Re: [Samba] Upgrading Samba-LDAP
John Drescher wrote: I am looking to upgrade my Samba server to Samba 3.5.x from Samba 3.0.20 and openldap from 2.2.13 to 2.3.43. Is there anyway to do this and still keep my current domain intact? The interest in upgrading is so that we can suppport Win 7 systems. Of course you can keep your current domain intact. Do you have more than 1 ldap server? I highly recommend that. John Is it really as simple as just migrating my ldap data over to another ldap version on a server with a new release of Samba and changing the local sids? I may have gotten confused when reading something in the upgrade from 3.0.x to the 3.0.23 version in the documentation. (old documentation) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Upgrading Samba-LDAP
I am looking to upgrade my Samba server to Samba 3.5.x from Samba 3.0.20 and openldap from 2.2.13 to 2.3.43. Is there anyway to do this and still keep my current domain intact? The interest in upgrading is so that we can suppport Win 7 systems. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ldap ssl = off ??
* * ldap ssl = off In the how to for setting up samba-ldap http://www.howtoforge.com/centos-5.x-samba-domain-controller-with-ldap-backend-p2 * * the author writes that you need ldap ssl = off* *for samba 3.x am I interpreting this incorrectly? I interpreted 'ldap ssl = off' as being that the communication from the samba server to ldap server was not encrypted or not using tls and has nothing to do with the communication with client computers in the domain. Is this a change in the 3.x versions which requires that you explicitly state you are not using ssl/tls. * * -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [SAMBA] Problem connecting Computer to network
Yep, I had a problem with ldap.conf
I had checked that 3 times, I found a problem yesterday, but didn't see
that there was an error in my suffix for rootdn
getent passwd worked
and entering the computer into the domain worked.
Thank you very much
That's one of the bad things about linux, is you set it up and it works for
8 years and then do it again and you've forgotten all the nuances.
Well this really wasn't a nuance, more like suffering from config blindness.
Thanks
On Fri, Jul 30, 2010 at 3:05 PM, Gaiseric Vandal
gaiseric.van...@gmail.comwrote:
I am fairly certain that the underlying OS will need to see the samba
account with the getent command. We use ldap for unix level
authentication anyway so I am not 100% sure this is true.
Check /etc/nsswitch.conf
passwd: files ldap
shadow: files ldap
group: files ldap
Also check /etc/ldap.conf and /etc/openldap/ldap.conf (assuming you are on
linux and not solaris.)
On 07/30/2010 03:09 PM, Clark Johnston wrote:
I reexamined the slapcat output and it did create iet013c$ account in LDAP,
but getent passwd isn't showing it.
When I look at a previous installation of a Samba LDAP PDC I do not see
the accounts in /etc/passwd , but I do see them when I put in getent passwd.
dn: uid=iet013c$,ou=Computers,dc=internaltest
objectClass: top
objectClass: account
objectClass: posixAccount
cn: iet013c$
uid: iet013c$
uidNumber: 1001
gidNumber: 515
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
gecos: Computer
structuralObjectClass: account
entryUUID: e73c4f2e-2ee7-102f-8017-31ff3607ac6d
creatorsName: cn=Manager,dc=internaltest
createTimestamp: 20100728230213Z
entryCSN: 20100728230213Z#01#00#00
modifiersName: cn=Manager,dc=internaltest
modifyTimestamp: 20100728230213Z
So I am not quite sure what is going on here.
On Thu, Jul 29, 2010 at 4:44 PM, Gaiseric Vandal
gaiseric.van...@gmail.com wrote:
When you try to join a computer to the network, you mean you are trying to
join a Windows PC (e.g. XP Pro) to the domain? Or you are trying to join
the PDC machine to the domain?
I would guess you need to manually create the PDC's unix account, even if
samba is going to create the other unix accounts for you. (I don't have
samba do this myself.) Does getent passwd show the accounts for your PDC
and other computers? If you manually create the unix account for a
computer, is it able to join the domain?
On 07/29/2010 11:10 AM, Clark Johnston wrote:
I am trying to attempt to set up a samba ldap PDC server.
When I try and connect a computer to the network I get error 'Username
could
not be found'
I have included smbldap.conf ##smbldap.conf
slapd.conf ##slapd.conf
the smb.conf ##smb.conf
the results of slapcat ##slapcat
the eriror log for log.roor ##log.root
The error I marked as interesting ##interesting , shows that it can't
create
the user or maybe something else. But up until that time there didn't
seem
to be a problem.
##smbldap.conf
SID=S-1-5-21-2244683438-1300233924-2635510394
sambaDomain=internaltest
slaveLDAP=127.0.0.1
slavePort=389
masterLDAP=127.0.0.1
masterPort=389
ldapTLS=0
ldapSSL=0
verify=none
cafile=/etc/smbldap-tools/ca.pem
clientcert=/etc/smbldap-tools/smbldap-tools.iallanis.info.pem
clientkey=/etc/smbldap-tools/smbldap-tools.iallanis.info.key
suffix=dc=internaltest
usersdn=ou=Users,${suffix}
computersdn=ou=Computers,${suffix}
groupsdn=ou=Groups,${suffix}
idmapdn=ou=Idmap,${suffix}
sambaUnixIdPooldn=sambaDomainName=${sambaDomain},${suffix}
scope=sub
hash_encrypt=SSHA
crypt_salt_format=%s
userLoginShell=/bin/bash
userHome=/home/%U
userHomeDirectoryMode=700
userGecos=System User
defaultUserGid=513
defaultComputerGid=515
skeletonDir=/etc/skel
defaultMaxPasswordAge=45
userSmbHome=\\PDC-TEST2\%U
userProfile=\\PDC-TEST2\profiles\%U
userHomeDrive=H:
userScript=logon.bat
mailDomain=internaltest.com
with_smbpasswd=0
smbpasswd=/usr/bin/smbpasswd
with_slappasswd=0
slappasswd=/usr/sbin/slappasswd
##slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba3.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
database bdb
suffix dc=internaltest
rootdn cn=Manager,dc=internaltest
rootpw {SSHA}a7kYChHl9wXQKkJJYJ+JRLi/4EE2PH+B
password-hash {SSHA}
directory /var/lib/ldap
index cn,sn,uid,displayName pres,sub,eq
index uidNumber,gidNumber eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index objectClass pres,eq
index default sub
##smb.conf
# Global parameters
[global]
workgroup = internaltest
netbios name = PDC-TEST2
#security = DOMAIN
enable privileges = yes
#interfaces = 192.168.5.11
#username
[Samba] [SAMBA] Problem connecting Computer to network
I am trying to attempt to set up a samba ldap PDC server.
When I try and connect a computer to the network I get error 'Username could
not be found'
I have included smbldap.conf ##smbldap.conf
slapd.conf ##slapd.conf
the smb.conf ##smb.conf
the results of slapcat ##slapcat
the eriror log for log.roor ##log.root
The error I marked as interesting ##interesting , shows that it can't create
the user or maybe something else. But up until that time there didn't seem
to be a problem.
##smbldap.conf
SID=S-1-5-21-2244683438-1300233924-2635510394
sambaDomain=internaltest
slaveLDAP=127.0.0.1
slavePort=389
masterLDAP=127.0.0.1
masterPort=389
ldapTLS=0
ldapSSL=0
verify=none
cafile=/etc/smbldap-tools/ca.pem
clientcert=/etc/smbldap-tools/smbldap-tools.iallanis.info.pem
clientkey=/etc/smbldap-tools/smbldap-tools.iallanis.info.key
suffix=dc=internaltest
usersdn=ou=Users,${suffix}
computersdn=ou=Computers,${suffix}
groupsdn=ou=Groups,${suffix}
idmapdn=ou=Idmap,${suffix}
sambaUnixIdPooldn=sambaDomainName=${sambaDomain},${suffix}
scope=sub
hash_encrypt=SSHA
crypt_salt_format=%s
userLoginShell=/bin/bash
userHome=/home/%U
userHomeDirectoryMode=700
userGecos=System User
defaultUserGid=513
defaultComputerGid=515
skeletonDir=/etc/skel
defaultMaxPasswordAge=45
userSmbHome=\\PDC-TEST2\%U
userProfile=\\PDC-TEST2\profiles\%U
userHomeDrive=H:
userScript=logon.bat
mailDomain=internaltest.com
with_smbpasswd=0
smbpasswd=/usr/bin/smbpasswd
with_slappasswd=0
slappasswd=/usr/sbin/slappasswd
##slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba3.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
database bdb
suffix dc=internaltest
rootdn cn=Manager,dc=internaltest
rootpw {SSHA}a7kYChHl9wXQKkJJYJ+JRLi/4EE2PH+B
password-hash {SSHA}
directory /var/lib/ldap
index cn,sn,uid,displayName pres,sub,eq
index uidNumber,gidNumber eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index objectClass pres,eq
index default sub
##smb.conf
# Global parameters
[global]
workgroup = internaltest
netbios name = PDC-TEST2
#security = DOMAIN
enable privileges = yes
#interfaces = 192.168.5.11
#username map = /etc/samba/smbusers
server string = Samba Server %v
#security = ads
encrypt passwords = Yes
#min passwd length = 3
#pam password change = no
#obey pam restrictions = No
# method 1:
unix password sync = no
ldap passwd sync = yes
# method 2:
#unix password sync = no
#ldap passwd sync = no
passwd program = /usr/sbin/smbldap-passwd -u %u
passwd chat = Changing *\nNew password* %n\n *Retype new
password* %n\n
log level = 3
syslog = 0
log file = /var/log/samba/log.%U
max log size = 10
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
SO_KEEPALIVE
mangling method = hash2
Dos charset = 850
Unix charset = ISO8859-1
logon script = logon.bat
logon drive = H:
logon home =
logon path =
domain logons = Yes
domain master = Yes
os level = 65
preferred master = Yes
wins support = yes
# passdb backend = ldapsam:ldap://ldap1.company.com ldap://
ldap2.company.com
passdb backend = ldapsam:ldap://127.0.0.1
ldap admin dn = cn=Manager,dc=internaltest
idmap backend = ldap:ldap://127.0.0.1
idmap uid = 1-2
idmap gid = 1-2
winbind trusted domains only = Yes
ldap admin dn = cn=Manager,dc=internaltest
ldap suffix = dc=internaltest
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Idmap
add user script = /usr/sbin/smbldap-useradd -m %u
#ldap delete dn = Yes
delete user script = /usr/sbin/smbldap-userdel %u
add machine script = /usr/sbin/smbldap-useradd -t 0 -w %u
add group script = /usr/sbin/smbldap-groupadd -p %g
#delete group script = /usr/sbin/smbldap-groupdel %g
add user to group script = /usr/sbin/smbldap-groupmod -m %u %g
delete user from group script = /usr/sbin/smbldap-groupmod -x %u
%g
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
# printers configuration
#printer admin = @Print Operators
load printers = Yes
create mask = 0640
directory mask = 0750
#force create mode = 0640
#force directory mode = 0750
ldap ssl = off
nt acl support = yes
printing = cups
printcap name = cups
deadtime = 10
guest account = nobody
map to guest
[Samba] recycle touch error
I have setup the recycle with touch and when I examine the log files I see smbd_audit: recycle: touching /SHARE/.recycle/testuser/Manufacturing/History/5030A750 failed, reason = Operation not permitted I have not seen any related issues in the logs as to why this is not working. Hoping someone here might know what's going on and can point me in the right direction. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem with Snow Leopard and Samba
We have a user who purchased a Mac Book Pro with OSX 10.6.2. Everyday he has a problem with one or another Samba Server. One day it's FileShare1 , the next day it's ProductionData Server. I use Windows and Linux and neither has a problem connecting to these servers. He has XP in VMWare Fusion and that works fine. But about every other day he comes and says some server won't allow him to connect. Sometimes a reboot will fix the problem. We are using Samba PDC with LDAP backend and these are member servers he is logging into. Today he is getting an error that the login is incorrect on one Member Server, yesterday he would log into a server and it would hang about 3 deep into a directory tree and require reboot of the system. Eventually that error just seemed to go away. Anyone know of some glitch or issue with software on OSX 10.6.2? I am not familiar with MACs and didn't think that there would be an issue, but thought someone out here may know of a quirk or something that would cause this type of problem and how to resolve it. Thanks, P.S. Are Snow Leopards an endangered species? Do I need a license to shoot a Mac Book Pro? :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem with Snow Leopard and Samba
On Wed, Dec 16, 2009 at 2:06 PM, Mike Eggleston mikee...@mac.com wrote: On Wed, 16 Dec 2009, Clark Johnston might have said: We have a user who purchased a Mac Book Pro with OSX 10.6.2. Everyday he has a problem with one or another Samba Server. One day it's FileShare1 , the next day it's ProductionData Server. I use Windows and Linux and neither has a problem connecting to these servers. He has XP in VMWare Fusion and that works fine. But about every other day he comes and says some server won't allow him to connect. Sometimes a reboot will fix the problem. We are using Samba PDC with LDAP backend and these are member servers he is logging into. Today he is getting an error that the login is incorrect on one Member Server, yesterday he would log into a server and it would hang about 3 deep into a directory tree and require reboot of the system. Eventually that error just seemed to go away. Anyone know of some glitch or issue with software on OSX 10.6.2? I am not familiar with MACs and didn't think that there would be an issue, but thought someone out here may know of a quirk or something that would cause this type of problem and how to resolve it. Thanks, P.S. Are Snow Leopards an endangered species? Do I need a license to shoot a Mac Book Pro? :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba I have seen issues with Microsoft Office for the Mac trying to connect to shares of the same name on multiple servers. The Microsoft applications gets confused. - $server1 - ProductionData - $server2 - ProductionData My user could not open for writing, and other permission errors, an Excel file on one of the shares because the shares have the same name. Mike Thanks for the info But I haven't even gotten to that problem yet. :) Oh joy the day. This is just simply connecting to different named shares on differently named servers. Maybe I need some tutoring on a Mac also, anyone have any book recommendations. This one computer seems to be taking up about 10% of my time in the last 2 weeks. I'd be looking for information on log files and other such troubleshooting help. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Another getent problem
I have set up a system to be a member server and installed the samba rpms. I then copied over the samba config file and changed it to reflect the new shares and name change. I ran 'net rpc join - UAdministrator%'secret' and I was able to join the domain. Started up smb and then winbind wbinfo -u and I can see the users in the domain getent passwd shows nothing but the users in /etc/passwd checked nsswitch.conf and the following lines are there passwd: files winbind shadow: files group: files winbind I have the following links /lib/libnss_winbind.so /lib/libnss_winbind.so.2 /lib64/libnss_winbind.so /lib64/libnss_winbind.so.2 /usr/lib/libnss_winbind.so /usr/lib/libnss_winbind.so.2 /usr/lib64/libnss_winbind.so /usr/lib64/libnss_winbind.so.2 /usr/lib64/nss/libnss_winbind.so /usr/lib64/nss/libnss_winbind.so.2 when running ldconfig /lib64/libnss_winbind.so.2 is pulled. Tried deleting the cache files winbindd_cache.tdb winbindd_idmap.tdb and restarting smb and winbind The only error I'm finding is Oct 6 18:04:45 localhost winbindd[3914]: cli_rpc_pipe_open_ntlmssp_internal: cli_rpc_pipe_bind failed with error NT_STATUS_NETWORK_ACCESS_DENIED samba-common-3.0.28-0.el5.8 samba-3.0.28-0.el5.8 samba-client-3.0.28-0.el5.8 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Another getent problem
Thanks that solved the problem. I wonder when this got changed. The original smb.conf was copied from another system and modified for the new server. So somewhere between 3.0.10 and 3.0.28 The change was made. I never saw this in the latest HOW-TO either. Thanks maybe later today or tomorrow I would have thrown the kitchen sink at this and finally found the problem, so thanks for saving me a bunch of time. On Tue, Oct 7, 2008 at 12:02 PM, Gerald (Jerry) Carter [EMAIL PROTECTED]wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Clark Johnston wrote: I have set up a system to be a member server and installed the samba rpms. I then copied over the samba config file and changed it to reflect the new shares and name change. I ran 'net rpc join - UAdministrator%'secret' and I was able to join the domain. Started up smb and then winbind wbinfo -u and I can see the users in the domain getent passwd shows nothing but the users in /etc/passwd By default, winbind enum users and winbind enum groups are both disabled. See the smb.conf (5) man page for details. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFI65YdIR7qMdg1EfYRApzXAJ91TZwLOdYDymgBSwlA1LmSKe3nqwCgqVST QeGBhOk1090EWWs4HSVL0ns= =R/kW -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Gotten getent to work but uid off by 1
I have gotten getent to work, but now the uid for files are off by one and some of the gid are off by 4 to 24. So if I copy from one system to another the file ownerships get changed all up. Any work around for this? idmap uid = 1-2 idmap gid = 1-2 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
