an unknown group type. LINUX-SRV: # LINUX-SRV:~ # net groupmap modify ntgroup=Domain Admins unixgroup=domadmin type=d Could not update group database LINUX-SRV: # LINUX-SRV:~ net groupmap list request done: ld 0x55c881e0 msgid 1 request done: ld 0x55c881e0 msgid 2 Domain Admins (S-1-5-21-3134345319-2430187646-2919245149-512) - Domain Admins request done: ld 0x55c881e0 msgid 3 Domain Users (S-1-5-21-3134345319-2430187646-2919245149-513) - Domain Users request done: ld 0x55c881e0 msgid 4 Domain Guests (S-1-5-21-3134345319-2430187646-2919245149-514) - Domain Guests request done: ld 0x55c881e0 msgid 5 Domain Computers (S-1-5-21-3134345319-2430187646-2919245149-515) - Domain Computers request done: ld 0x55c881e0 msgid 6 Administrators (S-1-5-32-544) - Administrators request done: ld 0x55c881e0 msgid 7 Account Operators (S-1-5-32-548) - Account Operators request done: ld 0x55c881e0 msgid 8 Print Operators (S-1-5-32-550) - Print Operators request done: ld 0x55c881e0 msgid 9 Backup Operators (S-1-5-32-551) - Backup Operators request done: ld 0x55c881e0 msgid 10 Replicators (S-1-5-32-552) - Replicators request done: ld 0x55c881e0 msgid 11 Users (S-1-5-32-545) - 15000 LINUX-SRV: # LINUX-SRV: # getent group at:!:25: .. .. domadmin:x:114: root:x:0: ... .. users:x:100: +::0: request done: ld 0x618d10 msgid 1 Domain Admins:*:512:root,user_admin Domain Users:*:513: Domain Guests:*:514: Domain Computers:*:515: Administrators:*:544: Account Operators:*:548: Print Operators:*:550: Backup Operators:*:551: Replicators:*:552: request done: ld 0x618d10 msgid 2 LINUX-SRV: # LINUX-SRV: # uname -r 2.6.22.18-0.2-default LINUX-SRV: # LINUX-SRV: # rpm -qa | grep samba samba-3.2.0-24.1.123 samba-client-3.2.0-24.1.123 samba-doc-3.2.0-24.1.123 samba-krb-printing-3.2.0-24.1.123 yast2-samba-client-2.15.11-33 samba-winbind-32bit-3.0.26a-3.7 yast2-samba-server-2.15.7-57 samba-python-3.0.26a-3.7 samba-devel-3.2.0-24.1.123 kdebase3-samba-3.5.7-87.5 samba-winbind-3.2.0-24.1.123 samba-client-32bit-3.0.26a-3.7 LINUX-SRV: # LINUX-SRV:~ # rpm -qa | grep ldap openldap2-2.3.41-1.1 openldap2-client-2.3.41-2.1 perl-ldap-0.33-81 nss_ldap-257-17 pam_ldap-184-48 perl-ldap-ssl-0.33-81 nss_ldap-32bit-257-17.1 yast2-ldap-2.15.1-83 openldap2-devel-2.3.41-2.1 python-ldap-2.3.1-18 ldapcpplib-0.0.4-95 yast2-ldap-client-2.15.12-37 php5-ldap-5.2.6-0.1 openldap2-client-32bit-2.3.37-20 ldap-account-manager-2.3.0-0.pm.0 yast2-ldap-server-2.15.5-76 pam_ldap-32bit-184-49.1 ldapsmb-1.34b-110.8.123 LINUX-SRV: # net groupmap list - Fin du message transféré - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.2.0 in Debian lenny
On Thu, Aug 7, 2008 at 11:08 PM, Frederik [EMAIL PROTECTED] wrote: Slightly off topic, but: has the introduction of Samba 3.2.0, which is GPLv3, had any repercussions for other packages? Did SMB support in some packages with incompatible licenses (for example GPLv2 only?) which link to libsmb now needed to be disabled? Or was not this really a problem in practise? ping? -- Frederik -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] unable to map windows to unix groups
[EMAIL PROTECTED] wrote: Hello. After fresh install. Samba and ldap seems to run normally ( I can join win2k workstation to linux samba pdc ). Using yast I create a system group named domadmin But I am unable to map Domain Admins to domadmin I am unable to map Domain Admins to existing ntadmin group I am unable to mofify mapping Domain Admins to domadmin group Thank you for helping. LINUX-SRV: # net groupmap add ntgroup=Domain Admins unixgroup=domadmin rid=512 type=d adding entry for group Domain Admins failed! LINUX-SRV: # LINUX-SRV: # net groupmap add ntgroup=Domain Admins unixgroup=ntadmin rid=512 type=d adding entry for group Domain Admins failed! LINUX-SRV: # LINUX-SRV: # net groupmap modify ntgroup=Domain Admins unixgroup=domadmin Can't map to an unknown group type. LINUX-SRV: # LINUX-SRV:~ # net groupmap modify ntgroup=Domain Admins unixgroup=domadmin type=d Could not update group database LINUX-SRV: # LINUX-SRV:~ net groupmap list request done: ld 0x55c881e0 msgid 1 request done: ld 0x55c881e0 msgid 2 Domain Admins (S-1-5-21-3134345319-2430187646-2919245149-512) - Domain Admins request done: ld 0x55c881e0 msgid 3 Domain Users (S-1-5-21-3134345319-2430187646-2919245149-513) - Domain Users request done: ld 0x55c881e0 msgid 4 Domain Guests (S-1-5-21-3134345319-2430187646-2919245149-514) - Domain Guests request done: ld 0x55c881e0 msgid 5 Domain Computers (S-1-5-21-3134345319-2430187646-2919245149-515) - Domain Computers request done: ld 0x55c881e0 msgid 6 Administrators (S-1-5-32-544) - Administrators request done: ld 0x55c881e0 msgid 7 Account Operators (S-1-5-32-548) - Account Operators request done: ld 0x55c881e0 msgid 8 Print Operators (S-1-5-32-550) - Print Operators request done: ld 0x55c881e0 msgid 9 Backup Operators (S-1-5-32-551) - Backup Operators request done: ld 0x55c881e0 msgid 10 Replicators (S-1-5-32-552) - Replicators request done: ld 0x55c881e0 msgid 11 Users (S-1-5-32-545) - 15000 LINUX-SRV: # LINUX-SRV: # getent group at:!:25: .. .. domadmin:x:114: root:x:0: ... .. users:x:100: +::0: request done: ld 0x618d10 msgid 1 Domain Admins:*:512:root,user_admin Domain Users:*:513: Domain Guests:*:514: Domain Computers:*:515: Administrators:*:544: Account Operators:*:548: Print Operators:*:550: Backup Operators:*:551: Replicators:*:552: request done: ld 0x618d10 msgid 2 It looks like you already have an existing unix group called Domain Admins being pulled in from ldap. When that is true, there is no need for groupmap and indeed it would appear it is illegal to map a windows group that matches an existing unix group to another unix group. Doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Winbind IDMAP question.
Jerry, Thanks for the reply. I am using pam_winbind with my Active Directory or Kerberos credentials to login. I have an existing UNIX (NIS) infrastructure. We are being forced to join our Linux boxes to AD. This creates a problem with unix permissions when logging into the machines with AD credemtials since the UID is dynamically assigned from Winbind and not valid against existing Unix permissions. example [EMAIL PROTECTED] which translates to DOMAIN\joe_montana. The desired UNIX user id is jmontana. The username map does not work in the case of logging into the box, but does work correctly when accessing shares on the box. I am sure this is the expected behavior of the username map. I have always used the username map for accessing shares and not logging in. What I want to know is in the case of logging into the box via ssh or telnet or locally, can I control the Unix UID that Winbind assigns? Can Winbind be configured to map my DOMAIN\jmontana AD credentials to a local UNIX or NIS user jmontana instead of the dynamic UID? This would alleviate the issue with permissions when logged into the box. My reading led me to believe that using idmap_ldap made this possible but I am unsure. Please point me in the right direction. Again I appreciate the reply. Thank You James -Original Message- From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] Sent: Friday, August 08, 2008 4:46 AM To: Chavez, James R. Cc: samba@lists.samba.org Subject: Re: [Samba] Winbind IDMAP question. -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chavez, James R. wrote: Hello all, I have joined my linux boxes to AD and can authenticate using Active Directory usernames and passwords using Winbind. I want to Authenticate to AD but have that user mapped to a local Unix or NIS ID otherwise the AD authentication is useless and only hinders with file permissions and such. Are you asking about local login via pam_winbind? or just via smbd? If the latter, then the username map should solve it. If the former, then I could probably do this in in likewise-open using the name alias support and some NSS ordering tricks. PS: The same patches are pending for upstream Samba. I just keep getting distracted everytime I try to prepare then to push. cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFInDHxIR7qMdg1EfYRAuqsAKDbjZTac3IGqhBso75J1BHAO9jSOQCfUHik NvIzOIqM5kOWKae6BjwPKyk= =jK/y -END PGP SIGNATURE- CONFIDENTIALITY This e-mail message and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail message, you are hereby notified that any dissemination, distribution or copying of this e-mail message, and any attachments thereto, is strictly prohibited. If you have received this e-mail message in error, please immediately notify the sender and permanently delete the original and any copies of this email and any prints thereof. ABSENT AN EXPRESS STATEMENT TO THE CONTRARY HEREINABOVE, THIS E-MAIL IS NOT INTENDED AS A SUBSTITUTE FOR A WRITING. Notwithstanding the Uniform Electronic Transactions Act or the applicability of any other law of similar substance and effect, absent an express statement to the contrary hereinabove, this e-mail message its contents, and any attachments hereto are not intended to represent an offer or acceptance to enter into a contract and are not otherwise intended to bind the sender, Sanmina-SCI Corporation (or any of its subsidiaries), or any other person or entity. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] strange restarting of samba server
Hi, I was asked to help a non profit organisation with a samba problem. The have the server with linux 10.3 running since autumn 2007. now since about 3 or 4 weeks the client workstations get connection errors several times a day. When I check the samba log files I find that the following message is there very often: [2008/08/06 13:42:29, 0] smbd/server.c:main(944) smbd version 3.0.26a-3-1478-SUSE-SL10.3 started. Copyright Andrew Tridgell and the Samba Team 1992-2007 This message seems to me as like Smbd is restarting everytime this message appears. Is that right? Mostly this message appears in intervalls of one hour (sometimes some seconds or some minutes more than one hour), after this message I can see following messages showing client workstations reconnecting. The linux box is running 24 hours a day and during night time I see only the above message appear every hour and no clients reconnecting because clients are switched off. So what this can be? Normally samba restarts automatically when linux restarts. I´m shure that the linux box does not restart every hour. Where can I find more information to find out what happens here? maybee some other log files. Thanks for every help. Klemens -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] How to migration Windows 2003 AD to Samba + LDAP by pwdump2
Hello, I'm finding migration Windows 2003 AD to Samba + LDAP solution. I seen there can use pwdump2 to dump all accounts information in Windows 2003. I tried it but only can dump local account not AD accounts, cound anyone share some experience to me ? Thanks _ Discover the new Windows Vista http://search.msn.com/results.aspx?q=windows+vistamkt=en-USform=QBRE -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Build status as of Sun Aug 10 00:00:03 2008
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2008-08-09 00:00:36.0 + +++ /home/build/master/cache/broken_results.txt 2008-08-10 00:00:42.0 + @@ -1,4 +1,4 @@ -Build status as of Sat Aug 9 00:00:02 2008 +Build status as of Sun Aug 10 00:00:03 2008 Build counts: Tree Total Broken Panic @@ -9,13 +9,13 @@ ldb 33 32 0 libreplace 32 11 0 lorikeet-heimdal 27 21 0 -pidl 19 19 0 +pidl 19 18 0 ppp 11 0 0 rsync33 11 0 samba-docs 0 0 0 samba-gtk6 6 0 -samba_3_X_devel 28 14 0 -samba_3_X_test 32 20 0 +samba_3_X_devel 27 12 0 +samba_3_X_test 33 21 0 samba_4_0_test 31 27 0 smb-build31 5 0 talloc 33 6 0