[Samba] samba4 anonymous ldap search
I'm using Version 4.1.0pre1-GIT-e4218e4 samba4 server. It allows nicely anonymous ldap searches, latest versions does not allow that. I have followed Microsofts kb326690 and kb320528 guides, but it seems not helpful. Is the anonymous ldap possible anymore? regards Hannu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba4 second dc:s sysvol rights
I have a samba4 domain with two r/w directory controllers. Second servers sysvol share doesn't allow access to normal users, only admin users can access share. Problem is same with both: ntvfs and s3fs. Sysvolreset doesn't help and sysvolcheck doesn't complain anything. posix file acls are identical with the first server which works ok. I have granted rights for Everyone, specific user and Domain Users group, but the result is always same. Here is log for admin user accessing the share: - Successfully converted security token to a unix token:Security token SIDs (17): SID[ 0]: S-1-5-21-xxx-xxx-xxx-1005 SID[ 1]: S-1-5-21-xxx-xxx-xxx-513 SID[ 2]: S-1-5-21-xxx-xxx-xxx-1010 SID[ 3]: S-1-5-21-xxx-xxx-xxx-1747 SID[ 4]: S-1-5-21-xxx-xxx-xxx-1011 SID[ 5]: S-1-5-21-xxx-xxx-xxx-2612 SID[ 6]: S-1-5-21-xxx-xxx-xxx-1026 SID[ 7]: S-1-5-21-xxx-xxx-xxx-512 SID[ 8]: S-1-5-21-xxx-xxx-xxx-572 SID[ 9]: S-1-5-21-xxx-xxx-xxx-1181 SID[ 10]: S-1-5-21-xxx-xxx-xxx-520 SID[ 11]: S-1-5-32-550 SID[ 12]: S-1-5-32-545 SID[ 13]: S-1-5-32-544 SID[ 14]: S-1-1-0 SID[ 15]: S-1-5-2 SID[ 16]: S-1-5-11 Privileges (0x1F00): Privilege[ 0]: SeTakeOwnershipPrivilege Privilege[ 1]: SeBackupPrivilege Privilege[ 2]: SeRestorePrivilege Privilege[ 3]: SeRemoteShutdownPrivilege Privilege[ 4]: SeSecurityPrivilege Privilege[ 5]: SeSystemtimePrivilege Privilege[ 6]: SeShutdownPrivilege Privilege[ 7]: SeDebugPrivilege Privilege[ 8]: SeSystemEnvironmentPrivilege Privilege[ 9]: SeSystemProfilePrivilege Privilege[ 10]: SeProfileSingleProcessPrivilege Privilege[ 11]: SeIncreaseBasePriorityPrivilege Privilege[ 12]: SeLoadDriverPrivilege Privilege[ 13]: SeCreatePagefilePrivilege Privilege[ 14]: SeIncreaseQuotaPrivilege Privilege[ 15]: SeChangeNotifyPrivilege Privilege[ 16]: SeUndockPrivilege Privilege[ 17]: SeManageVolumePrivilege Privilege[ 18]: SeImpersonatePrivilege Privilege[ 19]: SeCreateGlobalPrivilege Privilege[ 20]: SeEnableDelegationPrivilege Rights (0x 403): Right[ 0]: SeInteractiveLogonRight Right[ 1]: SeNetworkLogonRight Right[ 2]: SeRemoteInteractiveLogonRight And as normal user: Successfully converted security token to a unix token:Security token SIDs (6): SID[ 0]: S-1-5-21-xxx-xxx-xxx-1345 SID[ 1]: S-1-5-21-xxx-xxx-xxx-513 SID[ 2]: S-1-5-32-545 SID[ 3]: S-1-1-0 SID[ 4]: S-1-5-2 SID[ 5]: S-1-5-11 Privileges (0x 0): Rights (0x 0): -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] kvno problem when accessing bdc as \\domain.com
Hi! I have a samba4 domain with two r/w directory controllers. DNS is set up so that domain.com name adresses both servers for redundancy. But workstaions can't contact second server with address \\domain.com becuse the kvno is different that first servers kvno and when using \\domain.com address the kvno seems to be always first servers kvno. Can I somehow increase the second servers kvno or is there other solutions Hannu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] kvno problem when accessing bdc as \\domain.com
So the \\domain.com\sysvol should work? On Tue, 2012-10-09 at 14:38 +0300, Hannu Tikka wrote: Hi! I have a samba4 domain with two r/w directory controllers. DNS is set up so that domain.com name adresses both servers for redundancy. But workstaions can't contact second server with address \\domain.com becuse the kvno is different that first servers kvno and when using \\domain.com address the kvno seems to be always first servers kvno. Can I somehow increase the second servers kvno or is there other solutions You have to access each server by name. Even if the kvno was identical, the kerberos key would be different. There is a special case used for sysvol shares, but all it does is redirect the user to the right server. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] net ads printer publish ?
Should that command work? I'm getting Unable to do enumdataex error. Samba version is 3.5.6, windows drivers are installed and cupsaddsmb command is done. Domain controller is samba4 git version less than month old. regards Hannu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba4: getent group stalls
Using 4.0.0alpha12-GIT-580f955 version getent group works fine. Upgrading newer version results getent group stalling after listing 3 ldap groups. Server is 64 bit debian lenny and i have tried two clients: 64 bit debian lenny and 64 bit opensuse 10.1. getent passwd works ok. any hints? regards Hannu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba4 master-branch compiling error
Get following errors compiling samba4 master-branch in vmware virtualmachine : --- /usr/bin/ld: i386:x86-64 architecture of input file `../client/umount.cifs.o' is incompatible with i386 output /usr/bin/ld: i386:x86-64 architecture of input file `../client/mtab.o' is incompatible with i386 output --- samba-4.0.0.alpha10 compiles ok -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba4 partitions upgrade probs
Hi! I'm currently trying to do partitions upgrade. But provision script stops on error. im getting following situation: - Setting up secrets.ldb Setting up the registry Setting up the privileges database Setting up idmap db Setting up SAM db Setting up sam.ldb partitions and settings Setting up sam.ldb rootDSE Pre-loading the Samba 4 and AD schema naming_fsmo_init: no partitions dn present: (skip loading of naming contexts details) pdc_fsmo_init: no domain object present: (skip loading of domain details) Erasing data from partitions Adding DomainDN: DC=mydomain,DC=com Traceback (most recent call last): File ./setup/provision, line 213, in module nosync=opts.nosync,ldap_dryrun_mode=opts.ldap_dryrun_mode) File bin/python/samba/provision.py, line 1369, in provision ldap_backend=provision_backend) File bin/python/samba/provision.py, line 1080, in setup_samdb DOMAINGUID: domainguid_line File bin/python/samba/provision.py, line 308, in setup_add_ldif ldb.add_ldif(data,controls) File bin/python/samba/__init__.py, line 244, in add_ldif self.add(msg,controls) _ldb.LdbError: (68, 'Entry already exists (68)') A transaction is still active in ldb context [0x1249b30] on /home/samba.upgrade/private/secrets.ldb - Does anyone have good hints? regards Hannu PS. I accidently post this question first to samba-tchnical list. Sorry about that. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Vista + samba 3.4 member server problem (solved)
I noticed that vista uses AES encryption by default(which XP don't use). Found an article: http://pronichkin.com/blog/Lists/Posts/Post.aspx?ID=15 and changed the Vista encrytpion method. Vista can now connect to the member server. I tried both mit (1.41) and heimdal (1.21) kerberos and I tought they can do AES but somehow it didn't work. Operating system is 64 bit opensuse 10.1 Hi! I have samba4 domain controller + samba 3.4 member server. On XP login to domain and connection to member server works ok. Vista can login to domain but can't get connected to member server. regards Hannu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Vista + samba 3.4 member server problem
Hi! I have samba4 domain controller + samba 3.4 member server. On XP login to domain and connection to member server works ok. Vista can login to domain but can't get connected to member server. Member servers log.smbd is following error with Vista client: --- [2009/09/02 14:12:02, 3] smbd/process.c:1259(switch_message) switch message SMBsesssetupX (pid 30541) conn 0x0 [2009/09/02 14:12:02, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/09/02 14:12:02, 3] smbd/sesssetup.c:1406(reply_sesssetup_and_X) wct=12 flg2=0xc807 [2009/09/02 14:12:02, 2] smbd/sesssetup.c:1361(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2009/09/02 14:12:02, 3] smbd/sesssetup.c:1160(reply_sesssetup_and_X_spnego) Doing spnego session setup [2009/09/02 14:12:02, 3] smbd/sesssetup.c:1202(reply_sesssetup_and_X_spnego) NativeOS=[] NativeLanMan=[] PrimaryDomain=[] [2009/09/02 14:12:02, 3] smbd/sesssetup.c:776(reply_spnego_negotiate) reply_spnego_negotiate: Got secblob of size 1301 [2009/09/02 14:12:02, 3] libads/kerberos_verify.c:377(ads_secrets_verify_ticket) ads_secrets_verify_ticket: enc type [23] failed to decrypt with error Decrypt integrity check failed [2009/09/02 14:12:02, 3] libads/kerberos_verify.c:377(ads_secrets_verify_ticket) ads_secrets_verify_ticket: enc type [1] failed to decrypt with error Message size is incompatible with encryption type [2009/09/02 14:12:02, 3] libads/kerberos_verify.c:377(ads_secrets_verify_ticket) ads_secrets_verify_ticket: enc type [3] failed to decrypt with error Message size is incompatible with encryption type [2009/09/02 14:12:02, 3] libads/kerberos_verify.c:567(ads_verify_ticket) ads_verify_ticket: krb5_rd_req with auth failed (Message size is incompatible with encryption type) [2009/09/02 14:12:02, 1] smbd/sesssetup.c:333(reply_spnego_kerberos) Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE! [2009/09/02 14:12:02, 3] smbd/error.c:60(error_packet_set) error packet at smbd/sesssetup.c(335) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE Any clues are very welcome regards Hannu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re:Error compiling Samba 3.3.1
OpenSuse 10.1 x86-64 I get same kind of error compiling samba 3.3.1: --- Linking bin/wbinfo nsswitch/wbinfo.o: In function `wbinfo_change_user_password': wbinfo.c:(.text+0x145d): undefined reference to `wbcChangeUserPassword' nsswitch/wbinfo.o: In function `main': wbinfo.c:(.text+0x2663): undefined reference to `wbcGetDisplayName' wbinfo.c:(.text+0x2f26): undefined reference to `wbcRemoveUidMapping' wbinfo.c:(.text+0x2fb1): undefined reference to `wbcRemoveGidMapping' collect2: ld returned 1 exit status 3.2.x compiles fine regards Hannu = Solaris 10 x86, gcc 3.4.3 or cc (SunStudio 12) give the following compile error: Compiling nsswitch/wbinfo.c Linking bin/wbinfo Undefined first referenced symbol in file wbcChangeUserPassword nsswitch/wbinfo.o wbcRemoveUidMapping nsswitch/wbinfo.o wbcRemoveGidMapping nsswitch/wbinfo.o wbcGetDisplayName nsswitch/wbinfo.o ld: fatal: Symbol referencing errors. No output written to bin/wbinfo collect2: ld returned 1 exit status gmake: *** [bin/wbinfo] Error 1 Regards, Wilfred -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Errors compiling samba 3.3.0
OpenSuse 10.1 x86-64 I get following error compiling samba 3.3.0: --- Linking bin/wbinfo nsswitch/wbinfo.o: In function `wbinfo_change_user_password': wbinfo.c:(.text+0x145d): undefined reference to `wbcChangeUserPassword' nsswitch/wbinfo.o: In function `main': wbinfo.c:(.text+0x2663): undefined reference to `wbcGetDisplayName' wbinfo.c:(.text+0x2f26): undefined reference to `wbcRemoveUidMapping' wbinfo.c:(.text+0x2fb1): undefined reference to `wbcRemoveGidMapping' collect2: ld returned 1 exit status 3.2.x compiles fine regards Hannu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] distribute/deploy software to clients
http://www.opennet.ru/docs/RUS/windows_auto_inst/index.html I'm not sure most people understand russian, but the article itself is just amazing! If You won't find any translator, let me know, I'll translate it. /me doesn't understand Russian. ;-) http://babelfish.altavista.com/babelfish/trurl_pagecontent?url=http%3A%2F%2Fwww.opennet.ru%2Fdocs%2FRUS%2Fwindows_auto_inst%2Findex.htmllp=ru_en -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] distribute/deploy software to clients
Hi! We have been using AutoIt with wpkg scripts for a while as a deployment solution with win2k workstations. It is quite simple solution but has been good enough for us. http://sourceforge.net/projects/wpkg/ hannu -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.7 OpenLDAP performance problem
I am using a Samba PDC with OpenLDAP. After updating my Samba 2.2.7 to version 3.0.7, I encountered the following problem : All my Windows-clients are able to logon to the Domain but it takes several minutes until the Client finally is logged on. If I try to open a directory that is stored on the server, it takes several minutes, too. The profiles I am using are not stored on the server except their home-directories. I testet the Samba update several times on a VMware machine with virtual server and clients and it worked perfectly every try. I got same kind of effect after upgrading 3.0.5 - 3.0.7. OpenLDAP + perbuilt Samba on SuSE 8.2 (downgraded back to 3.0.5 and everything is ok again) Just as a balancing point-of-view; we have 3.0.7 + OL 2.2.17 and performance is very good (~200 XP/2000 clients). Are you sure things like name resolution are working properly? In our case it seems to be use sendfile problem (suse 8.2 has 2.4.20 kernel) regards Hannu -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.7 OpenLDAP performance problem
hi, sorry if this topic already exists, but i haven't found a solution yet. I am using a Samba PDC with OpenLDAP. After updating my Samba 2.2.7 to version 3.0.7, I encountered the following problem : All my Windows-clients are able to logon to the Domain but it takes several minutes until the Client finally is logged on. If I try to open a directory that is stored on the server, it takes several minutes, too. The profiles I am using are not stored on the server except their home-directories. I testet the Samba update several times on a VMware machine with virtual server and clients and it worked perfectly every try. thanks for help, greetings, c.triebstein Hi! I got same kind of effect after upgrading 3.0.5 - 3.0.7. OpenLDAP + perbuilt Samba on SuSE 8.2 (downgraded back to 3.0.5 and everything is ok again) ht -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] upgrade 3.0.1 - 3.0.2, problem with homes-share
Hi! We are using Samba 3 in SuSE-linux 8.2 with ldap. After upgrading from 3.0.1 to 3.0.2 we got following problem: When users log-in homes-share is not allways reachable, so automatic homedrive-mapping and roaming profiles doesn't work. This doesn't happen everytime, but quite often. And after login users can map their homedrives manually. Users have following attributes in LDAP directory: sambaHomePath: \\server\homes sambaProfilePath: \\server\homes\profile When I change users attributes to sambaHomePath: \\server\username sambaProfilePath: \\server\username\profile The problem disappears. So it must be the homes-share problem. All the workstations have win2000sp4. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] upgrade 3.0.1 - 3.0.2, problem with homes-share
On Fri, 2004-02-13 at 22:30, Hannu Tikka wrote:
Hi!
We are using Samba 3 in SuSE-linux 8.2 with ldap.
After upgrading from 3.0.1 to 3.0.2 we got following problem:
When users log-in homes-share is not allways reachable, so automatic
homedrive-mapping and roaming profiles doesn't work. This doesn't
happen
everytime, but quite often.
And after login users can map their homedrives manually.
Users have following attributes in LDAP directory:
sambaHomePath: \\server\homes
sambaProfilePath: \\server\homes\profile
When I change users attributes to
sambaHomePath: \\server\username
sambaProfilePath: \\server\username\profile
The problem disappears.
So it must be the homes-share problem. All the workstations have
win2000sp4.
For locking and other reasons, this change is strongly encouraged.
You did not show us your smb.conf, to understand what particular
fungames you might be playing that would trigger this change in
behaviour.
I will note however that in 3.0.2, if you have a share named [username],
then [homes] will no longer automatically be an alias for it.
Thanks for a quick answer :)
Ok, I'll do the change.
Here is smb.conf, we dont have shares named as [username]
[global]
workgroup = OURS
interfaces = eth*, lo
map to guest = Bad User
passdb backend = ldapsam:ldaps://ldapserver, guest
log level = 0
syslog = 0
name resolve order = wins host lmhosts bcast
socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
SO_SNDBUF=8192 SO_RCVBUF=8192
printcap name = CUPS
add user script = ldapsmb -a -s -u %u
delete user script = ldapsmb -d -u %u
add group script = ldapsmb -a -s -g %g
delete group script = ldapsmb -d -g %g
add user to group script = ldapsmb -j -u %u -g %g
delete user from group script = ldapsmb -j -u %u -g %g
# add machine script = ldapsmb -a -w %u
add machine script = smbldap-useradd.pl -a -w %u
logon script = logon.cmd
logon path =
logon home =
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
wins support = Yes
ldap suffix =
ldap machine suffix = ou=wkst
ldap user suffix = ou=usrs
ldap group suffix = ou=grps
ldap idmap suffix =
ldap admin dn = xxx
hosts allow =
printing = cups
load printers = yes
veto files = /*.eml/*.nws/riched20.dll/*.{*}/
ldap passwd sync = Yes
client ntlmv2 auth = yes
[netlogon]
path = //netlogon
write list = , root
read only = Yes
browseable = No
oplocks = False
level2 oplocks = False
recycle:versions = True
recycle:touch = True
recycle:keeptree = False
recycle:exclude = *.tmp|*.temp|*.o|*.obj|*.mp3|~$*
recycle:exclude_dir = /tmp|/temp|/cache|/.wprofile|/.profile
[homes]
read only = No
create mask = 0711
directory mask = 0711
browseable = No
oplocks = False
level2 oplocks = False
vfs objects = recycle
recycle:repository = .recycle[printers]
comment = All Printers
path = /var/tmp
create mask = 0600
printable = Yes
browseable = No
public = yes
guest ok = yes
writable = no
printer admin = root,xxx, @Domain Admins
[printers]
comment = All Printers
path = /var/tmp
create mask = 0600
printable = Yes
browseable = No
public = yes
guest ok = yes
writable = no
printer admin = root,xxx, @Domain Admins
[print$]
comment = Printer Drivers
path = //drivers
write list = root, @Domain Admins
force group = Domain Admins
create mask = 0664
directory mask = 0775
guest ok = yes
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] group policies, domain policies and workstation policies without Active Directory??
On Sat, 06 Dec 2003 15:47:32 -0600 Andrew Gaffney wrote: [EMAIL PROTECTED] wrote: I have the following situation: a network with 30 Windows NT Server on different sites, 800 clients with Windows XP; I want to migrate to Samba instead of Windows 2003 Server, but I have the effort to manage group policies, domain policies and workstation policies on the XP Clients; Do you really want to apply the XP registry hack to 800 clients? Although, it may no longer be necessary if you're using 3.0. Does anyone know? what hack are you talking about? (I'm really interested in doing this since I've posted several questions on this same list before). My approach was like this : - Samba 3 server - Windows XP client machines - Roaming profiles stored on the server - The client machines execute a script on logon that tries to load a specially customized .reg file, but fails doing it because the user that logs won't have priviledges enough to modify the registry (entries con hkey_current_user - HKU or similar) this didn't work... any ideas? :-) Haven't tested this yet, but I have thought to create a scheduled task which runs on Administrator privileges a .bat from netlogon share at every logon. To that .bat I can put all updates that needs to run with Administrator rights. Does this sound like a potential solution? Of course I have to create that scheduled task on every machine, but after that everything should be quite automatic. Hannu -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba process dead
I am having trouble with a samba server version 2.2.5 on SuSe 8.1. Very often my samba processes get to state D and can't be killed anymore. The clients seem to continue to connect and so I get even more dead samba processes. These processes can't be killed, all I can do is reboot the machine. We have Suse 8.2 + samba3 (reiserfs). We had hardware problems and server crashed few times. After that I noticed same thing that you, certain users smbd processes get to state D and so on.. Also I noticed that disk containing user homedirectories was reported NOT clean at startup. I halted machine and ran fsck to that disk. Disk was reported clean at startup, but after a while there was a bunch of smbd processes in state D again. And disk was NOT clean again. We have roaming profiles on users homedirectories and it turned out that those users who got smbd:s in state D had corrupted profile files and that messed up reiserfs. So I backed up those profile directories and deleted them. After that I ran fsck and restored profile files. We haven't got those problems anymore. So at least check that the disk is clean and if possible backup and restore user disks. Hannu -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Bizarre Problem ( Samba 3/Win2k )
Hello I´m running a samba 3.0 server on slackware box as my PDC. I´m using a bunch of win2k client in Brazilian Portuguese. Everething run fine excepted that when win2k client try to overwrite files on all the server shares they get a message like Unable to Copy file, make sure that the name is spelled correctly ( Sorry for the translation, i´m using a Brazilian version of windows ). What is very weird is that : - If I do cut/paste then it doesn´t work ( I get that message ). If I delete the file and do the copy, everything fine. - If I drag and drop IT WORKS, using the copy menu. - If I drag and drop using the move menu, it accept but I´l get messages that folders doesn´t exist, create it ? - WinXP work fine. The client have all the latest update from Uncle Bill. I´have tried to put samba in debug mode. What I´have seen is that there is no access try on the server. ( that is no attempt is made to access nothing on the server and then there is no security problem, neither charset problems ). Any idea ? I have same situation on copying files to samba share with w2k client (sp4). Cut Paste don't work but Drag Drop works. Server is Samba 3.0 on SuSE 8.2 . -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Can't add domain group in local group (winXP)
samba 3.0 + LDAP in SuSE 8.2 In 2k Sp3 workstation adding domain user and domain group to local group ok. In XP Sp1 workstation adding domain user to local group ok, but adding domain group to local group gives an error: --- Information returned from the object picker for object Domain Users was incomplete. The object will not be processed. --- In samba log cn't see any major diffrence between 2k and XP actions. regards Hannu -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] valid users = %S in rc4
After upgrading rc2 - rc4 (suse binary packages) line 'valid users = %S' in [homes] section prevents user getting to his homedirectory in logfile smbd says: [2003/09/25 15:07:59, 2] smbd/service.c:make_connection_snum(384) user '' (from session setup) not permitted to access this share () Hannu -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] can't join workstations to domain
I have samba 3.0alpha24 server with LDAP as PDC. I can use shares on the server, but I can't join workstation to domain Error message is: Access denied. and in log file with debug = 3 i found in logfile: rpc_server/srv_samr_nt.c:access_check_samr_function(115) _samr_create_user: ACCESS DENIED (granted: 0x0201; required: 0x0010) workstation account exists and is enabled: uid: taivas$ objectClass: sambaSamAccount displayName: konetunnus objectClass: account sambaAcctFlags: [U ] sambaPrimaryGroupSID: [domain sid]-1601 sambaSID [domain sid]-11000 sambaNTPassword 90568306802UYIEUYIUEIYUI sambaLMPassword 5734767389767GERJGJGJDG sambaPwdMustChange 1056456117 sambaPwdCanChange 1054641717 sambaPwdLastSet 1054641717 I have Administrator account set and group mappings should be ok, but i doubt the problem is somwhere there: objectClass: sambaGroupMapping objectClass: posixGroup displayName: admins sambaSID: [domain sid]-512 cn: Domain Admins memberUid: Administrator gidNumber: 301 sambaGroupType: 2 net groupmap list shows: nobody (S-1-5-32-546) - nobody users ([domain sid]-513) - smbusr admins ([domain sid]--512) - domadm sysadmins ([domain sid]--1002) - sysadm I have made workstation account manually with smbpasswd and there is no workstation creation script set in smb.conf. Any ideas what I'm missing? regards Hannu -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
