Re: [Samba] Moving Samba PDC to new machine

2010-08-23 Thread Daniel Müller 
Hi,
Install ldap and samba on the new machine,
move your ldap.conf and slapd.conf, smb.conf to the new machine. Do not
start samba or ldap!
Make exact the same directories as you did on the old samba, according to
your smb.conf
slapcat -l master.ldif your ldap on the old machine.
Move the ldif to the new machine.
According to you new machines IP you have to work you ldap and smb
configuration.
Do not start ldap! Then on the new machine: slapadd -l master.ldiff
Be shure the new databases are owned by ldap.
Now  smbpasswd -w youldapadminpasswordfromsmb.conf
Important: On the old machine fetch the sid: net getlocalsid yourdomain.
Copy this sid.
On the new machine: net setlocalsid thesidyoucopied.
For me on centos5.5 I installed ldap-client to.
>From prompt type: system-config-authentication
Choose Ldap authentification, Ldap-Properties fill in your Ldap-Server and
Search-Base.
Copy the files from the old server to the new with rsync.
Stop samba/ldap  on the old server
Start ldap start samba on the new.
And you are running.
In my case I moved my samba from an old sidux to viruell centos5.5 on
windows 2008 Server.
 


---
EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: muel...@tropenklinik.de
Internet: www.tropenklinik.de
---

-Ursprüngliche Nachricht-
Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im
Auftrag von Donny Brooks
Gesendet: Montag, 23. August 2010 21:29
An: samba@lists.samba.org
Betreff: Re: [Samba] Moving Samba PDC to new machine

 I apologize for not explaining why I am asking this. Recently we had to
move a subset of our users off of the primary server as it houses our
administration users home directories and my documents. When we moved these
users I had all kinds of trouble with them not pulling the profiles like it
should have and from the proper server. But since I am not changing the
machines name, I don' think I will have similar issues. Am I correct in
assuming this?
 
 
-- 
 
Donny B. 
 
On Monday, August 23, 2010 02:23 PM CDT, Donny Brooks
 wrote: 
 
> I am looking to move our current Samba primary domain controller to a new
machine. The current machine is EOL, running Fedora 11 (old), and had way
too many services on it to start with (mail, dns, samba, mysql replication,
primary ldap, etc). I am looking to move to a Xen domu with either Fedora 13
or Centos 5.5. What my question is is this: 
> what should I look for when I migrate the samba install to the new
machine. 
> 
> We use OpenLDAP backend for authentication if that matters for anything. I
will most likely keep the machine name the same but will change the IP. I
know in the other servers that we have that rely on this one as the PDC I
will need to change every reference of its IP address. But I am making sure
there is not any "gotcha" deals.
> -- 
>  
> Donny B.
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
 
 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Problems related to error status_file_locking_conflict

2010-08-23 Thread Volker Lendecke 
On Mon, Aug 23, 2010 at 11:34:21PM -0400, Robert W. Smith wrote:
> OK, so far I now understand that this is _NOT_ a general login issue
> _NOR_ is it a MS credentials file issue either. This appears to be a
> general locking issue in Samba and Linux. Here is a snippet of my
> workstation log with another application that now no longer runs. The
> SMB network transactions are the same as are the results for the user
> (me, Quicken will no longer start and I am about to be hit with a late
> charge $(
> 
> Note the delay between the linux_set_kernel_oplock failure and the
> reporting of the SMB error NT_STATUS_FILE_LOCK_CONFLICT.

To avoid the issue, try "kernel oplocks = no". This does not
really solve the issue, but might help you over the current
problems.

Volker
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Problems related to error status_file_locking_conflict

2010-08-23 Thread Robert W. Smith 
OK, so far I now understand that this is _NOT_ a general login issue
_NOR_ is it a MS credentials file issue either. This appears to be a
general locking issue in Samba and Linux. Here is a snippet of my
workstation log with another application that now no longer runs. The
SMB network transactions are the same as are the results for the user
(me, Quicken will no longer start and I am about to be hit with a late
charge $(

Note the delay between the linux_set_kernel_oplock failure and the
reporting of the SMB error NT_STATUS_FILE_LOCK_CONFLICT.
 
[2010/08/23 22:56:55.399979,  2] smbd/open.c:631(open_file)
  rwsmith opened file My Profile/Application
Data/Intuit/Quicken/Log/qw.log read=No write=Yes (numopen=7)
[2010/08/23 22:56:55.400134,  3]
smbd/oplock_linux.c:120(linux_set_kernel_oplock)
  linux_set_kernel_oplock: Refused oplock on file My Profile/Application
Data/Intuit/Quicken/Log/qw.log, fd = 23, file_id = 16:39f8d
df:0. (Invalid argument)
[2010/08/23 22:56:55.400843,  3] smbd/process.c:1485(process_smb)
  Transaction 1486 of length 76 (0 toread)
[2010/08/23 22:56:55.400885,  3] smbd/process.c:1294(switch_message)
  switch message SMBtrans2 (pid 9850) conn 0x293eac0
[2010/08/23 22:56:55.400917,  3]
smbd/trans2.c:5012(call_trans2qfilepathinfo)
  call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1006
[2010/08/23 22:56:55.400978,  3]
smbd/trans2.c:5225(call_trans2qfilepathinfo)
  call_trans2qfilepathinfo My Profile/Application
Data/Intuit/Quicken/Log/qw.log (fnum = 9996) level=1006 call=7
total_data=0
[2010/08/23 22:56:55.402033,  3] smbd/process.c:1485(process_smb)
  Transaction 1487 of length 94 (0 toread)
[2010/08/23 22:56:55.402069,  3] smbd/process.c:1294(switch_message)
  switch message SMBwriteX (pid 9850) conn 0x293eac0
[2010/08/23 22:56:55.402233,  3] lib/util.c:1846(fcntl_getlock)
  fcntl_getlock: fd 23 is returned info 0 pid 0
[2010/08/23 22:56:55.402273,  3] smbd/error.c:80(error_packet_set)
  error packet at smbd/reply.c(4375) cmd=47 (SMBwriteX)
NT_STATUS_FILE_LOCK_CONFLICT

Web searches on this status code and locking are coming up short (or too
long). Any pointers are greatly appreciated.
--bs


On Sun, 2010-08-22 at 19:55 -0400, Robert W. Smith wrote:

> I am running two Fedora 13 servers, one as a Samba PDC and the other as
> a BDC. For the past week I have been tracing a series of issues which
> may or may not be related to Samba 3.5.4. Here is one problem that I am
> tracking and need help from the list with suggestions.
> 
> >From a wireshark trace between my Samba server and an XP client I am
> seeing the following error status returned for up to a minute for
> certain files:
> 
> error: STATUS_FILE_LOCK_CONFLICT after a SMB Write AndX Request
> 
> Specifically, this is during the login process which now takes over a
> minute due to these error messages. The files in question are related to
> MS credentials in /Application
> Data/Microsoft/CryptNetUrlCache/Content/ and /Application
> Data/Microsoft/CryptNetUrlCache/Metadata/. After a
> while we get an error that pops up in XP and says that the contents of
> this file could not be saved. As an aside I have had the same message
> occur for /History/index.dat and /Cookies/index.dat.
> 
> Running lsof during the login process I do see the files in questions
> but the lsof output does not indicate that they are locked in any way as
> shown next:
> 
> smbd688436u   REG   0,22   24 60784737  prefix>/Application Data/Microsoft/CryptnetUrlCache/Content/ string>
> 
> The [homes]  and [profiles] shares are stored on the BDC with an LDAP
> slave backend. The PDC provides login services and the [netlogon] share
> and the primary LDAP backend.
> 
> In the wireshark trace I see the following related to the
> file /Application Data/Microsoft/CryptNetUrlCache/Content/:
> 1) the file  gets queried with a Trans2 Request, Query Path Info, Query
> File Basic Info, and return Success
> 2) the file is created with NT Create AndX Request, with return Success
> 3) the file is queried again, Trans2 Request, Query File Info, Query
> File Internal Info, with return Success
> 4) the file is written to with, Write Request, 0 bytes at offset 24,
> with return Success
> 5) the file is written again with, Write AndX Request, 24 bytes at
> offset 0, with return ERROR: STATUS_FILE_LOCK_CONFLICT
> and this last Write Andx Request continues for up to a minute or longer.
> 
> As I mentioned all of our domain login times have increased
> significantly and many other aspects of general computing and network
> shares have slowed. My users are complaining and frustrated that I have
> not resolved this issues. Where can I look on my Samba servers and
> Linux/Fedora 13 specifically if I am having file and record locking
> issues related to the XP clients. (note: my wife is one of the users and
> she is about to fire me or worse... ;)
> 
> Any and all suggestions are welcome.
> 
> Bob Smith
> BISLink Internet Services
> Private Consultant
> Great Falls, VA U

[Samba] Password server as another samba server.

2010-08-23 Thread Vidyadhar 
Hi,

Is it possible to mention password server = ip of another samba server. Both 
the server are on workgroup (not in domain). If yes what other changes required?

Regards,
Vidyadhar
Sent on my BlackBerry® from Vodafone Essar
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] id mapping

2010-08-23 Thread Greg Dickie 
Hi,

  Today I'm trying to debug a problem on samba 3.5.4 where a domain
member server is having trouble mapping UIDs to SIDs. I must admit I
never really looked at this before as everything seemed to "just work".
Today I discovered that idmap backend on the PDC and the member server
were both defaulted to tdb. This means they have independent views of
UID to SID mappings I guess. That sucks. So I'm looking at the ldap
backend but I notice that it uses a special ou in the LDAP tree to store
mappings. Why do we need that if the sambaSamAccount schema also has
SIDs and UIDs for each user. Also, how is that tree populated?

Looking at my PDC it seems to just pull everything out of gencache.tdb
or say that no mapping exists. Doing a tdbdump of winbind_idmap.tdb
shows only a few entries. This seems to be more complicated than I
expected. I'm sorry if this is a silly question but what am I doing
wrong?

Thanks a lot,
Greg


-- 
Greg Dickie
just a guy

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba 3.4.8 / solaris / unix secondary groups

2010-08-23 Thread Joe Cammisa 

thanks, reinhard, apparently you are quite right--the development server
on which i performed the initial testing had a much more recent level of
operating system patches than did the deployent system.  in our case, the
sun machines are ldap clients (specifically, of a sun 1 ldap server); it
is from this source that the secondary group information comes.

interestingly, while i was plunking around with this over the weekend i
noticed that by doing a "getent group > /var/tmp/groups_all" followed by
"cp /var/tmp/groups_all /etc/group" (ie, putting all of the unix group
information in the local /etc/group file), suddenly samba could see and
honor 2ndry groups as expected.  admittedly, no substitute for a properly
patched o.s., but perhaps a suitable interim workaround for some other
desperate soul down the road.

-joe


> hi,
>
> some years ago I had a similar problem with Solaris 9 and Samba 3.0.x.
> The reason was some sort of incompatibility between OpenLDAP's libldap
> and Sun's libsldap, can't remember the exact details. Anyway the
> behavior of Solaris 9 in honoring secondary groups was dependent on the
> patch level, and the whole issue was resolved with a patch from Sun.
> Are you sure that both servers are on the same patch level? Check
> /etc/release and the patches for LDAP on both systems, maybe you can
> find a difference that explains this behavior.
>
> kind regards,
> Reinhard
>
> Joe Cammisa wrote:
>> samba-3.4.8 built under solaris_10 (--with-krb5=/sr/local/lib --with-ads
>> --with-ldap); on my test server it runs flawlessly; however on the
>> production server, there is a big exception:  users' secondary group
>> memberships are not honored.
>>
>> >
>> >
>>
>> again, same samba version, built against the same libraries in the same
>> way with the same config file in both cases.  any one with an idea how i
>> might make this work?  many thanks in advance!!
>>
>> -joe
>>
>>
>>
>


-- 

  Joe Cammisa
  Networking & Systems
  College Information Resources
  Haverford College

  phone:  1-610-896-4239
  email:  jcamm...@haverford.edu
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Moving Samba PDC to new machine

2010-08-23 Thread Donny Brooks 
 I apologize for not explaining why I am asking this. Recently we had to move a 
subset of our users off of the primary server as it houses our administration 
users home directories and my documents. When we moved these users I had all 
kinds of trouble with them not pulling the profiles like it should have and 
from the proper server. But since I am not changing the machines name, I don' 
think I will have similar issues. Am I correct in assuming this?
 
 
-- 
 
Donny B. 
 
On Monday, August 23, 2010 02:23 PM CDT, Donny Brooks 
 wrote: 
 
> I am looking to move our current Samba primary domain controller to a new 
> machine. The current machine is EOL, running Fedora 11 (old), and had way too 
> many services on it to start with (mail, dns, samba, mysql replication, 
> primary ldap, etc). I am looking to move to a Xen domu with either Fedora 13 
> or Centos 5.5. What my question is is this: 
> what should I look for when I migrate the samba install to the new machine. 
> 
> We use OpenLDAP backend for authentication if that matters for anything. I 
> will most likely keep the machine name the same but will change the IP. I 
> know in the other servers that we have that rely on this one as the PDC I 
> will need to change every reference of its IP address. But I am making sure 
> there is not any "gotcha" deals.
> -- 
>  
> Donny B.
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
 
 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Moving Samba PDC to new machine

2010-08-23 Thread John Drescher 
> I am looking to move our current Samba primary domain controller to a new 
> machine. The current machine is EOL, running Fedora 11 (old), and had way too 
> many services on it to start with (mail, dns, samba, mysql replication, 
> primary ldap, etc). I am looking to move to a Xen domu with either Fedora 13 
> or Centos 5.5. What my question is is this:
> what should I look for when I migrate the samba install to the new machine.
>
> We use OpenLDAP backend for authentication if that matters for anything. I 
> will most likely keep the machine name the same but will change the IP. I 
> know in the other servers that we have that rely on this one as the PDC I 
> will need to change every reference of its IP address. But I am making sure 
> there is not any "gotcha" deals.
> --

If you use openldap. I suggest you keep the old, add the new as A BDC
(replicating the openldap) then test the configuration and only after
testing pull the old box and make the new a PDC.

John
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Moving Samba PDC to new machine

2010-08-23 Thread Donny Brooks 
I am looking to move our current Samba primary domain controller to a new 
machine. The current machine is EOL, running Fedora 11 (old), and had way too 
many services on it to start with (mail, dns, samba, mysql replication, primary 
ldap, etc). I am looking to move to a Xen domu with either Fedora 13 or Centos 
5.5. What my question is is this: 
what should I look for when I migrate the samba install to the new machine. 

We use OpenLDAP backend for authentication if that matters for anything. I will 
most likely keep the machine name the same but will change the IP. I know in 
the other servers that we have that rely on this one as the PDC I will need to 
change every reference of its IP address. But I am making sure there is not any 
"gotcha" deals.
-- 
 
Donny B.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Password server as another samba server

2010-08-23 Thread Vidyadhar 
Hi,

Is it possible to mention password server = ip of another samba server. Both 
the server are on workgroup (not in domain). If yes what other changes required?

Regards,
Vidyadhar
Sent on my BlackBerry® from Vodafone
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba/Winbind issue

2010-08-23 Thread Mark Adams 
Have you tried to escape it with \ ?

On Wed, Aug 11, 2010 at 03:13:49PM +0200, walter.van.der.heij...@nl.abnamro.com 
wrote:
> Hi,
> 
> I have an issue with Samba using winbind. We have Active Directory groups 
> with underscores (for example sambagroup_underscore). But an underscore in 
> Samba (Unix) is a space in Active Directory.
> 
> So my question is what character is used in Samba (Unix) for an underscore in 
> Active Directory? Or are there other solutions to solve this?
> 
> I would be very happy if you can help me!
> 
> 
> Met vriendelijke groet, Kind regards,
> 
> 
> Walter van der Heijden | AIX/RedHat System Specialist
> ABN AMRO | I&O /Expertise /Midrange /Unix
> Polanerbaan 11 | 3447 GN  Woerden | Netherlands | W04.00.40
> Tel.: +31 (0) 30 2260597
> 
> Denk aan het milieu voordat u deze e-mail print
> 
> 
> 
> 
> * DISCLAIMER *
> 
> This message (including any attachments) is confidential and may be 
> privileged. 
> If you have received it by mistake please notify the sender by return e-mail 
> and delete this
> message from your system. 
> Any unauthorised use or dissemination of this message in whole or in part is 
> strictly prohibited. 
> Please note that e-mails are susceptible to change. 
> ABN AMRO Bank N.V, which has its seat at Amsterdam, the Netherlands, and is 
> registered in
> the Commercial Register under number 34334259, including its group companies, 
> shall not be liable for the improper or incomplete transmission of the 
> information contained 
> in this communication nor for any delay in its receipt or damage to your 
> system. 
> ABN AMRO Bank N.V. (or its group companies) does not guarantee that the 
> integrity of this 
> communication has been maintained nor that this communication is free of 
> viruses, 
> interceptions or interference. 
> - 
> Dit bericht (inclusief de eventuele bijlagen) is vertrouwelijk. 
> Wanneer u dit bericht ten onrechte heeft ontvangen, dient u de afzender 
> hiervan onmiddellijk
> per kerende e-mail op de hoogte te brengen en dit bericht te verwijderen uit 
> uw systeem.
> Elk onbevoegd gebruik en/of onbevoegde verspreiding van dit bericht is niet 
> toegestaan. 
> U wordt erop gewezen dat e-mail berichten aan wijziging onderhevig kunnen 
> zijn.
>  ABN AMRO Bank N.V., statutair gevestigd te Amsterdam en ingeschreven in het 
> handelsregister
> van de Kamer van Koophandel onder nummer 34334259, en haar 
> groepsmaatschappijen,
> is niet aansprakelijk voor de onjuiste en onvolledige overdracht van de 
> informatie in dit bericht 
> noch voor mogelijke vertraging in de ontvangst van dit bericht of schade aan 
> uw systeem als
> gevolg van dit bericht. ABN AMRO Bank N.V. (en haar groepsmaatschappijen) 
> staat er niet
> voor in dat de integriteit van dit bericht behouden is gebleven noch dat dit 
> bericht vrij is 
> van virussen, niet is onderschept of vatbaar is geweest voor tussenkomst 
> (door derden).
> *
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] how to set folder redirection on Windows 7 with a Samba PDC

2010-08-23 Thread German Molano 

 On 22/08/2010 01:44 a.m., Abe Lau wrote:


On Sun, Aug 22, 2010 at 2:48 PM, German Molano > wrote:


 On 21/08/2010 10:54 p.m., Abe Lau wrote:

Hi,
I have read that Windows 7 is using a new admx format and that
it is not
compatible with the old-school poledit.  If I would like to
stick with a
Samba PDC, is there any elegant way to get Windows 7 client to
obey the
folder redirection(and possibly other rules) set using poledit&
NTConfig.pol?

Yes there is a way to do folder redirection with kixtart tools
 you can write directly to the Windows Registry modyfing the
Workstation Settings.

In your netlogon start up script call kix32 runtime with your own
script with some values like these:

$UserShellFolders =
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User
Shell Folders"
WriteValue($UserShellFolders, "Personal", "H:\Documents", "REG_SZ")
WriteValue($UserShellFolders, "AppData",
"H:\.winsettings\appdata", "REG_SZ")
WriteValue($UserShellFolders, "Desktop", "H:\WinDesktop", "REG_SZ")
WriteValue($UserShellFolders, "My Music", "H:\Music", "REG_SZ")
WriteValue($UserShellFolders, "My Pictures", "H:\Pictures", "REG_SZ")
WriteValue($UserShellFolders, "My Video", "H:\Videos", "REG_SZ")
WriteValue($UserShellFolders,
"{374DE290-123F-4565-9164-39C4925E467B}", "H:\Downloads", "REG_SZ")



I have been searching the mailing list, but there doesn't
seems to be much
detailed information on how to get Windows 7 to integrate
nicely with a
Samba PDC.  Any insights?

Thanks,
Abe


-- 
To unsubscribe from this list go to the following URL and read the

instructions: https://lists.samba.org/mailman/options/samba


Thanks German Molano.

That may seems to be a viable solution.  By the way, the webpage 
doesn't mention Windows 7 being supported?  Is the webpage just outdated?


Yes it is supported but some Registry values are protected and some 
values differs from Windows 7/Vista to Windows XP/2000, but with 
kixstart you could distinct between platforms and apply settings depend 
on it, it could be done like this:


$ntversion = READVALUE("HKLM\SOFTWARE\Microsoft\Windows 
NT\CurrentVersion\", "CurrentVersion")


Select

Case $ntversion = 6.1 ;Windows 7

WriteValue(

Case $ntversion = 6.0 ;Windows Vista

WriteValue(

Case $ntversion = 5.1 ;Windows XP

WriteValue( 

Case $ntversion = 5.0 ;Windows 2000

WriteValue(




Not knowing much about kixtart, does it mean that I could replace 
everything in NTConfig.pol with a kixtart script?  That would be an 
elegant solution before Samba4 is ready I suppose :-)




NTConfig.pol modifies resgistry settings at logon, so yes you could 
replace it, but is little less "graphical" because you deal with a 
script not with a GUI. Also you could deliver policies with a Domain 
Group basis with conditionals like this:


If InGroup( "MYDOMAIN\Accounting" )

WriteValue(

EndIf



Abe


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Users mapping in security tab

2010-08-23 Thread tizo 
>
>
> it seems like it may be a case of windows not knowing how to handle Unix
> User\username
>
>
Grant,

I guess that Windows should not know how to handle them. Instead, Samba
should made the mapping (at least in my case, as the Unix user is a real
Unix user, and his UID is not set in the Windows Domain).

Anyone else has had this problem?

Thanks,

tizo
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] how to set folder redirection on Windows 7 with a Samba PDC

2010-08-23 Thread erik bergsma 
there are some limitations kixtart cant write certain values to parts
the registry that are protected
but just for folder redirection its great :)

although with win7 you will probably run into some problems with the adobe
installer that is refusing to work, because of the folder redirection

samba 4 isnt an work enviroment option, since it is still in alpha

2010/8/22 Abe Lau >

> On Sun, Aug 22, 2010 at 2:48 PM, German Molano  wrote:
>
> >  On 21/08/2010 10:54 p.m., Abe Lau wrote:
> >
> >> Hi,
> >> I have read that Windows 7 is using a new admx format and that it is not
> >> compatible with the old-school poledit.  If I would like to stick with a
> >> Samba PDC, is there any elegant way to get Windows 7 client to obey the
> >> folder redirection(and possibly other rules) set using poledit&
> >> NTConfig.pol?
> >>
> >>  Yes there is a way to do folder redirection with kixtart tools  you can
> > write directly to the Windows Registry modyfing the Workstation Settings.
> >
> > In your netlogon start up script call kix32 runtime with your own script
> > with some values like these:
> >
> > $UserShellFolders =
> >
> "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User
> > Shell Folders"
> > WriteValue($UserShellFolders, "Personal", "H:\Documents", "REG_SZ")
> > WriteValue($UserShellFolders, "AppData", "H:\.winsettings\appdata",
> > "REG_SZ")
> > WriteValue($UserShellFolders, "Desktop", "H:\WinDesktop", "REG_SZ")
> > WriteValue($UserShellFolders, "My Music", "H:\Music", "REG_SZ")
> > WriteValue($UserShellFolders, "My Pictures", "H:\Pictures", "REG_SZ")
> > WriteValue($UserShellFolders, "My Video", "H:\Videos", "REG_SZ")
> > WriteValue($UserShellFolders, "{374DE290-123F-4565-9164-39C4925E467B}",
> > "H:\Downloads", "REG_SZ")
> >
> >
> >
> >  I have been searching the mailing list, but there doesn't seems to be
> much
> >> detailed information on how to get Windows 7 to integrate nicely with a
> >> Samba PDC.  Any insights?
> >>
> >> Thanks,
> >> Abe
> >>
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >
>
> Thanks German Molano.
>
> That may seems to be a viable solution.  By the way, the webpage doesn't
> mention Windows 7 being supported?  Is the webpage just outdated?
>
> Not knowing much about kixtart, does it mean that I could replace
> everything
> in NTConfig.pol with a kixtart script?  That would be an elegant solution
> before Samba4 is ready I suppose :-)
>
> Abe
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] How to filter files using roaming profiles

2010-08-23 Thread erik bergsma 
prf*.tmp files are created by a lot of programs outlook, virtualbox
etc...

by description (http://support.microsoft.com/kb/328607) they see pretty
important, but with my personal experience they are not so

i think the easiest way is to set up a crontab that deletes the prf*.tmp
files over night

2010/8/22 marcos gonzalez 

> Hi David
>
> Really this problem only pass with files created by thunderbird. This
> program creates a .tmp files during syncronization with imap accounts and
> generates most biggest files. I can't filter this folder and Im not
> interested to make this user by user, y prefer to make this for all samba
> users.
>
> Do you know any good link explaining how to create policie filters in XP?
>
> And finally the tmp folder is not sync.
>
> Thanks :-)
>
> 2010/8/22 David Gonzalez 
>
> > Hola Marcos,
> >
> > I don't know how gurus here will do it, but I'd suggest you go ahead and
> > create some policy or use the built it windows feature to avoid/permit
> sync
> > of certain files
> >
> > You copuld also tweak registry keys, or do as I did with my users, I
> > created a "Default User" using redegit and loading the NTDUSER.DAT hive
> and
> > deciding which directories should the system keep in sync.
> >
> > One other problem I see there is that if your clients are XP/2K/7 that
> > nasty %USERPROFILE%\AppData\local\TEMP directory is sneaking up on your
> sync
> > proccess, and it tends to grow quite large, so one other suggestion is to
> go
> > ahead and change TEMP and TMP enviroment variables, be it from My
> Computer >
> > Properties > Advanced > Enviroment Variables
> > and take that directory to some other place like D:\ or C:\, depends on
> > yopur setup.
> >
> > That's my ywo cents on this, so hope this helps.
> >
> > ---
> > David Gonzalez H.
> > DGHVoIP - OPEN SOURCE TELEPHONY SOLUTIONS
> > Phone Bogotá: +(57-1)289-1168
> > Phone Medellin: +(57-4)247-0985
> > Mobile: +(57)315-838-8326
> > MSN: da...@planetaradio.net
> > Skype: davidgonzalezh
> > WEB: http://www.dghvoip.com/
> > Proud Linux User #294661
> >
> >
> > On Sun, Aug 22, 2010 at 12:37 PM, marcos gonzalez <
> > marcos.gonzalez.c...@gmail.com> wrote:
> >
> >> Hello list
> >>
> >> I'm a system administrator implementing a samba server for mi work. One
> of
> >> the most important things is how to use roaming profiles, and I'm
> viewing
> >> that in the synchronisation there are more bad type archives that
> produces
> >> and excessive use of disc memory. It's possible to filter that .tmp
> files
> >> not synchronise?
> >>
> >> these are my rules inside smb.conf:
> >>
> >>   logon path = \\%N\profiles\%U
> >>   logon drive =
> >>   logon home =
> >>   logon script =
> >>
> >> Thanks && Best Regards
> >> --
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions:  https://lists.samba.org/mailman/options/samba
> >>
> >
> >
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Windows Vista keeps on deleting cached roaming profile

2010-08-23 Thread erik bergsma 
@ Dave: thnx for your pointers but i already tried those (See my first post)
with no luck...

@ All: the problem becomes weirder and weirder:
i have set up a new PDC with the same samba version, (only difference is
that its not clustered, and doesn't have the LDAP back end), and when i
create a profile on that domain, the user profile will stay cached on
c:\users\

however when i join the same machine to the domain that is having the
problems, and create a new profile as well for a new user, the cached user
profile gets deleted again from c:\users\

so to conclude that; the problem is either my CTDB or my LDAP back end,
which make no sense what so ever :(

2010/8/19 David Mathog 

> On second thought, the previous method was for older WIndows.  Use
> the group policy editor and look at:
>
>  Computer Configuration -> Administrative Templates -> System ->
> User Proiles -> Delete user profiles ...
>
> If that is enabled, then the user profiles would disappear in the specified
> number of days.
>
> Regards,
>
> David Mathog
>
>
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba 3.4.8 / solaris / unix secondary groups

2010-08-23 Thread Reinhard Sojka 

hi,

some years ago I had a similar problem with Solaris 9 and Samba 3.0.x. 
The reason was some sort of incompatibility between OpenLDAP's libldap 
and Sun's libsldap, can't remember the exact details. Anyway the 
behavior of Solaris 9 in honoring secondary groups was dependent on the 
patch level, and the whole issue was resolved with a patch from Sun.
Are you sure that both servers are on the same patch level? Check 
/etc/release and the patches for LDAP on both systems, maybe you can 
find a difference that explains this behavior.


kind regards,
Reinhard

Joe Cammisa wrote:

samba-3.4.8 built under solaris_10 (--with-krb5=/sr/local/lib --with-ads
--with-ldap); on my test server it runs flawlessly; however on the
production server, there is a big exception:  users' secondary group
memberships are not honored.

>
>

again, same samba version, built against the same libraries in the same
way with the same config file in both cases.  any one with an idea how i
might make this work?  many thanks in advance!!

-joe


  

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] WG: Status of samba4 Alpha12 ctdb

2010-08-23 Thread Daniel Müller 
Hello to all,

does anybody know about the status of clustering samba4 with ctdb?

Daniel


EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen 
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: muel...@tropenklinik.de
Internet: www.tropenklinik.de 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba + set POSIX ACL's over Windows

2010-08-23 Thread Oliver Weinmann 
Hi,

thanks for the advice. I don't think QNAP supports NFSv4. But even if we
need to be able to set the permissions over windows not on the cmdline.
I discovered the following experimental modules for samba that should
allow 1:1 mapping of ntfs acl's. But they are not very well documented.
I might give it a try.

vfs objects = acl_xattr


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Is "samba3_vscan" compiled anymore, by anyone?

2010-08-23 Thread Neil Price 

 On 2010/08/22 06:15 PM, Nico Kadel-Garcia wrote:

I'm looking at the RPM's over at http://ftp.sernet.de/pub/samba/3.5/,
and noticing that the "samba3-vscan" package is not being built for
any OS. Is this deliberate? If so, perhaps it can be deleted from the
SRPM? It no longer builds correctly for Samba v3.5, and is a years old
virus scanning tool in any case. It's therefore probably unsuitable
for virus scanning of any modern CIFS share.
I haven't tried it yet but this looks like good candidate for replacing 
that package: http://svs.sourceforge.net/

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba