[Samba] Disable password complexity does not work?
Hello I use Samba 4.0.9 and want to disable strong passwords. I've run: ./samba-tool domain passwordsettings set --complexity=off But it seems to not work. If users try to change password via ctrl+alt+del windows still require strong password. Restarting samba to commit change did not solve problem. Is there something i forgot? On my old configuration with old (RIP) server it worked flawessly. Szymon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Not Obeying require_membership_of winbind.so when User must change password at next logon
On Thu, 2013-08-22 at 11:49 +, Jason Caylor wrote: Okay, so I have an Active Directory server running on Windows Server 2012 Standard I have configured Samba/Kerberos/Winbind on Ubuntu 13.04 to bind to the DC properly. I am able to login with my Active Directory users credentials. When I use the 'require_membership_of' option in pam.d/common-auth for winbind.so using the SID of the group I want to restrict access to, it works like a charm. Hi Say the group with that SID is mygroup. Does: getent group mygroup return a gidNumber? If so, then: Put only the users you want. Then common-account: account requiredpam_succeed_if.so user ingroup mygroup man pam_succeed_if BTW, I'd strongly advise changing to the ad backend. HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Not Obeying require_membership_of winbind.so when User must change password at next logon
On Sun, 2013-09-01 at 09:56 +0200, steve wrote: On Thu, 2013-08-22 at 11:49 +, Jason Caylor wrote: Okay, so I have an Active Directory server running on Windows Server 2012 Standard I have configured Samba/Kerberos/Winbind on Ubuntu 13.04 to bind to the DC properly. I am able to login with my Active Directory users credentials. When I use the 'require_membership_of' option in pam.d/common-auth for winbind.so using the SID of the group I want to restrict access to, it works like a charm. Hi Say the group with that SID is mygroup. Does: getent group mygroup return a gidNumber? If so, then: Put only the users you want. Then common-account: account requiredpam_succeed_if.so user ingroup mygroup man pam_succeed_if BTW, I'd strongly advise changing to the ad backend. HTH Steve Hi Sorry, I'm not answering the question. These are not fixes, rather 'something else to try', things. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [samba]wrong record for connetcting share
Hello Ming, Am 29.08.2013 10:08, schrieb ming: I have some question about smbcontrol reload-config ,please explain it to me.Thanks! Connecting samba share by windows,and modify the smb.conf(EX:modify the share record rw to ro). After that,execute smbcontrol -d 10 all reload-config. But it doesn't work on the samba connecting ,it's also the old record. How to let the samba connecting become the new record except samba service restart or disconnect the link. Wait for your write back... I'm not sure, if this matters, but the smbcontrol manpage says: smbcontrol [destination] [message-type] [parameter] What happens if you # smbcontroll all reload-config -d 10 or skip the -d ...? What version of Samba is it? Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba setup
Am 25.08.2013 18:12, schrieb Keller Racing: Hi all. I am a truly new to Samba so please bear with me while I ask a few questions. I am running a Pentium 366 Celeron, 128meg memory, Red Hat Linux 7.2, Linux 2.4.7-10, Samba 2.2.1a. I am running this much older version as the best book I have on Linux is Ren Hat Linux 7.2 Bible by Chris Negus. It is the most complete book I have so in order to have my experiments with Linux and Samba match the pictures ;-)), I opted to use the older version. I really think you should skip this book, get a version of Samba that isn't 12 years old, and have a look to the thousands of good internet pages descriping almost everything around Samba. I'm sure, you will learn more and have less problems. :-) And of course you would get much more help with recent versions, because nobody remembers what were bugs or specific things in such an old version. Pick a recent version, give it a try (maybe you would require something newer than that old pentium :-)) and if you are having problems, let us know what you plan to do and what went wrong, and we surely will find a way to get it work here on the list. :-) [root@4445 root]# smbstatus Samba version 2.2.1a Serviceuidgidpidmachine --- Failed to open byte range locking database ERROR: Failed to initialize locking database Can't initialize locking module - exiting Assumed that this was the same 12 years ago: Run # testparm -vs | grep lock directory and have a look, where lock directory points too. Then check if this directory is existing. The permissions should be 755 and owner root:root. You can try stopping Samba, remove the locking.tdb (make a copy before) and start Samba again. It will be recreated. Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] LDAP Account Manager 4.3.RC1 with enhanced Samba 4 and Kolab support released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 LDAP Account Manager (LAM) 4.3.RC1 - September 1st, 2013 LAM is a web frontend for managing accounts stored in an LDAP directory. Announcement: - - Added Unix user+group support for Samba 4. Additionally, you may now manage Kolab groups. Custom fields support read-only fields and file uploads. LAM is now PHP 5.5 compatible. Please note that this is a test version. Please report any bugs till 18th September. Full changelog: https://www.ldap-account-manager.org/lamcms/changelog Download: https://www.ldap-account-manager.org/lamcms/releases Features: - - * management of various account types * Unix * Samba 3/4 * Kolab 2/3 * Asterisk * Zarafa * DHCP * SSH keys * profiles for account creation * account creation via file upload * automatic creation/deletion of home directories * setting quotas * PDF output for all accounts * editor for organizational units * schema browser * tree view * multiple configuration files * multi-language support: Catalan, Chinese (Traditional + Simplified), Czech, Dutch, English, French, German, Hungarian, Italian, Japanese, Polish, Portuguese, Russian, Slovak and Spanish * support for LDAP+SSL/TLS Demo installation: - -- You can try our demo installation online. https://www.ldap-account-manager.org/lamcms/liveDemo Support: - If you find a bug please file a bug report. For questions or implementing new features please use the mailinglist and feature request tracker at our homepage https://www.ldap-account-manager.org. Authors Copyright: - Copyright (C) 2003 - 2013: Roland Gruber p...@rolandgruber.de LAM is published under the GNU General Public License. The complete list of licenses can be found in the copyright file. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Icedove - http://www.enigmail.net/ iEYEARECAAYFAlIjROYACgkQq/ywNCsrGZ6FeACfbVYIXePrWzwykTAReOSp0eOv kGUAn2NwoOtsXJaG5Ntu9ubm0KSiTUGs =4RFU -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] smbcacls of the share itself
Hi, Is there a way to use smbcacls to list the cacls of the share (directory at the server) itself? e.g. something like this? smbcacls //192.168.1.67/public . -U user%password Thanks. Regards, Shirish -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba Digest, Vol 129, Issue 1
I am Currently out of the office and will return on Monday 9th September. My email will not be monitor , so if you require assistance please email supp...@swift-computing.co.uk. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4/Windows DNS replication and administration issue
Hi all, I am having trouble with DNS replication between a Linux/Samba 4.0.9 box and Windows Server 2012 domain controller, as well as administering the Linux DNS from the Windows DNS Manager snap-in. First a little background. I am trying to integrate a Samba 4.0.9 server as a domain controller in an existing Windows Active Directory domain. The domain and forest are at Windows 2008R2 functional level with a single domain controller which was upgraded from Windows Server 2008 R2 to Windows Server 2012. I am running CentOS 6.4 x64, patched to current levels. I downloaded and installed the Sernet binaries for Samba 4.0.9 but ran into problems joining the domain. It failed with the following error: ERROR: no subClassOf 'top' for 'samDomain' I found a bug report for this error at https://bugzilla.samba.org/show_bug.cgi?id=8680 and rebuilt the Sernet RPMs with the patches implemented. This time I was able to successfully join the domain. Replication seems to be working but I do get a warning from samba-tool drs showrepl: KCC CONNECTION OBJECTS Connection -- Connection name: 3c20a62a-ad94-40ef-b346-ba8b15f829f8 Enabled: TRUE Server DNS name : server.example.com Server DN name : CN=NTDS Settings,CN=server,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com TransportType: RPC options: 0x0001 Warning: No NC replicated for Connection! The inbound and outbound neighbors all appear to be ok. I started out with internal DNS but when I was unable to get it working correctly, I switched to bind (Centos package bind-9.8.2-0.17.rc1.el6_4.6.x86_64). The problem is that when I try to administer DNS through the Windows DNS Manager snap-in, my forward domain fails to load, with an error indicating zone data may be corrupt (it opens fine on the Windows DNS server). Additionally, my reverse zone does not appear to have replicated to the Linux server. When I click on the forward zone in DNS Manager, I see the following in /var/log/messages: smbd[24043]: [2013/09/01 15:30:21.091035, 0] ../source3/rpc_server/svcctl/srv_svcctl_nt.c:326(_svcctl_OpenServiceW) smbd[24043]: _svcctl_OpenServiceW: Failed to get a valid security descriptorfree_pipe_context: destroying talloc pool of size 275 samba[19596]: [2013/09/01 15:30:25.505483, 0] ../source4/rpc_server/dnsserver/dcerpc_dnsserver.c:1068(dnsserver_query_zone) samba[19596]: dnsserver: Invalid zone operation IsSigneddnsserver: Invalid zone operation IsSigneddnsserver: Invalid zone operation IsSigneddnsserver: Found Unhandled DNS record type=49dnsserver: Found Unhandled DNS record type=49dnsserver: Found Unhandled DNS record type=49dnsserver: Found Unhandled DNS record type=49ndr_push_error(2): Bad switch value 49 at default/librpc/gen_ndr/ndr_dnsserver.c:544 samba[19596]: [2013/09/01 15:30:26.272723, 0] ../source4/rpc_server/dnsserver/dnsdata.c:354(dnsp_to_dns_copy) samba[19596]: dnsserver: Found Unhandled DNS record type=49dnsserver: Found Unhandled DNS record type=49dnsserver: Found Unhandled DNS record type=49dnsserver: Found Unhandled DNS record type=49ndr_push_error(2): Bad switch value 49 at default/librpc/gen_ndr/ndr_dnsserver.c:544 Querying DNS via nslookup/dig/host works fine but querying through samba-tool gives an error: # samba-tool dns query server.domain.com domain.com @ ALL GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'sasl-DIGEST-MD5' registered GENSEC backend 'schannel' registered GENSEC backend 'spnego' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered Using binding ncacn_ip_tcp:server.example.com[,sign] ERROR(runtime): uncaught exception - (-1073545204, 'NT_STATUS_RPC_BAD_STUB_DATA') File /usr/lib64/python2.6/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/lib64/python2.6/site-packages/samba/netcmd/dns.py, line 974, in run None, record_type, select_flags, None, None) and I see the following in /var/log/messages: samba[19596]: [2013/09/01 15:31:55.207112, 0] ../source4/rpc_server/dnsserver/dnsdata.c:354(dnsp_to_dns_copy) samba[19596]: dnsserver: Found Unhandled DNS record type=49dnsserver: Found Unhandled DNS record type=49dnsserver: Found Unhandled DNS record type=49dnsserver: Found Unhandled DNS record type=49ndr_push_error(2): Bad switch value 49 at default/librpc/gen_ndr/ndr_dnsserver.c:544 Any help would be much appreciated. Thanks, Pete -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba