Re: [Samba] Problems when using cupsaddsmb: my solution
Hi, I was fighting with the same problem for the past two days and just found a solution for me. In my configuration it was a HPLaserjet5P that should be served through a samba 3.0.10 machine on Debian Sarge/unstable with w2k client to use it. The printer was configured nicely within cups and printed test pages perfectly when it was told to. Since I couldn't find any of those famous cups-samba drivers I took the drivers to be automatically deployed on the clients from one w2k machine (as mentioned in the howtos) and copied them to the directory: /usr/share/cups/drivers cupsaddsmb didn't do anything but giving the output you mentioned when i tried to use it according to the CUPS part of the samba howto collection.. BTW, this message from cupsaddsmb looks quite like success, at least it doesn't resemble an error message but it didn't create the necessary directory (/var/lib/samba/printers/W32x86/3) and thus failed to put the drivers in there. Then after 2 days of trying to do tricks with samba and cups (e.g. copying the drivers myself to the directory - in vain) I read those seven words, that solved the problem. In cupsaddsmb's man page just before the listing of the necessary but inferior windows driver files, there was it: and copy the files exactly as named below The driver files I had copied were all capital letters, the ones listed weren't. I changed that, ran cupsaddsmb -v -U root hplaserjet5p again and it worked. Nearly two nightshifts for this stuff ...:-\ Hope it helps you Alexander Am Donnerstag, 6. Januar 2005 23:43 schrieb Fabian Steiner: Hi! First of all, I have to admit that it is my first post on this list, so please be lenied toward me, if I don't obey some of the rules ;-) I'll try my best :-) I am just trying to get my samba-server work as a print server by using CUPS. The OS of the server is Gentoo Linux and I'm using samba-3.0.9-r1. The clients are win 2k/xp home. I can already see my shares (files and drivers) in the windows networking neighbourhood, but unfortunately the configuration of the printer (Lexmark 3200) fails, since windows is looking for some *.inf files which cannot be found. Printing on the server is possible, though (using the lpr -plexmark test.text command). When looking for some tutorials about this, I found this one: http://forums.gentoo.org/viewtopic.php?t=110931 , which said that cups-samba-5.0rc3.tar.gz would have to be installed and that** cupsaddsmb -a -v -U root would be the command I am looking for. So I installed it and three files were copied to the /usr/share/cups/drivers directory. The next thing to be done was to run the command above, but the output isn't as expected: --- --- Password for root required to access localhost via SAMBA: Running command: rpcclient localhost -N -U'root%pw' -c 'setdriver lexmark lexmark' Succesfully set lexmark to driver lexmark. --- --- So no directories like W32X86 were created in /var/lib/samba/printers and my clients still can't find the files which would be needed to get the printer work. Here is my /etc/samba/smb.conf: #=== Global Settings = [global] workgroup = milchstrasse server string = Samba-Server %v printcap name = cups load printers = yes printing = cups printer admin = root log file = /var/log/samba3/log.%m max log size = 100 hosts allow = 192.168.0. 192.168.1. 127. security = user encrypt passwords = yes smb passwd file = /var/lib/samba/private/smbpasswd passdb backend = tdbsam # Share Definitions == [homes] comment = Home Directories browseable = no writable = yes public = no [printers] comment = All Printers path = /var/spool/samba # rwx-rwx-rwx browseable = no public = yes guest ok = yes writable = no printable = yes printer admin = root,user [print$] path = /var/lib/samba/printers browseable = yes read only = yes write list = @adm root guest ok = no [lexmark] comment = MeinLexmark3200Drucker printable = yes path = /var/spool/samba # rwx-rwx-rwx public = yes guest ok = yes printer admin = root,user [public] comment = oeffentliches zeug path = /home/samba/public public = yes writable = yes ; write list = @staff Does anybody of you know the reason for this problem with cupsaddsmb and the fact that directories like W32X86 are not ceated? I am really looking forward to your answers! Regards, Fabian -- netzwerk- systemadministrator --- agoeres at lieblinx. net tel.: +49 (0)30 / 61 20 26 87 fax: +49 (0)30 / 69 00 46 03 --- lieblinxNET we do software a marwood thiele GbR
Re: [Samba] User authentication
Am Montag, 1. Mrz 2004 16:53 schrieb Daniel Kiss: Hi All, Hi Dan I would like to know how I should configure samba to use the standard linux user accounts and passwords for user authentication instead of those in the smbpasswd file? Thank you, Dan According to the HowTo the samba users have to exist twice: First in the linux authentication. Second in the file created with smbpasswd. To get both in sync you have to use the diverse config directives: add user script add group script add user to group script set primary group script a.s.o. Adding a user to the samba password file who doesn't exist in the /etc/passwd and /etc/shadow will fail.. (I tried that often enough..:-)). Also it won't work for samba if the users only reside in the standard linux authentication mechanism. Might be that it's different if you use NIS or LDAP... Alexander -- --- agoeres _at_ lieblinx.net tel.: +49 (0)30 / 61 20 26 87 fax: +49 (0)30 / 61 20 26 89 --- lieblinxNET we do software a Marwood Thiele GbR --- reichenberger strae 125 10999 Berlin http://lieblinx.net --- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Help! messed up user rights with word and samba 3.0.x
Hello everybody! I need help with a curious problem referring to Word and Samba. I've installed a network with a Samba 3.0.2 PDC and fileserver and about 8 Windows Clients ranging from w2k prof (members of the domain) to XP home. The XP Home users have an account within the domain and so can mount the Samba share as a local drive on their computers. All of the users are members of the nt group domain users that is mapped to a linux group domuser. Everything works fine so far with exception of 2 users/machines, who always get very strange problems with word and the samba-share: When they open a Word file with the rights 775 (the standard for the share) directly from the share the rights of this file are always changed to 555 the moment they change something within this file. and so they are not able any more to save it. They can save it with a different name though. This happens with two of the 8 clients: a w2k prof client with Office 2000 and an XP Home client with works (I think word 2002, if such thing exists..). I had posted such a question some time ago here and got the advice to change from Samba 3.0.1 to 3.0.2 what I finally did. First I thought that had solved the problem, but it didn't. I just had intimidated the users too much to complain to me about their denied write access. In analogy to a hint in the Samba Howto on Access Controls I set all the directories of this share to 2775: rwxrwsr-x domuser and put the configurations directives: force create mode = 0660 force directory mode = 0770 in the share's smb.conf part. (where domuser is the linux group mapped to the nt group domain users) It didn't help! Then I messed around with opportunistic locking, once explicitly declaring or denying it oplocks = yes or oplocks = no and once declaring doc-files to veto oplock files = /*.doc/ It didn't help! I have absolutely no idea anymore, what could be the reason for this word/ samba behaviour or even how to get rid of it. So if anybody here made it to the end of this mail, and has any ideas that could possibly turn out to be helpful, I'd be extremly glad if you could tell me about them. Thanx in advance Alexander -- Netzwerk- Systemadministrator --- agoeres _at_ lieblinx.net tel.: +49 (0)30 / 61 20 26 87 fax: +49 (0)30 / 61 20 26 89 --- lieblinxNET we do software a Marwood Thiele GbR --- reichenberger straße 125 10999 Berlin http://lieblinx.net --- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] domain admin
Am Mittwoch, 18. Februar 2004 18:28 schrieb [EMAIL PROTECTED]: i'm running samba-3.0.2 on a redhat 9 box with windows 2003. I've got a samba pdc up and running. I want a user to have domain admin privilidges. With samba 2.2.8a and windows 2000 this was easily accomplished with the following entry in [global] domain admin group = garvald this had the effect that garvald had full administrator rights upon logging into windows2000 through the samba pdc. This does not work with samba 3.0.2/windows2003 this doesnt work either: [global] admin users = garvald According to what I've understood, you can make a group the admin group and you have to map this group to the nt group domain admins Here's what my config looks like: admin users = +root the mapping was done with: net groupmap add ntgroup=Domain Admins unixgroup=root And any admin user should be member of root and via pdbedit (in my case) also a samba user. so, can someone tell me how i give a user full domain administrator priviledges through a samba 3.0.2 PDC on windows2003 ? i've been searching and trying for about 11 hours now...to no avail.. thanks garvald greetings Alexander -- Netzwerk- Systemadministrator --- agoeres _at_ lieblinx.net tel.: +49 (0)30 / 61 20 26 87 fax: +49 (0)30 / 61 20 26 89 --- lieblinxNET we do software a Marwood Thiele GbR --- reichenberger straße 125 10999 Berlin http://lieblinx.net --- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] OT: Re: samba problem (with firewalls)
Hi! If this firewall is iptables, then the problem with samba could be, that the iptables-rules allow the forwarding on ip-packet through the firewall-gateway but nothing is allowed to contact the gateway itself. In normal iptables-rules, the default policy for everything should be set to drop. Then the necessary ports are opend. There are 3 directions: forward (to forward packets from one net o another), input and output. The last two apply to the firewall gateway itsself. I don't know about the exact form of SuSEs rules, but to allow contact from the internal net to the gateway-samba-machine, there should be some rules like this: iptables -A INPUT -s ip-address.of.internal.net -p tcp -i interface-to -internal-net -j ACCEPT iptables -A INPUT -s ip-address.of.internal.net -p udp -i interface-to -internal-net -j ACCEPT iptables -A OUTPUT -d ip-address.of.internal.net -p tcp -o interface-to -internal-net -j ACCEPT iptables -A OUTPUT -d ip-address.of.internal.net -p udp -o interface-to -internal-net -j ACCEPT These rules should allow for any contact from the internal net to the gatway-firewall-machine and the correspondig responses (for all ports). If this is too crude for your needs you could refine it with some restictions to the ports used by samba (137, 138, 139, 445, as far as I know). If this doesn't work, then perhaps you have to allow contact to the loopback-ip-addess. There's an extensive and very goot HowTo about iptables-firewall-rules at http://iptables-tutorial.frozentux.net/iptables-tutorial.html (by Oskar Andreasson) Hope it helps, Alexander -- Netzwerk- Systemadministrator --- agoeres _at_ lieblinx.net tel.: +49 (0)30 / 61 20 26 87 fax: +49 (0)30 / 61 20 26 89 --- lieblinxNET we do software a Marwood Thiele GbR --- reichenberger straße 125 10999 Berlin http://lieblinx.net --- Am Donnerstag, 12. Februar 2004 18:05 schrieb geralds: Hi Alexander, The kind of firewall i have uses the basic iptables which came with the installation CDs of linux-SuSE. I installed SuSE 8.1 which has a firewall that has to be activated. But now, u know, i can't find the file containing the iptables so as to adjust the rules. When i try iptables -L in console mode i can see all the rules. I think i need to add some new rules in the iptables so that samba works properly. What's yo opinion? So, could u be knowing the configuration file and path for the firewall rules? My kernel is 2.4.19. 'hope to hear from u any time. Thanks. Rgds, Segie. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with Samba as PDC
Am Donnerstag, 12. Februar 2004 18:13 schrieb P-G Fahrbring: I've download a PDC guide from IBM's website, https://www6.software.ibm.com/dw/education/esdd/samba/?x=50y=6. I've follow the description line by line, but I can't join the domain from a windows Xp professional computer. Windows Xp answer with following error message... Can't connect to a domain controller for the domain Fah-Technet In my config with Samba 3.02 I've put os level = 200 wins support = yes Last thing is not really necessary (as far as i understood), it makes Samba the domain's wins server, but it works for me. I've exerienced similar messages like can't connect to a domain controller.. when I installed a Samba PDC and tried to make a w2k client join the domain. Solution was, to find the 2 other computers hidden somewhere that were members of a workgroup with the same same as my freshly set up domain. The w2k client tried to join this workgroup instead of the domain, I think. I renamed the domain and everything worked (well, nearly everything..). greetings Alexander -- --- agoeres _at_ lieblinx.net tel.: +49 (0)30 / 61 20 26 87 fax: +49 (0)30 / 61 20 26 89 --- lieblinxNET we do software a Marwood Thiele GbR --- reichenberger straße 125 10999 Berlin http://lieblinx.net --- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] different shares from one directory possible?
Hello everybody! I am wondering if it's possible to export a subdirectory of an already existing share as a different share? Just an example: [share1] path = /path/to/a/directory valid users = groupA write list = groupA [share2] path = /path/to/a/directory/and/a /subdirectory valid users = groupA, groupB write list = groupA, GroupB I was doing that with a (strange Debian) Samba 2.999+3.0.alpha20-3, and failed when I tried to acces this share. The error msg in the referring log was: '/path/to/a/directory/and/a /subdirectory' is not a directory, when connecting to [share2] The aim of that should be, that a more or less public access is granted to a subdirectory of a directory with a strictly limited access. Is it generally possible to do it that way or is this basic access-granting idea wrong? If someone has any ideas about this, please tell me. Greetings Alexander -- --- agoeres _at_ lieblinx.net tel.: +49 (0)30 / 61 20 26 87 fax: +49 (0)30 / 61 20 26 89 --- lieblinxNET we do software a Marwood Thiele GbR --- reichenberger straße 125 10999 Berlin http://lieblinx.net --- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain + Workgroup with same name: problem?
I thought this bit about local master was the default setting, but I specified it anyway. I also put in os level = 200, and hope the domain will be working on and on and on until the people in the bureau forget where the machine stands... thanx Alexander Am Montag, 26. Januar 2004 11:51 schrieb rruegner: up this os level = 255 add this too local master = yes regards - Original Message - From: Alexander Goeres [EMAIL PROTECTED] To: samba liste [EMAIL PROTECTED] Sent: Monday, January 26, 2004 11:25 AM Subject: [Samba] Domain + Workgroup with same name: problem? Hello everybody! I finally managed to set up a Samba 3.0.1 PDC that ran perfectly in the test-environment. Problems arose, when I installed it in a real bureau network. On a prepared w2k client that was already a domain member one could log on to the domain with the administrator's account, but trying to add other w2k clients failed with error msgs like: Domain controller not found. That was strange, because the PDC was obviously there and the Administrator was already logged in and in the test environment adding a machine worked without any problems. After several hours search I found out, that there existed some (hidden in a back room.. :-\) XP Home clients that were members of a workgroup with the same name as the domain. They were already running when I introduced the Samba PDC into the network. When I switched them off and restarted Samba the PDC could be found sometimes but sometimes not. After messing around with what I took to be cached data on the Samba Server refering to WINS aso. I took the radical way and reinstalled Samba with the same configs but with a different domain name. That solved the problem for once. But it leaves a general problem: It looks as if you can render a PDC unusable if you introduce a machine into its network, that is in a workgoup of the same name as the domain. So my question is: How do I configure the Samba PDC that clients within the same network know who is the master of the universe and who is just an impostor? Especially the PDC itself should not get confused about this! The relevant entries (I think) in my smb.conf are: domain master = Yes domain logons = Yes preferred master = Yes wins support = Yes os leve = 64 greetings Alexander -- --- agoeres _at_ lieblinx.net tel.: +49 (0)30 / 61 20 26 87 fax: +49 (0)30 / 61 20 26 89 --- lieblinxNET we do software a Marwood Thiele GbR --- reichenberger straße 125 10999 Berlin http://lieblinx.net --- -- --- agoeres _at_ lieblinx.net tel.: +49 (0)30 / 61 20 26 87 fax: +49 (0)30 / 61 20 26 89 --- lieblinxNET we do software a Marwood Thiele GbR --- reichenberger straße 125 10999 Berlin http://lieblinx.net --- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] MS Word and Samba File Permissions Problem
Hello everybody! Obviously Samba as a PDC and Fileserver for w2k clients is not as easy as I first thought. Soon after setup and integration in a network a problem with the shares and MS Word appeared. Any time a file is opened with M$ Word directly from a share and edited it can't be saved. The M$ user gets the msg that the file is write-protected and on the samba side the file permissions are changed to r-xr-xr-x even if they have been 770 before. Here some of my configs: ### +Samba 3.0.1 on Debian 3.0 + Groupmapping: - Domain Admins - root - Domain Users - domuser - Domain Guests - nogroup + smb.conf: [global] ... admin users = +root write list = +root +domuser create mask = 0775 directory mask = 0775 ... [share] force create mode = 0660 force directory mode = 0770 force group = domuser Client-side: MS Office 2000 on w2k ### All the files/directories on this share belong to the group domuser. I found a hint in the Samba HowTo collection: http://de.samba.org/samba/docs/man/AccessControls.html#id2920312 According to that I set the sgid bit on all the directories (rwxrws---) and did set the force create/directory mode but that doesn't help. If anyone came across a similar problem or even a solution, please help me. A samba fileserver. that scrambles write-rights in conjunction with M$ Word is pretty useless .. Thanx in advance Alexander -- --- agoeres _at_ lieblinx.net tel.: +49 (0)30 / 61 20 26 87 fax: +49 (0)30 / 61 20 26 89 --- lieblinxNET we do software a Marwood Thiele GbR --- reichenberger straße 125 10999 Berlin http://lieblinx.net --- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] MS Word and Samba File Permissions Problem: probably solved
Hi Chris! Am Dienstag, 27. Januar 2004 14:59 schrieb Chris Aitken: +Samba 3.0.1 on Debian 3.0 + Groupmapping: - Domain Admins - root - Domain Users - domuser - Domain Guests - nogroup + smb.conf: [global] ... admin users = +root write list = +root +domuser create mask = 0775 directory mask = 0775 ... [share] force create mode = 0660 force directory mode = 0770 force group = domuser Client-side: MS Office 2000 on w2k ### All the files/directories on this share belong to the group domuser. ... I had this problem at work (Debian 2.2.3a). My shares now look like this: [Share] comment = description path = /home/projects browseable = yes read only = no force create mode = 0060 force directory mode = 0070 create mask = 0770 directory mask = 0770 mode is drwxrwx--- owned by root.staff I'll test that configuration next time when I'm allowed to stop the relevant bureau-net. But I found a different solution: setting oplock = Yes on the share worked. It looked as if my samba installation couldn't handle this opportunistic locking thing the w2k clients required (even though man smb.conf said it was turned on by default). I had to enable it on the share. Now the M$ Word problem is gone. I found some hints about that problem (via the Samba HowTo) in the MS knowledge-base: About XP Problems and oplocking: http://support.microsoft.com/default.aspx?scid=kb;EN-US;812937 About opportunistic locking in general: http://support.microsoft.com/default.aspx?scid=kb;EN-US;296264 First time that an MS help was of some use.. As a return favour - have you got add user script/add group script etc working properly yet? Could you share your scripts with me pls - as I have issues with this in 3.0.0fianl. Regards, Chris For the add group script I use what is given as an example in the Samba HowTo: http://de.samba.org/samba/docs/man/groupmapping.html#smbgrpadd.sh The add user script is just the normal useradd-comand: - /usr/sbin/useradd -d /home/%u -c DomainUser -s /bin/false %u That only worked correctly when I omitted the -g whateverPrimaryGroup . Apparently Samba adds the user to the group later: - set primary group script = /usr/sbin/usermod -g %g %u Giving passwords to users only worked after I adapted the passwd chat to the Debian passwd program: - passwd chat = *new*password* %n\\n *new*password* %n\\n *updated* New compis are added to the group nogroup in my config: - add machine script = /usr/sbin/useradd -d /dev/null -s /bin/false -c DomainMachines -g nogroup %u And (nearly) finally all that only worked after I did set the rights right: Groupmapping: see above smb.conf: see above and valid users = +root, +domuser, +nogroup Really finally: That's with Debian 3.0 and the Debian Samba package 3.0.1-2 Don't know if that helps, but I hope regards Alexander -- --- agoeres _at_ lieblinx.net tel.: +49 (0)30 / 61 20 26 87 fax: +49 (0)30 / 61 20 26 89 --- lieblinxNET we do software a Marwood Thiele GbR --- reichenberger straße 125 10999 Berlin http://lieblinx.net --- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] MS Word and Samba File Permissions Problem
sorry, misdirected it and klicked too early on send.. :-( -- Weitergeleitete Nachricht -- Subject: Re: [Samba] MS Word and Samba File Permissions Problem Date: Dienstag, 27. Januar 2004 17:16 From: Alexander Goeres [EMAIL PROTECTED] To: Collen Blijenberg (MLHJ) [EMAIL PROTECTED] Hi Collen, Am Dienstag, 27. Januar 2004 15:25 schrieb Collen Blijenberg (MLHJ): Had the same prob with 3.0.0 version, but it's gone with 302rc1 creator group creator owner are the prob.. some how the 300 version added an extra group to my shares (creator group) and made it r+x causing the prob. just update to latest samba, or make an extra creator group mapping.. dunno.. prob passsed... l8r Collen thanks for the hint, but I for myself don't dare to use a release candidate. But I'll see forward to a final verion of 3.0.2.. Greetings Alexander --- agoeres _at_ lieblinx.net tel.: +49 (0)30 / 61 20 26 87 fax: +49 (0)30 / 61 20 26 89 --- lieblinxNET we do software a Marwood Thiele GbR --- reichenberger straße 125 10999 Berlin http://lieblinx.net --- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain Member Server won't work.
Am Dienstag, 27. Januar 2004 17:35 schrieb Vincent Poitras: Here are the configs of my PDC. (Ip: 192.168.10.2) workgroup = COREDIUM netbios name = IMBRIUM server string = Samba Server Imbrium encrypt passwords = Yes smb passwd file = /etc/samba/smbpasswd unix password sync = Yes log level = 0 log file = /var/log/samba/log.%m max log size = 50 time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 logon script = netall.bat domain logons = Yes local master = Yes os level = 255 preferred master = Yes domain master = Yes wins support = Yes security = user This works fine. The problem is the Domain member server I am trying to put on. Here are the configs for it: workgroup = COREDIUM netbios name = CORUM server string = Samba Server Corum guest account = coredium log file = /var/log/samba/%m.log max log size = 50 security = domain password server = * encrypt passwords = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = no os level = 33 domain master = no preferred master = no domain logons = no wins server = 192.168.10.2 dns proxy = no When I run testparm it tells me that everything is ok. But we are not able to browse any share on the member server. Does someone know what im doing wrong??? I'm not sure if that is of help (I never set up such a configuration) but is the second server - CORUM - a member of the domain? Did it join the domain as described in: http://de.samba.org/samba/docs/man/domain-member.html#domain-member-server ? On the other hand I was reading something about the winbind-daemon that is used to authenticate a Linux-Client: can be used to resolve user and group information from a Windows NT server? Vincent Poitras greetings Alexander -- --- agoeres _at_ lieblinx.net tel.: +49 (0)30 / 61 20 26 87 fax: +49 (0)30 / 61 20 26 89 --- lieblinxNET we do software a Marwood Thiele GbR --- reichenberger straße 125 10999 Berlin http://lieblinx.net --- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Domain + Workgroup with same name: problem?
Hello everybody! I finally managed to set up a Samba 3.0.1 PDC that ran perfectly in the test-environment. Problems arose, when I installed it in a real bureau network. On a prepared w2k client that was already a domain member one could log on to the domain with the administrator's account, but trying to add other w2k clients failed with error msgs like: Domain controller not found. That was strange, because the PDC was obviously there and the Administrator was already logged in and in the test environment adding a machine worked without any problems. After several hours search I found out, that there existed some (hidden in a back room.. :-\) XP Home clients that were members of a workgroup with the same name as the domain. They were already running when I introduced the Samba PDC into the network. When I switched them off and restarted Samba the PDC could be found sometimes but sometimes not. After messing around with what I took to be cached data on the Samba Server refering to WINS aso. I took the radical way and reinstalled Samba with the same configs but with a different domain name. That solved the problem for once. But it leaves a general problem: It looks as if you can render a PDC unusable if you introduce a machine into its network, that is in a workgoup of the same name as the domain. So my question is: How do I configure the Samba PDC that clients within the same network know who is the master of the universe and who is just an impostor? Especially the PDC itself should not get confused about this! The relevant entries (I think) in my smb.conf are: domain master = Yes domain logons = Yes preferred master = Yes wins support = Yes os leve = 64 greetings Alexander -- --- agoeres _at_ lieblinx.net tel.: +49 (0)30 / 61 20 26 87 fax: +49 (0)30 / 61 20 26 89 --- lieblinxNET we do software a Marwood Thiele GbR --- reichenberger straße 125 10999 Berlin http://lieblinx.net --- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] creating users from w2k with usrmgr and samba 3.0.1: Happy End!!
Am Freitag, 16. Januar 2004 18:12 schrieb John H Terpstra: Not really. If your scripts (add user, add group, etc.) are correctly set up then you can use this tool to manage users and groups without problem. That is true! It works! You observation is the result of configuration problems. ... You must be logged in a the Domain Administrator, and unfortunately I have discovered that there is no way around it, you must be logged on a the user called root. For me it also works when the Domain Admin is administrator! ... Unfortunately, this breaks. You have to use root. Duplicate accounts that share a UID break things badly. For example, having an account called root and one called Administrator, both with UID=0, break winbind operation. ... NT Domain Admins group needs to have GID=0. ... - John T. My Samba-errors all came from messed up user to program rights. Just a short description how my final config looks like: Groupmapping: Domain Admins - root Domain Users - domuser (ad libitum) Domain Guests - nogroup Administrative Samba-Users: root, primary Linux-Group: root administrator, primary Linux-Group: root Valid Samba-Users: +root, +domuser, +nogroup Samba Admin-Group: +root Machines are added to the group nogroup by default. When I first had them added to a machines-group an account for each computer could be created (Welcome to the Domain X), but later logon was denied with errors refering to missing computer-accounts. Obviously nobody has to be among the Valid Users because he/she/it does something during the logon process. The result is, that I can logon at the Domain as administrator, start the NT4 tool usrmgr.exe and can create, delete and change users and groups within the domain. Even my former complaint about the Debian tool adduser was wrong: with this config it works perfectly. Just one litte thing about strange error messages: if I set a password less than 5 characters, the usrmrg error is not password invalid.. too short or something along these lines, but it's: Access denied!. This is somewhat misleading. But the future users of this PDC will have to learn to use passwords longer than 4 characters, that can't be helped and won't harm them.. I'd be extremly glad if those people here who see some traps (resulting from such a config) lying ahead of me could inform me of them. But I'll see them, when I'm there.. But the future is bright and interesting and absolutely not harmful :-) Thank's for the help and hints.. Greetings, Alexander -- --- agoeres _at_ lieblinx.net tel.: +49 (0)30 / 61 20 26 87 fax: +49 (0)30 / 61 20 26 89 --- lieblinxNET we do software a Marwood Thiele GbR --- reichenberger straße 125 10999 Berlin http://lieblinx.net --- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] w2k/XP won't join samba pdc
Am Montag, 19. Januar 2004 15:56 schrieb Lists: /usr/share/samba/netlogon is drwxr-xr-x2 root root /export/smb/ntprofilesis drwxr-xr-x2 root root Accoring to all I've learned during the past 2 weeks, the profile-directory should be writable to everyone that wants to write in it .. Windows error The following error occurred attempting to join the domain NEWDOM Logon failure: unknown user name or bad password Samba error (#tail -f admin1.log) ... [2004/01/19 16:26:24, 0] smbd/service.c:make_connection(381) make_connection: jim logged in as admin user (root privileges) [2004/01/19 16:26:25, 0] rpc_server/srv_samr.c:api_samr_set_userinfo(670) api_samr_set_userinfo: Unable to unmarshall SAMR_Q_SET_USERINFO. [2004/01/19 16:26:25, 0] rpc_server/srv_samr_nt.c:_samr_set_userinfo(2480) _samr_set_userinfo: Unable to get smbpasswd entry for uid 0 That bit with unable to get smbpasswd entry for uid 0 looks as if samba is looking for a samba-user with the uid 0, i.e. root as a samba user. Is root already a valid samba user? Alexander -- --- agoeres _at_ lieblinx.net tel.: +49 (0)30 / 61 20 26 87 fax: +49 (0)30 / 61 20 26 89 --- lieblinxNET we do software a Marwood Thiele GbR --- reichenberger straße 125 10999 Berlin http://lieblinx.net --- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] w2k/XP won't join samba pdc
sorry, answer was mislead.. Am Montag, 19. Januar 2004 17:40 schrieb Lists: looking for a samba-user with the uid 0, i.e. root as a samba user. Is root already a valid samba user? I thought root was prohibited from being a root user - will try though might be an unnessesary hint, but give the samba root a different pw than the real root -- --- agoeres _at_ lieblinx.net tel.: +49 (0)30 / 61 20 26 87 fax: +49 (0)30 / 61 20 26 89 --- lieblinxNET we do software a Marwood Thiele GbR --- reichenberger straße 125 10999 Berlin http://lieblinx.net --- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] creating users from w2k with usrmgr and samba 3.0.1
Hello everybody! New to Samba (and the list) I am trying to set up a Samba PDC for a small enterprise network on a Debian Woody (3.0) system with a vanilla 2.4.24 kernel and the Debian package of Samba 3.0.1 and Swat (Debian Versions 3.0.1-2). I ran into various problems and could solve most of them during the past two weeks (hooray!). Most of the problems were related to congestions of user and program permissions. For example, it was impossible to change a user's password with the NT4 usrmgr tool from the w2k client. That always gave a permission denied. Solution was: don't use the Debian tool /usr/sbin/ adduser (obvioulsy a wrapper program to the standard useradd)! Another problem was, that Swat always wipes out variables that are written like %u. Obviously Swat deletes everything within . Solution: don't use Swat (too bad)! One problem is left, and I don't know if it's related to M$ or to Samba. It's impossible to create a user from a w2k client with the NT4 tool usrmgr.exe. I can create a Samba user (Domain User) when such a user already exists on the Samba server as a Linux user. AFAIK the setting add user script in smb.conf should provide the facility to Samba to create a Linux user each time a Samba/Domain user is created. Is that a misconception? When looking at that NT4 tool usrmgr.exe, i find a menu item: Policies - User Rights - Show Advanced Rights: Add users to the domain: Samba Trying to give that right to the Domain Admin group is denied with the message: You may not remove the Local Logon right from the Administrators local group. Doing so would disable .. bla bla ba. This message even appears when I just open the usrmgr and click on OK without having changed anything. So I have several questions and I hope that someone on the list here might be able to answer or give some hints to a solution: 1. Is it generally possible to add a completely new user to the domain through this NT4 tool usrgmr.exe? A user who didn't exist as a unix-user on the samba PDC and so didn't exist in ths Samba User database? 2. If yes (and I hope it's possible) how do I give this Advanced Right to add a user to the Samba Domain to the Domain-Admin group? Do I have to do this within Samba (pdbedit) or is it only possible within M$? Just some further config: M$ Administrator is Member of NT Domain Admin group, of Samba admin group and has UID 0 on the Linux system. NT Domain Admin group is mapped to the Samba admin group. That mail is a little long but I hope the length doesn't discourage too many people from reading it. Possibly someone knows answers? Even to my questions? Thank you in advance Alexander -- --- agoeres _at_ lieblinx.net tel.: +49 (0)30 / 61 20 26 87 fax: +49 (0)30 / 61 20 26 89 --- lieblinxNET we do software a Marwood Thiele GbR --- reichenberger straße 125 10999 Berlin http://lieblinx.net --- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0 pdc and winxp
Am Freitag, 16. Januar 2004 06:57 schrieb Richard Houston: Hi, I am trying to get an xp machine to join a samba 3.0 pdc domain. I keep getting the following error below. I can view the pdc shares with no problem. Can anyone point me in the correct direction on getting this fixed. Any help would be greatly appreciated. The domain name homenet might be a NetBIOS domain name. If this is the case, verify that the domain name is properly registered with WINS. I don't know about ldap configuration for Samba but this error sounds as if you might have forgotten to set the WINS settings of samba? Things like: wins support = Yes Do you have a setting: disable netbios = Yes ? That would be bad.. :-) greetings Alexander -- --- agoeres _at_ lieblinx.net tel.: +49 (0)30 / 61 20 26 87 fax: +49 (0)30 / 61 20 26 89 --- lieblinxNET we do software a Marwood Thiele GbR --- reichenberger straße 125 10999 Berlin http://lieblinx.net --- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
