Re: [Samba] Suggestions testing Samba 4 on same subnet as Standalone Samba 3 Server
On 30/07/13 04:27 PM, Mike wrote: My network currently has the following server running Samba 3 as a standalone server to 50 client boxes: Linux a1 2.6.35.7 #3 SMP Samba Version 3.5.6. Currently, no true NT Domain Controller, in Windows speak - it's a Workgroup only. I have another server that I want to configure to use Samba 4 as an Active Directory Domain Controller and file server: Linux a10 3.7.10-gentoo-r1 #1 SMP Samba Version 4.0.4. I only have one subnet and cannot disrupt the users, but have read the following concerns on the Samba wiki: Make sure you thoroughly test your conversion and how your clients react before you activate your new server in your production environment! Once a Windows client finds and connects to the new server, it is not possible to go back! Also, it is necessary to do testing on a separate network so that the old and new domain controllers don't clash. The issues with having both domains 'live' at the same time are: The databases are not syncronised after the initial migration Even if no changes are made to the DB, clients which see an AD DC will no longer honour NT4 system policies The new Samba4 PDC and the old DC will both claim to hold the #1b name as the netbios domain master The paths to certain files and directories for your Samba3 installation are often distribution specific (for example, /var/lib/samba vs. /etc/samba). Please be sure to verify and if necessary, modify paths used in examples appropriately. - - - - - - Has anyone dealt with only having one subnet upon which to configure and test a new Samba 4 server in the presence of a currently active Samba 3 server? I was thinking maybe the simplest way would be to make an iptables firewall on the Samba 4 server -- allowing connections from only one particular address on the subnet and use that one address for a client box to test on. Possible iptables rule (allowing one client address, blocking all others on subnet): iptables -t filter -A INPUT -i eth0 -s 192.168.1.200 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT iptables -t filter -A INPUT -i eth0 ! -s 192.168.1.200 -j DROP Would this be adequate to separate the Samba 4 server from others on the LAN? You're way overthinking this. Just give the new server an IP address that is on a different subnet. e.g. if your current server is 192.168,.1.10/24, give your new server 192.168.2.10/24. Secondly, since you don't have an NT domain, the differences between it and AD are not relevant. What you will find is the difference between a workgroup and a domain. This involves the logins and roaming profiles. What really doesn't change much are the file shares, although you can now simplify them by setting sharing according to domain group rather than individual ids. An even simpler way is to simply NOT use a separate subdomain. Set up the new server as the domain controller for the group. Leave the files printers on the old server. Once all the clients have been switched from the workgroup to the domain, move the files and printers over to the new server, shut down the old one, then create an alias for the old server on the new one. This way, there are no more changes required on the clients. If a problem is identified, you can simply remove the alias and bring the old server back. Of course, you can convert the individual workstations to use the new server name at your leisure so that you can eventually remove the alias. However this is not necessary. In fact, if you later replace the new server, the replacement can assume the old name so that the alias isn't needed any more. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Desperate plea for help with printer share
On 01/04/13 07:55 PM, Mark LaPierre wrote: On 03/30/2013 11:45 PM, Gary Dale wrote: On 30/03/13 08:38 PM, Mark LaPierre wrote: Hey Y'all, I've been trying for months to get samba to share my printer with my wife's Win XP machine. I've RTFM, and spent hours on google to no avail. I can't see the printer from Windows so I can't mount it up. Nothing appears in the logs. The file shares work just fine. It looks like I've got Samba 3.6.9 on this machine: [mlapier@mushroom samba]$ rpm -qa | grep samba samba-swat-3.6.9-151.el6.i686 samba-doc-3.6.9-151.el6.i686 samba-client-3.6.9-151.el6.i686 samba-winbind-clients-3.6.9-151.el6.i686 samba-3.6.9-151.el6.i686 samba-common-3.6.9-151.el6.i686 samba-winbind-devel-3.6.9-151.el6.i686 samba-winbind-krb5-locator-3.6.9-151.el6.i686 samba-domainjoin-gui-3.6.9-151.el6.i686 samba-winbind-3.6.9-151.el6.i686 samba4-libs-4.0.0-55.el6.rc4.i686 [mlapier@mushroom samba]$ name CentOS release 6.4 (Final) Linux mushroom.patch 2.6.32-358.2.1.el6.i686 #1 SMP Tue Mar 12 21:42:46 UTC 2013 i686 i686 i386 GNU/Linux [mlapier@mushroom samba]$ testparm Load smb config files from /etc/samba/smb.conf Processing section [homes] Processing section [printers] Processing section [pictures] Processing section [budget] Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions [global] server string = Samba Server Version %v log file = /var/log/samba/log.%m max log size = 50 printcap name = cups idmap config * : backend = tdb [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba guest ok = Yes printable = Yes print ok = Yes browseable = No [pictures] comment = Pictures path = /home/pictures read only = No guest ok = Yes [budget] comment = Budget path = /home/budget valid users = nllapie, mlapier read only = No [mlapier@mushroom ~]$ Is there anything else I can share with you that will help you to diagnose my problem? Have you checked the CUPS printer sharing? Sure enough. The printer shared check box is checked so that's not the problem. That's not good enough. Has the cups configuration been set to allow users to connect from the LAN? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Desperate plea for help with printer share
On 03/04/13 09:09 PM, Mark LaPierre wrote: On 04/03/2013 09:02 AM, Gary Dale wrote: On 01/04/13 07:55 PM, Mark LaPierre wrote: On 03/30/2013 11:45 PM, Gary Dale wrote: On 30/03/13 08:38 PM, Mark LaPierre wrote: Hey Y'all, I've been trying for months to get samba to share my printer with my wife's Win XP machine. I've RTFM, and spent hours on google to no avail. I can't see the printer from Windows so I can't mount it up. Nothing appears in the logs. The file shares work just fine. It looks like I've got Samba 3.6.9 on this machine: [mlapier@mushroom samba]$ rpm -qa | grep samba samba-swat-3.6.9-151.el6.i686 samba-doc-3.6.9-151.el6.i686 samba-client-3.6.9-151.el6.i686 samba-winbind-clients-3.6.9-151.el6.i686 samba-3.6.9-151.el6.i686 samba-common-3.6.9-151.el6.i686 samba-winbind-devel-3.6.9-151.el6.i686 samba-winbind-krb5-locator-3.6.9-151.el6.i686 samba-domainjoin-gui-3.6.9-151.el6.i686 samba-winbind-3.6.9-151.el6.i686 samba4-libs-4.0.0-55.el6.rc4.i686 [mlapier@mushroom samba]$ name CentOS release 6.4 (Final) Linux mushroom.patch 2.6.32-358.2.1.el6.i686 #1 SMP Tue Mar 12 21:42:46 UTC 2013 i686 i686 i386 GNU/Linux [mlapier@mushroom samba]$ testparm Load smb config files from /etc/samba/smb.conf Processing section [homes] Processing section [printers] Processing section [pictures] Processing section [budget] Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions [global] server string = Samba Server Version %v log file = /var/log/samba/log.%m max log size = 50 printcap name = cups idmap config * : backend = tdb [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba guest ok = Yes printable = Yes print ok = Yes browseable = No [pictures] comment = Pictures path = /home/pictures read only = No guest ok = Yes [budget] comment = Budget path = /home/budget valid users = nllapie, mlapier read only = No [mlapier@mushroom ~]$ Is there anything else I can share with you that will help you to diagnose my problem? Have you checked the CUPS printer sharing? Sure enough. The printer shared check box is checked so that's not the problem. That's not good enough. Has the cups configuration been set to allow users to connect from the LAN? How might you suggest that I check that setting? Read the CUPS documentation on the various configuration files it uses. The one you probably want is /etc/cups/cupsd.conf. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba on Windows?
On 01/04/13 04:18 PM, fromsamba.bitbucke...@spamgourmet.com wrote: When trying to copy files to/from a Windows file server from/to another Windows machine, at times the Windows Explorer application will just hang. This could be due the server being less than responsive, or some other reason. It ends up being really annoying as Explorer just stops responding due to, presumably, being stuck waiting for a response from the remote server. There are times when just clicking a file will then cause Explorer to hang, as though its requesting info for the file and not getting a response. Every time I run into this, I think, why wouldn't this all be threaded? Why would a background thread do all the network communications asynchronously so that the UI didn't freeze up like this? Then I think, why not just write a simple CIFS/SMB client which is asynchronous and which doesn't hang due to the remote server not responding. Also, something that doesn't send any unnecessary requests. i.e., give me the list of files, let me pick which ones to copy, and copy. Don't request any additional info about the files (as I think happens when you right-click a file). But why write a CIFS/SMB client, when Samba has already done it? I know Samba is intended for Linux, allowing Linux users to interoperate with Windows. But has anyone ever attempted building/using the Samba code on Windows? Could Samba be used to do the protocol stuff in a Windows application? Seems like there's no reason to re-invent the wheel and dig through the MS protocol documentation, if Samba could be re-used for this purpose. Does this seem feasible? Or is this ill-advised? :) Why not just replace your Windows server and switch your client(s) to Linux? It's probably a lot less work. If you have a program that you must use that only runs on Windows, try wine or a virtual machine. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Desperate plea for help with printer share
On 30/03/13 08:38 PM, Mark LaPierre wrote: Hey Y'all, I've been trying for months to get samba to share my printer with my wife's Win XP machine. I've RTFM, and spent hours on google to no avail. I can't see the printer from Windows so I can't mount it up. Nothing appears in the logs. The file shares work just fine. It looks like I've got Samba 3.6.9 on this machine: [mlapier@mushroom samba]$ rpm -qa | grep samba samba-swat-3.6.9-151.el6.i686 samba-doc-3.6.9-151.el6.i686 samba-client-3.6.9-151.el6.i686 samba-winbind-clients-3.6.9-151.el6.i686 samba-3.6.9-151.el6.i686 samba-common-3.6.9-151.el6.i686 samba-winbind-devel-3.6.9-151.el6.i686 samba-winbind-krb5-locator-3.6.9-151.el6.i686 samba-domainjoin-gui-3.6.9-151.el6.i686 samba-winbind-3.6.9-151.el6.i686 samba4-libs-4.0.0-55.el6.rc4.i686 [mlapier@mushroom samba]$ name CentOS release 6.4 (Final) Linux mushroom.patch 2.6.32-358.2.1.el6.i686 #1 SMP Tue Mar 12 21:42:46 UTC 2013 i686 i686 i386 GNU/Linux [mlapier@mushroom samba]$ testparm Load smb config files from /etc/samba/smb.conf Processing section [homes] Processing section [printers] Processing section [pictures] Processing section [budget] Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions [global] server string = Samba Server Version %v log file = /var/log/samba/log.%m max log size = 50 printcap name = cups idmap config * : backend = tdb [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba guest ok = Yes printable = Yes print ok = Yes browseable = No [pictures] comment = Pictures path = /home/pictures read only = No guest ok = Yes [budget] comment = Budget path = /home/budget valid users = nllapie, mlapier read only = No [mlapier@mushroom ~]$ Is there anything else I can share with you that will help you to diagnose my problem? Have you checked the CUPS printer sharing? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] can't connect to home share after renaming Windows user
I just went through the ordeal of renaming a Windows user account (from the previous incumbent's name to the position title, so I won't have to repeat this). Everything went smoothly. The account has access to the programs and files that it previously did. The roaming profile is being updated when the user logs out. The C:\user\president folder is accessing and storing the local documents properly. The only thing not working right is the home share isn't being mounted as drive m:. They do map to drive m: for other user accounts so it's not a samba smb.conf setting. The old windows user has the same sid as the new one and the old unix user has the same user number as the new one. I also checked /etc/group and changed any extra group memberships for that user number. I can see \\server\president in the Windows Explorer network but can't open the folder. I get a Windows cannot access error in Windows Explorer. I get a similar thing when I manually map drive m: to \\server\president. When I log onto the same machine using another account, the drive maps as expected and I can open that account's home folder in the network section in Windows Explorer. The only thing I can think of is that a Samba .tdb database must have something or be missing something related to that user account's home share. Any ideas? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [RESOLVED] Re: can't connect to home share after renaming Windows user
On 14/02/13 06:52 PM, Gary Dale wrote: I just went through the ordeal of renaming a Windows user account (from the previous incumbent's name to the position title, so I won't have to repeat this). Everything went smoothly. The account has access to the programs and files that it previously did. The roaming profile is being updated when the user logs out. The C:\user\president folder is accessing and storing the local documents properly. The only thing not working right is the home share isn't being mounted as drive m:. They do map to drive m: for other user accounts so it's not a samba smb.conf setting. The old windows user has the same sid as the new one and the old unix user has the same user number as the new one. I also checked /etc/group and changed any extra group memberships for that user number. I can see \\server\president in the Windows Explorer network but can't open the folder. I get a Windows cannot access error in Windows Explorer. I get a similar thing when I manually map drive m: to \\server\president. When I log onto the same machine using another account, the drive maps as expected and I can open that account's home folder in the network section in Windows Explorer. The only thing I can think of is that a Samba .tdb database must have something or be missing something related to that user account's home share. Any ideas? Nevermind. I'd missed changing the /etc/passwd home directory entry. All is working now. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Windows 7 Easy Transfer
I've installed Windows 7 64/Pro on a former XP/Pro workstation connected to Samba domain (Debian/Squeeze - v3.5.6). Prior to doing this, I saved the settings using the Windows Easy Transfer tool to create a 13G file on a USB stick. I completed the install of Windows 7 and joined the workstation to the domain. I can log in with a Domain Admin account, and I note that the Domain Admins are in the local Administrators group. However when I run the Easy Transfer tool to restore whatever settings it can, I get Windows easy transfer can't log on to your domain account. I've seen some other complaints about Easy Transfer having some problems with Domains, but I'm wondering if there are any known problems with Samba domains? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming Profiles - WinXP and Win7
On 14/12/12 04:29 PM, Aaron Wood wrote: Hello All, Today I was able to implement Samba4 as a DC with AD in a test environment. I eventually got it all working and was able to join the domain from two different virtual machines. I was also able to set up a roaming profile share and configure a user to utilize this share. My issue is that when I first logged into the domain after setting up the roaming profiles I did so from a Windows XP machine. the user's roaming directory was correctly created an all profile data stored. However, when I logged out of the Windows XP machine and logged back in from a Windows 7 machine another (totally separate) user profile directory was created with a .V2 appended to it. The two profiles do not talk to one another and exist on their own. In my opinion this cripples the roaming profile functionality unless your enter network is make up of computers using the same OS. Is this a bug, or is there a solution to this behavior. Thanks for any insight. You get the same problem in Linux - trying to share a home folder for an account where they are running different versions of the same window manager or different versions of Linux. The various resource files are not always compatible so you are out of luck trying to share everything. I wouldn't even try to get it to work. Just accept that Windows 7 profiles are different from Windows XP profiles. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help pls. -- Samba permission question
If you want the CIFS permissions to be set correctly, use the Samba/CIFS tools to set them (ie. set them from the client. Don't set them using Unix permissions on the server). Your example shows you setting the group to managegroup but your smb.conf forces the group to management. Which is it? The last line in your server commands I believe should be chmod, not chowm. On 12/12/12 12:21 PM, J Gao wrote: Hi, All, I'm having a problem with my samba server(v3.6.9) setup. I have a share on the server: #cd / #mkdir managment #chown -R root:managegroup management #chowm -R 2770 management When I test this I found out: the managegroup member can create new file/dir with the correct permission: -rwxrws--- or drwxrws--- BUT, when the client copy a file or dir to the share from his local drive, then some file/dir will have different the permission when it coiped to the Samba share. (for example, drwxrwxr-x) We have both Windows and Ubuntu client. Ubuntu client use cifs.mount to access the Samba share. Here is my smb.conf file. Please help me. All I want is when and file and/or dir end up on the samba share, it should have 770 permission. Thanks. Gao my smb.conf: [global] workgroup = WORKGROUP server string = My File Server interfaces = lo bond0 192.168.1.2/24 hosts allow = 127. 192.168.1. log file = /var/log/samba/log.%m max log size = 1000 security = user passdb backend = tdbsam guest account = nobody map to guest = Bad User wins support = yes dns proxy = no map acl inherit = yes nt acl support = yes load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes create mask = 0770 force security mode = 0770 force create mode = 0770 directory mask = 0770 force directory mode = 0770 [Management] comment = path = /management browsable = yes public = no writable = yes read only = no force group = management valid users = @management -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help pls. -- Samba permission question
On 12/12/12 02:07 PM, J Gao wrote:
Thank you Gary for the help.
On 12-12-12 09:45 AM, Gary Dale wrote:
If you want the CIFS permissions to be set correctly, use the Samba/CIFS
tools to set them (ie. set them from the client. Don't set them using
Unix permissions on the server).
I don't know if I'm doing it correct. I'm using a bash script to help
user mount the CIFS share like this:
sudo mount.cifs //fileserver/management/ ${HOME}/fileserver/management
-o user=${USER},password=$userPass,uid=$UID,rw,mand
Could you give me an example on using Samba/CIFS tools?
That line mounts the share using the credentials you gave it but that
doesn't set the permissions. If you right-click on the share's folder,
you should be able to set the CIFS permissions.
Your example shows you setting the group to managegroup but your
smb.conf forces the group to management. Which is it?
my typo. I want make clear so I change the group name to managegroup.
The actual group name it the same managment which I think may cause
confusion when I post my question. Sorry.
Bets Regards.
Gao
So is your user a member of management? Rather than forcing the group to
management, you could just add members to the group.
Also, when you set the Unix ownership and permissions too tightly, you
may prevent Samba from accessing the share properly. Since the share
directories and files are to be accessed only through CIFS/Samba, the
Unix permissions can and should be very loose. My shares all have Unix
permissions with everyone having rwx access.
The last line in your server commands I believe should be chmod, not
chowm.
On 12/12/12 12:21 PM, J Gao wrote:
Hi, All,
I'm having a problem with my samba server(v3.6.9) setup. I have a
share on the server:
#cd /
#mkdir managment
#chown -R root:managegroup management
#chowm -R 2770 management
When I test this I found out:
the managegroup member can create new file/dir with the correct
permission: -rwxrws--- or drwxrws---
BUT, when the client copy a file or dir to the share from his local
drive, then some file/dir will have different the permission when it
coiped to the Samba share. (for example, drwxrwxr-x)
We have both Windows and Ubuntu client. Ubuntu client use cifs.mount
to access the Samba share.
Here is my smb.conf file. Please help me. All I want is when and file
and/or dir end up on the samba share, it should have 770 permission.
Thanks.
Gao
my smb.conf:
[global]
workgroup = WORKGROUP
server string = My File Server
interfaces = lo bond0 192.168.1.2/24
hosts allow = 127. 192.168.1.
log file = /var/log/samba/log.%m
max log size = 1000
security = user
passdb backend = tdbsam
guest account = nobody
map to guest = Bad User
wins support = yes
dns proxy = no
map acl inherit = yes
nt acl support = yes
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
create mask = 0770
force security mode = 0770
force create mode = 0770
directory mask = 0770
force directory mode = 0770
[Management]
comment =
path = /management
browsable = yes
public = no
writable = yes
read only = no
force group = management
valid users = @management
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help pls. -- Samba permission question
On 12/12/12 05:18 PM, J Gao wrote:
On 12-12-12 12:52 PM, Gary Dale wrote:
On 12/12/12 02:07 PM, J Gao wrote:
Thank you Gary for the help.
On 12-12-12 09:45 AM, Gary Dale wrote:
If you want the CIFS permissions to be set correctly, use the
Samba/CIFS
tools to set them (ie. set them from the client. Don't set them using
Unix permissions on the server).
I don't know if I'm doing it correct. I'm using a bash script to help
user mount the CIFS share like this:
sudo mount.cifs //fileserver/management/ ${HOME}/fileserver/management
-o user=${USER},password=$userPass,uid=$UID,rw,mand
Could you give me an example on using Samba/CIFS tools?
That line mounts the share using the credentials you gave it but that
doesn't set the permissions. If you right-click on the share's folder,
you should be able to set the CIFS permissions.
OK, right-click in natilus works. But how can I set this up by
default. I mean once the share mounted, it will set the correct
permission to 770 if the user copy files on the share?
I read man page for the cifs.mount but I couldn't figure it out myself.
Here are more info:
1. The management group has gid=1018 on the server.
2. Once the share mounted on the Ubuntu client, the share's group ID
set to numeric 1018. (there isn't a local gid 1018)
3. When copy a file, for example:
-rwxr--r-- 1 gao gao14429 Nov 20 09:56 test
to the mounted share, the permission appears to be:
-rwxrwxr-- 1 gao 1018 14429 Nov 20 09:56 test
And I check it on the Samba server:
-rwxrwxr-- 1 gao management 14429 Nov 20 09:56 test
So the permission changed to 774, not 770. I think somehow it combined
the permission here.
Just like you said, I can change it to 770 from the right-click. But I
prefer to do it automatically.
Please help.
Thanks a lot.
Gao
If you have the domain created correctly, the Samba database keeps the
CIFS permissions. The Unix permissions aren't needed. Keep in mind that
the two sets of permissions are distinct. If you set the CIFS
permissions they are remembered. Checking the Unix permissions to see
what the CIFS permissions are doesn't work.
Having a Unix group called management isn't helpful unless it maps to a
CIFS group. For example, most Samba users map the CIFS Domain Users to
the Unix users. This is in the Samba documentation. The 1018 simply
shows that there is no CIFS group recognized for 1018 (don't forget, you
are forcing the group - probably not what you really want to do).
You really want to set up a CIFS group called management and add CIFS
users to it.
Samba maps CIFS users to Unix users if the name is the same.
Have you tried using SWAT to manage your users and shares? It makes
things easier if you don't have a Windows client to work from.
Your example shows you setting the group to managegroup but your
smb.conf forces the group to management. Which is it?
my typo. I want make clear so I change the group name to managegroup.
The actual group name it the same managment which I think may cause
confusion when I post my question. Sorry.
Bets Regards.
Gao
So is your user a member of management? Rather than forcing the group to
management, you could just add members to the group.
Also, when you set the Unix ownership and permissions too tightly, you
may prevent Samba from accessing the share properly. Since the share
directories and files are to be accessed only through CIFS/Samba, the
Unix permissions can and should be very loose. My shares all have Unix
permissions with everyone having rwx access.
The last line in your server commands I believe should be chmod, not
chowm.
On 12/12/12 12:21 PM, J Gao wrote:
Hi, All,
I'm having a problem with my samba server(v3.6.9) setup. I have a
share on the server:
#cd /
#mkdir managment
#chown -R root:managegroup management
#chowm -R 2770 management
When I test this I found out:
the managegroup member can create new file/dir with the correct
permission: -rwxrws--- or drwxrws---
BUT, when the client copy a file or dir to the share from his local
drive, then some file/dir will have different the permission when it
coiped to the Samba share. (for example, drwxrwxr-x)
We have both Windows and Ubuntu client. Ubuntu client use cifs.mount
to access the Samba share.
Here is my smb.conf file. Please help me. All I want is when and file
and/or dir end up on the samba share, it should have 770 permission.
Thanks.
Gao
my smb.conf:
[global]
workgroup = WORKGROUP
server string = My File Server
interfaces = lo bond0 192.168.1.2/24
hosts allow = 127. 192.168.1.
log file = /var/log/samba/log.%m
max log size = 1000
security = user
passdb backend = tdbsam
guest account = nobody
map to guest = Bad User
wins support = yes
dns proxy = no
map acl inherit = yes
nt acl support = yes
load printers
Re: [Samba] Help pls. -- Samba permission question
On 12/12/12 08:01 PM, J Gao wrote:
On 12-12-12 03:02 PM, Gary Dale wrote:
On 12/12/12 05:18 PM, J Gao wrote:
On 12-12-12 12:52 PM, Gary Dale wrote:
On 12/12/12 02:07 PM, J Gao wrote:
Thank you Gary for the help.
On 12-12-12 09:45 AM, Gary Dale wrote:
If you want the CIFS permissions to be set correctly, use the
Samba/CIFS
tools to set them (ie. set them from the client. Don't set them
using
Unix permissions on the server).
I don't know if I'm doing it correct. I'm using a bash script to help
user mount the CIFS share like this:
sudo mount.cifs //fileserver/management/
${HOME}/fileserver/management
-o user=${USER},password=$userPass,uid=$UID,rw,mand
Could you give me an example on using Samba/CIFS tools?
That line mounts the share using the credentials you gave it but that
doesn't set the permissions. If you right-click on the share's folder,
you should be able to set the CIFS permissions.
OK, right-click in natilus works. But how can I set this up by
default. I mean once the share mounted, it will set the correct
permission to 770 if the user copy files on the share?
I read man page for the cifs.mount but I couldn't figure it out myself.
Here are more info:
1. The management group has gid=1018 on the server.
2. Once the share mounted on the Ubuntu client, the share's group ID
set to numeric 1018. (there isn't a local gid 1018)
3. When copy a file, for example:
-rwxr--r-- 1 gao gao14429 Nov 20 09:56 test
to the mounted share, the permission appears to be:
-rwxrwxr-- 1 gao 1018 14429 Nov 20 09:56 test
And I check it on the Samba server:
-rwxrwxr-- 1 gao management 14429 Nov 20 09:56 test
So the permission changed to 774, not 770. I think somehow it combined
the permission here.
Just like you said, I can change it to 770 from the right-click. But I
prefer to do it automatically.
Please help.
Thanks a lot.
Gao
If you have the domain created correctly, the Samba database keeps the
CIFS permissions. The Unix permissions aren't needed. Keep in mind that
the two sets of permissions are distinct. If you set the CIFS
permissions they are remembered. Checking the Unix permissions to see
what the CIFS permissions are doesn't work.
Having a Unix group called management isn't helpful unless it maps to a
CIFS group. For example, most Samba users map the CIFS Domain Users to
the Unix users. This is in the Samba documentation. The 1018 simply
shows that there is no CIFS group recognized for 1018 (don't forget, you
are forcing the group - probably not what you really want to do).
You really want to set up a CIFS group called management and add CIFS
users to it.
Samba maps CIFS users to Unix users if the name is the same.
Have you tried using SWAT to manage your users and shares? It makes
things easier if you don't have a Windows client to work from.
Looks like I need more reading. I googled for CIFS group and got
lots oracle/silaris but not much for linux. WHen you say CIFS group,
do you mean a local group on the client PC?
Also I quickly installed SWAT and I can't find anywhere about CIFS group.
Gao
That's a Windows Domain group in M$ parlance. The group is recognized on
the member server because it comes from the Domain. That's why I used
the example of Domain Users as a CIFS group, as distinct from the Unix
group users.
Windows provides graphical tools for managing groups and users on the
Domain Controller, but you can also do it from the command line in
Linux. Something like net rpc group ADD groupname should work.
Once the group is created, you can populate it with users.
The essential point is that the Windows Domain model is different from
the Unix security model. When you are using Samba, use Samba and the
Windows way of handling things. Don't try to use Unix tools. You're not
in Unix-land anymore.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] cannot modify files on client
When you are using samba to connect, the user, group and file permission get passed through it. Rather than trying to force a particular user, try mapping the Windows (samba) user to the local (server) user tommy. On 25/11/12 10:10 AM, Dietrich Hentschel wrote: Hi, I want connect a linux client to linux server to modify files. On my server: password file: tommy:x:1002:100:Tommy:/home/tommy:/bin/sh smb.conf: [global] workgroup=WORKGROUP security=share [bilder] path=/var/lib/export force user=tommy force group=users valid users=tommy write list=tommy On client: mount.cifs //DESKTOP/bilder /home/dih/tommy/ -o user=tommy I see the files on root: -rwxr-xr-x 1 1002 users 628 Nov 11 19:15 configure.sh -rw-r--r-- 1 1002 users 0 Nov 25 11:33 d -rw-r--r-- 1 1002 users 0 Nov 25 12:49 dd -rwxr--r-- 1 1002 users 753647 Nov 22 19:48 p6140385.jpg -rwxr-xr-x 1 1002 users 720 Nov 19 14:29 photo-ma I can touch x without trouble and have uid 1002: -rw-r--r-- 1 1002 users 0 Nov 25 16:02 x I have no user on uid 1002. I want modify the files not on root but have wrong permissions. Can someone help me. With regards Dietrich -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] using samba similar to windows shares
On 09/10/12 04:17 PM, 鱼 wrote: Hi, I would like to share a main folder (main) with everyone but have different access rights to a subfolder of main (subfolder) with 2 groups. Is it possible that this can be done with samba? Regards LC You do it the same way that you do it on a Windows server. Share the main folder then use Windows Explorer to set up ACLs for the subfolder. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Share working with IP not with hostname
On 10/09/12 01:52 PM, Nitin Thakur wrote: hi guys I managed to setup the share. I am able to access the share with IP address, but as soon as I try to do it via hostname, I get a user name and password pop up, which always fail to authenticate. Any setting I am missing? Thanks nitin I'm guessing you have a recent Windows client. Try the settings at http://technet.microsoft.com/en-us/library/ee681622%28v=ws.10%29.aspx (there's also a similar thing on the Samba.org site but I can't find it right now). However, I do remember that there are two registry keys that need to be set/changed with Windows 7. After that, everything works. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] filesystem of choice?
On 24/06/11 09:46 AM, John G. Heim wrote: I'm setting up a new linux fileserver and I was wondering if samba likes one filesystem more than another. I have to format a 1.8Tb partition sometime today and I'll probably do ext3 unless samba prefers something else. We have a lot more linux users than Windows users but the Windows users have more problems with slow access. I use ext4 on mine without any issues. Since you're unlikely to change the file system once it's set up, why not go for the more modern version? It's stable and will probably receive better support over the long run. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] User submitted job
On 18/02/11 08:49 AM, Robert Moskowitz wrote: Is there a way for a user to run a job on the server? In particular, I want to implement a 'one click' backup using rsync. An icon on the desktop would do something (in a batch script maybe or some canned program) that would run a job under their ID that would rsync their home directory to a backup directory. For Linux clients, you could store the home directories on a network share that you back up. If you must use local home directories, add a logout script to rsync to a network share. It doesn't matter which machine (client or server) runs it because the network will be the bottleneck, not the processor. If you are talking about Windows clients, simply implement roaming profiles. You get a sync'd copy on the server. I echo Jeff Ross's warning to not leave backups to the users. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] call for a forum to replace the mailing list?
On 18/02/11 03:58 PM, Chris Smith wrote: On Fri, Feb 18, 2011 at 3:26 PM, Macwebreg.samba@panscend.com wrote: May be a forum would be better? Forums suck. Mailling lists are good. An NNTP newsgroup might even be better - but they seem to have gone the way of the Dodo as the main frontend. This list archived as such - nntp://news.gmane.org/gmane.network.samba.general Chris Victims of spam. NNTP was killed by spammers harvesting e-mail addresses and/or posting spam on the lists. On the other hand, e-mail lists give you a much better response rate because all e-mails hit the participant's inbox. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help needed with Windows7 roaming files.
Are you sure it's not a permissions problem? Have the Windows 7 machines been properly added to the domain? Are the user accounts enabled? Sorry, I have no Windows 7 clients to test things on. However, whenever I've had similar problems, it's been an account setup problem, not a Samba configuration issue. On 17/02/11 11:00 PM, Dennis M wrote: Hi all, We've been trying to setup/upgrade a samba PDC (version 3.56) with OpenLDAP as backend and roaming profiles for Windows7 (32bit) Clients. windows7 has no problem with login after applying the reg patches, however, it seems to always load a temporary profile as opposed to roaming one for users, no local profile is created. this has caused Outlook 2010 to function improperly (complains about outlook data cannot be accessed and fail to send any email), if i force profile type to local only in registry then outlook works perfectly, local profile is not an option for us though as a lot of our users change sites/pcs quite often. I've enclosed some related info below; the same config works perfectly with windowsXP clients. Ldap entries (samba related) objectClass: sambaSamAccount sambaSID: S-1-5-21-1209579028-1696229136-1764916649-15754 sambaHomePath: \\server1\user1 sambaProfilePath: \\server1\user1\.profile sambaLogonScript: logon.bat sambaAcctFlags: [UX ] sambaPrimaryGroupSID: S-1-5-21-1209579028-1696229136-1764916649-513 smb.conf [global] logon drive = H: logon home = \\%s\%U [profiles] path = /home browseable = no read only = no profile acls = yes csc policy = disable hide files=/Desktop.ini/Thumbs.db/lost+found store dos attributes = Yes create mask = 0600 directory mask = 0700 [profiles.v2] copy = profiles Any ideas? thanks heaps. Dennis has anybody managed to get Windows 7 (final) to use roaming profiles? Windows 7 is joined to my Samba 3.4.1 domain and always logs me in with a temporary profile. Windows XP works without problems. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] require membership to two groups
On 30/12/10 03:56 PM, Christ Schlacta wrote: I have some shares on a media server that are considdered Local, offline content, namely they should be accessible if the rest of the network is down, and each system has it's own group of users who are allowed to maintain it. the media servers in the livingroom are only for my wife and I, but each person can modify the one in their own bedroom and noone elses bedroom. Furthermore, the users must be members of the group Music to be allowed to modify music, and the group Videos to be allowed to modify videos. currently my setup looks like this for rebirth: [videos] comment = Rebirth local Videos path = /media/local/videos write list = @rebirth force group = videos create mask = 0664 force create mode = 0664 directory mask = 0775 force directory mode = 0775 [music] comment = Rebirth local Music path = /media/local/music write list = @rebirth force group = music create mask = 0664 force create mode = 0664 directory mask = 0775 force directory mode = 0775 but my fear is that someone not in the music group will still be able to write to the shares. is there a way to make it explicitly require BOTH groups to allow writing? I'm not entirely sure what you are trying to do, let alone why it is a problem. Since you are sharing files via Samba, why are you using group access instead of user access rights? Why aren't you simply using user accounts to control access the way CIFS usually does it? Ignore the ZFS problems. If user A is in Music, then they have write access to the music share. If they are not then they have read access. Forcing the group simply overrides the whole point of having a group in the first place. You can set Guest OK to yes to give the world read access, or you can set a Read list in addition to the Write list. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Newbie : bad uid in the smbpasswd file ?
On 28/12/10 06:43 PM, Francois Lafont wrote: tdb for the backend? The easiest way to get things working is to stop fighting the distributors. Ubuntu gives you a fully functioning basic Samba configuration. SWAT allows you to easily configure it to add shares, printers, etc.. Breaking Samba, like anything else, is easier to do than to make it work correctly. When you replace Ubuntu's smb.conf file with your own hacked-up version, you will get the same results you previously had. Use Ubuntu's default smb.conf as your starting point then use SWAT to update it. So far as learning is concerned, try following Samba by Example or the Samba Howto Collection to get Samba to do something useful in a reasonably secure fashion. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Newbie : bad uid in the smbpasswd file ?
On 28/12/10 06:44 AM, Francois Lafont wrote: Hello everybody, I don't understand why the uid isn't correct in the /etc/samba/smbpasswd file. My OS is Ubuntu 10.04. Some precise explanations below: #--- # smbd -V Version 3.4.7 # testparm -s /etc/samba/smb.conf Load smb config files from /etc/samba/smb.conf rlimit_max: rlimit_max (1024) below minimum Windows limit (16384) Processing section [PARTAGE] Loaded services file OK. Server role: ROLE_STANDALONE [global] workgroup = MON-DOMAINE netbios name = SAMBA-SRV server string = map to guest = Bad User passdb backend = smbpasswd guest account = francois lanman auth = Yes log level = 1 max log size = 10 wins support = Yes [PARTAGE] comment = Pour faire des tests path = /resteDisque1/dossier read only = No guest ok = Yes # service smbd restart smbd start/running, process 6638 # service nmbd restart nmbd start/running, process 6650 # cat /etc/samba/smbpasswd # no output, the file is empty # pdbedit -L # no result, no samba user # smbpasswd -a francois # I create the user francois New SMB password: Retype new SMB password: Added user francois. # cat /etc/samba/smbpasswd # In this file, the uid is 0, like root ?! francois:0:96E3B942381CBE5BAAD3B435B51404EE:BBB4013EC9D4E3D7A88CA89C2519DB11:[U ]:LCT-4D116896: # pdbedit -L # With this command, the uid is 1000 ?! francois:1000:francois # cat /etc/passwd | grep francois # 1000 is the *real* uid of francois francois:x:1000:1000:francois,,,:/home/francois:/bin/bash #--- The real uid of francois is 1000. Why is the uid equal to 0 in the smbpasswd file ? Thanks in advance for your help. Bonjour Francois. One question is why are you using smbpasswd instead of tdb for the backend? I suggest that you remove (purge) your samba implementation and reinstall it with the defaults. Next use swat to configure things. You need to consider the role the server plays, I highly recommend that you make it a domain controller unless you already have one. If you have a domain controller then join the server to the domain. If you don't have a domain controller, then use your samba server as domain controller. Once you have your server's role established, add and enable the accounts using swat. If this is a workstation that you are simply trying to share a folder from, then consider whether that is really a good idea. Sharing files exposes your machine unnecessarily. It is far better to set up a server with a shared folder. You can get all kinds of network storage devices quite cheaply that will do the job. Or you can use an old computer and set it up as domain controller/file server. You can even share printers, scanners, etc. from it. However, if you must use a workstation to share files, then use swat to configure it as a standalone or domain member server with whatever access rights you want. However, I strongly advise against using your account to provide guest access. Set up a real guest account that has no login rights (e.g. set the login shell to /bin/false). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] re. 3.4.9 printing addprinter command reparse doesn't see new printer
On 05/10/10 11:51 AM, Jack Downes wrote: The behavior is different from the 3.2.5 version I used to use. I have server that handles some 504 printers for the hospital serving some 2k users. The ratio really isn't that bad, about 150 of those printers are specialty label printers. I moved to the newer Samba because of Windows 7 clients. Our main IT admin said 'No' to Vista so I didn't have to worry about this back then... Anyway, no i'm upgrading because the samba release notes, and a lot of the email I read on this list said I should be using 3.4.8 or better or 3.5.4 or better. Well, now I'm on 3.4.9. That's the history. Now, the way i was used to the APW working was that on the windows XP client, I'd right click, Add Printer, choose my selections, hit finish, and then the printer would show up. There were no error messages with 3.2.5, it just worked. So, I'm building a testing box, attempting to mimic what I've got in the 3.2.5/linux box with 3.4.9 on freebsd 8 (it's go zfs is why). Taking this in steps, I'm still using security = user until I get all or most of the problems worked out. I've managed (via google) to remove around 90% of my questions / concerns, and am now down to the Why doesn't this work as expected? one. What currently happens: Right clicking in the windows Printers Faxes folder to engage the APW works as expected, I'm prompted through several fields to the point of clicking finish. After I click Finish, it does appear to work correctly. If it needs to load a new driver, it does that, if not things go a bit quicker. The progress bar goes all the way to the end where it pops up a window saying Unable to add printer. Access Denied or something similar. Now, I KNOW the printer is added, that this is just a superfluous error message. I can look at cups, refresh the printers page, and bang, it'll be there. And if I click the 'oK' button on the windows error, and then again click 'Finish' the Wizard at this point will go away, and my printer will be there. The correct driver will be loaded, and it's all generally okay. As an aside, on the things to note: I put in a request to restart cups in the smbaddprinter.pl script - after adding the printer. This with a sleep of about 3 seconds seems to be the best balance and allows me to use the double-tap on the Finish button with success - without waiting forever. I think that Samba is not re-parsing the printers from CUPS correctly or CUPS (1.4.4) is not returning an up-to-date list for whatever reason. On log level 10 I cannot find what is causing this behavior, however it's completely repeatable. This problem is an irritant, but one I can live with. it's just that this behavior is different than in 3.2.5. This is all from memory, I'm not at my desk, and I'm about to get in the car. So sorry there are no files included. I've tried doing that before, but people have just ignore the messages, so that seems a bad idea too. Sorry about hijacking a thread, I didn't know what I did would do so. When asking a question, I'll begin a new one from this point on. Thanks for taking the time to consider my question. I'm wondering about the two things that may have changed besides the version of Samba. One is that you are using security=user in a system without a domain. I don't think that should change anything except that you probably don't have a machine account on the server. The other thing is that you may be testing using a Windows 7 client. Do you get the same result using a Windows XP client? Possibly the client interactions have changed with Windows 7, such as a lowering of the retry or timeout settings before reporting the error you are getting? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 3.3 - poor performance (compared to NFS)
On 04/10/10 05:55 PM, scott_st...@trendmicro.com wrote: OK, I can do that. In production this box will not be CIFS-mounted by Linux machines, but I wanted to do the iozone benchmarks so I could compare apples-to-apples vs. NFS. I will go hunt down and repackage a newer CIFS client for centos 5.5. Any other hints on server-side tuning that I should be aware of for this case? Scott Stonescott_st...@trendmicro.com Lead Developer, DCS-RD Trend Micro, Inc. http://www.trendmicro.com -Original Message- From: Jeremy Allison [mailto:j...@samba.org] Sent: Monday, October 04, 2010 2:54 PM To: Scott Stone (DCS-RD-US) Cc: samba@lists.samba.org Subject: Re: [Samba] samba 3.3 - poor performance (compared to NFS) On Mon, Oct 04, 2010 at 02:51:17PM -0700, scott_st...@trendmicro.com wrote: I have a system that I'm vetting as a NAS server. It has a 2.0TB XFS filesystem mounted on /storage and I'm doing benchmarks using nfs3, nfs4, and samba. I'm testing via iozone by mounting the filesystem from my nas client box and then running iozone on the mounted filesystem. NFS seems pretty fast - ie, several orders of magnitude faster than samba, and I'm wondering why, so I'm beseeching the help of the List. :) server: sama 3.3.8 client: Linux CentOS 5.5 cifs mount, mount -t cifs -o rsize=32768,wsize=32768 //server/storage /storage Client is on the same LAN as the server, albeit different VLANs. Traffic is routed through intel gigabit NICs and Cisco Nexus 5000/7000 series switches. NAS server has a 4x 1gbe 802.3ad port channel set up with the Cisco 7000 switch, although I've run these tests both with and without the port channel with very similar results (as I'd expect, since the client is only a single 1gbe interface to begin with). (the 32768 numbers are the same as used in the NFS3/NFS4 tests). Again, the problem is *markedly* slower performance on CIFS than with NFS, and I cannot discern why, so I'm assuming it's some kind of samba tuning issue. I do plan to re-test with samba4, but any recommendations as to a specific version of samba that I could use which would provide maximum performance/stability would also be much appreciated. You might want to try a more recent cifsfs build than the one on CentOS 5.5. It's almost certainly a client issue here, I know Steve and Jeff have been putting work into improving the CIFSFS client performance (Steve and Jeff please comment :-). Jeremy. TREND MICRO EMAIL NOTICE The information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system. I'm not sure why you need to test. If you're using Windows clients or using Samba Domains for single-signon, Samba is almost always the best choice. If you're using anything else, then go with NFS. For example, I have a mixed-client network so I need Samba for the Windows users. This also means my best bet for Unix-like clients is to use Samba for authentication as well. However, if I was running a pure Unix/Linux environment then NFS would be an easy choice. On the principle of keeping it simple, I would need some really extraordinary reasons to run both. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] re. 3.4.9 printing addprinter command reparse doesn't see new printer
Please don't hijack threads. You could try something like /etc/init.d/samba restart (or your local equivalent) to the end of perl script. -- hello I have cups printing with cups 1.4.4. I'm using the included smbaddprinter.pl command to add printers to my server. Now, my error is that when I add the printer, I get ACCESS DENIED in the windows client, but if I check cups, there the printer is. And if I wait a bit with the windows client or reload samba, there the printer is within the share as well. Now, from the man page on smb.conf Once the /|addprinter command|/ has been executed, |smbd| will reparse the | smb.conf| to determine if the share defined by the APW exists. If the sharename is still invalid, then |smbd | will return an ACCESS_DENIED error to the client. So... is there a way for me to ask Samba to wait a few seconds before reparsing the smb.conf to check for the new printer? I tried adding a sleep() to the perl script, but that seems to make the issue worse, so that's not the choice it seems. thanks! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] re. 3.4.9 printing addprinter command reparse doesn't see new printer
OK. Perhaps you can be more specific about what you are trying to accomplish. I don't recall adding printers to a server as being something that happens frequently. yet I get the impression that your concern is that you have to wait before the added printer becomes available. That doesn't seem like much of a problem. How long do you have to wait? Basically, all the smbaddprinter.pl script does is call lpadmin. At least on my system, that seems to be a CUPS specific version. I think that's probably usual for any system running CUPS. Perhaps you should be asking the maintainer(s) for lpadmin? On 04/10/10 06:30 PM, Jack Downes wrote: ? I didn't hijack a thread... this is a mailing list. All I did was hit reply list to a random email, cleaned out the messages subject and started a new thread. How is that wrong..? I did try your suggestion, and it doesn't do anything but interrupt the operation... and I get an Operation could not be completed error. Which makes sense... On 10/ 4/10 04:21 PM, Gary Dale wrote: Please don't hijack threads. You could try something like /etc/init.d/samba restart (or your local equivalent) to the end of perl script. -- hello I have cups printing with cups 1.4.4. I'm using the included smbaddprinter.pl command to add printers to my server. Now, my error is that when I add the printer, I get ACCESS DENIED in the windows client, but if I check cups, there the printer is. And if I wait a bit with the windows client or reload samba, there the printer is within the share as well. Now, from the man page on smb.conf Once the /|addprinter command|/ has been executed, |smbd| will reparse the | smb.conf| to determine if the share defined by the APW exists. If the sharename is still invalid, then |smbd | will return an ACCESS_DENIED error to the client. So... is there a way for me to ask Samba to wait a few seconds before reparsing the smb.conf to check for the new printer? I tried adding a sleep() to the perl script, but that seems to make the issue worse, so that's not the choice it seems. thanks! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] trouble joining win xp machines to samba with ldap backend DC
On 24/09/10 11:53 AM, Osmany wrote: Greetings, I would like some help figuring this out. I really don't know what to do anymore. whenever I try to join an XP machine to the domain it comes up that username or password is not correct. However I know that the credentials are correct, but when I check the logs of that specific machine, this comes up: [2010/09/24 11:42:38, 5] auth/auth_util.c:make_user_info_map(161) make_user_info_map: Mapping user [oc.quimefa.cu]\[root] from workstation [CLIENTEWINDOW] [2010/09/24 11:42:38, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/09/24 11:42:38, 3] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/09/24 11:42:38, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/09/24 11:42:38, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2010/09/24 11:42:38, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/09/24 11:42:38, 5] auth/auth_util.c:is_trusted_domain(2261) is_trusted_domain: Checking for domain trust with [oc.quimefa.cu] [2010/09/24 11:42:38, 5] passdb/secrets.c:secrets_fetch_trusted_domain_password(491) secrets_fetch failed! [2010/09/24 11:42:38, 3] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/09/24 11:42:38, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(184) no entry for trusted domain oc.quimefa.cu found. [2010/09/24 11:42:38, 5] auth/auth_util.c:make_user_info(75) attempting to make a user_info for root (root) [2010/09/24 11:42:38, 5] auth/auth_util.c:make_user_info(85) making strings for root's user_info struct [2010/09/24 11:42:38, 5] auth/auth_util.c:make_user_info(117) making blobs for root's user_info struct [2010/09/24 11:42:38, 3] auth/auth.c:check_ntlm_password(221) check_ntlm_password: Checking password for unmapped user [oc.quimefa.cu]\[ro...@[clientewindow] with the new password interface [2010/09/24 11:42:38, 3] auth/auth.c:check_ntlm_password(224) check_ntlm_password: mapped user is: [oc.quimefa.cu]\[ro...@[clientewindow] [2010/09/24 11:42:38, 5] lib/util.c:dump_data(2286) [000] 9C CA 80 B4 84 2B C6 8A .+.. [2010/09/24 11:42:38, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/09/24 11:42:38, 3] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/09/24 11:42:38, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/09/24 11:42:38, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2010/09/24 11:42:38, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0Primary group is 0 and contains 0 supplementary groups [2010/09/24 11:42:38, 5] lib/smbldap.c:smbldap_search_ext(1182) smbldap_search_ext: base = [dc=oc,dc=quimefa,dc=cu], filter = [((uid=root)(objectclass=sambaSamAccount))], scope = [2] [2010/09/24 11:42:38, 5] lib/smbldap.c:smbldap_close(1085) The connection to the LDAP server was closed [2010/09/24 11:42:38, 2] lib/smbldap.c:smbldap_open_connection(786) smbldap_open_connection: connection opened [2010/09/24 11:42:38, 3] lib/smbldap.c:smbldap_connect_system(997) ldap_connect_system: successful connection to the LDAP server [2010/09/24 11:42:38, 4] lib/smbldap.c:smbldap_open(1065) The LDAP server is successfully connected [2010/09/24 11:42:38, 2] passdb/pdb_ldap.c:init_sam_from_ldap(545) init_sam_from_ldap: Entry found for user: root [2010/09/24 11:42:38, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/09/24 11:42:38, 3] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2010/09/24 11:42:38, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/09/24 11:42:38, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2010/09/24 11:42:38, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/09/24 11:42:38, 3] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/09/24 11:42:38, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/09/24 11:42:38, 3] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2010/09/24 11:42:38, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/09/24 11:42:38, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2010/09/24 11:42:38, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/09/24 11:42:38, 3] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/09/24 11:42:38, 5]
Re: [Samba] A question about Samba, authentication, groups, quotas, etc.
This happens sometimes when a local mail server rejects a message as spam because it contains words in a different language than used locally. Your original post did make it to the samba list. The spam message fortunately only went to the original sender (you). Someone on the list however didn't see your post. On 22/09/10 01:59 PM, Madhusudan Singh wrote: I understand neither the language nor the intent of this message. How could the initial message possibly be spam ? Was it the use of the capital case for the workgroup ? 2010/9/22postmas...@avi-drome.nl Message rejected: message contains bad words. Message is marked as spam. De informatie uit deze e-mail (en eventuele bijlagen) is uitsluitend bestemd voor de geadresseerde(n), gebruik door anderen is niet toegestaan. De informatie kan vertrouwelijk van aard zijn en onder een geheimhoudingsplicht vallen. Indien deze e-mail niet voor u bestemd is, wordt u verzocht de afzender daarvan op de hoogte te stellen en deze e-mail te vernietigen. Afzender en/of haar werkgever kan de veiligheid en betrouwbaarheid van e-mail communicatie niet garanderen en aanvaardt geen aansprakelijkheid voor schade ten gevolge van het gebruik van email. Onze diensten en overige werkzaamheden worden uitgevoerd op basis van een overeenkomst van opdracht, waarop onze algemene voorwaarden van toepassing zijn. Please consider the environment before printing this e-mail -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba roaming profiles not working
On 19/09/10 07:55 PM, Philippe LeCavalier wrote: Gary, On Fri, 2010-09-17 at 14:21 -0400, Gary Dale wrote: I've been at this for hours now and am still not getting it to work. I've been through the lists trying to find an answer and so far as I can tell, everything is configured OK. Obviously it's not, but I'm stuck. I recently installed Squeeze on my home server, overwriting a Lenny installation. I've been able to add my NT (Windows XP/Pro) domain accounts back in and pdbedit shows the expected values - e.g.: r...@whenim64:/home/samba/profiles# pdbedit -Lv garydale Unix username: garydale NT username: Account Flags: [U ] User SID: S-1-5-21-832165970-4128531365-4003982369-1002 Primary Group SID: S-1-5-21-832165970-4128531365-4003982369-513 Full Name: Gary Dale Home Directory: \\whenim64\home\garydale HomeDir Drive: m: Logon Script: Profile Path: \\whenim64\home\samba\profiles\garydale Domain: RAHIM-DALE Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: 9223372036854775807 seconds since the Epoch Kickoff time: 9223372036854775807 seconds since the Epoch Password last set: Wed, 15 Sep 2010 14:05:50 EDT Password can change: Wed, 15 Sep 2010 14:05:50 EDT Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FF ^What's this?^ That's the pdbedit output from the command at the start of the section However, although I can log on, I can't get the roaming profiles working. I get the windows cannot locate the server copy of your roaming profile message. Since my Unix account names/numbers are the same and the profiles are in the previously working /home folder that didn't get touched, I can't see how it''s a permissions problem. Noneheless, I removed an old profile which should have let WIndows create a new one. It didn't. I still got the same error. I did have to reinstate the groupmaps (don't know why the samba install doesn't do this) but they seem OK. r...@whenim64:/home/samba/profiles# net groupmap list Domain Admins (S-1-5-21-832165970-4128531365-4003982369-512) - ntadmins Domain Users (S-1-5-21-832165970-4128531365-4003982369-513) - users Domain Guests (S-1-5-21-832165970-4128531365-4003982369-514) - nogroup Domain Computers (S-1-5-21-832165970-4128531365-4003982369-515) - machines My smb.conf tests OK with testparm. SWAT reports all the daemons are running. I can map shares (with read/write) without needing extra authentication. My smb.conf (minus the shares printers) is: [...] logon path = \\%N\home\samba\profiles\%U In 'man smb.conf' Windows clients can sometimes maintain a connection to the [homes] share, even though there is no user logged in. Therefore, it is vital that the logon path does not include a reference to the homes share (i.e. setting this parameter to \\%N\homes \profile_path will cause problems). [...] If you want profiles stored in the home dir use the default setting ie \ \%N\%U\Profile [Profiles] profile acls = yes create mode = 0600 directory mode = 0700 path = /home/samba/profiles Set this to \\%N\%U\Profile OR edit [global] to the reflect this. Either way, it needs to be identical and fall within an allowable setting. May I also add that in my opinion you've gone a little overboard with the settings in [global] I've been using Samba as a DC for many years and have never needed to change so many settings. I would suggest starting with defaults and editing as needed...Just a thought. Cheers, Phil Actually the [global] settings are pretty much the defaults. Possibly it's a Debian thing or the way SWAT leaves it. I added the add machine script and changed the logon path. It turned out you were right about the duplication of the path between logon path and the profiles share. Removing the duplicated path from the logon path fixed it. I knew it was something stupid that I was missing. :) Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba roaming profiles not working
I've been at this for hours now and am still not getting it to work. I've been through the lists trying to find an answer and so far as I can tell, everything is configured OK. Obviously it's not, but I'm stuck. I recently installed Squeeze on my home server, overwriting a Lenny installation. I've been able to add my NT (Windows XP/Pro) domain accounts back in and pdbedit shows the expected values - e.g.: r...@whenim64:/home/samba/profiles# pdbedit -Lv garydale Unix username: garydale NT username: Account Flags: [U ] User SID: S-1-5-21-832165970-4128531365-4003982369-1002 Primary Group SID: S-1-5-21-832165970-4128531365-4003982369-513 Full Name: Gary Dale Home Directory: \\whenim64\home\garydale HomeDir Drive: m: Logon Script: Profile Path: \\whenim64\home\samba\profiles\garydale Domain: RAHIM-DALE Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: 9223372036854775807 seconds since the Epoch Kickoff time: 9223372036854775807 seconds since the Epoch Password last set: Wed, 15 Sep 2010 14:05:50 EDT Password can change: Wed, 15 Sep 2010 14:05:50 EDT Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FF However, although I can log on, I can't get the roaming profiles working. I get the windows cannot locate the server copy of your roaming profile message. Since my Unix account names/numbers are the same and the profiles are in the previously working /home folder that didn't get touched, I can't see how it''s a permissions problem. Noneheless, I removed an old profile which should have let WIndows create a new one. It didn't. I still got the same error. I did have to reinstate the groupmaps (don't know why the samba install doesn't do this) but they seem OK. r...@whenim64:/home/samba/profiles# net groupmap list Domain Admins (S-1-5-21-832165970-4128531365-4003982369-512) - ntadmins Domain Users (S-1-5-21-832165970-4128531365-4003982369-513) - users Domain Guests (S-1-5-21-832165970-4128531365-4003982369-514) - nogroup Domain Computers (S-1-5-21-832165970-4128531365-4003982369-515) - machines My smb.conf tests OK with testparm. SWAT reports all the daemons are running. I can map shares (with read/write) without needing extra authentication. My smb.conf (minus the shares printers) is: [global] workgroup = RAHIM-DALE server string = %h server obey pam restrictions = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword$ unix password sync = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 add machine script = /usr/sbin/useradd -d /var/lib/nobody -g machines -$ logon path = \\%N\home\samba\profiles\%U logon drive = m: logon home = \\%N\home\%U domain logons = Yes domain master = Yes dns proxy = No wins support = Yes panic action = /usr/share/samba/panic-action %d [netlogon] comment = Network Logon Service path = /home/samba/netlogon guest ok = Yes browseable = No browsable = No [Profiles] profile acls = yes create mode = 0600 directory mode = 0700 path = /home/samba/profiles read only = no browseable = no writeable = yes guest ok = yes [homes] comment = Home Directories valid users = %S create mask = 0700 directory mask = 0700 browseable = No browsable = No Any ideas? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] File owner SID instead of name showing for one user
This occurs when Windows cannot find a user name for the SID. Identify which user is the real owner and change the Owner of the file to the real owner. If the owner actually does exist then it's probably missing the name attribute. On 08/07/10 01:56 PM, Gaiseric Vandal wrote: Also make sure that SID returned by wbinfo -n DOMAIN\name matches the name returned bywbinfo -s SID command. On 07/08/2010 01:45 PM, t...@tms3.com wrote: Hello, I recently migrated all data and user accounts from our old Samba file server to a new (Samba 3.4.0 on Unbuntu 9.10) one. Everything is working fine except that there is one user whose SID is showing in the Owner column of Windows Explorer instead of the user name. It's not a big problem, but the user is uncomfortable with it and I'd like to know why it's happening and how to fix it. Check for duplicate UID's somewhere. Any help would be much appreciated. Thanks. Greg -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Set ACLs on Samba share from Windows
On 07/07/10 01:11 AM, Dadoo wrote: On Sun, 04 Jul 2010 15:55:26 -0700, tms3 wrote: Operating system Samba Version. Fedora 13. Samba 3.5.4 (the one supplied with Fedora) Does *Nix file system used support ACL's? Yes. Are ACL's turned on for the samba share mountpoint? Is this an OS setting or a Samba setting? Thanks. ACLs can sometimes be turned on or off on a file system as a mount option. Other times it's inherent in the system. It may even be a format-time option. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Default Hidden Disk Shares
On 05/07/10 05:00 AM, Atkinson, Robert wrote: Before I reply, please take my response in the light it's meant, which is curious interest and intrigue. I'm not and don't want to drag this out into a full blown dissemination of Windows security. The 'admins' directive in the CONF file holds a list of Admin users, and gives elevated privileges to those accounts. I'm at a loss to see how this differs from also giving root visibility to the same users. I see this one of two ways. Either there isn't enough faith in the SAMBA code to feel that it's a robust secure system (I personally think it is), or there's a paranoia amongst the community. Given the way Windows is constantly hacked, this second observation may well be indirectly true. My background is over 20 years administrating an OpenVMS system (THE most secure O/S available). The reason I say this is because a single cluster could (and does) have hundreds of visible volumes, that change frequently. To continually reconfigure the CONF file although not impossible, would be somewhat arduous. As has already been stated, Samba doesn't allow for the automatic 'hidden' presentation of these volumes. The product I was using (Pathworks) which emulates a Windows NT member server did, and despite some of the posts, it is a nice feature to have. I'm happy to leave it there and work with what's available, or hear peoples opinions on the above. Thanks, Robert (A Grateful OpenSource Developer and User) You have to remember that Windows was never intended to be a enterprise-level OS. It's been evolving but still has a lot of hard to remove vestiges of it's desktop past. Some of them are hard to remove and often date back to a time when MS-DOS ran on 64k machines. The notion of automatically sharing files may have made some sense way back when it was hard enough to get a PC network to even operate, but it is a security hole that shouldn't exist. The problem, like many Windows problems, is when a bug is old enough it becomes a feature. No one should need access to the entire file system as a share. In all my years looking after Windows servers, I certainly never did. Nor did I ever hear anyone have a good reason for doing so. I'm not saying that they don't exist, but if you really need to share a file system, Samba doesn't stop you from doing it. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Installation problem
On 04/06/10 03:44 PM, Miha Krajnc wrote: Hey guys, i installed samba on my Ubuntu 10.04 machine (sudo apt-get install samba) and it didnt create any config files. There is no /etc/samba or /usr/local/samba. I dont realy know what to do The samba server fails to start and i cant connect to the machine over my network. Anyone know what i should do? I tried purging / reinstalling (apt-get and aptitude), with no success. Are you using Ubuntu server or desktop? What messages do you get when you do aptitude install samba (after purging it, of course)? What happens if you do /etc/init.d/samba start? Also, have you tried installing SWAT? I find it very useful for configuring servers. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] new clients not joining to my domain
Om Pastor Mosella wrote: Hello, Since about two weeks I've noticed (I tink after an update but I don't know) that when I try to join new XP client to my domain I get this error: /0x232B/ RCODE_NAME_ERROR And something about The DNS SRV record is not registered in DNS I don't paste all the description because it's in spanish, but I find a thread in this list with the same error (http://lists.samba.org/archive/samba/2007-January/128329.html) and googled various pages, but I can't solve my problem. I don't change anything in my config files, and don't have a DNS server configured I think I use WINS to resolve names and works ok. What I can't understand is that the clients already joined to the domain works fine. Has anyone any idea of what can be the problem? Thanks. Have you tried rebooting your server? It may be that it's not being recognized for one reason or another. A quick reboot may fix the issue. Wait 30 minutes or so after the reboot before trying to join the domain. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] new clients not joining to my domain
Om Pastor Mosella wrote: Thank you for your response. I try to reboot again and wait until try to join but the error is the same. Thanks. - Mensaje original - De: Gary Dale Enviado: 21-04-10 15:27 Para: samba@lists.samba.org Asunto: Re: [Samba] new clients not joining to my domain Om Pastor Mosella wrote: Hello, Since about two weeks I've noticed (I tink after an update but I don't know) that when I try to join new XP client to my domain I get this error: /0x232B/ RCODE_NAME_ERROR And something about The DNS SRV record is not registered in DNS I don't paste all the description because it's in spanish, but I find a thread in this list with the same error (http://lists.samba.org/archive/samba/2007-January/128329.html) and googled various pages, but I can't solve my problem. I don't change anything in my config files, and don't have a DNS server configured I think I use WINS to resolve names and works ok. What I can't understand is that the clients already joined to the domain works fine. Has anyone any idea of what can be the problem? Thanks. Have you tried rebooting your server? It may be that it's not being recognized for one reason or another. A quick reboot may fix the issue. Wait 30 minutes or so after the reboot before trying to join the domain. Something in your system is providing DNS services. Do you have a router? Have you upgraded its firmware lately? Check for updates. Try restarting it even if it has the latest firmware. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Snow Leopard and Samba
jjrowan wrote: A customer has an expanding number of Mac computers. Last Friday and existing machine started having problems writing files to a Samba share on a CentOS 5.x server. They had no problems prior to Friday. They are getting permission failure errors in creating files and folders. I made the sare owned by the user and group with group write enabled. Even with him as the owner he can not write to the share. I stopped / started Samba, same problem. I had him reconnect, same problem. Even had him reboot his Mac but problem persists. I ran Wireshark traces but the session generates 30 to 40 thousand packets and I am unable to find the packets that might pinpoint why he now has problems writing to the server. I just ran a yum update of the CentOS server and it downloaded samba-common-3.0.33-3.15. I don't know if this release fixes my problem. Has anyone else had problems with OS/X writing to a Samba share AFTER it's been working for for a while (in my case 2 months)? With respect to Mr. Allison, figuring out what changed isn't always simple. Sometimes it can be something that is only peripherally connected to Samba, such as a DNS server upgrade. In general, the Unix permissions need to be permissive enough to allow Samba to control the access. You may also want to check that the users are actually logging on. Try checking the Samba logs to see if there is a problem being reported. If that doesn't work, set the Samba loglevel to 10, restart Samba and try again. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Snow Leopard and Samba
Jeremy Allison wrote: On Tue, Apr 20, 2010 at 04:49:19PM -0400, Gary Dale wrote: jjrowan wrote: A customer has an expanding number of Mac computers. Last Friday and existing machine started having problems writing files to a Samba share on a CentOS 5.x server. They had no problems prior to Friday. They are getting permission failure errors in creating files and folders. I made the sare owned by the user and group with group write enabled. Even with him as the owner he can not write to the share. I stopped / started Samba, same problem. I had him reconnect, same problem. Even had him reboot his Mac but problem persists. I ran Wireshark traces but the session generates 30 to 40 thousand packets and I am unable to find the packets that might pinpoint why he now has problems writing to the server. I just ran a yum update of the CentOS server and it downloaded samba-common-3.0.33-3.15. I don't know if this release fixes my problem. Has anyone else had problems with OS/X writing to a Samba share AFTER it's been working for for a while (in my case 2 months)? With respect to Mr. Allison, figuring out what changed isn't always simple. Sometimes it can be something that is only peripherally connected to Samba, such as a DNS server upgrade. Sorry, it was a snarky comment and I apologise. I'd just had to talk my brother through a similar it's all broken and *nothing* changed tech problem over the phone :-). I think we've all been there too many times. :) I was just talking to a customer's tech guy about a program I sold them. Their tech support guy somehow believed my program would have their membership database in its install directory. And let's not forget all the times I get a I can't connect to the server call, which I answer with is the server turned on? :) In general, the Unix permissions need to be permissive enough to allow Samba to control the access. You may also want to check that the users are actually logging on. Try checking the Samba logs to see if there is a problem being reported. If that doesn't work, set the Samba loglevel to 10, restart Samba and try again. Good advice, and getting debug level 10 logs will definitely isolate the problem, if you can interpret them. Jeremy Thanks for all the work you do on Samba and on the support lists. Can't wait for v4 to become production-ready. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] how to mount shares as a user without mount.cifs setuid
Nico Kadel-Garcia wrote: On Thu, Apr 8, 2010 at 2:08 PM, Gary Dale garyd...@rogers.com wrote: Christian PERRIER wrote: Quoting Gary Dale (garyd...@rogers.com): Now perhaps I'm missing something, but I have no trouble with users mounting nfs shares. The idea that users can't mount cifs shares strikes me as odd and an unnecessary impediment. How about turning the binary we provide in Debian to setuid on the systems where you want it to be this way, by using dpkg-statoverride(8)? Actually, I was just responding to Nico's assertion that disabling setuid is a seatbelt. The idea that mounting shares should be restricted to root is, imho, a cure that is worse than the disease. :) It's safer *default* behavior. If you want non-root users to be able to mount, you can create a table of mounting options in auto.master or in another auto.cifs file that will translate the mounting options into something available to users, with wildcards to allow access to alternative servers or shares. I've been trying without success to get even a basic auto.cifs working following the howto at http://www.howtoforge.com/accessing_windows_or_samba_shares_using_autofs. I installed autofs v5.0.4 from the Debian/Squeeze repository and created the /etc/auto.cifs file. I made it executable and changed the mountopts line to: mountopts=-fstype=cifs,file_mode=0644,dir_mode=0755,uid=garydale,gid=users. I created a /etc/auto.smb.filesever file and gave it my credentials. Then I added the auto.cifs line to the auto.master file and restarted the autofs system. I then fixed a few errors I was getting re. my domain name by adding an automount: nis files line to /etc/nsswitch.conf and also running domainname mydomain. At this point I can run ls -als /cifs/fileserver and see all the exported shares, etc. from that server. However the shares are not mounted. Checking syslog I now find an error Status code returned 0xc05e NT_STATUS_NO_LOGON_SERVERS. Google only finds two hits on this message, neither of which was helpful. I know my Windows desktops are logging in to the domain as their profiles are updated when they do. Anyway, this leaves me with some questions. 1) do you have any idea on how to fix the error? 2) even if I do, I think I need more information on how auto.cifs can help. If I replace the uid=garydale with something like uid=$USER, won't that just pick up the uid as root, the context in which the mount is running? 3) the credentials file for autofs seems to only allow a single username+password combo for each mount. Is there a way around this? 4) can the credentials be updated automatically when the user changes their password? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] how to mount shares as a user without mount.cifs setuid
Nico Kadel-Garcia wrote: On Thu, Apr 8, 2010 at 12:45 AM, Chris Smith smb...@chrissmith.org wrote: On Wed, Apr 7, 2010 at 9:39 PM, Jeff Layton jlay...@samba.org wrote: Yes, we added a patch a while back to make it such that mount.cifs would not allow itself to run as a setuid root program unless it that check was compiled out. This was done due to a rather constant stream of security issues that were brought about when people installed mount.cifs setuid root. Since it had never been vetted for security, we really had no other choice to communicate that installing it setuid root was unsafe. Not the place for it so the inquiry is only rhetorical. How can you equate adding a patch preventing a sysadmin from using an app as designed to communicating? Communication is one thing, handcuffs are another. It doesn't stop a sysadmin. Sysadmins have root privileges and do not need setuid for this. Sysadmins can also manipulate automount or /etc/fstab to allow far more controlled mounting. This isn't handcuffs. It's a seatbelt. I'm not sure I can agree with you on that. When I setuid to allow a user to mount their own shares, they can do it. If I set up fstab to mount shares as root using specific uid and gid values, then the users don't see their correct permissions. That's a straightjacket, not a seatbelt. Now perhaps I'm missing something, but I have no trouble with users mounting nfs shares. The idea that users can't mount cifs shares strikes me as odd and an unnecessary impediment. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] how to mount shares as a user without mount.cifs setuid
Christian PERRIER wrote: Quoting Gary Dale (garyd...@rogers.com): Now perhaps I'm missing something, but I have no trouble with users mounting nfs shares. The idea that users can't mount cifs shares strikes me as odd and an unnecessary impediment. How about turning the binary we provide in Debian to setuid on the systems where you want it to be this way, by using dpkg-statoverride(8)? Actually, I was just responding to Nico's assertion that disabling setuid is a seatbelt. The idea that mounting shares should be restricted to root is, imho, a cure that is worse than the disease. :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] how to mount shares as a user without mount.cifs setuid
I'm running Debian/Squeeze on an AMD64 system. For some reason they have recently stopped shipping mount.cifs with the setuid bit set. Now it appears that they have changed the internal settings to prevent it from running setuid. This means that I can't define the share in fstab with user and connect from my Linux user account. Mounting smb/cifs shares seems to be blocked except for root. Presumably this has been done for security reasons. However, I can't currently do much with my network shares unless I'm root because the shares and all the files are owned by root:root. This is despite the fstab setting username=my windows account name and I get prompted for the password. That only seems to be used for connecting to the share, not for the permissions. My Debian box hasn't joined a domain - I'm just using local accounts. I mainly have the domain for some Windows boxes used by my family. How do I mount an smb/cifs share as a normal user without running mount.cifs? Or if I have to mount the share as root, how can I get reasonable access to the shares? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] how to mount shares as a user without mount.cifs setuid
Jeff Layton wrote: On Wed, 07 Apr 2010 16:44:47 -0400 Gary Dale garyd...@rogers.com wrote: I'm running Debian/Squeeze on an AMD64 system. For some reason they have recently stopped shipping mount.cifs with the setuid bit set. That would be because it was horribly unsecure. Now it appears that they have changed the internal settings to prevent it from running setuid. This means that I can't define the share in fstab with user and connect from my Linux user account. Mounting smb/cifs shares seems to be blocked except for root. Yes, we added a patch a while back to make it such that mount.cifs would not allow itself to run as a setuid root program unless it that check was compiled out. This was done due to a rather constant stream of security issues that were brought about when people installed mount.cifs setuid root. Since it had never been vetted for security, we really had no other choice to communicate that installing it setuid root was unsafe. Presumably this has been done for security reasons. However, I can't currently do much with my network shares unless I'm root because the shares and all the files are owned by root:root. This is despite the fstab setting username=my windows account name and I get prompted for the password. That only seems to be used for connecting to the share, not for the permissions. My Debian box hasn't joined a domain - I'm just using local accounts. I mainly have the domain for some Windows boxes used by my family. How do I mount an smb/cifs share as a normal user without running mount.cifs? Or if I have to mount the share as root, how can I get reasonable access to the shares? You need to set the uid=/gid= options when mounting. When it's run by a non-root user, /bin/mount adds these options automatically. Except that when I run mount as a non-root user, I get the error about mount.cifs not being setuid. This is generated from the user option in fstab. If I remove the user option, I am told that only root can mount the share. Thus my problem that normal users cannot mount smbfs/cifs shares. This appears to be reserved now only for root. It's also worthwhile to note that I've recently re-enabled the ability to run mount.cifs as a setuid root program in the latest cifs-utils release: http://linux-cifs.samba.org/cifs-utils/ ...you may want to switch to using that instead if you need the ability to use mount.cifs in this way. I would except that Debian/Squeeze has its own repositories that I'd prefer to stick with. Hopefully they'll catch up shortly. While the ability to run mount.cifs setuid again is appreciated, how does that fit in with the horribly unsecure reasoning that led to it being removed? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] how to use m4_pattern_allow
himmat baldaniya wrote: hello what is m4_pattern_allow ?? how to use it ?? I am installing patch of acl-2.2.49.tar.gz but it gives me error stating -- line 1650 :AC_CONFIG_MACRO:m4 line 1650 : use m4_pattern_allow thankx _ New Windows 7: Find the right PC for you. Learn more. http://windows.microsoft.com/shop m4 is a macro-processor that is used quite a bit in Unix programming. Read up on it if you intend to compile code. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Renaming a computer on a Samba domain
Michael Wood wrote: 2010/1/13 Gary Dale garyd...@rogers.com: [...] The only down side is (the last time I checked anyway) is you need a commercial package like Ghost to give each image a unique SID. From http://technet.microsoft.com/en-us/sysinternals/bb897418.aspx Note: NewSID has been retired and is no longer available for download. Please see Mark Russinovich’s blog post: NewSID Retirement and the Machine SID Duplication Myth[1] [1] http://blogs.technet.com/markrussinovich/archive/2009/11/03/3291024.aspx Thanks Micheal. So DD + M$ SysPrep will do the trick. Good to know. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Documents in home folder 'Read Only'
Dave Coventry wrote: Sorry: the user told me she was in, but she is using someone else's password. (her supervisor's) It's no longer that she can't write to her home directory: she can't log in at all now. tail /var/log/samba/log.reception [2010/01/13 16:07:33, 0] auth/pampass.c:smb_pam_accountcheck(791) smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User patience! [2010/01/13 16:07:50, 0] auth/pampass.c:smb_pam_account(583) smb_pam_account: PAM: UNKNOWN PAM ERROR (9) during Account Management for User: patience [2010/01/13 16:07:50, 0] auth/pampass.c:smb_pam_accountcheck(791) smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User patience! [2010/01/13 16:08:32, 0] auth/pampass.c:smb_pam_account(583) smb_pam_account: PAM: UNKNOWN PAM ERROR (9) during Account Management for User: patience [2010/01/13 16:08:32, 0] auth/pampass.c:smb_pam_accountcheck(791) smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User patience! I have tried to reset her password using 'smbpasswd -a patience' to reset the password, but it doesn't work; she cannot access the server. Based on your earlier comment about capitalized names, I suggest you remove the account and rebuild it. It's possible that you've got it messed up beyond easy repair. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Renaming a computer on a Samba domain
Jason Somers wrote: We shift computers around a lot, and therefore need to rename several whenever we get new batches of systems in. Tried simply renaming a system while on the domain, but got an access denied error. I WAS able to disjoin the domain, remove the LDAP entry for the computer, log in as a local administrator, rename the computer, and rejoin the domain a different computer name. However, this is a HUGE pain. The number of reboots alone is a genuine time-killer. Doing it one several systems can waste an entire day. Does anyone have any suggestions? Thanks! Jason Can you be more specific about what you are doing and why? I surmise that you are renaming existing Windows boxes when you get in new computers, but are the Windows boxes servers or desktops? And why do you need to rename in the first place? What happens to the old boxes? The reason I ask is that there are possibly better solutions than renaming computers. This is especially true if you are doing this frequently. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Documents in home folder 'Read Only'
Dave Coventry wrote: My user is logged in to the Samba Server. smb.conf has the following: [homes] comment = Home Directories read only = No create mask = 0775 directory mask = 0775 browseable = No writeable = Yes The files in the user's home directory are set to chmod 777. What do I need to do to enable the user to write to her Directory? Who owns the files in the user's home directory? What group do they belong to? Is the user a member of that group? Has the user account been enabled? What happens when you do pdbedit -v username on the Samba server? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Renaming a computer on a Samba domain
No it doesn't. :) Most companies simply keep record of who has what equipment. Assign an inventory number to the asset then record the current holder of that asset. This allows you to keep track of the full life cycle of the asset. Changing the identifier every time the asset gets reassigned prevents this. This is asset/inventory control 101. However, I'm also guess that you don't want any old files left on the computers when they change departments. You should be re-imaging the drives each time they move. So use LDAP transactions to remove the old computer names from the domain. Re-image the drives and join them to the domain with their new names. Apart from the LDAP transaction, this is the same as not changing the name. If you're not re-imaging then I have to ask why not? However, I don't believe you need to leave the domain to change a name. Have you tried logging on with a local account then joining the domain with the new name? Removing the old name from the LDAP database should be sufficient. Jason Somers wrote: Clients are NFP, and have about 100 workstations. Once or twice a year, they get grants for upwards of 10 new systems. These systems get distributed to those with the most need, and in turn, their systems get passed to whomever has computers less powerful than those. System names reflect different departments and subdepartments, so if you move a computer anywhere, its name must change. Make sense? -Jason = Jason Somers Network Administrator Red Barn Technology Group, Inc. 1235 Front Street - Suite 3 Binghamton, NY 13905 (607) 772-1888 x222 Gary Dale wrote: Jason Somers wrote: We shift computers around a lot, and therefore need to rename several whenever we get new batches of systems in. Tried simply renaming a system while on the domain, but got an access denied error. I WAS able to disjoin the domain, remove the LDAP entry for the computer, log in as a local administrator, rename the computer, and rejoin the domain a different computer name. However, this is a HUGE pain. The number of reboots alone is a genuine time-killer. Doing it one several systems can waste an entire day. Does anyone have any suggestions? Thanks! Jason Can you be more specific about what you are doing and why? I surmise that you are renaming existing Windows boxes when you get in new computers, but are the Windows boxes servers or desktops? And why do you need to rename in the first place? What happens to the old boxes? The reason I ask is that there are possibly better solutions than renaming computers. This is especially true if you are doing this frequently. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Renaming a computer on a Samba domain
It's not a Samba issue. It's a Windows issue. Windows associates the account name with a particular SID, whether it's a machine or a user account. You can't just change the name like you can in Unix. Now I admit I haven't worked on Windows Servers newer than W2K but the NT domain stuff hasn't changed. The only way to change an account name for a SID is to remove it first then re-add it under the new name. With Samba and machine accounts this can be done by dropping the machine account from the database then changing the machine name on the local machine while adding it back into the Domain. Again however, if you are re-assigning machines without re-imaging them, you've got a security problem to deal with. I'm not saying you have to do a DoD-type erase, but at least don't leave files around that can be easily undeleted. Re-imaging has been around for more than a decade. It's not that hard to do. And it takes care of your issues with changing the name - just give the re-imaged machine its new name. The only down side is (the last time I checked anyway) is you need a commercial package like Ghost to give each image a unique SID. Jason Somers wrote: I guess I am just missing the point here. I am not in the position to change policy. I must work with what I have inside of standard operating procedures. Why is it such a big deal to change the computer name while connected to the domain? This seems like such a simple thing (that you can do on ALL Windows domains), and yet it does not seem like it can be done on Samba... -Jason Gaiseric Vandal wrote: On 01/12/10 15:54, Walter Mautner wrote: Am Dienstag, 12. Januar 2010 20:24:25 schrieb Jason Somers: Clients are NFP, and have about 100 workstations. Once or twice a year, they get grants for upwards of 10 new systems. These systems get distributed to those with the most need, and in turn, their systems get passed to whomever has computers less powerful than those. System names reflect different departments and subdepartments, so if you move a computer anywhere, its name must change. Make sense? Changing policy makes even more sense. Like here, our main office is getting crowded while one or the other branch office dies due to financial cuts. That makes for a lot of internal moves. While we had our client computers named that way as well, a while ago, we soon faced the nightmare (it's not only the samba/ldap, but other servers like the av management server, policy-driven services and whatever) of having to change a lot of data and database entries on every move. Now, we just number the boxen (try to change to numbers representing the SAP- generated 6-digit asset ids) and keep the location and similar info in a single database asset database. We use LDAP for a backend. At some point when we switched from TDB to LDAP not all the machine info imported properly. But I was able to use smbpasswd -w to dump out sambaSID's to copy and paste into LDAP. So if your backend was ldap you could probably change the machine name in LDAP as well as on the machine. Or possibly create a new LDAP entry and cut and paste the LDAP sambaSID. This would probably be a huge pain with a TDB backend. Once place I worked we used only dells, which had nice short service tags, which doubled as their machine names. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] web client for samba
jcflores wrote: Is there any way to access to samba server via web, I mean that the users windows can access to samba server via web. You can access the server using SWAT, which listens on port 901. If you want to access file shares via the Internet, that's a different issue. Try Googling SMB over IP. If you want a web interface to file shares, that's not a Samba issue. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] how to get a qemu Windows XP guest to connect to a Samba domain
I'm running Debian/Squeeze on my desktop and have installed a qemu virtual machine (actually the qemu-kvm fork) with a tap interface to the network. The guest operating system is Windows XP. It can see my Samba shares and connect to them but I can't get the virtual machine to join the Samba domain (Debian/Lenny server). Because of this, I also can't log on using a domain user account - just local accounts - which means that I have to manually reconnect to a share (to establish my credentials) in order to get access to the network resources. I note that the samba shares I connect to shows that I am connecting to the server string from smb.conf. Interestingly, Windows XP thinks its ip address is 10.0.2.15 with a default gateway of 10.0.2.2 while my network uses 192.168.1.x. I surmise that tap uses some form of NAT to handle to the routing. However, this pushing the limits of my networking expertise. Any ideas on how to get a virtual machine to join a domain? p.s. Merry Christmas everyone. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] problem with force group parameter
Force group forces the Unix group to be whatever you force it to. It has
nothing to do with what group the connecting use belongs to.
vishesh kumar wrote:
I also facing same issue.
Does it mean that we cant specify secondary group as 'force group' in group.
On 11/5/09, Andrey Zykov and...@dce.ifmo.ru wrote:
Hello!
I tryed to configure Debian Linux file server as Windows 2003 domain
member using samba with security = ADS mode and stucked with such problem:
File server (fs) succesfully joined my domain with correct user and
group mapping (i'm using idmap rid). Users from domain have their unix
accounts with DOMAIN_NAME\ prefix, i.e for domain user andrey i have
local unix user: 'DOMAIN\andrey':
fs:~# id DOMAIN\\andrey
uid=8(DOMAIN\andrey) gid=10513(DOMAIN\пользователи домена)
группы=10513(DOMAIN\пользователи домена),10512(DOMAIN\администраторы
домена),11395(DOMAIN\сотрудники),10001(BUILTIN\users),1(BUILTIN\administrators)
as you can see, user have uid=8, primary group
gid=10513('DOMAIN\пользователи домена' - 'DOMAIN\domain users' in
english) and few supplementary groups.
Now i want to make a share restricted to use by users from one of
supplementary groups, i.e. 11395(DOMAIN\сотрудники).
I created a directory:
fs:~# ls -l /home/sambashare/ | grep officepub
drwxrwx--- 2 DOMAIN\adminDOMAIN\сотрудники 4096 Окт 26
20:28 officepub
and checked that i can access it localy via ssh:
fs:~# su DOMAIN\\andrey
domain\and...@fs:/root$ cd /home/sambashare/officepub/
domain\and...@fs:/home/sambashare/officepub$ touch file
domain\and...@fs:/home/sambashare/officepub$ rm file
Next i added share definition in smb.conf with my group in 'force group'
parameter:
...
[officepub]
comment = Office Public Share
path = /home/sambashare/officepub
force group = +DOMAIN\сотрудники
read only = No
browseable = No
restarted samba, tried to access it via smbclient and got following error:
fs:~# smbclient '\\fs\officepub' -U DOMAIN\\andrey
Enter DOMAIN\andrey's password:
Domain=[DOMAIN] OS=[Unix] Server=[Samba 3.2.5]
smb: \ ls
NT_STATUS_NETWORK_ACCESS_DENIED listing \*
0 blocks of size 0. 61680 blocks available
smb: \
But in the same time i have similar working share with restriction by
_primary_ group:
fs:~# id DOMAIN\\andrey
uid=8(DOMAIN\andrey) gid=10513(DOMAIN\пользователи домена)
группы=10513(DOMAIN\пользователи домена),10512(DOMAIN\администраторы
домена),11395(DOMAIN\сотрудники),10001(BUILTIN\users),1(BUILTIN\administrators)
fs:~# ls -l /home/sambashare/ | grep pub
drwxrwx--- 2 DOMAIN\adminDOMAIN\пользователи домена4096 Ноя 4
00:00 pub
fs:~# su DOMAIN\\andrey
domain\and...@fs:/root$ cd /home/sambashare/pub/
domain\and...@fs:/home/sambashare/pub$ touch file
domain\and...@fs:/home/sambashare/pub$ exit
exit
fs:~# smbclient '\\fs\pub' -U DOMAIN\\andrey
Enter DOMAIN\andrey's password:
Domain=[DOMAIN] OS=[Unix] Server=[Samba 3.2.5]
smb: \ ls
. D0 Thu Nov 5 17:02:01 2009
.. D0 Wed Jun 3 18:22:47 2009
file 0 Thu Nov 5 17:02:01 2009
64000 blocks of size 8192. 28337 blocks available
smb: \
So i've decided that problem is in the not working (or
misundertandeted?) 'force group' parameter.
What did i do wrong and how to fix this?
Some technical information:
Distro used: Debian Lenny, kernel 2.6.26-2-amd64
Samba version: 3.2.5-4lenny6
Domain Controller: Windows Server 2003 R2 Enterprise Edition
smb.conf: http://pastebin.ca/1658364
Log file: http://pastebin.ca/1658368
P.S. Sorry for my english :-)
--
Andrey Zykov
e-mail: and...@dce.ifmo.ru
jabber: z...@jabber.org.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Move samba server
Alejandro Rodriguez Luna wrote: Hi everybody, I got a new servers and I'd like to move the old ones to the news, I know that to move samba, I need to move the SID. anybody knows a howto, o where I can find documentation to move the SID along with the users and machines. P.D. Currently the samba server is the PDC. -- Alejandro Rodriguez Luna Web: http://www.alexluna.org E-mail: el_alexl...@yahoo.com.mx MSN: el_alexl...@yahoo.com.mx GTalk: alexl...@gmail.com Movil: 044-311-112-86-41 -- Encuentra las mejores recetas en Yahoo! Cocina. http://mx.mujer.yahoo.com/cocina/ Basically, if your smb.conf and all the .tdb databases get moved, you should be good to go. Just make sure that your local accounts and machine name are the same as on the old server and the move should be transparent to the users. You can also look at the the vampire mode for moving your Samba setup from one machine to another. It's been a while since I've done this, but it wasn't overly difficult. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Desiring to set up Windows Vista and Linux Fedora Core 4
Barry L. Bond wrote: Greetings! Tonight is unfortunately the first small bit of time I've had to even try to get Samba configured between my Vista and my Linux FC4. (My mother as well as my extremely limited home time dealing with important things are my main delays.) It's not going well. :-) I have added hosts allow with 192.168.1 and 192.168.2. I have experimented with a few things. I have looked at http://forums.fedoraforum.org/showthread.php?t=2556 and even read something about making the network communication in Vista be LM as well as NTLM... Okay, let me ask one basic question at a time. I was thinking that I didn't have to actually mount samba (smbmount) in the past, back years ago when I used it with VMWare and Windows 98. (I was thinking that the smdb/nmdb daemons just did what was needed.) I will be fine if I just am able to submit a print job from the Windows/Vista to the Linux HP9110 printer. I will be fine if I just transfer any files, either direction, by accessing my host filesystem via Explorer in Windows. (This is how I did it, years ago, with Windows 98 in VMWare.) I am thinking that I do NOT need to add to /etc/fstab, or smbmount anything from the Linux side. Do you agree? Barry I'd begin by upgrading to something more recent than Fedora Core 4. I believe there are some issues that Vista introduced that required some changes in Samba (I may be wrong on this, but I suspect upgrading to something more recent is still a good idea). At the very least, see if there is a backport for a more recent version of Samba to FC4. It sounds like you are using FC4 as a file print server. All you need to do on it is share the resources (folders and printers) and set up the permissions and accounts (if required). You don't mention which version of Vista you are using, and I don't know if they crippled certain versions like they did with XP to prevent them from joining domains. However, if you can join Vista to a domain, install and use SWAT to set up Samba as a domain controller and use it to log in from Vista. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Designate one samba server for home directories
Luv Linux wrote: Hello all, I have a few samba servers running winbind that are joined to the AD 2003 domain. Is it possible to designate one samba server to host the users' home directories instead of each one of them? If we have samba1, samba2, and samba3 and designate samba1 to host the home directories and when a user accesses samba 2 either via ssh or as a share, the home directory that the user sees would actually be present on samba1. If this is possible, what changes do I need to make to smb.conf file? Have you tried specifying the server name in the directory name? From the SWAT documentation on homes: Example: //|logon home|/ = |\\remote_smb_server\%U | / -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Mapping usernames
I suspect that the problem is that Samba is looking up the Windows name and simply mapping to the first instance it finds. A work-around would be to use the force user setting on the share. Allow garcijo access then force the user to be mpcadmin. You may also want to consider your strategy for setting permissions. Why bother with Unix accounts when Windows accounts can do what you want? Open up the share to a larger Unix group but set the Windows permissions to just give access to the person you want. GARCIA CABALLERO Jordi wrote: Dear all I am trying to configure samba username map file in order to map the same user from a windows domain to 2 different unix users: Map to = map from bea = PRODUCTION\garcijo mpcadmin = PRODUCTION\garcijo but only works for the first map in the map file. When I try to use a share with permissions for mpcadmin unix user, I realize that smbd takes the first map (bea user) and then it makes the authentication with the user PRODUCTION\garcijo. Then it checks whether user bea has permissions to the that share which it is not and it eventually fails. I try to put exclamation mark at the beginning of the map but it does not work either. I did not find any way to fix it. Any ideas? Any workaround? Any help will be much appreciated. Regards, IT Infrastructure Operations Service // ITD - OHIM Services Provided by Jordi GARCIA - OPERATIONS Unix Admin FUJITSU SERVICES E-mail:jordi.gar...@oami.europa.eu Phone:Fixed #9777 - Mobile #5777 ** IMPORTANT: This message is intended exclusively for information purposes. It cannot be considered as an official OHIM communication concerning procedures laid down in the Community Trade Mark Regulations and Designs Regulations. It is therefore not legally binding on the OHIM for the purpose of those procedures. The information contained in this message and attachments is intended solely for the attention and use of the named addressee and may be confidential. If you are not the intended recipient, you are reminded that the information remains the property of the sender. You must not use, disclose, distribute, copy, print or rely on this e-mail. If you have received this message in error, please contact the sender immediately and irrevocably delete or destroy this message and any copies. ** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 Support
Daniel O'Connor wrote: On Tue, 29 Sep 2009, sambalist wrote: Hello Samba, I hope to know if the latest Samba release could provide file or print service to Windows 7 or Vista. Thanks! :) 3.3 works with Windows 7. (For files anyway, I didn't test printing) Of course, CUPS should work under Windows 7 even if Samba printing support didn't. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help needed: valid users
Chris Osicki wrote: On Wed, 16 Sep 2009 18:03:48 -0400 Gary Dale garyd...@rogers.com wrote: Chris Osicki wrote: Hi I'm using Samba 3.0.33 on Solaris10 and have the following problem. In the smb.conf I have workgroup = CORPROOT security = domain and users authenticated to CORPROOT domain can connect shares w/o problems, [homes] for example. Now I would like to create a share and restrict access to it just to a dozen of users or so. I tried valid users = +docs force user = usodocs where docs is a group in /etc/group and it didn't work. Looks like Samba is trying to look up the group docs on the domain controller in the CORPROOT domain. So, I tried this valid users = CORPROOT\user force user = usodocs it works. According to man page valid users = +docs should work. I must be missing something, but what? Is there any better/nicer way to achieve what I'm looking for? That is, to give a group of users full control over content of a share. I have several Linux Samba servers where I use POSIX ACLs to control read/write rights on the OS level and it works fine. I tried the same on the Solaris10 box with ZFS and its ACLs and it didn't work as expected (posted about it few weeks ago, no answers though) I would be very thankful for any help. BTW, anyone any idea how to attract attention to a post on this list? Virtual beer as attachment? ;-) My success rate is by now close to nothing. Thanks for your time. Regards, Chris Further to my earlier response, you need to ensure that the group has access to the share since Samba permissions cannot override Linux permissions. You may want to set the Linux permissions to 777 while testing. Leave off the force user and just try the valid users. Also, since you are using the + group prefix, this is strictly the Linux group that you are granting permission to. Thanks Gary for your reply. I followed your suggestions but it didn't work. Samba tries to resolve +group on the Domain Controller and not localy on Unix. If I put valid users = +CORPROOT\OG_ITS-SDL-SO-DXS-USO-BE where OG_ITS-SDL-SO-DXS-USO-BE is a group my NT account belongs to, it works. What could be causing Samba not checking +group localy on Unix? Thanks for your time. Regards, Chris I'm not sure that Samba checks the Linux groups but Linux does. In a Windows domain, all the accounts reside in the Domain. It may be checking the Linux accounts for shares on the DC, but wouldn't be able to on a member server. Perhaps one of the Linux gurus could answer your question. However, for operations in the domain, you're best to stick with domain entities, such as a domain group or domain user accounts. So long as Samba has sufficient privileges to access the local Linux share, it should be OK. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help needed: valid users
Chris Osicki wrote: Hi I'm using Samba 3.0.33 on Solaris10 and have the following problem. In the smb.conf I have workgroup = CORPROOT security = domain and users authenticated to CORPROOT domain can connect shares w/o problems, [homes] for example. Now I would like to create a share and restrict access to it just to a dozen of users or so. I tried valid users = +docs force user = usodocs where docs is a group in /etc/group and it didn't work. Looks like Samba is trying to look up the group docs on the domain controller in the CORPROOT domain. So, I tried this valid users = CORPROOT\user force user = usodocs it works. According to man page valid users = +docs should work. I must be missing something, but what? Is there any better/nicer way to achieve what I'm looking for? That is, to give a group of users full control over content of a share. I have several Linux Samba servers where I use POSIX ACLs to control read/write rights on the OS level and it works fine. I tried the same on the Solaris10 box with ZFS and its ACLs and it didn't work as expected (posted about it few weeks ago, no answers though) I would be very thankful for any help. BTW, anyone any idea how to attract attention to a post on this list? Virtual beer as attachment? ;-) My success rate is by now close to nothing. Thanks for your time. Regards, Chris Don't use force user unless you really want everyone to look like that user when accessing the share. Quick documentation on the various options is available via SWAT. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help needed: valid users
Chris Osicki wrote: Hi I'm using Samba 3.0.33 on Solaris10 and have the following problem. In the smb.conf I have workgroup = CORPROOT security = domain and users authenticated to CORPROOT domain can connect shares w/o problems, [homes] for example. Now I would like to create a share and restrict access to it just to a dozen of users or so. I tried valid users = +docs force user = usodocs where docs is a group in /etc/group and it didn't work. Looks like Samba is trying to look up the group docs on the domain controller in the CORPROOT domain. So, I tried this valid users = CORPROOT\user force user = usodocs it works. According to man page valid users = +docs should work. I must be missing something, but what? Is there any better/nicer way to achieve what I'm looking for? That is, to give a group of users full control over content of a share. I have several Linux Samba servers where I use POSIX ACLs to control read/write rights on the OS level and it works fine. I tried the same on the Solaris10 box with ZFS and its ACLs and it didn't work as expected (posted about it few weeks ago, no answers though) I would be very thankful for any help. BTW, anyone any idea how to attract attention to a post on this list? Virtual beer as attachment? ;-) My success rate is by now close to nothing. Thanks for your time. Regards, Chris Further to my earlier response, you need to ensure that the group has access to the share since Samba permissions cannot override Linux permissions. You may want to set the Linux permissions to 777 while testing. Leave off the force user and just try the valid users. Also, since you are using the + group prefix, this is strictly the Linux group that you are granting permission to. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Simple CIFS Linux permission
Willem P. Botha wrote: Have you tried connecting as your user account and letting the force user in smb.conf do its work? When your Windows clients connect, they are using their own ids and that is working. Why are you doing it differently for Linux? Now that is the weird thing, The windows clients are also connecting with the same details. There is now domain controller on this network. Everybody connect to a DHCP server that the Router manages, and thus I have a browse master war in my network, but that is another problem. So far I can figure, the windows clients don't have the same gid's as Linux, and thus don't have the same problem. I am just not sure how windows figures that it should use the login user to save files. You're using username fileserver to connect the share on Windows? After giving it some more thought, I still cannot figure out what you are trying to do. If you want to give everyone write access to the files, why not just set the permissions to a+rwx and forget about all this force user stuff? I suspect that turning off guest access and opening it up to anyone who can provide connection privileges will work better. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba and chroot
Eric Vielet wrote: Hi all, Is there a way with samba to chroot the user in order than he can't browse up ? I guess we can to that through Unix rights, but maybe samba can do that without changing the rights on the directories ? Regards, I'm not sure what you're asking. Network shares can't be browsed up above the share point. Are you asking about giving your users shell access to the server? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Simple CIFS Linux permission
willem.bo...@adticket.de wrote: Greetings all, I have a VERY basic fileserver in my network, that works well for my needs, and have run into a problem that I can't solve. I am sure that the more eperienced users here will be able to help me in less than 5 minutes, so please, if you have some time. My smb.conf [global] workgroup = msheimnetz server string = Samba Server Version %v netbios name = fileserver log file = /var/log/samba/%m.log max log size = 50 wins support = yes printcap name = CUPS printing = CUPS map to guest = nobody security = user passdb backend = tdbsam # Share Definitions [sharefiles] comment = Server Files path = /var/samba/public/sharefiles public = Yes readonly = No writeable = Yes follow symlinks = Yes wide links = Yes create mask = 0775 force user = fileserver force group = fileserver guest ok = Yes valid users = fileserver nt acl support = No My windows clients all connect to this share 100% and read/write to it :) My Linux clients seems to map the remote uid to the local uid. Now if your current local uid is the same as the remote uid, then you also can write perfectly to the fileserver, but if your local uid is not... Well then you have permission problem. I connect my Linux clients with a fstab entry: //192.168.1.127/sharefiles /mnt/fileserver cifs credentials=/home/.auth,rw,soft 0 0 The connection works fine on boot. How do I map this remote uid to the local uid? In the credentials section of the entry in /etc/fstab, put in username=whatever,domain=whatever. Otherwise, change your authentication system to use Samba for your Linux clients as well. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Simple CIFS Linux permission
Willem P. Botha wrote: Willem wrote: I connect my Linux clients with a fstab entry: //192.168.1.127/sharefiles /mnt/fileserver cifs credentials=/home/.auth,rw,soft 0 0 The connection works fine on boot. How do I map this remote uid to the local uid? Gary wrote: In the credentials section of the entry in /etc/fstab, put in username=whatever,domain=whatever. Otherwise, change your authentication system to use Samba for your Linux clients as well. Gary, I tried adding the username=fileserver,domain=msheimnetz but it has no effect. I am a bit confused, as the credentials=/home/.auth file already contains this info, and it connect 100% with no username password request. If I can explain it better: I can connect to the share, read the files, and even copy them, but can not save them. If I view the permissions the files are listed as belonging to admin(UID 501 on local machine) and it should say fileserver(UID 501 on remote machine). The current user in this case is user5(UID 507 on local machine) Thus no matter what I do I keep getting the problem that the users can't save the files, cause the UID mappiWillem P. Botha willem.bo...@adticket.deng is not made. Is there not a way to tell Samba that files belong to the remote UID rather than the local UID. And if I authenticate as the remote user, why is the local UID being used when writing? All I actually need is a common shared fileserver. No fancy rights, or anything, just a shared network drive that everyone can use to save documents, no permissions required really. Maybe I am going about this the wrong way. Thanks for the reply :) Your situation is very confusing. Your server name is, according to your smb.conf line: netbios name = fileserver and you are also forcing all users to connect as username group force user = fileserver force group = fileserver The force user tells Samba to connect as user fileserver no matter what id the user connects with. However, if your .auth file already is telling Samba that you are connecting as fileserver, this should have no affect. I note that you also have guest ok = yes in your smb.conf. It is possible that you are not connecting as user fileserver, possibly due to a .auth file error. You may be connecting as guest which may still have read access but probably not write. Try manually connecting without specifying a password in the .auth file. See if you get an error message. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Simple CIFS Linux permission
Willem P. Botha wrote: Your situation is very confusing. Your server name is, according to your smb.conf line: netbios name = fileserver and you are also forcing all users to connect as username group force user = fileserver force group = fileserver The force user tells Samba to connect as user fileserver no matter what id the user connects with. However, if your .auth file already is telling Samba that you are connecting as fileserver, this should have no affect. I note that you also have guest ok = yes in your smb.conf. It is possible that you are not connecting as user fileserver, possibly due to a .auth file error. You may be connecting as guest which may still have read access but probably not write. Try manually connecting without specifying a password in the .auth file. See if you get an error message. A test with no password in my .auth file proved NOT to work, so this means I can't connect to the server without the right username/password.. I did this force user and group to enable everybody in the company to read and write to the shared folder... I am just completely unhappy that the Windows works 100% and the Linux not... This is just wrong :( Be that as it may...If you don't feel like breaking your head on this, could you maybe help me with creating a samba conf that would require no authentication, and have read/write access for all... This was the original ideaJust a simple shared folder for all on the network. Sorry for messing up your head with my confusing configurations :D OK. So now try removing the credentials entirely. Also, set the log level in smb.conf to 10 and restart it. Then connect from the command line (as root) using -o username=fileserver,domain= See if you get an error message and also check the logs. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Simple CIFS Linux permission
Willem P. Botha wrote: OK. So now try removing the credentials entirely. Also, set the log level in smb.conf to 10 and restart it. Then connect from the command line (as root) using -o username=fileserver,domain= See if you get an error message and also check the logs. OK, first off, no matter what I do, I have to provide a password... or else I can't connect. Regardless if I add a domain or not. The security is set to user level, so this is what I think should happen...or am I wrong? Yes. I just don't enter passwords in a command. Let the program prompt you for it. Log level 10 is Crazy man... :-O If I give the password, then it connects fine. The log file said : connecting to service initially as fileserver(gid uid pid) if I unmount the service the log file also response with a connection closed.. So it is allowing me to connect no problem, but still the problem is that the files on the share, is mapped to my local user-list, so Samba is not actually giving me any error. When I try to copy a file on this share, the log file does nothing ! It seems my local machine is preventing this from happening, not samba. It seems to figure out that the uid and gid for the remote folder is set to something else than the current user, and thus preventing me from writing to this service. The remote machine provides me a folder with write access for uid=501 and gid=501 The local machine sees a folder with write access for uid=501,gid=501 My current user is uid=503, hence the permission denied. My problem is not the connection.. it's writing files. Still I am lost at how to map the remote uid to the local uid, or the authenticated user..?? Have you tried connecting as your user account and letting the force user in smb.conf do its work? When your Windows clients connect, they are using their own ids and that is working. Why are you doing it differently for Linux? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Desiring to set up Windows Vista and Linux Fedora Core 4 Samba; brand new subscriber
Barry L. Bond wrote: Greetings! I am a brand new subscriber to this mailing list. I will try to be kind and humble, and I would appreciate if anyone reading this could offer to help me set this up, I would appreciate it. I have 192.168 addresses, and I will openly share whatever information you may need to help me figure this out. Thank you very much! I look forward to possibly working with you. Barry I read your entire post and am still not sure of what you want. Can you define the roles that the various computers will be playing vis-a-vis Samba - such as: Vista: Samba client Fedora: Linux file server Solaris: does not participate However, what I generally recommend is that you install and use SWAT on your Samba server. The configuration wizard works quite well. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Password Sync not letting users to change password.
Avinash Rao wrote: Dear all, Ubuntu 8.04 Server Samba 3.0.28a configured as PDC. I want to give options to samba users to change their own passwords and sync it with the unix passwords whenever they change it. I have used the following in my smb.conf file unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\ n *password\supdated\ssuccessfully* . I get an option to change the password in winXP but, after entering the new password, the server returns You don't have permissions to change your password can anybody help me Avinash Go to a Linux command prompt and try to change a password. Compare the password change dialogue with the passwd chat line in your smb.conf file. On my Debian/Lenny server, the chat line is: passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *passwd:\spassword\supdated\ssuccessfully* The chat line you have should work, but you never know. Also, check in the user manager (both the Linux and Windows ones) to ensure that users are actually allowed to change their passwords. It may be that they have accidentally been denied that right. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] I am try to install samba on debian 2.6
Samantha Bandara wrote: i am new to samba i want install PDC on debian2.6 with xp prop. please help me Simply enter the following: aptitude update enter aptitude install samba swatenter Use your favourite browser to go to localhost:901, which is the local swat site, then use the wizard page to configure samba as a domain controller and WINS server. You can also use SWAT to handle other tasks such as setting up network shares and printers. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] I am try to install samba on debian 2.6
Gary Dale wrote: Samantha Bandara wrote: i am new to samba i want install PDC on debian2.6 with xp prop. please help me Simply enter the following: aptitude update enter aptitude install samba swatenter Use your favourite browser to go to localhost:901, which is the local swat site, then use the wizard page to configure samba as a domain controller and WINS server. You can also use SWAT to handle other tasks such as setting up network shares and printers. BTW: you have to this as root (enter su enter then give the root password) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to test roaming profiles
Marc Delisle wrote: Hi, I'm working on a server that was upgraded a few weeks ago (Linux Mandriva was reinstalled with a more up-to-date Samba version which is 3.3.2). Now, roaming profiles no longer work. I even wonder what would be the proper to way to test them. Workstations are running Windows XP. I followed the procedure for Win2000/XP located here: http://us6.samba.org/samba/docs/man/Samba-HOWTO-Collection/ProfileMgmt.html#id2660622 and the profile conversion for userx took place; however, looking on the workstation, it says that userx's profile is roaming but its status is local. Adding a file on the Desktop, and after logout, the file is not synched to the server. Thanks, Have you checked that the profile path is correct? It could be that the profile path doesn't exist on your server so the local profile can't be sync'ed. It may also be a permissions thing. Check your Samba logs. Don't forget to restart Samba after making a change to smb.conf. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to test roaming profiles
Marc Delisle wrote: Gary Dale a écrit : Marc Delisle wrote: Hi, I'm working on a server that was upgraded a few weeks ago (Linux Mandriva was reinstalled with a more up-to-date Samba version which is 3.3.2). Now, roaming profiles no longer work. I even wonder what would be the proper to way to test them. Workstations are running Windows XP. I followed the procedure for Win2000/XP located here: http://us6.samba.org/samba/docs/man/Samba-HOWTO-Collection/ProfileMgmt.html#id2660622 and the profile conversion for userx took place; however, looking on the workstation, it says that userx's profile is roaming but its status is local. Adding a file on the Desktop, and after logout, the file is not synched to the server. Thanks, Have you checked that the profile path is correct? It could be that the profile path doesn't exist on your server so the local profile can't be sync'ed. It may also be a permissions thing. Check your Samba logs. Don't forget to restart Samba after making a change to smb.conf. I'm using this in smb.conf: [Profiles] root preexec = PROFILE=/home/samba/profiles/%u ; if [ ! -e $PROFILE ]; then mkdir -pm755 $PROFILE ; chown %u.%g $PROFILE;fi valid users= @tous username = @tous path = /home/samba/profiles write list = @tous create mode = 0700 and /home/samba/profiles exists, owned by root:root and permissions 777. When I try to log in with a user for which I did not convert the profile, his directory under profiles is created and a file prf86.tmp is created, that's all. In /var/log/samba, there are files named username.log containing many lines I cannot interpret, for example: [2009/07/18 10:34:13, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/07/18 10:34:13, 3] smbd/process.c:smbd_process(1930) receive_message_or_smb failed: NT_STATUS_END_OF_FILE, exiting [2009/07/18 10:34:13, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/07/18 10:34:13, 3] smbd/connection.c:yield_connection(31) Yielding connection to [2009/07/18 10:34:13, 3] smbd/server.c:exit_server_common(960) Server exit (normal exit) Anything specific to look for in the logs? Set loglevel to 10 then try to log in and out. That may show a problem. The preexec probably isn't needed. I've never used one. All it appears to be doing is to create a directory that Samba creates anyway. My profiles are created with a+rwx permissions. My smb.conf for [profiles] simply contains: [profiles] path = /home/samba/profiles read only = No Also I have: [globals] logon path = \\%L\profiles\%U so that the profiles export allows for a path for each user. You may want to tear out all the extras from your profiles, change the permissions to something less secure then add things back in until it breaks again. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] roaming profiles
Wojciech Giel wrote: Gary Dale wrote: The netlogon share is, AFAIK, used if you want to provide scripts to be run at logon. It's not essential for roaming profiles but it's also probably not large so there is no point in not having one. Corporate types love being able to control end user's using netlogon scripts. Profiles are a copy of your Windows account profile that gets synched when you log on or off a Windows computer. The problem is, if you have lots of files in My Documents, it can get large and synching can take a long time. AFAIK there is no need for them both to be on the same machine but I've never tried doing it any other way. Not sure how to specify them on different machines. You can put your netlogon and profiles anywhere. But can I stay only with this entries in smb.conf [global] . logon script = scripts\logon.bat logon home = \\OXHILL\%U logon path = \\OXHILL\%U\.profiles logon drive = H: and get rid of [profile] share at all on pdc or member. I'm not sure what the point would be. Scripts are small files so even across a slow connection, they will download quickly. The profiles, on the other hand, can be large and synching them is slow. Moreover, having a copy on a server eliminates the need to back up workstations (although if users have a lot of files in their profiles, the synching can be slow - try to get them to keep files on server shares). With the profiles stored on a server, you just need to backup the server. The path you specify in your smb.conf above puts it in a hidden (.profile) directory in a user's Unix home folder. However, they may not have one. it is created automatically by scripts. But I only need to configure samba to work correctly in this layout. If your users all have Unix accounts, but this is not necessary for Samba to work. However, it's no big deal to put the profiles elsewhere. Your choice. I keep mine in /home/samba/netlogon and /home/samba/profiles/%U myself. You can still share that for each user but it keeps your /home directory smaller - only Unix accounts samba show up directly in /home. thanks Good luck! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] roaming profiles
Wojciech Giel wrote: Hi I trying to configure Samba PDC/BDC with LDAP master/slave backend and file server as a Member serwer. PDC/BDC with ldap is working. But now I 'm in the middle of configuring roaming profiles but I don't understand some issues. Samba PDC/BDC with ldap's is on ubuntu server whereas samba member server is on opensolaris with zfs based storage. users Home directories will be on Samba Member server(OXHILL), and inside these directories will be roaming profiles directory and redirected folders. I dont understand roaming profiles topic could some one explain it is in a simple way. As I understand on PDC in order to have roaming profiles I have to add [global] . logon script = scripts\logon.bat logon home = \\OXHILL\%U logon path = \\OXHILL\%U\.profiles logon drive = H: [homes] comment = Home Directories valid users = %S read only = no browsable = no [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon browseable = no read only = yes guest ok = yes locking = no [profile] comment = Profile Share path = /home/%U/.profiles read only = no profile acls = yes so home directory is on OXHILL and profile directory is inside that directory. But should netlogon share be on that machine too? What for is this profile share is it necessary if I have logon path? on Samba member (OXHILL) [homes] comment = Home Directories path = /home/%U read only = no browsable = no root preexec = /usr/bin/homecreate '%U' should I add profile and net logon share? Please somebody help me to understand relation ship between logon path and netlogon profiles, and how to do it correctly. thanks for any help The netlogon share is, AFAIK, used if you want to provide scripts to be run at logon. It's not essential for roaming profiles but it's also probably not large so there is no point in not having one. Corporate types love being able to control end user's using netlogon scripts. Profiles are a copy of your Windows account profile that gets synched when you log on or off a Windows computer. The problem is, if you have lots of files in My Documents, it can get large and synching can take a long time. AFAIK there is no need for them both to be on the same machine but I've never tried doing it any other way. Not sure how to specify them on different machines. You can put your netlogon and profiles anywhere. The path you specify in your smb.conf above puts it in a hidden (.profile) directory in a user's Unix home folder. However, they may not have one. I keep mine in /home/samba/netlogon and /home/samba/profiles/%U myself. You can still share that for each user but it keeps your /home directory smaller - only Unix accounts samba show up directly in /home. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Basic Samba Server Global Options
Wayne Hammond wrote: I have a few OpenSuse Samba Servers. They are all stand alone File Servers. All the Clients are Windows XP. The Server and Clients are set up as a Workgroup. Usually no more than 15 Clients. The Samba Server is setup as the Master Browser, but as I read more about suggested options it becomes a little confusing. OS Level, ACL, etc... One shop loses connection to Samba Server frequently throughout the day. Before I debug that... I like some suggestions for the recommended Global Options in this kind of basic file server environment. Thank you There is a good chance that your distribution already sets up reasonable defaults. However, you may want to set up SWAT to administer Samba. Among its strengths is a good help system that goes into a reasonable amount of detail about the various options. As for losing connections, you may want to set the log level to 10 then see what gets reported (restart Samba after changing the log level). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] question add user script
murrah boswell wrote: Hello all, I have never had the need to use the add user script functionality but now I do. However, it does not seem to be working. My smb.conf entry is like so: add user script = /remote/configure_scripts/addusers.sh where addusers.sh is a bash script that reads in a text file of usernames, groups, and passwords and adds the users to /etc/passwd, /etc/group/ and /etc/samba/smbpasswd. The addusers.sh works fine from the command line but samba doesn't appear to call it. I see that checks for add user script and add machine script are in the source code, so did I miss an option when I compiled samba or what else is it that I am missing to get the script to trigger? Also while I am on the subject of the add user script, would it be possible to pass the username and password from samba to a shell script? In other words, could I have something like add user script = /remote/configure_scripts/addusers.sh %u %p where %p is whatever samba holds the password variable in? But first things first, how can I get the add user script functionality to work? Thanks, Murrah Boswell The add user script I use is /usr/sbin/useradd -g users %u. The script should only add one user at a time as far as I know. Here is what the SWAT documentation has to say about it: add user script (G) This is the full pathname to a script that will be run /AS ROOT/ by smbd(8) http://whenim64:901/swat/help/manpages/smbd.8.html under special circumstances described below. Normally, a Samba server requires that UNIX users are created for all users accessing files on this server. For sites that use Windows NT account databases as their primary user database creating these users and keeping the user list in sync with the Windows NT PDC is an onerous task. This option allows smbd to create the required UNIX users /ON DEMAND/ when a user accesses the Samba server. In order to use this option, smbd(8) http://whenim64:901/swat/help/manpages/smbd.8.html must /NOT/ be set to security = share http://whenim64:901/swat/help/manpages/smb.conf.5.html#SECURITY and add user script http://whenim64:901/swat/help/manpages/smb.conf.5.html#ADDUSERSCRIPT must be set to a full pathname for a script that will create a UNIX user given one argument of /|%u|/, which expands into the UNIX user name to create. When the Windows user attempts to access the Samba server, at login (session setup in the SMB protocol) time, smbd(8) http://whenim64:901/swat/help/manpages/smbd.8.html contacts the password server http://whenim64:901/swat/help/manpages/smb.conf.5.html#PASSWORDSERVER and attempts to authenticate the given user with the given password. If the authentication succeeds then |smbd| attempts to find a UNIX user in the UNIX password database to map the Windows user into. If this lookup fails, and add user script http://whenim64:901/swat/help/manpages/smb.conf.5.html#ADDUSERSCRIPT is set then |smbd| will call the specified script /AS ROOT/, expanding any /|%u|/ argument to be the user name to create. If this script successfully creates the user then |smbd| will continue on as though the UNIX user already existed. In this way, UNIX users are dynamically created to match existing Windows NT accounts. See also security http://whenim64:901/swat/help/manpages/smb.conf.5.html#SECURITY, password server http://whenim64:901/swat/help/manpages/smb.conf.5.html#PASSWORDSERVER, delete user script http://whenim64:901/swat/help/manpages/smb.conf.5.html#DELETEUSERSCRIPT. Default: //|add user script|/ = || / Example: //|add user script|/ = |/usr/local/samba/bin/add_user %u|/ Note that the script is not intended to add multiple users nor set their passwords. It is supposed to add a single Unix user only. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba machine's account migration
Maxime V wrote: Hello, I moved my samba to another server, but my windows computer can't login. I tested this: put win computer out of domain, and re-add it. But i loose my personal application changes. How can i allow windows computers to login to my samba domain ? Should i create machines' account with the same linux ID ? Really thanks for help, Regards. Mél. I don't know if this helps or not but what I do is log into the Windows machine with a local administrator account then use the Windows Network Id dialogue to add the machine to the domain. Right-click on My Computer, select properties then on the Computer Name tab click on Network Id. Note that you need a working add machine script in your smb.conf. Debian uses /usr/sbin/useradd -g machines -c Machine -d /dev/null -s /bin/false %u. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] question add user script
murrah boswell wrote: The add user script I use is /usr/sbin/useradd -g users %u. The script should only add one user at a time as far as I know. Here is what the SWAT documentation has to say about it: add user script (G) This is the full pathname to a script that will be run /AS ROOT/ by smbd(8) http://whenim64:901/swat/help/manpages/smbd.8.html under special circumstances described below. Normally, a Samba server requires that UNIX users are created for all users accessing files on this server. For sites that use Windows NT account databases as their primary user database creating these users and keeping the user list in sync with the Windows NT PDC is an onerous task. This option allows smbd to create the required UNIX users /ON DEMAND/ when a user accesses the Samba server. I guess I completely misunderstood the functionality of the add user script option. Teach me to RTFM. When the Windows user attempts to access the Samba server, at login (session setup in the SMB protocol) time, smbd(8) http://whenim64:901/swat/help/manpages/smbd.8.html contacts the password server http://whenim64:901/swat/help/manpages/smb.conf.5.html#PASSWORDSERVER and attempts to authenticate the given user with the given password. If the authentication succeeds then |smbd| attempts to find a UNIX user in the UNIX password database to map the Windows user into. If I see here, and in the smb.conf man pages now, that I need to setup a password server for this to work. But I believe there are other issues I need to resolve for my project. My objective is to have a LTSP (Linux Terminal Server Project utilizing https://fedorahosted.org/k12linux/wiki/LiveServer) server/client environment in a school system where students can boot off of a USB stick or CD from any workstation or laptop and access group specific samba shares in the environment. Ideally they would be able to access the shares from the on-site school environment and from home (or off-site). I still have tons of homework to do on this project, but I do thank you for pointing me to clarification on the add user script option. One of my thoughts here is to allow a user on an unknown machine to request that their machine be allowed to create a trusted machine account after their username/password has been authenticated and they respond to an email sent to their email address on record. Does this make sense or am I adding too much complexity to the project? The way Windows operates is that machine accounts need a user with Domain Administration privileges to add the machine. This could be done by the user requesting access somehow and then using the e-mail reply to trigger a script running on a Domain Controller to add the machine account. However, the user can't log in with their domain account until the machine they are on is added to the domain. This makes your idea difficult to implement. Possibly setting up a web interface on a Domain Controller, letting the user authenticate to it (against the samba passwords) and having that send the e-mails for them to reply to. It sound like it may be doable but it will be complicated. Regards, Murrah Boswell this lookup fails, and add user script http://whenim64:901/swat/help/manpages/smb.conf.5.html#ADDUSERSCRIPT is set then |smbd| will call the specified script /AS ROOT/, expanding any /|%u|/ argument to be the user name to create. If this script successfully creates the user then |smbd| will continue on as though the UNIX user already existed. In this way, UNIX users are dynamically created to match existing Windows NT accounts. See also security http://whenim64:901/swat/help/manpages/smb.conf.5.html#SECURITY, password server http://whenim64:901/swat/help/manpages/smb.conf.5.html#PASSWORDSERVER, delete user script http://whenim64:901/swat/help/manpages/smb.conf.5.html#DELETEUSERSCRIPT. Default: //|add user script|/ = || / Example: //|add user script|/ = |/usr/local/samba/bin/add_user %u|/ Note that the script is not intended to add multiple users nor set their passwords. It is supposed to add a single Unix user only. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Low cost additional storage on a Samba server
Easiest way is to implement software RAID on your current server. - add 2 (or more) new drives partitioned identically to your current drive (unless you want to replace your existing drive) - partition type is fd (RAID) - create RAID 5 arrays using the new drives partitions (except for /boot which should be on a RAID 1 array) - common setup is (but use whatever partition setup you currently have): - /boot -- RAID 1 - / -- 20G RAID 5 - /home -- rest of space - tell mdadm that 1 drive is missing from each array - copy the files from each partition on your current drive to the RAID partitions on the new array - update grub to use the new RAID arrays - reboot into new array - if it works, add your original drive (or its replacement) into the RAID array(s) Needless to say, back up everything before starting. Creating a RAID array is safe but mistakes happen and hardware fails. Benefit of RAID over NAS is - don't need to change client setups - can be expanded by adding new drives into array - speed on reads - protection against hard drive failure Google Linux RAID setup for detailed howtos. Jean-Francois Leblond wrote: Hi, At my client, I installed Samba v3 on a Linux box (Centos 4) with a NT style domain to act as a file server (about 50 Windows clients). It's been running fine for a few years now. It's about to run out of disk space. I was looking for a low cost solution and came across the low-cost NAS that are available now for the soho market. The problem is that some support only smb file access for Linux clients which for my case would be out of the question. Some support NFS mounts from Linux host. I wanted to have some of your comments on presenting a NFS mounted filesystem on my Samba server to Windows clients. Do you think, I would be looking for trouble ? I'm in a french speaking region so we're using accent. My experience with NFS is a little bit old and I want to make sure I wouldn't loose the french accent or spaces in filenames along the way. Of course a direct-attached storage would be a sure thing but I was looking for a lower cost solution. Thanks in advance JF Leblond _ Réinventez comment vous restez en contact avec le nouveau Windows Live Messenger. http://go.microsoft.com/?linkid=9650737-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] error 1310 when installing to a Samba share
Michael Heydon wrote: Gary Dale wrote: I'm trying to install some income tax software to a Samba (Debian 3.2.5 i386) share and I'm getting the above error. Does it work correctly installing over the network to a windows host? *Michael Heydon - IT Administrator * micha...@jaswin.com.au mailto:micha...@jaswin.com.au I don't have a Windows server to try it on. However, the package is popular (mass market home income tax) and I doubt that I'm the only person trying to install it to a network share. The problem is actually with an update that it downloads from the web. It's needed for electronic filing. The update is a month old so if there was a general problem, it would hopefully be fixed by now. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] error 1310 when installing to a Samba share
I'm trying to install some income tax software to a Samba (Debian 3.2.5 i386) share and I'm getting the above error. I've tried resolving it through the Windows knowledge base, which suggested it was the Windows Installer running as a local system account but even granting guest access to the directory and granting everyone rwx rights didn't help. They also suggested un-registering then re-registering the installer. Again no luck. I notice that the installer does create a zero-length with the correct ownership (installer:users) and full rwx rights to everyone, but it still complains. Confusingly, this is only one of multiple files that it installs. There are a reasonable number of other files that it puts in place correctly. This is happening when I run the installer from both XP/Pro machines I've tried it on. I can't find anything in the logs with syslog = 10. log.nmbd has no entries since Feb. 22, log.smbd just shows normal connections. log.computername again shows nothing that looks unusual. Any ideas? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] What is the purpose of add user script?
MargoAndTodd wrote: Hi All, I am confused. In one of the examples of a PDC, the following smb.conf parameter is given: add user script = /usr/sbin/useradd -m -G users '%u' If you have passdb backend = tdbsam and the way to add users to tdbsam is pdbedit -a -u username, what is the purpose of the add user script? I am thinking it is to add the user to /etc/passwd, but why? I add my users from the command line. I invoke useradd then pdbedit. What is the purpose of the add user script? Many thanks, -T Add users allows you to add Windows users from Windows. Otherwise, you wouldn't have Unix accounts to link them to. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Are tdbsam and smbpasswd linked?
MargoAndTodd wrote: Hi All, I just added three users to my tdbsam with pdbedit -a -u username (had to do useradd first). All three appeared in tdbsam as they should, as verified with pdbedit -L. But, all three also appeared in /etc/samba/smbpasswd. This is not a mistake, they were not there before. Are tdbsam and smbpasswd linked? I am confused. Many thanks, -T No. tdbsam is the authoritative source for Samba. I imagine that smbpasswd is kept up to date in case you revert to using it. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Cannot login from windows
Assuming you are using a version of Windows (XP/pro, not home) that allows domain logins (accounts passwords kept on server) then I suggest you install and use SWAT. Use the wizard to create a domain controller. Also, add and activate each user on the Password screen. Next you need to log into each Windows box using a privileged local account (e.g. administrator) and join the machine to the domain. Right-click on My Computer and select properties, then click on the Computer Name tab. Click on the Change button and follow the prompts. Brandon Dwiel wrote: I've been reading all over and I think I've tried everything except the right way, but I cannot seem to login to my samba server from windows. I am using Samba 3.0.33 on Linux as the server, and have Linux, windows XP, and Windows Vista clients. I am only on a home network so I don't have a need for fancy stuff, I am just setting up a means for filesharing besides ssh. I can see all of the shares from my windows clients, and shares that are guest readable I am able to read, but I cannot login to read shares that are not readable by guest or to write. I have added user 'brandon003' with smbpasswd, I try logging in with that username and the correct password but I get a message in Windows saying that I do not have permissions. My smb.conf file is a bit messy since I have been trying many different variations, but here it is: [global] workgroup = 713HOUSE netbios name = bdon-samba encrypt passwords = yes printcap name = cups load printers = yes printing = cups printcap = cups log file = /var/log/samba/log.%m max log size = 150 log level = 3 hosts allow = 192.168.0. guest account = guest713 map to guest = Bad User security = user socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 # Vista Compatibility client lanman auth = no client ntlmv2 auth = yes auth methods = guest wins support = yes #domain master = no [printers] comment = All Printers path = /var/spool/samba browseable = yes guest ok = yes #writable = yes read only = yes printable = yes printer admin = root,brandon003 write list = root,brandon003 public = yes [homes] read only = no browseable = no [music] path = /media/music browseable = yes public = yes write list = sftp003,brandon003 guest ok = yes [videos] path = /media/videos browseable = yes public = yes write list = sftp003,brandon003 guest ok = yes [documents] path = /media/documents browseable = yes public = yes write list = sftp003,brandon003 guest ok = no [software] path = /media/software browseable = yes public = yes write list = sftp003,brandon003 guest ok = yes *** Here is the last bit of a log file of me getting rejected: [2009/02/24 17:02:49, 3] smbd/password.c:register_vuid(304) User name: guest713 Real name: [2009/02/24 17:02:49, 3] smbd/password.c:register_vuid(325) UNIX uid 1001 is UNIX user guest713, and will be vuid 105 [2009/02/24 17:02:49, 3] smbd/process.c:process_smb(1069) Transaction 23 of length 90 [2009/02/24 17:02:49, 3] smbd/process.c:switch_message(927) switch message SMBtconX (pid 4095) conn 0x0 [2009/02/24 17:02:49, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/02/24 17:02:49, 3] lib/access.c:check_access(312) check_access: no hostnames in host allow/deny list. [2009/02/24 17:02:49, 2] lib/access.c:check_access(323) Allowed connection from (192.168.0.103) [2009/02/24 17:02:49, 3] smbd/service.c:make_connection_snum(806) Connect path is '/tmp' for service [IPC$] [2009/02/24 17:02:49, 3] lib/util_seaccess.c:se_access_check(250) [2009/02/24 17:02:49, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-2296279053-2380669162-4031805749-501 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-32-546 [2009/02/24 17:02:49, 3] smbd/vfs.c:vfs_init_default(95) Initialising default vfs hooks [2009/02/24 17:02:49, 3] smbd/vfs.c:vfs_init_custom(128) Initialising custom vfs hooks from [/[Default VFS]/] [2009/02/24 17:02:49, 3] lib/util_seaccess.c:se_access_check(250) [2009/02/24 17:02:49, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-2296279053-2380669162-4031805749-501 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-32-546 [2009/02/24 17:02:49, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (1001, 1004) - sec_ctx_stack_ndx = 0 [2009/02/24 17:02:49, 3] smbd/service.c:make_connection_snum(1033) brandon-htpc (192.168.0.103) connect to service IPC$ initially as user guest713 (uid=1001, gid=1004) (pid 4095) [2009/02/24 17:02:49, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/02/24 17:02:49, 3] smbd/reply.c:reply_tcon_and_X(574) tconX service=IPC$ [2009/02/24 17:02:49, 3] smbd/process.c:process_smb(1069) Transaction 24 of length 118 [2009/02/24 17:02:49, 3]
Re: [Samba] Can't add machines to domain after Debian-Update
Can't say for certain its related but - I notice that Debian/Lenny also has trouble with shares that end in $. Windows uses this convention to hide shares network browsing. Since Samba also uses a trailing $ for computer accounts, perhaps there is a common cause underlying both issues. Bernd Schröder wrote: Guten Tag Samba-List, after updating my Linux-Server from Debian Etch to Lenny, some of my workstations (W2kSP4) couln't log into the domain. I removed the machines from the domain, changed the name, created a new machine-account, but I still can't add the machine to the domain. My /etc/smb.conf (see below the logfile) is unchanged since Debian Etch. Perhaps someone find's my fault in the following logfile (it's only the log from the machine-to-domain-adding). [2009/02/21 11:50:00, 3] smbd/process.c:process_smb(1549) Transaction 0 of length 137 (0 toread) [2009/02/21 11:50:00, 3] smbd/process.c:switch_message(1361) switch message SMBnegprot (pid 25528) conn 0x0 [2009/02/21 11:50:00, 3] smbd/negprot.c:reply_negprot(568) Requested protocol [PC NETWORK PROGRAM 1.0] [2009/02/21 11:50:00, 3] smbd/negprot.c:reply_negprot(568) Requested protocol [LANMAN1.0] [2009/02/21 11:50:00, 3] smbd/negprot.c:reply_negprot(568) Requested protocol [Windows for Workgroups 3.1a] [2009/02/21 11:50:00, 3] smbd/negprot.c:reply_negprot(568) Requested protocol [LM1.2X002] [2009/02/21 11:50:00, 3] smbd/negprot.c:reply_negprot(568) Requested protocol [LANMAN2.1] [2009/02/21 11:50:00, 3] smbd/negprot.c:reply_negprot(568) Requested protocol [NT LM 0.12] [2009/02/21 11:50:00, 3] smbd/negprot.c:reply_nt1(392) using SPNEGO [2009/02/21 11:50:00, 3] smbd/negprot.c:reply_negprot(673) Selected protocol NT LM 0.12 [2009/02/21 11:50:00, 3] smbd/process.c:process_smb(1549) Transaction 1 of length 210 (0 toread) [2009/02/21 11:50:00, 3] smbd/process.c:switch_message(1361) switch message SMBsesssetupX (pid 25528) conn 0x0 [2009/02/21 11:50:00, 2] smbd/sesssetup.c:setup_new_vc_session(1363) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2009/02/21 11:50:00, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1173) Doing spnego session setup [2009/02/21 11:50:00, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1208) NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] [2009/02/21 11:50:00, 3] smbd/sesssetup.c:reply_spnego_negotiate(800) reply_spnego_negotiate: Got secblob of size 40 [2009/02/21 11:50:00, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0xe2088297 [2009/02/21 11:50:00, 3] smbd/process.c:process_smb(1549) Transaction 2 of length 338 (0 toread) [2009/02/21 11:50:00, 3] smbd/process.c:switch_message(1361) switch message SMBsesssetupX (pid 25528) conn 0x0 [2009/02/21 11:50:00, 2] smbd/sesssetup.c:setup_new_vc_session(1363) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2009/02/21 11:50:00, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1173) Doing spnego session setup [2009/02/21 11:50:00, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1208) NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] [2009/02/21 11:50:00, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(745) Got user=[domadmin] domain=[wuerggrub] workstation=[TESTPC] len1=24 len2=24 [2009/02/21 11:50:00, 3] auth/auth.c:check_ntlm_password(220) check_ntlm_password: Checking password for unmapped user [wuerggrub]\[domadm...@[testpc] with the new password interface [2009/02/21 11:50:00, 3] auth/auth.c:check_ntlm_password(223) check_ntlm_password: mapped user is: [wuerggrub]\[domadm...@[testpc] [2009/02/21 11:50:01, 3] auth/auth.c:check_ntlm_password(269) check_ntlm_password: sam authentication for user [domadmin] succeeded [2009/02/21 11:50:01, 2] auth/auth.c:check_ntlm_password(308) check_ntlm_password: authentication for user [domadmin] - [domadmin] - [domadmin] succeeded [2009/02/21 11:50:01, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-21-3831126834-3789920992-3113685232-3006] [2009/02/21 11:50:01, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-21-3831126834-3789920992-3113685232-512] [2009/02/21 11:50:01, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-2] [2009/02/21 11:50:01, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-11] [2009/02/21 11:50:01, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-32-545] [2009/02/21 11:50:01, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-22-2-1003] [2009/02/21 11:50:01, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-22-2-1001] [2009/02/21 11:50:01,
Re: [Samba] What steps to take
Tom Van Deun wrote: Hi list I'm attempting to list windows shared printers in Unix. That's really all that I need and I can't install Samba on the machine I need to list the shared printers from. I started analyzing the smbclient code hoping to extract the necessary info but as you all know it's a daunting task. Certainly for a C novice. Which is why I want to ask if there is anyone out there who can help me. Be it suppling me the entire or partial code, provide some detailed steps I should follow so I can figure it out myself or just clues. Anything really, I'll filter it. Extra info: I relaly just need to list the printers shared on Windows 2000 systems (as far as I know). I don't need authentication or anything. It should work more or less like smbclient -L remote system but it doesn't have to list the shared drives. No problem if it does though. (and no, I can't simply use smbclient =/) Kind regards, Tom Why not use smbclient if all you want is the list? Pipe the output through your favourite tool tool to remove the extra lines you don't want... However, there are other tools around that also give you a list of Windows (and other) printers. Have you looked at them? I don't think there is an easy way to get through the morass of SMB code for this. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] What steps to take
There are the GUI tools like the KDE printer and the print manager that acquire the list of printers somehow. And there's the Konqueror Services Print System Browser section that gets a list of printers. Gnome has similar capabilities, so whatever desktop you are using should have some code you can look at and see how it operates live. Tom Van Deun wrote: I can't use smbclient because that means I need to do an install. That'll have to be approved etc etc and it won't get approved. If I write or use a small piece of code that's ok. I've looked around for other tools but to be honest I can't find any. If you know of some do let me know. Kind regards, Tom Van Deun On Wed, Jan 7, 2009 at 12:27 PM, Gary Dale garyd...@rogers.com mailto:garyd...@rogers.com wrote: Tom Van Deun wrote: Hi list I'm attempting to list windows shared printers in Unix. That's really all that I need and I can't install Samba on the machine I need to list the shared printers from. I started analyzing the smbclient code hoping to extract the necessary info but as you all know it's a daunting task. Certainly for a C novice. Which is why I want to ask if there is anyone out there who can help me. Be it suppling me the entire or partial code, provide some detailed steps I should follow so I can figure it out myself or just clues. Anything really, I'll filter it. Extra info: I relaly just need to list the printers shared on Windows 2000 systems (as far as I know). I don't need authentication or anything. It should work more or less like smbclient -L remote system but it doesn't have to list the shared drives. No problem if it does though. (and no, I can't simply use smbclient =/) Kind regards, Tom Why not use smbclient if all you want is the list? Pipe the output through your favourite tool tool to remove the extra lines you don't want... However, there are other tools around that also give you a list of Windows (and other) printers. Have you looked at them? I don't think there is an easy way to get through the morass of SMB code for this. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] What steps to take
OK, have you looked at lpr-ng? Since CUPS, I don't really look at Samba for sharing anymore but CUPS does work with Samba so you may find something in the CUPS code base re. printer discovery. Tom Van Deun wrote: There is no desktop involved. It's for use on an AIX system. So that won't help I'm afraid. It needs to be CLI On Wed, Jan 7, 2009 at 12:52 PM, Gary Dale garyd...@rogers.com mailto:garyd...@rogers.com wrote: There are the GUI tools like the KDE printer and the print manager that acquire the list of printers somehow. And there's the Konqueror Services Print System Browser section that gets a list of printers. Gnome has similar capabilities, so whatever desktop you are using should have some code you can look at and see how it operates live. Tom Van Deun wrote: I can't use smbclient because that means I need to do an install. That'll have to be approved etc etc and it won't get approved. If I write or use a small piece of code that's ok. I've looked around for other tools but to be honest I can't find any. If you know of some do let me know. Kind regards, Tom Van Deun On Wed, Jan 7, 2009 at 12:27 PM, Gary Dale garyd...@rogers.com mailto:garyd...@rogers.com mailto:garyd...@rogers.com mailto:garyd...@rogers.com wrote: Tom Van Deun wrote: Hi list I'm attempting to list windows shared printers in Unix. That's really all that I need and I can't install Samba on the machine I need to list the shared printers from. I started analyzing the smbclient code hoping to extract the necessary info but as you all know it's a daunting task. Certainly for a C novice. Which is why I want to ask if there is anyone out there who can help me. Be it suppling me the entire or partial code, provide some detailed steps I should follow so I can figure it out myself or just clues. Anything really, I'll filter it. Extra info: I relaly just need to list the printers shared on Windows 2000 systems (as far as I know). I don't need authentication or anything. It should work more or less like smbclient -L remote system but it doesn't have to list the shared drives. No problem if it does though. (and no, I can't simply use smbclient =/) Kind regards, Tom Why not use smbclient if all you want is the list? Pipe the output through your favourite tool tool to remove the extra lines you don't want... However, there are other tools around that also give you a list of Windows (and other) printers. Have you looked at them? I don't think there is an easy way to get through the morass of SMB code for this. --To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain logins not working
Further to the problem, I am still getting the same login error message on the XP/Pro workstation about being unable to contact the server, possibly because the server is down or a bad machine account. The server's syslog shows: Jan 6 06:27:54 whenim64 smbd[1764]: _net_auth2: creds_server_check failed. Rejecting auth request from client SHAFEENA machine account SHAFEENA$ Jan 6 06:27:54 whenim64 smbd[1764]: [2009/01/06 06:27:54, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(478) Jan 6 06:27:54 whenim64 smbd[1764]: _net_auth2: creds_server_check failed. Rejecting auth request from client SHAFEENA machine account SHAFEENA$ The other logs show these same error messages or don't show anything relating to this login attempt. pdbedit -L on the server shows: WARNING: The printer admin option is deprecated transponder$:1007: aleysha$:1004: hyperzip$:1006: root:0:root shafeena$:1005: shafeena:1002:Shafeena Rahim,,, aleysha:1003:Aleysha Rahim,,, garydale:1000:Gary Dale,,, -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain logins not working
Gary Dale wrote: Adam Tauno Williams wrote: ile sharing is working well after I remapped the drives on a running XP/Pro workstation. However, I can't get logins to work. I've set up machine accounts for each XP/Pro workstation and used SWAT to create the new Samba accounts and enable them (with the same password as before) but XP/Pro refuses to allow the logins. I also tried mapping a share on the old server to a directory on the new and I get the same problem - it's having problems finding a DC. Here's my smb.conf (minus most of the shares), if that helps (ps, I will set the log level higher as part of my debugging so don't suggest I do that. However, any suggestions on what may be going wrong are welcome. :) ): Do you have a box handling WINS? Also make sure the SID of your net domain controller is the same as the SID of your old domain controller (net getlocalsid/setlocalsid, I think)? Thanks. I've been through all that. I've been using the SWAT wizard to tell the new box to be a WINS server after telling the old box to stop being a WINS server. Also, copied the SID between the two machine manually after simply setting the new machine up as a (non-master) domain controller in the old domain failed to work - I had tried the net rpc vampire route without luck. I'm not quite sure what's going on but it now seems to have something to do with the machine accounts. I've stripped out samba (not easy - Debian seems to keep most of it around for some reason - even after deleting the .tdb files they can come back intact) and reinstalled it so that pdbedit -L shows nothing. However, I can't seem to add machine accounts with either smbpasswd or pdbedit. I get the messages: tdb_update_sam: struct samu (hyperzip$) with no RID! Unable to add machine! (does it already exist?) Interestingly, I can't add machines on either my old or new server anymore - although I had that ability a couple of days ago - at least on the new one. However, earlier today I did bring my old server back up as a PDC and could log in from XP. This was as part of the net rpc vampire bit. Testing on my old server shows that pdbedit -L should be showing the machine accounts. I can do an smbclient -L whenim64 -U% and also an authenticated one (without the -U%) from my Linux workstation (which doesn't use the server for account management) but can't map any shares from one of my XP workstations (I have a couple shares on it to make work transfer easier - it has more free disk space than my server). Also, I can't log in to any XP/Pro workstation using a domain account. This latter problem may (now) be because of the lack of machine accounts. This is quite frustrating. I've never had this much trouble setting samba up before. Anyway, my current status is that my new server isn't allowing network logins or the creation of machine accounts. The old server has samba shut down but I keep it turned on so I can compare things on it. OK, I figured out the problem with the machine accounts. For some reason Samba wants the machines to have Unix accounts too! I don't recall this behaviour previously, and I note my old server didn't have them - although that could be because I vampired the account information from an even older server. However, even with the machine accounts added I still cannot log in. My old server is shut down, my new one has the same sid as the old one with root added and the user accounts recreated since I couldn't vampire them. I used the initGrps.sh script from the Samba by example (with the extra groups removed) to create the basic windows user groups. I have root mapped to administrator. I've got the machine accounts set up. All this was done yet again from scratch. Still no logins. Here's the output from my Linux workstation smbclient -L whenim64 command. I can also run it anonymously with greatly truncated results, so it is doing something. It's just not allowing Windows logins. I've followed the complete Samba by example chapter 2 howto but something isn't working. Domain=[RAHIM-DALE] OS=[Unix] Server=[Samba 3.0.24] Sharename Type Comment - --- print$ Disk Printer Drivers archivesDisk profilesDisk netlogonDisk backup Disk communications Disk dosstuffDisk games Disk graphicsDisk hardwareDisk install Disk office Disk tools Disk utility Disk media$ Disk webpages$ Disk aleysha Disk shafeenaDisk garydaleDisk ML-1210 Printer Samsung ML-1210 laser printer 2400W Printer Konica-Minolta Magicolor 2400W IPC$IPC IPC Service (whenim64 server) Domain=[RAHIM-DALE] OS=[Unix] Server=[Samba 3.0.24
Re: [Samba] Domain logins not working
Jeremy Allison wrote: On Mon, Jan 05, 2009 at 11:32:18PM -0500, Gary Dale wrote: Samba wants the machines to have Unix accounts too! I don't recall this behaviour previously, and I note my old server didn't have them - Samba has *always* behaved this way. Jeremy. Why? I can understand user accounts for the various mappings, but what is the purpose of having Unix machine accounts? Since my old server didn't have them (not listed in the /etc/passwd file), it doesn't appear that they are necessary for Samba to operate. Anyway, any ideas on why I just can't get this to work this time? I started back at square one and followed Samba by example, chapter 2, except for the SID, domain name and some shares being defined, but it just isn't working for me. As for the Howto collection, it's become almost incomprehensible. :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain logins not working
Jeremy Allison wrote: On Mon, Jan 05, 2009 at 11:56:07PM -0500, Gary Dale wrote: Jeremy Allison wrote: On Mon, Jan 05, 2009 at 11:32:18PM -0500, Gary Dale wrote: Samba wants the machines to have Unix accounts too! I don't recall this behaviour previously, and I note my old server didn't have them - Samba has *always* behaved this way. Jeremy. Why? I can understand user accounts for the various mappings, but what is the purpose of having Unix machine accounts? Since my old server didn't have them (not listed in the /etc/passwd file), it doesn't appear that they are necessary for Samba to operate. They are needed for machine accounts, a machine account is a principal just like a user account. Jeremy. But a machine account only has significance within the context of a Windows Domain, unlike a user account which exists in both Windows and Unix environments. Moreover, a user account has a Unix password associated with it while a machine account doesn't. And again, the Unix machine account doesn't appear to be used once the Windows machine account is set up. It seems like it's just there to validate that the machine account really should be set up. And the error message returned if the Unix account is missing is not very helpful. Anyway, I'm just trying to get my home network running on a new Samba server - something I've done many times over the years but this time it isn't working. The SWAT wizards usually make it easy - set up the server as a domain controller, add some users, machine accounts and shares and things work. This time it's not and I'm still wondering why. The syslog entries don't seem to be telling me very much. For example, I have an XP/Pro workstation that is connected to shares on the server (logged in as garydale when I had my old DC running) that is filling syslog with the following: Jan 6 00:27:08 whenim64 smbd[31400]: _net_auth2: creds_server_check failed. Rejecting auth request from client HYPERZIP machine account HYPERZIP$ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain logins not working
Adam Tauno Williams wrote: ile sharing is working well after I remapped the drives on a running XP/Pro workstation. However, I can't get logins to work. I've set up machine accounts for each XP/Pro workstation and used SWAT to create the new Samba accounts and enable them (with the same password as before) but XP/Pro refuses to allow the logins. I also tried mapping a share on the old server to a directory on the new and I get the same problem - it's having problems finding a DC. Here's my smb.conf (minus most of the shares), if that helps (ps, I will set the log level higher as part of my debugging so don't suggest I do that. However, any suggestions on what may be going wrong are welcome. :) ): Do you have a box handling WINS? Also make sure the SID of your net domain controller is the same as the SID of your old domain controller (net getlocalsid/setlocalsid, I think)? Thanks. I've been through all that. I've been using the SWAT wizard to tell the new box to be a WINS server after telling the old box to stop being a WINS server. Also, copied the SID between the two machine manually after simply setting the new machine up as a (non-master) domain controller in the old domain failed to work - I had tried the net rpc vampire route without luck. I'm not quite sure what's going on but it now seems to have something to do with the machine accounts. I've stripped out samba (not easy - Debian seems to keep most of it around for some reason - even after deleting the .tdb files they can come back intact) and reinstalled it so that pdbedit -L shows nothing. However, I can't seem to add machine accounts with either smbpasswd or pdbedit. I get the messages: tdb_update_sam: struct samu (hyperzip$) with no RID! Unable to add machine! (does it already exist?) Interestingly, I can't add machines on either my old or new server anymore - although I had that ability a couple of days ago - at least on the new one. However, earlier today I did bring my old server back up as a PDC and could log in from XP. This was as part of the net rpc vampire bit. Testing on my old server shows that pdbedit -L should be showing the machine accounts. I can do an smbclient -L whenim64 -U% and also an authenticated one (without the -U%) from my Linux workstation (which doesn't use the server for account management) but can't map any shares from one of my XP workstations (I have a couple shares on it to make work transfer easier - it has more free disk space than my server). Also, I can't log in to any XP/Pro workstation using a domain account. This latter problem may (now) be because of the lack of machine accounts. This is quite frustrating. I've never had this much trouble setting samba up before. Anyway, my current status is that my new server isn't allowing network logins or the creation of machine accounts. The old server has samba shut down but I keep it turned on so I can compare things on it. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Domain logins not working
I'm trying to set up a new server to replace my previous domain controller/fileprint server on my home network. My old server was running Debian/Etch on a 32bit sempron system with two HDs. The new one is running an old 64bit single-core processor and 3 HDs configured into multiple RAID 1 and 5 arrays (/boot as RAID 1 and /, /home, swap and a /backup directory as RAID 5). The new server is running Debian/Etch+1/2. Samba was installed by default since I specified the new server as a file print server. I rsync'ed the old /home to the new one to get the files across. Then I used SWAT to make my old server a member server and the new one a domain controller. Since I only had a few accounts I set them up manually on the new machine, taking care to ensure that the new Unix ids matched the old ones. File sharing is working well after I remapped the drives on a running XP/Pro workstation. However, I can't get logins to work. I've set up machine accounts for each XP/Pro workstation and used SWAT to create the new Samba accounts and enable them (with the same password as before) but XP/Pro refuses to allow the logins. I also tried mapping a share on the old server to a directory on the new and I get the same problem - it's having problems finding a DC. Here's my smb.conf (minus most of the shares), if that helps (ps, I will set the log level higher as part of my debugging so don't suggest I do that. However, any suggestions on what may be going wrong are welcome. :) ): # Samba config file created using SWAT # from 192.168.2.11 (192.168.2.11) # Date: 2009/01/03 15:47:32 [global] workgroup = RAHIM-DALE server string = %h server obey pam restrictions = Yes passdb backend = tdbsam passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* . unix password sync = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 add user script = /usr/sbin/useradd -g users %u delete user script = /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupdel %g add user to group script = /usr/sbin/usermod -G %g %u add machine script = /usr/sbin/useradd -g machines -c Machine -d /dev/null -s /bin/false %u\$ logon script = scripts\logon.bat logon path = \\%L\profiles\%U logon drive = M: logon home = \\%L\%U domain logons = Yes preferred master = Yes domain master = Yes dns proxy = No wins support = Yes ldap ssl = no panic action = /usr/share/samba/panic-action %d idmap uid = 1-2 idmap gid = 1-2 username = root = administrator invalid users = root admin users = garydale, root printer admin = garydale printing = cups print command = lpq command = %p lprm command = include = /etc/samba/dhcp.conf [homes] comment = Home Directories valid users = %S create mask = 0700 directory mask = 0700 browseable = No [printers] comment = All Printers path = /var/spool/samba create mask = 0700 printable = Yes browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/printers [profiles] path = /home/samba/profiles read only = No [netlogon] path = /home/samba/netlogon read only = No -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Domain logins not working
Further to below, here are the syslog entries for an attempt to login from an XP/Pro workstation. While it is indicating a problem authenticating a machine account, the machine account does exist: Jan 3 17:50:44 whenim64 smbd[11537]: [2009/01/03 17:50:44, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(478) Jan 3 17:50:44 whenim64 smbd[11537]: _net_auth2: creds_server_check failed. Rejecting auth request from client SHAFEENA machine account SHAFEENA$ Jan 3 17:50:44 whenim64 smbd[11537]: [2009/01/03 17:50:44, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(478) Jan 3 17:50:44 whenim64 smbd[11537]: _net_auth2: creds_server_check failed. Rejecting auth request from client SHAFEENA machine account SHAFEENA$ Here are the syslog entries for a share connection from another machine (hyperzip) which has not been logged out and back in since the DC switch took place. It can still connect to shares: Jan 3 17:59:58 whenim64 smbd[11203]: [2009/01/03 17:59:58, 0] lib/util_sock.c:get_peer_addr(1221) Jan 3 17:59:58 whenim64 smbd[11203]: getpeername failed. Error was Transport endpoint is not connected Jan 3 17:59:58 whenim64 smbd[11606]: [2009/01/03 17:59:58, 0] lib/util_sock.c:get_peer_addr(1221) Jan 3 17:59:58 whenim64 smbd[11606]: getpeername failed. Error was Transport endpoint is not connected Jan 3 17:59:58 whenim64 smbd[11606]: [2009/01/03 17:59:58, 0] lib/util_sock.c:write_data(562) Jan 3 17:59:58 whenim64 smbd[11606]: write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer Jan 3 17:59:58 whenim64 smbd[11606]: [2009/01/03 17:59:58, 0] lib/util_sock.c:send_smb(761) Jan 3 17:59:58 whenim64 smbd[11606]: Error writing 4 bytes to client. -1. (Connection reset by peer) Jan 3 17:59:58 whenim64 smbd[11607]: [2009/01/03 17:59:58, 1] smbd/service.c:make_connection_snum(950) Jan 3 17:59:58 whenim64 smbd[11607]: hyperzip (192.168.2.12) connect to service archives initially as user garydale (uid=0, gid=1000) (pid 11607) Jan 3 17:59:59 whenim64 smbd[11607]: [2009/01/03 17:59:59, 1] smbd/service.c:make_connection_snum(950) Jan 3 17:59:59 whenim64 smbd[11607]: hyperzip (192.168.2.12) connect to service media$ initially as user garydale (uid=0, gid=1000) (pid 11607) -- I'm trying to set up a new server to replace my previous domain controller/fileprint server on my home network. My old server was running Debian/Etch on a 32bit sempron system with two HDs. The new one is running an old 64bit single-core processor and 3 HDs configured into multiple RAID 1 and 5 arrays (/boot as RAID 1 and /, /home, swap and a /backup directory as RAID 5). The new server is running Debian/Etch+1/2. Samba was installed by default since I specified the new server as a file print server. I rsync'ed the old /home to the new one to get the files across. Then I used SWAT to make my old server a member server and the new one a domain controller. Since I only had a few accounts I set them up manually on the new machine, taking care to ensure that the new Unix ids matched the old ones. File sharing is working well after I remapped the drives on a running XP/Pro workstation. However, I can't get logins to work. I've set up machine accounts for each XP/Pro workstation and used SWAT to create the new Samba accounts and enable them (with the same password as before) but XP/Pro refuses to allow the logins. I also tried mapping a share on the old server to a directory on the new and I get the same problem - it's having problems finding a DC. Here's my smb.conf (minus most of the shares), if that helps (ps, I will set the log level higher as part of my debugging so don't suggest I do that. However, any suggestions on what may be going wrong are welcome. :) ): # Samba config file created using SWAT # from 192.168.2.11 (192.168.2.11) # Date: 2009/01/03 15:47:32 [global] workgroup = RAHIM-DALE server string = %h server obey pam restrictions = Yes passdb backend = tdbsam passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* . unix password sync = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 add user script = /usr/sbin/useradd -g users %u delete user script = /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupdel %g add user to group script = /usr/sbin/usermod -G %g %u add machine script = /usr/sbin/useradd -g machines -c Machine -d /dev/null -s /bin/false %u\$ logon script = scripts\logon.bat logon path = \\%L\profiles\%U logon drive = M: logon home = \\%L\%U domain logons = Yes preferred master = Yes domain master = Yes dns proxy = No wins support = Yes ldap ssl = no panic action = /usr/share/samba/panic-action %d idmap uid = 1-2 idmap gid = 1-2 username = root =
Re: [Samba] Cant Set Password on Windows Side.
Try setting the log level to something like 10. Jeff L wrote: Hi Gary, Yes to all of the above. Yes userpasswd is what we use on all of our servers. This one in particular is causing trouble. Is there a log file that gives more detail on the error? - Original Message - From: Gary Dale [EMAIL PROTECTED] To: Subject: Re: [Samba] Cant Set Password on Windows Side. Date: Sun, 10 Aug 2008 20:41:39 -0400 There are several things that could be causing it. 1) is your passwd program really called userpasswd? 2) does the passwd chat really match what your passwd program expects? 3) have the windows machines joined the domain? 4) can the windows machines see the domain controller? Jeff L wrote: Hello All. Samba ver 3.0.25b-1.1.cc SMB.Conf admin users = administrator unix password sync = yes os level = 65 domain master = yes domain logons = yes passwd program = /usr/sbin/userpasswd %u passwd chat = *password:* %n\n *password:* %n\n *successfully.* add machine script = /usr/sbin/useradd -d /dev/null -g samba-clients -s /bin/fa$ security = user encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd syslog = false netbios name = server workgroup = WKGROUP realm = WKGROUP.LOCAL Is there anything in my config thag will lead to this error message? Domain users cant change their password by pressing control alt delete. They get an error message stating the domain doesnt exist. = The Secrets to Mastering Hypnosis Bennett/Stellar University is celebrating its 10th anniversary as a licensed and approved school providing comprehensive instruction and certifications in the field of hypnosis. http://a8-asy.a8ww.net/a8-ads/adftrclick?redirectid=d96ce8b93944a0986f30bde2b5f74bf2 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba = MRV-Firewall KVM Switch 48 server ports; 8 analog/3 IP users; 1U; UXGA 1600x1400 pixels. http://a8-asy.a8ww.net/a8-ads/adftrclick?redirectid=1925e125ed67ef034257c911b21d4c34 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cant Set Password on Windows Side.
There are several things that could be causing it. 1) is your passwd program really called userpasswd? 2) does the passwd chat really match what your passwd program expects? 3) have the windows machines joined the domain? 4) can the windows machines see the domain controller? Jeff L wrote: Hello All. Samba ver 3.0.25b-1.1.cc SMB.Conf admin users = administrator unix password sync = yes os level = 65 domain master = yes domain logons = yes passwd program = /usr/sbin/userpasswd %u passwd chat = *password:* %n\n *password:* %n\n *successfully.* add machine script = /usr/sbin/useradd -d /dev/null -g samba-clients -s /bin/fa$ security = user encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd syslog = false netbios name = server workgroup = WKGROUP realm = WKGROUP.LOCAL Is there anything in my config thag will lead to this error message? Domain users cant change their password by pressing control alt delete. They get an error message stating the domain doesnt exist. = The Secrets to Mastering Hypnosis Bennett/Stellar University is celebrating its 10th anniversary as a licensed and approved school providing comprehensive instruction and certifications in the field of hypnosis. http://a8-asy.a8ww.net/a8-ads/adftrclick?redirectid=d96ce8b93944a0986f30bde2b5f74bf2 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] can join,but not log into domain
Peter Hartmann wrote: Hi, I have a problem where I can join an xpsp2 machine to a domain but, no matter what %COMPUTERNAME% i use, it says system error: a duplicate name exists on the network after the reboot when upon successfully joining.If I try to log in as a valid user, i get the the system could not log you on because domain 'DOMAIN' is not available. I'd just like to stress that I do not have a duplicate name on the network...I've tried more than 4 and each time I have same error. Does this ring any bells for anyone? Thanks, Peter Check your password dialogue. It should conform to the actual prompts and replies when you log in locally to your Linux/Unix box. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
