Re: [Samba] Samba network shares over VPN
No, only if you are away on the road with your netbook or something like that, this is for security reasons. If you run two remote sites (offices!!) over openvpn in bridged mode you will work as if all clients are in one office and not miles away. Good Luck Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: Fernando Lozano [mailto:ferna...@lozano.eti.br] Gesendet: Donnerstag, 8. März 2012 15:12 An: muel...@tropenklinik.de Cc: samba@lists.samba.org Betreff: Re: AW: [Samba] Samba network shares over VPN Hi there, So any remote VPN user, be it OpenVPN, Cisco or Microsoft, has to provide login/password for each file server? This is a very bad user experience, it's very different from when the user is on the local network and different from Windows XP. I can't believe there's no way to transparently access network shares over VPN. I was hoping this was some compatibility issue between Windows 7 and Samba. I tried advice found on the net about editing the registry to set NDisDeviceType, for example: http://social.technet.microsoft.com/Forums/en-US/w7itpronetworking/thread/8a 3e9b05-353b-4250-a023-066a085e9657 Tried also provide a default gateway for the TAP adapter, for example: http://superuser.com/questions/120038/changing-network-type-from-unidentifie d-network-to-private-network-on-an-openvpn None of those chances had any effect. Users still log in using their domain accounts (cached profile), connect to the VPN, and are reqired to provide again the domain login and password to access file servers. Funny the seccond change (default gateway for the VPN) should have allowed me to change the network location, but it didn't worked. PS: Sorry for the delay between replies. My ISP is having problems with blacklists and I am being refured by the list. Time to switch to anohter ISP. :-( []s, Fernando Lozano > This is a windows7 bug and not a openvpn. > I solve this by just connecting with openvpn and then running a script > to map the drives with interact username and password. > If you use openvpn in brige mode you do not need the scripts. > > > > --- > EDV Daniel Müller > -Ursprüngliche Nachricht- > Von: samba-boun...@lists.samba.org > [mailto:samba-boun...@lists.samba.org] Im Auftrag von Fernando Lozano > Gesendet: Mittwoch, 22. Februar 2012 14:47 > An: samba@lists.samba.org > Betreff: [Samba] Samba network shares over VPN > > Hi there, > > I have two computers, one Windows XP other Windows 7 (actually a dozen > each) which are members of a Samba domain. Users have no problem login > in to the domain, running the login script to map network drives and > accesssing files on them, for both computers. > > I want to give users remote access using a VPN (OpenVPN to be exact). > The idea is to login on a disconnected computer using a domain account > cached profie, then connnect to the VPN, then map network drives. > OpenVPN allows running a batch file on connection sucessfull and I use > this to run the user login script from the PDC netlogon share. > > The Windows XP computer does this fine. Happy remote users. > > But the Windows 7 doesn't. It asks for user login and password for > each server (network drives are on different samba member servers) > > Someone told me the problem should to be related to the fact the TAP > adapter (the VPN virtual network adapter) is considered by windows as > an "unknown network" and classified as a "public network". But I could > not find a way to turn this into a home / work or domain network location. > > I already tried customising and disabling windows firewall, no changes. > > Any ideas on how to transparently access network shares from domain > member servers over a vpn using windows 7? > > > []s, Fernnado Lozano > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba PDC/NIS client
I have a server which is a samba PDC and has recently been converted to an NIS client. For historic reasons, many users login information is in the local machine's /etc/passwd and /etc/shadow files. samba is set up to use a tdbsam database. I got the first indication of problems when I tried to add a user using the smbpasswd -a command. I found that smbpasswd would not recognize the user unless either the username was in the /etc/passwd file, or I changed /etc/nsswitch.conf from passwd compat TO: passwd files nis However, if I make the latter change, the user cannot log into any Windows machines that are controlled by my PDC. To allow logins, all I have to do is ypcat passwd | grep >> /etc/passwd After this, the user can log in. Is there any configuration of samba that will allow it to properly recognize user data from the NIS map and not require the user to be listed in the /etc/passwd file? Simon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Printer Connection Problem
I have about 10 printers installed through cups (all working via test page printing via cups webpage). Roughly half of these are experiencing this problem with samba. When I run [root@pluto ~]# rpcclient localhost -U'root%j3yThEiH' -c "enumprinters" flags:[0x80] name:[\\LOCALHOST\] description:[\\LOCALHOST\,,HP Laserjet8000DN] comment:[HP Laserjet8000DN] flags:[0x80] name:[\\LOCALHOST\e9hp3015] description:[\\LOCALHOST\e9hp3015,,HP laserjet 3015] comment:[HP laserjet 3015] -- truncated half of them are missing the queue name part in the name field... And when I try to connect to these from windows I get Connect to Printer. Windows couldn't connect to the printer. Check the printer name and try again. If this is a network printer, make sure that the printer is turned on, and that the printer address is correct. [root@pluto ~]# testparm Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Can't find include file /etc/samba/smb.conf. Processing section "[printers]" Processing section "[homes]" Processing section "[netlogon]" Processing section "[Profiles]" Loaded services file OK. Server role: ROLE_DOMAIN_PDC Press enter to see a dump of your service definitions [global] workgroup = E8 server string = Pluto Samba Server interfaces = em1 smb passwd file = /etc/samba/smbpasswd passdb backend = smbpasswd username map = /etc/samba/smbusers log file = /var/log/samba/samba max log size = 20 name resolve order = wins lmhosts host bcast unix extensions = No printcap name = cups logon script = %m.bat logon path = \\%L\Profiles\%u logon drive = p: domain logons = Yes os level = 65 preferred master = Yes domain master = Yes dns proxy = No wins proxy = Yes wins support = Yes idmap config * : backend = tdb wide links = Yes [printers] comment = All Printers path = /var/spool/samba printable = Yes print ok = Yes cups options = raw use client driver = Yes browseable = No [homes] comment = Home Directories path = /samba/home/%S valid users = %S read only = No create mask = 0664 directory mask = 0775 [netlogon] comment = Network Logon Service path = /samba/netlogon read only = No browseable = No [Profiles] comment = User Profiles path = /samba/profiles force group = operators read only = No create mask = 0660 directory mask = 0770 browseable = No Any advice would be appreciated.. Thanks Andrew -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Directory appears different dependent on access path
I figured it out: turns out the machine was behaving like there was a persistent cache because that's exactly what it had. Windows 7 Ultimate has offline caching (sync center) that I never knew about and it is enabled by default. Somehow, the quick temporary file write followed by rename triggered a conflict event in the offline cache even though the share was on line. Clearing the conflicts and disabling offline files resolved the problem. I saw the same behavior for Samba configured as both NT1 and SMB2. There could still be a latent bug here -- I don't know whether it is limited to a race in Adobe Illustrator and Windows or whether Samba is involved. I'm at least happy that the answer rules out corruption of the file server. -Michael -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 list members of an AD group
Thanks for the explanation. We've no windows server:-) but it would be interesting to see if one threw up different tabs. As for listing members in a group. Is it possible? Really it's me being lazy. It would save me writing a script to dig out group ids from the ldb. You can use MS tools on a Win XP/ Win7 See this: https://wiki.samba.org/index.php/Samba4/HOWTO#Viewing_Samba_4_Active_Directory_object_from_Windows Matthieu. -- Matthieu Patou Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 how to remove a machine from the domain
On 08/03/12 16:08, Mark Rutherford wrote: Hmmm possibly. I just use the windows tools to manage AD myself. A quick look at the functionality of samba-tool does not yield anything that looks like a way to delete a machine account. You can probably do this with LDAP but the safest way would probably be by using the AD tools from MS. I am sure someone will chime in if this is possible. On 3/8/2012 10:04 AM, steve wrote: On 08/03/12 15:49, Mark Rutherford wrote: Active directory users and computers. (dsa.msc) Just right-click the computer you want to delete and hit delete. On 3/8/2012 9:47 AM, steve wrote: Hi How do I remove a machine which is o longer connected to the domain? e.g. the has been stolen or just moved without having unjoined before. I want to be able to replace the machine with with a new box with same hostname. Thanks, Steve Thanks Mark. Is there a samba-tool cli way to do that? Cheers, steve. Yea. Thanks. Not a problem. It's just that we are trying not to have a box tied up just for admin, that's all. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 how to remove a machine from the domain
Hmmm possibly. I just use the windows tools to manage AD myself. A quick look at the functionality of samba-tool does not yield anything that looks like a way to delete a machine account. You can probably do this with LDAP but the safest way would probably be by using the AD tools from MS. I am sure someone will chime in if this is possible. On 3/8/2012 10:04 AM, steve wrote: On 08/03/12 15:49, Mark Rutherford wrote: Active directory users and computers. (dsa.msc) Just right-click the computer you want to delete and hit delete. On 3/8/2012 9:47 AM, steve wrote: Hi How do I remove a machine which is o longer connected to the domain? e.g. the has been stolen or just moved without having unjoined before. I want to be able to replace the machine with with a new box with same hostname. Thanks, Steve Thanks Mark. Is there a samba-tool cli way to do that? Cheers, steve. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 how to remove a machine from the domain
On 08/03/12 15:49, Mark Rutherford wrote: Active directory users and computers. (dsa.msc) Just right-click the computer you want to delete and hit delete. On 3/8/2012 9:47 AM, steve wrote: Hi How do I remove a machine which is o longer connected to the domain? e.g. the has been stolen or just moved without having unjoined before. I want to be able to replace the machine with with a new box with same hostname. Thanks, Steve Thanks Mark. Is there a samba-tool cli way to do that? Cheers, steve. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 how to remove a machine from the domain
Active directory users and computers. (dsa.msc) Just right-click the computer you want to delete and hit delete. On 3/8/2012 9:47 AM, steve wrote: Hi How do I remove a machine which is o longer connected to the domain? e.g. the has been stolen or just moved without having unjoined before. I want to be able to replace the machine with with a new box with same hostname. Thanks, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 how to remove a machine from the domain
Hi How do I remove a machine which is o longer connected to the domain? e.g. the has been stolen or just moved without having unjoined before. I want to be able to replace the machine with with a new box with same hostname. Thanks, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 list members of an AD group
On 03/08/2012 11:35 AM, Andrew Bartlett wrote: On Thu, 2012-03-08 at 09:00 +0100, steve wrote: Hi When I add the posixGroup class to an AD group, add a user to the group and set their primaryGroupID, I can add members to the group: samba-tool group addmembers debusers lynn2 ERROR(ldb): Failed to add members "lynn2" to group "debusers" - samldb: member CN=lynn2,CN=Users,DC=hh3,DC=site already set via primaryGroupID 1106 where lynn2 is a user who has been added to the AD posix group debusers with primaryID=1106 But I cannot see the entry member: lynn2 Correct. PrimaryGroupID acts like a member link, but without being a member attribute. Users with primaryGroupID are members of the domain group with that RID. when I look at the debusers dn using ldbsearch as I can under Domain Users. The user appears as expected in Domain Users but not under debusers. Everything works exactly as expected and debusers behaves as if it were a normal AD group, ace's, acl's permissions etc work under both win7 and Linux etc. 1. Is there a samba-tool command to list members of a group? 2. Why do I lose the tabs on properties when I add the posixGroup class to an AD group? This is due to a bug/mis-feature of Active Directory Users and Computers. Unless you can show it is different on a Windows server, the explanation is that the last objectClass value is used by ADUC to determine what tab to show. This in turn is determined by a sort of objectClass values from least to most specific. Andrew Bartlett Hi Andrew, Hi everyone. Thanks for the explanation. We've no windows server:-) but it would be interesting to see if one threw up different tabs. As for listing members in a group. Is it possible? Really it's me being lazy. It would save me writing a script to dig out group ids from the ldb. Thanks, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 list members of an AD group
On Thu, 2012-03-08 at 09:00 +0100, steve wrote: > Hi > When I add the posixGroup class to an AD group, add a user to the group > and set their primaryGroupID, I can add members to the group: > >samba-tool group addmembers debusers lynn2 > ERROR(ldb): Failed to add members "lynn2" to group "debusers" - samldb: > member CN=lynn2,CN=Users,DC=hh3,DC=site already set via primaryGroupID 1106 > > where lynn2 is a user who has been added to the AD posix group debusers > with primaryID=1106 > > But I cannot see the entry > member: lynn2 Correct. PrimaryGroupID acts like a member link, but without being a member attribute. Users with primaryGroupID are members of the domain group with that RID. > when I look at the debusers dn using ldbsearch as I can under Domain > Users. The user appears as expected in Domain Users but not under debusers. > > Everything works exactly as expected and debusers behaves as if it were > a normal AD group, ace's, acl's permissions etc work under both win7 and > Linux etc. > 1. Is there a samba-tool command to list members of a group? > 2. Why do I lose the tabs on properties when I add the posixGroup class > to an AD group? This is due to a bug/mis-feature of Active Directory Users and Computers. Unless you can show it is different on a Windows server, the explanation is that the last objectClass value is used by ADUC to determine what tab to show. This in turn is determined by a sort of objectClass values from least to most specific. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 list members of an AD group
Hi When I add the posixGroup class to an AD group, add a user to the group and set their primaryGroupID, I can add members to the group: samba-tool group addmembers debusers lynn2 ERROR(ldb): Failed to add members "lynn2" to group "debusers" - samldb: member CN=lynn2,CN=Users,DC=hh3,DC=site already set via primaryGroupID 1106 where lynn2 is a user who has been added to the AD posix group debusers with primaryID=1106 But I cannot see the entry member: lynn2 when I look at the debusers dn using ldbsearch as I can under Domain Users. The user appears as expected in Domain Users but not under debusers. Everything works exactly as expected and debusers behaves as if it were a normal AD group, ace's, acl's permissions etc work under both win7 and Linux etc. 1. Is there a samba-tool command to list members of a group? 2. Why do I lose the tabs on properties when I add the posixGroup class to an AD group? Tjhanks, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
