Re: [Samba] Use LDAP for passwords ONLY
We are using pGina (pgina.org) for lab logins. pGina is a pluggable authentication system, similar to PAM except for Windows. pGina allows us to separate the user authentication from the account information. User credentials are checked against LDAP, MySQL, or other authentication source. If credentials are correct, the computer is logged in with a pre-defined windows account. Hope this helps. Tony --- CONFIDENTIALITY WARNING: Pseudo-legal disclaimers do not buy you or your employer any legal recourse for leaked information. E-mail messages should never contain privileged or confidential information. Always treat e-mail as public. -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Garey Sent: Thursday, October 03, 2013 11:18 AM To: samba@lists.samba.org Subject: [Samba] Use LDAP for passwords ONLY I am trying to figure out if I can setup samba to verify only passwords against LDAP and keep everything else local. Anyone know how to set this up? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] About NAS versus Samba
I've had experience with a Western Digital MyBook Live DUO, and it does NOT support any type of network authentication. Users must be created and deleted on that device. --- CONFIDENTIALITY WARNING: Pseudo-legal disclaimers do not buy you or your employer any legal recourse for leaked information. E-mail messages should never contain privileged or confidential information. Always treat e-mail as public. -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Fernando Lozano Sent: Wednesday, July 10, 2013 8:45 PM To: us...@lists.fedoraproject.org; samba@lists.samba.org Subject: [Samba] About NAS versus Samba Hi there, Has anyone tried to configure a NAS server to authenticate users using a Samba PDC, or even a Samba4 DC (AD-compatible) or an IPA server? I'm evaluating replacing some Linux file server for a NAS product, but all them make me nervous when the vendor talks about Active Directory support and nothing else. In theory, many NASes are Linux boxes running samba, so there shouldn't be a problem, except if the web admin interface won't support a samba DC setup and I won't have SSH access to configure the NAS samba myself. So I'm asking if someone there has had any real experience, be it using Fedora, CentOS or RHEL as the Samba3 PDC or Samba4 DC. PS: I'm cross-posting because I asked before on the samba mailing list and nobody cared to answer. Or nobody has had any real experience. I'm hoing many sysadmins on the Fedora list also works on companies with RHEL or CentOS and had a real experience to share. []s, Fernando Lozano -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Migrate samba3.5 classic domain to Windows2008R2
I have a Samba 3.5.20 domain controller that provides logins and profiles for our Windows XP computer labs on campus. In earlier testing, we encountered performance issues with Windows 7 logins. Although that has now been resolved, management is discourged from continuing to use Samba as a domain controller. I have now been tasked with migrating our classic academic domain to Windows 2008R2 Active Directory. Most of the documentation I have found on the subject is several years old and involves creating a new domain and then migrating users/workstations from the classic domain to the new AD. I'd prefer to not create another domain. I have ~150 users workstations, 30 domain groups, 5 local groups, and an interdomain trust (to a 2003AD) to allow some administrative users access to some academic resources. What is the simplest/cleanest method to accomplish the migration? What precautions do I need to take to make sure I can get back to the current setup if migration experiments fail? --- CONFIDENTIALITY WARNING: Pseudo-legal disclaimers do not buy you or your employer any legal recourse for leaked information. E-mail messages should never contain privileged or confidential information. Always treat e-mail as public. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Yet another Win7 failing to join the domain...
CentOS 5 does have a newer samba available. To get it: yum remove samba yum install samba3 or to get really fresh samba, use the SerNet repos. --- CONFIDENTIALITY WARNING: Pseudo-legal disclaimers do not buy you or your employer any legal recourse for leaked information. E-mail messages should never contain privileged or confidential information. Always treat e-mail as public. -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of John Doe Sent: Wednesday, June 06, 2012 8:19 AM To: samba@lists.samba.org Subject: [Samba] Yet another Win7 failing to join the domain... Hi, I just installed a Windows 7 Pro workstation and failed to join our domain (latest samba 3.0.33 from CentOS 5.8). I tried the 2 lanmanWorkstation registry keys from the wiki and Windows keeps saying that he cannot find the domain. I see NOTHING in samba logs... no failure message... almost like Windows did not even try to talk to it... I tried the old way (CompatibleRUP, signorseal, strongkey, secpol LM/NTLM or NTLMv2 if neg) to no avail. Others Vista can join without problem. I can mount shares manually I read the samba wiki and did not see this version as tested, apart from the and other versions. Is it supposed to work or do I need to install a newer version (non CentOS provided)? Thx, JD -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Installing Samba on RedHat Linux 5.3
Glad to hear that you succeeded in getting Samba installed. Next steps to getting it to work are: 1) edit your /etc/samba/smb.conf file to fit the needs of your network. 2) use testparm (without the quotes) to verify that your smb.conf file is correct. 3) start your samba services with: service smb start service winbind start (if you need winbind) 4) connect to a samba share with a Windows client If everything tests out OK, configure Samba to start at boot time with chkconfig. If not, stop the samba services with service smb stop; service winbind stop (again, without the quotes). Adjust your smb.conf file then repeat steps 2 through 4. Good luck. T references: http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html http://www.samba.org/samba/docs/man/manpages-3/testparm.1.html http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/install.html http://linux.die.net/man/8/chkconfig --- CONFIDENTIALITY WARNING: Pseudo-legal disclaimers do not buy you or your employer any legal recourse for leaked information. E-mail messages should never contain privileged or confidential information. Always treat e-mail as public. -Original Message- From: Johansson, Ronnie [mailto:ronnie_johans...@europ-assistance.co.uk] Sent: Wednesday, May 16, 2012 2:54 AM To: Hoover, Tony Subject: RE: [Samba] Installing Samba on RedHat Linux 5.3 Hi Tony, Many thanks for your help! Today we've got connected to RHN and I followed your three steps and Samba was installed on our Linux server. How do I go on? Best regards Ronnie -Original Message- From: Hoover, Tony [mailto:hoo...@sal.ksu.edu] Sent: den 29 april 2012 15:46 To: Johansson, Ronnie; sa...@samba.org Subject: RE: [Samba] Installing Samba on RedHat Linux 5.3 first, configure yum to use the sernet samba repos. (you will need to be root) - cd /etc/yum.repos.d - wget http://ftp.sernet.de/pub/samba/3.6/rhel/5/sernet-samba.repo - yum install samba3 a periodic yum update (we use a cron job) will keep your system up to date, including Samba if you use the yum repos instead of brute-forcing RPM to install individual packages. -Original Message- From: samba-boun...@lists.samba.org on behalf of Johansson, Ronnie Sent: Thu 4/12/2012 11:22 AM To: sa...@samba.org Subject: [Samba] Installing Samba on RedHat Linux 5.3 Hi there, I am a real Linux newbie and need help how to install these samba files. Red Hat Enterprise Linux Server release 5.3 (Tikanga) Kernel 2.6.18-128.el5 on an x86_64 $ ls libsmbclient0-3.6.4-44.el5.x86_64.rpm libsmbclient-devel-3.6.4-44.el5.x86_64.rpm libwbclient0-32bit-3.6.4-44.el5.i386.rpm libwbclient0-3.6.4-44.el5.x86_64.rpm libwbclient-devel-3.6.4-44.el5.x86_64.rpm samba3-3.6.4-44.el5.x86_64.rpm samba3-client-3.6.4-44.el5.x86_64.rpm samba3-debuginfo-3.6.4-44.el5.x86_64.rpm samba3-doc-3.6.4-44.el5.x86_64.rpm samba3-utils-3.6.4-44.el5.x86_64.rpm samba3-winbind-32bit-3.6.4-44.el5.i386.rpm samba3-winbind-3.6.4-44.el5.x86_64.rpm $ uname -a Linux euapg-db005 2.6.18-128.el5 #1 SMP Wed Dec 17 11:41:38 EST 2008 x86_64 x86x $ rpm -qa | grep release redhat-release-notes-5Server-25 redhat-release-5Server-5.3.0.3 $ Please help me with this as soon as possible. Many thanks Ronnie This email and any files transmitted with it contain information which may be confidential and which may also be privileged and are intended solely for the use of the individual or entity to whom they are addressed. Unless you are the intended recipient you may not copy or use it, or disclose it to anyone else. Any opinions expressed are that of the individual and not necessarily that of Europ Assistance Holdings Ltd or any of its subsidiaries. If you have received this email in error please notify mailto:postmas...@europ-assistance.co.uk Europ Assistance Holdings Limited Registered Office: Sussex House, Perrymount Road, Haywards Heath, West Sussex, RH16 1DN. Registered in England No: 758979. Europ Assistance Holdings Limited is authorised and regulated by the Financial Services Authority. (FSA Registered number 311883) This footnote also confirms that this email message has been swept by Sophos Anti-Virus for the presence of computer viruses. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] unknown files of samba server
I believe that is a print job. since the date is a couple month old, and the size is zero, I believe that it would be safe to delete. --- CONFIDENTIALITY WARNING: Pseudo-legal disclaimers do not buy you or your employer any legal recourse for leaked information. E-mail messages should never contain privileged or confidential information. Always treat e-mail as public. -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of deconya Sent: Monday, May 07, 2012 10:35 AM To: samba@lists.samba.org Subject: [Samba] unknown files of samba server Hi Im maintaining a samba server and Im with an unknown files inside /var/spool/samba. It seems to refer users but I don't know If I can delete something or not. files are type -rw--- 1 usuari Domain Users0 2012-03-07 17:05 smbprn.4993.KyICia Someone knows what is it? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Installing Samba on RedHat Linux 5.3
first, configure yum to use the sernet samba repos. (you will need to be root) - cd /etc/yum.repos.d - wget http://ftp.sernet.de/pub/samba/3.6/rhel/5/sernet-samba.repo - yum install samba3 a periodic yum update (we use a cron job) will keep your system up to date, including Samba if you use the yum repos instead of brute-forcing RPM to install individual packages. -Original Message- From: samba-boun...@lists.samba.org on behalf of Johansson, Ronnie Sent: Thu 4/12/2012 11:22 AM To: sa...@samba.org Subject: [Samba] Installing Samba on RedHat Linux 5.3 Hi there, I am a real Linux newbie and need help how to install these samba files. Red Hat Enterprise Linux Server release 5.3 (Tikanga) Kernel 2.6.18-128.el5 on an x86_64 $ ls libsmbclient0-3.6.4-44.el5.x86_64.rpm libsmbclient-devel-3.6.4-44.el5.x86_64.rpm libwbclient0-32bit-3.6.4-44.el5.i386.rpm libwbclient0-3.6.4-44.el5.x86_64.rpm libwbclient-devel-3.6.4-44.el5.x86_64.rpm samba3-3.6.4-44.el5.x86_64.rpm samba3-client-3.6.4-44.el5.x86_64.rpm samba3-debuginfo-3.6.4-44.el5.x86_64.rpm samba3-doc-3.6.4-44.el5.x86_64.rpm samba3-utils-3.6.4-44.el5.x86_64.rpm samba3-winbind-32bit-3.6.4-44.el5.i386.rpm samba3-winbind-3.6.4-44.el5.x86_64.rpm $ uname -a Linux euapg-db005 2.6.18-128.el5 #1 SMP Wed Dec 17 11:41:38 EST 2008 x86_64 x86x $ rpm -qa | grep release redhat-release-notes-5Server-25 redhat-release-5Server-5.3.0.3 $ Please help me with this as soon as possible. Many thanks Ronnie This email and any files transmitted with it contain information which may be confidential and which may also be privileged and are intended solely for the use of the individual or entity to whom they are addressed. Unless you are the intended recipient you may not copy or use it, or disclose it to anyone else. Any opinions expressed are that of the individual and not necessarily that of Europ Assistance Holdings Ltd or any of its subsidiaries. If you have received this email in error please notify mailto:postmas...@europ-assistance.co.uk Europ Assistance Holdings Limited Registered Office: Sussex House, Perrymount Road, Haywards Heath, West Sussex, RH16 1DN. Registered in England No: 758979. Europ Assistance Holdings Limited is authorised and regulated by the Financial Services Authority. (FSA Registered number 311883) This footnote also confirms that this email message has been swept by Sophos Anti-Virus for the presence of computer viruses. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Upgrading from 3.2 to 3.5
When upgrading major versions of Samba, do a testparm -v before and after. Parameters sometimes change default values, so having a complete list of the active parameters will help debug any problems. -- Tony Hoover, Network Administrator KSU - Salina, College of Technology and Aviation (785) 826-2660 Don't Blend in... -- -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Christian Reischl Sent: Tuesday, April 24, 2012 12:13 PM To: samba@lists.samba.org Subject: [Samba] Upgrading from 3.2 to 3.5 Hi, I'm going to migrate from SAMBA 3.2 to 3.5 (Debian Lenny - Squeeze). The server is an AD member and uses ACLs. Are there any preliminary steps to make the upgrade as smooth as possible? What kind of problems could I expect? Best Regards, Christian -- __ Christian Reischl Fraunhofer Institut für Verfahrenstechnik und Verpackung Giggenhauser Str. 35 85354 Freising Telefon: 08161 491-704 mailto:christian.reis...@ivv.fraunhofer.de http://www.ivv.fraunhofer.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] wireless
We have multiple wireless VLANs. a guest wireless that only allows web browsing and e-mail to off-campus servers, a student wireless network that allows access to student resources, and an administrative wireless network that allows access to the administrative (business process) resources. the student and administrative wireless networks are enterprise WPA2 secured, with users' university ID login credentials. To allow samba access from the wireless networks, you need to make sure that your firewall is passing ports [TCP|UDP]/135, UDP/137, UDP/138, TCP/139 and TCP/445 or at least TCP/445. -- Tony Hoover, Network Administrator KSU - Salina, College of Technology and Aviation (785) 826-2660 Don't Blend in... -- -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of anna-karin.bur...@bjurholm.se Sent: Wednesday, December 14, 2011 7:07 AM To: samba@lists.samba.org Subject: [Samba] wireless Hello again, At this school I am working we are setting up a wireless network. What would be the best way to set up the system to this network? How should we log in to Samba? What should I consider. The wireless system has already been purchased by people who have left. Kind regards Anna-Karin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba for Mac OS X
Samba is not a protocol. SMB is the protocol, and the protocol is owned by Microsoft. Samba is an open source package that implements a SMB server. It doesn't matter what kernel, or OS you are using, you can build Samba from the source code to run on your platform. As for the front-end... have you ever thought of learning about text config files? (seriously, there are some other front-ends such as SWAT and webmin. They, however, don't integrate with Aqua, but they should be usable) Of course, those steps are only necessary if you want to share resources from your Mac with the rest of your network. I don't believe the existing CIFS (SMB client in the kernel) client has gone away in OSX 10.7. -- Tony Hoover, Network Administrator KSU - Salina, College of Technology and Aviation (785) 826-2660 Don't Blend in... -- -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Daniel Sutton Sent: Monday, September 19, 2011 8:03 PM To: samba@lists.samba.org Subject: [Samba] Samba for Mac OS X Dear Samba Community, Because Apple has transitioned away from the open-source SAMBA protocol for their new 10.7 release of Mac OS X, I was wondering if there is a third-party solution to fill this void. Because OS X is based on Darwin, and Darwin is an open-source free version of UNIX, I thought there might be a solution with an Aqua front-end that would make it easier for Mac machines to connect to Windows networks. If you are able to answer my question, I would be very happy! Thank you so much, and have a great week, --Daniel --- Daniel Sutton danielsut...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] basic LDAP authentication to Samba share from existin g directory
We use pGINA (www.pgina.org) to authenticate windows user logins via ldaps:// against the university directory. Don't know if that will fit your model, but it works for us. -- Tony Hoover, Network Administrator KSU - Salina, College of Technology and Aviation (785) 826-2660 Don't Blend in... -- -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Brent Busby Sent: Wednesday, June 29, 2011 4:59 PM To: samba@lists.samba.org Subject: [Samba] basic LDAP authentication to Samba share from existing directory We have an existing LDAP directory in which users have UNIX passwords that are used for a variety of different services. We'd like to keep as close to having a single synchronized password service as possible, but we've run into an issue. There seem to be two ways of doing this, neither of which seem helpful: (1) ldapsam From looking at the Samba documentation that's available, it looks like there is no possibility of true password synchronization between NT passwords and UNIX. (Please correct me if that's not so -- I'd really like to be wrong!) You setup the samba.schema on the LDAP server, which gives you the sambaNTPassword objectClass (among others), and that stores the clients' Windows password. They still have regular UNIX password capability from the inetorgperson.schema. These are two separate password fields, provided by two different schemas, both belonging to the same user's LDAP account. Basically, you've got two account systems in the same user's LDAP data, completely separate. (Is all this true so far?) You use the ldapsam passdb backend to connect to Samba to your LDAP server, and when a Windows machine wants to change its NT password, it can use that backend to do it. None of this seems to be helping get any closer to allowing Windows clients to authenticate off of the same password database as our UNIX services There's a utility called smbldap-populate, but all this seems to do is go through an existing user database and give the users the new Samba object classes if they don't have them. It doesn't really translate their UNIX passwords into NT passwords and fill them in, does it? (2) pam_unix On the other hand, there is a more apocryphal (and dangerous) way to do this, which does what we want, but is completely insecure: You can setup Samba to use pam_unix to authenticate, so that it is using the local UNIX security stack rather than its own ldapsam passdb, and then setup PAM to do LDAP auth at the UNIX level (the same way you would if you were setting the machine up to allow LDAP login for SSH or some other such UNIX service). The reason that's insecure is because since PAM doesn't know what to do with an encrypted NT password, it is necessary to setup both the Windows clients and the smb.conf on the Samba server for encrypted passwords = no, which then makes it so that even if you're doing secure LDAP over SSL/TLS, you're still screwed because your passwords get sent from the Windows clients in cleartext. So you get: WINDOWS - cleartext - SAMBA - ldap ssl/tls encrypted - LDAP It's only encrypted for part of the trip, which isn't good enough at all. This method does however let you authenticate Windows clients directly off of an existing UNIX password database in LDAP, and works perfectly if you don't mind having passwords flying around in the clear on your LAN. Does anyone have any suggestions on this? I've poured over literally reams of Samba and LDAP documentation in the past week or so, looking for an answer to this. It hasn't helped that most of the documentation seems to be aimed at setting up Samba as a full scale NT Primary Domain Controller, with domain membership for machines and the whole nine yards. Many of these documents are much more elaborate than is (hopefully!) necessary for just doing LDAP password auth, and it's not clear from reading them how much of what is being described is required for basic authentication, and how much is just the writer taking advantage of everything Samba can do in one configuration. (Some of these howtos are thirty or forty pages long.) Also, many of them presume that you're starting from scratch, and that you don't have any existing users, and you're free to implement an LDAP namespace from an empty tree. Is there any way to LDAP-authenticate Samba from an existing user database with their existing UNIX passwords, without resorting to implementing a full PDC setup, or requiring that the Windows side use cleartext passwords, or ending up with two separate password fields (UNIX and NT)? (The later option almost seems to remove some of the motivation for using LDAP at all, since you end up with double-signon. Help and comments appreciated! -- + Brent A. Busby + The New JFI Computing Web Site: + Sr.
[Samba] Please quit publishing my e-mail address
Due to a up-tick in the amount of SPAM my account has been receiving, I googled my e-mail address, and discovered that my e-mail address, along with the e-mail addresses of many subscribers to the SAMBA mailing list (samba@lists.samba.org) are being published in a harvestable form on your website. Specifically, this page: http://omgili.com/usrmgr.exe-, although there may be more instances. Please either obfuscate the e-mail addresses so they can't be harvested, or remove my e-mail addresses from all your pages. Thank you. T -- Tony Hoover, Network Administrator KSU - Salina, College of Technology and Aviation (785) 826-2660 Don't Blend in... -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Please quit publishing my e-mail address
This message was to the administrators of omgili. I CC'd the Samba list to alert users here that your e-mail address may also be published in a harvestable form. -- Tony Hoover, Network Administrator KSU - Salina, College of Technology and Aviation (785) 826-2660 Don't Blend in... -- -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Hoover, Tony Sent: Thursday, April 07, 2011 10:21 AM To: supp...@omgili.com Cc: samba@lists.samba.org Subject: [Samba] Please quit publishing my e-mail address Due to a up-tick in the amount of SPAM my account has been receiving, I googled my e-mail address, and discovered that my e-mail address, along with the e-mail addresses of many subscribers to the SAMBA mailing list (samba@lists.samba.org) are being published in a harvestable form on your website. Specifically, this page: http://omgili.com/usrmgr.exe-, although there may be more instances. Please either obfuscate the e-mail addresses so they can't be harvested, or remove my e-mail addresses from all your pages. Thank you. T -- Tony Hoover, Network Administrator KSU - Salina, College of Technology and Aviation (785) 826-2660 Don't Blend in... -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [Announce] Samba 3.5.7, 3.4.12 and 3.3.15 Security Re leases Available
When I upgrade a major revision (3.4.x - 3.5.x ), I always get a listing from testparm -v before and after the upgrade to make sure that a parameter (that I didn't specify in the config) didn't change it's default setting. -- Tony Hoover, Network Administrator KSU - Salina, College of Technology and Aviation (785) 826-2660 Don't Blend in... -- -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Eckert, Robert D Sent: Thursday, March 17, 2011 11:01 AM To: 'Jeremy Allison'; 'Chris Smith' Cc: 'sa...@samba.org'; 'samba-annou...@samba.org'; 'samba-techni...@samba.org' Subject: Re: [Samba] [Announce] Samba 3.5.7, 3.4.12 and 3.3.15 Security Releases Available Greetings, Can I go directly from 3.4.7 to the new 3.5.8 without installing any intermediate versions? Or is there a different route I should follow? Thank you for your help, -Bob %% Bob Eckert Principal Applications/Systems Analyst Indiana University Information Technology Services WebTech Team 2711 East 10th Street - E5 150.25 Bloomington, IN 47408 Email: eck...@indiana.edu Voice: (812) 855-7209 Fax: (812) 856-5242 -Original Message- From: samba-announce-boun...@lists.samba.org [mailto:samba-announce-boun...@lists.samba.org] On Behalf Of Jeremy Allison Sent: Monday, February 28, 2011 11:37 AM To: Chris Smith Cc: sa...@samba.org; samba-annou...@samba.org; samba-techni...@samba.org Subject: Re: [Samba] [Announce] Samba 3.5.7, 3.4.12 and 3.3.15 Security Releases Available On Mon, Feb 28, 2011 at 10:15:23AM -0500, Chris Smith wrote: On Mon, Feb 28, 2011 at 8:35 AM, Karolin Seeger ksee...@samba.org wrote: Samba 3.5.7, 3.4.12 and 3.3.15 are security releases in order to address CVE-2011-0719. Will there be a new 3.5.7 Jumbo Patch available for those using it with 3.5.6 and strict allocate? Or does the current 3.5.6 Jumbo Patch work fine with 3.5.7 (I'm assuming it's not included as there was no mention of any other fixes in the release notes)? Both patches should work fine together. As per our policy, security fix releases contain no other changes than the security bugfix. Just take the 3.5.7 release and apply the jumbo patch on top of it, as you did with 3.5.6. A 3.5.8 will be released soon with all the pending patches we were planning the next release before it got preempted by the security fix. Hope this helps, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba and the Internet discussion
If you trust EVERYONE on the internet, yes you could use Samba on the internet without using a VPN. Since everyone on the internet is not trustworthy, it is not a wise idea. -- Tony Hoover, Network Administrator KSU - Salina, College of Technology and Aviation (785) 826-2660 Don't Blend in... -- -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Mössler, Michael Sent: Wednesday, January 05, 2011 7:58 AM To: samba@lists.samba.org Subject: [Samba] samba and the Internet discussion Is it meanwhile save to use samba over the Internet without using VPN ? Mit freundlichen Grüßen Michael Mössler _ Beratung uhb consulting AG Chiemseering 1 84427 St. Wolfgang __ Tel.: 08085/939 131 Fax: 08085/939 - 2131 WEB: www.uhb-consulting.de http://www.uhb-consulting.de/ Sitz der AGChiemseering 184427 St. Wolfgang Registergericht Amtsgericht München HandelsregisterHRB 134531 Aufsichtsratvorsitzende Claudia Rott VorstandsmitgliederErwin Senner Thomas Untehaslberger Stephan Essmeyer -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba and the Internet discussion
My Bad, I should hgave said ... Since not everyone on the internet is trustworthy... :-) -- Tony Hoover, Network Administrator KSU - Salina, College of Technology and Aviation (785) 826-2660 Don't Blend in... -- -Original Message- From: Volker Lendecke [mailto:volker.lende...@sernet.de] Sent: Wednesday, January 05, 2011 9:36 AM To: Hoover, Tony Cc: Mössler, Michael; samba@lists.samba.org Subject: Re: [Samba] samba and the Internet discussion On Wed, Jan 05, 2011 at 09:32:05AM -0600, Hoover, Tony wrote: If you trust EVERYONE on the internet, yes you could use Samba on the internet without using a VPN. Since everyone on the internet is not trustworthy, it is not a wise idea. Well, I'd put it a bit differently (I do know some trustworthy people active on the internet), but you're right: You definitely want a VPN to tunnel Samba traffic. The Samba/smbclient specific in-band transport encryption unfortunately made it anywhere else so far. With best regards, Volker Lendecke -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] log level = 20 not showing auth, etc...
I believe that the max log level is 10 (e.g. you are setting an invalid value). Someone will correct me if I'm wrong, I'm sure. -- Tony Hoover, Network Administrator KSU - Salina, College of Technology and Aviation (785) 826-2660 Don't Blend in... -- -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Jeff Blaine Sent: Tuesday, January 04, 2011 4:04 PM To: samba@lists.samba.org Subject: [Samba] log level = 20 not showing auth, etc... Samba 3.5.6 I must be really misunderstanding 'log level' somehow. I have tried all of the following and cannot get my logs to show anything related to authentication or share accesses at all: log level = 20 log level = all:20 log lovel = 3 auth:20 If I access one of the server's shares successfully, not a single thing shows up in the log. Yes, I am looking at the right log, and yes other things do get written to the log from smbd :) Any help would be very welcome. Jeff Blaine -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 problem accessing domain member samba serve r on different subnet
We recently ran into a similar issue. If you have any microsoft Live components installed on your 7 box, samba servers must be contacted by numeric IP address rather than netbios (or even IP mnemonic) name. http://www.sevenforums.com/network-sharing/8303-cant-connect-samba-share-via -name-ip-works.html -- Tony Hoover, Network Administrator KSU - Salina, College of Technology and Aviation (785) 826-2660 Don't Blend in... -- -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of d Sent: Tuesday, November 30, 2010 11:22 PM To: samba@lists.samba.org Subject: [Samba] Windows 7 problem accessing domain member samba server on different subnet Hi All, I have a problem accessing Samba 3.0.33 on some CentOS 5 machines on a different subnet from a Windows 7 computer. All servers and computers are joined to a Windows 2003 AD domain. I have identical samba machines on two subnets (CentOS/samba 3.0.33). The samba machines on the same subnet as my Win 7 computer are accessible both by the netbios name and ip address. The samba machines on another subnet are only accessible by IP address. If I attempt to access these samba servers using their netbios name, I get prompted for a password. This configuration has worked for some time, and all CentOS/samba machines are accessible by Windows XP and 2003 using the netbios name. I believe Windows 2008 servers have the same issues as Windows 7. Access can only be made by IP address and not netbios name. Is this a known issue, or something specific to my environment? I have been googling this for some time and I cannot find any issue identical to this. Some additional info: security = domain client use spnego = no encrypt passwords = yes ntlm auth = yes lanman auth = yes client ntlmv2 auth = yes remote browse sync = 10.0.0.255 10.0.0.0 remote announce = 10.0.0.255 10.0.0.0 local master = no wins server = ip of ad wins server - Not using winbind but nss_ldap and AD schema extension to support POSIX attributes. - There are no packet filters between subnets. - The router is configured to dish out IPv6 addresses, and the Windows 7 machine has an IPv6 address, as do all the samba/centos machines. However, the samba/centos machines don't have any records, and samba 3.0 does not support IPv6. I'm fairly stumped. Any tips? Regards, Dan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Printer Driver Delivery - Printing Preferences Error
The Xerox Work Centre print drivers do a LOT of server registry stuff (during the print process). I could never get them to function reliably on a samba server. However, using either the HP universal drivers for PCL output or the CUPS driver for Postscript output, I was able to make the Xerox print reliably. The coin-mech attached to the printer, however, could not be configured to meet the requirements set by the department, so we no longer have a Xerox Work Centre on campus. -- Tony Hoover, Network Administrator KSU - Salina, College of Technology and Aviation (785) 826-2660 Don't Blend in... -- -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Beau Sapach Sent: Wednesday, December 01, 2010 2:40 PM To: samba@lists.samba.org Subject: [Samba] Printer Driver Delivery - Printing Preferences Error Hello everyone, I've got a Xerox Work Centre 5735 that I'm printing to via Samba. When I install the drivers on a client (using the right-click-Connect method) from the samba shared printer then the install goes smoothly but I can't load the Printing Preferences dialogue for that printer, I get an Operation could not be completed error. This same error does not occur when I install the same printer on the same workstation - but this time from a Windows 2003 server instead of the Samba server. Even when I have both the samba and Windows Server 2003 printers side-by-side this problem exists for one but not the other. Upon further investigation I see that there are sub keys of: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\LanMan Print Services\w2k3server\Printers\XeroxWorkCentre5735PS Namely: PnPData, PrinterDriverData, PrintProcCacheData, And these keys don't exist under the equivalent \sambaserver\Printers\XeroxWorkCentre5735PS key. I've tried merging the missing keys (and missing values from DsSpooler PrinterDriverData) from one to the other but the extra keys are blown away as soon as I do anything with the samba server's printer. Since the Xerox Printing Preferences dialogue looks pretty custom, I suspect that there are classes, controls etc. that are registered by a Windows - Windows driver delivery that don't get done with a Samba - Windows delivery. If anyone has any advice, a work around etc. any help would be much appreciated. Thanks! Beau -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] AD member server - getting a user's name (GECOS)
I'll bet a simple LDAP query will retrieve the data you are looking for. -- Tony Hoover, Network Administrator KSU - Salina, College of Technology and Aviation (785) 826-2660 Don't Blend in... -- -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Robert M. Martel - CSU Sent: Thursday, November 04, 2010 3:31 PM To: Samba mailing list Subject: [Samba] AD member server - getting a user's name (GECOS) Greetings, My odd question for the week - I've been unable to figure out if/how to do this. Given an Active Directory user ID, is there a way to get the user's real name? During testing of our Samba AD member servers I have seen user's given names appearing in the log files - is there a way that I can pull that for my own use? Our site uses loginIDs for users that give no clue as to their identity, it would be nice to turn those IDs into the user's actual name so I know who is doing what. I've been playing with wbinfo which seemed like a good place to start, but no joy there. I'm looking for GECOS info, not the user's UID or GID. Thanks, Bob -- *** Robert M. MartelPushing myself and this old machine System AdministratorBurning fumes Levin College of Urban Affairs and what's left of my dreams Cleveland State University (216) 687-2214 r.mar...@csuohio.edu *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] When im login the error: A device attached to the sy stem is not functioning
It looks to me like you have ldap user suffix and ldap machine suffix defined twice. testparm should tell you which of these definitions samba is using. Tony Hoover, Network Administrator KSU - Salina, College of Technology and Aviation (785) 826-2660 Don't Blend in... -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Muqtadir Kamal Sent: Friday, June 04, 2010 7:23 AM To: samba@lists.samba.org Subject: [Samba] When im login the error: A device attached to the system is not functioning Hey everyone, I've got a Samba server running with an Open LDAP backend, I could login with the Administrator's account in window xp cleints When im login the error: A device attached to the system is not functioning # - smb.conf start - [global] workgroup = - netbios name = enable privileges = yes passdb backend = ldapsam:ldap://127.0.0.1 printcap name = cups printing = cups security = user log level = 3 time server = Yes Dos charset = 850 domain master = Yes wins support = Yes ldap ssl = off #dap admin dn = cn=Manager,dc=--,dc=net ldap admin dn = cn=samba,ou=Users,dc=--,dc=net ldap suffix = dc=--,dc=net ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap user suffix = ou=People ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Hosts ldap delete dn = Yes add user script = /usr/sbin/smbldap-useradd -m %u add machine script = /usr/sbin/smbldap-useradd -w %u add group script = /usr/sbin/smbldap-groupadd -p %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u delete user script = /usr/sbin/smbldap-userdel %u delete group script = /usr/sbin/smbldap-groupdel %g #logon path = \\%L\Profiles\%U #logon path = logon drive = H: #logon home = \\%L\%U #logon script = %U.bat #logon script = logon.bat domain logons = Yes os level = 35 preferred master = Yes domain master = Yes idmap uid = 15000-2 idmap gid = 15000-2 winbind use default domain = Yes passwd program = /usr/bin/passwd '%u' unix password sync = no passwd chat = *New UNIX password* %n\n *Retype new UNIX password* %n\n *updated successfully* enable privileges = yes username map = /etc/samba/smbusers wins support = Yes # printers configuration printer admin = @Print Operators load printers = Yes create mask = 0640 directory mask = 0750 nt acl support = No printing = cups printcap name = cups deadtime = 10 guest account = nobody map to guest = Bad User dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd show add printer wizard = yes ; to maintain capital letters in shortcuts in any of the profile folders: preserve case = yes short preserve case = yes case sensitive = no [homes] comment = Home Directories valid users = %S read only = No browseable = No server signing = auto server schannel = Auto [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon admin users = root guest ok = Yes browseable = No admin users = Administrator valid users = %U [Profiles] #comment = Roaming Profile Share #path = /var/lib/samba/profiles read only = No profile acls = Yes create mask = 0600 directory mask = 0700 # - smb.conf end - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] unable to join to a Samba4 domain
Try adding these SRV entries to your DNS server: --- _ldap._tcp.samba4.my.domain. INSRV00389 ldapserver.samba4.my.domain. _ldap._tcp.dc._msdcs.samba4.my.domain.INSRV00389 ldapserver.samba4.my.domain. _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.samba4.my.domain. INSRV00389ldapserver.samba4.my.domain. _kerberos._tcp.samba4.my.domain.INSRV0088 kerberosserver.samba4.my.domain. _kerberos._tcp.dc._msdcs.samba4.my.domain.INSRV0088 kerberosserver.samba4.my.domain. --- Where ldapserver.samba4.my.domain is the FQDN of the LDAP server in your domain (samba4 domain controller?), and kerberosserver.samba4.my.domain. is the FQDN of your kerberos server (also your samba4 domain controller?) If you have multiple domain controllers, you will need to have the full set of SRV records point to the each of the DCs. Good luck. T -- Tony Hoover, Network Administrator KSU - Salina, College of Technology and Aviation (785) 826-2660 Don't Blend in... On Thu, 2010-05-20 at 09:00 -0500, Tomasz Chmielewski wrote: I'm trying to join a Windows 2008 to a Samba4 domain. I'm able to ping Samba4 or browse its network shares. Unfortunately, I can't join Windows 2008 to this Samba4 domain - I'm not even asked for Administrator password. Windows 2008 errors with the below message, which roughly translates to: DSN-query for domain samba4.my.domain was successful. The query was for _ldap._tcp.dc._msdcs.samba4.my.domain SRV-entry. The following AD controller was identified: contact-samba4.samba4.my.domain The most frequent errors for this error is: - missing A-entry - AD has no network connection Below, the original text (in German): Die DNS-Abfrage über den Ressourceneintrag der Dienstidentifizierung (SRV), der zur Suche eines Active Directory-Domänencontrollers für die Domäne samba4.my.domain verwendet wird, wurde erfolgreich abgeschlossen: Die Abfrage war für den SRV-Eintrag für _ldap._tcp.dc._msdcs.samba4.my.domain Die folgenden Active Directory-Domänencontroller wurde von der Abfrage identifiziert: contact-samba4.samba4.my.domain Die häufigsten Ursachen dieses Fehlers sind: - Host (A)-Einträge, die den Namen des Active Directory-Domänencontroller dessen IP-Adressen zuordnen, fehlen oder enthalten nicht die richtigen Adressen. - Die in DNS registrierten Active Directory-Domänencontroller verfügen nicht über eine Netzwerkverbindung oder werden nicht ausgeführt. -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Any pitfalls updating straight from 3.0.34 to 3.5.2?
Some entries in your smb.conf have changed default values. Get a listing from testparm -v before and after to be able to work around those details. Also, IIRC, With the newer samba 3 packages (starting around 3.3), you need to have a correctly configured krb5.conf file. Tony Hoover, Network Administrator KSU - Salina, College of Technology and Aviation (785) 826-2660 Don't Blend in... -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of ray klassen Sent: Friday, April 16, 2010 10:46 AM To: samba@lists.samba.org Subject: [Samba] Any pitfalls updating straight from 3.0.34 to 3.5.2? Okay, so I've just put the sernet repo file in my yum.repos.d directory and a yum update will elevate my samba server to the latest version. Is there any pitfall that is out there that I can avoid before yum updating. Centos 5.3 samba3-3.0.34-37 related packages openldap-2.3.43-3.el5 related packages I still have my samba3-3.0.34 packages squirreled away so I can force downgrade if I need to, but I don't want to if I don't have to. Any advice before the plunge? Ray -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Any pitfalls updating straight from 3.0.34 to 3.5.2?
If you're not connecting to an Active Directory (either as a trusted domain, or as a domain member), configuring Kerberos may not be required. If you do require Kerberos, the [realms] and [domain_realm] sections would need to be customized for your network. Additionally, the default_realm entry in the [libdefaults] section would need to be edited. Tony Hoover, Network Administrator KSU - Salina, College of Technology and Aviation (785) 826-2660 Don't Blend in... -Original Message- From: ray klassen [mailto:julius_ahenobar...@yahoo.co.uk] Sent: Friday, April 16, 2010 1:04 PM To: Hoover, Tony Subject: Re: [Samba] Any pitfalls updating straight from 3.0.34 to 3.5.2? Wow. Thanks. Is there any quick way do create a krb5.conf file. (i.e. standard defaults and so on?) From: Hoover, Tony hoo...@sal.ksu.edu To: ray klassen julius_ahenobar...@yahoo.co.uk; samba@lists.samba.org Sent: Fri, 16 April, 2010 10:00:28 Subject: RE: [Samba] Any pitfalls updating straight from 3.0.34 to 3.5.2? Some entries in your smb.conf have changed default values. Get a listing from testparm -v before and after to be able to work around those details. Also, IIRC, With the newer samba 3 packages (starting around 3.3), you need to have a correctly configured krb5.conf file. Tony Hoover, Network Administrator KSU - Salina, College of Technology and Aviation (785) 826-2660 Don't Blend in... -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of ray klassen Sent: Friday, April 16, 2010 10:46 AM To: samba@lists.samba.org Subject: [Samba] Any pitfalls updating straight from 3.0.34 to 3.5.2? Okay, so I've just put the sernet repo file in my yum.repos.d directory and a yum update will elevate my samba server to the latest version. Is there any pitfall that is out there that I can avoid before yum updating. Centos 5.3 samba3-3.0.34-37 related packages openldap-2.3.43-3.el5 related packages I still have my samba3-3.0.34 packages squirreled away so I can force downgrade if I need to, but I don't want to if I don't have to. Any advice before the plunge? Ray -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba with ldap + windows AD can work together?
A couple years ago when I migrated my NT4 domain to Samba, I had to re-establish the trust relationships with the other domains after the migration. Other than that, the migration was rather uneventful. On Wed, 2010-01-06 at 23:39 -0600, Alberto Moreno wrote: Hi people. I have 2 domains right now: WinNT4 + Windows 2k3. A lot of u will say, why don't u just move everything to win2k3?.. well I prefer to work with linux/Unix. My question is this, I test the migration from NT4 to linux with ldap, it works and is not to difficult, my problem is this: All my printers are in the server running windows 2k3 my AD server, the NT4 users can access the resources from the win2k3 server without any issue, if I make the migration from NT4 to Linux, will my users lost the connection of the win2k3(AD) resources? Centos 5.4. Thanks!!! -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Cannot connect from Windows 2000 to Samba 3.4.0 on Li nux ....
Some default setting have changed. Use: testparm -v from your various versions of samba to detect which parameters may be causing you issues. Tony Hoover, Network Administrator KSU - Salina, College of Technology and Aviation (785) 826-2660 Don't Blend in... -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Jochen Roderburg Sent: Tuesday, September 01, 2009 6:47 AM To: samba@lists.samba.org Subject: [Samba] Cannot connect from Windows 2000 to Samba 3.4.0 on Linux Second try via gmane, because direct mail to the mailing list was rejected :-( ... when using not-encrypted passwords. Yes, I know, that is not the recommended secure way, but I want also AFS authentication via samba and that does not work with encrypted windows passwords. I have been doing this successfully for numerous years with all samba generations from 1.x up to 3.3.x. I do not see any changes in the 3.4 ChangeLog that could be related to this. On the samba side there are no error messages in the log files (with standard log levels). On the Windows side it either says no permission or repeatedly asks for username/password. Strange thing found during repeated test series with different samba versions: when I start with an older version and get my connections, then kill all samba daemons and start new with 3.4 (with same configuration/data directories) everything suddenly works again. The old connection are still usable and new connections can also be made. Of course this is very confusing and makes it hard to recognize what actually is going on. Update to my first try to report this problöm: I see that there is now a relatively new bugzilla entry # which looks similar to my case. Could this be the same cause ??? Best regards, Jochen Roderburg RRZK University of Cologne Robert-Koch-Str. 10Tel.: +49-221/478-7024 D-50931 Koeln E-Mail: roderb...@uni-koeln.de Germany -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] most common way to implement 'net time' privileges
Use user manager for domains from the NT admin tools. select the correct domain (if not already selected). Select Policy - User Rights Select the right: Change the system time Click Add... then select Domain Users Tony Hoover, Network Administrator KSU - Salina, College of Technology and Aviation (785) 826-2660 Don't Blend in... -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Liutauras Adomaitis Sent: Monday, August 24, 2009 4:51 AM To: Samba list Subject: [Samba] most common way to implement 'net time' privileges Hello samba, I would like to ask about what is the most common and less effort way to let users change time without admin privileges on windows workstations. To be exact I'm trying to find out the quick and dirty way to sync time between win workstations (xp and vista) and PDC Samba 3.3.2. I do use net logon scripts and it is failing on net time \\pdc-server /set /yes command because of missing privileges. Any know how would be nice. Thanks for your time Liutauras -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind and getent
Have you configured your /etc/krb5.conf file? Tony Hoover, Network Administrator KSU - Salina, College of Technology and Aviation (785) 826-2660 Don't Blend in... -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Gabriel Petrescu Sent: Thursday, July 30, 2009 8:39 AM To: John Stile Cc: samba@lists.samba.org Subject: Re: [Samba] winbind and getent hi:) in my case it's working: wbinfo Shows winbind is doing lookups from ADS wbinfo -u wbinfo -g wbinfo -a mydomain+myuser%mypassword and i get an error here: kinit tests kinit(v5): Client not found in Kerberos database while getting initial credentials any advice here? gabi On Wed, Jul 29, 2009 at 6:58 PM, John Stilej...@stilen.com wrote: On Wed, 2009-07-29 at 22:33 +1000, tsg-samba wrote: Hi Volker, Yes in smb.conf i have: winbind enum users = Yes winbind enum groups = Yes getent Shows nsswitch is correct, to resolve ADS users and groups. getent passwd getent group wbinfo Shows winbind is doing lookups from ADS wbinfo -u wbinfo -g wbinfo -a mydomain+myuser%mypassword kinit tests if kerberose can authenticate kinit myuser If 'wbinfo -g' shows MYDOMAIN+Domain Users, maybe your share should have a line like: valid users = @MYDOMAIN+Domain Users -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to use local profiles in samba PDC?
logon path = will disable automatic roaming profile settings. You can still define roaming (or mandatory) profiles on a per user basis using user manager from the NT admin tools. Tony Hoover, Network Administrator KSU - Salina, College of Technology and Aviation (785) 826-2660 Don't Blend in... -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Kyle Schmitt Sent: Tuesday, July 28, 2009 4:17 PM Cc: samba Subject: Re: [Samba] How to use local profiles in samba PDC? On Tue, Jul 28, 2009 at 3:56 PM, Miguel Medalhamiguelmeda...@sapo.pt wrote: How do you enable local profile creation on machines connected to a samba PDC? In smb.conf: logon path = [meaning nothing after the = sign] Ah. I thought that the stanza would just disable roaming profiles. logon path = Do I take it that there is no good way to have a mix of local roaming profiles? IE: where if the user has a profile on the server they get it, otherwise they use a local? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Kerberos issue after upgrade
I recently upgraded samba on a domain controller from samba3-3.3.4-39.el5 to samba3-3.3.6-39.el5 (from SerNET on a CentOS 5.3 box), and the interdomain trusts between the samba domain and my AD domain quit working. The /var/log/samba/wb-ADDOMAIN file was full of this message: [2009/07/02 09:19:57, 0] libads/kerberos.c:ads_kinit_password(362) kerberos_kinit_password sambadom...@addomain.university.edu failed: Cannot find KDC for requested realm Even though the Samba-HowTo says that configuring your krb5.conf file may be detrimental, I did so anyway. After configuring my krb5.conf, winbind was able to resolve users from the AD domain. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Is the net rpc vampire at all destructive to a NT4 PD C?
net rpc vampire ... does NOT set the SAM or SECURITY hives of the registry to readable, which is what renders the PDC non-operable. net rpc vampire ... is safe to use as many times as it takes to get comfortable with the process. I did it my self when I was converting our labs NT4 domain to Samba. -- Tony Hoover, Network Administrator KSU - Salina, College of Technology and Aviation (785) 826-2660 Don't Blend in... On Tue, 2009-03-24 at 13:48 -0500, Derek Werthmuller wrote: Reading through the Samba3 -By Example guide and I'm confused with the statement section 9.2 http://www.samba.org/samba/docs/man/Samba-Guide/ntmigration.html#id2594565 about accessing the SAM and Security sections of the registry will render the PDC non operable. Its clear from the text if you go and edit the registry(regedit etc..) so you can read the entries your PDC will not work. What's not exactly clear is if any of the tools like net rcp vampire or getsid tools change the operation of the PDC in this way or any other way for that mater. The net rcp tools don't access the registry in this destructive way do they? Like: # net rpc vampire -S TRANSGRESSION -U Administrator%not24get /tmp/vampire.log 21 Is it safe to run the net rpc vampire command on a PDC as many times as you want in effort to test the NT4 - samba PDC? While keeping the NT4 PDC in production mode? With the goal of test the full operation of the migrated PDC on a separate network. Thanks Derek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
RE: [Samba] regshell only goes to HKEY_CLASSES_ROOT
It seems to me that you have only told it to load the remote machine's HCR hive. Try it with this: ./regshell --remote=192.168.50.142 --user=Administrador%xxx HKEY_LOCAL_MACHINE I don't know for sure, but that seems like it should work Tony Hoover, Network Administrator KSU - Salina, College of Technology and Aviation (785) 826-2660 Don't Blend in... -Original Message- From: samba-bounces+hoover=sal.ksu@lists.samba.org [mailto:samba-bounces+hoover=sal.ksu@lists.samba.org] On Behalf Of TopCom 900 Sent: Friday, January 16, 2009 4:50 AM To: samba@lists.samba.org Subject: [Samba] regshell only goes to HKEY_CLASSES_ROOT Hi all, I've compiled samba 4 from branches and it worked like a charm. I'm trying to use regshell to read (remotely) the following Windows registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall I can connect to the remote machine with no problems: ./regshell --remote=192.168.50.142 --user=Administrador%xxx HKEY_CLASSES_ROOT HKEY_CLASSES_ROOT info Name: HKEY_CLASSES_ROOT Full path: HKEY_CLASSES_ROOT Time Last Modified: Wed Dec 31 19:00:00 1969 Number of subkeys: 2943 Number of values: 0 Maximum sub key name length: 140 Error getting security descriptor I can also see the keys under HKEY_CLASSES_ROOT HKEY_CLASSES_ROOT list snip K System.Collections.CaseInsensitiveComparer K System.Collections.CaseInsensitiveHashCodeProvider K System.Collections.Hashtable K System.Collections.Queue K System.Collections.SortedList K System.Collections.Stack K System.ContextMarshalException snip Problem is when I want to go to another key, in this case I want to read, as I said before, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall HKEY_CLASSES_ROOT predef HKEY_LOCAL_MACHINE HKEY_CLASSES_ROOT pwd HKEY_CLASSES_ROOT There is no way I can read the value of HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall, I've tried loads of combinations, even escaping the \ Am I missing something? How can I read that key or at least move from HKEY_CLASSES_ROOT key, which is the one I can only see. Thank you in advance. T -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] regshell only goes to HKEY_CLASSES_ROOT
My bad. Damn Outhouse (outlook) removed necessary line breaks in your command line. please disregard my previous response. Tony Hoover, Network Administrator KSU - Salina, College of Technology and Aviation (785) 826-2660 Don't Blend in... -Original Message- From: samba-bounces+hoover=sal.ksu@lists.samba.org [mailto:samba-bounces+hoover=sal.ksu@lists.samba.org] On Behalf Of Hoover, Tony Sent: Friday, January 16, 2009 8:24 AM To: TopCom 900; samba@lists.samba.org Subject: RE: [Samba] regshell only goes to HKEY_CLASSES_ROOT It seems to me that you have only told it to load the remote machine's HCR hive. Try it with this: ./regshell --remote=192.168.50.142 --user=Administrador%xxx HKEY_LOCAL_MACHINE I don't know for sure, but that seems like it should work Tony Hoover, Network Administrator KSU - Salina, College of Technology and Aviation (785) 826-2660 Don't Blend in... -Original Message- From: samba-bounces+hoover=sal.ksu@lists.samba.org [mailto:samba-bounces+hoover=sal.ksu@lists.samba.org] On Behalf Of TopCom 900 Sent: Friday, January 16, 2009 4:50 AM To: samba@lists.samba.org Subject: [Samba] regshell only goes to HKEY_CLASSES_ROOT Hi all, I've compiled samba 4 from branches and it worked like a charm. I'm trying to use regshell to read (remotely) the following Windows registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall I can connect to the remote machine with no problems: ./regshell --remote=192.168.50.142 --user=Administrador%xxx HKEY_CLASSES_ROOT HKEY_CLASSES_ROOT info Name: HKEY_CLASSES_ROOT Full path: HKEY_CLASSES_ROOT Time Last Modified: Wed Dec 31 19:00:00 1969 Number of subkeys: 2943 Number of values: 0 Maximum sub key name length: 140 Error getting security descriptor I can also see the keys under HKEY_CLASSES_ROOT HKEY_CLASSES_ROOT list snip K System.Collections.CaseInsensitiveComparer K System.Collections.CaseInsensitiveHashCodeProvider K System.Collections.Hashtable K System.Collections.Queue K System.Collections.SortedList K System.Collections.Stack K System.ContextMarshalException snip Problem is when I want to go to another key, in this case I want to read, as I said before, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall HKEY_CLASSES_ROOT predef HKEY_LOCAL_MACHINE HKEY_CLASSES_ROOT pwd HKEY_CLASSES_ROOT There is no way I can read the value of HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall, I've tried loads of combinations, even escaping the \ Am I missing something? How can I read that key or at least move from HKEY_CLASSES_ROOT key, which is the one I can only see. Thank you in advance. T -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Any possibility to apply policies on WinXP machines u sing samba 3.2.3 ?
We make use of NT4 policies on our Samba domain. NTconfig.POL needs to be in \\domaincontroller\netlogon. I don't believe that you can use Active Directory GPOs (group policy objects) with a Samba domain. Tony Hoover, Network Administrator KSU - Salina, College of Technology and Aviation (785) 826-2660 Don't Blend in... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of hamacker Sent: Tuesday, December 09, 2008 11:46 AM To: samba@lists.samba.org Subject: [Samba] Any possibility to apply policies on WinXP machines using samba 3.2.3 ? Any possibility to apply policies on WinXP machines using samba 3.2.3 ? In samba documentation in : http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/PolicyMgmt.html There is references to apply policies in NT/2000 Server and winxp clients, but it's not clear to me that will run fine or not using samba 3.2.3+winxp machines. If exist a way, How ? I was create a local policies using gpedit.msc and I would like to apply to entire network. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] machine policy?
If you have access to Poledit.exe from NT4, you can use it to create a default machine policy that will push registry settings out to all machines in the domain, or specific settings for specific machines, but not groups. The policy file should be stored at \\yourPDC\netlogon\NTconfig.pol Tony Hoover, Network Administrator KSU - Salina, College of Technology and Aviation (785) 826-2660 Don't Blend in... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Norberto Bensa Sent: Thursday, October 30, 2008 6:43 AM To: samba@lists.samba.org Subject: [Samba] machine policy? Hello list, Is it possible to implement machine policies with Samba-3.0.x? Is so, how? I'm asking because I need to update registry settings and tz info for the computers on the domain, but the logon script is executed by the user (which doesn't have privileges to modify the registry entries nor date/time/tz configuration.) Many thanks in advance, Norberto This message was sent using IMP, the Internet Messaging Program. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] samba performance degrade
have you ruled out a networking problem? (i.e. Switch didn't auto-neg to the same speed/duplex settings as the server)? Tony Hoover, Network Administrator KSU - Salina, College of Technology and Aviation (785) 826-2660 Don't Blend in... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of vishesh Sent: Wednesday, October 22, 2008 4:55 PM To: samba@lists.samba.org Subject: [Samba] samba performance degrade dear all I am using samba 3.0.28 on RHEl 5.2. I am using samba with winbind that authenticate window 2003 domain. From last few months samba was running properly. But today samba server performance badly, even sometime mapped drive on xp disappear. When i tried to connect samba shares, error appear server not available. Anyone suggest me what may be the problem. Why samba performance degrade after running around a month. my configuration is as follows #=== Global Settings = [global] #--authconfig--start-line-- # Generated by authconfig on 2008/09/04 22:25:21 # DO NOT EDIT THIS SECTION (delimited by --start-line--/--end-line--) # Any modification may be deleted or altered by authconfig in future workgroup = abp password server = s2.abp.del realm = ABP.DEL security = ads idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/bash winbind use default domain = true winbind offline logon = false winbind enum users = yes winbind enum groups = yes #--authconfig--end-line-- server string = netbios name = abpdel2 admin users = @abp\domain admins # --- Network Related Options - # passdb backend = tdbsam map read only = no ;map system = no ;store dos attributes = yes hide dot files = yes veto files=/lost+found/Trash/Recycler # Share Definitions == ;[homes] ;comment = Home Directories ;browseable = no ;writeable = yes ;valid users = %S ;valid users = MYDOMAIN\%S ;[printers] ;comment = All Printers ;path = /var/spool/samba ;browseable = no ;guest ok = no ;writeable = no ;printable = yes # Un-comment the following and create the netlogon directory for Domain Logons ;[netlogon] ;comment = Network Logon Service ;path = /var/lib/samba/netlogon ;guest ok = yes ;writable = no ;share modes = no # Un-comment the following to provide a specific roving profile share # the default is to use the user's home directory ;[Profiles] ;path = /var/lib/samba/profiles ;browseable = no ;guest ok = yes # A publicly accessible directory, but read only, except for people in # the staff group ;[public] ;comment = Public Stuff ;path = /home/samba ;public = yes ;writable = yes ;printable = no ;write list = +staff [design] comment = home folder for design department path = /data/design vfs object = recycle recycle:repository = /data/design/Trash recycle:keeptrace = Yes writeable = yes create mask = 644 directory mask = 2755 [home] comment = home folder for bwedit path = /data/edit/home vfs object = recycle recycle:repository = /data/edit/home/Trash recycle:keeptrace = Yes writeable = yes create mask = 644 directory mask = 2755 [user] comment = home directory to tt feature and ab edit users path = /data/edit/user vfs object = recycle recycle:repository = /data/edit/user/Trash recycle:keeptrace = Yes writeable = yes create mask = 644 directory mask = 2755 [mark] comment = marketting users path = /data/marketting vfs object = recycle vfs:repository = /data/marketting/Trash vfs:keeptrace = Yes writeable = yes create mask = 644 directory mask = 2755 [system] comment = home folder for it path = /data/system vfs object = recycle recycle:repository = /data/system/Trash recycle:keeptrace = Yes writeable = yes [com] path=/data/marketting/com vfs object = recycle recycle:repository = /data/marketting/Trash recycle:keeptrace = Yes writeable=yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Unable to Join Domain
from : http://ftp.sernet.de/pub/services/samba/yum.txt Howto use SerNet Samba packages with Yum: - For example for RHEL 5 (tested packages): - cd /etc/yum.repos.d - wget http://ftp.sernet.de/pub/samba/tested/rhel/5/sernet-samba.repo - yum install samba3 To use the latest packages, use wget http://ftp.sernet.de/pub/samba/recent/rhel/5/sernet-samba.repo SerNet Samba Team - -- www.sambaxp.org -- www.enterprisesamba.com -- www.sernet.de -- - CentOS 5.2 would use the same instructions. except use the: http://ftp.sernet.de/pub/samba/recent/centos/5/sernet-samba.repo repo. You may [want to|have to] uninstall your samba before installing samba3 from the sernet repo. Tony Hoover, Network Administrator KSU - Salina, College of Technology and Aviation (785) 826-2660 Don't Blend in... -Original Message- From: Greg Koch [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 03, 2008 5:15 PM To: Hoover, Tony Cc: Mike Eggleston; samba@lists.samba.org Subject: RE: [Samba] Unable to Join Domain I had 3.0.28a but when I attempt to install from yum the most current version it supplies is 3.0.28-1.el5_2.1. I realize it is a different package, but it didn't seem to solve my issue. Any help with getting yum to give me a more current version, or other ideas to solve this issue? On Wed, 3 Sep 2008 16:29:16 -0500, Hoover, Tony [EMAIL PROTECTED] wrote: Samba 3.0.28a (from CentOS 5.2) would not allow me to add my new domain controller to the domain that it was supposed to be controlling. I uninstalled 3.0.28a and installed the 3.0.31 version (which was current at that time). After the upgrade, I was able to join the domain with out difficulty. I submitted a bug-report to CentOS about this issue. -- -- Tony Hoover, Network Administrator KSU - Salina, College of Technology and Aviation (785) 826-2660 Don't Blend in... -- -- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Greg Koch Sent: Wednesday, September 03, 2008 2:33 PM To: Mike Eggleston Cc: samba@lists.samba.org Subject: Re: [Samba] Unable to Join Domain The server is a WINS server, and I tried adding the server IP to the Advanced/WINS tab and I have the same problem. Any other ideas? On Tue, 2 Sep 2008 06:14:55 -0500, Mike Eggleston [EMAIL PROTECTED] wrote: On Mon, 01 Sep 2008, Greg Koch might have said: I recently setup a new server with CentOS 5.2. Everything works great on the server except when I try to join the domain it simply tells me: The following error occurred attempting to join the domain Domain: The user name could not be found. I have configured my samba box as a wins server and placed tht IP address in the wins configuration dialog on the windows box I'm joining to my samba PDC. (Start-Settings-Control Panel-Network Connections-right-click on active network connection and choose properties-double-click in TCP/IP (at the bottom)-Advanced-WINS tab). Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: net ads join failed
It means that your primary DNS server does not support dynamic updates. On Thu, 2008-09-04 at 16:54 +0200, Thomas Vito wrote: Apparently something is wrong with my hosts file. I have changed it and now get a much better result: [EMAIL PROTECTED] ~]# net ads join -U [EMAIL PROTECTED] [EMAIL PROTECTED]'s password: Using short domain name -- ACME DNS update failed! Joined 'AMSDEV-DV10' to realm 'EU.ACME.COM' What the dns update failed means? 2008/9/4 Thomas Vito [EMAIL PROTECTED] Hi, I am trying to join a samba server to my AD directory but if fails: [EMAIL PROTECTED] postfix]# net ads join -U [EMAIL PROTECTED] [EMAIL PROTECTED]'s password: [2008/09/04 15:12:45, 0] libads/kerberos.c:ads_kinit_password(228) kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot resolve network address for KDC in requested realm Failed to join domain: Undetermined error [EMAIL PROTECTED] postfix]# net ads join -U [EMAIL PROTECTED] [EMAIL PROTECTED]'s password: Using short domain name -- ACME Failed to set servicePrincipalNames. Please ensure that the DNS domain of this server matches the AD domain, Or rejoin with using Domain Admin credentials. Deleted account for 'AMSDEV-DV10' in realm 'EU.ACME.COM' Failed to join domain: Type or value exists There is no computer account named amsdev-dv10 in my directory. kinit doesn't return anything [EMAIL PROTECTED] postfix]# kinit apacci Password for [EMAIL PROTECTED]: My resolv.conf is ok.I can ping and resolve hosts in my AD. My /etc/host file is basic: ::1 localhost.localdomain localhost amsdev-dv10 The username is domain admin. My krb5.conf is as follow: [libdefaults] default_realm = EU.ACME.COM dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h forwardable = yes [realms] EU.ACME.COM = { kdc = amsterdam-dc02.eu.acme.com kdc = amsterdam-dc01.eu.acme.com admin_server = amsterdam-dc02.eu.acme.com master_kdc = amsterdam-dc02.eu.acme.com default_domain = eu.acme.com } [domain_realm] eu.acme.com = EU.ACME.COM .eu.acme.com = EU.ACME.COM .acme.com = EU.ACME.COM acme.com = EU.ACME.COM [kdc] profile = /etc/kdc.conf smb.conf [global] workgroup = ACME password server = 10.130.12.100 realm = EU.ACME.COM security = ADS idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 winbind separator = + template shell = /bin/false winbind use default domain = true winbind offline logon = false server string = Samba Server Version %v passdb backend = tdbsam preferred master = No wins server = 10.130.10.100 ldap ssl = no winbind enum users = Yes winbind enum groups = Yes [homes] comment = Home Directories read only = No browseable = No -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Unable to Join Domain
Samba 3.0.28a (from CentOS 5.2) would not allow me to add my new domain controller to the domain that it was supposed to be controlling. I uninstalled 3.0.28a and installed the 3.0.31 version (which was current at that time). After the upgrade, I was able to join the domain with out difficulty. I submitted a bug-report to CentOS about this issue. Tony Hoover, Network Administrator KSU - Salina, College of Technology and Aviation (785) 826-2660 Don't Blend in... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Greg Koch Sent: Wednesday, September 03, 2008 2:33 PM To: Mike Eggleston Cc: samba@lists.samba.org Subject: Re: [Samba] Unable to Join Domain The server is a WINS server, and I tried adding the server IP to the Advanced/WINS tab and I have the same problem. Any other ideas? On Tue, 2 Sep 2008 06:14:55 -0500, Mike Eggleston [EMAIL PROTECTED] wrote: On Mon, 01 Sep 2008, Greg Koch might have said: I recently setup a new server with CentOS 5.2. Everything works great on the server except when I try to join the domain it simply tells me: The following error occurred attempting to join the domain Domain: The user name could not be found. I have configured my samba box as a wins server and placed tht IP address in the wins configuration dialog on the windows box I'm joining to my samba PDC. (Start-Settings-Control Panel-Network Connections-right-click on active network connection and choose properties-double-click in TCP/IP (at the bottom)-Advanced-WINS tab). Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Roaming Profiles only for Admin?
try changing : create mask = 0644 directory mask = 0775 Tony Hoover, Network Administrator KSU - Salina, College of Technology and Aviation (785) 826-2660 Don't Blend in... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Albrecht Dreß Sent: Tuesday, August 19, 2008 4:22 AM To: samba@lists.samba.org Subject: [Samba] Roaming Profiles only for Admin? Hi all, I am currently fighting with roaming user profiles which shall be stored on an Ubuntu 8.04 Xeon (64 bit) box. I'm running the stock Ubuntu packages (version 3.0.28a-1ubuntu4.4). The Ubuntu box runs as PDC with a LDAP backend. Adding a Win 2000 SP4 workstation to the domain works flawlessly. If I log on on the workstation with a root-like account (UNIX user id 0, UNIX group id 0), the profile gets stored upon logoff. However, when I log on as a normal user on the workstation, the profile is *not* stored. My smb.conf (hope I got the relevant parts): snip [global] preferred master = yes local master = yes domain master = yes domain logons = yes security = user guest ok = no encrypt passwords = yes null passwords = no obey pam restrictions = no logon path = \\%L\profiles\%U logon drive = U: [profiles] path = /home/samba/profiles writeable = yes store dos attributes = yes browseable = no create mask = 0600 directory mask = 0700 guest ok = no profile acls = yes /snip I *think* the permissions for the profiles folder are fine - 1777, with user root and group set to the primary domain group. The folder created for the admin account has uid and gid 0, with permissions 0700. I also tried to create a profile folder /home/samba/profiles/the_user manually, with permissions 700, but it's not being filled with data. In the system protocol, I see a message like (my vague translation from German...) The registry file could not be removed. Your settings were not replicated, when you have a profile stored on the server. Ask the administrator. Detail - access denied, build no. 2195 (Die Registrierungsdatei konnte nicht entfernt werden. Ihre Einstellungen werden nicht repliziert, falls Sie ein servergspeichertes Profil haben. Wenden Sie sich an den Administrator. DETAIL - Zugriff verweigert , Buildnummer ((2195))). Any idea what goes wrong, and how I could fix this problem? Thanks in advance, Albrecht. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] How do I modify registry: Hk user?
You could edit your .reg file so that it reads HKEY_CURRENT_USER\Software\Microsoft\Windows... instead of HKU\S-1-5-21-3760584470-222371490-3023398101-1005\Software\Microsoft\Window s... then apply it through everyone's login script. --- Tony Hoover, Network Administrator KSU - Salina, College of Technology and Aviation (785) 826-2660 Don't Blend in... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aaron Souza Sent: Monday, October 01, 2007 2:25 PM To: samba@lists.samba.org Subject: [Samba] How do I modify registry: Hk user? All, Looks like I'm in a predicament. One of our new sites will prompt users (in IE) to display mixed content. Which is basically asking if you want to display some http in a https site. I have found the solution, (besides having a user go into IE's tools / privacy / custom settings / enable mix content) - with a registry entry. However, the registry entry goes to: HKU\S-1-5-21-3760584470-222371490-3023398101-1005\Software\Microsoft\Windows \CurrentVersion\Internet Settings\Zones\3\1609: 0x0001 as in H Key Users \ sid. Since we don't have any windows AD, how could I push out a registry entry that would identify a user's long string account? Or, if there is a way to better manage IE settings, that would suffice. I know what everyone is thinking, but Firefox can't help in this situation-- only IE. Sorry for the lengthy email. Aaron -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] NT4 - Samba 3 migration issue
I am trying to Migrate one of our three Windows NT domains to Samba/LDAP using CentOS 4.3 (up to date via 'yum update'), Samba 3.0.10-1.4E.6.2, OpenLDAP: slapd 2.2.13 uname -a Linux sambatest.sal.ksu.edu 2.6.9-11.ELsmp #1 SMP Wed Jun 8 16:59:12 CDT 2005 x86_64 x86_64 x86_64 GNU/Linux I have followed the instructions in Chapter 9 of Samba-3 by Example, but when I restart my samba services after removing the old NT4 PDC from the network, users cannot logon. The trusted domains do not show up in the drop-down list on the logon screen on the windows box. If I try to login to the windows system as a domain user, I get a password error. If I try to login to my linux system as one of the migrated users, I get a password error. Changing the password of the user using smbldap-passwd allowed me to login to either the windows domain or the linux system, but I still can not login to one of the trusted NT domains. I appears that passwords are not migrating. Where do I look next??? Thanks in advance for any help... T -- Tony Hoover, Network Administrator KSU - Salina, College of Technology and Aviation (785) 826-2660 Don't Blend in... -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Fedora packages or Enterprise packages of Samba on RH EL4?
CentOS4 RPMS for x86-64 would be awesome. --- Tony Hoover, Network Administrator KSU - Salina, College of Technology and Aviation (785) 826-2660 Don't Blend in... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gerald (Jerry) Carter Sent: Wednesday, July 12, 2006 6:22 AM To: Alex de Vaal Cc: samba@lists.samba.org Subject: Re: [Samba] Fedora packages or Enterprise packages of Samba on RHEL4? -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alex de Vaal wrote: Can somebody of the Samba team explain me the difference of Fedora packages or Enterprise packages (http://enterprisesamba.com/) of Samba on Red Hat Enterprise Linux 4? ... First I tried the RHEL4 packages from enterprisesamba.com, but these packages always ended up with the error message Segmentation fault while I used net ads join; If you need support for the SerNet packages, you will have to contact SerNet. Therefore I compiled the Fedora source package on RHEL4; this went well. ... I'd like to continue with the Fedora Samba package on my RHEL4 server, but I'd like to know why or why NOT to use it! (and why I have to use the packages of enterprisesamba.com) The Fedora specfile provided with Samba is compatible with RHEL4. I don't build RHEL4 packages only because IMO if you pay for support for RedHat, installing non-vendor supplied packages would void your support agreement. Althought I could provide RPMS for the lates version of CentOS which should be binary comatible with RHEL4 systems. While I'm at it, is there any pressing need for 64-bit rpms as well? cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFEtNtRIR7qMdg1EfYRAisqAKDja37hQJsPyRdnflsgIefpmdCdBACg6iBC HrDJ2aTmeSFe5WkZa6UlxH0= =8Vw4 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] ArcView + Samba: Performance nightmare under Linux, o k under Solaris or HP-UX
Have you checked the network end of things? This is the same type of thing I see when the NIC and ethernet switch don't autonegotiate to the same settings. Hope I didn't step on anybody's toes here. I'm new to the list. --- Tony Hoover, Network Administrator KSU - Salina, College of Technology and Aviation (785) 826-2660 Don't Blend in... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andreas Haumer Sent: Monday, July 10, 2006 8:53 AM To: samba@lists.samba.org Subject: [Samba] ArcView + Samba: Performance nightmare under Linux, ok under Solaris or HP-UX -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi! For some months now I'm hunting a Samba performance problem without a solution yet. Now I'm hoping someone on this list has an idea (In fact, I already reported the problem to the mailing list but got only one reply which did not help) So I'm here for another try... Here's the situation: Some of our users runs Windows XP with ArcView GIS 3.3 by ESRI. In this application, ArcView is used to render some scientific data which is stored in files on a Samba server. If the samba server is running under Solaris or HP-UX, a typical run of ArcView takes about 30 seconds. This is ok. If the samba server is running under Linux, a run with the same ArcView setup (same data files, same control file, same Windows XP client) takes more than 4 minutes! This is NOT ok! I'm completely able to reproduce this at any time. For all other applications, the Linux Samba server works just fine, it's a very fast machine on Gigabit LAN and apart from the ArcView problem user's are quite happy with it. As the setup is in production with more than 100 users, I did a test installation using VMware virtual machines for servers and client and can reproduce the problem here, too (execution times in a virtual machine are a little bit longer, but basically I have the same runtime behaviour difference between Solaris and Linux servers) Client: * Windows XP professional SP1, ESRI ArcView GIS 3.3 Server: * Solaris 10 64bit, Samba 3.0.11 (provided by Sun) Execution time: 30 seconds * Solaris 10 32bit, Samba 3.0.11 (provided by Sun) Execution time: 30 seconds * Solaris 10 32bit, Samba 3.0.22 (self-compiled) Execution time: 30 seconds * SuSE Linux 9.3, Samba 3.0.12 (provided by SuSE) Execution time: 250 seconds * xS+S BLD-5.2, Linux kernel 2.4.31, Samba-3.0.20b (everything self-compiled) Execution time: 250 seconds * xS+S BLD-5.3, Linux kernel 2.4.32, Samba 3.0.22 (everything self-compiled) Execution time: 250 seconds For this test, all servers were executed in a VMware virtual machine on the same VMware host, one after another. On real hardware I get similar results, only the absolute execution times are a little better. I have got samba logfiles at loglevel 10 (about 30MB on the Solaris system, about 1900MB on the Linux servers), also Samba process trace files (with strace under Linux and truss under Solaris) I found that under Solaris, Samba executes 4866 pread64(2) system calls for the whole run, while under Linux more than 325000(!) pread64(2) system calls are executed (for the same client application!) Looking at the Samba Logfiles, the first 19 lines or so are almost identical between Solaris and Linux systems. Here the application opens its control files and some data files. At some specific point the logfiles beginn to differ: with the Solaris samba server, the ArcView application reads the data files with 4k blocks in a sequential manner like this: [...] read_file (daten/covers/dhm_offset/o1000c/arc.adf): pos = 0, size = 4096, returned 4096 read_file (daten/covers/dhm_offset/o1000c/arc.adf): pos = 4096, size = 4096, returned 4096 read_file (daten/covers/dhm_offset/o1000c/arc.adf): pos = 8192, size = 4096, returned 4096 read_file (daten/covers/dhm_offset/o1000c/arc.adf): pos = 12288, size = 4096, returned 4096 read_file (daten/covers/dhm_offset/o1000c/arc.adf): pos = 16384, size = 4096, returned 4096 read_file (daten/covers/dhm_offset/o1000c/arc.adf): pos = 20480, size = 4096, returned 4096 read_file (daten/covers/dhm_offset/o1000c/arc.adf): pos = 24576, size = 4096, returned 4096 read_file (daten/covers/dhm_offset/o1000c/arc.adf): pos = 28672, size = 4096, returned 4096 read_file (daten/covers/dhm_offset/o1000c/arc.adf): pos = 32768, size = 4096, returned 4096 read_file (daten/covers/dhm_offset/o1000c/arc.adf): pos = 36864, size = 4096, returned 4096 read_file (daten/covers/dhm_offset/o1000c/arc.adf): pos = 40960, size = 4096, returned 4096 read_file (daten/covers/dhm_offset/o1000c/arc.adf): pos = 45056, size = 4096, returned 4096 read_file (daten/covers/dhm_offset/o1000c/arc.adf): pos = 49152, size = 4096, returned 4096 read_file (daten/covers/dhm_offset/o1000c/arc.adf): pos