Re: [Samba] Force user permission in specific folders
On 08/29/2013 04:40 AM, Patric Falinder wrote: Hi, It's not that often that I'm messing around with Samba but I have a dilemma that I need some help with. I have a share called common, users can create folders and files just fine but I'm wondering if it's possible to force folders/files to be created with certain user/group owner in just that specific folder. I not I can force so that everything is created with a specific user/group, but I want it specific to folders. Lets say I create a file in /common/ and it will be created with the owner that I'm logged in as, lets say the user john. But if John, or anyone, creates a file in /common/files/ I want it to be created with the owner james no matter who creates it. Is this possible to achieve? The reason I need this is because I have a Samba share with all our www/ftp folders and they are owned by the user that's has the FTP-account for that specific folder. If I create a folder or whatever it will change the permission so that the FTP-user can't edit/delete it. I don't really want to chmod 777 on everything in there. If it's not possible, how do people mange this? Or should I not make a Samba share like this? Thanks, -Patric Use group permissions? -- -Eric 'shubes' -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [SOLVED] Problem authenticating from standalone servers via Samba 3.0.34 domain member servers to Samba 3.2.5 domain controller
I'm posting the solution for posterity. This is sooo lame that I'm almost embarrased. The problem was that nmbd wasn't running on the PDC. Somewhere between 3.0 and 3.6, RH changed the smb init script to only control smbd, and nmbd now has its own init script. DOH! (Note, I do like the change though) Solution: # service nmb start # chkconfig nmb on I'm a little surprised (and disappointed) that nobody here realized this. It's sort of obvious to me now. P.S. I'm not sure if this was the solution for the original poster or not. -- -Eric 'shubes' On 08/25/2013 09:49 AM, Eric Shubert wrote: I think I've come across this same problem, although I'm migrating from 3.0.33 (CentOS5) to 3.6 (CentOS6). I've migrated the domain controller from 3.0.33 to 3.6 first. I dumped and restored the passwd, secrets and schannel_store tdb files from 3.0 to 3.6, and also migrated the linux accounts and groups. Windows XP clients are able to log into the domain. However, the 3.0.33 file server is unable to find the domain controller. I can see the shares on the DC from the file server: # net rpc -S tacs-dc.stor -U shubes SHARE Password: homes admin ops r3i IPC$ shubes # However, the file server cannot find the DC: # net rpc trustdom list Unable to find a suitable server [2013/08/25 08:26:15, 0] utils/net_rpc.c:rpc_trustdom_list(6083) Couldn't connect to domain controller # I'm also seeing this in the file server's log: [2013/08/25 07:45:43, 3] libsmb/namequery.c:get_dc_list(1495) get_dc_list: preferred server list: , tacs-dc.stor [2013/08/25 07:45:43, 3] libsmb/namequery.c:resolve_lmhosts(966) resolve_lmhosts: Attempting lmhosts lookup for name tacs-dc.stor0x20 [2013/08/25 07:45:43, 3] libsmb/namequery.c:resolve_wins(863) resolve_wins: Attempting wins lookup for name tacs-dc.stor0x20 [2013/08/25 07:45:43, 3] libsmb/namequery.c:resolve_wins(866) resolve_wins: WINS server resolution selected and no WINS servers listed. [2013/08/25 07:45:43, 3] libsmb/namequery.c:resolve_hosts(1029) resolve_hosts: Attempting host lookup for name tacs-dc.stor0x20 [2013/08/25 07:45:48, 3] libsmb/trusts_util.c:enumerate_domain_trusts(167) enumerate_domain_trusts: can't locate a DC for domain R3I The domain SID in the secrets.tdb files on both hosts match the SID of the the DC host. I figure there's something I've missed in migrating the DC that has broken the trust, but haven't been able to find the problem yet. Any ideas will be appreciated. Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [Solved] PDC: System SID missing / inconsistent with domain SID
On 08/26/2013 07:57 PM, Eric Shubert wrote: On 08/26/2013 01:21 PM, Eric Shubert wrote: I'm guessing that adding a TACS-DC record to the old host would fix the problem of not being able to get its SID. This appears to work now. I'm also guessing that adding a LANYARD record to the new host *might* make it recognize that it's a domain controller. I hope to test this later today, when users are gone. This didn't appear to help. The new DC still doesn't recognize itself as a DC: # net rpc trustdom list -U shubes Unable to find a suitable server for domain R3I Couldn't connect to domain controller: NT_STATUS_UNSUCCESSFUL # I do have the SID of the domain/host that was created by this host. I wonder if restoring those records in secrets.tdb, then using the net command to change the SID of the domain and host might fix things up. Does the net setdomainsid command do anything more than change the value of the record in the tdb file? If it does, that could be a solution. Anyone have any insight about how to go about changing the host name of a domain controller (while migrating it)? Thanks. I'm posting the solution for posterity. net setdomainsid does nothing more than change the sid in the secrets.db file. Changing the host name of a PDC is simply a matter of adding a record in the secrets.db file with the same SID as the previous hostname record (which is the same SID value as the domain record there). This is sooo lame that I'm almost embarrased. The problem was that nmbd wasn't running on the PDC. Somewhere between 3.0 and 3.6, RH changed the smb init script to only control smbd, and nmbd now has its own init script. DOH! (Note, I do like the change though) Solution: # service nmb start # chkconfig nmb on I'm a little surprised (and disappointed) that nobody here realized this. It's sort of obvious to me now. -- -Eric 'shubes' -- -Eric 'shubes' -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] PDC: System SID missing / inconsistent with domain SID
I've recently come across the same situation, while migrating a 3.0.33 PDC host to 3.6.9. I had renamed the old host some time ago from LANYARD to TACS-DC. The old host still functions fine, except for not being able to get its own SID. Old DC host: [root@tacs-dc samba]# net getdomainsid Could not fetch local SID [root@tacs-dc samba]# tdbdump secrets.tdb { key(19) = SECRETS/DOMGUID/R3I data(16) = \DF\DDA\01\F62\8CG\A8\80\B4\1CFM\1D\0B } { key(19) = SECRETS/SID/LANYARD data(68) = \01\04\00\00\00\00\00\05\15\00\00\00n\86\90\05\D9\D2\ED (...) } { key(15) = SECRETS/SID/R3I data(68) = \01\04\00\00\00\00\00\05\15\00\00\00n\86\90\05\D9\D2\ED (...) } [root@tacs-dc samba]# net rpc trustdom list -U shubes Password: Trusted domains list: none Trusting domains list: none [root@tacs-dc samba]# I've migrated everything (accounts, tdb files) to a new host, and changed the LANYARD record to TACS-DC in the secrets.tdb, which corresponds to the new hostname: [root@tacs-dc private]# net getdomainsid SID for local machine TACS-DC is: S-1-5-21-93357678-3857568473-1617xx SID for domain R3I is: S-1-5-21-93357678-3857568473-1617xx [root@tacs-dc private]# tdbdump secrets.tdb { key(19) = SECRETS/DOMGUID/R3I data(16) = \DF\DDA\01\F62\8CG\A8\80\B4\1CFM\1D\0B } { key(19) = SECRETS/SID/TACS-DC data(68) = \01\04\00\00\00\00\00\05\15\00\00\00n\86\90\05\D9\D2\ED (...) } { key(15) = SECRETS/SID/R3I data(68) = \01\04\00\00\00\00\00\05\15\00\00\00n\86\90\05\D9\D2\ED (...) } [root@tacs-dc private]# net rpc trustdom list -U shubes Unable to find a suitable server for domain R3I Couldn't connect to domain controller: NT_STATUS_UNSUCCESSFUL [root@tacs-dc private]# Everything appears to be working, except that the new host isn't recognized as a domain controller. Note that workstations are able to log on to the domain using the new DC host though. I'm guessing that adding a TACS-DC record to the old host would fix the problem of not being able to get its SID. I'm also guessing that adding a LANYARD record to the new host *might* make it recognize that it's a domain controller. I hope to test this later today, when users are gone. It appears to me that the original host name which created the domain is stored in some way somewhere else (I see it in the USER_ records in the passdb.tdb file). If so, can this somehow be changed? The documentation I've found all says how to migrate to another host keeping the host name the same, but I haven't been able to find anything about changing the host name. Does anyone have any other ideas why this new host isn't being recognized as a DC? Thanks. -- -Eric 'shubes' On 04/29/2010 03:08 AM, Frank Stanek wrote: Hello, I recently noticed a problem on our PDC (samba 3.0.32 on SLES 10 SP2) which I kind of know how to solve after web research but I am unclear about the possible consequences for our domain and clients. The situation is this: Originally samba was set up on this machine to test. Back then its hostname was infrahostnew, so there is a SID for that NETBIOS name in secrets.tdb. When the PDC went in production, we had to change the hostname to infrahost. We then provisioned our domain MYDOMAIN. Now there is also a SID for MYDOMAIN in secrets.tdb which is different than the SID of infrahostnew. Also there is no SID at all for the new NETBIOS name infrahost. This causes for example net getlocalsid to fail. My research suggests that the NETBIOS name SID of the PDC infrahost should be the same as the domain SID, is that correct? Also, I found an article that dealt with inconsistent SIDs; it suggested to set the NETBIOS SID to be the same as the domain SID. But this article dealt with the case that there actually _is_ a NETBIOS SID in secrets.tdb but it's not the same as the domain SID. This is not our case however since there is no SID at all for the NETBIOS name. We haven't noticed any problems because of this at all, I just stumbled upon it when I went to check the SIDs routinely. How would you suggest I proceed in this situation? Should we set the NETBIOS SID to be the same as the domain SID with net setlocalsid? What possible consequences could there be? We are very concerned that this may introduce problems for our clients that we don't have at the moment. But I wouldn't like to keep things in an inconsistent state like this either. I'd be glad for any insights. Regards Frank -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] PDC: System SID missing / inconsistent with domain SID
On 08/26/2013 01:21 PM, Eric Shubert wrote: I'm guessing that adding a TACS-DC record to the old host would fix the problem of not being able to get its SID. This appears to work now. I'm also guessing that adding a LANYARD record to the new host *might* make it recognize that it's a domain controller. I hope to test this later today, when users are gone. This didn't appear to help. The new DC still doesn't recognize itself as a DC: # net rpc trustdom list -U shubes Unable to find a suitable server for domain R3I Couldn't connect to domain controller: NT_STATUS_UNSUCCESSFUL # I do have the SID of the domain/host that was created by this host. I wonder if restoring those records in secrets.tdb, then using the net command to change the SID of the domain and host might fix things up. Does the net setdomainsid command do anything more than change the value of the record in the tdb file? If it does, that could be a solution. Anyone have any insight about how to go about changing the host name of a domain controller (while migrating it)? Thanks. -- -Eric 'shubes' -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem authenticating from standalone servers via Samba 3.0.34 domain member servers to Samba 3.2.5 domain controller
I think I've come across this same problem, although I'm migrating from 3.0.33 (CentOS5) to 3.6 (CentOS6). I've migrated the domain controller from 3.0.33 to 3.6 first. I dumped and restored the passwd, secrets and schannel_store tdb files from 3.0 to 3.6, and also migrated the linux accounts and groups. Windows XP clients are able to log into the domain. However, the 3.0.33 file server is unable to find the domain controller. I can see the shares on the DC from the file server: # net rpc -S tacs-dc.stor -U shubes SHARE Password: homes admin ops r3i IPC$ shubes # However, the file server cannot find the DC: # net rpc trustdom list Unable to find a suitable server [2013/08/25 08:26:15, 0] utils/net_rpc.c:rpc_trustdom_list(6083) Couldn't connect to domain controller # I'm also seeing this in the file server's log: [2013/08/25 07:45:43, 3] libsmb/namequery.c:get_dc_list(1495) get_dc_list: preferred server list: , tacs-dc.stor [2013/08/25 07:45:43, 3] libsmb/namequery.c:resolve_lmhosts(966) resolve_lmhosts: Attempting lmhosts lookup for name tacs-dc.stor0x20 [2013/08/25 07:45:43, 3] libsmb/namequery.c:resolve_wins(863) resolve_wins: Attempting wins lookup for name tacs-dc.stor0x20 [2013/08/25 07:45:43, 3] libsmb/namequery.c:resolve_wins(866) resolve_wins: WINS server resolution selected and no WINS servers listed. [2013/08/25 07:45:43, 3] libsmb/namequery.c:resolve_hosts(1029) resolve_hosts: Attempting host lookup for name tacs-dc.stor0x20 [2013/08/25 07:45:48, 3] libsmb/trusts_util.c:enumerate_domain_trusts(167) enumerate_domain_trusts: can't locate a DC for domain R3I The domain SID in the secrets.tdb files on both hosts match the SID of the the DC host. I figure there's something I've missed in migrating the DC that has broken the trust, but haven't been able to find the problem yet. Any ideas will be appreciated. Thanks. -- -Eric 'shubes' On 01/24/2010 02:33 PM, Michael Lenaghan wrote: We recently upgraded our PDC from Debian 4 to Debian 5. That entailed an upgrade of Samba from 3.0.24 to 3.2.5. Since the upgrade we've had a very specific problem connecting to shares on a commercial NAS running Samba 3.0.34. The problem happens when users try to connect to shares from standalone servers--e.g., Windows XP Pro boxes that we use for testing. From those boxes users should be able to expand the domain in My Network Places\Entire Network\Microsoft Windows Network, navigate to the NAS, click on it and then get a login dialog where they can supply domain credentials. What instead happens is that they're told There are currently no logon servers available…. I have run across problems connecting one version of Samba to another in the past. In those cases I've been able to track down a bug report. In this case I haven't been able to find a report that matches my test case so I'm looking for a possible mis-configuration that may have lain dormant until the PDC was upgraded. (Of course, it's possible that I just missed a bug report; I'm still looking.) In order to investigate this problem I configured two Debian boxes as domain member servers--one with Debian 4 (Samba 3.0.24) and one with Debian 5 (Samba 3.2.5). On each box I installed nothing but samba and winbind. I copied the smb.conf [global] section from the NAS and just did the essential configuration: smbpsswd -a root, net rpc join, winbind in nsswitch.conf. (Actually, I'm not sure winbind has anything to do with this--but I was trying to replicate the NAS setup.) After those steps I selected both boxes in Explorer from a standalone server. The Debian 4 box showed the same problem as the NAS while the Debian 5 box worked as expected. (In both cases the PDC was the newly upgraded box running Samba 3.2.5.) Everything I've tried seems to indicate that things are properly configured--with the exception of wbinfo --getdcname HQ which returns Could not get dc name for HQ and wbinfo -a ... which also fails. Those two things are probably related--but as you can see below all other wbinfo commands work correctly. Is this a known issue that I missed? Any thoughts on where to look further? Thanks. === smb.conf from Debian 5 domain controller (partial): [global] security = user workgroup = HQ domain logons = yes domain master = yes local master = yes preferred master = yes os level = 65 wins support = yes dns proxy = no name resolve order = lmhosts wins host bcast smb ports = 139 time server = yes panic action = /usr/share/samba/panic-action %d log file = /var/log/samba/log.%m log level = 2 passdb backend = ldapsam:ldap://srv ldapsam:trusted = yes ldap ssl = start_tls ldap suffix = ... ... username map = /etc/samba/smbusers ...scripts... logon path = logon drive = H: logon home = \\nas\%U logon script = logon.bat encrypt passwords = yes admin users = root guest account = Guest map to guest = bad user ...printing... idmap alloc backend = ldap ... idmap config HQ:default = yes idmap config HQ:backend = ldap ... winbind enum
Re: [Samba] Freebsd pdc
On 02/06/2011 06:30 PM, Jean-Yves Avenard wrote: Hi On 7 February 2011 09:32, Eric Shuberte...@shubes.net wrote: Terry was asking about roaming profiles specifically, not a stock pdc. My bad ; I had missed that part. Having roaming profile these days is something you get to live without. We had a user who installed iTunes on his machine and copied GB of music. Logging-out would take 30+ minutes because it was transferring each time the content of his My Documents back to the server. JY That's exactly the problem. By changing the stock MS configuration (via policies) to put MyDocuments on the server, this problem is remedied. When all of the appropriate folders are thus configured, saving settings to the server (part of the logoff process) takes 5 seconds or so. It's an amazing difference. -- -Eric 'shubes' -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Freebsd pdc
On 02/05/2011 01:57 PM, Terry Danter wrote: I was just wondering how many people out there are using FreeBSD as a pdc. I see a few guides on the net mostly followed by a load of posts of problems people encounter. Is it like most things that once you have done it once you can soon set up a machine at the drop of hat as you encounter and remedy any problems. I have a few customers at the moment one of who requires a pdc with roaming profiles. I use bsd and samba all the time for normal file sharing and never have problems. I try and avoid windows servers due to costs and licensing but a pdc would be new for me. Any opinions welcome Thanks Terry I haven't used FreeBSD, but I have set up several PDCs. They work ok with default settings, however if users have a large amount of data associated with their account (in Application Data, My Documents, and/or Desktop folders for example), logging off/on can become terribly inefficient. This is because Windoze saves all of this local data to the server when the user logs off, taking a good bit of time (I've seen 20 minutes or so), while putting a strain on both the network and server. The solution to this problem is to change the default location for various folders to be on the server, so that the data doesn't need to be copied to the server during the logoff process. This is accomplished by creating a custom NTConfig.POL file in the netlogon directory which changes the location of these folders to reside on the server instead of the local HDD. There a few wiki pages that explain this: http://wiki.samba.org/index.php/Samba_%26_Windows_Profiles http://wiki.samba.org/index.php/Implementing_System_Policies_with_Samba See also: http://www.pcc-services.com/custom_poledit.html -- -Eric 'shubes' -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Freebsd pdc
On 02/06/2011 03:04 PM, Jean-Yves Avenard wrote: I haven't used FreeBSD, but I have set up several PDCs. They work ok with default settings, however if users have a large amount of data associated with their account (in Application Data, My Documents, and/or Desktop folders for example), logging off/on can become terribly inefficient. This is because Windoze saves all of this local data to the server when the user logs off, taking a good bit of time (I've seen 20 minutes or so), while putting a strain on both the network and server. ??? That would only be the case if you enabled roaming profiles ; which isn't active by default either. Terry was asking about roaming profiles specifically, not a stock pdc. And this would be an either wether you use samba PDA or windows server. Absolutely. This is part of the reason why many windows admins choose to not implement roaming profiles. The solution to this problem is to change the default location for various folders to be on the server, so that the data doesn't need to be copied to the server during the logoff process. This is accomplished by creating a custom NTConfig.POL file in the netlogon directory which changes the location of these folders to reside on the server instead of the local HDD. no the solution is to disable roaming profiles That's no solution. http://wiki.samba.org/index.php/Samba__Windows_Profiles Don't have a logon path set. If that's your preference. I was just trying to be helpful with getting roaming profiles working. They do work nicely when properly configured. It takes some doing though. -- -Eric 'shubes' -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Users in group cannot rename or delete files/folder owned by the group
sean.wilkin...@aussieit.net wrote: Hi all, I am having a very strange issue with Samba, users who are not the owner of files but are in the same group cannot delete or rename files via Windows. For example the user “sean” in the “storage.access” group CANNOT delete or rename a folder called temp via windows but CAN delete or rename via terminal session. The folling three folders have the folling permissions: /storage/ /storage/storage02/ /storage/storage02/group/ /storage/storage02/group/temp/ drwxrwx--- 7 root storage.access The temp folder is in the [group] share. If any more information is required please let me know. smb.conf #=== Global Settings === [global] ## Browsing/Identification ### # Change this to the workgroup/NT-domain name your Samba server will part of workgroup = WORKGROUP # server string is the equivalent of the NT Description field server string = %h server (Samba, Ubuntu) # Windows Internet Name Serving Support Section: # WINS Support - Tells the NMBD component of Samba to enable its WINS Server # wins support = no # WINS Server - Tells the NMBD components of Samba to be a WINS Client # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both ; wins server = w.x.y.z # This will prevent nmbd to search for NetBIOS names through DNS. dns proxy = no # What naming service and in what order should we use to resolve host names # to IP addresses ; name resolve order = lmhosts host wins bcast Networking # The specific set of interfaces / networks to bind to # This can be either the interface name or an IP address/netmask; # interface names are normally preferred ; interfaces = 127.0.0.0/8 eth0 # Only bind to the named interfaces and/or networks; you must use the # 'interfaces' option above to use this. # It is recommended that you enable this feature if your Samba machine is # not protected by a firewall or is a firewall itself. However, this # option cannot handle dynamic or non-broadcast interfaces correctly. ; bind interfaces only = yes Debugging/Accounting # This tells Samba to use a separate log file for each machine # that connects log file = /var/log/samba/log.%m # Cap the size of the individual log files (in KiB). max log size = 1000 # If you want Samba to only log through syslog then set the following # parameter to 'yes'. # syslog only = no # We want Samba to log a minimum amount of information to syslog. Everything # should go to /var/log/samba/log.{smbd,nmbd} instead. If you want to log # through syslog you should set the following parameter to something higher. syslog = 0 # Do something sensible when Samba crashes: mail the admin a backtrace panic action = /usr/share/samba/panic-action %d ### Authentication ### # security = user is always a good idea. This will require a Unix account # in this server for every user accessing the server. See # /usr/share/doc/samba-doc/htmldocs/Samba3-HOWTO/ServerType.html # in the samba-doc package for details. security = user username map = /etc/samba/smbusers # You may wish to use password encryption. See the section on # 'encrypt passwords' in the smb.conf(5) manpage before enabling. encrypt passwords = true # If you are using encrypted passwords, Samba will need to know what # password database type you are using. passdb backend = tdbsam obey pam restrictions = yes # This boolean parameter controls whether Samba attempts to sync the Unix # password with the SMB password when the encrypted SMB password in the # passdb is changed. unix password sync = yes # For Unix password sync to work on a Debian GNU/Linux system, the following # parameters must be set (thanks to Ian Kahan ka...@informatik.tu-muenchen.de for # sending the correct chat script for the passwd program in Debian Sarge). passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . # This boolean controls whether PAM will be used for password changes # when requested by an SMB client instead of the program listed in # 'passwd program'. The default is 'no'. pam password change = yes # This option controls how unsuccessful authentication attempts are mapped # to anonymous connections map to guest = bad user ## Domains ### # Is this machine able to authenticate users. Both PDC and BDC # must have this setting enabled. If you are the BDC you must # change the 'domain master' setting to no # ; domain logons = yes # # The following setting only takes effect if 'domain logons' is set # It specifies the location of the user's profile directory # from the client point of view) # The following required a [profiles] share to be setup on the # samba server (see below) ; logon path = \\%N\profiles\%U # Another common choice is storing the profile in the user's home directory # (this is Samba's default)
Re: [Samba] Ideas for distributed Samba servers
Robert LeBlanc wrote: I'm trying to think about how to setup a Samba system and would like to pick the brains of some experts. We are looking up put a large amount of storage ~75TB in a central data center. We have some remote (ok, not remote, but across slower links, ok if you consider several hundred clients over 1Gb to be slow) locations that we would like to set up samba servers that 'cache' the file system and serve it up to the clients in the building and sync with the main data center storage. The idea is have a couple of TB that are located in the building that serve up the Samba share. When a client requests a file, if it's in the local cache it is served up from there, if not then the Samba server grabs the file from the main data center and serves it to the client. When a file is written, something like rsync is used to transfer only difference back to the main data center. The problem is that I'm not sure of a file system that does this. We are using Lustre on our HPC, but this won't do what we want. Any suggestions are welcome. Robert LeBlanc Life Sciences Undergraduate Education Computer Support Brigham Young University I'm curious to know what you came up with for this. Care you share? TIA. -- -Eric 'shubes' -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba