Re: [Samba] net join DNS
Why wouldn't that be a command line option to the net command? I'm sure we're not the only ones who want static and not dynamic DNS records but would still like the ability to create dynamic records if needed. From: David Roid [mailto:datar...@gmail.com] Sent: Saturday, July 30, 2011 1:09 AM To: Auleta, Michael Subject: Re: [Samba] net join DNS Hello there, you need to remove '--with-dns-update' which is a compile option. 2011/7/28 Auleta, Michael michael_aul...@condenast.com Is there an option to the net command to not have it update DNS in AD? We are joining servers using the net ads join command and it's changing our static DNS entries to dynamic ones which then get deleted when AD does its DNS scavenging. It seems that dynamically updating DNS is the default. The command we're running is: net ads join -U adminuser%adminpasswd Thanks - Mike Mike Auleta UNIX Administrator Conde Nast Publications (302) 830-4688 michael_aul...@condenast.com This e-mail, including attachments, is intended for the person(s) or company named and may contain confidential and/or legally privileged information. Unauthorized disclosure, copying or use of this information may be unlawful and is prohibited. If you are not the intended recipient, please delete this message and notify the sender. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba This e-mail, including attachments, is intended for the person(s) or company named and may contain confidential and/or legally privileged information. Unauthorized disclosure, copying or use of this information may be unlawful and is prohibited. If you are not the intended recipient, please delete this message and notify the sender. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] net join DNS
Is there an option to the net command to not have it update DNS in AD? We are joining servers using the net ads join command and it's changing our static DNS entries to dynamic ones which then get deleted when AD does its DNS scavenging. It seems that dynamically updating DNS is the default. The command we're running is: net ads join -U adminuser%adminpasswd Thanks - Mike Mike Auleta UNIX Administrator Conde Nast Publications (302) 830-4688 michael_aul...@condenast.com This e-mail, including attachments, is intended for the person(s) or company named and may contain confidential and/or legally privileged information. Unauthorized disclosure, copying or use of this information may be unlawful and is prohibited. If you are not the intended recipient, please delete this message and notify the sender. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Winbind user ID's on multiple servers
This addressed exactly what I was trying to accomplish. Rid mapping is your friend for this. -Original Message- From: Andrew Masterson [mailto:andrew.master...@nuvistaenergy.com] Sent: Thursday, March 10, 2011 1:54 PM To: Javier Conti Cc: samba@lists.samba.org; Auleta, Michael Subject: RE: [Samba] Winbind user ID's on multiple servers -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Javier Conti Sent: Wednesday, March 09, 2011 4:28 PM To: TAKAHASHI Motonobu Cc: samba@lists.samba.org; Mike Auleta Subject: Re: [Samba] Winbind user ID's on multiple servers On Mar 10, 2011 12:16 AM, TAKAHASHI Motonobu mo...@monyo.com wrote: 2011/3/10 Javier Conti javier.co...@gmail.com: On 9 March 2011 20:13, Mike Auleta michael_aul...@condenast.com wrote: We're looking at setting up Linux Authentication to our AD servers using winbind and need to know if there is a way to keep all the user IDs in sync across the Linux servers. The way I see it now, the user ID is assigned numerically depending on the order users log in to a server. Could make for issues if NFS mounted directories are involved. Hi, I'm using AD 2008 R2 as PDC, and have been successful using the following configuration in /etc/samba/smb.conf on the client: [global] (snip) idmap backend = ad idmap config MYDOMAIN : backend = ad idmap config MYDOMAIN : range = 1 - 2 idmap config MYDOMAIN : schema_mode = rfc2307 winbind nss info = rfc2307 Since this configuration uses the Posix attributes found in the rfc2307 schema, I have the uidNumber attribute of users and the gidNumber attribute of groups populated with the IDs used in Unix (and in the range between 1 and 2). idmap backend should be a writeable backend such as tdb or ldap. If someone manages user and groups on the AD, thus assigning uidNumbers and gidNumbers on it, is it still necessary (or a real advantage) for the idmap backend to be writeable? Just wondering... Javier Anyway, to synclonize UID, you can also use rid or ldap instead of ad. If you simply want to sync UIDs, rid is a better choice, I think. For example: idmap config DOMAIN:range = 100 - 199 idmap config DOMAIN:base_rid = 0 idmap config DOMAIN:backend = rid Please refer to manpages in the detail. This is why, if you have a single domain and no weird setup, RID mapping is best. You get consistent mapping across all domain member servers and it's easy to port stuff around. I messed around with the other stuff and SFU, but RID is the easiest by far. -=Andrew This e-mail, including attachments, is intended for the person(s) or company named and may contain confidential and/or legally privileged information. Unauthorized disclosure, copying or use of this information may be unlawful and is prohibited. If you are not the intended recipient, please delete this message and notify the sender. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
RE: [Samba] Re: Apostrophes in Windows usernames (again)
We tried that also. It didn't work either. But since I was pointed to bug 1221, I removed the matching of an apostrophe in util_str.c (fell back to 2.2 behaviour) and that looks like it works. My user is able to map his shares again. Thanks for all who helped. Mike -Original Message- From: David Brodbeck [mailto:[EMAIL PROTECTED] Sent: Monday, June 07, 2004 4:23 PM To: EXT-Auleta, Michael; [EMAIL PROTECTED] Subject: RE: [Samba] Re: Apostrophes in Windows usernames (again) -Original Message- From: EXT-Auleta, Michael [mailto:[EMAIL PROTECTED] I think I've narrowed down my problem, but I still don't know where to fix it. It appears that scanning the users.map file strips out the apostrophes and the Windows ID never matches: The entry in the users.map file is: unixid = o'brienta so it should map. I've tried enclosing the Windows name in double quotes, but that didn't help. What happens if you escape the apostrophe with a backslash, like this: unixid = o\'brienta -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: Apostrophes in Windows usernames (again)
It's very possible. I've put the suggested changes in place and recompiled on a test box, but my user is out of the office today and can't test it so I'll have to wait for hte weekend to pass. Thenks for the info. Mike -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, June 03, 2004 5:10 PM To: EXT-Auleta, Michael Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Re: Apostrophes in Windows usernames (again) Could this also be a result of bug 1221? Mark I think I've narrowed down my problem, but I still don't know where to fix it. It appears that scanning the users.map file strips out the apostrophes and the Windows ID never matches: [2004/06/01 16:23:51, 10] lib/username.c:user_in_list(521) user_in_list: checking user o'brienta in list [2004/06/01 16:23:51, 10] lib/username.c:user_in_list(525) user_in_list: checking user |o'brienta| against |obrienta| [2004/06/01 16:23:51, 5] auth/auth_util.c:make_user_info_map(216) make_user_info_map: Mapping user [XX]\[o'brienta] from workstation [workstation] The entry in the users.map file is: unixid = o'brienta so it should map. I've tried enclosing the Windows name in double quotes, but that didn't help. This worked in 2.2.2 on Solaris 8, but we're now running 3.0.2a on Solaris 8 doing domain authentication. There are no local Samba accounts. I've applied the changes that were suggested on Mon Dec 8 21:39:52 GMT 2003 to add the apostrophe to the list of SAFE_NETBIOS_CHARACTERS and to smbd/password.c. Any ideas? Mike Mike Auleta Boeing IDS, Philadelphia 610-591-3916 Who's the more foolish, the fool or the fool who's following him? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Apostrophes in Windows usernames (again)
I think I've narrowed down my problem, but I still don't know where to fix it. It appears that scanning the users.map file strips out the apostrophes and the Windows ID never matches: [2004/06/01 16:23:51, 10] lib/username.c:user_in_list(521) user_in_list: checking user o'brienta in list [2004/06/01 16:23:51, 10] lib/username.c:user_in_list(525) user_in_list: checking user |o'brienta| against |obrienta| [2004/06/01 16:23:51, 5] auth/auth_util.c:make_user_info_map(216) make_user_info_map: Mapping user [XX]\[o'brienta] from workstation [workstation] The entry in the users.map file is: unixid = o'brienta so it should map. I've tried enclosing the Windows name in double quotes, but that didn't help. This worked in 2.2.2 on Solaris 8, but we're now running 3.0.2a on Solaris 8 doing domain authentication. There are no local Samba accounts. I've applied the changes that were suggested on Mon Dec 8 21:39:52 GMT 2003 to add the apostrophe to the list of SAFE_NETBIOS_CHARACTERS and to smbd/password.c. Any ideas? Mike Mike Auleta Boeing IDS, Philadelphia 610-591-3916 Who's the more foolish, the fool or the fool who's following him? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Apostrophe's in Windows usernames
I saw the posting for the attached issue from Dec 8, 2003 and made the changes to smbd/password.c and include/smb.h but am still having a problem with a user attaching to our Samba server with an apostrophe in his name. We use a usermap file and it looks like the apostrophe is being stripped out of the map file when the Windows ID is trying to be mapped. The entry in the user name map file is bvec32 = o'brienta, but a level 10 log shows: user_in_list: checking user |bvevc32| against |obrienta| so the authentication fails. I'm assuming that a change needs to be made to username.c, but I'm not sure what ... We're running 3.0.2a on Solaris 8. Any help? Mike Mike Auleta Boeing IDS, Philadelphia 610-591-3916 Who's the more foolish, the fool or the fool who's following him? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] MS Patch MS04-011 Samba upgrade
If I have a Samba server that is part of a Windows 2000 domain and is not a domain controller (all of our authentication goes against a Windows 2000 box), do I need to upgrade to 3.0.4/2.2.9? What is the interaction between a Samba server that is part of a domain and the Windows client if all of the authentication is being done against a Windows 2000 PDC? Mike Auleta Boeing IDS, Philadelphia 610-591-3916 Who's the more foolish, the fool or the fool who's following him? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Upgrade directory permissions
I've just upgraded the version of Samba we're running from 2.2.2 to 3.0.2a and am seeing an issue with permissions on directories. Users can still map the shares that are set up, but cannot access the directories within those shares. This is also not consistent; it's not happening to all users. Our environment: Samba 3.0.2a Domain Authentication to a Win2K server No Winbind Solaris 8 on a Sun E3000 server I'm inclined to back out the upgrade, but if there's a quick fix I'd prefer to implement that. Any ideas? Mike Mike Auleta Boeing IDS, Philadelphia 610-591-3916 Who's the more foolish, the fool or the fool who's following him? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Upgrade directory permissions
I don't want to open up the directory file permissions for security reasons. We set the gid bit on the directories so any new files or directories that get created underneath get created with the correct group ownership. The permissions on the directories are 770 and the users are members of the group owner of the directories. -Original Message- From: Jose Martinez [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 20, 2004 2:03 PM To: EXT-Auleta, Michael; [EMAIL PROTECTED] Subject: RE: [Samba] Upgrade directory permissions What is the umask setting in the smb.conf file for your shares. I know I had to play with the umask setting to get it to work on mine. Sometimes, the umask setting doesn't even make sense, however I just set them to what I needed the end result to be. Not sure if the /etc/bashrc setting plus this setting is what is causing my weird umask setting, but its all working like I like it now. In addition, we have a different type of setup where the user owns his home directory, however the admins group is the group owner of the directory, not the users group. So every 20 minutes I have a quick script that goes out there and changes the group ownership of any new file created to the admins group for group for group ownership. We do this so that the admins can modify any file under the home directories and profiles. Example of umask setting: [Profiles] path = /home/profiles browseable = no guest ok = yes writable = yes create mask = 707 nt acl support = yes profile acls = yes Jose -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of EXT-Auleta, Michael Sent: Tuesday, April 20, 2004 1:30 PM To: [EMAIL PROTECTED] Subject: [Samba] Upgrade directory permissions I've just upgraded the version of Samba we're running from 2.2.2 to 3.0.2a and am seeing an issue with permissions on directories. Users can still map the shares that are set up, but cannot access the directories within those shares. This is also not consistent; it's not happening to all users. Our environment: Samba 3.0.2a Domain Authentication to a Win2K server No Winbind Solaris 8 on a Sun E3000 server I'm inclined to back out the upgrade, but if there's a quick fix I'd prefer to implement that. Any ideas? Mike Mike Auleta Boeing IDS, Philadelphia 610-591-3916 Who's the more foolish, the fool or the fool who's following him? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
