Re: [Samba] Samba4 home share problem
Hi, Hi, I have installed Samba4 and the home share functionality is not working. Samba version: 4.0.1 OS: Debian Squeeze Kernel: 2.6.32-5-amd64 The smb.conf: [global] workgroup = TESZT realm = TESZT.HU netbios name = FILESERVER server role = active directory domain controller server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate load printers = no printing = bsd printcap name = /dev/null show add printer wizard = no disable spoolss = yes log level = 3 syslog = 3 syslog only = yes logon path = # logon home = \\fileserver\homes\%U logon drive = H: logon script = %U.cmd [netlogon] path = /opt/samba4/var/lib/samba/sysvol/fileserver.teszt.hu/scripts read only = No [sysvol] path = /opt/samba4/var/lib/samba/sysvol read only = No [homes] path = /home read only = no After a net use h: /home command on client I get this: System error 53 has occured. The network path was not found. The user I try: Administrator and the client OS is Windows XP Pro. I think the rights on the server are ok. When I try to set the home for Administrator in AD I get the answer: The system could not create the startfolder (\\fileserver\homes\Administrator), because can't find path. Is there anybody who can use this functionality? Please help. Thanks for the replies. Chris Samba 4.0.x has two operation modes: 1. Active directory domain controller 2. Member or standalone server (or classic (NT4 style) domain controller) 2. behaves the same way (regarding shares) as Samba 3.x.y 1. has some limitation in this regard, for example the missing home metashare (in 3.x.y you shouldn't specify a path as it would be deduced based on the connected users home directory) You could emulate a behavior similar to the 3.x.y one with the AD mode if you specify hide unreadable = yes and set the folder rights for each home directory accordingly. As a sidenote: 4.0.1 is quite old, especially if you want to run your AD DC as a fileserver at least 4.0.4 is recommended. Regards Geza Gemes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4 DC Firewall settings
Samba 4.0.4 on openSUSE 12.3 Hi everyone. Does anyone have a list of ports which have to be open to allow full DC operation? I'm no expert in firewalls and only have Yast at my disposal to configure it. I've tried opening samba server and DNS server ports via Yast but I must be missing something because I have to turn off the firewall to e.g. join a Windows client to the domain. Maybe Yast isn't the right tool? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 home share problem
Hi, It's ok now. I didn't use winbind. I have read theese: https://lists.samba.org/archive/samba/2013-February/171877.html https://wiki.samba.org/index.php/Samba4/Winbind https://wiki.samba.org/index.php/Samba4/Domain_Member#Make_domain_users.2Fgroups_available_locally_through_winbind. I get the solution from this howtos. Thanks 2013/3/24, Gémes Géza g...@kzsdabas.hu: Hi, Hi, I have installed Samba4 and the home share functionality is not working. Samba version: 4.0.1 OS: Debian Squeeze Kernel: 2.6.32-5-amd64 The smb.conf: [global] workgroup = TESZT realm = TESZT.HU netbios name = FILESERVER server role = active directory domain controller server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate load printers = no printing = bsd printcap name = /dev/null show add printer wizard = no disable spoolss = yes log level = 3 syslog = 3 syslog only = yes logon path = # logon home = \\fileserver\homes\%U logon drive = H: logon script = %U.cmd [netlogon] path = /opt/samba4/var/lib/samba/sysvol/fileserver.teszt.hu/scripts read only = No [sysvol] path = /opt/samba4/var/lib/samba/sysvol read only = No [homes] path = /home read only = no After a net use h: /home command on client I get this: System error 53 has occured. The network path was not found. The user I try: Administrator and the client OS is Windows XP Pro. I think the rights on the server are ok. When I try to set the home for Administrator in AD I get the answer: The system could not create the startfolder (\\fileserver\homes\Administrator), because can't find path. Is there anybody who can use this functionality? Please help. Thanks for the replies. Chris Samba 4.0.x has two operation modes: 1. Active directory domain controller 2. Member or standalone server (or classic (NT4 style) domain controller) 2. behaves the same way (regarding shares) as Samba 3.x.y 1. has some limitation in this regard, for example the missing home metashare (in 3.x.y you shouldn't specify a path as it would be deduced based on the connected users home directory) You could emulate a behavior similar to the 3.x.y one with the AD mode if you specify hide unreadable = yes and set the folder rights for each home directory accordingly. As a sidenote: 4.0.1 is quite old, especially if you want to run your AD DC as a fileserver at least 4.0.4 is recommended. Regards Geza Gemes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 DC Firewall settings
Tcp and Udp ports 137 - 139 and 445 On Mar 24, 2013 7:04 AM, steve st...@steve-ss.com wrote: Samba 4.0.4 on openSUSE 12.3 Hi everyone. Does anyone have a list of ports which have to be open to allow full DC operation? I'm no expert in firewalls and only have Yast at my disposal to configure it. I've tried opening samba server and DNS server ports via Yast but I must be missing something because I have to turn off the firewall to e.g. join a Windows client to the domain. Maybe Yast isn't the right tool? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/**mailman/options/sambahttps://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 DC Firewall settings
On Mar 24, 2013 7:04 AM, steve st...@steve-ss.com wrote: Samba 4.0.4 on openSUSE 12.3 Hi everyone. Does anyone have a list of ports which have to be open to allow full DC operation? I'm no expert in firewalls and only have Yast at my disposal to configure it. I've tried opening samba server and DNS server ports via Yast but I must be missing something because I have to turn off the firewall to e.g. join a Windows client to the domain. Maybe Yast isn't the right tool? Cheers, Steve Hello Steve, I have the following exceptions. Most of this came from netstat and monitoring traffic. A few were picked up in Microsoft documentation, though I've not seen my DC actually use them. Take special note of the last entry. It is my understanding that Samba4 uses 1024 by default, however if that port is not available it will use 1025, 1026, etc until it finds an open port. iptables -A INPUT -p tcp --dport 389 -j ACCEPT # LDAP iptables -A INPUT -p udp --dport 389 -j ACCEPT # LDAP (UDP) iptables -A INPUT -p tcp --dport 636 -j ACCEPT # LDAPS iptables -A INPUT -p tcp --dport 53 -j ACCEPT # DNS (TCP) iptables -A INPUT -p udp --dport 53 -j ACCEPT # DNS (UDP) iptables -A INPUT -p tcp --dport 88 -j ACCEPT # Kerberos (TCP) iptables -A INPUT -p udp --dport 88 -j ACCEPT # Kerberos (UDP) iptables -A INPUT -p tcp --dport 464 -j ACCEPT # Kerberos Password (TCP) iptables -A INPUT -p udp --dport 464 -j ACCEPT # Kerberos Password (UDP) iptables -A INPUT -p tcp --dport 135 -j ACCEPT # RPC iptables -A INPUT -p udp --dport 137 -j ACCEPT # NetBIOS Name Service iptables -A INPUT -p udp --dport 138 -j ACCEPT # NetBIOS Datagram Service iptables -A INPUT -p tcp --dport 139 -j ACCEPT # NetBIOS Session Service iptables -A INPUT -p tcp --dport 445 -j ACCEPT # MS Directory Service iptables -A INPUT -p tcp --dport 3268 -j ACCEPT # MS Global Catalog iptables -A INPUT -p tcp --dport 1024 -j ACCEPT # DCOM *note this port is not static* -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Cannot access share from Kodak printer
I'm trying to use a Samba (3.0.37) share on my ASUS RT-ac66R router as a destination for scans from my Kodak Office Hero 6.1 all-in-one printer. I'm currently getting an invalid User ID or Password error message. I have been unable to increase the Samba log level at all even after editing the log level in smb.conf. Before an old router running DDWRT (including Samba) failed, scanning to the share worked flawlessly. This seems to demonstrate that it is possible to connect from the printer to Samba. I have put the printer and my laptop onto a hub and am using Wireshark to see what's going on. From the captures, it appears that printer is using a product called BlueShare 3.0 (http://www.bluepeach.com/BlueShareDataSheet.pdf). It sounded as if tweaking smb.conf might address the problem so I've spent much of the day experimenting with changing things like the smb.conf security=, use spnego =, client use spnego=, (server, domain names) without any luck. Here's the wireshark decoded output for a test, the error is reported right after frame 8: Frame 4: 105 bytes on wire (840 bits), 105 bytes captured (840 bits) on interface 0 Ethernet II, Src: EastmanK_2e:5f:f0 (00:07:5c:2e:5f:f0), Dst: AsustekC_be:14:60 (08:60:6e:be:14:60) Internet Protocol Version 4, Src: 192.168.11.91 (192.168.11.91), Dst: 192.168.11.1 (192.168.11.1) Transmission Control Protocol, Src Port: 4758 (4758), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 51 NetBIOS Session Service SMB (Server Message Block Protocol) SMB Header Server Component: SMB [Response in: 6] SMB Command: Negotiate Protocol (0x72) NT Status: STATUS_SUCCESS (0x) Flags: 0x00 0... = Request/Response: Message is a request to the server .0.. = Notify: Notify client only on open ..0. = Oplocks: OpLock not requested/granted ...0 = Canonicalized Pathnames: Pathnames are not canonicalized 0... = Case Sensitivity: Path names are case sensitive ..0. = Receive Buffer Posted: Receive buffer has not been posted ...0 = Lock and Read: LockRead, WriteUnlock are not supported Flags2: 0xc841 1... = Unicode Strings: Strings are Unicode .1.. = Error Code Type: Error codes are NT error codes ..0. = Execute-only Reads: Don't permit reads if execute-only ...0 = Dfs: Don't resolve pathnames with Dfs 1... = Extended Security Negotiation: Extended security negotiation is supported .0.. = Reparse Path: The request does not use a @GMT reparse path .1.. = Long Names Used: Path names in request are long file names ...0 = Security Signatures Required: Security signatures are not required 0... = Compressed: Compression is not requested .0.. = Security Signatures: Security signatures are not supported ..0. = Extended Attributes: Extended attributes are not supported ...1 = Long Names Allowed: Long file names are allowed in the response Process ID High: 0 Signature: Reserved: Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 344 Negotiate Protocol Request (0x72) Word Count (WCT): 0 Byte Count (BCC): 12 Requested Dialects Dialect: NT LM 0.12 Buffer Format: Dialect (2) Name: NT LM 0.12 No. Time Source Destination Protocol Length Info 5 19:12:25.73679 192.168.11.1 192.168.11.91 TCP 60 microsoft-ds 4758 [ACK] Seq=1 Ack=52 Win=5840 Len=0 Frame 5: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: AsustekC_be:14:60 (08:60:6e:be:14:60), Dst: EastmanK_2e:5f:f0 (00:07:5c:2e:5f:f0) Internet Protocol Version 4, Src: 192.168.11.1 (192.168.11.1), Dst: 192.168.11.91 (192.168.11.91) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 4758 (4758), Seq: 1, Ack: 52, Len: 0 No. Time Source Destination Protocol Length Info 6 19:12:25.738224000 192.168.11.1 192.168.11.91 SMB 153 Negotiate Protocol Response Frame 6: 153 bytes on wire (1224 bits), 153 bytes captured (1224 bits) on interface 0 Ethernet II, Src: AsustekC_be:14:60 (08:60:6e:be:14:60), Dst: EastmanK_2e:5f:f0 (00:07:5c:2e:5f:f0) Internet Protocol Version 4, Src: 192.168.11.1 (192.168.11.1), Dst: 192.168.11.91 (192.168.11.91) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 4758 (4758), Seq: 1, Ack: 52, Len: 99 NetBIOS Session Service SMB (Server Message Block Protocol) SMB Header Server Component: SMB [Response to: 4] [Time from request: 0.001692000 seconds] SMB Command: Negotiate Protocol (0x72) NT Status: STATUS_SUCCESS (0x) Flags: 0x80 1... = Request/Response: Message is a response to the client/redirector .0.. = Notify: Notify client only on open ..0. = Oplocks: OpLock not requested/granted ...0 = Canonicalized Pathnames: Pathnames are not canonicalized 0... = Case Sensitivity:
