[Samba] Management tool
On 6/21/07, Adam Tauno Williams [EMAIL PROTECTED] wrote: Can you be more specific what you want to manage? User accounts and shares or workstations and applications. Users (groups, permissions, expirity date) E-mails (quotas) Workstations (location, shares, remote installation) Organisational structure [LDAP tree, basically] Personally, I think almost all the free tools available are pretty miserable. But GOsa is certainly the most interesting. Do you advice me another one? -- Allysson Steve Mota Lacerda Administrador de Redes http://www.stevelacerda.net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Management tool
Hi guys, I need to manage a university which has 900 computers distributed along some departments and I wanna use a tool to do this. I'm testing GOsa (www.gosa-project.org) and I wanna know which tools you are using. That's all folks. -- Allysson Steve Mota Lacerda Administrador de Redes http://www.stevelacerda.net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem compiling Samba 3.0.24 with OpenLDAP 2.3.35
I'm trying to install Samba with LDAP support but there are some errors during the compilation. I've used the same script a few weaks ago. The only differences are the versions of Samba and OpenLDAP. That's my error message: checking for LDAP support... yes checking ldap.h usability... yes checking ldap.h presence... yes checking for ldap.h... yes checking lber.h usability... yes checking lber.h presence... yes checking for lber.h... yes checking for ber_scanf in -llber... yes checking for ldap_init in -lldap... no checking for ldap_set_rebind_proc... no checking whether ldap_set_rebind_proc takes 3 arguments... 3 checking for ldap_dn2ad_canonical... no configure: error: libldap is needed for LDAP support That's my install script: env CPPFLAGS=-I/usr/local/openssl/include/openssl -I/usr/local/openssl/include -I/usr/local/db/include -I/usr/local/cyrus-sasl/include LDFLAGS=-L/usr/local/lib/ -L/usr/local/openssl/lib/ -L/usr/local/db/lib -L/usr/local/cyrus-sasl/lib ./configure --prefix=/usr/local/openldap-2.3.35 --with-cyrus-sasl --with-tls --with-ssl --enable-crypt \ make depend \ make \ make install \ ln -s /usr/local/openldap-2.3.35 /usr/local/openldap \ echo '/usr/local/openldap/lib' /etc/ld.so.conf \ chmod 700 /usr/local/openldap/var/openldap-data \ mv /usr/local/openldap/var/openldap-data/DB_CONFIG.example /usr/local/openldap/var/openldap-data/DB_CONFIG ldconfig env CPPFLAGS=-I/usr/local/openldap/include LDFLAGS=-L/usr/local/openldap/lib -L/usr/local/lib ./configure --prefix=/usr/local/samba-3.0.24 --disable-cups --with-smbmount --with-ldapsam --with-syslog --with-quotas --with-acl-support --with-ldap --with-winbind \ make \ make install \ ln -s /usr/local/samba-3.0.24 /usr/local/samba \ cp /usr/local/src/samba-3.0.24/examples/LDAP/samba.schema /usr/local/openldap/etc/openldap/schema/ Can anyone help me? -- Allysson Steve Mota Lacerda [EMAIL PROTECTED] http://www.stevelacerda.net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba-LDAP interdomain trust
On 4/2/07, Allysson Steve Mota Lacerda [EMAIL PROTECTED] wrote: When I try to login on the trusting domain (LABI) using an account of the trusted domain (ADMIN) the following message is shown: A device connected to the system is not functioning . My log on to is set to ADMIN. I had this problem a time ago because the SIDs of my users were wrong but I've fixed it. According to log.smbd, the user has an user SID refering to the trusted domain but the group SID is from the trusting domain. I don't use groups and the sambaPrimaryGroupSID field was empty. Even when I change the sambaPrimaryGroupSID value the message is the same. [2007/04/03 16:20:02, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: authentication for user [facomp] - [facomp] - [facomp] succeeded [2007/04/03 16:20:02, 1] rpc_server/srv_netlog_nt.c:_net_sam_logon_internal(1004) _net_sam_logon: user ADMIN\facomp has user sid S-1-5-21-2439387625-709437076-297468561-23822 but group sid S-1-5-21-2029413396-4276977753-1550331494-513. The conflicting domain portions are not supported for NETLOGON calls In both log.nmbd files I got the following messages: [2007/04/02 17:01:58, 0] nmbd/nmbd_browsesync.c:get_domain_master_name_node_status_fail(486) get_domain_master_name_node_status_fail: Doing a node status request to the domain master browser at IP IP_OF_THE_OTHER_DOMAIN_PDC failed. Cannot get workgroup name. I have two domains running on a single server (different NICs) and they share the WINS server. Can anyone help me? -- Allysson Steve Mota Lacerda [EMAIL PROTECTED] http://www.stevelacerda.net -- Allysson Steve Mota Lacerda [EMAIL PROTECTED] http://www.stevelacerda.net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba-LDAP interdomain trust
On 3/26/07, Allysson Steve Mota Lacerda [EMAIL PROTECTED] wrote: I'm trying to create a trust between two Samba-LDAP domains (on a single server). I solved this problem but now I have a new one. When I try to login on the trusting domain (LABI) using an account of the trusted domain (ADMIN) the following message is shown: A device connected to the system is not functioning. My log on to is set to ADMIN. I had this problem a time ago because the SIDs of my users were wrong but I've fixed it. In both log.nmbd files I got the following messages: [2007/04/02 17:01:58, 0] nmbd/nmbd_browsesync.c:get_domain_master_name_node_status_fail(486) get_domain_master_name_node_status_fail: Doing a node status request to the domain master browser at IP IP_OF_THE_OTHER_DOMAIN_PDC failed. Cannot get workgroup name. I have two domains running on a single server (different NICs) and they share the WINS server. Can anyone help me? -- Allysson Steve Mota Lacerda [EMAIL PROTECTED] http://www.stevelacerda.net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba-LDAP interdomain trust
I'm trying to create a trust between two Samba-LDAP domains (on a single server). I'm following Samba Howto Collection (http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/NetCommand.html#id335566) but I'm getting the error below. [EMAIL PROTECTED]:~# /usr/local/samba.labi/bin/net rpc testjoin -S rpc_client/cli_pipe.c:get_schannel_session_key(2443) get_schannel_session_key: could not fetch trust account password for domain 'LABI' utils/net_rpc_join.c:net_rpc_join_ok(70) net_rpc_join_ok: failed to get schannel session key from server LABISERVER for domain LABI. Error was NT_STATUS_CANT_ACCESS_DOMAIN_INFO Join to domain 'LABI' is not valid Are there any restrictions to Samba-LDAP trusts? Does anyone know how to solve this? Thanks. -- Allysson Steve Mota Lacerda [EMAIL PROTECTED] http://www.stevelacerda.net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with 02 domains on a single PDC
On 3/21/07, Asier Baranguán [EMAIL PROTECTED] wrote: This is not related to yout question, instead is about your setup. I've seen that you share the same LDAP between two domains, and you share the ou's of users, groups and computers. I'm looking for a similar setup for my work and your experience would be very useful. I have Qmail, Samba, Moodle and Squid sharing a single account for each user. The problem with this integration is related to Samba and Qmail schemas because it's not possible to have person and sambaSamAccount in a single entry. I solved this by inserting 'manually' the entries on LDAP. Now I have an bash script that do all the work to me. My setup: Slackware 11.0 with a minimal install. I like to compile all the packages I need. The script below downloads and compiles the programs I need. You need to put slapd.conf to /usr/local/openldap/etc/openldap/slapd.conf and smb.conf to lib dir of each compilation. If you have any doubt, contact me on GTalk (stevelacerda) or MSN ( [EMAIL PROTECTED]). Suggestions will be helpful. #!/bin/sh #--# # SAMBA-LDAP INSTALLATION SCRIPT # # Allysson Steve Mota Lacerda - [EMAIL PROTECTED] # #--# mkdir -p /downloads cd /downloads wget http://www.nano-editor.org/dist/v2.0/nano-2.0.3.tar.gz # I LIKE NANO =) wget http://www.openssl.org/source/openssl-0.9.8d.tar.gz wget http://mirror.mcs.anl.gov/openssh/portable/openssh-4.5p1.tar.gz wget http://download-east.oracle.com/berkeley-db/db-4.5.20.tar.gz wget http://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.22.tar.gz wget ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.3.33.tgz wget http://samba.org/samba/ftp/stable/samba-3.0.23d.tar.gz # NANO cd /usr/local/src tar zxvf /downloads/nano-2.0.3.tar.gz cd nano-2.0.3 ./configure --prefix=/usr/local/nano-2.0.3 --enable-all \ make \ make install ln -s /usr/local/nano-2.0.3 /usr/local/nano echo '/usr/local/nano/lib' /etc/ld.so.conf ldconfig # OPENSSL cd /usr/local/src tar zxvf /downloads/openssl-0.9.8d.tar.gz cd openssl-0.9.8d ./config --prefix=/usr/local/openssl-0.9.8d \ --openssldir=/usr/local/openssl-0.9.8d shared \ make \ make install \ ln -s /usr/local/openssl-0.9.8d /usr/local/openssl \ echo '/usr/local/openssl/lib' /etc/ld.so.conf \ ldconfig # OPENSSH cd /usr/local/src tar zxvf /downloads/openssh-4.5p1.tar.gz cd openssh-4.5p1 ./configure --prefix=/usr/local/openssh-4.5p1 \ --with-ssl-dir=/usr/local/openssl --with-libs=-ldl \ make \ make install \ ln -s /usr/local/openssh-4.5p1 /usr/local/openssh \ echo '/usr/local/openssh/lib' /etc/ld.so.conf \ ldconfig # DB4 cd /usr/local/src tar zxvf /downloads/db-4.5.20.tar.gz cd db-4.5.20/build_unix ../dist/configure --prefix=/usr/local/db-4.5.20 \ make \ make install \ ln -s /usr/local/db-4.5.20 /usr/local/db \ echo '/usr/local/db/lib' /etc/ld.so.conf \ ldconfig # CYRUS-SASL cd /usr/local/src tar zxvf /downloads/cyrus-sasl-2.1.22.tar.gz cd cyrus-sasl-2.1.22 env CPPFLAGS=-I/usr/local/openssl/include/openssl \ -I/usr/local/openssl/include LDFLAGS=-L/usr/local/lib/ \ -L/usr/local/openssl/lib/ \ ./configure --prefix=/usr/local/cyrus-sasl-2.1.22 \ --with-bdb-libdir=/usr/local/db/lib \ --with-bdb-incdir=/usr/local/db/include \ make \ make install \ ln -s /usr/local/cyrus-sasl-2.1.22 /usr/local/cyrus-sasl \ ln -s /usr/local/cyrus-sasl/lib/sasl2 /usr/lib/sasl2 \ echo '/usr/local/cyrus-sasl/lib' /etc/ld.so.conf \ ldconfig # OPENLDAP cd /usr/local/src tar zxvf /downloads/openldap-2.3.33.tgz cd openldap-2.3.33 env CPPFLAGS=-I/usr/local/openssl/include/openssl \ -I/usr/local/openssl/include -I/usr/local/db/include \ -I/usr/local/cyrus-sasl/include LDFLAGS=-L/usr/local/lib/ \ -L/usr/local/openssl/lib/ -L/usr/local/db/lib -L/usr/local/cyrus-sasl/lib \ ./configure --prefix=/usr/local/openldap-2.3.33 --with-cyrus-sasl \ --with-tls --with-ssl --enable-crypt \ make depend \ make \ make install \ ln -s /usr/local/openldap-2.3.33 /usr/local/openldap \ echo '/usr/local/openldap/lib' /etc/ld.so.conf \ chmod 700 /usr/local/openldap/var/openldap-data \ mv /usr/local/openldap/var/openldap-data/DB_CONFIG.example \ /usr/local/openldap/var/openldap-data/DB_CONFIG \ ldconfig # SAMBA cd /usr/local/src tar zxvf /downloads/samba-3.0.23d.tar.gz mv samba-3.0.23d samba.admin-3.0.23d cd samba.admin-3.0.23d/source env CPPFLAGS=-I/usr/local/openldap/include \ LDFLAGS=-L/usr/local/openldap/lib \ ./configure --prefix=/usr/local/samba.admin-3.0.23d \ --disable-cups --with-smbmount --with-ldapsam --with-syslog \ --with-quotas --with-acl-support --with-ldap --with-winbind \ make \ make install \ ln -s /usr/local/samba.admin-3.0.23d /usr/local/samba.admin \ cp /usr/local/src/samba.admin-3.0.23d/examples/LDAP/samba.schema \ /usr/local/openldap/etc/openldap/schema/ mkdir -p /var/samba/netlogon/admin mkdir -p /var/samba/profiles/admin mkdir -p /var/samba/arquivos
[Samba] Problem with 02 domains on a single PDC
Hi all. I have 01 Samba-LDAP Server running 02 domains on separated networks. |SERVER| | | | | ADMIN LABI When I try to join the ADMIN domain, the machine joins the LABI domain. When I stop the LABI domain, the machine can join the ADMIN domain normally. Does anyone know how to fix this? Thanks. My configuration files are listed below. DOMAIN 01 [global] workgroup = LABI netbios name = FACOMP01 server string = Controlador de Dominio domain master = yes preferred master = yes local master = yes domain logons = yes enable privileges = yes encrypt passwords = yes ldap passwd sync = yes passdb backend = ldapsam:ldap://localhost ldap suffix = dc=LABI,dc=facomp,dc=edu,dc=br ldap machine suffix = ou=Computadores ldap user suffix = ou=Usuarios ldap group suffix = ou=Grupos ldap admin dn = cn=admin,dc=facomp,dc=edu,dc=br ldap ssl = no logon home = \\%L\%U\.profiles logon path = \\%L\profiles\%U logon script = netlogon.bat security = user os level = 256 interfaces = 172.16.2.254 log level = 3 [netlogon] comment = Servico de Logon path = /var/samba/netlogon/labi guest ok = Yes browseable = No [homes] comment = Diretorio Home valid users = %S guest ok = Yes browseable = No writeable = Yes [profiles] path = /var/samba/profiles/labi writeable = Yes browseable = No create mask = 0600 directory mask = 0700 [arquivos] path = /var/samba/arquivos/labi writeable = No browseable = Yes create mask = 0600 directory mask = 0700 DOMAIN 02 [global] workgroup = ADMIN netbios name = FACOMP01 server string = Controlador de Dominio domain master = yes preferred master = yes local master = yes domain logons = yes enable privileges = yes encrypt passwords = yes ldap passwd sync = yes passdb backend = ldapsam:ldap://localhost ldap suffix = dc=ADMIN,dc=facomp,dc=edu,dc=br ldap machine suffix = ou=Computadores ldap user suffix = ou=Usuarios ldap group suffix = ou=Grupos ldap admin dn = cn=admin,dc=facomp,dc=edu,dc=br ldap ssl = no logon home = \\%L\%U\.profiles logon path = \\%L\profiles\%U logon script = netlogon.bat security = user os level = 256 interfaces = 172.16.1.254 log level = 3 [netlogon] comment = Servico de Logon path = /var/samba/netlogon/admin guest ok = Yes browseable = No [homes] comment = Diretorio Home valid users = %S guest ok = Yes browseable = No writeable = Yes [profiles] path = /var/samba/profiles/admin writeable = Yes browseable = No create mask = 0600 directory mask = 0700 [arquivos] path = /var/samba/arquivos/admin writeable = No browseable = Yes create mask = 0600 directory mask = 0700 -- Allysson Steve Mota Lacerda [EMAIL PROTECTED] http://www.stevelacerda.net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with 02 domains on a single PDC
On 3/20/07, Gary Dale [EMAIL PROTECTED] wrote: If I understand things, you have one server that you want to serve as a domain controller for two different domains. Each domain is a separate ldap dc within facomp.edu and each has either its own NIC or at least a different IP address on the same NIC. Exactly. You are running two different copies of Samba at the same time, pointing to a different smb.conf when you start each one. You may want to look at http://wiki.samba.org/index.php/Multiple_Server_Instances for an example of how to accomplish this. Actually, I have two diferent Samba compilations (different directories). I've just added bind interfaces only = yes in each smb.conf and now I have two working domains. Thanks a lot -- Allysson Steve Mota Lacerda [EMAIL PROTECTED] http://www.stevelacerda.net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Information about SSID structure
I'm experiencing some problems with Samba-LDAP and I wanna know a little more about the structure of SSID. Does anyone know where I can find information about this? -- Allysson Steve Mota Lacerda [EMAIL PROTECTED] http://www.stevelacerda.net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with users files
I'm using Samba-LDAP to control 02 domains running on a single server (on separated interfaces). The second domain is not used but it's running all the time. Unfortunately, the files of the users are mixed and duplicated. This occurs when they logoff. Did anyone have this problem? Can anyone help me? Thanks. -- Allysson Steve Mota Lacerda [EMAIL PROTECTED] http://www.stevelacerda.net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] SAMBA-LDAP - Group permissions
Hi folks. I have a functional Samba-LDAP server running as a PDC with Windows 2003 clients. I'm changing the structure of my LDAP tree and I want to give administrator's permissions to a branch (i.e. ou=teachers,dc=domain,dc=com). Is there a way to do this automatically (i.e. by using an argument in smb.conf)? Ah... I tried to use admin users in smb.conf to give permissions to a single user but it didn't function. Thanks a lot. My smb.conf: [global] workgroup = FACOMP netbios name = FACOMP01 server string = Controlador de Dominio domain master = yes preferred master = yes local master = yes domain logons = yes enable privileges = yes encrypt passwords = yes ldap passwd sync = yes admin users = rodrigoqueiroz passdb backend = ldapsam:ldap://localhost smbpasswd guest ldap suffix = dc=facomp,dc=edu,dc=br ldap machine suffix = ou=Computadores ldap user suffix = ou=Usuarios ldap group suffix = ou=Grupos ldap admin dn = cn=admin,dc=facomp,dc=edu,dc=br ldap ssl = no logon script = netlogon.bat logon home = \\%L\%U\.profiles logon path = \\%L\profiles\%U security = user os level = 256 interfaces = 192.168.0.1 log level = 3 veto files = /*.mp3/*.wma/*.wmv/*.avi/*.mpg/*.wav/*.rmvb/ delete veto files = Yes -- Allysson Steve Mota Lacerda [EMAIL PROTECTED] http://www.stevelacerda.net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: QMAIL + SAMBA + LDAP
It's working... just by using ldap passwd sync. I thought userPassword was a field of qmailUser and ldap passwd sync didn't know it. I was trying to find a way to integrate them by using a backend or something like it. Thanks a lot. P.S.: I received a lot of messages sent directly to me... there are a lot of brazilians here. Does anyone know if there is a group like that here in Brazil? -- Allysson Steve Mota Lacerda [EMAIL PROTECTED] http://www.stevelacerda.net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] QMAIL + SAMBA + LDAP
Hi all. I use Qmail-LDAP and Samba-LDAP and I'm trying to integrate the passwords in a single ldap entry. The problem is synchronize the password fields of Samba and Qmail. When a user change his Samba password (via Windows), the field userPassword of qmailUser must be changed too. Is ti possible? I heard about ldap passwd sync but I couldn't find a way to do this. Best regards. -- Allysson Steve Mota Lacerda [EMAIL PROTECTED] http://www.stevelacerda.net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba