Re: [Samba] Samba Server Under Microsoft Windows Network
On 2/3/13, Fabian von Romberg wrote: > Im running a samba4 server. When I logged onto the server from a XP Machine > and then I go to My Network Places -> Microsoft Windows Network -> Mydomain > my samba4 server is not listed. It's well known and documented limitation of current samba. > What could be the reason? Should I set up anything on my XP machine? I know workaround: 1) Use windows or samba3 (or samba4 configured as classic server) boxes to serve as netbios browsers. Set "os level=1" in your smb.conf, this sh'ld be enough. 2) Start on your samba4 AD server nmbd from any 3.* series. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] generate keytab
Please! Don't write into private mail. Thanks. > $ Samba-tool user create http-user --random-password > $ Samba-tool spn add HTTP/www.nisled.org http-user Okay, you've got user http-user with principals http-u...@nisled.org and HTTP/www.nisled@nisled.org. > $ Samba-tool domain exportkeytab --principal=HTTP/www.nisled.org > http.keytab Here you export _only_ HTTP/www.nisled@nisled.org. > $ kinit -k -t http.keytab http-user > kinit: Key table entry not found while getting initial credentials Of cause, because you didn't export it. > Can anyone help me? Export http-u...@nisled.org too. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Slow winbind lookups
On 1/10/13, Alex Matthews wrote: > wbinfo -u takes a long time to return a list of users I guess that if you attach output of strace wbinfo -u or may be even strace -f wbinfo -u you'll find assistance faster :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ACL on GPO directory does not match expected value from GPO object. AGAIN.
On 1/10/13, Alex Matthews wrote: > Comparing the two ACLs > > O:LAG:DUD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) > O:DAG:DUD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) > The only difference I can see is the 'DAG' vs 'LAG' at the beginning > (Directory ACL vs File ACL?) Take a look here: https://bugzilla.samba.org/show_bug.cgi?id=9483 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4.0.0 - Browseable option don't work
On 1/7/13, Bruno Pereira wrote: > I configured some shares with the option "browseable = No" but this > share still browseable. > server services = ... smb I guess the reason is the ntvfs. Try s3fs. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba AD DC migration and official packages
On 12/28/12, Federico Alberto Sayd wrote: >> Release version is in experimental. You can backport it for testing >> (it's very easy). I do the same but with package files changed a bit >> to include smbd. > It sounds very interesting. Did you just rebuild the packages to use > smbd instead of ntvfs? No, if you want to include smbd you should edit several files from debian.tar.gz. I put smbd into samba4 package (like Zentyal does) but this is the bad way. If you want I can put my debian.tar.gz somewhere. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba AD DC migration and official packages
On 12/27/12, Federico Alberto Sayd wrote: > Now I want to migrate my real installation to Samba4 but my question is > about packaging. For now there is not a v4.0 stable Samba package in > Debian Wheezy, and I don't want install a rc version. Release version is in experimental. You can backport it for testing (it's very easy). I do the same but with package files changed a bit to include smbd. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [Samba4] Is VFS working in Samba 4.0.0?
On 12/21/12, Kaito Kumashiro wrote: > server services = smb, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, > winbind, ntp_signd, kcc, dnsupdate, dns You are using ntvfs, use s3fs. server services = -smb +s3fs dcerpc endpoint servers = -winreg -srvsvc see https://wiki.samba.org/index.php/Samba4/s3fs -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] generate keytab
On 12/20/12, Clodonil Trigo wrote: > $ samba-tool user add proxy-user > $ samba-tool user setexpiry proxy-user -noexpiry > $ samba-tool spn add http/proxy-user proxy.nisled.org Find the difference: samba-tool spn add http/proxy.nisled.org proxy-user > $ samba-tool domain exportkeytab /etc/proxy.keytab --principal=http/ > proxy.nisled.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] incorrect gpo acl after sysvolreset (rc6)
I'm running rc6, but it's not a clean installation, it's samba3 upgraded to 4.0 in ages of beta2. samba-tool ntacl sysvolcheck dies with message about incorrect acl on gpo, but that acl is set by sysvolreset. lobus@sirius-a:~$ sudo samba-tool ntacl sysvolcheck ERROR(): uncaught exception - ProvisioningError: DB ACL on GPO directory /var/lib/samba/sysvol/shch8.brnv.rw/Policies/{6AC1786C-016F-11D2-945F-00C04FB984F9} O:LAG:DUD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) does not match expected value O:DAG:DUD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) from GPO object File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run return self.run(*args, **kwargs) File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line 245, in run lp) File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1576, in checksysvolacl direct_db_access) File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1527, in check_gpos_acl domainsid, direct_db_access) File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1477, in check_dir_acl raise ProvisioningError('%s ACL on GPO directory %s %s does not match expected value %s from GPO object' % (acl_type(direct_db_access), path, fsacl_sddl, acl)) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind - samba4
On 12/5/12, Clodonil Trigo wrote: > The pipe is in /usr/local/samba/var/run/winbindd. The winbind this working > because the wbinfo returns successfully. I think that is something between > the centos and the lib's winbind. Yep, I wasn't correct: in Debian one can have the opposite issue -- working nss but not wbinfo. Sorry :( -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind - samba4
On 12/4/12, Clodonil Trigo wrote: > I did not think the process of winbind, I believe it is internal to samba. There is no separate winbindd process in samba4. There are several *.so providing this service. > I did several test before migrating to the samba3 Samba4 and had success in > all cases. More time to make real the problem gave winbind. But have you tried? > What line you changed in smb.conf? I'm still using bind mount :) But option you need is "winbindd socket directory". -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind - samba4
On 12/3/12, Clodonil Trigo wrote: > I am using centos 6.3 and did the migration from samba3 to Samba4. More the > "getent passwd" does not return users. > I made the link: > ln-s /usr/local/samba/lib/libnss_winbind.so.2 / lib/libnss_winbind.so > ln-s /lib/libnss_winbind.so /lib/libnss_winbind.so.2 I had similar problem but with Debian package, so I'm not sure that I'll help you (debian samba4 package is rather interesting thing) but in my case the problem was that libnss_winbind expects socket to be in /tmp/.winbind/ (or .winbindd? Check with "strings".) while winbind component stores it in /var/run/samba4/winbind/ (I don't know the correct path for your case). Try to make bind mount of socket directory or set correct path in smb.conf. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 - Bind Config with DHCP
On 11/23/12, Joubert, Dawie wrote: > My question is thus: How can I make Samba4 update the DNS entries and allow > DHCP to update the entries? Somebody should add this link to howto :) http://blog.michael.kuron-germany.de/2011/02/isc-dhcpd-dynamic-dns-updates-against-secure-microsoft-dns/ > Secondly, is this even necessry with the AD type domain? dunno -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] S4 Bind vs Internal DNS
On 11/26/12, Thomas Simmons wrote: > What are the benefits of using BIND instead of Samba's internal DNS server? You can use additional resource types like SPF or SSHFP. You can use different views for different clients. It's much easier to update zone using good old shared key than using wrapper (isc dhcpd knows nothing about kerberos). Bind is known to *x admins and it's rather stable, samba's internal dns is new and possibly buggy :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] about samba 4 rc2
On 10/12/12, Amaury Viera Hernández wrote: > Hello, I'm testing samba 4 rc2. > i can not find the file /usr/local/samba/private/named.conf Did you choose a type of DNS implementation? RC2 uses internal by default, see https://ftp.samba.org/pub/samba/rc/WHATSNEW-4-0-0rc2.txt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How can I switch from internal dns server to bind9
On 10/9/12, fe...@epepm.cupet.cu wrote: > How can I switch from internal dns server to bind9??? Add into [global] section of smb.conf "server services = -dns". Configure Bind (see named.* files which comes with samba) to use dlz plugin or good old plain files (requires basic zone definition). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ntlm_auth returns nothing (4.0beta8)
ntlm_auth from samba 3.6: # /usr/local/bin/ntlm_auth --domain=DOMAIN --username=USER --password=PASSWORD Ignoring unknown parameter "server role" Ignoring unknown parameter "server services" Ignoring unknown parameter "dcerpc endpoint servers" NT_STATUS_OK: Success (0x0) ntlm_auth from samba 4.0-beta8: # /usr/bin/ntlm_auth --domain=DOMAIN --username=USER --password=PASSWORD /usr/bin/ntlm_auth: /usr/lib/i386-linux-gnu/libwbclient.so.0: no version information available (required by /usr/lib/i386-linux-gnu/samba/libauth4.so) No useful output and result code is always 0. Message about version isn't related to problem, it's because libwbclient is from samba 3.6, but with native result is the same. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] reverse dns zone managed by samba4
On 9/13/12, Kai Blin wrote: >> While it's possible to create reverse zone in samba4 directory, it's >> impossible to update it the same way as forward zone. > Why? How did you create the zone, how did you try to update it, and what > exactly happens? I've found the problem. My order of actions was: 1) add grant entry into named.conf.update.static which allows update of PTR 1a) wait until new named.conf.update appear 2) add reverse zone using w2k3 tools 3) try to add PTR using `nsupdate -g` (NOTAUTH) Logs says that problem not in samba_dlz but in bind itself. With additional step "2a) /etc/init.d/bind reload" update will succeed. May bind sh'ld be reloaded by samba itself on new zone addition. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [Announce] Samba 4.0.0rc1 Available for Download
On 9/13/12, steve wrote: > Thanks for that but I can't reporovision. Who can? I have 150 linux, xp > and w7 clients to support. I simply cannot start from bare metal. > > To be able to do that I would have to have a reliable backup. Evidently > neither the backup scripts in samba-master nor rsync can do that at the > moment. (secretly hopes someone can confirm otherwise) Steve, you sh'ld read the original letter better :) If you used the BIND9_FLATFILE or BIND9_DLZ features, you'll have to add '-dns' to the 'server services' option, as the internal dns server (SAMBA_INTERNAL) is the default now. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] reverse dns zone managed by samba4
While it's possible to create reverse zone in samba4 directory, it's impossible to update it the same way as forward zone. So my current setup has forward zone stored in AD and reverse one stored in good old flat file. Does any solution exist which allows to store in samba4 AD? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] errors in log: Failed to bind to uuid ...@ncalrpc
What this entry from from log may mean? [2012/09/10 09:55:01, 0] ../source4/rpc_server/netlogon/dcerpc_netlogon.c:1256(dcesrv_netr_LogonGetCapabilities) ../source4/rpc_server/netlogon/dcerpc_netlogon.c:1256 Bad credentials - error [2012/09/10 09:55:01, 0] ../source4/librpc/rpc/dcerpc_util.c:660(dcerpc_pipe_auth_recv) Failed to bind to uuid 12345678-1234-abcd-ef00-01234567cffb for 12345678-1234-abcd-ef00-01234567cffb@ncalrpc:127.0.0.1[DEFAULT,sign,seal] NT_STATUS_UNSUCCESSFUL -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] syntax of samba-tool to deal with SRV DNS record
On 9/11/12, Alain Foucher wrote: > I tried to use the quotes around the data but i got another error message > ERROR: Data requires 4 elements - server, port, priority, weight > any Idea I suppose you use them incorrectly :) Compare with my yesterday's experiments: samba-tool dns add pdc-srv.my.domain. my.domain _kerberos-adm._tcp SRV 'pdc-srv.my.domain. 88 100 0' samba-tool dns update pdc-srv.my.domain. my.domain _kerberos-adm._tcp SRV 'pdc-srv.my.domain. 88 100 0' 'pdc-srv.my.domain. 88 0 100' samba-tool dns update pdc-srv.my.domain. my.domain _kerberos-adm._tcp SRV 'pdc-srv.my.domain. 88 0 100' 'pdc-srv.my.domain. 749 0 100' samba-tool dns delete pdc-srv.my.domain. my.domain _kerberos-adm._tcp SRV 'pdc-srv.my.domain. 749 0 100' -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] syntax of samba-tool to deal with SRV DNS record
On 8/30/12, Alain Foucher wrote: > i try to use something like : > samba-tool dns add smb4 domain.local_http._tcp.domain.local SRV > tx4.domain.local 80 1 5 > but i get this message > Usage: samba-tool dns add > You've forgot quotes around data: samba-tool dns add smb4 domain.local_http._tcp.domain.local SRV "tx4.domain.local 80 1 5" -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] syntax of samba-tool to deal with SRV DNS record
On 8/29/12, Alain Foucher wrote: > i'm looking to update some SRV DNS Record , but i didn't find the correct > syntax to handle priority, weight and port. from samba-tool output: ERROR: Data requires 4 elements - server, port, priority, weight -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 is it possible to change the IP of a DC?
On 8/21/12, steve wrote: >> I changed IP of DC but from windows box using administrative tools from >> 2003. > So that should work against a Sama4 DC no? Was that from Active Yes, it was Samba (4.0 beta2). > Directory Users and Computers? I had a quick look there but couldn't > find it. There is an applet it that tools called somewhat like DNS, I used it. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 is it possible to change the IP of a DC?
I changed IP of DC but from windows box using administrative tools from 2003. -- http://375gnu.wordpress.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba