Re: [Samba] I can not create Home DIR
add valid users = %S to [homes] and restart samba and try again Claudio Guzman wrote: when users enter the system can not see your home folder, or it asks the username and password denuevo. My configuration is Server + Samba + LDAP PDC Samba server that only has the shared folders and are accessed via winbind and pam # Global settings [global] display charset = LOCALE passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* idmap gid = 1000-33554431 passwd program = /usr/bin/passwd %u netbios name = srvsamba idmap uid = 1000-33554431 dos charset = CP850 local master = no workgroup = SERVER debug level = 9 os level = 0 security = domain log file = /var/log/samba/%m.log guest account = nobody smb passwd file = /etc/samba/smbpasswd load printers = no socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 wins server = 192.168.1.252 map to guest = Bad User domain master = no encrypt passwords = yes realm = template shell = /bin/false server string = srvsamba winbind enum users = Yes password server = 192.168.1.252 template homedir = /mnt/samba/home/%U winbind enum groups = Yes unix charset = UTF-8 preferred master = no pam password change = yes winbind use default domain = no [homes] comment = Home Directories browseable = no writeable = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming Profiles and Samba 3.4.x
not a fix, but permissions of 1777 would be slightly better. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind + Active Directory + email
could you send me the entire script? gregorcy wrote: Robert LeBlanc wrote: Ok, I can't seem to search for the right thing to get what I need. I'm looking for a solution where if quota or some other mailing system needs to send an email to an Active Directory user, that it uses the email address listed in Active Directory for that user. We are connected to Active Directory using winbind, on one system we are using pam_winbind, on another we are not. Of course, I'm looking for the simplest option. It seems that mail is being sent to user_at_hostname right now. Thanks, Robert LeBlanc Life Sciences Undergraduate Education Computer Support Brigham Young University Hi Robert, I used the ldapsearch command in a preexec script to create a .forward, the command I used was: # ldapsearch -D cn=SOMEFAKEUSERR,ou=Service,dc=domain,dc=utah,dc=edu -b ou=CHE_Users,dc=domain,dc=utah,dc=edu -w PASSWORD -x -LLL (sAMAccountName=00112413) mail | grep mail # Output looks like this: # mail: foo...@eng.utah.edu I can send the entire script if you are interested, the above is just what handles the email. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba+ldap
mien has about the same, and connects to LDAP fine, so i think you are ready. [r...@missioncontrol BackupPC-3.2.0beta0]# smbd -b|grep LDAP HAVE_LDAP_H HAVE_LDAP HAVE_LDAP_ADD_RESULT_ENTRY HAVE_LDAP_INIT HAVE_LDAP_INITIALIZE HAVE_LDAP_SASL_WRAPPING HAVE_LDAP_SET_REBIND_PROC HAVE_LIBLDAP LDAP_SET_REBIND_PROC_ARGS Paras pradhan wrote: Does this mean that my samba is ready to connect to LDAP server? r...@webdev # ./smbd -b |grep LDAP HAVE_LDAP_H HAVE_LDAP HAVE_LDAP_ADD_RESULT_ENTRY HAVE_LDAP_INIT HAVE_LDAP_INITIALIZE HAVE_LDAP_SET_REBIND_PROC HAVE_LIBLDAP LDAP_SET_REBIND_PROC_ARGS r...@webdev # Thanks! Paras. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.3.4 very slow file access times
Jeremy Allison wrote: On Wed, Oct 21, 2009 at 05:17:27PM -0700, John Goubeaux wrote: There are *so many* changes between 2.2.x and 3.2.x and beyond it's not even possible to list them all :-). Jeremy. just diff all the changelogs :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba+ldap
Paras pradhan wrote: On Fri, Oct 23, 2009 at 2:07 PM, mor...@tuxedo.darktech.org wrote: Most mainstream Linux distros are compiling in LDAP support these days, no problem. Debian, Ubuntu, Fedora and SuSE are all compiling in LDAP in their standard packages, AFAIK. I'm not sure what BSDs are doing these days, but I'd bet they're the same way. I am under solaris 9 (ancient) platform. Now my compilation seems to be OK, now need to find ways to connect this to the sun ldap server. Any info on this will be a great help Thanks Paras. in CentOS/Fedora you use nss_ldap, i'm not sure what solaris uses, maybe you can compile nss_ldap from source and setup /etc/ldap.conf and /etc/nsswitch.conf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Bind, DHCPD and Samba
is your smb server using dhcp? if so, google on dhclient on how to send the machine name. if the smb server uses static ip, then do rndc freeze zonename, edit the dns zone file by hand and update the serial, reload named, then do rndc unfreeze zonename. Matt Delves wrote: Hey Folks, I currently have bind and dhcpd configured to allow for dynamic updates, though when I try to manually add in the srv records required for correctly identifying the samba pdc, they get overwritten when bind starts. How can I modify the bind configuration so that it writes the correct information? Also, is there a way to have samba write the correct information to bind? As for the samba version, I'm using the default that comes with OpenSuSE 11.1. The same goes with the packages for bind and dhcpd. Thanks, Matt Delves -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Old application very slow
you might try adding: socket options = IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=65536 SO_SNDBUF=65536 SO_KEEPALIVE READ_SIZE=65536 use mmap = No use sendfile = Yes blocking locks = No read raw = no write raw = no kernel oplocks = no oplocks = yes level2 oplocks = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC upgrade / hardware replacement results
i think that testparm will show if any options are depreciated. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ldapsam, smbpasswd and posixAccount
are you loading samba.schema in your slapd.conf? Thorsten Scherf wrote: Hi, I have a setup with Samba (3.4) as PDC with ldapsam as backend. LDAP is managed by Samba, no external helper scripts. When I add a new user with smbpasswd -a foo it works fine, user is created and the openldap is populated with samba and posix attributes. Now, when I add a new user to the directory by running ldapadd against a ldif file which contains only posix related attrs, I thought, running smbpasswd -a would add the necessary samba attrs, but that's not the case. I see this problem: $ ldapadd -x -D cn=Manager,dc=tuxgeek,dc=de -f /tmp/posix.ldif -W adding new entry uid=schalke,ou=users,dc=tuxgeek,dc=de $ ldapsearch -xLLL uid=schalke dn: uid=schalke,ou=users,dc=tuxgeek,dc=de uid: schalke objectClass: account objectClass: posixAccount cn: schalke uidNumber: 10100 gidNumber: 10023 homeDirectory: /home/TUXGEEK/schalke loginShell: /bin/bash [r...@tiffy openldap]$ smbpasswd -a schalke New SMB password: Retype new SMB password: ldapsam_create_user: failed to create a new user [schalke] (dn = uid=schalke,ou=users,dc=tuxgeek,dc=de) Failed to add entry for user schalke. This is from the log: sambaAcctFlags objectClass Oct 6 18:05:26 tiffy slapd[5819]: conn=12 op=7 RESULT tag=103 err=20 text=modify/add: uid: value #0 already exists Could anybody shed some light on this? Cheers. Thorsten -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ldapsam, smbpasswd and posixAccount
try smbpasswd -x user, then smbpasswd -a user Thorsten Scherf wrote: On [Tue, 06.10.2009 12:13], Adam Williams wrote: are you loading samba.schema in your slapd.conf? yes. running smbpasswd -a works without any problem when the user doesn't already exists with posix-attrs in LDAP. Thorsten Scherf wrote: Hi, I have a setup with Samba (3.4) as PDC with ldapsam as backend. LDAP is managed by Samba, no external helper scripts. When I add a new user with smbpasswd -a foo it works fine, user is created and the openldap is populated with samba and posix attributes. Now, when I add a new user to the directory by running ldapadd against a ldif file which contains only posix related attrs, I thought, running smbpasswd -a would add the necessary samba attrs, but that's not the case. I see this problem: $ ldapadd -x -D cn=Manager,dc=tuxgeek,dc=de -f /tmp/posix.ldif -W adding new entry uid=schalke,ou=users,dc=tuxgeek,dc=de $ ldapsearch -xLLL uid=schalke dn: uid=schalke,ou=users,dc=tuxgeek,dc=de uid: schalke objectClass: account objectClass: posixAccount cn: schalke uidNumber: 10100 gidNumber: 10023 homeDirectory: /home/TUXGEEK/schalke loginShell: /bin/bash [r...@tiffy openldap]$ smbpasswd -a schalke New SMB password: Retype new SMB password: ldapsam_create_user: failed to create a new user [schalke] (dn = uid=schalke,ou=users,dc=tuxgeek,dc=de) Failed to add entry for user schalke. This is from the log: sambaAcctFlags objectClass Oct 6 18:05:26 tiffy slapd[5819]: conn=12 op=7 RESULT tag=103 err=20 text=modify/add: uid: value #0 already exists Could anybody shed some light on this? Cheers. Thorsten -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba as fileserver on Active Directory domain
did you set /shared/drive to 777 permissions? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] authenticating IIS 6.0 against samba?
I have a windows 2003 server joined to my domain. I'd like to have IIS 6.0 on the 2k3 server authenticating against samba so that windows sharepoint services can be used. I've tried getting NTLM authentication working following instructions at http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/7258232a-5e16-4a83-b76e-11e07c3f2615.mspx?mfr=true but I'm not having hany luck. I'm still getting access denied errors when trying to authenticate users in sharepoint services. Has any one got this working, and if so, any tips? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] authenticating IIS 6.0 against samba?
Jeremy Allison wrote: On Fri, Sep 11, 2009 at 01:00:15PM -0500, Adam Williams wrote: I have a windows 2003 server joined to my domain. I'd like to have IIS 6.0 on the 2k3 server authenticating against samba so that windows sharepoint services can be used. I've tried getting NTLM authentication working following instructions at http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/7258232a-5e16-4a83-b76e-11e07c3f2615.mspx?mfr=true but I'm not having hany luck. I'm still getting access denied errors when trying to authenticate users in sharepoint services. Has any one got this working, and if so, any tips? What version of Samba ? Post the debug logs ? Jeremy. 3.2.14 on fedora 10 core x86_64. When I go to http://sharepoint/ to load my sharepoint server, and put in my username and password, here's the debug log from /var/log/samba/log.sharepoint on my PDC. [2009/09/11 14:23:52, 3] smbd/process.c:process_smb(1550) Transaction 28 of length 468 (0 toread) [2009/09/11 14:23:52, 3] smbd/process.c:switch_message(1361) switch message SMBwriteX (pid 23751) conn 0x7ffee35d8850 [2009/09/11 14:23:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2009/09/11 14:23:52, 3] rpc_server/srv_pipe.c:api_rpcTNP(2308) api_rpcTNP: rpc command: NETR_LOGONSAMLOGON [2009/09/11 14:23:52, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1 [2009/09/11 14:23:52, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2009/09/11 14:23:52, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/09/11 14:23:52, 3] passdb/secrets.c:secrets_store_schannel_session_info(1216) secrets_store_schannel_session_info: stored schannel info with key SECRETS/SCHANNEL/SHAREPOINT [2009/09/11 14:23:52, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2009/09/11 14:23:52, 3] rpc_server/srv_netlog_nt.c:_netr_LogonSamLogon(928) SAM Logon (Network). Domain:[ADMIN]. User:[awill...@admlptp] Requested Domain:[ADMLPTP] [2009/09/11 14:23:52, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1 [2009/09/11 14:23:52, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2009/09/11 14:23:52, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/09/11 14:23:52, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2009/09/11 14:23:52, 3] auth/auth.c:check_ntlm_password(220) check_ntlm_password: Checking password for unmapped user [admlptp]\[awilli...@[admlptp] with the new password interface [2009/09/11 14:23:52, 3] auth/auth.c:check_ntlm_password(223) check_ntlm_password: mapped user is: [admin]\[awilli...@[admlptp] [2009/09/11 14:23:52, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1 [2009/09/11 14:23:52, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2009/09/11 14:23:52, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/09/11 14:23:52, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571) init_sam_from_ldap: Entry found for user: awilliam [2009/09/11 14:23:52, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/09/11 14:23:52, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2009/09/11 14:23:52, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/09/11 14:23:52, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/09/11 14:23:52, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/09/11 14:23:52, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2009/09/11 14:23:52, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/09/11 14:23:52, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/09/11 14:23:52, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344) init_group_from_ldap: Entry found for group: 100 [2009/09/11 14:23:52, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/09/11 14:23:52, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2009/09/11 14:23:52, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/09/11 14:23:52, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2009/09/11 14:23:52, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2009/09/11 14:23:52, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2009/09/11 14:23:52, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344
Re: [Samba] default profile
you can copy it manually form c:\docs and settings\username to \\server\profiles\username and then delete the local user and have them login and it should load their profile as a roaming user. Tamás Pisch wrote: 2009/9/1 Adam Williams awill...@mdah.state.ms.us Tamás Pisch wrote: 2009/8/31 Adam Williams awill...@mdah.state.ms.us awill...@mdah.state.ms.us my computer properties, advanced tab, user profiles. is user set to local and not roaming? does it only happen to certain local profile change local profile to roaming in the my computer properties, advanced, user profiles section. I cannot, because it is inactive (grayed). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] default profile
Tamás Pisch wrote: 2009/8/31 Adam Williams awill...@mdah.state.ms.us my computer properties, advanced tab, user profiles. is user set to local and not roaming? does it only happen to certain local profile change local profile to roaming in the my computer properties, advanced, user profiles section. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] default profile
my computer properties, advanced tab, user profiles. is user set to local and not roaming? does it only happen to certain users? or users that authenticate against the BDC? Tamás Pisch wrote: Hi, I installed a SaMBa PDC and a BDC. When I log in to an XP client with a new user, sometimes I get the initial profile settings from the netlogon share, but often from local. When I get the local default settings, it is not syncronized to the server at logout. Even if I get the new profile from the server, on the same client, next time, with a new user, I get the new profile from local. I don't understand why, and I didn't get error message/log. PDC's smb.conf: [global] dos charset = CP852 unix charset = UTF8 workgroup = PERCZELMOR server string = %h - PERCZELMOR PDC interfaces = 127.0.0.0/8, eth0 bind interfaces only = Yes passdb backend = ldapsam:ldap://127.0.0.1:389; log level = 1 auth:2 log file = /var/log/samba/log.%m max log size = 1000 smb ports = 139 name resolve order = wins host bcast time server = Yes printcap name = /etc/printcap rename user script = /usr/sbin/smbldap-usermod -r '%unew' '%uold' add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u add machine script = /usr/sbin/smbldap-useradd -w %u logon script = scripts\logon.cmd logon path = \\SRV3\profiles\%U logon drive = H: logon home = \\SRV3\%U domain logons = Yes preferred master = Yes wins support = Yes ldap admin dn = cn=su,dc=perczelmor,dc=site ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap machine suffix = ou=People ldap passwd sync = Yes ldap suffix = dc=perczelmor,dc=site ldap ssl = no ldap user suffix = ou=People eventlog list = Security, Application, Syslog usershare max shares = 0 usershare path = /home/samba/usershares panic action = /usr/share/samba/panic-action %d idmap uid = 1-2 idmap gid = 1-2 create mask = 0777 map acl inherit = Yes veto oplock files = /*.pdf/*.pst/ browseable = No csc policy = disable [netlogon] comment = Network Logon Service path = /home/samba/netlogon guest ok = Yes fake oplocks = Yes [profiles] comment = Users profiles path = /home/samba/profiles read only = No create mask = 0600 directory mask = 0700 profile acls = Yes BDC's smb.conf: [global] dos charset = CP852 unix charset = UTF8 workgroup = PERCZELMOR server string = %h - PERCZELMOR BDC interfaces = 127.0.0.0/8, eth0 bind interfaces only = Yes passdb backend = ldapsam:ldap://127.0.0.1:389; syslog = 2 log file = /var/log/samba/log.%m max log size = 1000 smb ports = 139 name resolve order = wins host bcast time server = Yes printcap name = /etc/printcap logon script = scripts\logon.cmd logon path = \\SRV3\profiles\%U logon drive = H: logon home = \\SRV3\%U domain logons = Yes domain master = No dns proxy = No wins server = 192.168.0.3 ldap admin dn = cn=su,dc=perczelmor,dc=site ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap machine suffix = ou=People ldap passwd sync = Yes ldap suffix = dc=perczelmor,dc=site ldap ssl = no ldap user suffix = ou=People eventlog list = Security, Application, Syslog usershare max shares = 0 panic action = /usr/share/samba/panic-action %d idmap uid = 1-2 idmap gid = 1-2 map acl inherit = Yes veto oplock files = /*.pdf/*.pst/ browseable = No [netlogon] comment = Network Logon Service path = /home/samba/netlogon guest ok = Yes fake oplocks = Yes Any idea? What can I check/change? Thanks, in advance. Tamas. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] most common way to implement 'net time' privileges
i just use WPKG and have a package that syncs the time as administrator each time the computer boots up -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] BDC Promotion and Netbios...
i'd probably just use netbios aliases = PDCNAME and rehash the config and see if that works first. Brian H wrote: We are replacing a failing PDC. When promoting a BDC to replace an existing PDC, can you change the NETBIOS name field to match that of the original PDC without causing problems? Brian H binaryno...@gmail.com http://www.binarynomad.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Permission Issues - Email found in subject - Email found in subject
did you notice you still have: security mask = 0755 shouldn't that be 0775? Shaun Martin wrote: Hi All, Anyone know why I am getting this issue? Thanks, Shaun From: Shaun Martin smar...@akazaresearch.com Date: Mon, 17 Aug 2009 09:14:40 -0400 To: Jeremy Allison j...@samba.org Cc: samba@lists.samba.org Subject: Re: [Samba] Permission Issues - Email found in subject - Email found in subject Hi All, Here is the version number. r...@akaza-fs:/usr/local/samba/sbin# ./smbd --version Version 3.2.0 r...@akaza-fs:/usr/local/samba/sbin# ./nmbd --version Version 3.2.0 Thanks, Shaun From: Jeremy Allison j...@samba.org Reply-To: Jeremy Allison j...@samba.org Date: Fri, 14 Aug 2009 14:46:57 -0700 To: Shaun Martin smar...@akazaresearch.com Cc: samba@lists.samba.org Subject: Re: [Samba] Permission Issues - Email found in subject On Fri, Aug 14, 2009 at 04:22:22PM -0400, Shaun Martin wrote: Hi All, I am trying to achieve something pretty simple. I have a samba share and I would like all new directories and files within that share to have 775 permissions. My config for that share is below. Whenever I create a dir I get 755 permissions. I have set every force permission their is. Both configs below produced the same directory. I feel like this should be very easy and my settings are correct. I have been managing samba server for years and have never run into this issue before. PLEASE HELP!! Thanks, Shaun ls of newly created dir drwxr-xr-x 2 smartin akaza 48 2009-08-14 16:15 shaun Orig Config: delete readonly = yes writeable = yes path = /shared force directory mode = 0775 force create mode = 0775 comment = Shared Files public = no create mask = 0775 directory mask = 0775 browseable = yes Crazy Config setting every force option: delete readonly = yes writeable = yes path = /shared force directory mode = 0775 force create mode = 0775 comment = Shared Files public = no create mask = 0775 directory mask = 0775 force directory security mask = 0775 directory security mask = 0775 force security mode = 775 security mask = 0755 browseable = yes That should work. What version of Samba ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Permission Issues - Email found in subject - Email found in subject - Email found in subject
i dunno, here's what I have on a share on my server and it works, i'm doing 777 however. [exec] path = /samba/executive force directory mode = 0777 browseable = Yes create mask = 0777 force create mode = 0777 directory mask = 0777 writeable = Yes force group = @ADMIN\executive inherit permissions = yes valid users = @executive write list = @ADMIN\executive csc policy = disable nt acl support = no force security mode = 777 msdfs root = yes Shaun Martin wrote: Hi, Thank you for noticting that, although it did not fix my issue. My current config is below. And below that is ls --lah on the new directories I made after I killed and restarted samba. PLEASE HELP :) [shared] delete readonly = yes writeable = yes path = /shared force directory mode = 0775 force create mode = 0775 comment = Shared Files public = no create mask = 0775 directory mask = 0775 force directory security mask = 0775 directory security mask = 0775 force security mode = 0775 security mask = 0775 browseable = yes I created both shaun and the sub-directory new. Still has 755 permissions. I want 775 permissions. root# ls -lah |grep shaun drwxr-xr-x 2 smartin akaza 48 2009-08-18 11:35 shaun root# ls -lah shaun/ total 1.0K drwxr-xr-x 3 smartin akaza 72 2009-08-18 11:35 . drwxrwx--- 21 smartin isovera 1.3K 2009-08-18 11:35 .. drwxr-xr-x 2 smartin akaza 48 2009-08-18 11:35 new Thanks, Shaun *From: *Adam Williams awill...@mdah.state.ms.us *Date: *Tue, 18 Aug 2009 09:28:02 -0500 *To: *Shaun Martin smar...@akazaresearch.com *Cc: *samba@lists.samba.org *Subject: *Re: [Samba] Permission Issues - Email found in subject - Email found in subject - Email found in subject did you notice you still have: security mask = 0755 shouldn't that be 0775? Shaun Martin wrote: Hi All, Anyone know why I am getting this issue? Thanks, Shaun From: Shaun Martin smar...@akazaresearch.com mailto:smar...@akazaresearch.com Date: Mon, 17 Aug 2009 09:14:40 -0400 To: Jeremy Allison j...@samba.org mailto:j...@samba.org Cc: samba@lists.samba.org mailto:samba@lists.samba.org Subject: Re: [Samba] Permission Issues - Email found in subject - Email found in subject Hi All, Here is the version number. r...@akaza-fs:/usr/local/samba/sbin# ./smbd --version Version 3.2.0 r...@akaza-fs:/usr/local/samba/sbin# ./nmbd --version Version 3.2.0 Thanks, Shaun From: Jeremy Allison j...@samba.org mailto:j...@samba.org Reply-To: Jeremy Allison j...@samba.org mailto:j...@samba.org Date: Fri, 14 Aug 2009 14:46:57 -0700 To: Shaun Martin smar...@akazaresearch.com mailto:smar...@akazaresearch.com Cc: samba@lists.samba.org mailto:samba@lists.samba.org Subject: Re: [Samba] Permission Issues - Email found in subject On Fri, Aug 14, 2009 at 04:22:22PM -0400, Shaun Martin wrote: Hi All, I am trying to achieve something pretty simple. I have a samba share and I would like all new directories and files within that share to have 775 permissions. My config for that share is below. Whenever I create a dir I get 755 permissions. I have set every force permission their is. Both configs below produced the same directory. I feel like this should be very easy and my settings are correct. I have been managing samba server for years and have never run into this issue before. PLEASE HELP!! Thanks, Shaun ls of newly created dir drwxr-xr-x 2 smartin akaza 48 2009-08-14 16:15 shaun Orig Config: delete readonly = yes writeable = yes path = /shared force directory mode = 0775 force create mode = 0775 comment = Shared Files public = no create mask = 0775 directory mask = 0775 browseable = yes Crazy Config setting every force option: delete readonly = yes writeable = yes path = /shared force directory mode = 0775 force create mode = 0775 comment = Shared Files public = no create mask
Re: [Samba] can not logon on windows after sometime
what version of samba? what version of openldap? what errors are you getting in /var/log/samba/* when you try to log in? Mohammad Reza Hosseini wrote: we are using samba on CentOS 5 with LDAP backend as a PDC. the problem is that after some times users can not logon to win XP clients and we must rejoin the clients to the domian so that users logon will be possible but again after some random time logon is not possible. any idea? thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] cant browse user home directories
Roger D Vargas wrote: Adam Williams escribió: What i want is to use default system users (/etc/passwd) for authentication. The problem is that i already have 2 domains, with users forced to have accounts in both, the mail password and the proxy password. Security policies requires changing all those passwords and I dont want to deal with a fourth password for samba. I know it is quite old idea, I implemented it almost 10 years ago, but people is used to access their home folders using their mail password and i would like to keep it that way. Also my resources are so scarce that I have a single server, so I cant research an ldap migration withouth breaking stuff in the server that handles mail ,proxy, samba and firewall. why not? i upgraded a live system from /etc/passwd to ldap and didn't break anything. you can use the migration scripts provided with openldap to load the users into ldap, and use pdbedit to import the tdbsam/smbpasswd users to openldap, then configure and enable nss_ldap so that now pam is authenticating users in ldap, delete the users from /etc/passwd, then config samba to use ldap and restart it. you can install microsoft virtual pc 2007 sp1 for free on a windows computer, and install linux in it and do all the testing you need. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] sharepoint services 3.0 and samba?
I'm not really sure where to ask this, so please, no flames! Has anyone been able to get microsoft sharepoint services 3.0 to work with authenticating my samba users that are in openldap? I have SPS 3.0 installed on a Windows 2003 Server that is joined to my samba domain and working ok, NT domain users can log into windows 2003 fine, but I can't get http://sharepoint to authenticate the users. i've tried ADMIN\awilliam and just awilliam with my password, but it kicks me out with an Access Denied error after a few tries. I'm not really sure if my problem lies with getting IIS to authenticate against samba/openldap, or if its a setting in sharepoint services, or what? I've google'd but haven't came across anything helpful. Any ideas? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Version of OpenLDAP to use with Samba
i'm running 2.4.12 on a fedora 10 server at work, and 2.4.15 on fedora 11 server at home, both work great. jamrock wrote: I have been using an old version of OpenLDAP on my Samba servers. I am setting up a new server and want to use a more recent version. What versions of OpenLDAP are people on the forum using with Samba? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4 on Centos 5.3
cd to samba-3.4.0/packaging/RHEL and run sh makerpms.sh then rpm -Uvh /usr/src/redhat/RPMS/X86_64/samba*3.4.0*.rpm smbpasswd -w /etc/rc.d/init.d/smb restart Niklas Saers wrote: Dear Sirs, I'm running a vanilla CentOS 5.3 server, and yum there has Samba 3.0.33. What's the recommended way to install Samba 3.4 as an upgrade over 3.0.33? Just ./configure make sudo make install ? Cheers Nik -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Word and Excel files are read-only when opening
i think force security mode = 777 in the share will fix this error. Robert LeBlanc wrote: I have not been able to resolve this problem, but I need to have default ACLs, so, I've croned a script to fix the permissions. I run this every 15 minutes and usually people don't notice it. When they call me, I ask them to wait until after the script runs again. I would really like to see Office fixed for this issue. Another weird thing is that it seems that for us, after the second person edits the file and saves it, the problem really doesn't show up again, at least in our testing. Here is my scripts: # fixfiles.sh #! /bin/bash /root/filecheck.sh | awk '{ print \42$0\42 }' | xargs --no-run-if-empty chmod -v u+w # filecheck.sh #! /bin/bash /usr/bin/find /ls/groups/ -perm -u+r ! -perm /u+w -printf %p\n It is pretty quick on our files system and only changes the files that are wrong. Robert LeBlanc Life Sciences Undergraduate Education Computer Support Brigham Young University On Mon, Jul 6, 2009 at 7:10 AM, Frank Bonnet f.bon...@esiee.fr wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello Well I have checked I there is no default ACL on the considered files d...@briannassaladdressing.com wrote: Frank, Another thing worth checking is default acl's. If default acl's exist, they can override the posix permissions. Run getfacl on the directory/file in question to see if there are any listings with default in them. The setting of default acl's has caused word/excel/access read-only problems for me more than once. Dale -Original message- From: Frank Bonnet f.bon...@esiee.fr Date: Fri, 03 Jul 2009 08:04:54 -0500 To: John Drescher dresche...@gmail.com Subject: Re: [Samba] Word and Excel files are read-only when opening John Drescher wrote: Since we started our new Samba + LDAP backend server yesterday some (not all) PC we have a problem with Word and Excel files that are marked read-only when users are trying to open them from their Samba network shares. This happen ONLY for *.doc and *.xls files , if we open and save a *.html file with Word it works ... Any info/help greatly appreciated. Thank you This probably is due to the fact that when Office saves a file it creates a new file it creates a temp file then deletes the old file then renames the temp file to the same name as the old file and in this case the os magically sets the permissions of the renamed temp file to what the old file had. The problem is that Linux does not have this weird filesystem behavior built in so you have to emulate this with samba. I believe some versons of samba required a create mask of 2777 to get this to work. BTW, this is discussed many times in the archives. John Hello John I've tried but it did not work for me . Frank - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.11 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkpR9+EACgkQ6f7UMO5oSsUE/gCdEK3qJs2ELkwqD3EAiR/a2kfn H0AAnA+3YVAFjY4zQUIHaN1c1HDLsecd =wKVV -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] login.bat has error?
sounds like your computer doesn't have a machine account. Mohsen Pahlevanzadeh wrote: Dear all, I ran PDC on smbpasswd auth. When i use following the command, i receive : // debian:/usr/local/etc/samba_3# ./bin/net rpc join mylove -U root Enter root's password: Creation of workstation account failed Unable to join domain MYLOVE. debian:/usr/local/etc/samba_3# /// my smb.conf is : [global] netbios name = mylove server string = Axjooon workgroup = mylove os level = 65 prefered master = yes domain master = yes local master = yes domain logons = yes ;misc options #socket options = TCP NODELAY IPTOS LOWDELAY SO SNDBUF=8192 SO RCVBUF=8192 time server = yes hide dot files = yes #client code page = 852 #character set = ISO8859-2 smb passwd file = /usr/local/etc/samba_3/lib/smbpasswd security = user guest ok = no invalid users = bin sys ftp man mail admin users = @admin wins support = yes # passdb backend = ldapsam:ldap://ldap1.company.com ldap://ldap2.company.com; # passdb backend = ldapsam:ldap://127.0.0.1/ # ldap admin dn = cn=Manager,dc=mylove,dc=com #ldap admin dn = cn=samba,ou=DSA,dc=company,dc=com # ldap suffix = dc=mylove,dc=com #ldap group suffix = ou=Groups #ldap user suffix = ou=Users #ldap machine suffix = ou=Computers #ldap idmap suffix = ou=Idmap #add user script = /usr/sbin/smbldap-useradd -m %u #ldap delete dn = Yes #delete user script = /usr/sbin/smbldap-userdel %u # add machine script = /usr/sbin/smbldap-useradd -t 0 -w %u # add group script = /usr/sbin/smbldap-groupadd -p %g #delete group script = /usr/sbin/smbldap-groupdel %g # add user to group script = /usr/sbin/smbldap-groupmod -m %u %g # delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g # set primary group script = /usr/sbin/smbldap-usermod -g '%g' '% u' #domain admin group = @admin #domain admin users = root #encrypt password = yes ;logging log level = 2 log file = /usr/local/etc/samba_3/var/log.%L max log size = 1 debug timestamp = yes syslog = 1 ;user roaming profiles path logon path = \\%N\profiles\%u ;general logon script logon script = logon.bat [netlogon] path = /home/samba/netlogon public = no writeable = no browseable = no valid users = r...@debian [profiles] path = /home/samba/profiles writeable = yes create mask = 0700 directory mask = 0700 browseable = no valid users = r...@debian // my login.bat is : /// @echo off rem by robowarp.deletet...@gmx.de leave to public as it is , dont think of asking me rem created for samba 3 login, the bat files were creted on the fly by genlogin.pl rem this script is only valid for win2000/NT/XP rem exec bat for logged in machine ( maybe software status or machine data ) echo %COMPUTERNAME% call %COMPUTERNAME%.bat rem exec bat for login user echo %USERNAME% call %USERNAME%.bat rem exec bat for different groups rem ifmember.exe must be in the netlogon share download it at microschrott ifmember Administrators if errorlevel 1 call Administrators.bat ifmember users if errorlevel 1 call users.bat // Please help me -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Re: can't access samba PDC after power cut
are you sure that ldap is running ok? i find that slapd on openldap doesn't like unclean shutdowns. Leonardo Carneiro wrote: Guys, you won't believe, but after ANOTHER unexpected power cut, the server is now running... kind off. After the unexpected reboot (my nobreaks aren't working) the command at least returns me a message requiring the password, but i cannot authenticate. same in windows. when i give a \\192.168.0.2, it does require the password, but i cannot authenticate. again, my, ldap backend is fine. Olivier Nicole escreveu: 'smbclient -L 127.0.0.1 -U lscarneiro' returns me the following message: Connection to 127.0.0.1 failed (Error NT_STATUS_CONNECTION_REFUSED) To me too, but I think that your smbclient command is not valid. It should rather be -I 127.0.0.1 I think. By the way, are you sure that your Samba server should be responding to the loopback address? Here it is not. Try 'netstat -na|grep 445' and see what IP address is listening. You write that: the samba server indeed starts But does it successfully start? Is it still runninng? Try 'ps auwx|grep mdb' you should see the nmbd and smbd processes. Bests, Olivier -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] group access to a share
here is what I use for a share: [finance] path = /samba/finance force directory mode = 0777 browseable = Yes create mask = 0777 force create mode = 0777 directory mask = 0777 writeable = Yes force group = @ADMIN\finance inherit permissions = yes valid users = @finance write list = @ADMIN\finance csc policy = disable nt acl support = no force security mode = 777 msdfs root = yes Gabriel Petrescu wrote: HI! I managed to add a samaba to a AD. Now I want as a share to be accesible only to marketing guys. I made added the following lines in smb.conf and restarted. [MarketingFiles] path = /var/www/mywebsite/ read only = no create mask = 0777 directory mask = 0777 valid use...@marketing writable = yes public=yes browseable=yes I checked using my user which is part of administrators group, and administrators group is part of marketing group. Theoretically should work , but it seems I made a mistake. Can you help me ? Thank you:) Gabi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] PDC - BDC Question
i'd just copy over everything in /etc/samba, and /var/lib/samba. and also run net getlocalsid and net getdomainsid and write down the number strings, and use net setlocalsid/setdomainsid on the new server. Nick Pappin wrote: Hi Everyone, I was wondering I am setting up a BDC at another physically separate location on a different subnet, and I am currently working on what files I need to have copied between the computers and which need to be made on each server. The specific question I am dealing with is what TDB files I need to replicate filesystems between the two servers. Below is a list of what the files I see in my samba directory are: account_policy.tdb ntdrivers.tdb ntforms.tdb share_info.tdb group_mapping.ldb ntprinters.tdb registry.tdb wins.dat private/schannel_store.tdb private/secrets.tdb I am wondering first which of these need to be replicated from server to server and which need to be unique to each server? For instance I know that account_policy.tdb can be replicated and needs to be because it holds all of the account policy information. The second thing I am wondering is what does each of these files do? I was hoping that someone could do a brief sentence or two about what each of these files do. Thanks for the help. -- W. Nick Pappin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Migration from samba-3.0.21b-i486 to samba-3.0.27a-x86_64 corrupts root group mapping
fix the sid with net setlocalsid and net setdomainsid. change the primary group SID with net groupmap, or if you use ldap, you can fix it in your ldap tree. damjanster wrote: Hello. I went and copied the config files from source/etc/samba/* and source/var/cache/samba/* to the target server and deleted the browse.dat and wins.dat files. The source and target servers have different IPs and hostnames, so we use netbios alias. This has worked fine a couple of years ago. Now after all files have been copied, the old server shut down and the new samba in place there are several differences between the systems: $pdbedit -vL root Unix username:root NT username: Account Flags:[U ] User SID: S-1-5-21-528702806-1563566892-1083768929-1000 Primary group for user root is a Local Group and not a domain group Primary Group SID:S-1-5-21-528702806-1563566892-1083768929-513 - the Primary Group SID is wrong. It should end with 512 (Domain Admins) - here it becomes -513 (Users) - all the permissions are therefor corrupt - no admin can login via windows XP clients. I have a test server where I've put all the linux user/group files from the source server and tried to place the same samba server there, but the result is exactly the same. net getlocalsid doesn't work on the source server (previously migrated from even older server) net getlocalsid DOMAINNAME returns the same value on source and target servers. net groupmap list shows a lot more groups on source server then target. What else can I try? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] PAM LDAP password change error
why not just use ldap passwd sync = yes, and then change passwords with smbpasswd? Tamás Pisch wrote: Hi, I go trough the SaMBa guide Making happy users secondly. I configure Debian Lenny on XEN. I have problem with PAM. When i try to change a user's password with smbldap-passwd it runs without error, but when i try to log in I get the Login incorrect message. When I try to change a user's password with passwd I get the Authentication service cannot retrieve authentication info message. I removed every ACLs from slapd.conf. I tried to follow the second version of the PAM configuration, because as I see on Debian, the pam-unix2.so doesn't support ldap. I didn't include pam_pwcheck.so, because it gave me an error about it doesn't find that module. /etc/pam.d/passwd: auth sufficient pam_ldap.so account sufficient pam_ldap.so password sufficientpam_ldap.so password requiredpam_unix2.so nullok use_first_pass use_authtok /etc/nsswitch.conf: passwd: files ldap group: files ldap shadow: files ldap Thanks, in advance. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Copy *just* user accounts from LDAP?
ldapsearch -v -x -h roark.mdah.state.ms.us -D cn=Manager,dc=mdah,dc=state,dc=ms,dc=us -w -b ou=People,dc=mdah,dc=state,dc=ms,dc=us somefile scp somefile over. load it with slapadd or ldapadd. jo...@primebuchholz.com wrote: Greetings All, I have a Samba-controlled domain, with everything in LDAP. I also have an off-site server that I rsync all our files to every couple hours. What I'd like to do is set up a new Samba domain on the off-site server so users can log into it for disaster recovery purposes - and I'd like to keep the user account information synchronized with the main server so user's passwords are the same, etc. - while leaving behind workstation accounts, etc. Does anyone have any ideas on how best to approach this? I guess what I'm asking is, I'm OK with slapcat/slapadd'ing periodically from the main server to the off-site server, but does anyone have ideas for how to filter just the user accounts into the LDIF? Thanks in advance, -John -- Please consider the environment before printing this e-mail. This e-mail is intended only for the named person or entity to which it is addressed and contains valuable business information that is privileged, confidential and/or otherwise protected from disclosure. Dissemination, distribution or copying of this e-mail or the information herein by anyone other than the intended recipient, or an employee, or agent responsible for delivering the message to the intended recipient, is strictly prohibited. All contents are the copyright property of the sender. If you are not the intended recipient, you are nevertheless bound to respect the sender's worldwide legal rights. We require that unintended recipients delete the e-mail and destroy all electronic copies in their system, retaining no copies in any media. If you have received this e-mail in error, please immediately notify us by calling our Help Desk at (603) 433-1143, or e-mail to i...@primebuchholz.com. We appreciate your cooperation. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC
what is the output of net getdomainsid? Boris Höffgen wrote: Hello, i migrate the machine and user accounts into a Samba PDC from a Windows NT domain with the command net. After that i generated the user passwords with the util smbpasswd. Samba is now the master and the domain PDC. But when the users try to login, the following error appeares in the logs: netlogon_creds_server_check failed. Rejecting auth request from client WS06 machine account WS06$. What must i do to solve the problem? pdbedit -Lv WS06$: Unix username:WS06$ NT username: WS06$ Account Flags:[W ] User SID: S-1-5-21-372180226-160714707-1039276024-1018 Primary Group SID:S-1-5-21-372180226-160714707-1039276024-513 Full Name: Home Directory: \\dc011\profiles\98\ws06_ HomeDir Drive:H: Logon Script: /home/samba/netlogon/ws06_.cmd Profile Path: \\dc011\profiles\xp\ws06_ Domain: BILLE Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: never Kickoff time: never Password last set:Di, 09 Jun 2009 11:46:19 CEST Password can change: Di, 09 Jun 2009 11:46:19 CEST Password must change: Di, 21 Jul 2009 11:46:19 CEST Last bad password : 0 Bad password count : 0 Logon hours : FF passwd: WS06$:x:1014:1010::/dev/null:/bin/false shadow: WS06$:!:14362:0:9:7::: Thanks and regards Boris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Set up Samba client to backup Windows XP home edition files
it would probably be easier to use smbtar. rocky Ou wrote: Hey, It seems that samba client could be used to back up Windows files. Am I right? To achieve this, I apt-get installed samba and set up it accordingly. Below is my smb.conf file /*==Begin=*/ [global] workgroup = HWWKM os level = 65 preferred master = Yes domain master = Yes wins support = Yes [KMOfficeShare] comment = For backup path = /home/samba read only = No /*End===*/ From my Windows XP home edition's Network Neighborhood I can see KMOfficeShare folder and can create file in it. At my Windows XP home edition machine, I have set WINS server IP to samba server IP and changed the workgroup to HWWKM for Windows machine. The smbclient -L gives me the below output: /*Smbclient Begin==*/ hww-debian1:/etc/samba# smbclient -L localhost Enter root's password: Domain=[HWW-DEBIAN1] OS=[Unix] Server=[Samba 3.2.5] Sharename Type Comment - --- IPC$IPC IPC Service (Samba 3.2.5) KMOfficeShare Disk For backup Domain=[HWW-DEBIAN1] OS=[Unix] Server=[Samba 3.2.5] Server Comment ---- WorkgroupMaster ---- HWWKMHWW-DEBIAN1 /*Smbclient end==*/ The Windows XP machine (named hww-laptop) is not listed at all. I'm runing Debian Lenny with Samba 3.2.5 installed. Can any of you tell me what I need to do to be able to use smbclient to access the Windows XP files and do the back up please? I really appreciate your help. Blessings, Rocky -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] password authentification
have you read chapter 7 of samba 3 by example.pdf? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Changing samba PDC version but keeping the same IP address
from the man page: netbios aliases (G) This is a list of NetBIOS names that nmbd will advertise as additional names by which the Samba server is known. This allows one machine to appear in browse lists under multiple names. If a machine is acting as a browse server or logon server none of these names will be advertised as either browse server or logon servers, only the primary name of the machine will be advertised with these capabilities. Default: netbios aliases = # empty string (no additional names) Example: netbios aliases = TEST TEST1 TEST2 i'd just give a CNAME in DNS to the new server with the old server's name, and use netbios alias so that the server also announces it's old name along with it's current netbios name =. that way you don't have to mess with registry edits or anything, the server will accept responses for both names. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Forcing samba to use a particular domain controller
change the ip of the wins server = in the [global] section Vic Simkus wrote: Hello Is there any way to force samba to use a particular domain controller? In our setup, two of the three domain controllers are 2008 and the version of samba we're using isn't working with 2008. So until we upgrade to a version that does work with 2008 I'd like to force it to use one of the domain controllers that is still 2003. Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] LDAP - valid users = @group
John H Terpstra - Samba Team wrote: Before claiming it is broken, please try: valid users = @DOMAIN\somegroup This change happened during the mid-3.0.x series and is documented in the WHATSNEW.txt file. - John T. I tried that with valid users = @ADMIN\is, and get the following error in the log file: [2009/05/21 13:17:51, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/05/21 13:17:51, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base = [ou=Group,dc=mdah,dc=state,dc=ms,dc=us], filter = [((objectClass=sambaGroupMapping)(|(displayName=is)(cn=is)))], scope = [2] [2009/05/21 13:17:51, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2459) ldapsam_getgroup: Did not find group, filter was ((objectClass=sambaGroupMapping)(|(displayName=is)(cn=is))) [2009/05/21 13:17:51, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/05/21 13:17:51, 5] smbd/share_access.c:token_contains_name(117) lookup_name ADMIN\is failed [2009/05/21 13:17:51, 10] smbd/share_access.c:user_ok_token(210) User awilliam not in 'valid users' [2009/05/21 13:17:51, 2] smbd/service.c:make_connection_snum(736) user 'awilliam' (from session setup) not permitted to access this share (is) [2009/05/21 13:17:51, 3] smbd/error.c:error_packet_set(61) error packet at smbd/reply.c(701) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED using valid users = @is lets me connect to the share ok. this is on samba 3.2.11 on fedora 10 x86_64. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] PDC: Linux Client can't join the domain.
try searching google for netlogon_creds_server_check: credentials check failed. since that is the error in the log. i've never seen it before. in reference to Another thing, after joined the domain, i can see domain users with getent passwd? Or I must add ldap support on the client computer? you'd need ldap support on the client computer, by configuring nss_ldap on it before getent passwd will show the domain users because getent is a POSIX binary, not something packaged with samba. Alessandro Baggi wrote: Another thing, after joined the domain, i can see domain users with getent passwd? Or I must add ldap support on the client computer? Thanks in advance Adam Williams wrote: i would delete uid=debian$,ou=Computers,dc=DOMINIO and load this ldif: dn: uid=debian$,ou=Computers,dc=DOMINIO objectClass: person objectClass: posixAccount objectClass: top objectClass: shadowAccount objectClass: organizationalPerson objectClass: inetOrgPerson cn: debian$ uid: debian$ sn: debian$ uidNumber: 1001 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer displayName: DEBIAN$ userPassword: {crypt}!! shadowLastChange: 13916 shadowMax: 9 shadowWarning: 7 then on DEBIAN do net join -D DOMINIO -S PDC_SERVER_NAME -U root%password -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Moving premises, new server at new building
I'd just have your current samba server as the master ldap server and PDC, and have the server at the other location be a BDC, and it can either be a slave ldap server, master/master ldap configuration, or just connect to the master ldap server directly for queries. i have a few remote sites on dsl or t-1 and they just query the LDAP server directly. also, with ldap you can specify the roaming profile location so just have the users at the remote site load their roaming profiles from the remote servers. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Move PDC to another server
did you move the .tdb files from the old server to the new one? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] LDAP - valid users = @group
I think groups are broken in samba 3.2 and 3.3. I have directories set 770 and folders 660 and owned by specific groups and use valid users = @somegroup and force group = somegroup and when people in the group try to write to the group they get NT_STATUS_ACCESS_DENIED errors. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Users can't login on Samba+Ldap
do you have ldap machine suffix = ou=Computers in smb.conf? dogb...@infinito.it wrote: If I join a workstation (directly by the workstation) it is added to ldap db but it doesn't see the domain until I manually add an entry for it in /etc/passwd -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Users can't login on Samba+Ldap
is ADAM the username of a user or a machine account? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] LDAP - valid users = @group
John H Terpstra - Samba Team wrote: Before claiming it is broken, please try: valid users = @DOMAIN\somegroup This change happened during the mid-3.0.x series and is documented in the WHATSNEW.txt file. - John T. Thanks, I had to do this to get it to work valid users = @is write list = @ADMIN\is force group = @ADMIN\is it didn't like valid users = @ADMIN\is for some reason however. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Users can't login on Samba+Ldap
can you post your /etc/nsswitch.conf? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: Fw: [Samba] HP Laserjet Printer Installation
your problem is with downloading cups, therefore your question should be posted to the cups mailing list. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Domain Server Problem, continued
i think you should be using security = user, read up on the samba howto about the different security = settings and what they do, but if you want your students to access a share to get a work document why not just create a guest share? or do students need to copy their completed work assignment back to your server? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Domain Server Problem
Vista/XP can only use one username/password per server per instance. For instance after booting up XP, if you successfully connect to \\water\homes as peteclapham, then you can't connect to \\water\archive as joestudent because XP/Vista can't handle multiple connections with the different usernames/passwords to the same server. samba can only be configured to authenticate against one source. be it smbpasswd, ldap, or tdbsam it can only be configured to authenticate against one of them at a time. it doesn't even look at /etc/passwd for authentication. even if you use encrypt passwords = no, the users have to be in smbpasswd. Pete Clapham wrote: Hi -- I have what I hope is a minor configuration problem. My PDC is configured so that it works just fine. I am trying to set up an additional domain server (not PDC or BDC), so that students can get to the material on the server. When I type net use w: \\water\archive (where water is the domain server and archive is a share), I invariably get the message that I need to input a user ID and password. If I put in my own ID/Password for the server (even though it's identical with the ID/password on the PDC) it goes through fine. However, if I am logged on to the network as another user and put in his/her ID/Password it doesn't work. My User ID/Password are the only combination on both the PDC and the additional server. If I try to log onto the additional server with a User ID/Password that's valid on the domain it doesn't work; If I try to log onto the additional server with a User ID/Password that's valid on the additional server it doesn't work. It would seem that SAMBA is looking at the Unix ID/Password on the PDC and the SMBPasswd on the additional domain server, and requiring that they both be the same -- so far that's mine. Does this make sense to anybody? And what do I need to do? I do have authentication set on the Additional Domain server to DOMAIN. Doesn't this mean that SAMBA should be reading both the Unix and SMBPasswd files on the PDC? Thanks for your help. cheers, pete -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] PDC: Linux Client can't join the domain.
i would delete uid=debian$,ou=Computers,dc=DOMINIO and load this ldif: dn: uid=debian$,ou=Computers,dc=DOMINIO objectClass: person objectClass: posixAccount objectClass: top objectClass: shadowAccount objectClass: organizationalPerson objectClass: inetOrgPerson cn: debian$ uid: debian$ sn: debian$ uidNumber: 1001 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer displayName: DEBIAN$ userPassword: {crypt}!! shadowLastChange: 13916 shadowMax: 9 shadowWarning: 7 then on DEBIAN do net join -D DOMINIO -S PDC_SERVER_NAME -U root%password Alessandro Baggi wrote: Ok. I've deleted the last ldap db, and renewed. I'm trying to add manually the machine trust account. This is an ldif from slapcat: dn: uid=debian$,ou=Computers,dc=DOMINIO objectClass: top objectClass: account objectClass: posixAccount objectClass: sambaSamAccount cn: debian$ uid: debian$ uidNumber: 1001 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer sambaSID: S-1-5-21-1849485170-1217343015-651458238-1001 displayName: DEBIAN$ sambaAcctFlags: [W ] sambaNTPassword: E5A8B99BEBA13E2AC86E4477CD0588DA sambaPwdLastSet: 1241268555 # smbpasswd debian\$ /*for the password, I've inserted the root domain password*/ After added the entry on ldap, I must add other for this user? if not, it still give me: [2009/05/02 15:12:29, 0] rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(520) _netr_ServerAuthenticate2: netlogon_creds_server_check failed. Rejecting auth request from client DEBIAN machine account DEBIAN$ [2009/05/02 15:12:29, 0] rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(520) _netr_ServerAuthenticate2: netlogon_creds_server_check failed. Rejecting auth request from client DEBIAN machine account DEBIAN$ and login on client Linux does not still work. Another issue is that sometimes smbldap-tools add machine account correctly...other not... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] PDC: Linux Client can't join the domain.
sounds like a problem with the smbldap-useradd tool. I've never used it because on centos and fedora i got perl errors when running them. so I just create the ldap accounts manually by loading an .ldif file. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] PDC: Linux Client can't join the domain.
paris$ should not have a SID until it creates it upon joining the domain. you should not have done smbpasswd -a -m paris, so if you did, do smbpasswd -x paris\$ and try rejoining. Alessandro Baggi wrote: Hi there. I've a problem with using samba as Primary Domain Controller with backend ldap. Version release (Samba 3.2.5, OpenLDAP 2.4.11) on Debian Lenny. When I try to join the domain with a Windows XP Pro Client, all works fine...profiles updating, logon, ecc..but when I try to join the domain with a Linux Client (Slackware 12.1) I get different errors: client:~# net rpc join -U root%password Joined Domain DOMINIO. and in samba log (log.___10.1.4.85): [2009/04/30 13:45:42, 0] rpc_server/srv_netlog_nt.c:get_md4pw(306) get_md4pw: Workstation PARIS$: no account in domain [2009/04/30 13:45:42, 0] rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(502) _netr_ServerAuthenticate2: failed to get machine password for account PARIS$: NT_STATUS_ACCESS_DENIED and samba add an entry-Computer account for paris$: # paris$, Computers, DOMINIO dn: uid=paris$,ou=Computers,dc=DOMINIO objectClass: top objectClass: account objectClass: posixAccount objectClass: sambaSamAccount cn: paris$ uid: paris$ uidNumber: 2008 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer sambaSID: S-1-5-21-1849485170-1217343015-651458238-1008 displayName: Computer sambaAcctFlags: [W ] Then, I try to log out from the client and try login with a user in ldap (I've tried with a PosixAccount and SambaAccount), but it doesn't work. If I try again to rejoin the domain, the client side give me: Joined Domain DOMINIO., but samba log (log.___10.1.4.85) give me: [2009/04/30 13:48:07, 0] rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(520) _netr_ServerAuthenticate2: netlogon_creds_server_check failed. Rejecting auth request from client PARIS machine account PARIS$ and I can't log-in in client side. These problems only when try to join domain from simple Linux client. I've also removed the entire ldap db, repopulate, but the problem persist. This is a client configuration problem or Server PDC configuration problem? Samba? or OpenLDAP? thanks in advance for help. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Bug in sernet RPM's postun?
there were various rpm build problems in samba 3.2.0 - 3.2.10 that have been fixed in 3.2.11. I would grab the source, untar it, and run ./packaging/RHEL/makerpms.sh Richard Foltyn wrote: Hi, I was just wondering whether this possible bug with the Sernet Samba3 RPMs for CentOS 5 is known, since it has not yet been fixed. When uninstalling the Sernet RPMs for Samba3 (in this case Samba 3.2.x) the %postun scriptlet fails every time with: # rpm -e samba3-3.2.0-36 /var/tmp/rpm-tmp.56356: line 2: fg: no job control error: %postun(samba3-3.2.0-36.x86_64) scriptlet failed, exit status 1 Consequently, yum reports an constantly increasing number of unfinished transactions and cannot uninstall outdated versions of Samba: # rpm -q samba3 samba3-3.2.1-37 samba3-3.2.3-37 samba3-3.2.5-37 samba3-3.2.6-37 samba3-3.2.7-37 samba3-3.2.7-38 samba3-3.2.8-38 samba3-3.2.10-38.el5 samba3-3.2.11-38.el5 Google finds several other people having the same problem for some months now. The solution is not to run %postun # rpm -e --nopostun samba3-3.2.1-37 but this does not work with yum and has to be done manually every time, so it would be great if this was fixed in some future release. Also, many thanks to the Sernet team for providing these RPMs. Richard -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] default printer selection based upon computer a user logs into
We are using roaming profiles. I have a user that logs onto two computers that are in different buildings. Computer 1 is collections w/ default printer HP Laserjet 4000DTN (10.8.9.223) and Computer 2 is salesshop w/ default printer HP Laserjet 4100DTN (10.8.3.31). The user complains that when she logs into salesshop, does her work, logs out, and then logs in at the collections computer, her default printer is no longer the HP Laserjet 4000DTN (even though as administrator on collections, the 4000DTN is the default printer). Is there some sort of way to collections to use the 4000DTN as the default printer? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Clarification of 'administrator' config w/ldap
no. the correct way to join a computer to the machine account is to either use the username root when you type in the domain on computer name properties, or a user who is in the ntadmins group that has SEMachineAccountPrivilege jeff sacksteder wrote: run smbpasswd -a root and put in root's password. So on a client machine, I can now authenticate with 'root' and the appropriate passwd, but shouldn't the smbusers mapping cause administrator to work the same way? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] A question about BDC's
sure you can if you are using an LDAP directory. just how crappy is your connection? because the BDC would need to either query the PDC's ldap directory directly, or be a slave (or master/master) and get account changes propagated to it. Then, you'd still need to get access to the files somehow such as using distributed filesystem (which would still get the files from your server and go over your low latency connection in real time) or mirror the files to your BDC using unison. Is there not money in your budget to upgrade your crappy connection? Are there things you can do to make your connection not as crappy such as installing a squid http proxy server? is your connection crappy because it is at 100% utilization or crappy because it goes up and down? Germán Bobr wrote: Hi, i have a samba server as PDC in my office. Now, some co-workers wants to access their files from outside. Making a VPN does not work because my office has a crappy connection. Is it possible to install a BDC in a datacenter for the remote people? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Clarification of 'administrator' config w/ldap
run smbpasswd -a root and put in root's password. create a unix group called ntadmins and put your username jsacksteder in it. then run: net groupmap add rid=512 ntgroup=Domain Admins unixgroup=ntadmins type=d then run: net rpc rights grant ntadmins SEMachineAccountPrivilege and enter root's password. now the user jsacksteder is a domain administrator that can join computers to the domain (And vista will recognize as an administrator when you install software and UAC prompts for a user/pass. jeff sacksteder wrote: As you say, I see 'root = administrator' in smbuser, but I am still unable to authenticate as administrator. During the authentication attempt the following log entry is recorded- check_ntlm_password: Authentication for user [administrator] - [administrator] FAILED with error NT_STATUS_NO_SUCH_USER I believe that I need to use make an entry with pdbedit linking the domain admin sid to root. However, trying that produces- smbldap_search_domain_info: Searching for:[((objectClass=sambaDomain)(sambaDomainName=MYDOMAIN))] smbldap_open_connection: connection opened Username not found! So what more do I need to add? On Sat, Apr 4, 2009 at 10:15 AM, Adam Williams awill...@mdah.state.ms.us wrote: root is mapped to windows Administrator account in /etc/samba/smbusers. however, since samba 3.0.11 you can make anyone a domain administrator (to add machine accounts, install software, etc) see http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/rights.html for more info. jeff sacksteder wrote: I have a mostly working config with the ldap backend, at least from the standpoint of standard domain users, but I'm not sure how my Administrator user needs to be configured. The os 'root' user is in /etc/passwd and all my normal users are in the directory for unified login purposes. Is the domain 'Administrator' account supposed to correspond to 'root' in the os, 'Manager' in the directory, or a just a privileged user in the directory? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Getting mad with group permissions
have you tried force group = or inherit permissions = yes? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [Release Planning 3.4] 3.4.0pre1 will be delayed
Peter Rindfuss wrote: I can confirm this. For testing purposes, I installed a fresh WinXP SP2 on a PC. I had no problems to join this machine to 3.2.10, but after the next login, the problems showed up as described. Peter I can also confirms it happens on Vista Business 32-bit. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba machine accounts problem
is nss_ldap configured to search for posix accounts in ou=hosts? Sven Buchstaller wrote: Hi list samba3-3.0.31-36 openldap2-2.3.43-1.1 my problem is i have stop my working openldap and restart it again, in the Log i see now = pdb_get_group_sid: Failed to find Unix account for ... a lot of machine accounts. Whats wrong? i must now all accounts rejoin to domain? example from a host # bart$, hosts, server.intern dn: uid=bart$,ou=hosts,dc=server,dc=intern objectClass: sambaSamAccount objectClass: posixAccount---unix account ? objectClass: account sambaDomainName: srv01 displayName: bart sambaPrimaryGroupSID: S-1-5-21-3991578539-3149662252-1894531253-515 sambaSID: S-1-5-21-3991578539-3149662252-1894531253-101524 gidNumber: 515 loginShell: /bin/false homeDirectory: /dev/null uid: bart$ cn: bart uidNumber: 50262 sambaPwdCanChange: 1196710001 sambaPwdMustChange: 1204486001 sambaAcctFlags: [WX ] sambaPwdLastSet: 1238649797 # search result search: 2 result: 0 Success mfg sven -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] directory permission problems
I have shares such as the one below. Users in the group (in this example, the group grants) can access the root directory of the share (\\roark\grants) just fine, and it and all files and subfolder permissions are 770 and owned by the group grants, but users have problems going into subfolders, getting access denied errors. Or, in the root directory they can create files, but not delete or rename them, even though the file is created with ownership of group grant, they are in the grants group, and permissions are 770. The only fix would be to chmod -R 777 /samba/grants. Has anyone had this problem or know of a solution? [grants] path = /samba/grants force directory mode = 0770 browseable = No create mask = 0770 force create mode = 0770 directory mask = 0770 force directory mode = 0770 writeable = Yes force group = grants valid users = @grants csc policy = disable profile acls = yes nt acl support = no force security mode = 777 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] directory permission problems
jerry wrote: You might want to search bugzilla.samba.org. There was a recent reporter having some broken behavior with force group. I don't remember the specifics or version. is there another way other then using force group = grants that will make the group ownership of any files/folders written to that share be owned by the group grants? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Dynamic Home Shares
see root preexec = in the man page. so when they go to %U$ (such as using logon home = z: ) it will run a script that creates the required directory in /home/pc/ Ken Lupo wrote: Hello, I am attempting to dynamically create user shares when they connect to the server based on their username. I cannot use [homes]. My reasoning for this is that the users require a $ at the end of the share or it becomes confusing to them(long story). What I'm seeing is that some Windows XP clients will connect to /home/username but other clients try to connect to /home/username_ (with an underscore). For a work around I have symlinked all home folders from username to username_ Here is my smb.conf file: [global] workgroup = PC realm = PC.DOMAIN.COM server string = FILE security = ADS log file = /var/log/samba/%m.log local master = No idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 winbind use default domain = Yes winbind offline logon = false store dos attributes = Yes ea support = Yes dns proxy = no socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 SO_KEEPALIVE inherit acls = yes inherit permissions = yes map acl inherit = yes [%U$] path = /home/PC/%U comment = Homes read only = No Any help would be greatly appreicated. Thank you, Ken -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] migrating Samba PDC to a new server
it should work ok. make sure to run net getlocalsid and net getdomainsid and write them down and on the new server do net setlocalsid and net setdomainsid if they are different. Kent Tong wrote: Hi, I'd like to migrate Samba 3.0.24-6etch10 PDC running on a Debian server to a new Ubuntu server. I plan to install Samba 3.0.28a-1ubuntu4.4 on the new server and then copy the files in /etc/samba and /var/lib/samba and copy the related Linux users in /etc/passwd and /etc/shadow. Will it work? Thanks in advance! - -- Kent Tong Wicket tutorials freely available at http://www.agileskills2.org/EWDW Axis2 tutorials freely available at http://www.agileskills2.org/DWSAA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Clarification of 'administrator' config w/ldap
root is mapped to windows Administrator account in /etc/samba/smbusers. however, since samba 3.0.11 you can make anyone a domain administrator (to add machine accounts, install software, etc) see http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/rights.html for more info. jeff sacksteder wrote: I have a mostly working config with the ldap backend, at least from the standpoint of standard domain users, but I'm not sure how my Administrator user needs to be configured. The os 'root' user is in /etc/passwd and all my normal users are in the directory for unified login purposes. Is the domain 'Administrator' account supposed to correspond to 'root' in the os, 'Manager' in the directory, or a just a privileged user in the directory? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba + LDAP = SLOW Help plesase
what indexes do you have in slapd.conf? what hardware is the server running on? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] A secondary domain controller for remote clients
first things first. are you running LDAP? Germán Bobr wrote: Hello I have a samba PDC in an office with folder redirection. The people wants to access their files remotely, so i have set up a simple hamachi VPN. The clients can connect and sinchronize their files, but its extremely slow. Is it posible to make a second samba server in a high speed datacenter sinchronized with the office one? Can anyone give me some info about how to do that? Thank you -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Enable samba BDC to allow writing to local LDAP
passdb backend = ldapsam:ldap://local_ldap.yourdomain.com ldap://remote_ldap.yourdomain.com; Leandro LATTANZIO wrote: How to configure smb.conf of a samba BDC server to allow that all changes (user's passwords changing, joining computers) was written to local LDAP. I´ve set remotes LDAP's (BDCs) with multimaster configuration via syncrepl. LDAP Multimaster feature works fine (N-way replication works perfectly) I need this configuration to void errors when a user must to change his/her password in a remote office (BDC) connected via WAN to central office (PDC), and the link is down. I use openldap 2.4.11 and samba 3.0.33 (on Redhat Enterprise Linux Server 5.2 x86_64) Thanks in advance. Regards. Leandro. Yahoo! Cocina Recetas prácticas y comida saludable http://ar.mujer.yahoo.com/cocina/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba/LDAP Backend: Error NT_STATUS_CONNECTION_REFUSED
did you run testparm -s and look for errors in smb.conf? you don't need these two lines in smb.conf anymore: passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* . since you are using ldap and have ldap passwd sync = yes also, your ldap admin dn is wrong. what is it in your slapd.conf file? it should be something like ldap admin dn = cn=Manager,dc=zmail,dc=ptest,dc=us did you do smbpasswd -w Todd E Thomas wrote: When I run this command I am not prompted for a password, I just get the below error. # smbclient -U root //zmail/homes Error connecting to 10.0.0.14 (Connection refused) Connection to zmail failed (Error NT_STATUS_CONNECTION_REFUSED) --- Now for the back story: CentOS v5.2 with Samba v3.0.28-1.el5_2.1 and Zimbra 5.0.11_GA on x86_64 hardware. I'm attempting to connect samba (PDC) with zimbra's included openldap. everything appeared to work correctly on an individual basis (samba, zimbra, openldap) and openldap appears to be working correctly via ldapsearch. Once I ran authconfig things went a little crazy for samba. I think it's not able to communicate with ldap and I'm not sure what tools and methods there are for a procedural verification of their intercommunication. Is there such a resource? As a result, there are a few errors. The one above and one other; smbd keeps dying on me. As I am a novice I'm not sure if these things are related or not. The conf is below. # service smb status smbd dead but pid file exists nmbd (pid 9072) is running... Thanks in advance, Todd E Thomas === The host is zmail = 10.0.0.14 --- [global] netbios name = zmail workgroup = OFFICE security = user server string = Palladium %v wins support = yes dns proxy = no name resolve order = wins hosts lmhosts bcast wins server = 10.0.0.14 log file = /var/log/samba/log.%m log level = 6 max log size = 1000 syslog only = no syslog = 0 panic action = /usr/share/samba/panic-action %d enable privileges = yes encrypt passwords = yes ## Use ldap for auth ldap passwd sync = yes passdb backend = ldapsam:ldaps://zmail.ptest.us/ # ldap port = 636 ldap admin dn = cn=config ldap suffix = dc=ptest,dc=us ldap group suffix = ou=groups ldap user suffix = ou=people ldap machine suffix = ou=machines obey pam restrictions = no passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* . domain master = yes domain logons = yes os level = 33 preferred master = yes local master = yes logon path = \\zmail.ptest.us\%U\profile logon home = \\zmail.ptest.us\%U add user script = /usr/sbin/adduser --quiet --disabled-password --gecos %u add machine script = /usr/sbin/adduser --shell /bin/false --disabled-password --quiet --gecos machine account --force-badname %u socket options = TCP_NODELAY [homes] comment = Home Directories browseable = yes read only = No valid users = %S [netlogon] comment = Network Logon Service path = /export/netlogon read only = yes write list = +ntadmin locking = no === -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re: problem with sambaNextRid (WAS: updating samba/ldap: do I need new attributes?)
Oh, i calculate the RID by hand and add it with net groupmap add rid= ntgroup=what ever unixgroup=whatever type=d and i think your math is wrong, it is group # * 2 + 1001. to get a UID's RID, it is uid * 2 + 1000. Thierry Lacoste wrote: Sorry if I missed your point but I have no problems with UIDs and GIDs. The smbldap-tools keep the next available ones in the attributes uidNumber and gidNumber of the sambaDomainName LDAP entry. The problem is that samba's RID calculation changed somewhere between 3.0.22 and 3.0.34. What should I do to upgrade as easily as possible from 3.0.22 (where RID=1000+2*UID) to 3.0.34 (where the next available RID is kept in the sambaNextRid attribute of the sambaDomainName LDAP entry)? If I don't deel with this change I will have SID clashes. Or did you mean that you assign SIDs by hand with ldif files? Regards, Thierry -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re: problem with sambaNextRid (WAS: updating samba/ldap: do I need new attributes?)
here usually the person's username is also their computer name. for instance, ou=People contains their username and their UID. then in ou=Computers for the computer they are on, the computer will have the same username, and the UID is the UID from people + 1. Thierry Lacoste wrote: I was talking about SID calculation for machine accounts upon domain joining. What is the relation that you have between SID and UID for a given machine? Can you handcraft this relation? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re: problem with sambaNextRid (WAS: updating samba/ldap: do I need new attributes?)
samba creates the RID when smbpasswd -a is used (or machine is joined to the domain). smbldap-tools creates an entry in ldap to keep up with the next available UID. i don't remember what it is. personally, I just use a text file that contains my next available UID and GID in it and increment when i add a user. i do everything by hand with .ldif files though. Thierry Lacoste wrote: Hello, I did the steps described below and I have a problem with machine RIDs. When I first join a machine, samba adds to my sambaDomainName ldap entry a sambaNextRid attribute with a value of 1000. Now samba uses this value (incremented each time) to give its RID to the machine. This is going to be a real problem as my current samba computes RDIs as 1000+2*UID. FWIW I'm using smbldap-tools to create user accounts and I have add machine script = /usr/local/sbin/smbldap-useradd -w '%u' in my smb.conf though I don't think it is relevant because AFAIK this script is only called to create the posix machine account. What are my options? If at all possible, I'd rather stick to the 1000+2*UID algorithm. I googled about it and I know that others where caught too but I wasn't able to find a solution. Regards, Thierry. Quoting Adam Williams awill...@mdah.state.ms.us: your steps are fine. you don't need the samba LDAP entries you listed, when ou do smbpasswd -a user, it will add the minimum required LDAP entries for samba. laco...@miage.univ-paris12.fr wrote: Hello, I plan to update my samba-3.0.22/openldap-2.3.24 to samba-3.0.34/openldap-2.4.15 and I'm currently testing it. This is on FreeBSD. My idea is : 1) slapcat the openldap server and save the various tdb files. 2) deinstall samba and openldap and wipe out the bdb files 3) install the newer versions 4) slapadd to the new openldap server This seems to work in my test lab. During my tests I also built a new domain afresh and realized that the sambaDomainName ldap entry has some attributes that are not in my production server: sambaMinPwdLength, sambaLogonToChgPwd, sambaLockoutDuration, sambaLockoutObservationWindow, sambaLockoutThreshold, sambaForceLogoff. Do I have to add these attributes to my ldif file before slapadd? More generally, do I have to add some attributes to my ldap entries? Regards, Thierry -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] smbldap and samba as a PDC
i never could get smbldaptools to work properly (on fedora and centos), i always got various perl errors. i just create the machine accounts by hand. LiPi - wrote: Hi people, I have a problem with samba, openldap and the creation of machine accounts. I don't know if here is a good place to ask but I don't receive help in other places.. I read many guides, howto's, etc. but I can't get around with the solution... I have seen an older message to another list (mail.gna.org) asking for the same problem that I have, it was: - [Smbldap-tools-tech] Problem creating machine accountshttps://mail.gna.org/public/smbldap-tools-tech/2008-09/msg1.html, *Jonathan Warrington (September 24, 2008 - 19:24)* I didn't know if Jonathan received a response, but I have two problems, one is exactly the same that's described there, and the other is explained as follows: I have samba + ldap PDC with smbldap-tools, and when I try to join the domain I get these error: r...@patata:/# net rpc join -U administrador Password: Creation of workstation account failed Unable to join domain TESTING. If I take a look to the logs...: 2009/03/19 20:18:42, 0] passdb/pdb_interface.c:pdb_ default_create_user(329) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w patata$' gave 127 Then manually, smbldap-useradd -w patata$: Error: modifications require authentication at /usr/share/perl5/ smbldap_tools.pm line 1083. And if I create the machine account from phpldapadmin, it works perfectly. What can I do? I tried: net -U administrador% rpc rights grant 'TESTING\smbadmins' SeMachineAccountPrivilege, also tried to modify smbldap.conf and smbldap_bind.conf, and I got nothing... I followed many howto's and surelly there is something that i'm not understanding, but I don't know what. Any suggestion would surely be helpful. getent passwd and getent group works well. If I try to add a machine account from phpldapadmin, all goes right. This is my smbldap config: http://pastebin.ca/1365687 And this my smb.conf: http://pastebin.ca/1365698 Thank you all. LiPi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba LDAP troubleshooting
Brad C wrote: Hi There, Yep, Ok now I understand the SID needs to be the same as the server the client formed the initial security relationship with, Is this correct? Kind Regards Brad yes. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] help - logon script
have you put that regedit4 data into a file and ran it with regedit /s time.reg in their login script? yudi shiddiq wrote: Hello everybody... I need help about logon script, this time i want to change time format from 12 format to 24 format on pc client. I'm using samba 3.0.20 on PDC and the client is mostly win xp but we have pc with os win ME too. I change from logon.exe that i put on every user directory which has script like this REGEDIT4 [HKEY_CURRENT_USER\Control Panel\International] iTime=1 sTimeFormat=HH:mm:ss But when i try to login the time format doesn't change it still in 12 format, i've tried many times but still the same. Is there any clue... I'm sorry if there is any mistake on my english.:) Thx -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] WinXP altering user...
your english is kind of broken. you don't want the windows logon screen for the user to log into on boot? if so, don't have the xp computers joined to the domain and have the users access their home directory by typing in my computer's address bar, \\server\homes ROUMPEKAS XRHSTOSNEKTARIOS wrote: I have a set of PCs running WinXP and an Ubuntu Machine running Samba 3.0.28a. I am trying to achieve that each user that sits @ a PC be able to loging with their credentials and have their homes directory without login-logoff of each user at the station via the WinXP loging-logout screen. Any ideas?? C. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba LDAP troubleshooting
well the user's sid is invalid. does it match the domain's sid with net getdomainsid? Brad C wrote: Hello I'm hoping someone can provide some insight, sample snippet from smb.conf and the samba log. Password authentication is working succeeding, complains about an invalid SID which I know is the trust relationship that is formed between server and client, this is a duplicate ldap database from a samba domain controller. On the topic, anyone have a good book to recommend on Samba, I feel I am only using 10% of its capability and not really well at that... something is staring me in the face and Im missing it. [global] workgroup = companyx printing = cups hosts allow = 192.168.1.printcap name = cups printcap cache time = 750 cups options = raw map to guest = Bad User include = /etc/samba/dhcp.conf security = user encrypt passwords = Yes obey pam restrictions = No log level = 2 passdb backend = ldapsam:ldap://127.0.0.1/ ldap admin dn = cn=manager,dc=companyx,dc=co,dc=za ldap suffix = dc=companyx,dc=co,dc=za ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap idmap suffix = ou=Users ldap ssl = off ldap delete dn = Yes [testdir] comment = test1 path = /data/test browseable = yes writable = yes read only = no available = yes valid users = bradleyc admin users = bradleyc [2009/03/13 08:36:39, 2] lib/access.c:check_access(406) Allowed connection from ___192.168.2.154 (:::192.168.2.154) [2009/03/13 08:36:39, 2] lib/smbldap.c:smbldap_open_connection(796) smbldap_open_connection: connection opened [2009/03/13 08:36:39, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571) init_sam_from_ldap: Entry found for user: bradleyc [2009/03/13 08:36:39, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344) init_group_from_ldap: Entry found for group: 513 [2009/03/13 08:36:39, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344) init_group_from_ldap: Entry found for group: 513 [2009/03/13 08:36:39, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344) init_group_from_ldap: Entry found for group: 1010 [2009/03/13 08:36:39, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344) init_group_from_ldap: Entry found for group: 512 [2009/03/13 08:36:39, 2] auth/auth.c:check_ntlm_password(308) check_ntlm_password: authentication for user [bradleyc] - [bradleyc] - [bradleyc] succeeded [2009/03/13 08:36:39, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344) init_group_from_ldap: Entry found for group: 544 [2009/03/13 08:36:39, 2] lib/access.c:check_access(406) Allowed connection from :::192.168.2.154 (:::192.168.2.154) [2009/03/13 08:36:39, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571) init_sam_from_ldap: Entry found for user: bradleyc [2009/03/13 08:36:39, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344) init_group_from_ldap: Entry found for group: 513 [2009/03/13 08:36:39, 0] passdb/passdb.c:lookup_global_sam_name(595) User bradleyc with invalid SID S-1-5-21-1571991244-1820204139-1100571284-3420 in passdb [2009/03/13 08:36:39, 2] smbd/service.c:make_connection_snum(736) user 'bradleyc' (from session setup) not permitted to access this share (testdir) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] updating samba/ldap: do I need new attributes?
your steps are fine. you don't need the samba LDAP entries you listed, when ou do smbpasswd -a user, it will add the minimum required LDAP entries for samba. laco...@miage.univ-paris12.fr wrote: Hello, I plan to update my samba-3.0.22/openldap-2.3.24 to samba-3.0.34/openldap-2.4.15 and I'm currently testing it. This is on FreeBSD. My idea is : 1) slapcat the openldap server and save the various tdb files. 2) deinstall samba and openldap and wipe out the bdb files 3) install the newer versions 4) slapadd to the new openldap server This seems to work in my test lab. During my tests I also built a new domain afresh and realized that the sambaDomainName ldap entry has some attributes that are not in my production server: sambaMinPwdLength, sambaLogonToChgPwd, sambaLockoutDuration, sambaLockoutObservationWindow, sambaLockoutThreshold, sambaForceLogoff. Do I have to add these attributes to my ldif file before slapadd? More generally, do I have to add some attributes to my ldap entries? Regards, Thierry -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Howto force all users of a samba domain controller to change their password ?
or just use the source .tar.gz file and extract into /var/www and setup config.php BOURIAUD wrote: On Wednesday 11 March 2009 14:56:41 you wrote: Ldap Account Manager (LAM) is a web interface to LDAP. With it, you can define Minimum password length, Minimum lowercase characters, Minimum uppercase characters, Minimum numeric characters, Minimum symbolic characters, Minimum character classes, etc. http://lam.sourceforge.net/ Thanks a lot ! This seems to be a really great app. It doesn't seems to be available for rhel5, but I think I can manage to install it since fedora rpm are downloadable. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Complex [homes] rule
add veto files = /*.mp3/*.wma/ so that they don't fill up their home directories with mp3's. might also want hide dot files = yes and follow sym links = yes David Markey wrote: [%U] comment = Home Directories browseable = yes read only = no path = %H valid users = @DOMAIN\postgrad ea support = yes store dos attributes = yes map readonly = no map archive = no map system = no hide files = /*.desktop/*.ini/ This seems to be working exactly the way I want it to. Does anyone see any security issues with the above configuration? Thanks for all the replys! On Tue, 10 Mar 2009 18:10:11 +, David Markey dmar...@dodds.dmarkey.com wrote: No.. I want only postgrad group to have access but I dont want them to access anyone elses home directory as discussed previously(using the valid users = %D%w%S). In other words i need some kind of AND statement. i.e. valid users = @DOMAIN\postgrads AND %D%w%S On Tue, 10 Mar 2009 14:04:29 -0400, Andrew Chaplin chaplina+sa...@canisius.edu wrote: I think you are saying you only want the postgrad group to have access to their home directory share. Look at the smb.conf entry for valid users. David Markey wrote: I really think i have explained the situation enough and its not that complex. I only want the users in the postgrad group to get access to their home directories via samba but i dont want them to be able to access anyone elses. include = %D%w%S.smb.conf wont work, that would obviosly mean id need an include for for every user in the postgrad group i.e. DOMAINdmarkey.smb.conf DOMAINjoebloggs.smb.conf which is not what i want. On Tue, 10 Mar 2009 18:08:15 +0100, Stéphane PURNELLE wrote: Could you provide more information about your configuration. a homes share with two access, why ? A idea : about include parameter, if you edit your smb.conf and put end of the file the homes shares and the include parameter like : include = %D%w%S.smb.conf [homes] ... valid user= @postgrad and ofcourse define on %D%w%S.smb.conf (the correct homes share for %D%w%S) --- Stéphane PURNELLE stephane.purne...@corman.be Service Informatique Corman S.A. Tel : 00 32 087/342467 samba-bounces+stephane.purnelle=corman...@lists.samba.org a écrit sur 10/03/2009 17:52:07 : If you are referring to http://marc.info/?l=sambam=122692173903872w=2 This doesnt work for me because postgrad isnt the primary group of those particular users. On Tue, 10 Mar 2009 16:18:44 +, Miguel Medalha wrote: Im my [homes] share i want to have two access rules. First one is %D%w%S so that DOMAINdmarkey will only be able to access his own home directory and nobody elses But I only want users in the postgrad group to be able to access their home directory. That question has already been solved in previous posts. Please search the list. The solution lies with the use of the include parameter. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [Release Planning 3.3] 3.3.2 on March 12 2009
Would you be able to add this patch to the 3.3.2 release? https://bugzilla.samba.org/show_bug.cgi?id=6144 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [Release Planning 3.3] 3.3.2 on March 12 2009
Oops, nevermind, I see you already replied to my question yesterday. Thanks :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba profiles for Win XP Pro
setup samba to server roaming profiles, and for specific users turn off roaming profiles on the XP computer using gpedit.msc, not specifying the sambaProfilePath in LDAP, or on my computer properties, advanced, users, change their profile from roaming to local. Greg Charles wrote: Hello, I am new to Samba. I have not actually set it up yet aside from a test bed. I'm wanting set up a Samba server in which Windows XP boxes will authenticating to, as a Domain Controller. Is it possible to set up Samba to have some profiles that are roaming while having other profiles that are not roaming? Thank you for your time, Greg -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] vlan problem
whats the smb.conf of the samba server? did you do smbpasswd -w? Mohammad Reza Hosseini wrote: hello, I want to use a samba server and an ldap server in two different lans. but win xp pc can not join to pdc domain. i ping the ldap server and smbldap-usershow shows the users but the net rpc getsid can not fetch sid and coputers can't be added to ldap. any idea? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 LDAP account db concepts
yes you will still need to use nss_ldap to authenticate for unix shell accounts, imap, etc. i can't answer your other questions as i build the RPMs with the provided scripts. John Goubeaux wrote: Folks, I some very basic questions with regard to Samba and LDAP backend account database use. I am familiar with LDAP and have been using ldap for a while now to store info for a variety of services. I have been using Samba as a stand alone file server with user account info in /etc/passwd for a while as well. I am now trying to build samba 3.3.0 as a standalone, non PDC, on solaris 10 using a SUN DS 5.2 as my back end account db. I have read through much of the available documentation and it seems clear that one can achieve a setup where ALL of the user account info can be stored in a DS however i am confused by some of what I am reading, for example the The Official Samba 3.2.x HOWTO and Reference Guide in chp 11 says: There are a few points to stress that the ldapsam does not provide. The LDAP support referred to in this documentation does not include: A means of replacing /etc/passwd. Do I still need to employ LDAP NSS and PAM modules ? Ver 3.3.0 does not seem to support a configure --with-ldapsam option, does this mean that the defualt --with-ldap installs what used to be done with ldapsam ? The referenced Samba (v.3) PDC LDAP howto by Ignacio Coupeau (2004) is achieved with configure --with-ldapsam and no mention of pam modules is made. So, my basic question is: What are my options, given what i want to achieve? And can someone shed some more light on the concepts involved ? Thanks in advance and sorry if I have missed something obvious in the docs. -john -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Upgrade samba from 3.28 to 3.29 to fix winbind issue.
tar -zxvf samba-3.0.33.tar.gz cd samba-3.0.33/packaging/RHEL/ sh makerpms.sh should build the RPMs also. Toby Bluhm wrote: Turner, Justin H Contractor wrote: How do you upgrade samba from 3.0.28 to 3.0.29 to fix winbind issue? My OS is CentOS 4.5. I haven't been able to find a RPM above 3.0.28. for samba built from src will put stuff in places different from where an rpm package will put them - probably why it didn't work as an upgrade to a working RH type server for you. I needed 3.0.33 to fix a SolidWorks problem, so I did the following for WhiteboxLinux 4. I expect if it's changed where needed, should work for Centos 4. rpm -ihv samba-3.0.25b-1.el4_6.4.src.rpm Put samba-3.0.33.tar.gz in /usr/src/whitebox/SOURCES/ Remove the old /usr/src/whitebox/SOURCES/samba-3.0.25b.tar.gz Remove the /usr/src/whitebox/SOURCES/*.patch files Edit /usr/src/whitebox/SPECS/samba.spec: old: Version: 3.0.25b old: Release: 1%{dist}.4 new: Version: 3.0.33 new: Release: 1.4 remove: all lines with Patch remove: all lines with %patch remove: --with-mmap \ remove: --without-smbwrapper \ remove: %doc docs/REVISION docs/Samba3-ByExample.pdf docs/Samba3-Developers-Guide.pdf rpmbuild -bb /usr/src/whitebox/SPECS/samba.spec rpm -Uhv /usr/src/whitebox/RPMS/i386/samba*3.0.33-1.4.i386.rpm service smb stop service smb start I found the /usr/src/whitebox/BUILD/samba-3.0.33/packaging/RHEL/samba.spec file from the 3.0.33 tarball later on, but since my way was already working for me, I didn't bother trying it out. As always, YMMV. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba + RAID + High speed...
you're bonded to 6G of bandwidth when SATA II's bus speed is 3G. SAS II has a 6G bus, but really I think you'll hit the read/write limits of the drives way before you hit the 6G data transfer limit. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Source RPM compile error
https://bugzilla.samba.org and submit a bug :) Dimitri Yioulos wrote: Hi, all. I have several boxes with CentOS versions 3.x, 4.x, and 5.x running in my shop, with Samba loaded on many. I've been able to stay on the current version of Samba in CentOS 4.x and 5.x using the source RPM from Sernet. However, I'm not able to upgrade Samba on the CentOS 3.x boxes. Here's the error I get when I run rpmbuild --rebuild --clean samba-3.2.7-38.src.rpm: + mkdir -p /var/tmp/samba3-3.2.7-build//usr/lib/krb5/plugins/libkrb5 + cp -p source/bin/winbind_krb5_locator.so /var/tmp/samba3-3.2.7-build//usr/lib/krb5/plugins/libkrb5 cp: cannot stat `source/bin/winbind_krb5_locator.so': No such file or directory error: Bad exit status from /var/tmp/rpm-tmp.4484 (%install) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.4484 (%install) Has anybody encountered and overcome this problem? Better still, has anyone successfully compiled from source RPM and installed recent versions of Samba on CentOS 3.x boxes? Thanls. Dimitri -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba + LDAP problem
http://www.samba.org/samba/docs/man/Samba-Guide/happy.html#sbehap-massive Samba-3 generates a Windows Security Identifier (SID) only when smbd has been started. For this reason, you start Samba. After a few seconds delay, execute: root# smbclient -L localhost -U% root# net getlocalsid A report such as the following means that the domain SID has not yet been written to the secrets.tdb or to the LDAP backend: [2005/03/03 23:19:34, 0] lib/smbldap.c:smbldap_connect_system(852) failed to bind to server ldap://massive.abmas.biz with dn=cn=Manager,dc=abmas,dc=biz Error: Can't contact LDAP server (unknown) [2005/03/03 23:19:48, 0] lib/smbldap.c:smbldap_search_suffix(1169) smbldap_search_suffix: Problem during the LDAP search: (unknown) (Timed out) The attempt to read the SID will cause and attempted bind to the LDAP server. Because the LDAP server is not running, this operation will fail by way of a timeout, as shown previously. This is normal output; do not worry about this error message. When the domain has been created and written to the secrets.tdb file, the output should look like this: SID for domain MASSIVE is: S-1-5-21-3504140859-1010554828-2431957765 If, after a short delay (a few seconds), the domain SID has still not been written to the secrets.tdb file, it is necessary to investigate what may be misconfigured. In this case, carefully check the smb.conf file for typographical errors (the most common problem). The use of the testparm is highly recommended to validate the contents of this file. Hello everyone, I have a question here that has been giving me troubles : I installed my PDC with samba + LDAP... everything seems to work just fine (user creation, population, groups, users and machines connecting to the domain)... but one thing keeps not working : net getlocalsid... I keep getting this message : Can't fetch domain SID for name: MACHINENAME I searched the internet like crazy even asked in IRC channels but no luck... can anyone enlight me on this one ? Thanks, A. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem with offline drive
Walter Mautner wrote: Bad. Storing mail databases on network drives (in particular when they become bigger) or storing them on a roaming profile path is not supported for Microsofts e-mail programs. Even though Thunderbird/Mozilla don't explicitely forbid it, it is also bad for Thunderbird. You would be far better with plain local storage and synchronization or imap/offline imap. As a workaround, change the mail profile to a local path and use Microsoft synctoy to sync with the path in M: when online. For Gods sake, disable offline file function in XP. Yes I agree here. You can hack the registry to save the Local Settings folder with the roaming profile, or change the location of outlook.pst. But when your users aren't locally on your network, they won't have a connection to M:, hence outlook breaks. Here we use Seamonkey and IMAP, so that all mail stays on the server. You should really be using imap, it helps keeps the profile smaller, and with the mail being stored on the server, its better for backups and archiving. I also agree to disable offline files. If it syncs when logging off, its no better then using a roaming profile, and if you have it sync at a certain time of day, if the user makes any changes after that time, they are log when they unplug themselves. Personally, I use roaming profiles, and tell my users if they are taking a notebook out of town, copy the files they think they will need to their desktop because i redirect my documents to a folder on their home drive to make the roaming profiles save and load quicker. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.2.7 and XP authentication error
i had a similar problem on 3.0.25 or so and up, and putting msdfs root = yes in the global section fixed it for me. Waltari Harri wrote: List, Long and confusing message follows... I'm facing a frustrating problem. XP clients can use resoures on the samba server by IP-address, but not by name. So, net view \\servername gives access denied but net view \\ipaddress gives list of shared resources. Samba server (3.2.7 sernet rpm) is a member server in W2003 domain. I emphasise that with version 3.2.2 or 3.2.3 (around Oct..Nov 2007) and exactly same configuration everything did work perfectly. After that there has been a couple months worth of win hotfixes and upgrade to 3.2.7. I did read the change texts, but didn't find a clue there. Below is level 5 log when client does net view: [2009/01/28 11:03:39, 3] libads/kerberos_verify.c:ads_secrets_verify_ticket(282) ads_secrets_verify_ticket: enc type [23] failed to decrypt with error Decrypt integrity check failed [2009/01/28 11:03:39, 3] libads/kerberos_verify.c:ads_verify_ticket(458) ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type) [2009/01/28 11:03:39, 1] smbd/sesssetup.c:reply_spnego_kerberos(350) Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE! I foud a entry in bugzilla (https://bugzilla.samba.org/show_bug.cgi?id=1010). The symptoms are the same but I do not have permitted enctypes defined in the krb5.conf. Like in the bugzilla entry, command line authentication works, but somehow samba just cant use it. # wbinfo -a userid%password plaintext password authentication succeeded challenge/response password authentication succeeded Samba does not try to communicate with the domain controllers when client does net view. Here's a capture of what happens (192.168.2.6 is the samba server and .128 is the xp client): Capturing on eth0 0.00 192.168.2.6 - 192.168.2.128 TCP microsoft-ds 15644 [SYN, ACK] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460 WS=7 0.000792 192.168.2.6 - 192.168.2.128 TCP microsoft-ds 15644 [ACK] Seq=1 Ack=137 Win=54 Len=0 0.003626 192.168.2.6 - 192.168.2.128 SMB Negotiate Protocol Response 0.004591 192.168.2.6 - 192.168.2.128 TCP microsoft-ds 15644 [ACK] Seq=197 Ack=1729 Win=100 Len=0 0.006558 192.168.2.6 - 192.168.2.128 SMB Session Setup AndX Response, Error: STATUS_LOGON_FAILURE Samba should have asked authentication from the AD DC, right? So I think that the tickets are cached somewhere. But where? And if they are, how to purge the tickets? As root only ticket klist is the one which was used when the system was setup. Deleting that ticket and renewing does not help. -- smb.conf: [global] log level = 5 server string = IT-testi (Samba 3.2.7) workgroup = WG-NAME load printers = no realm = ORG.LOCAL security = ads winbind use default domain = yes winbind enum users = yes winbind enum groups = yes idmap domains = WG-NAME idmap config WG-NAME:default = yes idmap config WG-NAME:backend = rid idmap config WG-NAME:range = 100-20 ifmap config WG-NAME:base_rid = 1 allow trusted domains = no winbind refresh tickets = true inherit permissions = yes -- krb5.conf kerberos works via DNS. This is based on an article (which I can't locate at the moment) in samba wiki. [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = ORG.LOCAL dns_lookup_realm = true dns_lookup_kdc = true ticket_lifetime = 76h forwardable = yes [realms] [domain_realm] [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } Any help is appreciated. Harri -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows patching from Linux samba server?
www.wpkg.org if you want to keep up with all the updates and create profiles for them. personally, its going to be a big headache to use wpkg to do it, and more cost effective to buy a window server 03 or 08 and run WSUS 3.0 SP1 on it. You don't need big hardware to run it, WSUS gets the computer information from the clients, a computer meeting the minimum requirements for 03 or 08 without RAID will be fine. I'm guessing you work for MIT? You should be able to get the educational licensing of Windows 03 or 08 plus the Client Access Licenses very inexpensively. Scott R. Ehrlich wrote: I have an out-of-box, unpatched RedHat Enterprise 5 server acting as a samba PDC for a handful of Windows XP systems on a domain. This is on an isolated network - no Internet connectivity. Is there a way to configure the samba server to act as a Windows SUS server for patch pushing? If so, specifically, how? If not, other than manually installing patches on systems or buying a Windows Server license, what other options are there? Thanks. Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] specified network name no longer available
what version of samba are you running? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] specified network name no longer available
can they connect to the server via \\IP_ADDRESS Bender, Roger wrote: 3.0.4 Roger -Original Message- From: Adam Williams [mailto:awill...@mdah.state.ms.us] Sent: Friday, January 16, 2009 8:29 AM To: Bender, Roger Cc: samba@lists.samba.org Subject: Re: [Samba] specified network name no longer available what version of samba are you running? Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] specified network name no longer available
can you telnet to the ports that samba uses? 139 and 445. does ps -ax|grep nmbd and smbd show that they are running? Bender, Roger wrote: The get a windows dialogue box that says the specified network name is no longer available. I verified my unix(samba) server was registered with the domain controller. Roger -Original Message- From: Adam Williams [mailto:awill...@mdah.state.ms.us] Sent: Friday, January 16, 2009 8:33 AM To: Bender, Roger Cc: samba@lists.samba.org Subject: Re: [Samba] specified network name no longer available can they connect to the server via \\IP_ADDRESS Bender, Roger wrote: 3.0.4 Roger -Original Message- From: Adam Williams [mailto:awill...@mdah.state.ms.us] Sent: Friday, January 16, 2009 8:29 AM To: Bender, Roger Cc: samba@lists.samba.org Subject: Re: [Samba] specified network name no longer available what version of samba are you running? Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] specified network name no longer available
dumb question, but have you tried restarting smbd and nmbd? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] time sync issue
you can go to those computers and do a regedit change to give users the ability to change the time. wes wrote: I am running a Samba domain controller with LDAP integration. I have at least some workstations which do not seem to be syncing the time with the DC at all. My first instinct is to simply set the time with a logon script, but of course that runs as the user, whom does not have permission to set the system time. I would prefer to get it working right, to where the system syncs its time with the time server runnong in the DC. I have tried to find the cause. net time \\dc1 works fine. There are no entries in the event log regarding a failure to sync with the time server. What can I do to find out why it's not syncing? thanks, -wes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [Release Planning 3.2] Samba 3.2.8 on February 03, 2009
will the mount.cifs compile error on Fedora 10 i386 and x86_64 be fixed when running packing/RHEL/makerpms.sh? I've submitted bug reports and got a patch on 12/23/08 from you and reported that the patch didn't fix the error and never got a reply. Karolin Seeger wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hey folks, fyi: The planned release date for Samba 3.2.8 is February 03, 2009. Karolin - -- Samba http://www.samba.org SerNet http://www.sernet.de sambaXP http://www.sambaxp.org -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAklsVa0ACgkQKGi9fisXk1G+XwCfTKWiARlspK6dFKaSBpPCe5W1 PAcAnRLbGFF1ANS0qTmpSZRQ26PeEAvQ =L25z -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba