Re: [Samba] Manage password change without windows...
I dont know how but perhaps you can use pam_ldap module see http://www.padl.com/OSS/pam_ldap.html Marco Gaiarin ha scritto: [I'm subscribed, but with mail deliverying turned off. I will read the thread on web archive, but please CC me... i'm subscribed to the italian samba list, but there's no answer there...] I manage some samba domain (samba3 as in debian stable), using LDAP as backend and smbldap-tools. The domains born as windows-only, and they are still windows-prevalent, but i'm inserting here and there some Linux box (Ubuntu), using LDAP (pam and NSS) for account and password on linux systems. All the password management are done by 'windows', and i've done a little script (mimic around the smbldap-tools) that simply read the expiration data in windows LDAP field and (adapt and) copy them over the POSIX ones. So there's no trouble for me to 'expire' a password for the Ubuntu client, and the client correctly behave on that, prevent users to logon if password was expired or warn them if only some days misses. But, as i sayed, now i've some users that are substantially Linux-only users, and now i need to ask them to make a logon on a windows box to change their password. ;( Basically i'm looking for a tool that will permit to users to change their password using standard tool from an Ubuntu box, updating POSIX and samba data in LDAP. 1) i've looked at pam_smbpasswd, that in PAM 'password' context seems to do exactly what i need, but seems also that works only for the old /etc/samba/smbpasswd file and not for pdb (nor LDAP) 2) i've looked also to a web interface (LAM), but this feature was available only in 'pro' commercial version. Someone can point me to the right tool/solution? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Eficient method to run [net time \\server] on logon script with winxp+domain ?
hamacker ha scritto: I can not find any element inside gpedit to change that. Do you know, what element I can change that ? hamacker ha scritto: Any eficient method to run [net time \\server] on logon script with winxp+domain ? configuration computer windows settings protection settings local settings set right user set change time sorry for my traslation. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC - Usernames with over 20 characters are not working with Vista SP1
see : http://www.hep.phy.cam.ac.uk/samba-3.0.9/Samba-Guide/migration.html section: What are the limits or constraints that apply to group names Andrei Mikhailovsky ha scritto: Hi all, I am having difficulties logging into Samba domain with Vista SP1 with usernames that have over 20 characters in their names. Vista SP1 gives me the following error: The local Session Manager service failed the logon. The data area passed to a system call is too small. Anyone know what might be the cause of the problem and how to solve it? Many thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Server Maps by IP but not by Name for Domain Users
on windows client nbtstat -a admin1 give you the ip of admin1 mh if remember well, if you have a domain you must have a wins server. sorry, I forgot the list :-( Matthew Lind ha scritto: We don't run the WINS service on our network. We have no Win9x or earlier clients. All clients are Windows XP. However, to answer your question this is what I get on the server when I run the nmblookup nmblookup admin1: creating lame upcase table creating lame lowcase table querying admin1 on x.x.y.y x.x.n.n admin1<00> nmblookup : creating lame upcase table creating lame lowcase table querying admin1 on x.x.y.y x.x.a.a <00> nmblookup doesn't work on Windows XP. Thanks again! On Tue, 2008-10-14 at 17:19 +0200, Bruno La Torre wrote: I thing that you have a WINS problem. nmblookup admin1 on the server and client give the rigth IP? Matthew Lind ha scritto: I gave that a shot and it was a no go. Same errors are produced. Thanks! On Mon, 2008-10-13 at 13:57 -0500, Adam Williams wrote: add in your [global] section: msdfs root = yes restart samba, and then try connecting to your shares by server name again. Matthew Lind wrote: Hey all, I've got an issue with my Samba server. I can't seem to get file shares to map using Server Name, but I can get them to map using IP Address. Here is my smb.conf: [global] workgroup = ADMIN server string = Snap Server timestamp logs = yes dos filetimes = yes dos filemode = yes inherit acls = yes name cache timeout = 0 winbind uid = 101-600 winbind gid = 101-600 local master = No guest account = guest map to guest = Never unix charset = CP1252 dos charset = CP850 allow trusted domains = no security = ADS disable netbios = no password server = * encrypt passwords = Yes username level = 5 debug level = 0 load printers = no utmp directory = /var/run utmp = yes name resolve order = host lmhosts wins bcast ldap timeout = 5 restrict anonymous = 2 include = /etc/smb.conf.perm include = /etc/smb.conf.extra include = /etc/smb.conf.dm include = /etc/smb_shares.conf Here is my smb_shares.conf: *Note All shares follow this format and all seem affected I am just truncating * ..snip.. [bordway] path = /shares/bordway read only = no comment = follow symlinks = no printable = no browseable = yes map acl inherit = yes create mask = 0777 security mask = 0777 directory mask = 0777 directory security mask = 0777 create mask_ext = 0777 directory mask_ext = 0777 guest ok = No valid users = \ "admin" \ "ADMIN\bordway" write list = \ "admin" \ "ADMIN\bordway" ..snip.. Here is my smb.conf.perm: panic action = /usr/bin/backtrace %d > /tmp/segv_samba_%d.out 2>&1 # root preexec = /usr/local/samba/bin/log_connect.sh '%u' '%m' '%I' '%S' # root postexec = /usr/local/samba/bin/log_disconnect.sh '%u' '%m' '%I' '%S' username level = 0 realm = ADMIN.NHTI smb.conf.dm and smb.conf.extra are empty. When a client tries to connect using the Server Name this is the error in the log: [2008/10/13 11:51:54, 0] lib/util_sock.c:get_socket_addr(926) getpeername failed. Error was Transport endpoint is not connected [2008/10/13 11:51:54, 0] lib/util_sock.c:get_socket_addr(926) getpeername failed. Error was Transport endpoint is not connected [2008/10/13 11:51:54, 0] lib/util_sock.c:write_socket_data(388) write_socket_data: write failure. Error = Connection reset by peer [2008/10/13 11:51:54, 0] lib/util_sock.c:write_socket(413) write_socket: Error writing 4 bytes to socket 19: ERRNO = Connection reset by peer [2008/10/13 11:51:54, 0] lib/util_sock.c:send_smb(585) Error writing 4 bytes to client. -1. (Connection reset by peer) [2008/10/13 11:53:00, 0] lib/util_sock.c:get_socket_addr(926) getpeername failed. Error was Transport endpoint is not connected [2008/10/13 11:53:01, 0] lib/util_sock.c:get_socket_addr(926) getpeername failed. Error was Transport endpoint is not connected [2008/10/13 11:53:01, 0] lib/util_sock.c:write_socket_data(388) write_socket_data: write failure. Error = Connection reset by peer [2008/10/13 11:53:01, 0] lib/util_sock.c:write_socket(413) write_socket: Error writing 4 bytes to socket 19: ERRNO = Connection reset by peer [2008/10/13 11:53:01, 0] lib/util_sock.c:send_smb(585) Error writing 4 bytes to client. -1. (Connection reset by peer) On the Windows side if I try by name the user is presented with a Login Box. When the credentials are entered the map fails. If I try with IP no login box is presented and the mapping succeeds. Things I have tried: I have tried adding the following to smb.conf (individually and in combination) smb ports = 139 smb ports = 445 netbios name = admin1 The clients can ping the server by name and the server can ping the clie
Re: [Samba] Cluster: node to node switching
are you sure that the uid and gid of samba is the item on the node? Aleksander Gudalo ha scritto: Hi *, I use samba 3.2.3 actually and have problems to switch between two nodes in a cluster in an active directory environment. I know of CTDB but I want to keep it simple and so I use a shared folder for the .tdb files. But it does not work since samba 3.2 anymore. After switching from one node to another I have to delete the .tdb files and join again to the domain to have access to samba. What I'm doing wrong here? Thanks and regards, Aleksander -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Eficient method to run [net time \\server] on logon script with winxp+domain ?
you must give right permission to user xp by gpedit.msc hamacker ha scritto: Any eficient method to run [net time \\server] on logon script with winxp+domain ? Normal method, winxp refuses that with the error message : you're not administrator. In next week, in Brazil enable summer time (Daylight Saving Time) and I need to update many stations in the automatic way. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Server Maps by IP but not by Name for Domain Users
I thing that you have a WINS problem. nmblookup admin1 on the server and client give the rigth IP? Matthew Lind ha scritto: I gave that a shot and it was a no go. Same errors are produced. Thanks! On Mon, 2008-10-13 at 13:57 -0500, Adam Williams wrote: add in your [global] section: msdfs root = yes restart samba, and then try connecting to your shares by server name again. Matthew Lind wrote: Hey all, I've got an issue with my Samba server. I can't seem to get file shares to map using Server Name, but I can get them to map using IP Address. Here is my smb.conf: [global] workgroup = ADMIN server string = Snap Server timestamp logs = yes dos filetimes = yes dos filemode = yes inherit acls = yes name cache timeout = 0 winbind uid = 101-600 winbind gid = 101-600 local master = No guest account = guest map to guest = Never unix charset = CP1252 dos charset = CP850 allow trusted domains = no security = ADS disable netbios = no password server = * encrypt passwords = Yes username level = 5 debug level = 0 load printers = no utmp directory = /var/run utmp = yes name resolve order = host lmhosts wins bcast ldap timeout = 5 restrict anonymous = 2 include = /etc/smb.conf.perm include = /etc/smb.conf.extra include = /etc/smb.conf.dm include = /etc/smb_shares.conf Here is my smb_shares.conf: *Note All shares follow this format and all seem affected I am just truncating * ..snip.. [bordway] path = /shares/bordway read only = no comment = follow symlinks = no printable = no browseable = yes map acl inherit = yes create mask = 0777 security mask = 0777 directory mask = 0777 directory security mask = 0777 create mask_ext = 0777 directory mask_ext = 0777 guest ok = No valid users = \ "admin" \ "ADMIN\bordway" write list = \ "admin" \ "ADMIN\bordway" ..snip.. Here is my smb.conf.perm: panic action = /usr/bin/backtrace %d > /tmp/segv_samba_%d.out 2>&1 # root preexec = /usr/local/samba/bin/log_connect.sh '%u' '%m' '%I' '%S' # root postexec = /usr/local/samba/bin/log_disconnect.sh '%u' '%m' '%I' '%S' username level = 0 realm = ADMIN.NHTI smb.conf.dm and smb.conf.extra are empty. When a client tries to connect using the Server Name this is the error in the log: [2008/10/13 11:51:54, 0] lib/util_sock.c:get_socket_addr(926) getpeername failed. Error was Transport endpoint is not connected [2008/10/13 11:51:54, 0] lib/util_sock.c:get_socket_addr(926) getpeername failed. Error was Transport endpoint is not connected [2008/10/13 11:51:54, 0] lib/util_sock.c:write_socket_data(388) write_socket_data: write failure. Error = Connection reset by peer [2008/10/13 11:51:54, 0] lib/util_sock.c:write_socket(413) write_socket: Error writing 4 bytes to socket 19: ERRNO = Connection reset by peer [2008/10/13 11:51:54, 0] lib/util_sock.c:send_smb(585) Error writing 4 bytes to client. -1. (Connection reset by peer) [2008/10/13 11:53:00, 0] lib/util_sock.c:get_socket_addr(926) getpeername failed. Error was Transport endpoint is not connected [2008/10/13 11:53:01, 0] lib/util_sock.c:get_socket_addr(926) getpeername failed. Error was Transport endpoint is not connected [2008/10/13 11:53:01, 0] lib/util_sock.c:write_socket_data(388) write_socket_data: write failure. Error = Connection reset by peer [2008/10/13 11:53:01, 0] lib/util_sock.c:write_socket(413) write_socket: Error writing 4 bytes to socket 19: ERRNO = Connection reset by peer [2008/10/13 11:53:01, 0] lib/util_sock.c:send_smb(585) Error writing 4 bytes to client. -1. (Connection reset by peer) On the Windows side if I try by name the user is presented with a Login Box. When the credentials are entered the map fails. If I try with IP no login box is presented and the mapping succeeds. Things I have tried: I have tried adding the following to smb.conf (individually and in combination) smb ports = 139 smb ports = 445 netbios name = admin1 The clients can ping the server by name and the server can ping the clients by name. The clients use the Domain Controller as their DNS server and it can map to the server by name. wbinfo -u and wbinfo -g come back with the correct group and user information. Any help would be appreciated! Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC cannot become master browser; cannot change passwords
Kevin DeGraaf ha scritto: I am having two problems, possibly related, while performing pre-deployment testing of a Samba/OpenLDAP PDC with data that was vampired from an NT4 PDC. The Samba server fails to become a local master browser, and password change attempts (from a Windows client) fail. I followed Samba-Guide/ntmigration.html (taking some liberties with various items of configuration), ending with step #19. No problems were encountered. I isolated the server and a client on a separate network, promoted Samba to a PDC (step #21), and started the Samba daemons. On the closed network are the following machines: Software: Debian Etch, Samba 3.0.24 NetBIOS: SPACETIME Address: 192.168.1.2 Netmask: 255.255.255.0 Gateway: none Software: Windows XP Professional NetBIOS: ICE-LT021 Address: 192.168.1.50 Netmask: 255.255.255.0 Gateway: none DNS: 192.168.1.2 WINS: 192.168.1.2 Here are my config files and logs: http://kdegraaf.net/samba-wtf/smb.conf http://kdegraaf.net/samba-wtf/slapd.conf http://kdegraaf.net/samba-wtf/log.smbd http://kdegraaf.net/samba-wtf/log.nmbd http://kdegraaf.net/samba-wtf/log.192.168.1.50 http://kdegraaf.net/samba-wtf/log.ice-lt021 The server is running dnscache on 192.168.1.2 and tinydns on 127.0.0.1. The client can ping the server by hostname, indicating that DNS and basic TCP/IP are in working order. The client can successfully join the domain and log in. Problem #1: register_name_response: server at IP 192.168.1.50 rejected our name registration of INTERCLEAN<1d> IP 192.168.1.2 with error code 6. become_local_master_fail2: failed to register name INTERCLEAN<1d> on subnet 192.168.1.2. Failed to become a local master browser. unbecome_local_master_browser: unbecoming local master for workgroup INTERCLEAN on subnet 192.168.1.2 Seriously? Clients can tell servers to stop being servers? Imagine: in the smb network every host can be a server, who is the server is who wins the election. put local master = yes in smb.conf and change os level = 255 [CUT] Problem #2: I attempted to change my password from the Windows workstation. The request hung for 35 seconds and then I received an error: "The system cannot change your password now because the domain INTERCLEAN is not available." I'm not sure but the admin must write on the tree ldap access to attr=userPassword,sambaNTPassword,sambaLMPassword,shadowLastChange by dn="cn=Manager,dc=interclean,dc=com" write by anonymous auth by self write by * auth -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] slow samba
iLinux ha scritto: I have a samba version 3.024 server joined to a ADS as a "Workstation or server" acting as a file/print server. It is a Debian 4.0 amd64 up to date with stable. ftp works just fine so not network, must be samba config. vary slow file transfer when copying file from one computer but copy from two or more at the same time speed is 10 times faster. You will be copying a 600MG file with one computer and it will say 80 minutes remaining. start copying a file from a nother computer and 10X faster ( 4 minutes remaining ). Also when copying file from server with linux client 2 minutes 6.5 to 7.0 MBPS. It looks like it has something to do with cash. i have "winbind cache time = 30" in my smb.config and "socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384" no help. Thanks in advance for your help. I had the item problem, for me the solution was to enable "Flow control" on the switch. bruno -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How to move a samba PDC to a diffrent box
Ivan Ordonez ha scritto: John Drescher wrote: Sorry to bother you. I hope you can help me with my issue. Always cc to the list as well. We have a domain with more than 100 users and we need to replace our PDC. The PDC main function is to authenticate our users to connect to the shared drive and to authenticate computer login. The PDC is running samba with openldap on Gentoo machine. I have two BDCs with ACL set to read and write only. It was set that way to make the syncing process easier. The syncing process is like a chain using slurpd. We plan to use "syncrepl" later. What is the best way to do to replace the PDC? I already have a Gentoo machine up and running. I copied over all the samba and openldap files from the old PDC to this new machine. I also exported the database by running the "slapcat -l" command. I am hesitant to start the slapd, slurpd and samba service as I am not so sure if I am doing the right thing. Disconnect the network cable on the new machine to make sure you are not interfering with the rest of the network. Start slapd then use slapadd to add your ldap to the database. Use slapcat to verify that all was added and the ldif looks correct. Then start samba and see if the smbclient can connect to itself. Is the old machine the same name as the new? How about the ipddress? Are you using wins, lmhosts or dns for your clinets to find the pdc? I will try your suggestion. We plan on using the same name on the new machine and the same IP address as well. We are using WINS for our client to find the PDC. you must set on the new PDC the SID of the old PDC see "net getlocalsid" and "net setlocalsid" bruno -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba