[Samba] winbindd dead but subsys locked
winbind failed on on of the servers in my cluster yesterday. I have been unable to get winbind to start ever since. The init.d script seems to start winbind and a pid is created. When I run service winbind status I receive winbindd dead but subsys locked. So far I have manually deleted the pid. I have rebooted the machine. I have reinstalled Samba. Any assistance would be greatly appreciated. Here is a copy of smb.conf: [global] server string = %h workgroup = DOMAIN netbios name = stlnas password server = stlDOMAINdc1.DOMAIN.local realm = DOMAIN.LOCAL security = ads idmap backend = tdb2 idmap uid = 1-2 idmap gid = 1-2 template shell = /bin/bash # template homedir = /DOMAIN/home/%U template homedir = /home/DOMAIN/%U winbind uid = 20001-20 winbind gid = 20001-20 winbind trusted domains only = no winbind use default domain = true winbind offline logon = false winbind enum users = yes winbind enum groups = yes obey pam restrictions = yes printcap name = /etc/printcap socket options = TCP_NODELAY SO_KEEPALIVE IPTOS_LOWDELAY SO_BROADCAST clustering = yes # logs split per machine log file = %S.log log level = 2 # max 50KB per log file, then rotate max log size = 50 #passdb backend = tdbsam # Share Definitions == [DOMAIN] comment = Home Directories path = /DOMAIN browseable = no writable = yes acl compatibility = auto acl check permissions = True nt acl support = yes ea support = yes acl map full control = True map acl inherit = yes inherit acls = yes [logonscripts] comment = File Sharing path = /DOMAIN/shares/logonscripts copy = DOMAIN -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind - wbinfo problem - SOLVED
The doc is here: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/NetCommand.html The short answer: 1. not reading this doc will "cause pain, agony, and desperation." 2. 'net' map domain-to-unix ID's and interacts with domain security. net rpc = for Windows Group Management operations. net ads = for ADS operations. net rap = for RAP (IBM OS/2 and samba <3) operations. net will automatically fall back via the ads, rpc, and rap modes. On Fri, 2010-11-19 at 16:58 +0530, Vivekanandan Nataraj wrote: > Hi John, > > The same smb and winbind configuration ( same SUSE box ) works good > other Windows AD servers. > > "#wbinfo -u" and "#wbinfo -g" returns the users and groups > respectively. > > Thanks for your great help !!! > > what is the difference between "#net rpc" and "#net ads" ?..if you > have time, give some explanation.. > > Regards, > Vivek > > > On Mon, Nov 15, 2010 at 6:56 PM, Vivekanandan Nataraj > wrote: > Hi John, > > Thanks for your reply. > > > # net ads testjoin > > [2010/11/15 06:40:27, 0] > libads/sasl.c:819(ads_sasl_spnego_bind) > > kinit succeeded but ads_sasl_spnego_krb5_bind failed: > Invalid credentials > > [2010/11/15 06:40:29, 0] > libads/sasl.c:819(ads_sasl_spnego_bind) > > kinit succeeded but ads_sasl_spnego_krb5_bind failed: > Invalid credentials > > Join to domain is not valid: Invalid credentials > > but, > > # net rpc testjoin > Join to 'SQUID' is OK > > # net ads info -U Administrator > > Enter Administrator's password: > LDAP server: 172.16.1.33 > LDAP server name: EIS.squid.biz > Realm: SQUID.BIZ > Bind Path: dc=SQUID,dc=BIZ > LDAP port: 389 > Server time: Mon, 15 Nov 2010 06:45:33 IST > KDC server: 172.16.1.33 > Server time offset: 43 > > # net rpc info -U Administrator > > Enter Administrator's password: > Domain Name: SQUID > Domain SID: S-1-5-21-419217316-27721265-2755569738 > Sequence number: 548 > Num users: 29 > Num domain groups: 10 > Num local groups: 39 > > # wbinfo -a 'vivek%vivek' > > plaintext password authentication succeeded > > challenge/response password authentication succeeded > > > # wbinfo -K 'vivek%vivek' > plaintext kerberos password authentication for [vivek%vivek] > failed (requesting cctype: FILE) > Could not authenticate user [vivek%vivek] with Kerberos > (ccache: FILE) > > # kinit vivek > Password for vi...@squid.biz: > # > > Anything need to be modify on the Windows side ??..next step i > will remove the system from the domain and try everything... > > Thanks in advance. > > Regards, > VIvek > > > > > On Mon, Nov 15, 2010 at 8:25 AM, John Stile > wrote: > "Invalid credentials" points to a problem, thought I'm > guessing, with > the domain membership. > > I'm really not sure what it means. > > Does 'ads testjoin' show anything? > > Would it be too much trouble to remove the system from > the domain and > add it back, assuming that was the the problem? > > 1. remove the machine from the domain (on the AD > server), > 2. stop smbd, nmbd, and winbindd. > 3. find and remove "*.tdb" files. > 4. Check 'date' vs. 'net date' > 5. net ads join -U 'SQUID.BIZ+username'%'passwd' > 6. check 'net ads testjoin' > 7. check 'net ads info' > 8. start daemon: 'winbindd -d 3 -i' > 9. wbinfo -a 'SQUID.BIZ+username'%'password' > 10. wbinfo -K 'SQUID.BIZ+username'%'password' > 11. kinit username > > > On Mon, 2010-11-15 at 00:32 +0530, Vivekanandan > Nataraj wrote: > > Hi John, > > > > > > Thanks for your reply. > > > > > > This is the result :- > > > > > > #wbinfo -u > > > > > > Connected to LDAP server EIS.squid.biz > > ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2 > > ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2
Re: [Samba] get older version 3.0.37
- Original Message - > From: "Frank van Bergenhenegouwen" > To: samba@lists.samba.org > Sent: Friday, November 19, 2010 11:15:56 AM > Subject: [Samba] get older version 3.0.37 > Dear all, > > > > I have a client who uses Samba 3.0.28 on AIX 5.3 and he is running > into > problems with the cpu utilization which is 100% caused by one or more > smbd processes. > > I found out that this problem should be solved in version 3.0.37 and > want to know if there is a way to get the bff-file of this version. > > Which 5.3 are you running? I can make a 3.0.37 for you in bff. Cheers, Bill > > I am not able to compile samba myself on the machine which has the > problem and I am also not able to upgrade samba to a higher version, > because this client uses Active Directory for authentication and many > employees are in more than 128 Active Directory groups. The newer > samba > versions are checking on this limit and as a result these employees > cannot access the shares. > > > > Is there somebody who can help me with this? > > > > Kind regards / Met vriendelijke groet, > Frank van Bergenhenegouwen > fbergenhenegou...@sltn.nl > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] get older version 3.0.37
I am running 5.3 TL 7 # oslevel -r 5300-07 Thanks in advance. Met vriendelijke groet, Frank van Bergenhenegouwen SLTN Servicedesk +31 (0) 36 8800 299 -Original Message- From: William E Jojo [mailto:w.j...@hvcc.edu] Sent: vrijdag 19 november 2010 17:23 To: Frank van Bergenhenegouwen Cc: samba@lists.samba.org Subject: Re: [Samba] get older version 3.0.37 - Original Message - > From: "Frank van Bergenhenegouwen" > To: samba@lists.samba.org > Sent: Friday, November 19, 2010 11:15:56 AM > Subject: [Samba] get older version 3.0.37 > Dear all, > > > > I have a client who uses Samba 3.0.28 on AIX 5.3 and he is running > into > problems with the cpu utilization which is 100% caused by one or more > smbd processes. > > I found out that this problem should be solved in version 3.0.37 and > want to know if there is a way to get the bff-file of this version. > > Which 5.3 are you running? I can make a 3.0.37 for you in bff. Cheers, Bill > > I am not able to compile samba myself on the machine which has the > problem and I am also not able to upgrade samba to a higher version, > because this client uses Active Directory for authentication and many > employees are in more than 128 Active Directory groups. The newer > samba > versions are checking on this limit and as a result these employees > cannot access the shares. > > > > Is there somebody who can help me with this? > > > > Kind regards / Met vriendelijke groet, > Frank van Bergenhenegouwen > fbergenhenegou...@sltn.nl > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] After host name change: Failed to add user ... with error: The account's primary group is invalid
Hi, I've got Samba 3.5.6 (SerNet packages) running on Debian Lenny. User information is stored in LDAP via ldapsam:editposix. I changed both the host name and the workgroup name as I had to move the host to a new internal subnet. I noticed that a new sambaDomainName entry was created (containing a new sambaSID). Unfortunately, the Administrator user still contains both the old sambaSID and the old sambaPrimaryGroupSID and thus does not have any rights. I tried to perform the following steps: net -U Administrator%myadminpass -I localhost rpc user add myuser and got the error message mentioned in the subject line. Consequently, the other steps failed: net -U Administrator%myadminpass -I localhost sam createdomaingroup grmyuser net -U Administrator%myadminpass -I localhost sam addmem grmyuser myuser What's the correct procedure to get the Administrator account working again after a host name/workgroup name change so that I can continue to add more users? Thanks in advance for any hints & kind regards, Holger THE standard software for Aviation Authorities ** IMPORTANT NOTICE / WICHTIGER HINWEIS This communication contains information which is confidential and may also be privileged. It is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s) please note that any distribution, copying or use of this communication or the information in it is strictly prohibited. If you have received this communication in error please notify us immediately by email or by telephone and then delete this email and any copies of it. Diese E-Mail koennte vertrauliche und/oder rechtlich geschuetzte Informationen enthalten. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtuemlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail sind nicht gestattet. ** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] get older version 3.0.37
Dear all, I have a client who uses Samba 3.0.28 on AIX 5.3 and he is running into problems with the cpu utilization which is 100% caused by one or more smbd processes. I found out that this problem should be solved in version 3.0.37 and want to know if there is a way to get the bff-file of this version. I am not able to compile samba myself on the machine which has the problem and I am also not able to upgrade samba to a higher version, because this client uses Active Directory for authentication and many employees are in more than 128 Active Directory groups. The newer samba versions are checking on this limit and as a result these employees cannot access the shares. Is there somebody who can help me with this? Kind regards / Met vriendelijke groet, Frank van Bergenhenegouwen fbergenhenegou...@sltn.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] how to map shared folders when start user profile in XP
I believe you need to put the .bat scripts in a subdirectory of netlogon/scripts in order for the script to be found and run... On 11/19/2010 08:05 AM, Daniel Müller wrote: I think you meant script per each user? Then you need exactly logon script = %u.bat %u substitutes the login user name. The if you have two users: mike, carl You need to have ex.: mike.bat;carl.bat in your netlogon path You can exactly make this too for groups. EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de Von: marcos gonzalez [mailto:marcos.gonzalez.c...@gmail.com] Gesendet: Freitag, 19. November 2010 13:33 An: muel...@tropenklinik.de Cc: anil; samba@lists.samba.org Betreff: Re: [Samba] how to map shared folders when start user profile in XP Hi But If I put [netlogon] comment = Network Logon Service path = /pathtoyour/netlogon/ Only accepts one script and my doubt is how to config one script for user. Thanks 2010/11/17 Daniel Müller Hi, your logon script must be put in your: [global] logon script = %u.bat [netlogon] comment = Network Logon Service path = /pathtoyour/netlogon/ --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von marcos gonzalez Gesendet: Mittwoch, 17. November 2010 12:41 An: anil Cc: samba@lists.samba.org Betreff: Re: [Samba] how to map shared folders when start user profile in XP Hi No, the problem continues. I putted in smb.conf this: logon script = %u.bat logon path = \\%n\Profiles\%u logon drive = H: And inside user profile, in the root folder, i putted user.bat with instrucciones to test. If I execute manually works fine, but not works at start of sesion. Suggestions? Thanks 2010/11/16 anil Hi, Your problem is sorted now? On 11/16/2010 10:18 PM, marcos gonzalez wrote: Hi I understand If I change the smb.conf to : logon script = %u.bat logon path = \\%n\Profiles\%u logon drive = H: putting the script user.bat into the root profile folder (for example /var/lib/samba/profiles/user/ ) for every user load their configuration? Thanks! 2010/11/16 Anil Wakhare Hi, According to me,you can first configure the smb.conf file. Use the following domain master = yes domain logons = yes # the login script name depends on the machine name logon script = %m.bat # the login script name depends on the unix user used logon script = %u.bat logon path = \\%n\Profiles\%u ; logon drive = H: # disables profiles support by specifing an empty path logon path = \\uccagent\%u logon path = \\administrator\%u On Tue, Nov 16, 2010 at 4:04 PM, marcos gonzalez< marcos.gonzalez.c...@gmail.com>wrote: Hi Im searching examples to configure logon scripts for every user. If I configure netlogon how this [global] logon path = \\%N\profiles\%U logon drive = H: logon home = logon script = logon.bat [netlogon] # comment = Network Logon Service path = /var/lib/samba/netlogon # admin users = root # guest ok = yes read only = yes browseable = no Only I can use one script, but I prefer to use specific scripts for users too. I don't know If I can. Other problem is how to configure shared folders for groups of users. Thanks 2010/11/16 Anil Wakhare Hi, I am not getting ur question.can u explain it briefly. On Tue, Nov 16, 2010 at 1:08 PM, marcos gonzalez< marcos.gonzalez.c...@gmail.com>wrote: Hi yes, Im interested in a login script, but Im a newbie with this and I don't know where I can take examples. Inside samba documentacion there are no the sufficient complex examples and in my case Im interested to made a script for every user. Suggestions? Thnaks 2010/11/15 Gaiseric Vandal Are you using a login script? That should take care of mapping shared folders to drive letters. You can't use login scripts to setup printers. If the printers are properly shared from a Windows server or Samba server users should be able to easily locate them in "My Network Places." On 11/12/2010 06:33 AM, marcos gonzalez wrote: Hi guys I have configured samba 3.3.2 in a domain with Xp clients and I would like to config inside clients the shared folders how units when users starts, and the printers too. Im looking for this and the information is very confused, and I dont know which the fast option for users. Suggestions? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba
Re: [Samba] how to map shared folders when start user profile in XP
I think you meant script per each user? Then you need exactly logon script = %u.bat %u substitutes the login user name. The if you have two users: mike, carl You need to have ex.: mike.bat;carl.bat in your netlogon path You can exactly make this too for groups. EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de Von: marcos gonzalez [mailto:marcos.gonzalez.c...@gmail.com] Gesendet: Freitag, 19. November 2010 13:33 An: muel...@tropenklinik.de Cc: anil; samba@lists.samba.org Betreff: Re: [Samba] how to map shared folders when start user profile in XP Hi But If I put [netlogon] comment = Network Logon Service path = /pathtoyour/netlogon/ Only accepts one script and my doubt is how to config one script for user. Thanks 2010/11/17 Daniel Müller Hi, your logon script must be put in your: [global] logon script = %u.bat [netlogon] comment = Network Logon Service path = /pathtoyour/netlogon/ --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von marcos gonzalez Gesendet: Mittwoch, 17. November 2010 12:41 An: anil Cc: samba@lists.samba.org Betreff: Re: [Samba] how to map shared folders when start user profile in XP Hi No, the problem continues. I putted in smb.conf this: logon script = %u.bat logon path = \\%n\Profiles\%u logon drive = H: And inside user profile, in the root folder, i putted user.bat with instrucciones to test. If I execute manually works fine, but not works at start of sesion. Suggestions? Thanks 2010/11/16 anil > Hi, > Your problem is sorted now? > > > On 11/16/2010 10:18 PM, marcos gonzalez wrote: > >> Hi >> >> I understand If I change the smb.conf to : >> >> logon script = %u.bat >> logon path = \\%n\Profiles\%u >> logon drive = H: >> >> putting the script user.bat into the root profile folder (for example >> /var/lib/samba/profiles/user/ ) for every user load their configuration? >> >> Thanks! >> >> 2010/11/16 Anil Wakhare >> >> Hi, >>> According to me,you can first configure the smb.conf file. >>> Use the following >>> >>> domain master = yes >>> domain logons = yes >>> # the login script name depends on the machine name >>> logon script = %m.bat >>> # the login script name depends on the unix user used >>> logon script = %u.bat >>> logon path = \\%n\Profiles\%u >>> ; logon drive = H: >>> # disables profiles support by specifing an empty path >>> logon path = \\uccagent\%u >>> logon path = \\administrator\%u >>> >>> >>> >>> On Tue, Nov 16, 2010 at 4:04 PM, marcos gonzalez< >>> marcos.gonzalez.c...@gmail.com> wrote: >>> >>> Hi Im searching examples to configure logon scripts for every user. If I configure netlogon how this [global] logon path = \\%N\profiles\%U logon drive = H: logon home = logon script = logon.bat [netlogon] # comment = Network Logon Service path = /var/lib/samba/netlogon # admin users = root # guest ok = yes read only = yes browseable = no Only I can use one script, but I prefer to use specific scripts for users too. I don't know If I can. Other problem is how to configure shared folders for groups of users. Thanks 2010/11/16 Anil Wakhare Hi, > I am not getting ur question.can u explain it briefly. > > On Tue, Nov 16, 2010 at 1:08 PM, marcos gonzalez< > marcos.gonzalez.c...@gmail.com> wrote: > > Hi >> >> yes, Im interested in a login script, but Im a newbie with this and I >> don't >> know where I can take examples. Inside samba documentacion there are >> no >> the >> sufficient complex examples and in my case Im interested to made a >> > script > for every user. >> >> Suggestions? >> >> Thnaks >> >> 2010/11/15 Gaiseric Vandal >> >> Are you using a login script? That should take care of mapping >>> >> shared > folders to drive letters. >>> >>> You can't use login scripts to setup printers. If the printers are >>> properly shared from a Windows server or Samba server users should be >>> >> able >> >>> to easily locate them in "My Network Places." >>> >>> >>> >>> On 11/12/2010 06:33 AM, marcos gonzalez wrote: >>> >>> Hi guys I have configured samba 3.3.2 in a domain with Xp clients and I >>> would
Re: [Samba] LVS and SAMBA
On Thu, Nov 18, 2010 at 3:56 PM, Michael Adam wrote: > Ciro Iriarte wrote: >> 2010/11/3 Volker Lendecke : >> > On Wed, Nov 03, 2010 at 11:03:20AM -0300, Ciro Iriarte wrote: >> >> Hi, would it be possible to run two nodes with SAMBA+LDAP and a OCFS2 >> >> filesystem, with LVS load balancing WITHOUT CTDB?. This would be >> >> relying only on OCFS2 file locking. The idea is to provide >> >> authentication, HA file service and load balancing. >> > >> > That would cause data corruption. As far as I know (please >> > correct me if I'm wrong) OCFS2 does not support the full >> > semantics required for share modes, oplocks and all the >> > other fancy cifs features that Samba provides. That's the >> > point of the ctdb and clustered samba combo. >> > >> > Volker >> > >> >> Well, the new "cool" feature on OCFS2 is fcntl, apparently is not >> enough. With CTDB I see that nodes use the same netbios name. How >> would that affect domain controller feature?. I won't like to build >> other server pair just for PDC/BDC > > When you think a little about it you will agree that > when serving the same folder from a cluster file system > like ocfs2, as mounted on two different nodes, as > samba shares from these nodes, then you will have to > configure the two sambas to use the same netbios name. > Not only that, but you will also have to make sure that > the windows SID --> unix ID mappings are identical. > (Unless, of course, you like data corruption. ;-) > And so on. > > The typical use case for a clustered samba with ctdb > is a file server that is member in a domain, but you > can in principle also run samba as a clustered Domain > controller on the cluster. THis will just be one DC > then (since the samba's on the nodes will have to > appear as one server together), but this way you could > replace the PDC/BDC replication, failover and load > balancing mechanism of the classical PDC/BDC scheme > buy using e.g. one clustered PDC. This could even use > tdbsam then (instead of ldapsm), since replication > is done by CTDB then. > > I personally have not done such a setup. But it should > not be a big problem. Be sure to use the "cluster addresses" > variable in smb.conf here to make nmbd happy. > Maybe Jim McDonough can share some of his experiences here? :-) I think you've basically covered it, Michael. This setup is supported on SLES11+HAE as described here. Ok, we're reworking the ctdb resource agent, but if you run ocfs2 under the HA stack, and ctdb outside this, it works just fine. A new resource agent is coming soon, or if you've got support on SLES11SP1+HAE, please contact Novell support. -- Jim McDonough Samba Team SUSE labs jmcd at samba dot org jmcd at themcdonoughs dot org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] how to map shared folders when start user profile in XP
Hi But If I put [netlogon] comment = Network Logon Service path = /pathtoyour/netlogon/ Only accepts one script and my doubt is how to config one script for user. Thanks 2010/11/17 Daniel Müller > Hi, > your logon script must be put in your: > > [global] > logon script = %u.bat > [netlogon] > comment = Network Logon Service > path = /pathtoyour/netlogon/ > > --- > EDV Daniel Müller > > Leitung EDV > Tropenklinik Paul-Lechler-Krankenhaus > Paul-Lechler-Str. 24 > 72076 Tübingen > > Tel.: 07071/206-463, Fax: 07071/206-499 > eMail: muel...@tropenklinik.de > Internet: www.tropenklinik.de > --- > > -Ursprüngliche Nachricht- > Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] > Im > Auftrag von marcos gonzalez > Gesendet: Mittwoch, 17. November 2010 12:41 > An: anil > Cc: samba@lists.samba.org > Betreff: Re: [Samba] how to map shared folders when start user profile in > XP > > Hi > > No, the problem continues. I putted in smb.conf this: > > logon script = %u.bat > logon path = \\%n\Profiles\%u > logon drive = H: > > And inside user profile, in the root folder, i putted user.bat with > instrucciones to test. If I execute manually works fine, but not works at > start of sesion. Suggestions? > > Thanks > > 2010/11/16 anil > > > Hi, > > Your problem is sorted now? > > > > > > On 11/16/2010 10:18 PM, marcos gonzalez wrote: > > > >> Hi > >> > >> I understand If I change the smb.conf to : > >> > >> logon script = %u.bat > >> logon path = \\%n\Profiles\%u > >> logon drive = H: > >> > >> putting the script user.bat into the root profile folder (for example > >> /var/lib/samba/profiles/user/ ) for every user load their configuration? > >> > >> Thanks! > >> > >> 2010/11/16 Anil Wakhare > >> > >> Hi, > >>> According to me,you can first configure the smb.conf file. > >>> Use the following > >>> > >>> domain master = yes > >>> domain logons = yes > >>> # the login script name depends on the machine name > >>> logon script = %m.bat > >>> # the login script name depends on the unix user used > >>> logon script = %u.bat > >>> logon path = \\%n\Profiles\%u > >>> ; logon drive = H: > >>> # disables profiles support by specifing an empty path > >>> logon path = \\uccagent\%u > >>> logon path = \\administrator\%u > >>> > >>> > >>> > >>> On Tue, Nov 16, 2010 at 4:04 PM, marcos gonzalez< > >>> marcos.gonzalez.c...@gmail.com> wrote: > >>> > >>> Hi > > Im searching examples to configure logon scripts for every user. If I > configure netlogon how this > > [global] > logon path = \\%N\profiles\%U > logon drive = H: > logon home = > logon script = logon.bat > [netlogon] > # comment = Network Logon Service > path = /var/lib/samba/netlogon > # admin users = root > # guest ok = yes > read only = yes > browseable = no > > Only I can use one script, but I prefer to use specific scripts for > users > too. I don't know If I can. > > Other problem is how to configure shared folders for groups of users. > > Thanks > > 2010/11/16 Anil Wakhare > > Hi, > > I am not getting ur question.can u explain it briefly. > > > > On Tue, Nov 16, 2010 at 1:08 PM, marcos gonzalez< > > marcos.gonzalez.c...@gmail.com> wrote: > > > > Hi > >> > >> yes, Im interested in a login script, but Im a newbie with this and > I > >> don't > >> know where I can take examples. Inside samba documentacion there are > >> no > >> the > >> sufficient complex examples and in my case Im interested to made a > >> > > script > > > for every user. > >> > >> Suggestions? > >> > >> Thnaks > >> > >> 2010/11/15 Gaiseric Vandal > >> > >> Are you using a login script? That should take care of mapping > >>> > >> shared > > > folders to drive letters. > >>> > >>> You can't use login scripts to setup printers. If the printers > are > >>> properly shared from a Windows server or Samba server users should > be > >>> > >> able > >> > >>> to easily locate them in "My Network Places." > >>> > >>> > >>> > >>> On 11/12/2010 06:33 AM, marcos gonzalez wrote: > >>> > >>> Hi guys > > I have configured samba 3.3.2 in a domain with Xp clients and I > > >>> would > > > like > >> > >>> to config inside clients the shared folders how units when users > > >>> starts, > >> > >>> and > the printers too. Im looking for this and the information is very > confused, > and I dont know which the fast option for users. Suggestions? > > Thanks > > >
Re: [Samba] winbind - wbinfo problem - SOLVED
Hi John, The same smb and winbind configuration ( same SUSE box ) works good other Windows AD servers. "#wbinfo -u" and "#wbinfo -g" returns the users and groups respectively. Thanks for your great help !!! what is the difference between "#net rpc" and "#net ads" ?..if you have time, give some explanation.. Regards, Vivek On Mon, Nov 15, 2010 at 6:56 PM, Vivekanandan Nataraj < viveknata...@gmail.com> wrote: > Hi John, > > Thanks for your reply. > > # net ads testjoin > > [2010/11/15 06:40:27, 0] libads/sasl.c:819(ads_sasl_spnego_bind) > > kinit succeeded but ads_sasl_spnego_krb5_bind failed: Invalid credentials > [2010/11/15 06:40:29, 0] libads/sasl.c:819(ads_sasl_spnego_bind) > > kinit succeeded but ads_sasl_spnego_krb5_bind failed: Invalid credentials > Join to domain is not valid: Invalid credentials > > but, > > # net rpc testjoin > Join to 'SQUID' is OK > > # net ads info -U Administrator > > Enter Administrator's password: > LDAP server: 172.16.1.33 > LDAP server name: EIS.squid.biz > Realm: SQUID.BIZ > Bind Path: dc=SQUID,dc=BIZ > LDAP port: 389 > Server time: Mon, 15 Nov 2010 06:45:33 IST > KDC server: 172.16.1.33 > Server time offset: 43 > > # net rpc info -U Administrator > > Enter Administrator's password: > Domain Name: SQUID > Domain SID: S-1-5-21-419217316-27721265-2755569738 > Sequence number: 548 > Num users: 29 > Num domain groups: 10 > Num local groups: 39 > > # wbinfo -a 'vivek%vivek' > > plaintext password authentication succeeded > > challenge/response password authentication succeeded > > # wbinfo -K 'vivek%vivek' > plaintext kerberos password authentication for [vivek%vivek] failed > (requesting cctype: FILE) > Could not authenticate user [vivek%vivek] with Kerberos (ccache: FILE) > > # kinit vivek > Password for vi...@squid.biz: > # > > Anything need to be modify on the Windows side ??..next step i will remove > the system from the domain and try everything... > > Thanks in advance. > > Regards, > VIvek > > > > On Mon, Nov 15, 2010 at 8:25 AM, John Stile wrote: > >> "Invalid credentials" points to a problem, thought I'm guessing, with >> the domain membership. >> >> I'm really not sure what it means. >> >> Does 'ads testjoin' show anything? >> >> Would it be too much trouble to remove the system from the domain and >> add it back, assuming that was the the problem? >> >> 1. remove the machine from the domain (on the AD server), >> 2. stop smbd, nmbd, and winbindd. >> 3. find and remove "*.tdb" files. >> 4. Check 'date' vs. 'net date' >> 5. net ads join -U 'SQUID.BIZ+username'%'passwd' >> 6. check 'net ads testjoin' >> 7. check 'net ads info' >> 8. start daemon: 'winbindd -d 3 -i' >> 9. wbinfo -a 'SQUID.BIZ+username'%'password' >> 10. wbinfo -K 'SQUID.BIZ+username'%'password' >> 11. kinit username >> >> On Mon, 2010-11-15 at 00:32 +0530, Vivekanandan Nataraj wrote: >> > Hi John, >> > >> > >> > Thanks for your reply. >> > >> > >> > This is the result :- >> > >> > >> > #wbinfo -u >> > >> > >> > Connected to LDAP server EIS.squid.biz >> > ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2 >> > ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2 >> > ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3 >> > ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10 >> > ads_sasl_spnego_bind: got server principal name = e...@squid.biz >> > ads_cleanup_expired_creds: Ticket in ccache[MEMORY:winbind_ccache] >> > expiration Sun, 14 Nov 2010 22:22:14 IST >> > ads_cleanup_expired_creds: Ticket in ccache[MEMORY:winbind_ccache] >> > expiration Sun, 14 Nov 2010 22:22:26 IST >> > kinit succeeded but ads_sasl_spnego_krb5_bind failed: Invalid >> > credentials >> > ads_connect for domain SQUID failed: Invalid credentials >> > final write to client failed: Broken pipe >> > >> > >> > >> > >> > #wbinfo -g >> > >> > >> > Connected to LDAP server EIS.squid.biz >> > ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2 >> > ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2 >> > ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3 >> > ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10 >> > ads_sasl_spnego_bind: got server principal name = e...@squid.biz >> > ads_cleanup_expired_creds: Ticket in ccache[MEMORY:winbind_ccache] >> > expiration Sun, 14 Nov 2010 22:27:10 IST >> > ads_cleanup_expired_creds: Ticket in ccache[MEMORY:winbind_ccache] >> > expiration Sun, 14 Nov 2010 22:27:12 IST >> > kinit succeeded but ads_sasl_spnego_krb5_bind failed: Invalid >> > credentials >> > ads_connect for domain SQUID failed: Invalid credentials >> > final write to client failed: Broken pipe >> > >> > >> > any problem with krb configuration ??? >> > >> > >> > Regards, >> > Vivek >> > >> > >> > >> > >> > On Sun, Nov 14, 2010 at 11:59 PM, John Stile wrote: >> > You could try to run winbindd manually (winbindd -d 3 -i), and >> > from >> > another console run 'wbinfo -u', and see if any errors present >> > them >> > selves in the console where you ran winbindd. First make sure
[Samba] Antwort: Terminal Server Profile readonly attribute lost
samba-boun...@lists.samba.org wrote on 18.11.2010 09:03:20: > webmaster > Gesendet von: samba-boun...@lists.samba.org > > 19.11.2010 06:49 > > An > > samba@lists.samba.org > > Kopie > > Thema > > [Samba] Terminal Server Profile readonly attribute lost > > Hi, > I'm sure this question has been asked before, but I've searched and > can't find a thing. We have Windows 2003 Terminal Servers, and are > running Samba 3.4.5 on AIX 6.1. Our Terminal Server Profiles are kept on > a samba share. When a user creates a file locally in C:\Documents and > Settings(or whatever it's called in english :-) ), sets the file to > readonly, and then logs out, the read-only flag isn't preserved on the > AIX Server. Is this expected behavior? The file ends up with an 765 mask > > > create mask = 0664 > directory mask = 0775 > inherit permissions = Yes > profile acls = Yes > > Thanks in advance. > Howard Allison > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba sorry... must have been blind... inherit permissions was the culprit... Mit freundlichen Grüßen Howard ALLISON -- VERTRAULICHKEIT: Diese Nachricht ist ausschließlich für denjenigen bestimmt, an den sie adressiert ist und kann vertrauliche Informationen enthalten. Falls Sie nicht der Empfänger dieser Nachricht sind, weisen wir Sie darauf hin, dass die unberechtigte Weitergabe oder Verwendung sowie das unberechtigte Verteilen oder Kopieren dieser Nachricht strikt untersagt sind. Falls Sie diese Nachricht irrtümlich erhalten haben, vernichten Sie sie bitte sofort. CONFIDENTIALITY: This message is intended only for the use of the individuality or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure. If you are not the intended recipient you are notified that any dissemination, distribution, use or copying of this communication is strictly prohibited. If you received this message in error, please immediately destroy this message. -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Need help changing user password
Hi Mark On 18 November 2010 18:20, Mark Sheppard wrote: > Michael: > > I have checked for both net setpassword and samba-tool in Samba4 Alpha13 but > they are not there. Maybe I can The "net" command is definitely part of Samba 4 Alpha 13. "net" was renamed to "samba-tool" some time after Alpha 13. Assuming you installed Samba to the default /usr/local/samba, it will be in /usr/local/samba/bin. > download samba-tool which will still work? When I try > doing a net setpassword it brings up the help menu > without this item listed. These are the only items > that are listed which are similar: > net getlocalsid [NAME] to get the SID for local machine name [...] That looks like the net command from Samba 3. You likely have that installed on the machine and it's in the PATH before /usr/local/samba/bin (or /usr/local/samba/bin is not in your PATH at all.) You should remove Samba 3's net command (which, for Debian/Ubuntu is in the samba-common package) unless you know you need it. Also make sure /usr/local/samba/bin is in your PATH, or specify the full path to the net command like: /usr/local/samba/bin/net setpassword username Otherwise, do as Daniel suggested and set the password from a Windows machine using the "Active Directory Users and Computers" tool. See the Samba 4 HOWTO page for where to get these tools for Windows. > Thanks for the support and I will keep checking to see if I can obtain > samba-tool. > > Mark Sheppard >> >> Try: net setpassword --help >> >> (or samba-tool for later versions of Samba4). -- Michael Wood -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba