[Samba] [Samba 4.0.9 | Win 7 x64 | Office 2007 x86 | Folder Redirection | Local Cache] : Word-documents, Corrupt
Hello, First of all I would like to thank the Samba Project Group for this state of the art software. I would like to thank every body for helping each other out. Please ignore my poor English writing. It is not my native language. Although: I do the best I can. We use Samba for a while now. We started with version 4.0.6 and updated each time. Now we are at version 4.0.9 and we are planning to update our installation to version 4.1.0. We use Samba 4 as Active Directory Domain Controller. We also got some shares on this same Samba server. We use the share 'profiles' for the user profiles. Everything seems to work well but sometime we got issues with Word-documents. These files get corrupted while working for 45 minutes to a couple of hours. Before we decided to work with roaming profiles I read the Samba-documents about this option. We decided to use folder redirection including local cache (we use desktops and notebooks). I tried a lot of things to solve this issue (with the Word-documents): - re-installed notebook (also replaced HDD; I installed a SSD) - tested network wiring - ran HDD checks (server) - tested switches - changed smb.conf (oplocks, locks, et cetera) - added registry key 'RoundUpWriteTimeOnSync' to client computers at boot time - - REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\NetCache /v RoundUpWriteTimeOnSync /t REG_DWORD /d 0001 /f Maybe there is somebody who is able to help us with this issue. I have listed our /opt/samba/etc/smb.conf file at the end. Thanks in advance. Bouke [global] workgroup = TH01 realm = TH01.INET netbios name = COMSRV01A server role = active directory domain controller server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536 SO_SNDBUF=65536 guest account = nobody map to guest = bad user #printing = cups #printcap name = cups kernel oplocks = no [netlogon] path = /opt/samba/var/locks/sysvol/th01.inet/scripts read only = No [sysvol] path = /opt/samba/var/locks/sysvol read only = No [profiles] comment = Profiles path = /data/profiles browsable = no read only = no writable = yes directory mask = 0700 create mask = 0600 # # oplocks are disabled for this share # oplocks = False level2 oplocks = False # # 'blocking locks' set to 'no' for Word documents # blocking locks = no # # do not oplock the following files # veto oplock files = /*.doc*/*.DOC*/*.xls*/*.XLS*/*.txt/*.TXT/*.log/*.LOG/*.csv/*.CSV/*.*-ms/*. *-MS/ # csc policy = documents [pdf-prints] comment = PDF Files path = /data/pdf browsable = yes read only = no writable = yes directory mask = 0775 create mask = 0664 [wpkg] comment = Software Deployment path = /opt/wpkg browsable = no read only = no write list = 300,administrator,root directory mask = 0755 create mask = 0644 guest ok = yes strict locking = no oplocks = False level2 oplocks = False blocking locks = no veto oplock files = /*.log/*.LOG/ [packages] comment = Software Packages path = /extra/packages browsable = no read only = no write list = 300,administrator,root create mask = 0644 directory mask = 0755 guest ok = yes [wsus] comment = WSUS path = /extra/wsus browsable = no read only = no writelist = 300,administrator,root create mask = 0644 directory mask = 0755 guest ok = yes [log] comment = Log Files path = /data/log browsable = no read only = no force create mode = 0664 force directory mode = 0775 guest ok = yes [printers] comment = All Printers path = /opt/samba/var/spool browsable = no public = yes guest ok = yes writable = no printable = yes # Windows clients look for this share name as a source of downloadable # printer drivers [print$] comment = Printer Drivers path = /opt/samba/lib/printers browseable = yes guest ok = no read only = yes write list = root -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Set user cannot change password from command/script
Hi, We implemented a Samba4 server which syncs hourly with a database containing (among lots of other data) a list of users with their passwords, etc. So far everything works fine except that users shouldn't be allowed to change their samba4 password from within Windows, but only through the other database (which has its own GUI). I've been unable to find a linux command which allows me to set the User cannot change password property when creating or updating a user with the sync script. samba-tool doesn't provide such feature, ldapmodify because flag 64 (PASSWD_CANT_CHANGE) is protected in attribute UserAccountControl. Can anybody help me on this? Is there any way to enable/disable this user property with a command from within linux (locally on the samba4 DC server)? -- El contingut d'aquest correu electrònic i els annexos adjunts són estrictament confidencials. En cas que no sigueu el destinatari i hagiu rebut aquest missatge per error, us agrairíem que ho comuniqueu immediatament al remitent, sense difondre, emmagatzemar o copiar el seu contingut. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] SAMBA4 High CPU Performance
Hi, I taken the replication form the windows 2008 DC. And it is successful by getting some issues faced on joing the samba DC. After i used the ps aux command to see the output of the samba instance. suddenly it shows 90% of CPU consumption. During the sync rep from the windows DC, i can not connect with the winbind client. Then i remove the sync with windows DC rep, then the sync is not happening with the windows DC and the CPU percentage also come down. Now I can easily join the winbind clients. So it ensures that if it is high CPU percentage then the winbind is not able to connect with the samba DC. How i can control the CPU consumption and sync rep from windows DC. -- with regards Ashok Kumar J -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Replicating Windows 2008 to Samba4
Hi, I am integrating the existing my domain with the samba4. For that, I tried to replicate one of my Windows 2008 DC to samba4 server DC. I successfully replicated the Windows 2008 to the samba4 DC. Here I can login with my windows client. In Linux client , Domain join is successful, But i can't login with the user credentials. In linux client, I am using PBIS application. In the log file /var/log/syslog , i got the following error ( error attached in this mail). -- with regards Ashok Kumar J -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Replicating Windows 2008 to Samba4
Hi, I am integrating the existing my domain with the samba4. For that, I tried to replicate one of my Windows 2008 DC to samba4 server DC. I successfully replicated the Windows 2008 to the samba4 DC. Here I can login with my windows client. In Linux client , Domain join is successful, But i can't login with the user credentials. In linux client, I am using PBIS application. In the log file /var/log/syslog , i got the following error ( error attached in this mail). -- with regards Ashok Kumar J -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Replicating Windows 2008 to Samba4
Hi, I am integrating the existing my domain with the samba4. For that, I tried to replicate one of my Windows 2008 DC to samba4 server DC. I successfully replicated the Windows 2008 to the samba4 DC. Here I can login with my windows client. In Linux client , Domain join is successful, But i can't login with the user credentials. In linux client, I am using PBIS application. In the log file /var/log/syslog , i got the following error. FAILED TO GROUP MEMBERSHIPS OF SID =S-1-5-21-3483064688-3190839160-214844843-1601 [ ERROR CODE : 40041] FAILED TO AUTHENTICATE USER ( name = 'user' ) - ERROR = 40041, SYMBOL = LW_ERROR_INVALID_PARAMETER -- with regards Ashok Kumar J -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] failed connect from HP L7680 digital filing
Follow up to my earlier request. Today I created a VM using 12.10 (Samba 3.6.6). Both the VM and the real machine are at the same OS levle and use the same smb.conf. If I point the scanner at the virtual server, the success:failure ratio was 10:0. If I point the scanner at the physical server, the success:failure ratio was 1:15. To me it's seeming like smbd isn't waiting long enough--or the printer is taking too long, and something is timing out. Is there a way setting to relax this timing? What can I do to diagnose this further? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] failed connect from HP L7680 digital filing
I'm trying to get my HP Office Jet Pro L7680 All-in-one to reliably scan to one of my shared folders using the machine's digital filing capability. 98 times out of 100, when I try to scan, the AIO immediately reports Cannot connect to \\192.168.254.4\public\scan. Make sure the computer is turned on. The other 2 attempts, it works successfully. My server is currently running Ubuntu Server 12.10 x86 w/ Samba 3.6.6. I previously had this working OK on Ubuntu Server 10.04.4 x64 w/ Samba 3.4.7. One other notable difference is that 10.04.4 was running on a virtual machine while 12.10 is running on a real one. I'm currently using the smb.conf copied from the VM (see below). With default logging, log.192.168.254.5 remains empty. With log level = 3, I get the error Server exit (failed to receive smb request) Not sure what else I can do to diagnose this problem, and would appreciate any guidance the community can offer. - smb.conf - [global] workgroup = VIRTUAL server string = %h server (Samba, Ubuntu) map to guest = Bad User obey pam restrictions = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . unix password sync = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 dns proxy = No usershare allow guests = Yes panic action = /usr/share/samba/panic-action %d [public] comment = Family Share path = /media/RAID/home force user = root force group = root read only = No guest ok = No locking = No - log.192.168.254.5: - [2013/01/29 13:21:05.865217, 3] lib/access.c:338(allow_access) Allowed connection from 192.168.254.5 (192.168.254.5) [2013/01/29 13:21:05.865449, 3] smbd/oplock.c:922(init_oplocks) init_oplocks: initializing messages. [2013/01/29 13:21:05.865595, 3] smbd/oplock_linux.c:226(linux_init_kernel_oplocks) Linux kernel oplocks enabled [2013/01/29 13:21:05.865939, 3] smbd/server_exit.c:181(exit_server_common) Server exit (failed to receive smb request) [2013/01/29 13:21:05.867678, 3] lib/access.c:338(allow_access) Allowed connection from 192.168.254.5 (192.168.254.5) [2013/01/29 13:21:05.867909, 3] smbd/oplock.c:922(init_oplocks) init_oplocks: initializing messages. [2013/01/29 13:21:05.868060, 3] smbd/oplock_linux.c:226(linux_init_kernel_oplocks) Linux kernel oplocks enabled [2013/01/29 13:21:05.868392, 3] smbd/server_exit.c:181(exit_server_common) Server exit (failed to receive smb request) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Bash question about find out all accessible shares on Samba server
Hello, I am working on a bash script to help user mount Samba share on his/her local Linux (Ubuntu) system. Now I can list all the Samba shares by command: #smbclient -N -gL \\sambaserver 21 | grep -e Disk| | cut -d'|' -f2 The problem is we have too many shares on the server so this come out a very long list of all the shares. Now I only want to list the user accessible shares and hide all others. I can use read to get user's login name/password for Samba authorization. Is there a way I can get the share list based on user's permission? Thanks for help. Gao -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Help pls. -- Samba permission question
Hi, All, I'm having a problem with my samba server(v3.6.9) setup. I have a share on the server: #cd / #mkdir managment #chown -R root:managegroup management #chowm -R 2770 management When I test this I found out: the managegroup member can create new file/dir with the correct permission: -rwxrws--- or drwxrws--- BUT, when the client copy a file or dir to the share from his local drive, then some file/dir will have different the permission when it coiped to the Samba share. (for example, drwxrwxr-x) We have both Windows and Ubuntu client. Ubuntu client use cifs.mount to access the Samba share. Here is my smb.conf file. Please help me. All I want is when and file and/or dir end up on the samba share, it should have 770 permission. Thanks. Gao my smb.conf: [global] workgroup = WORKGROUP server string = My File Server interfaces = lo bond0 192.168.1.2/24 hosts allow = 127. 192.168.1. log file = /var/log/samba/log.%m max log size = 1000 security = user passdb backend = tdbsam guest account = nobody map to guest = Bad User wins support = yes dns proxy = no map acl inherit = yes nt acl support = yes load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes create mask = 0770 force security mode = 0770 force create mode = 0770 directory mask = 0770 force directory mode = 0770 [Management] comment = path = /management browsable = yes public = no writable = yes read only = no force group = management valid users = @management -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help pls. -- Samba permission question
Thank you Gary for the help.
On 12-12-12 09:45 AM, Gary Dale wrote:
If you want the CIFS permissions to be set correctly, use the Samba/CIFS
tools to set them (ie. set them from the client. Don't set them using
Unix permissions on the server).
I don't know if I'm doing it correct. I'm using a bash script to help
user mount the CIFS share like this:
sudo mount.cifs //fileserver/management/ ${HOME}/fileserver/management
-o user=${USER},password=$userPass,uid=$UID,rw,mand
Could you give me an example on using Samba/CIFS tools?
Your example shows you setting the group to managegroup but your
smb.conf forces the group to management. Which is it?
my typo. I want make clear so I change the group name to managegroup.
The actual group name it the same managment which I think may cause
confusion when I post my question. Sorry.
Bets Regards.
Gao
The last line in your server commands I believe should be chmod, not chowm.
On 12/12/12 12:21 PM, J Gao wrote:
Hi, All,
I'm having a problem with my samba server(v3.6.9) setup. I have a
share on the server:
#cd /
#mkdir managment
#chown -R root:managegroup management
#chowm -R 2770 management
When I test this I found out:
the managegroup member can create new file/dir with the correct
permission: -rwxrws--- or drwxrws---
BUT, when the client copy a file or dir to the share from his local
drive, then some file/dir will have different the permission when it
coiped to the Samba share. (for example, drwxrwxr-x)
We have both Windows and Ubuntu client. Ubuntu client use cifs.mount
to access the Samba share.
Here is my smb.conf file. Please help me. All I want is when and file
and/or dir end up on the samba share, it should have 770 permission.
Thanks.
Gao
my smb.conf:
[global]
workgroup = WORKGROUP
server string = My File Server
interfaces = lo bond0 192.168.1.2/24
hosts allow = 127. 192.168.1.
log file = /var/log/samba/log.%m
max log size = 1000
security = user
passdb backend = tdbsam
guest account = nobody
map to guest = Bad User
wins support = yes
dns proxy = no
map acl inherit = yes
nt acl support = yes
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
create mask = 0770
force security mode = 0770
force create mode = 0770
directory mask = 0770
force directory mode = 0770
[Management]
comment =
path = /management
browsable = yes
public = no
writable = yes
read only = no
force group = management
valid users = @management
--
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help pls. -- Samba permission question
On 12-12-12 12:52 PM, Gary Dale wrote:
On 12/12/12 02:07 PM, J Gao wrote:
Thank you Gary for the help.
On 12-12-12 09:45 AM, Gary Dale wrote:
If you want the CIFS permissions to be set correctly, use the Samba/CIFS
tools to set them (ie. set them from the client. Don't set them using
Unix permissions on the server).
I don't know if I'm doing it correct. I'm using a bash script to help
user mount the CIFS share like this:
sudo mount.cifs //fileserver/management/ ${HOME}/fileserver/management
-o user=${USER},password=$userPass,uid=$UID,rw,mand
Could you give me an example on using Samba/CIFS tools?
That line mounts the share using the credentials you gave it but that
doesn't set the permissions. If you right-click on the share's folder,
you should be able to set the CIFS permissions.
OK, right-click in natilus works. But how can I set this up by default.
I mean once the share mounted, it will set the correct permission to 770
if the user copy files on the share?
I read man page for the cifs.mount but I couldn't figure it out myself.
Here are more info:
1. The management group has gid=1018 on the server.
2. Once the share mounted on the Ubuntu client, the share's group ID set
to numeric 1018. (there isn't a local gid 1018)
3. When copy a file, for example:
-rwxr--r-- 1 gao gao14429 Nov 20 09:56 test
to the mounted share, the permission appears to be:
-rwxrwxr-- 1 gao 1018 14429 Nov 20 09:56 test
And I check it on the Samba server:
-rwxrwxr-- 1 gao management 14429 Nov 20 09:56 test
So the permission changed to 774, not 770. I think somehow it combined
the permission here.
Just like you said, I can change it to 770 from the right-click. But I
prefer to do it automatically.
Please help.
Thanks a lot.
Gao
Your example shows you setting the group to managegroup but your
smb.conf forces the group to management. Which is it?
my typo. I want make clear so I change the group name to managegroup.
The actual group name it the same managment which I think may cause
confusion when I post my question. Sorry.
Bets Regards.
Gao
So is your user a member of management? Rather than forcing the group to
management, you could just add members to the group.
Also, when you set the Unix ownership and permissions too tightly, you
may prevent Samba from accessing the share properly. Since the share
directories and files are to be accessed only through CIFS/Samba, the
Unix permissions can and should be very loose. My shares all have Unix
permissions with everyone having rwx access.
The last line in your server commands I believe should be chmod, not
chowm.
On 12/12/12 12:21 PM, J Gao wrote:
Hi, All,
I'm having a problem with my samba server(v3.6.9) setup. I have a
share on the server:
#cd /
#mkdir managment
#chown -R root:managegroup management
#chowm -R 2770 management
When I test this I found out:
the managegroup member can create new file/dir with the correct
permission: -rwxrws--- or drwxrws---
BUT, when the client copy a file or dir to the share from his local
drive, then some file/dir will have different the permission when it
coiped to the Samba share. (for example, drwxrwxr-x)
We have both Windows and Ubuntu client. Ubuntu client use cifs.mount
to access the Samba share.
Here is my smb.conf file. Please help me. All I want is when and file
and/or dir end up on the samba share, it should have 770 permission.
Thanks.
Gao
my smb.conf:
[global]
workgroup = WORKGROUP
server string = My File Server
interfaces = lo bond0 192.168.1.2/24
hosts allow = 127. 192.168.1.
log file = /var/log/samba/log.%m
max log size = 1000
security = user
passdb backend = tdbsam
guest account = nobody
map to guest = Bad User
wins support = yes
dns proxy = no
map acl inherit = yes
nt acl support = yes
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
create mask = 0770
force security mode = 0770
force create mode = 0770
directory mask = 0770
force directory mode = 0770
[Management]
comment =
path = /management
browsable = yes
public = no
writable = yes
read only = no
force group = management
valid users = @management
--
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help pls. -- Samba permission question
On 12-12-12 03:02 PM, Gary Dale wrote:
On 12/12/12 05:18 PM, J Gao wrote:
On 12-12-12 12:52 PM, Gary Dale wrote:
On 12/12/12 02:07 PM, J Gao wrote:
Thank you Gary for the help.
On 12-12-12 09:45 AM, Gary Dale wrote:
If you want the CIFS permissions to be set correctly, use the
Samba/CIFS
tools to set them (ie. set them from the client. Don't set them using
Unix permissions on the server).
I don't know if I'm doing it correct. I'm using a bash script to help
user mount the CIFS share like this:
sudo mount.cifs //fileserver/management/ ${HOME}/fileserver/management
-o user=${USER},password=$userPass,uid=$UID,rw,mand
Could you give me an example on using Samba/CIFS tools?
That line mounts the share using the credentials you gave it but that
doesn't set the permissions. If you right-click on the share's folder,
you should be able to set the CIFS permissions.
OK, right-click in natilus works. But how can I set this up by
default. I mean once the share mounted, it will set the correct
permission to 770 if the user copy files on the share?
I read man page for the cifs.mount but I couldn't figure it out myself.
Here are more info:
1. The management group has gid=1018 on the server.
2. Once the share mounted on the Ubuntu client, the share's group ID
set to numeric 1018. (there isn't a local gid 1018)
3. When copy a file, for example:
-rwxr--r-- 1 gao gao14429 Nov 20 09:56 test
to the mounted share, the permission appears to be:
-rwxrwxr-- 1 gao 1018 14429 Nov 20 09:56 test
And I check it on the Samba server:
-rwxrwxr-- 1 gao management 14429 Nov 20 09:56 test
So the permission changed to 774, not 770. I think somehow it combined
the permission here.
Just like you said, I can change it to 770 from the right-click. But I
prefer to do it automatically.
Please help.
Thanks a lot.
Gao
If you have the domain created correctly, the Samba database keeps the
CIFS permissions. The Unix permissions aren't needed. Keep in mind that
the two sets of permissions are distinct. If you set the CIFS
permissions they are remembered. Checking the Unix permissions to see
what the CIFS permissions are doesn't work.
Having a Unix group called management isn't helpful unless it maps to a
CIFS group. For example, most Samba users map the CIFS Domain Users to
the Unix users. This is in the Samba documentation. The 1018 simply
shows that there is no CIFS group recognized for 1018 (don't forget, you
are forcing the group - probably not what you really want to do).
You really want to set up a CIFS group called management and add CIFS
users to it.
Samba maps CIFS users to Unix users if the name is the same.
Have you tried using SWAT to manage your users and shares? It makes
things easier if you don't have a Windows client to work from.
Looks like I need more reading. I googled for CIFS group and got lots
oracle/silaris but not much for linux. WHen you say CIFS group, do you
mean a local group on the client PC?
Also I quickly installed SWAT and I can't find anywhere about CIFS group.
Gao
Your example shows you setting the group to managegroup but your
smb.conf forces the group to management. Which is it?
my typo. I want make clear so I change the group name to managegroup.
The actual group name it the same managment which I think may cause
confusion when I post my question. Sorry.
Bets Regards.
Gao
So is your user a member of management? Rather than forcing the group to
management, you could just add members to the group.
Also, when you set the Unix ownership and permissions too tightly, you
may prevent Samba from accessing the share properly. Since the share
directories and files are to be accessed only through CIFS/Samba, the
Unix permissions can and should be very loose. My shares all have Unix
permissions with everyone having rwx access.
The last line in your server commands I believe should be chmod, not
chowm.
On 12/12/12 12:21 PM, J Gao wrote:
Hi, All,
I'm having a problem with my samba server(v3.6.9) setup. I have a
share on the server:
#cd /
#mkdir managment
#chown -R root:managegroup management
#chowm -R 2770 management
When I test this I found out:
the managegroup member can create new file/dir with the correct
permission: -rwxrws--- or drwxrws---
BUT, when the client copy a file or dir to the share from his local
drive, then some file/dir will have different the permission when it
coiped to the Samba share. (for example, drwxrwxr-x)
We have both Windows and Ubuntu client. Ubuntu client use cifs.mount
to access the Samba share.
Here is my smb.conf file. Please help me. All I want is when and file
and/or dir end up on the samba share, it should have 770 permission.
Thanks.
Gao
my smb.conf:
[global]
workgroup = WORKGROUP
server string = My File Server
interfaces = lo bond0 192.168.1.2/24
hosts allow = 127. 192.168.1.
log file = /var/log/samba/log.%m
max
[Samba] Really confused on Samba and ACL
Hello, I am trying to build a Samba standalone server to serve file sharing in our office for both Ubuntu and Windows clients. Ubuntu user will use mount.cifs to mount the share. Windows (XP/7) will use workgroup to access the share. I am using Samba 3.6.9 on CentOS 6.3 (64bit). Now I am having problem to setup correct ACL so please help me. Here is my situation: I'll have directories like: /projects /projects/US /projects/US/clientA /projects/US/clientB /projects/US/clientB/projectXX /projects/US/clientB/projectYY /projects/CA /projects/MX Groups: --staff: all staff --projectadmin: the bosses (have full access to /projects and sub dirs) --projmanageus: US regional managers (have full access to /projects/US and sub dirs.) --projmanageca: Canada regional managers(have full access to /projects/CA and sub dirs.) --projmanagemx: Mexico regional managers(have full access to /projects/MX and sub dirs.) --projectXXgroup: (access the projectXX and sub dirs only) --projectYYgroup: (access the projectYY and sub dirs only) Here is the confused part: How many shares should I setup? I like to just setup one share projects and allow everyone to be able to mount it via cifs. But the further navigate (cd) will be controlled by ACL. For example, after mount the projects, user see all 3 sub dirs: US CA MX. But only member of projectadmin, projmanageus, projectXXgroup can access /projects/US/clientB/projectXX. I am trying to keep it simple to manage the share and the permission. So is the above possible? or I am totally on the wrong direction? Please help. Thanks a lot. Gao -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem to mount CIFS share
Hi, We are using centos 6.2 and trying to mount cifs share on this server, but, we getting a error *CIFS VFS: cifs_mount failed w/return code = -22. * * * Kindly help us to get rid of it. Thanks in advance. regards, J.Vijayan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 3 - getting rid of some logfile errors
Am 07.08.2012 13:16, schrieb Moray Henderson: From: J. Echter [mailto:j.ech...@echter-kuechen-elektro.de] Sent: 05 August 2012 20:30 Am 01.08.2012 09:17, schrieb Jürgen Echter: Hi, i have a lot of entries in my logs which i can't solve, but everything works as expected. my setup: samba pdc - bacula samba bdc - mule Ubuntu 10.04-LTS Server samba 3.4.7 log file entries: Aug 1 08:25:40 bacula smbd[23854]: canonicalize_connect_path failed for service alex, path /\\mule\alex Aug 1 08:25:41 bacula smbd[23854]: [2012/08/01 08:25:41, 0] smbd/service.c:988(make_connection_snum) Aug 1 08:25:41 bacula smbd[23854]: canonicalize_connect_path failed for service alex, path /\\mule\alex Aug 1 08:25:44 bacula smbd[24003]: [2012/08/01 08:25:44, 0] lib/util_sock.c:1498(get_peer_addr_internal) Aug 1 08:25:44 bacula smbd[24003]: getpeername failed. Error was Transport endpoint is not connected Aug 1 08:25:44 bacula smbd[24003]: [2012/08/01 08:25:44, 0] lib/util_sock.c:743(write_data) Aug 1 08:25:44 bacula smbd[24003]: [2012/08/01 08:25:44, 0] lib/util_sock.c:1498(get_peer_addr_internal) Aug 1 08:25:44 bacula smbd[24003]: getpeername failed. Error was Transport endpoint is not connected Aug 1 08:25:44 bacula smbd[24003]: write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer Aug 1 08:25:44 bacula smbd[24003]: [2012/08/01 08:25:44, 0] smbd/process.c:62(srv_send_smb) Aug 1 08:25:44 bacula smbd[24003]: Error writing 4 bytes to client. -1. (Transport endpoint is not connected) Aug 1 08:26:07 bacula smbd[24002]: [2012/08/01 08:26:07, 0] lib/util_sock.c:539(read_fd_with_timeout) Aug 1 08:26:07 bacula smbd[24002]: [2012/08/01 08:26:07, 0] lib/util_sock.c:1498(get_peer_addr_internal) Aug 1 08:26:07 bacula smbd[24002]: getpeername failed. Error was Transport endpoint is not connected Aug 1 08:26:07 bacula smbd[24002]: read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer. any hints how to resolve this? thanks juergen Hi, i resolved this ones by setting smb ports = 139 in smb.conf but i still have this ones: Aug 5 20:55:18 bacula smbd[20419]: [2012/08/05 20:55:18, 0] rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3) Aug 5 20:55:18 bacula smbd[20419]: _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client SERVER machine account SERVER$ these are only from successfully joined windows 7 machines. the ldap entry, exported as ldif, looks like this for this account: uid=server$,ou=computers,dc=workgroup,dc=local dn: uid=server$,ou=computers,dc=workgroup,dc=local cn: server$ description: Computer gecos: Computer gidnumber: 515 homedirectory: /dev/null loginshell: /bin/false objectclass: posixAccount objectclass: account objectclass: sambaSamAccount sambaacctflags: [W ] sambakickofftime: 2147483647 sambalogofftime: 2147483647 sambalogontime: 0 sambantpassword: 951640BFE27F4C16E7670E096C8121FA sambaprimarygroupsid: S-1-5-21-3842863818-2180709222-141296495-515 sambapwdcanchange: 0 sambapwdlastset: 1344165203 sambapwdmustchange: 2147483647 sambasid: S-1-5-21-3842863818-2180709222-141296495-3458 uid: server$ uidnumber: 1229 anyone with some hints? :) thanks juergen We use tdbsam rather than ldapsam, but get similar errors when the machine name is in lower case in the Linux password database and upper case in the Samba password database. In our case changing the machine's Linux account name to upper case cleared several log file errors including netlogon_creds_server_check. Moray. “To err is human; to purr, feline.” Hi Moray, i just checked and there is no upper-/lowercase issues. Only Win 7 boxes produce this message. I have for example server2$ in my ldap and the machine is called SERVER2. Thanks for helping juergen. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 3 - getting rid of some logfile errors
Am 01.08.2012 09:17, schrieb Jürgen Echter: Hi, i have a lot of entries in my logs which i can't solve, but everything works as expected. my setup: samba pdc - bacula samba bdc - mule Ubuntu 10.04-LTS Server samba 3.4.7 log file entries: Aug 1 08:25:40 bacula smbd[23854]: canonicalize_connect_path failed for service alex, path /\\mule\alex Aug 1 08:25:41 bacula smbd[23854]: [2012/08/01 08:25:41, 0] smbd/service.c:988(make_connection_snum) Aug 1 08:25:41 bacula smbd[23854]: canonicalize_connect_path failed for service alex, path /\\mule\alex Aug 1 08:25:44 bacula smbd[24003]: [2012/08/01 08:25:44, 0] lib/util_sock.c:1498(get_peer_addr_internal) Aug 1 08:25:44 bacula smbd[24003]: getpeername failed. Error was Transport endpoint is not connected Aug 1 08:25:44 bacula smbd[24003]: [2012/08/01 08:25:44, 0] lib/util_sock.c:743(write_data) Aug 1 08:25:44 bacula smbd[24003]: [2012/08/01 08:25:44, 0] lib/util_sock.c:1498(get_peer_addr_internal) Aug 1 08:25:44 bacula smbd[24003]: getpeername failed. Error was Transport endpoint is not connected Aug 1 08:25:44 bacula smbd[24003]: write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer Aug 1 08:25:44 bacula smbd[24003]: [2012/08/01 08:25:44, 0] smbd/process.c:62(srv_send_smb) Aug 1 08:25:44 bacula smbd[24003]: Error writing 4 bytes to client. -1. (Transport endpoint is not connected) Aug 1 08:26:07 bacula smbd[24002]: [2012/08/01 08:26:07, 0] lib/util_sock.c:539(read_fd_with_timeout) Aug 1 08:26:07 bacula smbd[24002]: [2012/08/01 08:26:07, 0] lib/util_sock.c:1498(get_peer_addr_internal) Aug 1 08:26:07 bacula smbd[24002]: getpeername failed. Error was Transport endpoint is not connected Aug 1 08:26:07 bacula smbd[24002]: read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer. any hints how to resolve this? thanks juergen Hi, i resolved this ones by setting smb ports = 139 in smb.conf but i still have this ones: Aug 5 20:55:18 bacula smbd[20419]: [2012/08/05 20:55:18, 0] rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3) Aug 5 20:55:18 bacula smbd[20419]: _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client SERVER machine account SERVER$ these are only from successfully joined windows 7 machines. the ldap entry, exported as ldif, looks like this for this account: uid=server$,ou=computers,dc=workgroup,dc=local dn: uid=server$,ou=computers,dc=workgroup,dc=local cn: server$ description: Computer gecos: Computer gidnumber: 515 homedirectory: /dev/null loginshell: /bin/false objectclass: posixAccount objectclass: account objectclass: sambaSamAccount sambaacctflags: [W ] sambakickofftime: 2147483647 sambalogofftime: 2147483647 sambalogontime: 0 sambantpassword: 951640BFE27F4C16E7670E096C8121FA sambaprimarygroupsid: S-1-5-21-3842863818-2180709222-141296495-515 sambapwdcanchange: 0 sambapwdlastset: 1344165203 sambapwdmustchange: 2147483647 sambasid: S-1-5-21-3842863818-2180709222-141296495-3458 uid: server$ uidnumber: 1229 anyone with some hints? :) thanks juergen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Permission for copied file/dir
On 12-07-04 04:30 PM, J Gao wrote: Hello, everyone, My server is Samba 3.5 on Centos 6.2. It is a stand alone file server and now I have trouble to set the correct permission. My goal is to set 0770 on all the share, including files and directories. here is my smb.conf: [global] workgroup = GEO server string = Kappa - File Server interfaces = lo bond0 192.168.123.29/24 hosts allow = 127. 192.168.123. 192.168.25. 10.66.77. log file = /var/log/samba/log.%m max log size = 1000 security = user passdb backend = tdbsam guest account = nobody map to guest = Bad User remote announce = 192.168.25.255 10.66.77.25 wins support = yes create mask = 0770 ;force security mode = 0770 force create mode = 0770 directory mask = 0770 force directory mode = 0770 load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes [homes] comment = Home Directories browseable = no writable = yes valid users = %S --- Now the client using cifs.mount (Ubuntu 12.04) to mount their home dir and use it to store files. When I test the permission, I observed: 1. If client create a file (or a directory), the the permission is correct to set to 0770; 2. But if copy a file for other location to this Samba share, the permission get transferred. For example, if the local file permission is 0744, it will keep this permission when it copied to the Samba share. Same for the directories. I tried the force security mode = 0770 and security mask = 0770 but without success. Could someone help me please? Thanks a lot. J Gao bump -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Permission for copied file/dir
Hello, everyone, My server is Samba 3.5 on Centos 6.2. It is a stand alone file server and now I have trouble to set the correct permission. My goal is to set 0770 on all the share, including files and directories. here is my smb.conf: [global] workgroup = GEO server string = Kappa - File Server interfaces = lo bond0 192.168.123.29/24 hosts allow = 127. 192.168.123. 192.168.25. 10.66.77. log file = /var/log/samba/log.%m max log size = 1000 security = user passdb backend = tdbsam guest account = nobody map to guest = Bad User remote announce = 192.168.25.255 10.66.77.25 wins support = yes create mask = 0770 ;force security mode = 0770 force create mode = 0770 directory mask = 0770 force directory mode = 0770 load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes [homes] comment = Home Directories browseable = no writable = yes valid users = %S --- Now the client using cifs.mount (Ubuntu 12.04) to mount their home dir and use it to store files. When I test the permission, I observed: 1. If client create a file (or a directory), the the permission is correct to set to 0770; 2. But if copy a file for other location to this Samba share, the permission get transferred. For example, if the local file permission is 0744, it will keep this permission when it copied to the Samba share. Same for the directories. I tried the force security mode = 0770 and security mask = 0770 but without success. Could someone help me please? Thanks a lot. J Gao -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Question about the permission for copied file/dir
Hello, everyone, My server is Samba 3.5 on Centos 6.2. It is a stand alone file server and now I have trouble to set the correct permission. My goal is to set 0770 on all the share, including files and directories. here is my smb.conf: [global] workgroup = GEO server string = Kappa - File Server interfaces = lo bond0 192.168.123.29/24 hosts allow = 127. 192.168.123. 192.168.25. 10.66.77. log file = /var/log/samba/log.%m max log size = 1000 security = user passdb backend = tdbsam guest account = nobody map to guest = Bad User remote announce = 192.168.25.255 10.66.77.25 wins support = yes create mask = 0770 ;force security mode = 0770 force create mode = 0770 directory mask = 0770 force directory mode = 0770 load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes [homes] comment = Home Directories browseable = no writable = yes valid users = %S --- Now the client using cifs.mount (Ubuntu 12.04) to mount their home dir and use it to store files. When I test the permission, I observed: 1. If client create a file (or a directory), the the permission is correct to set to 0770; 2. But if copy a file for other location to this Samba share, the permission get transferred. For example, if the local file permission is 0744, it will keep this permission when it copied to the Samba share. Same for the directories. I tried the force security mode = 0770 and security mask = 0770 but without success. Could someone help me please? Thanks a lot. J Gao -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Linux to Windows Interoperability
Hello, Currently using a freely available MS Windows file system driver, Ext2Fsd, to communicate (read/write) with external media formatted EXT3 (Linux volume) from within MS Windows. Curious to know if Samba is able to support communication (read/write) with external media formatted EXT3 (Linux volume) from within the MS Windows environment? Looking forward to your reply. Thanks. Best, Matthew Knecht 516-346-7264 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] CVE-2012-1182 patches
Hi, We are using Samba 3.4.2 on Oracle Solaris 10 UNIX server. I am looking at the samba site for patches for the CVE-2012-1182 vulnerability, but the closest patch versions I see are for samba 3.4.15 3.4.16. Is there a specific patch to fix samba 3.4.2? Also, since we are patching, is there a cluster of patches available specifically for samba 3.4.2? Can you please point me to the links for the samba 3.4.2 patch sets? Thank you, -- Earl Sanchez Engineering IT Ph: 831-439-7431 SV14-122 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Cannot access share tevent_req_timedout
Hi guys, I now sorted this out. It was just a problem with my firewall blocking samba requests. Cheers, Paulo Matos On 22/04/12 13:37, Paulo J. Matos wrote: Hi all, I am running an smbclient 3.4.7 on a ubuntu server 10.04. This is a local network whose hostnames in the network are setup manually through /etc/hosts. Zeus is a server which contains a music share which I am trying to access. I haven't created any users or passwords. The idea is that anyone within the local network should be able to access the share with read permissions, so I guess that's what guests are for. Share's permissions are: $ ls -la /mnt/brain/media/music/flac/ total 40 drwxrwxr-x 10 pmatos media 4096 2012-04-18 21:38 . Zeus smb.conf is: pmatos@zeus:~$ cat /etc/samba/smb.conf [global] workgroup = MATOS-SORGE server string = %h server (Samba, Ubuntu) wins support = yes netbios name = ZEUS name resolve order = lmhosts wins bcast host log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d usershare allow guests = yes [Music] comment = Music Share path = /mnt/brain/media/music/flac browsable = yes guest ok = yes read only = yes available = yes pmatos@zeus:~$ On Zeus doing : pmatos@zeus:~$ smbclient //localhost/Music Enter pmatos's password: Anonymous login successful Domain=[MATOS-SORGE] OS=[Unix] Server=[Samba 3.4.7] smb: \ succeeds, however, in another pc on the network: pmatos@jen-laptop:~$ smbclient //zeus/Music --debuglevel=10 INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 acls: False/0 locking: False/0 msdfs: False/0 dmapi: False/0 registry: False/0 lp_load_ex: refreshing parameters Initialising global parameters rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) params.c:pm_process() - Processing configuration file /etc/samba/smb.conf Processing section [global] doing parameter workgroup = WORKGROUP doing parameter server string = %h server (Samba, Ubuntu) doing parameter dns proxy = no doing parameter log file = /var/log/samba/log.%m doing parameter max log size = 1000 doing parameter syslog = 0 doing parameter panic action = /usr/share/samba/panic-action %d doing parameter encrypt passwords = true doing parameter passdb backend = tdbsam doing parameter obey pam restrictions = yes doing parameter unix password sync = yes doing parameter passwd program = /usr/bin/passwd %u doing parameter passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . doing parameter pam password change = yes doing parameter map to guest = bad user doing parameter usershare allow guests = yes pm_process() returned Yes lp_servicenumber: couldn't find homes set_server_role: role = ROLE_STANDALONE Attempting to register new charset UCS-2LE Registered charset UCS-2LE Attempting to register new charset UTF-16LE Registered charset UTF-16LE Attempting to register new charset UCS-2BE Registered charset UCS-2BE Attempting to register new charset UTF-16BE Registered charset UTF-16BE Attempting to register new charset UTF8 Registered charset UTF8 Attempting to register new charset UTF-8 Registered charset UTF-8 Attempting to register new charset ASCII Registered charset ASCII Attempting to register new charset 646 Registered charset 646 Attempting to register new charset ISO-8859-1 Registered charset ISO-8859-1 Attempting to register new charset UCS2-HEX Registered charset UCS2-HEX Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE added interface eth1 ip=fe80::224:2bff:fed5:de75%eth1 bcast=fe80:::::%eth1 netmask=::::: added interface eth1 ip=192.168.1.71 bcast=192.168.1.255 netmask=255.255.255.0 Netbios name list:- my_netbios_names[0]=JEN-LAPTOP Client started (version 3.5.11). Enter pmatos's password: Opening cache file at /var/run/samba/gencache.tdb tdb(/var/run/samba/gencache.tdb): tdb_open_ex: could not open file /var/run/samba/gencache.tdb: No such file or directory Attempt to open gencache.tdb has failed. sitename_fetch: No stored sitename for internal_resolve_name: looking up zeus#20 (sitename (null)) Opening cache file at /var/run/samba/gencache.tdb tdb(/var/run/samba/gencache.tdb): tdb_open_ex: could not open file /var/run/samba/gencache.tdb: No such file
[Samba] Cannot access share tevent_req_timedout
Hi all, I am running an smbclient 3.4.7 on a ubuntu server 10.04. This is a local network whose hostnames in the network are setup manually through /etc/hosts. Zeus is a server which contains a music share which I am trying to access. I haven't created any users or passwords. The idea is that anyone within the local network should be able to access the share with read permissions, so I guess that's what guests are for. Share's permissions are: $ ls -la /mnt/brain/media/music/flac/ total 40 drwxrwxr-x 10 pmatos media 4096 2012-04-18 21:38 . Zeus smb.conf is: pmatos@zeus:~$ cat /etc/samba/smb.conf [global] workgroup = MATOS-SORGE server string = %h server (Samba, Ubuntu) wins support = yes netbios name = ZEUS name resolve order = lmhosts wins bcast host log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d usershare allow guests = yes [Music] comment = Music Share path = /mnt/brain/media/music/flac browsable = yes guest ok = yes read only = yes available = yes pmatos@zeus:~$ On Zeus doing : pmatos@zeus:~$ smbclient //localhost/Music Enter pmatos's password: Anonymous login successful Domain=[MATOS-SORGE] OS=[Unix] Server=[Samba 3.4.7] smb: \ succeeds, however, in another pc on the network: pmatos@jen-laptop:~$ smbclient //zeus/Music --debuglevel=10 INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 acls: False/0 locking: False/0 msdfs: False/0 dmapi: False/0 registry: False/0 lp_load_ex: refreshing parameters Initialising global parameters rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) params.c:pm_process() - Processing configuration file /etc/samba/smb.conf Processing section [global] doing parameter workgroup = WORKGROUP doing parameter server string = %h server (Samba, Ubuntu) doing parameter dns proxy = no doing parameter log file = /var/log/samba/log.%m doing parameter max log size = 1000 doing parameter syslog = 0 doing parameter panic action = /usr/share/samba/panic-action %d doing parameter encrypt passwords = true doing parameter passdb backend = tdbsam doing parameter obey pam restrictions = yes doing parameter unix password sync = yes doing parameter passwd program = /usr/bin/passwd %u doing parameter passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . doing parameter pam password change = yes doing parameter map to guest = bad user doing parameter usershare allow guests = yes pm_process() returned Yes lp_servicenumber: couldn't find homes set_server_role: role = ROLE_STANDALONE Attempting to register new charset UCS-2LE Registered charset UCS-2LE Attempting to register new charset UTF-16LE Registered charset UTF-16LE Attempting to register new charset UCS-2BE Registered charset UCS-2BE Attempting to register new charset UTF-16BE Registered charset UTF-16BE Attempting to register new charset UTF8 Registered charset UTF8 Attempting to register new charset UTF-8 Registered charset UTF-8 Attempting to register new charset ASCII Registered charset ASCII Attempting to register new charset 646 Registered charset 646 Attempting to register new charset ISO-8859-1 Registered charset ISO-8859-1 Attempting to register new charset UCS2-HEX Registered charset UCS2-HEX Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE added interface eth1 ip=fe80::224:2bff:fed5:de75%eth1 bcast=fe80:::::%eth1 netmask=::::: added interface eth1 ip=192.168.1.71 bcast=192.168.1.255 netmask=255.255.255.0 Netbios name list:- my_netbios_names[0]=JEN-LAPTOP Client started (version 3.5.11). Enter pmatos's password: Opening cache file at /var/run/samba/gencache.tdb tdb(/var/run/samba/gencache.tdb): tdb_open_ex: could not open file /var/run/samba/gencache.tdb: No such file or directory Attempt to open gencache.tdb has failed. sitename_fetch: No stored sitename for internal_resolve_name: looking up zeus#20 (sitename (null)) Opening cache file at /var/run/samba/gencache.tdb tdb(/var/run/samba/gencache.tdb): tdb_open_ex: could not open file /var/run/samba/gencache.tdb: No such file or directory Attempt to open gencache.tdb has failed. no
[Samba] error with provisionsing
I found the samba4 HOW-TO on the wiki and I have followed it to using Ubuntu server versions 11.10 and 10.04. I have been unsuccessful at step 4 running the provision script. I have run the following commands to get to get to this point: $ sudo git clone git://git.samba.org/samba.git samba-master; cd samba-master $ sudo apt-get install build-essential libattr1-dev libblkid-dev libgnutls-dev libreadline5-dev python-dev autoconf python-dnspython gdb pkg-config bind9utils libpopt-dev When this command was run on 11.10 I received an error that the package libreadline5-dev was not found. As an alternative the libreadline-gplv2-dev or lib64readline-gplv2-dev were suggested, I chose the libreadline-gplv2-dev, because it was a 32 bit install, as the replacement. $ sudo ./configure.developer $ sudo make $ sudo make install $ sudo ./source4/setup/provision --realm=home.com --domain=HOME --adminpass=P@ssw0rd --server-role='domain controller' The following is the output of I am receiving on both editions. bin/tdbbackup: /home/administrator/samba-master/bin/shared/private/libtdb.so: version `SAMBA_4.0.0ALPHA18_DEVELOPERBUILD' not found (required by bin/tdbbackup) Failed to setup database for BIND, AD based DNS cannot be used Traceback (most recent call last): File ./source4/setup/provision, line 256, in module useeadb=eadb, next_rid=opts.next_rid, lp=lp) File bin/python/samba/provision/__init__.py, line 1757, in provision am_rodc=am_rodc, lp=lp) File bin/python/samba/provision/__init__.py, line 1491, in provision_fill targetdir=targetdir, site=DEFAULTSITE) File bin/python/samba/provision/sambadns.py, line 990, in setup_ad_dns create_samdb_copy(samdb, logger, paths, names, domainsid, domainguid) File bin/python/samba/provision/sambadns.py, line 751, in create_samdb_copy os.path.join(dns_dir, sam.ldb)) File bin/python/samba/provision/sambadns.py, line 688, in tdb_copy raise Exception(Error copying %s % file1) Exception: Error copying /usr/local/samba/private/sam.ldb I am fairly new to working with samba and I do not know where to look to get this working and any suggestions would be greatly appreciated. Eric -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.5 + ldap backend - I can't logon under PDC
Am 25.08.2011 12:55, schrieb Jubacca: Hi , I use Samba 3.5 PDC + ldap backend . I can't put the machine if I don't specify the wins server on Pc-client. I try different name resolve order , but nothing change ? Can you help me ? My global is : [global] workgroup = workgroup netbios name = SERVER server string = Server Samba wins support = yes browse list = Yes remote announce = 10.0.0.255/workgroup lm announce = yes lm interval = 30 dns proxy = yes hosts allow = 127.0.0.1 10.0.0.1/255.255.255.0 name resolve order = wins lmhosts host bcast # name resolve order = bcast host lmhosts wins interfaces = bond0 , eth1 ,lo bind interfaces only = no log file = /var/log/samba/%U.%m.log log level = 0 passdb:6 auth:10 vfs:5 acls:3 msdfs:3 max log size = 5000 syslog = 0 panic action = /usr/share/samba/panic-action %d security = user username map = /etc/samba/usermap case sensitive = no encrypt passwords = true enable privileges = yes passdb backend = ldapsam:ldap://server:389/ ldap admin dn = cn=admin,dc=domain,dc=com ldap suffix = dc=domain,dc=com ldap user suffix = ou=users ldap group suffix = ou=groups ldap machine suffix = ou=computers ldap idmap suffix = ou=idmap ldap ssl = off ldap delete dn = nomap to guest = bad user domain logons = yes domain master = yes local master = yes preferred master = yes os level = 255 logon path = \\%N\profiles\%U logon drive = S: logon home = \\%N\%U logon script = logon.bat add user script = /usr/sbin/smbldap-useradd -a -m %u delete user script = /usr/sbin/smbldap-userdel %u add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u add machine script = /usr/sbin/smbldap-useradd -t 0 -w %u add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/smbldap-groupdel %g printing = cups socket options = TCP_NODELAY idmap uid = 1-2 idmap gid = 1-2 time server = yes null passwords = no idmap backend = ldap:ldap://server:389/ obey pam restrictions = yes ldap passwd sync = yes unix password sync = no passwd program = /usr/sbin/smbldap-passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes Hi, which distro you are using? i set up my ldap pdc with nsswitch. on ubuntu you have to install libnss-ldapd. greets juergen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Unable to find the Domain Master Browser - novice experience
Am 26.08.2011 12:57, schrieb Steve Nash: Bottom-line: this is now working for me. # /etc/samba/smb.conf # # Modifications made 1108260839 steve.n...@theiet.org # #=== Global Settings === [global] log file = /var/log/samba/log.%m guest account = Family load printers = no #1 read prediction = yes map to guest = bad user null passwords = yes encrypt passwords = true #1 winbind trusted domains only = yes #1 winbind use default domain = yes wins support = true #1 available = no netbios name = NashFS browseable = yes server string = %h (Samba, Ubuntu) #1 winbind enum users = no default = Storage workgroup = NASH os level = 20 #1 winbind enum groups = no security = user preferred master = yes #1 domain master = yes local master = yes #1 usershare allow guests = yes max log size = 1000 [Storage] browseable = yes writeable = yes delete readonly = yes path = /Storage force group = sambashare force user = Family comment = Storage for Windows public = yes available = yes ENVIRONMENT I set up a Ubuntu 10.04 host (NashFS) to be a central file-server for Home network used by about 10 various MSWindows machines. My objective was to create just a storage area that any of the family can use. But I was finding that the view of the Network from MSWindows was not consistent or reliable. . I have no MS Domain as far as I know. . Just a workgroup. . I have tried to avoid Win7 Homegroups because I cannot find any explanation of what they do! Eventually got round to checking /var/log/syslog on NashFS Found messages saying: Unable to find the Domain Master Browser name NASH1b for the workgroup NASH I use Webmin to configure the services on this machine. Webmin Servers Samba Windows File Sharing Global Configuration Windows Networking showed Master Browser? as Automatic. My first change was here, to set this to Yes. What took me a while to figure out is the restarting the Samba daemon smbd is not enough. Looking at /etc/samba/smb.conf showed me what I wanted to see, but restarting smbd was having no effect. I needed to restart nmbd also, but this is not visible from Webmin, so: sudo service nmbd restart NOTES As far as I can figure out I do not need winbind. It is part of the Webmin display of Samba. At some point, in setting up Samba, it had become active and was putting other messages into syslog. The file shown above includes lines related to winbind that I just recently commented out. I have now rid myself of winbind with: sudo apt-get purge winbind There are other commented lines that I have left in this copy just in case you see them too and want to know that it works for me without them. There are several other lines in there that are meaningless to me, so do not rely on my expertise J. If this little doc is useful to you please let me know steve.n...@theiet.org hi, i have this option in my smb.conf too -- domain logons = yes greets juergen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] windows7 and samba 3.4.7 in Ubuntu 10.04 LTS
Am 18.08.2011 12:49, schrieb Lumeng Lim: Is there a specific way of doing the smb.conf to make windows7 join the domain? was able to make windows7 join in one instance but when is not successful in logging into the domain using a domain user and also cannot add a domain user to the local machine. From my initial attempts, I was able to join the win7 machine but after I upgraded to 3.4.7 everything seems to have gone to hell. below are some of the messages i get from the logs [2011/08/18 14:16:27, 0] lib/util_sock.c:1498(get_peer_addr_internal) getpeername failed. Error was Transport endpoint is not connected read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer. [2011/08/18 14:17:31, 1] smbd/service.c:676(make_connection_snum) create_connection_server_info failed: NT_STATUS_ACCESS_DENIED [2011/08/18 14:44:11, 0] rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client SOMETHING-PC machine account SOMETHING-PC$ below is my global settings [global] workgroup = MYDOMAIN server string = HOSTNAME client schannel = Yes server schannel = Yes lanman auth = Yes client NTLMv2 auth = Yes log file = /var/log/samba/samba.%m max log size = 50 add user script = /usr/sbin/useradd -s /bin/bash %u delete user script = /usr/sbin/userdel %u add group script = /usr/sbin/groupadd %u delete group script = /usr/sbin/groupdel %g delete user from group script = /usr/sbin/deluser %u %g add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null %u logon script = %U.bat logon path = logon drive = M: logon home = \\hostname\%U domain logons = Yes os level = 64 preferred master = Yes domain master = Yes wins support = Yes you have seen this already? http://wiki.samba.org/index.php/Windows7 greetings juergen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] window, samba and ldap passwords
Am 16.08.2011 12:48, schrieb Dermot: Hi, I recently migrated to a Samba3x domain. One issue that has been reported to me is that XP users cannot change their password from their PC. I have done some searching and I haven't seen a straight forward answer to this. My config is ldap primary + Samba PDC on host A ldap slave + samba BDC on host B I see this error in the machine log when someone attempts to change their password: 2011/08/16 10:04:11.137313, 0] auth/pampass.c:861(smb_pam_passchange) smb_pam_passchange: PAM: Password Change Failed for user kreuze! [2011/08/16 10:04:11.200891, 0] auth/pampass.c:705(smb_pam_chauthtok) PAM: UNKNOWN PAM ERROR (8) for User: kreuze [2011/08/16 10:04:11.201002, 0] auth/pampass.c:861(smb_pam_passchange) smb_pam_passchange: PAM: Password Change Failed for user kreuze! [2011/08/16 10:04:11.215657, 0] auth/pampass.c:705(smb_pam_chauthtok) PAM: UNKNOWN PAM ERROR (8) for User: kreuze [2011/08/16 10:04:11.215741, 0] auth/pampass.c:861(smb_pam_passchange) smb_pam_passchange: PAM: Password Change Failed for user kreuze! I have seen this article: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/pam.html#id2667199 but I am not sure if it's appropriate for my environment. I suspect the answer to this may very dependent on my config. Can anyone offer any advice? Thanks in advance. Dermot. === smb.conf on PDC === dos charset = UTF-8 display charset = UTF-8 workgroup = FOO server string = %h server map to guest = Bad User passdb backend = ldapsam:ldap://127.0.0.1/ pam password change = Yes passwd program = /usr/sbin/smbldap-passwd -u %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *all*authentication*tokens*updated* unix password sync = Yes log level = 1 syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 smb ports = 139 445 name resolve order = wins hosts bcast time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 load printers = No add user script = /usr/sbin/smbldap-useradd -m %u delete user script = /usr/sbin/smbldap-userdel '%u' delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u add machine script = /usr/sbin/smbldap-useradd -w %u logon script = logon.bat logon path = logon drive = U: logon home = domain logons = Yes os level = 65 preferred master = Auto domain master = Yes dns proxy = No ldap admin dn = cn=admin,dc=mydomin,dc=co,dc=uk ldap delete dn = Yes ldap group suffix = ou=Groups ldap idmap suffix = ou=idmap ldap machine suffix = ou=Computers, ou=Users ldap passwd sync = yes ldap suffix = dc=mydomain,dc=co,dc=uk ldap ssl = no ldap timeout = 20 ldap user suffix = ou=Users panic action = /usr/share/samba/panic-action %d idmap backend = ldap:ldap://127.0.0.1/; idmap uid = 15000-2 idmap gid = 15000-2 map acl inherit = Yes case sensitive = No hide unreadable = Yes Hi, afaik, you have to authenticate users to change NTpasswd and stull like that. i have seen this example for slapd.conf # The userPassword by default can be changed # by the entry owning it if they are authenticated. # Others should not be able to see it, except the # admin entry below # These access lines apply to database #1 only access to attrs=userPassword,shadowLastChange,sambaNTPassword,sambaLMPassword by dn=cn=admin,dc=meinnetz,dc=xx write by anonymous auth by self write by * none but i don't know how to add it to dynamically configured ldap. cheers juergen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] window, samba and ldap passwords
Am 16.08.2011 13:06, schrieb Dermot: I have a stanza like this in the slapd.conf on the ldap master. # users can authenticate and change their password access to attrs=userPassword,sambaNTPassword,sambaLMPassword,sambaPwdMustChange,sambaPwdLastSet by self write by anonymous auth by * none I have a lot of debug messages from ldap going into the logs but I can't any errors. I can't see any attempt at a password change in the log. I know that the ldap password had not changed either. What do you mean by dynamically configured ldap? Thanks, Dp. On 16 August 2011 11:51, J. Echterj.ech...@elektro-mayer-echter.de wrote: Am 16.08.2011 12:48, schrieb Dermot: Hi, I recently migrated to a Samba3x domain. One issue that has been reported to me is that XP users cannot change their password from their PC. I have done some searching and I haven't seen a straight forward answer to this. My config is ldap primary + Samba PDC on host A ldap slave + samba BDC on host B I see this error in the machine log when someone attempts to change their password: 2011/08/16 10:04:11.137313, 0] auth/pampass.c:861(smb_pam_passchange) smb_pam_passchange: PAM: Password Change Failed for user kreuze! [2011/08/16 10:04:11.200891, 0] auth/pampass.c:705(smb_pam_chauthtok) PAM: UNKNOWN PAM ERROR (8) for User: kreuze [2011/08/16 10:04:11.201002, 0] auth/pampass.c:861(smb_pam_passchange) smb_pam_passchange: PAM: Password Change Failed for user kreuze! [2011/08/16 10:04:11.215657, 0] auth/pampass.c:705(smb_pam_chauthtok) PAM: UNKNOWN PAM ERROR (8) for User: kreuze [2011/08/16 10:04:11.215741, 0] auth/pampass.c:861(smb_pam_passchange) smb_pam_passchange: PAM: Password Change Failed for user kreuze! I have seen this article: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/pam.html#id2667199 but I am not sure if it's appropriate for my environment. I suspect the answer to this may very dependent on my config. Can anyone offer any advice? Thanks in advance. Dermot. === smb.conf on PDC === dos charset = UTF-8 display charset = UTF-8 workgroup = FOO server string = %h server map to guest = Bad User passdb backend = ldapsam:ldap://127.0.0.1/ pam password change = Yes passwd program = /usr/sbin/smbldap-passwd -u %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *all*authentication*tokens*updated* unix password sync = Yes log level = 1 syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 smb ports = 139 445 name resolve order = wins hosts bcast time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 load printers = No add user script = /usr/sbin/smbldap-useradd -m %u delete user script = /usr/sbin/smbldap-userdel '%u' delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u add machine script = /usr/sbin/smbldap-useradd -w %u logon script = logon.bat logon path = logon drive = U: logon home = domain logons = Yes os level = 65 preferred master = Auto domain master = Yes dns proxy = No ldap admin dn = cn=admin,dc=mydomin,dc=co,dc=uk ldap delete dn = Yes ldap group suffix = ou=Groups ldap idmap suffix = ou=idmap ldap machine suffix = ou=Computers, ou=Users ldap passwd sync = yes ldap suffix = dc=mydomain,dc=co,dc=uk ldap ssl = no ldap timeout = 20 ldap user suffix = ou=Users panic action = /usr/share/samba/panic-action %d idmap backend = ldap:ldap://127.0.0.1/; idmap uid = 15000-2 idmap gid = 15000-2 map acl inherit = Yes case sensitive = No hide unreadable = Yes Hi, afaik, you have to authenticate users to change NTpasswd and stull like that. i have seen this example for slapd.conf # The userPassword by default can be changed # by the entry owning it if they are authenticated. # Others should not be able to see it, except the # admin entry below # These access lines apply to database #1 only access to attrs=userPassword,shadowLastChange,sambaNTPassword,sambaLMPassword by dn=cn=admin,dc=meinnetz,dc=xx write by anonymous auth by self write by * none but i don't know how to add it to dynamically configured ldap. cheers juergen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba which distro do you use? -- To unsubscribe from this list go to the following URL and read the instructions: https
[Samba] multiple levels of group permissions on some folders in a share
trying to figure out the best way to accomplish this, running samba 3.x on a debian system in share level mode (workgroup) have a shared folder for all the staff that they have permssions to by membership of being in the staff group, this share has about 40-50 subfolders. now they have an intern starting and want to restict that intern to 5 of those folders which they'll access from an XP machine I could create a new share for each folder, but if they decide to expand the list of allowed folders, that gets clunky. So I created a new share for the intern and symlinked the 5 subfolders which they can see just fine, but they get a permission denied which makes sense since the intern account is not part of larger group with access to the 5 folders in question. What's the best way to allow them access to the 5 folders without allowing them to get access to the other 45 or so folders? -- Harondel J. Sibble Sibble Computer Consulting Creating Solutions for the small and medium business computer user. h...@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com Blog: http://www.pdscc.com/blog (604) 739-3709 (voice) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] migrated from samba tdbsam to ldapsam and now some strange errors.
ok, i found a solution... cp your profile to user.bak, delete the contents of user smbldap-userdel user smbldap-useradd -a -P user logon again, copy over your desktop files thats working for me. thanks anyeay. have a nice day juergen. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] migrated from samba tdbsam to ldapsam and now some strange errors.
Hi, i finally made it working to logon via ldap and roaming profiles... but a new problem is in front of me. i logged in as user already in db, all data is loaded from the roaming profile. but windows complains about securtiy settings (they are risky) in internet explorer, also i have u.s keyboard layout i dont' need. there are also error messages regarding mapping via net use. the saved connectioned could not be restored, the stored state wasn't touched. could you tell me what i have to fix now? domain SID is the same as the old tbsam domain SID, thats what i checked now. germany keyboard layout is changeable via system settings, but the internet explorer security settings are not resetable as it seems. i read about that ntuser.dat may cause this. i also renamed it to ntuser.bak, but i doesnt get created after a user logs out. thanks for your advice juergen. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] migrated from samba tdbsam to ldapsam and now some strange errors.
Am 08.08.2011 16:14, schrieb J. Echter: Hi, i finally made it working to logon via ldap and roaming profiles... but a new problem is in front of me. i logged in as user already in db, all data is loaded from the roaming profile. but windows complains about securtiy settings (they are risky) in internet explorer, also i have u.s keyboard layout i dont' need. there are also error messages regarding mapping via net use. the saved connectioned could not be restored, the stored state wasn't touched. could you tell me what i have to fix now? domain SID is the same as the old tbsam domain SID, thats what i checked now. germany keyboard layout is changeable via system settings, but the internet explorer security settings are not resetable as it seems. i read about that ntuser.dat may cause this. i also renamed it to ntuser.bak, but i doesnt get created after a user logs out. thanks for your advice juergen. another thing i think could cause this, userid's seem to have changed. i have had added some usere to remote users group, but those are not found anymore, sid was the same but user id has changed. so i had to readd them. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] migrated from samba tdbsam to ldapsam and now some strange errors.
Am 08.08.2011 16:14, schrieb J. Echter: germany keyboard layout is changeable via system settings, but the internet explorer security settings are not resetable as it seems. i have experienced that if i change the keyboard layout, it isn't saved, beacause on next login, all is as it was before. i could cry :) cheers. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba + LDAP + SMBLDAP-Tools + Roaming Profiles
Am 04.08.2011 12:09, schrieb J. Echter: Am 03.08.2011 18:43, schrieb TAKAHASHI Motonobu: From: J. Echterj.ech...@elektro-mayer-echter.de Date: Tue, 02 Aug 2011 14:12:05 +0200 I thought im done setting domain to WORKGROUP, as its set in smbldap.conf. I don't get why smbldap tools thinks im on a domain called BDC. Would it help if i post some output from pdbedit or stuff like that? I really don't get where this error comes from. Have you set the SID same as PDC on BDC? For example - bdc# net rpc getsid Storing SID S-1-5-21-2535719703-1779805756-2758924810 for Domain DomanName in secrets.tdb - Remembet that before running the command, you have to set smb.conf correctly as BDC. here's the conf of my testing smb machine: [global] domain master = no domain logons = no passdb backend = ldapsam:ldap://mule idmap backend = ldap:ldap://mule idmap uid = 1-15000 idmap gid = 1-15000 You have to set domain logons = yes to make this machine act as BDC. And are you running Winbind? If not, idmap backend/uid/gid does not mean anything. there's something wrong with my config... the successful logins are only able because the users are already there as local unix accounts. i created a new user 'test' and this one can't even login. Have you correctly set nss-ldap on BDC? For example /etc/nss_ldap.conf getent passwda-user-created-on-PDC on BDC shows his entry? --- TAKAHASHI Motonobumo...@samba.gr.jp ok, im sorry. im stupid. i overlooked that i disabled domain logons... now its showing the right domain with pdbedit -v thanks a lot. now im trying to logon again... cheers. so, i now have nsswitch, ldap and samba working... almost :) i added an test user, and created a testshare with valid users = test pdbedit -v test (all on bdc, users created on pdc) Unix username:test NT username: test Account Flags:[U ] User SID: S-1-5-21-3842863818-2180709222-141296495-3178 Primary Group SID:S-1-5-21-3842863818-2180709222-141296495-513 Full Name:test Home Directory: \\mule\test HomeDir Drive:H: Logon Script: test.bat Profile Path: \\mule\profile\test Domain: WORKGROUP Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: never Kickoff time: never Password last set:Fr, 05 Aug 2011 08:49:26 CEST Password can change: Fr, 05 Aug 2011 08:49:26 CEST Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FF getent passwd: test:x:1089:513:System User:/home/test:/bin/false getent group: Domain Admins:*:512:Administrator Domain Users:*:513: Domain Guests:*:514: Domain Computers:*:515: if i try to access the share, windows xp keeps asking for my password. /var/log/samba/log.smbd tells me: pdb_get_group_sid: Failed to find Unix account for test [2011/08/05 09:44:02, 0] auth/auth_sam.c:355(check_sam_security) check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER' whats wrong now? thanks for helping me. still lost. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba + LDAP + SMBLDAP-Tools + Roaming Profiles
Am 03.08.2011 18:43, schrieb TAKAHASHI Motonobu: net rpc getsid hi, yes i did this step and just repeated it to be sure. sudo net rpc getsid bdc: [sudo] password for bdc: Storing SID S-1-5-21-3842863818-2180709222-141296495 for Domain WORKGROUP in secrets.tdb pdc: sudo smbldap-useradd -a test bdc: pdbedit -v test Unix username:test NT username: test Account Flags:[UX ] User SID: S-1-5-21-3842863818-2180709222-141296495-3174 Primary Group SID:(NULL SID) Full Name:test Home Directory: \\pdc\test HomeDir Drive:H: Logon Script: test.bat Profile Path: \\pdc\profiles\test Domain: BDC Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: never Kickoff time: never Password last set:0 Password can change: 0 Password must change: 0 Last bad password : 0 Bad password count : 0 Logon hours : FF im completely lost, as you surely mentioned :) greetings and thanks juergen. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba + LDAP + SMBLDAP-Tools + Roaming Profiles
Am 03.08.2011 18:43, schrieb TAKAHASHI Motonobu: From: J. Echterj.ech...@elektro-mayer-echter.de Date: Tue, 02 Aug 2011 14:12:05 +0200 I thought im done setting domain to WORKGROUP, as its set in smbldap.conf. I don't get why smbldap tools thinks im on a domain called BDC. Would it help if i post some output from pdbedit or stuff like that? I really don't get where this error comes from. Have you set the SID same as PDC on BDC? For example - bdc# net rpc getsid Storing SID S-1-5-21-2535719703-1779805756-2758924810 for Domain DomanName in secrets.tdb - Remembet that before running the command, you have to set smb.conf correctly as BDC. here's the conf of my testing smb machine: [global] domain master = no domain logons = no passdb backend = ldapsam:ldap://mule idmap backend = ldap:ldap://mule idmap uid = 1-15000 idmap gid = 1-15000 You have to set domain logons = yes to make this machine act as BDC. And are you running Winbind? If not, idmap backend/uid/gid does not mean anything. there's something wrong with my config... the successful logins are only able because the users are already there as local unix accounts. i created a new user 'test' and this one can't even login. Have you correctly set nss-ldap on BDC? For example /etc/nss_ldap.conf getent passwda-user-created-on-PDC on BDC shows his entry? --- TAKAHASHI Motonobumo...@samba.gr.jp ok, im sorry. im stupid. i overlooked that i disabled domain logons... now its showing the right domain with pdbedit -v thanks a lot. now im trying to logon again... cheers. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to samba ldap and ssl
Am 02.08.2011 23:37, schrieb Eliano Leão: how to set up a file server with samba 3.5 and openldap with ssl support in debian. thanks hi, http://wiki.debian.org/LDAP/OpenLDAPSetup cheers juergen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba + LDAP + SMBLDAP-Tools + Roaming Profiles
Am 02.08.2011 14:54, schrieb J. Echter: Am 02.08.2011 14:40, schrieb Julien Celle: Le 02/08/2011 14:22, J. Echter a écrit : Am 02.08.2011 14:06, schrieb Julien Celle: pdbedit output indicates that the profile is stored on '\\pdc...' and that the user is defined on the domain 'BDC'. oh i forgot, profiles are on \\pdc. cheers. Hi, There may be a problem trying to access your profiles on \\pdc while authenticating against \\bdc. Your users try to access a share without giving your PDC credentials it can validate. Try moving your profile for your user test to \\bdc\profile... You could also post your whole smb.conf for your BDC. Cheers, Julien. first both of my configs... BDC: [global] domain master = no domain logons = yes passdb backend = ldapsam:ldap://mule idmap backend = ldap:ldap://mule idmap uid = 1-15000 idmap gid = 1-15000 ldap suffix = dc=workgroup,dc=local ldap user suffix = ou=smb-usr ldap group suffix = ou=groups ldap machine suffix = ou=computers ldap idmap suffix = ou=idmap ldap admin dn = cn=admin,dc=workgroup,dc=local ldap ssl = no ldap passwd sync = yes printing = bsd netbios name = BDC server string = BDC (%h) workgroup = workgroup interfaces = eth0,lo security = user encrypt passwords = true map to guest = bad user guest account = nobody logon path = \\pdc\profile\%U logon script = %U.bat logon drive = H: panic action = /usr/share/samba/panic-action %d PDC: [global] printing = bsd netbios name = PDC server string = PDC (%h) workgroup = workgroup interfaces = eth0,lo security = user encrypt passwords = true map to guest = bad user guest account = nobody ## LDAP passdb backend = ldapsam:ldap://127.0.0.1 idmap backend = ldap:ldap://127.0.0.1 idmap uid = 1-15000 idmap gid = 1-15000 ldap suffix = dc=workgroup,dc=local ldap user suffix = ou=smb-usr ldap group suffix = ou=groups ldap machine suffix = ou=computers ldap idmap suffix = ou=idmap ldap admin dn = cn=admin,dc=workgroup,dc=local ldap ssl = no ldap passwd sync = yes add machine script = /usr/sbin/smbldap-useradd -t 0 -w %u add user script = /usr/sbin/smbldap-useradd -a '%u' delete user script = /usr/sbin/smbldap-userdel %u add group script = /usr/sbin/smbldap-groupadd -a '%g' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' local master = yes preferred master = yes domain master = yes domain logons = yes logon path = \\pdc\profile\%U logon script = %U.bat logon drive = H: panic action = /usr/share/samba/panic-action %d atm i have domain logons = no, to avoid negative interaction with my running pdc. hope this helps. ok, what i know now :) there get's a second domain added to ldap directory if i, for example, add an user on pdc and do a pdbedit -v an-user i have a second SambaDomainName in my ldap tree. This one is called the same as my bdc is configured in its smb.conf. is it forbidden to name the server bdc or similar? i have set workgroup = workgroup in smb.conf on pdc and bdc. im lost with this... thanks juergen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba + LDAP + SMBLDAP-Tools + Roaming Profiles
Am 25.07.2011 14:38, schrieb J. Echter: Am 22.07.2011 17:48, schrieb TAKAHASHI Motonobu: From: J. Echterj.ech...@elektro-mayer-echter.de Date: Thu, 21 Jul 2011 08:51:25 +0200 Am 20.07.2011 18:08, schrieb TAKAHASHI Motonobu: hi, tried all your hints. still now profiles found... H... My testing environment is available at ftp://ftp.ring.gr.jp/pub/net/samba-jp/vmware_player_images/sambapdc-squeeze-20110713.zip In this environment, 1) # chmod 1777 /var/lib/samba/shares/profiles 2) changing hide files and profiles acls same as yours 3) # pdbedit -p \\sambapdc\profiles\username username 4) Logging on as the user, roaming profiles is successfully created. I'm using ldapsam:editposix instead of smbldap-tools, so this may not help you... --- TAKAHASHI Motonobumo...@samba.gr.jp Hi, there's something wrong with my config... the successful logins are only able because the users are already there as local unix accounts. i created a new user 'test' and this one can't even login. something with nsswitch seems configured wrong, imho. i get an error like 'no unix account found'. i will post the details about that later, i have to wait till i can switch the smb.conf again. cheers juergen. hi, i'm back :) but still the old problem. i have my tdbsam server running, i set up another samba server, without domain logons. i added a user 'test' to my ldap db. i added this user on the main pdc with smbldap-useradd sudo pdbedit -v test on my new test machine tells me: Unix username:test NT username: test Account Flags:[U ] User SID: S-1-5-21-3842863818-2180709222-141296495-3166 Primary Group SID:(NULL SID) Full Name:test Home Directory: \\pdc\test HomeDir Drive:H: Logon Script: test.bat Profile Path: \\pdc\profiles\test Domain: BDC Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: never Kickoff time: never Password last set:Fr, 22 Jul 2011 23:33:55 CEST Password can change: Fr, 22 Jul 2011 23:33:55 CEST Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FF i wonder because my domain is called workgroup, not bdc. BDC is the name of the machine, not the domain. if im using this user to logon, it isn't found. phpldapadmin also shows a line like: sambaDomainName=BDC http://192.168.0.200/phpldapadmin/cmd.php?cmd=template_engineserver_id=1dn=sambaDomainName%3DBDC%2Cdc%3Dworkgroup%2Cdc%3Dlocal sambaDomainName=workgroup http://192.168.0.200/phpldapadmin/cmd.php?cmd=template_engineserver_id=1dn=sambaDomainName%3Dworkgroup%2Cdc%3Dworkgroup%2Cdc%3Dlocal here's the conf of my testing smb machine: [global] domain master = no domain logons = no passdb backend = ldapsam:ldap://mule idmap backend = ldap:ldap://mule idmap uid = 1-15000 idmap gid = 1-15000 ldap suffix = dc=workgroup,dc=local ldap user suffix = ou=smb-usr ldap group suffix = ou=groups ldap machine suffix = ou=computers ldap idmap suffix = ou=idmap ldap admin dn = cn=admin,dc=workgroup,dc=local ldap ssl = no ldap passwd sync = yes printing = bsd netbios name = BDC server string = BDC (%h) workgroup = workgroup interfaces = eth0,lo security = user encrypt passwords = true map to guest = bad user guest account = nobody logon path = \\pdc\profile\%U logon script = %U.bat logon drive = H: panic action = /usr/share/samba/panic-action %d my smbldap config is the following: sambaDomain=workgroup suffix=dc=workgroup,dc=local userProfile=\\pdc\profiles\%U nsswitch.conf: passwd: files ldap shadow: files ldap group: files ldap hosts: files wins dns networks: files dns protocols: db files services: db files ethers: db files rpc:db files netgroup: nis i hope somebody can tell me whats going on. i'm completely lost since a while :) thanks a nice day to all. juergen. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba + LDAP + SMBLDAP-Tools + Roaming Profiles
Am 02.08.2011 14:06, schrieb Julien Celle: First of all, there is a problem between your samba conf and the output of pdbedit : your server netbios name is defined in your smb.conf as 'BDC' and your workgroup/domain as 'workgroup' whereas the pdbedit output indicates that the profile is stored on '\\pdc...' and that the user is defined on the domain 'BDC'. Setting those correctly to the same values should help. Le 02/08/2011 13:08, J. Echter a écrit : Am 25.07.2011 14:38, schrieb J. Echter: Am 22.07.2011 17:48, schrieb TAKAHASHI Motonobu: From: J. Echterj.ech...@elektro-mayer-echter.de Date: Thu, 21 Jul 2011 08:51:25 +0200 Am 20.07.2011 18:08, schrieb TAKAHASHI Motonobu: hi, tried all your hints. still now profiles found... H... My testing environment is available at ftp://ftp.ring.gr.jp/pub/net/samba-jp/vmware_player_images/sambapdc-squeeze-20110713.zip In this environment, 1) # chmod 1777 /var/lib/samba/shares/profiles 2) changing hide files and profiles acls same as yours 3) # pdbedit -p \\sambapdc\profiles\username username 4) Logging on as the user, roaming profiles is successfully created. I'm using ldapsam:editposix instead of smbldap-tools, so this may not help you... --- TAKAHASHI Motonobumo...@samba.gr.jp Hi, there's something wrong with my config... the successful logins are only able because the users are already there as local unix accounts. i created a new user 'test' and this one can't even login. something with nsswitch seems configured wrong, imho. i get an error like 'no unix account found'. i will post the details about that later, i have to wait till i can switch the smb.conf again. cheers juergen. hi, i'm back :) but still the old problem. i have my tdbsam server running, i set up another samba server, without domain logons. i added a user 'test' to my ldap db. i added this user on the main pdc with smbldap-useradd sudo pdbedit -v test on my new test machine tells me: Unix username: test NT username: test Account Flags: [U ] User SID: S-1-5-21-3842863818-2180709222-141296495-3166 Primary Group SID: (NULL SID) Full Name: test Home Directory: \\pdc\test HomeDir Drive: H: Logon Script: test.bat Profile Path: \\pdc\profiles\test Domain: BDC Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: never Kickoff time: never Password last set: Fr, 22 Jul 2011 23:33:55 CEST Password can change: Fr, 22 Jul 2011 23:33:55 CEST Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FF i wonder because my domain is called workgroup, not bdc. BDC is the name of the machine, not the domain. if im using this user to logon, it isn't found. phpldapadmin also shows a line like: sambaDomainName=BDC http://192.168.0.200/phpldapadmin/cmd.php?cmd=template_engineserver_id=1dn=sambaDomainName%3DBDC%2Cdc%3Dworkgroup%2Cdc%3Dlocal sambaDomainName=workgroup http://192.168.0.200/phpldapadmin/cmd.php?cmd=template_engineserver_id=1dn=sambaDomainName%3Dworkgroup%2Cdc%3Dworkgroup%2Cdc%3Dlocal here's the conf of my testing smb machine: [global] domain master = no domain logons = no passdb backend = ldapsam:ldap://mule idmap backend = ldap:ldap://mule idmap uid = 1-15000 idmap gid = 1-15000 ldap suffix = dc=workgroup,dc=local ldap user suffix = ou=smb-usr ldap group suffix = ou=groups ldap machine suffix = ou=computers ldap idmap suffix = ou=idmap ldap admin dn = cn=admin,dc=workgroup,dc=local ldap ssl = no ldap passwd sync = yes printing = bsd netbios name = BDC server string = BDC (%h) workgroup = workgroup interfaces = eth0,lo security = user encrypt passwords = true map to guest = bad user guest account = nobody logon path = \\pdc\profile\%U logon script = %U.bat logon drive = H: panic action = /usr/share/samba/panic-action %d my smbldap config is the following: sambaDomain=workgroup suffix=dc=workgroup,dc=local userProfile=\\pdc\profiles\%U nsswitch.conf: passwd: files ldap shadow: files ldap group: files ldap hosts: files wins dns networks: files dns protocols: db files services: db files ethers: db files rpc: db files netgroup: nis i hope somebody can tell me whats going on. i'm completely lost since a while :) thanks a nice day to all. juergen. Hi, my PDC has netbios name PDC and domain WORKGROUP, this one works (but not with LDAP) i setup this box called BDC (i want to integrate it as BDC later on) I thought im done setting domain to WORKGROUP, as its set in smbldap.conf. I don't get why smbldap tools thinks im on a domain called BDC. Would it help if i post some output from pdbedit or stuff like that? I really don't get where this error comes from. thanks for helping greetings juergen. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba + LDAP + SMBLDAP-Tools + Roaming Profiles
Am 02.08.2011 14:06, schrieb Julien Celle: pdbedit output indicates that the profile is stored on '\\pdc...' and that the user is defined on the domain 'BDC'. oh i forgot, profiles are on \\pdc. cheers. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba + LDAP + SMBLDAP-Tools + Roaming Profiles
Am 02.08.2011 14:40, schrieb Julien Celle: Le 02/08/2011 14:22, J. Echter a écrit : Am 02.08.2011 14:06, schrieb Julien Celle: pdbedit output indicates that the profile is stored on '\\pdc...' and that the user is defined on the domain 'BDC'. oh i forgot, profiles are on \\pdc. cheers. Hi, There may be a problem trying to access your profiles on \\pdc while authenticating against \\bdc. Your users try to access a share without giving your PDC credentials it can validate. Try moving your profile for your user test to \\bdc\profile... You could also post your whole smb.conf for your BDC. Cheers, Julien. first both of my configs... BDC: [global] domain master = no domain logons = yes passdb backend = ldapsam:ldap://mule idmap backend = ldap:ldap://mule idmap uid = 1-15000 idmap gid = 1-15000 ldap suffix = dc=workgroup,dc=local ldap user suffix = ou=smb-usr ldap group suffix = ou=groups ldap machine suffix = ou=computers ldap idmap suffix = ou=idmap ldap admin dn = cn=admin,dc=workgroup,dc=local ldap ssl = no ldap passwd sync = yes printing = bsd netbios name = BDC server string = BDC (%h) workgroup = workgroup interfaces = eth0,lo security = user encrypt passwords = true map to guest = bad user guest account = nobody logon path = \\pdc\profile\%U logon script = %U.bat logon drive = H: panic action = /usr/share/samba/panic-action %d PDC: [global] printing = bsd netbios name = PDC server string = PDC (%h) workgroup = workgroup interfaces = eth0,lo security = user encrypt passwords = true map to guest = bad user guest account = nobody ## LDAP passdb backend = ldapsam:ldap://127.0.0.1 idmap backend = ldap:ldap://127.0.0.1 idmap uid = 1-15000 idmap gid = 1-15000 ldap suffix = dc=workgroup,dc=local ldap user suffix = ou=smb-usr ldap group suffix = ou=groups ldap machine suffix = ou=computers ldap idmap suffix = ou=idmap ldap admin dn = cn=admin,dc=workgroup,dc=local ldap ssl = no ldap passwd sync = yes add machine script = /usr/sbin/smbldap-useradd -t 0 -w %u add user script = /usr/sbin/smbldap-useradd -a '%u' delete user script = /usr/sbin/smbldap-userdel %u add group script = /usr/sbin/smbldap-groupadd -a '%g' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' local master = yes preferred master = yes domain master = yes domain logons = yes logon path = \\pdc\profile\%U logon script = %U.bat logon drive = H: panic action = /usr/share/samba/panic-action %d atm i have domain logons = no, to avoid negative interaction with my running pdc. hope this helps. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba + LDAP + SMBLDAP-Tools + Roaming Profiles
Am 22.07.2011 17:48, schrieb TAKAHASHI Motonobu: From: J. Echter j.ech...@elektro-mayer-echter.de Date: Thu, 21 Jul 2011 08:51:25 +0200 Am 20.07.2011 18:08, schrieb TAKAHASHI Motonobu: hi, tried all your hints. still now profiles found... H... My testing environment is available at ftp://ftp.ring.gr.jp/pub/net/samba-jp/vmware_player_images/sambapdc-squeeze-20110713.zip In this environment, 1) # chmod 1777 /var/lib/samba/shares/profiles 2) changing hide files and profiles acls same as yours 3) # pdbedit -p \\sambapdc\profiles\username username 4) Logging on as the user, roaming profiles is successfully created. I'm using ldapsam:editposix instead of smbldap-tools, so this may not help you... --- TAKAHASHI Motonobu mo...@samba.gr.jp Hi, there's something wrong with my config... the successful logins are only able because the users are already there as local unix accounts. i created a new user 'test' and this one can't even login. something with nsswitch seems configured wrong, imho. i get an error like 'no unix account found'. i will post the details about that later, i have to wait till i can switch the smb.conf again. cheers juergen. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba + LDAP + SMBLDAP-Tools + Roaming Profiles
Am 20.07.2011 18:08, schrieb TAKAHASHI Motonobu: From: J. Echterj.ech...@elektro-mayer-echter.de Date: Wed, 20 Jul 2011 17:58:34 +0200 i've finally have my LDAP backend working for authentication for my DC. Logon scripts are executed, user is authenticated, but my roaming profiles are not found. here is what i have in my config files: (snip) hide files = /desktop.ini/ntuser.ini/NTUSER.*/Thumbs.db/ Try to comment this line. [profile] path = /bacula/samba/profile This path has valid permission? guest ok = yes Try to remove guest ok line. And actually pdbedit -v a-user shows valid profile path? --- TAKAHASHI Motonobumo...@monyo.com hi, tried all your hints. still now profiles found... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba + LDAP + SMBLDAP-Tools + Roaming Profiles
Am 21.07.2011 11:33, schrieb L.P.H. van Belle: Hai, a working profile share.. [profiles] path = /bacula/samba/profile comment = Profiel enviroment. read only = no create mask = 0600 directory mask = 0700 browseable = Yes guest ok = Yes csc policy = disable force user = %U # next line allows administrator to access all profiles valid users = %U @Domain Admins good luck. i'll try with this one and will report back. thanks juergen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba + LDAP + SMBLDAP-Tools + Roaming Profiles
Hi, i've finally have my LDAP backend working for authentication for my DC. Logon scripts are executed, user is authenticated, but my roaming profiles are not found. here is what i have in my config files: smb.conf [global] printing = bsd netbios name = PDC server string = PDC (%h) workgroup = workgroup interfaces = eth0,lo security = user encrypt passwords = true map to guest = bad user guest account = nobody ## LDAP passdb backend = ldapsam:ldap://127.0.0.1 idmap backend = ldap:ldap://127.0.0.1 idmap uid = 1-15000 idmap gid = 1-15000 ldap suffix = dc=workgroup,dc=local ldap user suffix = ou=smb-usr ldap group suffix = ou=groups ldap machine suffix = ou=computers ldap idmap suffix = ou=idmap ldap admin dn = cn=admin,dc=workgroup,dc=local ldap ssl = no ldap passwd sync = yes add machine script = /usr/sbin/smbldap-useradd -t 0 -w %u add user script = /usr/sbin/smbldap-useradd -a '%u' delete user script = /usr/sbin/smbldap-userdel %u add group script = /usr/sbin/smbldap-groupadd -a '%g' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' local master = yes preferred master = yes domain master = yes domain logons = yes logon path = \\%L\profile\%U logon script = %U.bat logon drive = H: hide files = /desktop.ini/ntuser.ini/NTUSER.*/Thumbs.db/ panic action = /usr/share/samba/panic-action %d #=== Share Definitions === [homes] comment = Home Directories browseable = no writeable = yes [profile] comment = Profildateien path = /bacula/samba/profile guest ok = yes browseable = no create mask = 0600 directory mask = 0700 writeable = yes profile acls = yes [netlogon] comment = Network Logon Service path = /bacula/samba/netlogon guest ok = yes writeable = no share modes = no browseable = no smbldap.conf userHome=/home/%U (also tried \\pdc\%U) userSmbHome=\\pdc\%U userProfile=\\pdc\profile\%U userHomeDrive=H: userScript=%U.bat what is it what i am overlooking? many thanks and greets juergen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba + LDAP + SMBLDAP-Tools + Roaming Profiles
Am 20.07.2011 18:08, schrieb TAKAHASHI Motonobu: [profile] path = /bacula/samba/profile This path has valid permission? drwxrwxrwt 21 root root 4096 Jul 7 09:48 profile And actually pdbedit -v a-user shows valid profile path? pdbedit -v klaudia Full Name:klaudia Home Directory: \\pdc\klaudia HomeDir Drive:H: Logon Script: klaudia.bat Profile Path: \\pdc\profile\klaudia Domain: WORKGROUP cheers juergen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] PDC will create new roaming profiles but fails to load them on subsequent logons
Thanks for the suggestion, Sean, but that didn't work for me. This config is what finally did it: [profiles] admin users = @domainadmins browseable = No comment = Users profiles create mask = 0600 csc policy = disable directory mask = 0700 guest ok = Yes path = /home/samba/profiles profile acls = yes read only = no writable = yes valid users = %U As you can see, I made a few changes to the profiles share, so I'm not sure which one actually corrected the problem, but I've got a feeling it was the introduction of the valid users directive which finally allowed me to load the profiles. Interestingly, the files in the profile are now owned by root instead of by the user they belong to, but despite having 600 permissions, users on the Windows side are able to access and edit them. Any idea why these aren't owned by the proper user? Any thoughts as to whether or not this might be a problem later? Thanks, -Frank On Tue, Jul 19, 2011 at 3:37 AM, Sean Crosby richardnixonsh...@gmail.comwrote: Remove the guest ok = Yes line, and restart samba Sean -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] PDC will create new roaming profiles but fails to load them on subsequent logons
Thanks for the response, Berni. There's no DNS in this setup. Clients are able to access user homes and run logon scripts, and as you can see I'm using the %N variable for both. I'd guess that if server name resolution were an issue, loading the home shares and logon scripts would fail as well. I'm open to the idea of being wrong, though. :-) How would I verify proper resolution in this context? Thanks much, -Frank On Mon, Jul 18, 2011 at 11:20 AM, Berni Elbourn be...@elbournb.fsnet.co.ukwrote: On 15/07/11 19:33, Frank J. Gómez wrote: logon home = \\%N\%U logon path = \\%N\profiles\%U Perhaps check the server name here. Does your Dns or wins resolve it? A sledge hammer would be to use an lmhost entry on the PCs. Berni -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] PDC will create new roaming profiles but fails to load them on subsequent logons
Hello, I'm running Samba Version 3.4.7 on Ubuntu 10.04.2 LTS. I'm using Samba as the Primary Domain Controller. Things that work: - Clients can logon - I can run logon scripts - Roaming profiles are created for new users on logon However, when I try to logon again with the same user, I invariably get this error message: Your roaming profile is not available. You are logged on with the locally stored profile. Changes to the profiles will not be copied to the server. Possible causes of this error include network problems or insufficient security rights. If this problem persists, contact your network administrator. DETAIL - Access is denied. Below is a snippet of my config. I'm trying to show only relevant settings; please ask for more if I've left out something important: [global] ## Authentication ## encrypt passwords = true obey pam restrictions = Yes passdb backend = tdbsam security = user ## Domains ## domain logons = Yes domain master = Yes local master = yes logon drive = H: logon home = \\%N\%U logon path = \\%N\profiles\%U logon script = %U.bat os level = 65 preferred master = Yes root preexec = /usr/local/bin/logon-generator.sh %U [netlogon] comment = Network Logon Service guest ok = yes path = /home/samba/netlogon read only = yes share modes = no [profiles] browseable = No comment = Users profiles create mask = 0600 directory mask = 0700 guest ok = Yes path = /home/samba/profiles profile acls = yes writable = yes The permissions on /home/samba/profiles are 777. The permissions on any directory that Samba creates in this share are 700. Thanks for your help, -Frank -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] PDC + BDC + Roaming Profiles
Hi, i have a LDAP Master / Slave setup, but my roaming profiles are lying on the PDC. Whats the best method to keep the profiles in sync? Or should i use another FileServer for the profiles? what do i have to check in smb.conf for having profiles on a different machine? do i also need to move the netlogon dir? cheers juergen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] PDC + BDC + Roaming Profiles
Am 14.07.2011 16:09, schrieb John Drescher: Whats the best method to keep the profiles in sync? Or should i use another FileServer for the profiles? I have always done that. There are no file shares on my PDC or BDCs. John i'm thinking bout using DRBD to have the files sync. i know i can't access them from both machines at the same time, but i would be up and running faster than setting up a new box. not a good idea? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] migration from tdbsam to ldap + creation of bdc
Am 06.07.2011 14:38, schrieb Андрей Гребенников: What's the problem? You only have to create the slave ldap on your second machine and synchronize the base, then copy the smb.conf to the second machine and change the option domain master to no in it Hi, you're right :) there was no problem. just a damn typo i didn't see, till now :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] migration from tdbsam to ldap + creation of bdc
Hi, i have a small problem. I have a production machine which is used as PDC, FileServer, Groupware-Server, Backup-Server. As our data needs are growing more and more we decided to split these machines up, to stay with a more stable system. At the moment i have tdbsam password backend, a running LDAP server (groupware), a running pdc. I want to have 1x machine hosting: pdc, ldap master, backup groupware 1x machine hosting: bdc, ldap slave, fileserver All docs i found are a few years old, and in the ubuntu wiki it says ldap configuration is changing with every release. So, im not sure which tutorial to use. Main problem is the production state of the running samba machine... What would you guys recommend to handle this situation? best regards J. Echter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] migration from tdbsam to ldap + creation of bdc
sorry, forgot to add my system... ubuntu 10.04-LTS x64 greetings. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] confusion about shares and rights
Hi, i have some shares defined in my smb.conf, but now i experience rights issues. a share looks like this: [share] path = /mnt/share guest ok = yes writeable = no public = no write list = @ntusers read only = no this settings i have set since i experience problems. before it looked like this and worked: [share] path = /mnt/share guest ok = yes writeable = yes public = no write list = @ntusers since a few days i have the problem that i can copy files to the share, but can't delete or modify them. i have some other shares i want to be used only by some picked people. these shares look like this: [bau] path = /mnt/share2 guest ok = no writeable = no public = no valid users = tom peter Administrator read only = no same issue there. my smb.conf global section: [global] printing = bsd netbios name = PDC server string = PDC (%h) workgroup = workgroup interfaces = eth0,lo security = user encrypt passwords = true map to guest = bad user local master = yes preferred master = yes domain master = yes domain logons = yes add user script = /usr/sbin/useradd -m '%u' -g ntusers -G ntusers -s /bin/false delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/usermod -G '%g' '%u' add machine script = /usr/sbin/useradd -d /var/lib/nobody -g 100 -s /bin/false -M %u logon path = \\%L\profile\%U logon script = %U.bat logon drive = H: hide files = /desktop.ini/ntuser.ini/NTUSER.*/Thumbs.db/ panic action = /usr/share/samba/panic-action %d i hope you can help out. im still wondering why this has worked before :( greetings juergen. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] confusion about shares and rights
Am 10.05.2011 09:49, schrieb J. Echter: Hi, i have some shares defined in my smb.conf, but now i experience rights issues. a share looks like this: [share] path = /mnt/share guest ok = yes writeable = no public = no write list = @ntusers read only = no this settings i have set since i experience problems. before it looked like this and worked: [share] path = /mnt/share guest ok = yes writeable = yes public = no write list = @ntusers since a few days i have the problem that i can copy files to the share, but can't delete or modify them. i have some other shares i want to be used only by some picked people. these shares look like this: [bau] path = /mnt/share2 guest ok = no writeable = no public = no valid users = tom peter Administrator read only = no same issue there. my smb.conf global section: [global] printing = bsd netbios name = PDC server string = PDC (%h) workgroup = workgroup interfaces = eth0,lo security = user encrypt passwords = true map to guest = bad user local master = yes preferred master = yes domain master = yes domain logons = yes add user script = /usr/sbin/useradd -m '%u' -g ntusers -G ntusers -s /bin/false delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/usermod -G '%g' '%u' add machine script = /usr/sbin/useradd -d /var/lib/nobody -g 100 -s /bin/false -M %u logon path = \\%L\profile\%U logon script = %U.bat logon drive = H: hide files = /desktop.ini/ntuser.ini/NTUSER.*/Thumbs.db/ panic action = /usr/share/samba/panic-action %d i hope you can help out. im still wondering why this has worked before :( greetings juergen. i tried [share] path = /mnt/share guest ok = yes public = no valid users = @ntusers force group = @ntusers browseable = yes read only = no create mask = 0660 directory mask = 0770 force create mode = 0660 force directory mode = 0770 but still i get these permissions: drwxrwx--- 99999113 May 10 11:59 test somethings wrong here... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] confusion about shares and rights
Am 10.05.2011 12:35, schrieb Michal Belica: Hi Juergen, [share] path = /mnt/share guest ok = yes writeable = no public = no write list = @ntusers read only = no Hm, is it OK to combine writable = no with read only = no? I think they have the same effect, just reversed and using them like this could be a source of conflict. [share] path = /mnt/share guest ok = yes public = no valid users = @ntusers force group = @ntusers browseable = yes read only = no create mask = 0660 directory mask = 0770 force create mode = 0660 force directory mode = 0770 but still i get these permissions: drwxrwx--- 9 99 99 113 May 10 11:59 test somethings wrong here... And what permissions would you expect? You said force directory mode = 0770 and the test directory indeed has these permissions. Hi Michael, sorry, i was wrong. i meant the ownage of the dirs. i expected ntusers as group owner. but i solved my problem by putting create mode setting in to my share definitions. now it works as expected. thanks for your help. juergen. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] roaming profiles - one file can't be copied to server
Am 13.04.2011 08:19, schrieb L.P.H. van Belle: Hi, what is the error message ? if i guess.. Look for .TMP files in the users profile folder. delete them when the user is logged in. Let the user logout again and see if its happens again. i have these extra lines in the profiles in smb.conf csc policy = disable force user = %U # next line allows administrator to access all profiles valid users = %U @Domain Admins Louis -Oorspronkelijk bericht- Van: j.ech...@elektro-mayer-echter.de [mailto:samba-boun...@lists.samba.org] Namens J. Echter Verzonden: 2011-04-12 19:17 Aan: samba@lists.samba.org Onderwerp: [Samba] roaming profiles - one file can't be copied to server Hi, i have a Ubuntu x64 10.04 Server. Samba configured as PDC. Since today i experience that roaming prfiles can't copy one file to the server and shout an error message. It's no specific file, mostly its one in my Thunderbird Profile. Does anybody know what could this cause to happen? My smb.conf: [global] printing = bsd netbios name = PDC server string = PDC (%h) workgroup = workgroup interfaces = eth0,lo security = user encrypt passwords = true map to guest = bad user local master = yes preferred master = yes domain master = yes domain logons = yes add user script = /usr/sbin/useradd -m '%u' -g ntusers -G ntusers -s /bin/false delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/usermod -G '%g' '%u' add machine script = /usr/sbin/useradd -d /var/lib/nobody -g 100 -s /bin/false -M %u logon path = \\%L\profile\%U logon script = logon.bat hide files = /desktop.ini/ntuser.ini/NTUSER.*/Thumbs.db/ panic action = /usr/share/samba/panic-action %d #=== Share Definitions === [homes] comment = Home Directories browseable = no writeable = yes [profile] comment = Profildateien path = /bacula/samba/profile guest ok = yes browseable = no create mask = 0600 directory mask = 0700 writeable = yes profile acls = yes [netlogon] comment = Network Logon Service path = /bacula/samba/netlogon guest ok = yes writeable = no share modes = no browseable = no any hints about that? greetings juergen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba about the error message: Windows tells me that one file can't be written to server because its already in use, i have that on every computer. As i said its no specific file, but mostly from my thunderbird profile directorys. I checked twice that no one was logged in as i started testing this. i also moved the profile dir temp to another dir and tried to see whats happening when i logout. it starts copying files over complains about a file, finished with errors. strange. greetings. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] roaming profiles - one file can't be copied to server
Am 12.04.2011 19:16, schrieb J. Echter: Hi, i have a Ubuntu x64 10.04 Server. Samba configured as PDC. Since today i experience that roaming prfiles can't copy one file to the server and shout an error message. It's no specific file, mostly its one in my Thunderbird Profile. Does anybody know what could this cause to happen? My smb.conf: [global] printing = bsd netbios name = PDC server string = PDC (%h) workgroup = workgroup interfaces = eth0,lo security = user encrypt passwords = true map to guest = bad user local master = yes preferred master = yes domain master = yes domain logons = yes add user script = /usr/sbin/useradd -m '%u' -g ntusers -G ntusers -s /bin/false delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/usermod -G '%g' '%u' add machine script = /usr/sbin/useradd -d /var/lib/nobody -g 100 -s /bin/false -M %u logon path = \\%L\profile\%U logon script = logon.bat hide files = /desktop.ini/ntuser.ini/NTUSER.*/Thumbs.db/ panic action = /usr/share/samba/panic-action %d #=== Share Definitions === [homes] comment = Home Directories browseable = no writeable = yes [profile] comment = Profildateien path = /bacula/samba/profile guest ok = yes browseable = no create mask = 0600 directory mask = 0700 writeable = yes profile acls = yes [netlogon] comment = Network Logon Service path = /bacula/samba/netlogon guest ok = yes writeable = no share modes = no browseable = no any hints about that? greetings juergen Hi, i found another hint. I recently had created a directory with a user and copied some files into that. As im logging out now, the newly created file couldn't be copied to my profiles dir -- file already in use. any hints? greetings juergen. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] roaming profiles - one file can't be copied to server
Am 12.04.2011 19:16, schrieb J. Echter: Hi, i have a Ubuntu x64 10.04 Server. Samba configured as PDC. Since today i experience that roaming prfiles can't copy one file to the server and shout an error message. It's no specific file, mostly its one in my Thunderbird Profile. Does anybody know what could this cause to happen? My smb.conf: [global] printing = bsd netbios name = PDC server string = PDC (%h) workgroup = workgroup interfaces = eth0,lo security = user encrypt passwords = true map to guest = bad user local master = yes preferred master = yes domain master = yes domain logons = yes add user script = /usr/sbin/useradd -m '%u' -g ntusers -G ntusers -s /bin/false delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/usermod -G '%g' '%u' add machine script = /usr/sbin/useradd -d /var/lib/nobody -g 100 -s /bin/false -M %u logon path = \\%L\profile\%U logon script = logon.bat hide files = /desktop.ini/ntuser.ini/NTUSER.*/Thumbs.db/ panic action = /usr/share/samba/panic-action %d #=== Share Definitions === [homes] comment = Home Directories browseable = no writeable = yes [profile] comment = Profildateien path = /bacula/samba/profile guest ok = yes browseable = no create mask = 0600 directory mask = 0700 writeable = yes profile acls = yes [netlogon] comment = Network Logon Service path = /bacula/samba/netlogon guest ok = yes writeable = no share modes = no browseable = no any hints about that? greetings juergen ah and here a snippet from log.smbd [2011/04/13 17:04:55, 0] lib/util_sock.c:539(read_fd_with_timeout) [2011/04/13 17:04:55, 0] lib/util_sock.c:1498(get_peer_addr_internal) getpeername failed. Error was Transport endpoint is not connected read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] roaming profiles - one file can't be copied to server
Hi, i have a Ubuntu x64 10.04 Server. Samba configured as PDC. Since today i experience that roaming prfiles can't copy one file to the server and shout an error message. It's no specific file, mostly its one in my Thunderbird Profile. Does anybody know what could this cause to happen? My smb.conf: [global] printing = bsd netbios name = PDC server string = PDC (%h) workgroup = workgroup interfaces = eth0,lo security = user encrypt passwords = true map to guest = bad user local master = yes preferred master = yes domain master = yes domain logons = yes add user script = /usr/sbin/useradd -m '%u' -g ntusers -G ntusers -s /bin/false delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/usermod -G '%g' '%u' add machine script = /usr/sbin/useradd -d /var/lib/nobody -g 100 -s /bin/false -M %u logon path = \\%L\profile\%U logon script = logon.bat hide files = /desktop.ini/ntuser.ini/NTUSER.*/Thumbs.db/ panic action = /usr/share/samba/panic-action %d #=== Share Definitions === [homes] comment = Home Directories browseable = no writeable = yes [profile] comment = Profildateien path = /bacula/samba/profile guest ok = yes browseable = no create mask = 0600 directory mask = 0700 writeable = yes profile acls = yes [netlogon] comment = Network Logon Service path = /bacula/samba/netlogon guest ok = yes writeable = no share modes = no browseable = no any hints about that? greetings juergen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] compressed file VFS
Am 31.03.2011 15:44, schrieb John Drescher: I've had some good compression from lessfs ( http://www.lessfs.com/ ), not samba specific but is quite transparent, and POSIX compliant. I thought that lessfs was about datadeduplication. Is there compression as well? John http://www.sfr-fresh.com/linux/misc/lessfs-1.3.3.8.tar.gz:a/lessfs-1.3.3.8/lessfs.1#toc3 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] compressed file VFS
Am 31.03.2011 16:15, schrieb J. Echter: Am 31.03.2011 15:44, schrieb John Drescher: I've had some good compression from lessfs ( http://www.lessfs.com/ ), not samba specific but is quite transparent, and POSIX compliant. I thought that lessfs was about datadeduplication. Is there compression as well? John http://www.sfr-fresh.com/linux/misc/lessfs-1.3.3.8.tar.gz:a/lessfs-1.3.3.8/lessfs.1#toc3 sorry this link doesnt point to where i wanted to here's a snippet: *lessfs*is a filesystem that performs inline data deduplication. lessfs uses the 192-bit (24-byte) tiger hash algorithm by default to compare the data. The filesystem compresses the unique data blocks before writing them to disk. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
Am 16.03.2011 18:00, schrieb TAKAHASHI Motonobu: From: J. Echter j.ech...@elektro-mayer-echter.de Date: Wed, 16 Mar 2011 17:34:35 +0100 You should show us enough information for us to re-produce such as all content of smb.conf and related settings: In my lab, profile dir is successfully created. My env is... (snip) smb.conf (snip) ls -lR /home/samba/profile (snip) At first you had better try a simple settings like me. To look at your smb.conf, I tried with the smb.conf below: - [global] workgroup = SAMBA domain logons = yes add machine script = useradd %u map to guest = bad user logon path = \\%L\profiles\%U hide files = /desktop.ini/ntuser.ini/NTUSER.*/Thumbs.db/ [homes] writeable = yes browseable = no [profiles] path = /var/lib/samba/shares/profiles guest ok = yes browseable = no create mask = 0600 directory mask = 0700 writeable = yes profile acls = yes - and although still my user can create profile dirs and files... --- TAKAHASHI Motonobu mo...@monyo.com Hi, i have reduced my smb.conf a bit :) now it works. is there any option you would recommend to set for an PDC? Greetings and many many thanks for your hints. juergen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
sorry, forgot to add my smb.conf [global] printing = bsd workgroup = workgroup map to guest = bad user domain logons = yes add user script = /usr/sbin/useradd -m '%u' -g ntusers -G ntusers -s /bin/false delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/usermod -G '%g' '%u' add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody '%u' -g machines logon path = \\%L\profile\%U logon script = %U.bat hide files = /desktop.ini/ntuser.ini/NTUSER.*/Thumbs.db/ [homes] comment = Home Directories browseable = no writeable = yes # valid users = %S [profile] comment = Profildateien path = /home/samba/profile guest ok = yes browseable = no create mask = 0600 directory mask = 0700 writeable = yes profile acls = yes [netlogon] comment = Network Logon Service path = /home/samba/netlogon guest ok = yes writeable = no share modes = no failure was the commented # line. cheers. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba PDC adding new user, profile dir is not created
Hi, i have a Samba PDC (no LDAP) and added add user script to my config. I can create the user with no problems, login is possible but the /home/samba/profile/user dir is not created. Any hints on that? script commands i added: add user script = /usr/sbin/useradd -m '%u' -g ntusers -G ntusers -s /bin/false delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/usermod -G '%g' '%u' add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody '%u' -g machines this is running on Ubuntu 10.04-LTS server greetings Juergen. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
Am 16.03.2011 11:21, schrieb Marco Ciampa: On Wed, Mar 16, 2011 at 11:09:59AM +0100, J. Echter wrote: Hi, i have a Samba PDC (no LDAP) and added add user script to my config. I can create the user with no problems, login is possible but the /home/samba/profile/user dir is not created. Any hints on that? IMHO you have to create it with a script. In that script you will create the user (with useradd) and then the profile dir... ok, seems i need to figure out how this has to be done... greetings. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
Am 16.03.2011 11:33, schrieb Wasil: Hi You must have something like this: in smb.conf^ [profiles] . root preexec = /usr/local/bin/mkprofile.sh %u %g mkprofile.sh: #!/bin/sh PROFILE=/data2/profiles/$1 if [ ! -e $PROFILE ]; then mkdir -pm700 $PROFILE chown $1:$2 $PROFILE fi Wed, 16 Mar 2011 11:09:59 +0100 письмо от J. Echterj.ech...@elektro-mayer-echter.de: Hi, i have a Samba PDC (no LDAP) and added add user script to my config. I can create the user with no problems, login is possible but the /home/samba/profile/user dir is not created. Any hints on that? script commands i added: add user script = /usr/sbin/useradd -m '%u' -g ntusers -G ntusers -s /bin/false delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/usermod -G '%g' '%u' add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody '%u' -g machines this is running on Ubuntu 10.04-LTS server greetings Juergen. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Hi, thanks for the hint. but the profile dir doesn't get created. i edited the path in the script and gave it chmod u+x (to be sure :) ) still nothing created. if i run the script by hand it works. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
Am 16.03.2011 11:50, schrieb Bruce Richardson: On Wed, Mar 16, 2011 at 11:09:59AM +0100, J. Echter wrote: Hi, i have a Samba PDC (no LDAP) and added add user script to my config. I can create the user with no problems, login is possible but the /home/samba/profile/user dir is not created. It'll be created automatically when the user first logs in, if you have the right permissions on the profile share. It is possible to set the permissions/acls such that this doesn't allow users to read or interfere with each other's profiles. You only need to create it yourself if you want to preload it with some data. Is this what you need to do? no, i want to have a profile dir created when a new created user logs in. that's it. :) in my setup it doesnt get created. permission: drwxrwxrwx 4 root root4096 Feb 12 10:51 samba drwxrwxrwx 16 root root 4096 Mar 16 11:50 profile should be working for automagic creation. is there an special option on that? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
Am 16.03.2011 11:50, schrieb Bruce Richardson: On Wed, Mar 16, 2011 at 11:09:59AM +0100, J. Echter wrote: Hi, i have a Samba PDC (no LDAP) and added add user script to my config. I can create the user with no problems, login is possible but the /home/samba/profile/user dir is not created. It'll be created automatically when the user first logs in, if you have the right permissions on the profile share. It is possible to set the permissions/acls such that this doesn't allow users to read or interfere with each other's profiles. You only need to create it yourself if you want to preload it with some data. Is this what you need to do? ah maybe this is interesting too [profile] comment = Profildateien path = /home/samba/profile guest ok = yes browseable = no create mask = 0600 directory mask = 0700 writeable = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
thats what i did. maybe there's something else wrong with my profiles definition in this case? [profile] comment = Profildateien path = /home/samba/profile guest ok = yes browseable = no create mask = 0600 directory mask = 0700 writeable = yes root preexec = /usr/local/bin/mkprofiles.sh %u %g Am 16.03.2011 12:16, schrieb Wasil: You must add root preexec to the Section [profiles] my section [profiles]: comment = Network Profiles Service #path = %H path = /data2/profiles read only = No store dos attributes = Yes create mask = 0600 directory mask = 0700 write list = @DomainUsers @root root preexec = /usr/local/bin/mkprofile.sh %u %g Wed, 16 Mar 2011 12:04:40 +0100 письмо от J. Echterj.ech...@elektro-mayer-echter.de: Am 16.03.2011 11:33, schrieb Wasil: Hi You must have something like this: in smb.conf^ [profiles] . root preexec = /usr/local/bin/mkprofile.sh %u %g mkprofile.sh: #!/bin/sh PROFILE=/data2/profiles/$1 if [ ! -e $PROFILE ]; then mkdir -pm700 $PROFILE chown $1:$2 $PROFILE fi Wed, 16 Mar 2011 11:09:59 +0100 письмо от J. Echterj.ech...@elektro-mayer-echter.de: Hi, i have a Samba PDC (no LDAP) and added add user script to my config. I can create the user with no problems, login is possible but the /home/samba/profile/user dir is not created. Any hints on that? script commands i added: add user script = /usr/sbin/useradd -m '%u' -g ntusers -G ntusers -s /bin/false delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/usermod -G '%g' '%u' add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody '%u' -g machines this is running on Ubuntu 10.04-LTS server greetings Juergen. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Hi, thanks for the hint. but the profile dir doesn't get created. i edited the path in the script and gave it chmod u+x (to be sure :) ) still nothing created. if i run the script by hand it works. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
Am 16.03.2011 13:01, schrieb Bruce Richardson: On Wed, Mar 16, 2011 at 12:16:52PM +0100, J. Echter wrote: no, i want to have a profile dir created when a new created user logs in. that's it. :) Well, as long as you have the correct acls on the share and permissons on the directory, the user's workstation should try to create the user directory on the profiles share when the user first logs in. As far as I can see, your share definition and directory permissions are sufficient. What do you have in your logon path setting in smb.conf? And can you see anything in the logs? [netlogon] comment = Network Logon Service path = /home/samba/netlogon guest ok = yes writeable = no share modes = no imho nothing belongs to the problem. i increased log level = 12 meanwhile in my setup it doesnt get created. permission: drwxrwxrwx 4 root root4096 Feb 12 10:51 samba Um, if that's the /home/samba directory from your /home/samba/profile/%username profile path, then you've set the permissions there insecurely; ordinary users don't need to be creating directories in /home/samba, so you shouldn't need any more than 755 (or even 751) permissions there. drwxrwxrwx 16 root root 4096 Mar 16 11:50 profile Assuming that is /home/samba/profile, then I would recommend you change the permissions from 777 to 1777. It's a minor point and doesn't have anything to do with your problem. If you create these directories manually and then a user logs in, does the user's profile information then appear in their profile directory? permissions are set :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
Am 16.03.2011 13:01, schrieb Bruce Richardson: On Wed, Mar 16, 2011 at 12:16:52PM +0100, J. Echter wrote: no, i want to have a profile dir created when a new created user logs in. that's it. :) If you create these directories manually and then a user logs in, does the user's profile information then appear in their profile directory? sorry didn't mention this, nothing is copied to the manually added dir. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
Am 16.03.2011 16:55, schrieb Bruce Richardson: On Wed, Mar 16, 2011 at 12:01:52PM +, Bruce Richardson wrote: What do you have in your logon path setting in smb.conf? You never answered this question. You don't need to have anything there, because it defaults to \\%N\%U\profile, but if you do have something there, what is it? sorry, logon path = \\%L\profile\%U Are you sure you have actually activated domain logins? It is possible that you have simply set up a stand-alone file server. For the PDC to be working properly, you need security = user domain master = yes domain logons = yes this is all set. if i add my users manually (adduser, make profile dir), it works. i also set the permissions to the regarding testuser user profile dir. drwx-- 2 testerroot4096 Mar 16 14:41 tester greetings. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
Am 16.03.2011 17:21, schrieb TAKAHASHI Motonobu: From: J. Echterj.ech...@elektro-mayer-echter.de Date: Wed, 16 Mar 2011 11:09:59 +0100 i have a Samba PDC (no LDAP) and added add user script to my config. I can create the user with no problems, login is possible but the /home/samba/profile/user dir is not created. Any hints on that? You should show us enough information for us to re-produce such as all content of smb.conf and related settings: In my lab, profile dir is successfully created. My env is... - Debian lenny (hostname is lenny5) + self-compiled Samba 3.5.6 - my smb.conf and shares --- [global] workgroup = SAMBA domain logons = yes add machine script = useradd %u map to guest = bad user logon path = \\lenny5\profiles\%U [homes] writeable = yes browseable = no [profiles] path = /var/lib/samba/shares/profiles guest ok = yes browseable = no create mask = 0600 directory mask = 0700 writeable = yes --- # ls -lR /var/lib/samba /var/lib/samba/: total 4 drwxr-xr-x 6 root root 4096 2011-03-15 20:48 shares /var/lib/samba/shares: total 16 drwxrwxrwx 6 root root 4096 2011-03-17 01:07 profiles - Created a user: # useradd -d /var/home/test01 test01 # smbpasswd -a test01 # pdbedit -v test01 ... Profile Path: \\lenny5\profiles\test01 ... - When I logon as test01 from Windows XP workstation which is already joined to the SAMBA domain and logoff, profiles are created like: # ls -lR /var/lib/samba total 4 drwxr-xr-x 6 root root 4096 2011-03-15 20:48 shares /var/lib/samba/shares: total 16 drwxrwxrwx 6 root root 4096 2011-03-17 01:07 profiles /var/lib/samba/shares/profiles: total 16 drwx-- 13 test01 test01 4096 2011-03-17 01:08 test01 /var/lib/samba/shares/profiles/test01: total 568 drwx-- 3 test01 test01 4096 2010-10-11 01:10 Start Menu drwx-- 2 test01 test01 4096 2010-10-11 01:10 Desktop drwx-- 4 test01 test01 4096 2011-03-17 01:08 Application Data drwx-- 2 test01 test01 4096 2010-10-11 01:18 Cookies drwx-- 3 test01 test01 4096 2011-03-17 01:08 Favorites drwx-- 4 test01 test01 4096 2011-03-17 01:08 My Documents drwx-- 2 test01 test01 4096 2010-10-11 01:10 NetHood -rw--- 1 test01 test01 524288 2011-03-17 01:08 NTUSER.DAT -rw--- 1 test01 test01 1024 2011-03-17 01:08 ntuser.dat.LOG -rw--- 1 test01 test01270 2011-03-17 01:08 ntuser.ini ... --- TAKAHASHI Motonobumo...@monyo.com smb.conf [global] printing = bsd netbios name = PDC server string = PDC (%h) workgroup = workgroup interfaces = eth0,lo security = user encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . local master = yes preferred master = yes os level = 200 domain master = yes domain logons = yes add user script = /usr/sbin/useradd -m '%u' -g ntusers -G ntusers -s /bin/false delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/usermod -G '%g' '%u' add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody '%u' -g machines logon path = \\%L\profile\%U logon drive = h: logon script = %U.bat profile acls = yes hide files = /desktop.ini/ntuser.ini/NTUSER.*/Thumbs.db/ wins support = no log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 log level = 12 panic action = /usr/share/samba/panic-action %d use sendfile = yes [homes] comment = Home Directories browseable = no valid users = %S writeable = yes create mode = 0600 directory mode = 0700 [profile] comment = Profildateien path = /home/samba/profile guest ok = yes browseable = no create mask = 0600 directory mask = 0700 writeable = yes [netlogon] comment = Network Logon Service path = /home/samba/netlogon guest ok = yes writeable = no share modes = no ls -lR /home/samba/profile /home/samba/profile: total 60 drwx-- 16 info root4096 Mar 16 16:48 info drwx-- 15 root root4096 Oct 28 11:10 root all manually added users are logged in fine, and all get their profile dir loaded from pdc. thanks, and greetings. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
Am 16.03.2011 17:21, schrieb TAKAHASHI Motonobu: - Created a user: # useradd -d /var/home/test01 test01 # smbpasswd -a test01 # pdbedit -v test01 ... Profile Path: \\lenny5\profiles\test01 ... - When I logon as test01 from Windows XP workstation which is already joined to the SAMBA domain and logoff, profiles are created like: # ls -lR /var/lib/samba total 4 drwxr-xr-x 6 root root 4096 2011-03-15 20:48 shares /var/lib/samba/shares: total 16 drwxrwxrwx 6 root root 4096 2011-03-17 01:07 profiles /var/lib/samba/shares/profiles: total 16 drwx-- 13 test01 test01 4096 2011-03-17 01:08 test01 /var/lib/samba/shares/profiles/test01: total 568 drwx-- 3 test01 test01 4096 2010-10-11 01:10 Start Menu drwx-- 2 test01 test01 4096 2010-10-11 01:10 Desktop drwx-- 4 test01 test01 4096 2011-03-17 01:08 Application Data drwx-- 2 test01 test01 4096 2010-10-11 01:18 Cookies drwx-- 3 test01 test01 4096 2011-03-17 01:08 Favorites drwx-- 4 test01 test01 4096 2011-03-17 01:08 My Documents drwx-- 2 test01 test01 4096 2010-10-11 01:10 NetHood -rw--- 1 test01 test01 524288 2011-03-17 01:08 NTUSER.DAT -rw--- 1 test01 test01 1024 2011-03-17 01:08 ntuser.dat.LOG -rw--- 1 test01 test01270 2011-03-17 01:08 ntuser.ini ... --- TAKAHASHI Motonobumo...@monyo.com sorry again, something missing... i have to handle ringing telephones... i added a user like you did pdbedit -v bla Profile Path: \\pdc\profile\bla login as this user and logout again, no profile dir is created. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
Am 16.03.2011 18:02, schrieb t...@tms3.com: You should show us enough information for us to re-produce such as all content of smb.conf and related settings: In my lab, profile dir is successfully created. My env is... - Debian lenny (hostname is lenny5) + self-compiled Samba 3.5.6 - my smb.conf and shares --- [global] workgroup = SAMBA domain logons = yes add machine script = useradd %u map to guest = bad user logon path = \\lenny5\profiles\%U [homes] writeable = yes browseable = no [profiles] path = /var/lib/samba/shares/profiles guest ok = yes browseable = no create mask = 0600 directory mask = 0700 writeable = yes --- # ls -lR /var/lib/samba /var/lib/samba/: total 4 drwxr-xr-x 6 root root 4096 2011-03-15 20:48 shares /var/lib/samba/shares: total 16 drwxrwxrwx 6 root root 4096 2011-03-17 01:07 profiles - Created a user: # useradd -d /var/home/test01 test01 # smbpasswd -a test01 # pdbedit -v test01 ... Profile Path: \\lenny5\profiles\test01 ... - When I logon as test01 from Windows XP workstation which is already joined to the SAMBA domain and logoff, profiles are created like: # ls -lR /var/lib/samba total 4 drwxr-xr-x 6 root root 4096 2011-03-15 20:48 shares /var/lib/samba/shares: total 16 drwxrwxrwx 6 root root 4096 2011-03-17 01:07 profiles /var/lib/samba/shares/profiles: total 16 drwx-- 13 test01 test01 4096 2011-03-17 01:08 test01 /var/lib/samba/shares/profiles/test01: total 568 drwx-- 3 test01 test01 4096 2010-10-11 01:10 Start Menu drwx-- 2 test01 test01 4096 2010-10-11 01:10 Desktop drwx-- 4 test01 test01 4096 2011-03-17 01:08 Application Data drwx-- 2 test01 test01 4096 2010-10-11 01:18 Cookies drwx-- 3 test01 test01 4096 2011-03-17 01:08 Favorites drwx-- 4 test01 test01 4096 2011-03-17 01:08 My Documents drwx-- 2 test01 test01 4096 2010-10-11 01:10 NetHood -rw--- 1 test01 test01 524288 2011-03-17 01:08 NTUSER.DAT -rw--- 1 test01 test01 1024 2011-03-17 01:08 ntuser.dat.LOG -rw--- 1 test01 test01270 2011-03-17 01:08 ntuser.ini ... --- TAKAHASHI Motonobumo...@monyo.com smb.conf [global] printing = bsd netbios name = PDC server string = PDC (%h) workgroup = workgroup interfaces = eth0,lo security = user encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . local master = yes preferred master = yes os level = 200 domain master = yes domain logons = yes add user script = /usr/sbin/useradd -m '%u' -g ntusers -G ntusers -s /bin/false delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/usermod -G '%g' '%u' add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody '%u' -g machines logon path = \\%L\profile\%U logon drive = h: logon script = %U.bat profile acls = yes hide files = /desktop.ini/ntuser.ini/NTUSER.*/Thumbs.db/ wins support = no log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 log level = 12 panic action = /usr/share/samba/panic-action %d use sendfile = yes Where is your profile path? on /files/samba -- symlinked to /home/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Access to a share resource without password
THANKS Motonobu !!! The problem was the SELinux in my CentOS serverI've never heart about it, so it avoid me to access the share. THANKS TO EVERYBODY HERE and sorry for my interruptions. Regards, JeLo On Tue, Mar 1, 2011 at 1:20 PM, TAKAHASHI Motonobu mo...@monyo.com wrote: 2011/2/26 J. L. Cabral jelocab...@gmail.com: Dear, I have a Linux Samba server and a Windows XP SP2 client joined to the g-company.net domain. I want to access a Linux share resource in /var/share without password from WXP desktop FROM ANY USER. This is my scenario: - I don't create any Linux local user because I want total access from any user - I use security = share - My smbusers file is: root = administrator admin nobody = guest pcguest smbguest - The Windows XP guest account is guest but I don't know if it has any password setup. Form Windows XP I execute: \\samba_server\share but I get the error DENIED ACCESS. What can I do to access this resource ??? What is your distro and filesystems? Can you access with correct username and password? And if you use Fedora or CentOS or such kind of OSes, have you already stopped SELinux? If you have not, type setenforce 0 and try again. --- TAKAHASHI Motonobu mo...@monyo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Access to a share resource without password
Just a moment please, now I'll test with your instructions and I'll tell youthanks. On Tue, Mar 1, 2011 at 9:19 AM, Marco Ciampa ciam...@libero.it wrote: On Mon, Feb 28, 2011 at 12:21:32AM -0300, J. L. Cabral wrote: Chris, after following Marco guideline and fail I followed the tutorial you recommend to me, please see below: [...] just to remember you to post even when successful. We are interested in knowing what went wrong... -- Marco Ciampa ++ | Linux User #78271 | | FSFE fellow #364 | ++ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Access to a share resource without password
Dear, we still continue without access to samba share. Just a question: maybe the administrator of the Windows Domain has setup any policy ti avoide tha access from domain's users to samba ??? Has the administrator of my Windows domain allow any access or do something specific related to samba machine ??? Thanks again On Tue, Mar 1, 2011 at 10:07 AM, J. L. Cabral jelocab...@gmail.com wrote: Just a moment please, now I'll test with your instructions and I'll tell youthanks. On Tue, Mar 1, 2011 at 9:19 AM, Marco Ciampa ciam...@libero.it wrote: On Mon, Feb 28, 2011 at 12:21:32AM -0300, J. L. Cabral wrote: Chris, after following Marco guideline and fail I followed the tutorial you recommend to me, please see below: [...] just to remember you to post even when successful. We are interested in knowing what went wrong... -- Marco Ciampa ++ | Linux User #78271 | | FSFE fellow #364 | ++ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Access to a share resource without password
Chris, I'v efollowed your tutorial, see below the configuration of my Linux CentOS 5.5 please: testparm output: [global] workgroup = CASA map to guest = Bad User passdb backend = tdbsam username map = /etc/samba/smbusers cups options = raw (I put security = user but is not displayed in testparm) [share] comment = File server path = /var/share read only = No create mask = 0700 directory mask = 0700 guest ok = Yes In smbusers: root = administrator admin nobody = guest pcguest smbguest The share: Debian:~# smbclient -U guest -L 10.4.133.109 Enter guest's password: ANY PASS Domain=[BANGKOK] OS=[Unix] Server=[Samba 3.0.33-3.29.el5_5.1] Sharename Type Comment - --- share Disk File share IPC$IPC IPC Service (Samba 3.0.33-3.29.el5_5.1) Domain=[BANGKOK] OS=[Unix] Server=[Samba 3.0.33-3.29.el5_5.1] Server Comment ---- WorkgroupMaster ---- CASA BANGKOK And finally try to enter the share resource: Debian:~# smbclient //10.4.133.109/grabar -U guest Enter guest's password: ANY PASS Domain=[BANGKOK] OS=[Unix] Server=[Samba 3.0.33-3.29.el5_5.1] smb: \ ls NT_STATUS_ACCESS_DENIED listing \* 56892 blocks of size 8388608. 53742 blocks available What can be the problem ??? THANKS drwxrwxrwx 2 nobody nobody 4096 feb 28 16:21 share nobody is a Linux local user with /sbin/nologin shell. From a Linux Debian machine I try to connect: On Fri, Feb 25, 2011 at 3:13 PM, Chris Smith smb...@chrissmith.org wrote: On Fri, Feb 25, 2011 at 10:22 AM, J. L. Cabral jelocab...@gmail.com wrote: I want to access a Linux share resource in /var/share without password from WXP desktop FROM ANY USER. See: http://blog.realcomputerguy.com/2010/12/samba-and-guest-shares-with-security.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Access to a share resource without password
Chris I tried to connect with -U % and see: Debian:~# smbclient //10.4.133.109/share -U % Domain=[CASA] OS=[Unix] Server=[Samba 3.0.33-3.29.el5_5.1] smb: \ ls NT_STATUS_ACCESS_DENIED listing \* 56892 blocks of size 8388608. 53742 blocks available Always the error !!! On Tue, Mar 1, 2011 at 12:12 PM, Chris Weiss cwe...@gmail.com wrote: On Tue, Mar 1, 2011 at 8:25 AM, J. L. Cabral jelocab...@gmail.com wrote: OK thanks, but when I try to access from a Linux Debian machine as guest, I fail againlook: Debian:~# smbclient //10.4.133.109/share -U guest Enter guest's password: I put any password because guest is not a samba nor Linux user guest access doesn't actually use a username, this may be the problem. to force-use the anonymous account, you can do: -U % I'd start here: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/FastStart.html you don't have to get very down that page to have a anonymous read-write share. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Access to a share resource without password
See inline please: if security isn't in your testparm, them something is odd with how you entered it. I think user is the default, test with this: testparm -v | grep security security = USER paranoid server security = Yes security mask = 0777 force security mode = 00 directory security mask = 0777 force directory security mode = 00 Also check your guest settings, this will show what account samba will use for anonymous access, among other things: testparm -v | grep guest map to guest = Bad User guest account = nobody usershare allow guests = No guest only = No guest ok = No guest ok = Yes Make sure the account listed can access the directory you are sharing, or use force user to override the shares filesystem access, which is what the howto does. drwxrwxrwx nobody nobody /var/share Also, i never use smbusers file for anything, ever. I find that it only adds confusion. But the tutorial you show me points: username map = /etc/samba/smbusers I repeat my smb.conf file: [global] workgroup = CASA interfaces = lo eth0 map to guest = Bad User security = user passdb backend = tdbsam username map = /etc/samba/smbusers [grabar] comment = File share path = /var/share borowseable = yes read only = No create mask = 0700 directory mask = 0700 guest ok = Yes And the NT_STATUS_ACCESS_DENIED listing \* error appear again !!! Any other idea please ??? Thanks and sorry for interrupting you... JeLo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Access to a share resource without password
Marco, I followed your instructions and I couldn't connect, my config is: [global] workgroup = CASA netbios name = bangkok security = user passdb backend = tdbsam map to guest = bad password username map = /etc/samba/smbusers [grabar] comment = file sharing path = /var/share browseable = yes public = yes writeable = yes create mode = 0644 force user = pepe force group = pepe I have: drwxrwxrwx root nobody /var/share and I add user pepe: # useradd -s /sbin/nologin pepe After that I restart samba: # /etc/init.d/smb restart and fro Windows XP machine I do: net use X: \\10.4.133.109\grabar and after that I see the resource in my Explorer but when I want to enter into it with double click I get: ACCESS DENIED The smb.log is: [2011/02/27 23:52:25, 0] lib/util_sock.c:get_peer_addr(1224) getpeername failed. Error was the connection peer is not connected [2011/02/27 23:52:25, 0] lib/util_sock.c:read_data(534) read_data: read failure for 4 bytes to client 0.0.0.0. Error = connectio reinitialized by remote machine [2011/02/27 23:52:25, 1] smbd/service.c:make_connection_snum(1077) kari (10.4.132.61) connect to service grabar initially as user pepe (uid=500, gid=500) (pid 31657) [2011/02/27 23:52:29, 1] smbd/fake_file.c:open_fake_file(116) open_fake_file_shared: access_denied to service[grabar] file[$Extend/$Quota:$Q:$INDEX_ALLOCATION] user[pepe] [2011/02/27 23:52:29, 1] smbd/fake_file.c:open_fake_file(116) open_fake_file_shared: access_denied to service[grabar] file[$Extend/$Quota:$Q:$INDEX_ALLOCATION] user[pepe] Can you help me again ??? THANKS A LOT JeLo On Sun, Feb 27, 2011 at 4:53 PM, Marco Ciampa ciam...@libero.it wrote: On Fri, Feb 25, 2011 at 02:55:17PM -0300, J. L. Cabral wrote: Marco, thanks.last question: the adhoc user you tell me to create as a linux local user need to be created as a samba user alos with: smbpasswd -a adhocuser: pass:1234 pass:1234 Thanks again no, you just have to create the user just to control the user with whom the people will access that folder. Since you use the force user option, you do not have to set any password... just do a adduser adhocuser and you are done. -- Marco Ciampa ++ | Linux User #78271 | | FSFE fellow #364 | ++ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Access to a share resource without password
Chris, after following Marco guideline and fail I followed the tutorial you recommend to me, please see below: [global] workgroup = CASA netbios name = bangkok security = user passdb backend = tdbsam Map to guest = Bad User username map = /etc/samba/smbusers [grabar] comment = File sharing path = /var/alejandro read only = No create mask = 0700 directory mask = 0700 guest ok = Yes The content of smbusers is: root = administrator admin nobody = guest pcguest smbguest and the path: drwxrwxrwx root nobody /var/share I restart smb and after tghat I do from Windows: net use X: \\10.4.133.109\grabar I see the resource but when I made double click on it I get: ACCESS DENIED The smb.log is: [2011/02/28 00:16:14, 0] lib/util_sock.c:get_peer_addr(1224) getpeername failed. Error was the other connection peer is not connected [2011/02/28 00:16:14, 0] lib/util_sock.c:get_peer_addr(1224) getpeername failed. Error was the other connection peer is not connected [2011/02/28 00:16:14, 0] lib/util_sock.c:read_data(534) read_data: read failure for 4 bytes to client 0.0.0.0. Error = connectio reinitialized by the remote machine [2011/02/28 00:16:14, 1] smbd/service.c:make_connection_snum(1077) kari (10.4.132.61) connect to service grabar initially as user nobody (uid=99, gid=99) (pid 31950) THANKS AGAIN and please can you continue helping me ??? JeLo On Fri, Feb 25, 2011 at 5:38 PM, Chris Smith smb...@chrissmith.org wrote: On Fri, Feb 25, 2011 at 3:17 PM, Helmut Hullen hul...@t-online.de wrote: Have I to add nobody to the samba password file? No. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Access to a share resource without password
Dear, I have a Linux Samba server and a Windows XP SP2 client joined to the g-company.net domain. I want to access a Linux share resource in /var/share without password from WXP desktop FROM ANY USER. This is my scenario: - I don't create any Linux local user because I want total access from any user - I use security = share - My smbusers file is: root = administrator admin nobody = guest pcguest smbguest - The Windows XP guest account is guest but I don't know if it has any password setup. - This is my smb.conf: [global] workgroup = G-COMPANY.NET server string = Samba Server Version %v security = SHARE passdb backend = tdbsam [share] comment = Archivos Compartidos path = /var/share read only = No create mask = 0700 directory mask = 0700 guest only = Yes guest ok = Yes Form Windows XP I execute: \\samba_server\share but I get the error DENIED ACCESS. What can I do to access this resource ??? Thanks a lot, JeLo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Access to a share resource without password
I have /var/share with rwx-rwx-rwx, and I put create and directory masks with 777 values. But I still get ACCESS DENIED error. Do I have to create a local Linux user account ??? Or waht ??? Because I need to give full access to every user from my LAN. Thanks in advance. JeLo On Fri, Feb 25, 2011 at 12:39 PM, mat.end...@gmail.com wrote: I believe your permissions are not correct. If I understand correctly you want to run a wide open share that allows everyone full control. If this is correct then first: chmod -R 777 /your/share Change your create masks to: create mask = 0777 directory mask = 0777 Sent on the Sprint® Now Network from my BlackBerry® -Original Message- From: J. L. Cabral jelocab...@gmail.com Sender: samba-boun...@lists.samba.org Date: Fri, 25 Feb 2011 12:22:12 To: sambasamba@lists.samba.org Subject: [Samba] Access to a share resource without password Dear, I have a Linux Samba server and a Windows XP SP2 client joined to the g-company.net domain. I want to access a Linux share resource in /var/share without password from WXP desktop FROM ANY USER. This is my scenario: - I don't create any Linux local user because I want total access from any user - I use security = share - My smbusers file is: root = administrator admin nobody = guest pcguest smbguest - The Windows XP guest account is guest but I don't know if it has any password setup. - This is my smb.conf: [global] workgroup = G-COMPANY.NET server string = Samba Server Version %v security = SHARE passdb backend = tdbsam [share] comment = Archivos Compartidos path = /var/share read only = No create mask = 0700 directory mask = 0700 guest only = Yes guest ok = Yes Form Windows XP I execute: \\samba_server\share but I get the error DENIED ACCESS. What can I do to access this resource ??? Thanks a lot, JeLo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Access to a share resource without password
Yes, of course, I restarted smb. Maybe any problem in the windows domain settings they avoid join to a samba server ??? On Fri, Feb 25, 2011 at 1:08 PM, mat.end...@gmail.com wrote: Did you restart samba? Sent on the Sprint® Now Network from my BlackBerry® -Original Message- From: J. L. Cabral jelocab...@gmail.com Date: Fri, 25 Feb 2011 13:05:35 To: mat.end...@gmail.com Cc: sambasamba@lists.samba.org Subject: Re: [Samba] Access to a share resource without password I have /var/share with rwx-rwx-rwx, and I put create and directory masks with 777 values. But I still get ACCESS DENIED error. Do I have to create a local Linux user account ??? Or waht ??? Because I need to give full access to every user from my LAN. Thanks in advance. JeLo On Fri, Feb 25, 2011 at 12:39 PM, mat.end...@gmail.com wrote: I believe your permissions are not correct. If I understand correctly you want to run a wide open share that allows everyone full control. If this is correct then first: chmod -R 777 /your/share Change your create masks to: create mask = 0777 directory mask = 0777 Sent on the Sprint® Now Network from my BlackBerry® -Original Message- From: J. L. Cabral jelocab...@gmail.com Sender: samba-boun...@lists.samba.org Date: Fri, 25 Feb 2011 12:22:12 To: sambasamba@lists.samba.org Subject: [Samba] Access to a share resource without password Dear, I have a Linux Samba server and a Windows XP SP2 client joined to the g-company.net domain. I want to access a Linux share resource in /var/share without password from WXP desktop FROM ANY USER. This is my scenario: - I don't create any Linux local user because I want total access from any user - I use security = share - My smbusers file is: root = administrator admin nobody = guest pcguest smbguest - The Windows XP guest account is guest but I don't know if it has any password setup. - This is my smb.conf: [global] workgroup = G-COMPANY.NET server string = Samba Server Version %v security = SHARE passdb backend = tdbsam [share] comment = Archivos Compartidos path = /var/share read only = No create mask = 0700 directory mask = 0700 guest only = Yes guest ok = Yes Form Windows XP I execute: \\samba_server\share but I get the error DENIED ACCESS. What can I do to access this resource ??? Thanks a lot, JeLo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Access to a share resource without password
No, my samba server is not a member of a domain, it's a standalone server with the WORKGROUP = windows domain. Any idea ? On Fri, Feb 25, 2011 at 1:21 PM, mat.end...@gmail.com wrote: Is the Samba server a member of the domain? Sent on the Sprint® Now Network from my BlackBerry® -Original Message- From: J. L. Cabral jelocab...@gmail.com Date: Fri, 25 Feb 2011 13:12:35 To: mat.end...@gmail.com Cc: sambasamba@lists.samba.org Subject: Re: [Samba] Access to a share resource without password Yes, of course, I restarted smb. Maybe any problem in the windows domain settings they avoid join to a samba server ??? On Fri, Feb 25, 2011 at 1:08 PM, mat.end...@gmail.com wrote: Did you restart samba? Sent on the Sprint® Now Network from my BlackBerry® -Original Message- From: J. L. Cabral jelocab...@gmail.com Date: Fri, 25 Feb 2011 13:05:35 To: mat.end...@gmail.com Cc: sambasamba@lists.samba.org Subject: Re: [Samba] Access to a share resource without password I have /var/share with rwx-rwx-rwx, and I put create and directory masks with 777 values. But I still get ACCESS DENIED error. Do I have to create a local Linux user account ??? Or waht ??? Because I need to give full access to every user from my LAN. Thanks in advance. JeLo On Fri, Feb 25, 2011 at 12:39 PM, mat.end...@gmail.com wrote: I believe your permissions are not correct. If I understand correctly you want to run a wide open share that allows everyone full control. If this is correct then first: chmod -R 777 /your/share Change your create masks to: create mask = 0777 directory mask = 0777 Sent on the Sprint® Now Network from my BlackBerry® -Original Message- From: J. L. Cabral jelocab...@gmail.com Sender: samba-boun...@lists.samba.org Date: Fri, 25 Feb 2011 12:22:12 To: sambasamba@lists.samba.org Subject: [Samba] Access to a share resource without password Dear, I have a Linux Samba server and a Windows XP SP2 client joined to the g-company.net domain. I want to access a Linux share resource in /var/share without password from WXP desktop FROM ANY USER. This is my scenario: - I don't create any Linux local user because I want total access from any user - I use security = share - My smbusers file is: root = administrator admin nobody = guest pcguest smbguest - The Windows XP guest account is guest but I don't know if it has any password setup. - This is my smb.conf: [global] workgroup = G-COMPANY.NET server string = Samba Server Version %v security = SHARE passdb backend = tdbsam [share] comment = Archivos Compartidos path = /var/share read only = No create mask = 0700 directory mask = 0700 guest only = Yes guest ok = Yes Form Windows XP I execute: \\samba_server\share but I get the error DENIED ACCESS. What can I do to access this resource ??? Thanks a lot, JeLo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Access to a share resource without password
OK, with Wolfgang advice I do: [global] workgroup = G-BAPRO.NET server string = Samba Server Version %v netbiosname = bangkok security = user smb passwd file = /etc/samba/smbpasswd guest account = guest [share] guest ok = yes path = /var/share writeable = yes and execute from Windows desktop: net use Z: \\bangkok\share after that I put user=guest and password=1234 but I CAN'T ACCESS guest is the name of a local Linux account and it's a samba user (smbpasswd -a guest with pass 1234). What can I do ??? Regards On Fri, Feb 25, 2011 at 1:31 PM, Wolfgang Ratzka rat...@hrz.uni-marburg.de wrote: [global] (...) security = SHARE (...) security = SHARE is rather Windows95-ish and it does not work very well with newer Windows versions. Just try security = user. Setting guest ok = Yes should give you anonymous access. Kind regards -- Wolfgang Ratzka Phone: +49 6421 2823531 FAX: +49 6421 2826994 Uni Marburg, HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Access to a share resource without password
Marco tell me: -- Forwarded message -- From: Marco Ciampa ciam...@libero.it Date: Fri, Feb 25, 2011 at 2:13 PM Subject: Re: [Samba] Access to a share resource without password To: J. L. Cabral jelocab...@gmail.com On Fri, Feb 25, 2011 at 01:07:03PM -0300, J. L. Cabral wrote: Dear Marco, I use security=share because I want to give full access to everyone in my LAN. Do you think I'm wrong in this setting ??? What is your opinion ??? Well it is not required to use such configuration. You can just stick with security = user and then do something like this: [freeaccess] comment = free access folder browseable = yes path = /home/freeaccess public = yes writeable = yes create mode = 0644 force user = adhocuser force group = adhocuser just create such adhocuser into the server disabling it shell access and then do a: chown adhocuser /home/freeaccess PS: bounce to the list this message to discover if I've said something real wrong... -- Marco Ciampa ++ | Linux User #78271 | | FSFE fellow #364 | ++ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Access to a share resource without password
Hi Chris, thanks and just three short questions: 1) The Linux local user guest must be added to samba with smbpasswd -a guest ??? 2) The Windows XP desktops must have a guest account enable named guest, or it can be named Invited or Invitado (Spanish Windows version) ??? 3) What owner and group must have the share /var/share ??? Thanks a lot, JeLo On Fri, Feb 25, 2011 at 3:13 PM, Chris Smith smb...@chrissmith.org wrote: On Fri, Feb 25, 2011 at 10:22 AM, J. L. Cabral jelocab...@gmail.com wrote: I want to access a Linux share resource in /var/share without password from WXP desktop FROM ANY USER. See: http://blog.realcomputerguy.com/2010/12/samba-and-guest-shares-with-security.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [Solved] (Sort of) - Re: Winbind, pdbedit - does not belong to our domain
On 20/02/11 01:02, Bob Miller wrote: Getent passwd works and returns all domain users. Getent group returns all groups correctly. Net group map list works and returns correctly mapped groups. Wbinfo -t returns checking the trust secret for domain BGS via RPC calls succeeded. wbinfo --own-domain returns the correct NT domain name In short, everything seems to work OK until you run wbinfo -u or -g at which point it sits there until it times out. Smb.conf is the same as the other member servers, the net rpc join command returned success and a machine account was successfully created in the LDAP directory. The smb.conf file is here: Any suggestions gratefully received. Thanks, Julian I recently played a game similar to this one, for me everything worked but wbinfo -g. What I did to resolve that was use `net sam mapunixgroup` for all the domain groups, and all my group stuff started magically working. I doubt that will do anything for your wbinfo -u problem, but it might move you a step forward. Or it might not; it is just a suggestion Bob Miller 334-7117/660-5315 http://computerisms.ca b...@computerisms.ca Network, Internet, Server, and Open Source Solutions Thanks for that. Gave it a go but no joy so I decided to try making it a BDC to see what would happen. First I tried net setlocalsid with the domain sid but it refused to change. I then changed domain logons = no to yes and tried again and it set the local SID. Funny thing though was that I'd forgotten to set security = to user and had left it as domain but it didn't complain. Samba started and winbind worked. I also have a new print server going on which had the same problem as the proxy re: winbind. After setting this up as a BDC, it also works fine. The interesting thing is that all the other member servers that are not functioning as BDCs have local sids that are different to the domain sid ( I believe this is how it should be) and they hooked up without a problem. Luckily, I'm running a Samba PDC so I do the BDC thing. When I have a bit more time I may pursue this and I'll post any info here. Cheers, Julian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Winbind, pdbedit - does not belong to our domain
Hi all, I have a problem that started last week with winbind on a member server. The network consists of the following: Openldap/Bind/DHCP Server (No Samba) PDC - CentOS Linux - Samba 3-3.5.6-43.el5 (sernet package) BDC - CentOS Linux - Samba 3-3.0.31-36 Proxy Server (with NTLM Auth) - Mandriva Linux - Samba 3.5.3-3.1mdv2010.1 All of these work fine but the proxy needs replacing so I've put a new server together (CentOS 5.5 Sernet/Samba 3-3.5.6-43.el5) with and this is where it gets interesting. I've followed the same procedure I've used on the above 4 machines but I keep getting error messages in pdbedit as below: smbldap_search_domain_info: Searching for:[((objectClass=sambaDomain)(sambaDomainName=PROXY))] smbldap_open_connection: connection opened ldap_connect_system: successful connection to the LDAP server smbldap_search_paged: base = [dc=bordengrammar,dc=kent,dc=sch,dc=uk], filter = [((uid=*)(objectclass=sambaSamAccount))],scope = [2], pagesize = [1024] smbldap_search_paged: search was successful sid S-1-5-21-2387947558-1535987125-4294967295-1000 does not belong to our domain sid S-1-5-21-5543384853-2091317229-2861916464-2998 does not belong to our domain sid S-1-5-21-5543384853-2091317229-2861916464-2000 does not belong to our domain sid S-1-5-21-5543384853-2091317229-2861916464-2002 does not belong to our domain sid S-1-5-21-5543384853-2091317229-2861916464-2004 does not belong to our domain sid S-1-5-21-5543384853-2091317229-2861916464-2006 does not belong to our domain sid S-1-5-21-5543384853-2091317229-2861916464-3000 does not belong to our domain sid S-1-5-21-5543384853-2091317229-2861916464-3004 does not belong to our domain sid S-1-5-21-5543384853-2091317229-2861916464-3006 does not belong to our domain The first part suggests that the LDAP connection succeeded and the domain name and the SIDS are correct. The first SID appears to be the local root user but the rest are OK. Getent passwd works and returns all domain users. Getent group returns all groups correctly. Net group map list works and returns correctly mapped groups. Wbinfo -t returns checking the trust secret for domain BGS via RPC calls succeeded. wbinfo --own-domain returns the correct NT domain name In short, everything seems to work OK until you run wbinfo -u or -g at which point it sits there until it times out. Smb.conf is the same as the other member servers, the net rpc join command returned success and a machine account was successfully created in the LDAP directory. The smb.conf file is here: [global] workgroup = BGS netbios name = PROXY password server = 172.20.5.254 server string = Proxy wins server = 172.20.5.254 log file = /var/log/samba/%m.log max log size = 50 security = domain smb ports = 139 encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd dns proxy = no dos charset = 850 unix charset = ISO8859-1 log level = 3 idmap uid = 1-20 idmap gid = 1-20 winbind use default domain = yes local master = no os level = 10 domain master = no preferred master = no name resolve order = wins bcast lmhosts domain logons = no ldap ssl = no passdb backend = ldapsam:ldap://172.20.5.253 idmap backend = ldap:ldap://172.20.5.253 ldap admin dn = cn=Manager,dc=bordengrammar,dc=kent,dc=sch,dc=uk ldap suffix = dc=bordengrammar,dc=kent,dc=sch,dc=uk ldap machine suffix = ou=Users ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap Any suggestions gratefully received. Thanks, Julian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] I can't connect to a Samba resource
Dear, I'll appreciate your help because I can't connect to a samba resource. Here are the details: Samba Server: Centos 5.5 with samba and samba-common packages Content of smb.conf: [global] workgroup = somisa server string = Test server log file = /var/log/samba/%m.log security = user encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 [share] comment = recordings path = /var/recorder browseable = yes writable = yes public = yes read only = no #adduser jelo #passwd jelo (1234) #smbpasswd -a jelo (1234, same as Unix account) #/etc/init.d/smb restart I'm now in my Windows Desktop, connected to a domain called somisa, the same as the samba workgroup with user jelo with pass rata89012 (not 1234 as the samba pass). After that from into Windows explorer I connect to unit W: \\samba_server\share with user: jelo and pass: 1234 I can see the resource but I get an error telling me that the ACCESS IS DENIED to W: and this is the log: [2011/02/16 16:22:16, 1] smbd/service.c:make_connection_snum(1077) 2000-96 (10.11.4.22) connect to service share initially as user jelo (uid=500, gid=500) (pid 20468) What can I do ??? I have this problem from a lot of days ago :( Thanks in advance !!! JeLo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] I can't connect to a Samba resource
Dear, thanks for your help.I've logged into a Windows domain with user: jelo and pass: rata89012. My desktop is Windows XP SP2. In samba server the shared resource is /var/recorder with this rigths: drwxr-xr-x 2 root root 4096 feb 16 14:56 recorder The Unix local user is jelo with pass 1234, and then I execute: smbpasswd -a jelo with pass 1234, as I told before. A pair of months ago in other LAN, in the same scenario I could log in XXX domain and I could conect to a samba resource with YYY workgroup (YYY is different from XXX), but here I can't at all. So please what do you recommend to change for my current scenario ??? Thanks again, JeLo On Wed, Feb 16, 2011 at 4:41 PM, Philippe LeCavalier supp...@plecavalier.com wrote: Excerpts from J. L. Cabral's message of Wed Feb 16 14:25:40 -0500 2011: [...] Samba Server: Centos 5.5 with samba and samba-common packages Content of smb.conf: [global] workgroup = somisa [...] [share] comment = recordings path = /var/recorder browseable = yes writable = yes public = yes read only = no #adduser jelo #passwd jelo (1234) #smbpasswd -a jelo (1234, same as Unix account) #/etc/init.d/smb restart I'm now in my Windows Desktop, connected to a domain called somisa, the same as the samba workgroup with user jelo with pass rata89012 (not 1234 as the samba pass). Have you joined the domain? After that from into Windows explorer I connect to unit W: \\samba_server\share with user: jelo and pass: 1234 this is the source of your issues. See [1] for the why and how. I can see the resource but I get an error telling me that the ACCESS IS DENIED to W: and this is the log: [2011/02/16 16:22:16, 1] smbd/service.c:make_connection_snum(1077) 2000-96 (10.11.4.22) connect to service share initially as user jelo (uid=500, gid=500) (pid 20468) What can I do ??? I have this problem from a lot of days ago :( ref. [1] You'll have problems like that if your account credentials aren't identical. By logging in to the domain you're creating a link using a certain set of credentials. Then by issuing \\samba_server\share and providing a different set you're working against a longtime/well known limitation that windows cannot connect to the same network resource using different credentials...Is the Win 7 Pro by any chance? It's not impossible but will likely lead to problems if your not experienced in doing so. Thanks in advance !!! JeLo -- Thanks, Phil -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] I can't connect to a Samba resource
Dear, changing the owner doesn't work for me. So I decide to connect to the share resource without user authentication, just see the resource for all the users from my LANthis is the simplest way I can see the samba resource I think. How can I do this succesfully ??? Or in other words what is the simplest way to share a resource to all the Windows desktops from a given domain without user authentication, just for a start point ??? Thanks again, JeLo On Wed, Feb 16, 2011 at 10:41 PM, t...@tms3.com wrote: Dear, thanks for your help.I've logged into a Windows domain with user: jelo and pass: rata89012. My desktop is Windows XP SP2. In samba server the shared resource is /var/recorder with this rigths: drwxr-xr-x 2 root root 4096 feb 16 14:56 recorder For starters try chown -R jelo:Domain\ Users recorder or at least chown -R jelo recorder See if that helps. The Unix local user is jelo with pass 1234, and then I execute: smbpasswd -a jelo with pass 1234, as I told before. A pair of months ago in other LAN, in the same scenario I could log in XXX domain and I could conect to a samba resource with YYY workgroup (YYY is different from XXX), but here I can't at all. So please what do you recommend to change for my current scenario ??? Thanks again, JeLo On Wed, Feb 16, 2011 at 4:41 PM, Philippe LeCavalier supp...@plecavalier.com wrote: Excerpts from J. L. Cabral's message of Wed Feb 16 14:25:40 -0500 2011: [...] Samba Server: Centos 5.5 with samba and samba-common packages Content of smb.conf: [global] workgroup = somisa [...] [share] comment = recordings path = /var/recorder browseable = yes writable = yes public = yes read only = no #adduser jelo #passwd jelo (1234) #smbpasswd -a jelo (1234, same as Unix account) #/etc/init.d/smb restart I'm now in my Windows Desktop, connected to a domain called somisa, the same as the samba workgroup with user jelo with pass rata89012 (not 1234 as the samba pass). Have you joined the domain? After that from into Windows explorer I connect to unit W: \\samba_server\share with user: jelo and pass: 1234 this is the source of your issues. See [1] for the why and how. I can see the resource but I get an error telling me that the ACCESS IS DENIED to W: and this is the log: [2011/02/16 16:22:16, 1] smbd/service.c:make_connection_snum(1077) 2000-96 (10.11.4.22) connect to service share initially as user jelo (uid=500, gid=500) (pid 20468) What can I do ??? I have this problem from a lot of days ago :( ref. [1] You'll have problems like that if your account credentials aren't identical. By logging in to the domain you're creating a link using a certain set of credentials. Then by issuing \\samba_server\share and providing a different set you're working against a longtime/well known limitation that windows cannot connect to the same network resource using different credentials...Is the Win 7 Pro by any chance? It's not impossible but will likely lead to problems if your not experienced in doing so. Thanks in advance !!! JeLo -- Thanks, Phil -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
