Re: Fwd: [Samba] Memory usage
I have seen complaints of poor performance with 3ware controllers I am running a couple 3Ware RAID controllers and I had very poor performance with SAMBA until I enabled Write Caching on the RAID cards. You will need to make sure you have some kind of battery backup in place (either on the controllers themselves, or on the server the controller is installed on). Write Caching speeds up performance considerably. I would check and see if this is enabled on your cards. *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT$ d- s: a C++$ LU+++$ P+ L++L !E--- W+++ N o? K? w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++ --END GEEK CODE BLOCK-- John Drescher wrote: -- Forwarded message -- From: John Drescher [EMAIL PROTECTED] Date: Aug 21, 2007 10:00 AM Subject: Re: [Samba] Memory usage To: [EMAIL PROTECTED] What else does it make the machine slow. Possibly permissions. Maybe the filesystem choice. It could also be filename case handling as linux is case sensitive and windows is not. Are you using ldap or ADS? Is it the raid. I have 8 WD SATA Doubtful. HDD with raid ready (3mbps) hard disks on a 8 port 3ware controller. I have seen complaints of poor performance with 3ware controllers although I don't have any on my linux systems so I do not know. Do you have write back cache on? Does anyone have a comparison on SATA raid and SAS raid disk. As you know SAS disk are very expensive I would like to know from experts in the list who can tell me which of the following is best. 1) 2 servers each having 2.0TB raid disk with SAS drives, 2GB ram and standard other features. 2) 4 No servers with 1TB each with 2GB ram and standard other features. I can't compare that as I have never had a SAS. My servers are home built machines with 1.2 to 3TB of software raid (mostly 6) with 2GB to 4GB of ram all running 64 bit gentoo and have 1 or 2 Opteron processors. If the projects are distributed in the 2 option do you think it would be better than 1 sty?. as you know the price of SATA disk is much cheaper than the SAS disk and we could nearly by 4 servers for that money. I have 10TB of linux software raid5 and raid6 using dozens of SATA disks on a nearly 100% gigabit network with about 100 machines and most of this data is accessed via samba. I have seen a few speed problems but for the most part all works smoothly. One case of a speed problem is a DICOM scrubbing application that reads up to 100,000 512KB files off one server, removes patient info from the headers and stores this data on a second server. In normal conditions this operation is about 5 to 10 of these files per second but at times this slows to 1 per second. When this happens I see on the samba server that the samba process is taking 25% of the CPU time (which it never does when it is working) so after stopping this scrubbing process and kill the offending smbd process all is well again. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SERIOUS PROBLEM - Root Account Locked
Jonathan, You are a genius! That fixed it. Using root = Administrator never seemed to make much sense to me when I was setting up my Samba domain, and now I know why. I simply didn't set it up correctly. I set the root password and made root user ID 0, but when I mapped root = Administrator, I didn't make the connection that the Administrator account on the local windows machine should have the samba/LDAP root password also. I commented out the line root = Administrator from the smbusers file and all works excellent now. The reason I never noticed it before, was because I didn't have bad password set. About a week or so ago I set the bad password attempt limit to 8, thats when I started having this problem. When I would browse the Samba domain shares under the Administrator account in Windows, it was passing the local account credentials for Administrator to the server, and the server was complaining because, really, root = Administrator and Administrator = root, but the passwords didn't match. Thanks again for the quick reply. *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT$ d- s: a C++$ LU+++$ P+ L++L !E--- W+++ N o? K? w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++ --END GEEK CODE BLOCK-- Jonathan Johnson wrote: This sounds like you have 'root = Administrator' in your /etc/samba/smbusers file. Is the password you are using for Administrator *different* from what is set for root in Samba (smbpasswd root to change)? That could be the issue. Note that typically, Linux and Samba use different password databases, so even though they map the same user name, the passwords may be different. Jon Johnson Sutinen Consulting, Inc. www.sutinen.com *From:* Jason Baker [mailto:[EMAIL PROTECTED] *Sent:* Wed 8/8/2007 1:51 PM *To:* Jonathan Johnson *Cc:* samba@lists.samba.org *Subject:* Re: [Samba] SERIOUS PROBLEM - Root Account Locked Do you have a process (like a service or scheduled task) running on a client machine as user 'root' with an incorrect cached password? No actually, this is what seems to be happening: I log into a windows xp pro workstation as Administrator and browse the network. I double-click on a network share, in this case a samba computer called HENBANE. If I view pdbedit -Lv -u root from another computer while I'm doing this, I can watch the bad login count rise from 0 to 8. I then get a message that pops up on the Windows workstation that says something to the effect of account locked. I added guest account = nobody to my smb.conf file and now I can browse the HENBANE share after being prompted for a username and password, but the bad password count for root now shows 2, and it rises higher each time I access a share that requires a username and password. *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com/ -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT$ d- s: a C++$ LU+++$ P+ L++L !E--- W+++ N o? K? w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++ --END GEEK CODE BLOCK-- Jonathan Johnson wrote: Do you have a process (like a service or scheduled task) running on a client machine as user 'root' with an incorrect cached password? Jon Johnson Sutinen Consulting, Inc. www.sutinen.com Jason Baker wrote: My root account keeps getting locked out automatically. I am running Samba 3.0.25b on a CentOS server, as PDC with LDAP backend. I have accounts set to lock after 8 un-successful login attempts. I zeroed out the bad password count, and then in less than a few seconds the account gets locked again and a /pdbedit -Lv -u root /yields the following: Unix username:root Logon time: 0 Logoff time: never Kickoff time: never Password last set:Wed, 01 Jan 1969 03:00:00 EST Password can change: Wed, 08 Jan 1969 03:00:00 EST Password must change: never Last bad password : Wed, 08 Aug 2007 13:51:14 EDT Bad password count : 8 If I enter w on the command line, it only shows that two (authorized) users are logged into the server. So I'm confident that no one from the outside is attempting to log in as root. Below is my conf file. If I go into LDAP Account Manager and unlock the account, it will stay unlocked for a few minutes (or seconds), then it is locked out again. With the account lock I cannot join machines to the domain, nor change domain permissions for users and groups. Any suggestions would be helpful. [global] unix charset = LOCALE workgroup = glastendernet
[Samba] SERIOUS PROBLEM - Root Account Locked
My root account keeps getting locked out automatically. I am running Samba 3.0.25b on a CentOS server, as PDC with LDAP backend. I have accounts set to lock after 8 un-successful login attempts. I zeroed out the bad password count, and then in less than a few seconds the account gets locked again and a /pdbedit -Lv -u root /yields the following: Unix username:root Logon time: 0 Logoff time: never Kickoff time: never Password last set:Wed, 01 Jan 1969 03:00:00 EST Password can change: Wed, 08 Jan 1969 03:00:00 EST Password must change: never Last bad password : Wed, 08 Aug 2007 13:51:14 EDT Bad password count : 8 If I enter w on the command line, it only shows that two (authorized) users are logged into the server. So I'm confident that no one from the outside is attempting to log in as root. Below is my conf file. If I go into LDAP Account Manager and unlock the account, it will stay unlocked for a few minutes (or seconds), then it is locked out again. With the account lock I cannot join machines to the domain, nor change domain permissions for users and groups. Any suggestions would be helpful. [global] unix charset = LOCALE workgroup = glastendernet netbios name = aster server string = Glastender Domain Controller running %v interfaces = eth1, lo, tun+ bind interfaces only = yes os level = 255 preferred master = yes local master = yes domain master = yes security = user time server = yes username map = /etc/samba/smbusers wins support = yes encrypt passwords = yes pam password change = yes name resolve order = wins bcast hosts winbind nested groups = no passdb backend = ldapsam:ldap://aster.glastender.com ldap passwd sync = Yes ldap suffix = dc=glastender,dc=com ldap admin dn = cn=Manager,dc=glastender,dc=com ldap ssl = no ldap group suffix = ou=Groups ldap user suffix = ou=People ldap machine suffix = ou=People ldap idmap suffix = ou=Idmap idmap backend = ldap:ldap://aster.glastender.com idmap uid = 1-2 idmap gid = 1-2 map acl inherit = yes add user script = /opt/IDEALX/sbin/smbldap-useradd -m %u #delete user script = /opt/IDEALX/sbin/smbldap-userdel %u add machine script = /opt/IDEALX/sbin/smbldap-useradd -w %u add group script = /opt/IDEALX/sbin/smbldap-groupadd -p %g #delete group script = /opt/IDEALX/sbin/smbldap-groupdel %g add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m %u %g delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x %u %g set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g %g %u domain logons = yes log file = /var/log/samba/log.%m log level = 0 syslog = 0 max log size = 50 #smb ports = 139 445 smb ports = 139 hosts allow = 127.0.0.1 172.16.0.0/255.255.0.0 192.168.100.0/255.255.255.0 # User profiles and home directories logon drive = U: logon path = \\%L\profiles\%U logon script = %U.bat large readwrite = no read raw = no write raw = no printcap name = /etc/printcap load printers = no printing = template shell = /bin/false winbind use default domain = yes -- *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT$ d- s: a C++$ LU+++$ P+ L++L !E--- W+++ N o? K? w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++ --END GEEK CODE BLOCK-- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SERIOUS PROBLEM - Root Account Locked
Do you have a process (like a service or scheduled task) running on a client machine as user 'root' with an incorrect cached password? No actually, this is what seems to be happening: I log into a windows xp pro workstation as Administrator and browse the network. I double-click on a network share, in this case a samba computer called HENBANE. If I view pdbedit -Lv -u root from another computer while I'm doing this, I can watch the bad login count rise from 0 to 8. I then get a message that pops up on the Windows workstation that says something to the effect of account locked. I added guest account = nobody to my smb.conf file and now I can browse the HENBANE share after being prompted for a username and password, but the bad password count for root now shows 2, and it rises higher each time I access a share that requires a username and password. *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT$ d- s: a C++$ LU+++$ P+ L++L !E--- W+++ N o? K? w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++ --END GEEK CODE BLOCK-- Jonathan Johnson wrote: Do you have a process (like a service or scheduled task) running on a client machine as user 'root' with an incorrect cached password? Jon Johnson Sutinen Consulting, Inc. www.sutinen.com Jason Baker wrote: My root account keeps getting locked out automatically. I am running Samba 3.0.25b on a CentOS server, as PDC with LDAP backend. I have accounts set to lock after 8 un-successful login attempts. I zeroed out the bad password count, and then in less than a few seconds the account gets locked again and a /pdbedit -Lv -u root /yields the following: Unix username:root Logon time: 0 Logoff time: never Kickoff time: never Password last set:Wed, 01 Jan 1969 03:00:00 EST Password can change: Wed, 08 Jan 1969 03:00:00 EST Password must change: never Last bad password : Wed, 08 Aug 2007 13:51:14 EDT Bad password count : 8 If I enter w on the command line, it only shows that two (authorized) users are logged into the server. So I'm confident that no one from the outside is attempting to log in as root. Below is my conf file. If I go into LDAP Account Manager and unlock the account, it will stay unlocked for a few minutes (or seconds), then it is locked out again. With the account lock I cannot join machines to the domain, nor change domain permissions for users and groups. Any suggestions would be helpful. [global] unix charset = LOCALE workgroup = glastendernet netbios name = aster server string = Glastender Domain Controller running %v interfaces = eth1, lo, tun+ bind interfaces only = yes os level = 255 preferred master = yes local master = yes domain master = yes security = user time server = yes username map = /etc/samba/smbusers wins support = yes encrypt passwords = yes pam password change = yes name resolve order = wins bcast hosts winbind nested groups = no passdb backend = ldapsam:ldap://aster.glastender.com ldap passwd sync = Yes ldap suffix = dc=glastender,dc=com ldap admin dn = cn=Manager,dc=glastender,dc=com ldap ssl = no ldap group suffix = ou=Groups ldap user suffix = ou=People ldap machine suffix = ou=People ldap idmap suffix = ou=Idmap idmap backend = ldap:ldap://aster.glastender.com idmap uid = 1-2 idmap gid = 1-2 map acl inherit = yes add user script = /opt/IDEALX/sbin/smbldap-useradd -m %u #delete user script = /opt/IDEALX/sbin/smbldap-userdel %u add machine script = /opt/IDEALX/sbin/smbldap-useradd -w %u add group script = /opt/IDEALX/sbin/smbldap-groupadd -p %g #delete group script = /opt/IDEALX/sbin/smbldap-groupdel %g add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m %u %g delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x %u %g set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g %g %u domain logons = yes log file = /var/log/samba/log.%m log level = 0 syslog = 0 max log size = 50 #smb ports = 139 445 smb ports = 139 hosts allow = 127.0.0.1 172.16.0.0/255.255.0.0 192.168.100.0/255.255.255.0 # User profiles and home directories logon drive = U: logon path = \\%L\profiles\%U logon script = %U.bat large readwrite = no read raw = no write raw = no printcap name = /etc/printcap load printers = no printing = template shell = /bin/false winbind use default domain = yes
Re: [Samba] [Urgent] Cannot make changes via pdbedit
Do you have any policy set about password changing? Users are allowed to change their passwords every 7 days. *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT$ d- s: a C++$ LU+++$ P+ L++L !E--- W+++ N o? K? w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++ --END GEEK CODE BLOCK-- Edmundo Valle Neto wrote: Edmundo Valle Neto escreveu: Jason Baker escreveu: I have been having some problems since I updated from Samba 3.0.23 to 3.0.25b. I have installed the latest version of smbldap-tools but I am still not able to make certain changes to a user's account. I have created a new user named JROLFE. After I set up a new user, I will set it so they are required to change their password when they first login. I usually do this through LDAP Account Manager. I set User can change password to a date in the past and User must change password to a date in the past. But for some reason it didn't work. If I run pdbedit -Lv -u jrolfe, I get: Password last set:Mon, 01 Jan 2007 03:00:00 EST Password can change: Mon, 08 Jan 2007 03:00:00 EST Password must change: never If I run ../smbldap-usershow jrolfe, I get: sambaPwdCanChange: 1183795200 sambaPwdLastSet: 1167638400 sambaPwdMustChange: 1167638400 The unix times converted to english are: Sat, 07 Jul 2007 08:00:00 GMT and Mon, 01 Jan 2007 08:00:00 GMT. So you can see that the dates do not match between pdbedit and smbldap-tools. This is really causing a problem because I am trying to set up a new user and cannot get his password to expire. According the samba documentation: sambaPwdLastSet: The integer time in seconds since 1970 when the sambaLMPassword and sambaNTPassword attributes were last set. sambaPwdCanChange: Specifies the time (UNIX time format) after which the user is allowed to change his password. If this attribute is not set, the user will be free to change his password whenever he wants. sambaPwdMustChange: Specifies the time (UNIX time format) when the user is forced to change his password. If this value is set to 0, the user will have to change his password at first login. If this attribute is not set, then the password will never expire. UNIX time format (1) means exactly that time measured in seconds since 1970, and your results appears to be coherent with time measured in seconds. sambaPwdCanChange: 1183795200 sambaPwdLastSet: 1167638400 Your sambaPwdCanChange is 7 days (measured in seconds) beyond sambaPwdLastSet (thats is exactly the same result that pdbedit is showing). Passwords can be forced to change using smbldap-tools smbldap-usermod -B 1 user too. And as the docs say, users are forced to change their passwords when sambaPwdMustChange is set to 0. I don't know how your system used to be, but the docs says how it should behaves. 1. http://en.wikipedia.org/wiki/Unix_time Regards. Edmundo Valle Neto Sorry, calculating the times seems that one of the results is really incorrect, even with Unix time format. Password last set is correct, the difference is between GMT and EST. But Password can change isn't. Do you have any policy set about password changing? Regards. Edmundo Valle Neto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [Urgent] Cannot make changes via pdbedit
Also, If I run the command: pdbedit --pwd-must-change-time=2007-07-14 --time-format=%Y-%m-%d jrolfe It doesn't have any effect. I run pdbedit -Lv -u jrolfe and get: ---cut Logoff time: never Kickoff time: Tue, 31 Dec 2030 08:00:00 EST Password last set:Mon, 01 Jan 2007 03:00:00 EST Password can change: Mon, 01 Jan 2007 03:00:00 EST Password must change: never So for some reason pdbedit is not effecting the users LDAP data, but if I use smbldap-tools, the changes show up, but they don't work when I try to log in under windows xp. *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT$ d- s: a C++$ LU+++$ P+ L++L !E--- W+++ N o? K? w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++ --END GEEK CODE BLOCK-- Edmundo Valle Neto wrote: Edmundo Valle Neto escreveu: Jason Baker escreveu: I have been having some problems since I updated from Samba 3.0.23 to 3.0.25b. I have installed the latest version of smbldap-tools but I am still not able to make certain changes to a user's account. I have created a new user named JROLFE. After I set up a new user, I will set it so they are required to change their password when they first login. I usually do this through LDAP Account Manager. I set User can change password to a date in the past and User must change password to a date in the past. But for some reason it didn't work. If I run pdbedit -Lv -u jrolfe, I get: Password last set:Mon, 01 Jan 2007 03:00:00 EST Password can change: Mon, 08 Jan 2007 03:00:00 EST Password must change: never If I run ../smbldap-usershow jrolfe, I get: sambaPwdCanChange: 1183795200 sambaPwdLastSet: 1167638400 sambaPwdMustChange: 1167638400 The unix times converted to english are: Sat, 07 Jul 2007 08:00:00 GMT and Mon, 01 Jan 2007 08:00:00 GMT. So you can see that the dates do not match between pdbedit and smbldap-tools. This is really causing a problem because I am trying to set up a new user and cannot get his password to expire. According the samba documentation: sambaPwdLastSet: The integer time in seconds since 1970 when the sambaLMPassword and sambaNTPassword attributes were last set. sambaPwdCanChange: Specifies the time (UNIX time format) after which the user is allowed to change his password. If this attribute is not set, the user will be free to change his password whenever he wants. sambaPwdMustChange: Specifies the time (UNIX time format) when the user is forced to change his password. If this value is set to 0, the user will have to change his password at first login. If this attribute is not set, then the password will never expire. UNIX time format (1) means exactly that time measured in seconds since 1970, and your results appears to be coherent with time measured in seconds. sambaPwdCanChange: 1183795200 sambaPwdLastSet: 1167638400 Your sambaPwdCanChange is 7 days (measured in seconds) beyond sambaPwdLastSet (thats is exactly the same result that pdbedit is showing). Passwords can be forced to change using smbldap-tools smbldap-usermod -B 1 user too. And as the docs say, users are forced to change their passwords when sambaPwdMustChange is set to 0. I don't know how your system used to be, but the docs says how it should behaves. 1. http://en.wikipedia.org/wiki/Unix_time Regards. Edmundo Valle Neto Sorry, calculating the times seems that one of the results is really incorrect, even with Unix time format. Password last set is correct, the difference is between GMT and EST. But Password can change isn't. Do you have any policy set about password changing? Regards. Edmundo Valle Neto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [Urgent] Cannot make changes via pdbedit
In case anyone was following this thread, I finally did find the solution. Apparently you can no long expire a user's password by issuing the command: pdbedit --pwd-must-change-time... If you want to require a user to change their password at next login, you need to issue the command: net sam set pwdmustchangenow username yes This will ask the user to change their password the next time they attempt to login. The --pwd-must-change-time is actually reserved for the time when a password is set to expire by using policies (such as every 30 days, etc.). *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT$ d- s: a C++$ LU+++$ P+ L++L !E--- W+++ N o? K? w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++ --END GEEK CODE BLOCK-- Jason Baker wrote: I have been having some problems since I updated from Samba 3.0.23 to 3.0.25b. I have installed the latest version of smbldap-tools but I am still not able to make certain changes to a user's account. I have created a new user named JROLFE. After I set up a new user, I will set it so they are required to change their password when they first login. I usually do this through LDAP Account Manager. I set User can change password to a date in the past and User must change password to a date in the past. But for some reason it didn't work. If I run pdbedit -Lv -u jrolfe, I get: Password last set:Mon, 01 Jan 2007 03:00:00 EST Password can change: Mon, 08 Jan 2007 03:00:00 EST Password must change: never If I run ../smbldap-usershow jrolfe, I get: sambaPwdCanChange: 1183795200 sambaPwdLastSet: 1167638400 sambaPwdMustChange: 1167638400 The unix times converted to english are: Sat, 07 Jul 2007 08:00:00 GMT and Mon, 01 Jan 2007 08:00:00 GMT. So you can see that the dates do not match between pdbedit and smbldap-tools. This is really causing a problem because I am trying to set up a new user and cannot get his password to expire. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems since upgrade from 3.0.23 to 3.0.25b
This is saying that your user and group have confilcting sids because they should share the same base sid as everything else on the domain. To fix this you need to go through your ldap database and make sure that all sids have the same base. This is very strange. I added this user using the /etc/smbldap-tools/smbldap-useradd script. Which yielded a user SID of S-1-5-21-3568796296-2565465778-716510536-3404 but group sid S-1-5-21-1194936901-2368177035-684874509-513. If I check all my other users they have a user sid such as; S-1-5-21-1194936901-2368177035-684874509- and a group sid such as; S-1-5-21-1194936901-2368177035-684874509- If I run the command: net getlocalsid on the PDC I get: SID for domain ASTER is: S-1-5-21-3568796296-2565465778-716510536 Shouldn't the PDC SID match the user and group SIDs? So I deleted the user account, went into the LDAP Account Manager tool from a web browser, recreated the user, and now the user SID is correct: S-1-5-21-1194936901-2368177035-684874509-3408 I then went back and tried to add a test user account using the /etc/smbldap-tools/smbldap-useradd script, and I get the following error: Could not find base dn, to get next uidNumber at /etc/smbldap-tools//smbldap_tools.pm line 1046, DATA line 283. I'm not sure whats going on, everything worked fine until I upgraded to 3.0.25. *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT$ d- s: a C++$ LU+++$ P+ L++L !E--- W+++ N o? K? w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++ --END GEEK CODE BLOCK-- John Drescher wrote: On 7/16/07, Jason Baker [EMAIL PROTECTED] wrote: I have a working Samba PDC, I can log in and out from a windows xp workstation. I recently upgraded to 3.0.25b-33 and now, when I add a new user, I get: The system cannot log you on due to the following error: A device attached to the system is not fuctioning Please try again or consult your system administrator I have network connectivity. I was able to join this machine to the domain through windows xp. I can log on to the domain from this machine with an existing user. All file and directory permissions are correct: If I run the smbclient command I get: session setup failed: NT_STATUS_NO_LOGON_SERVERS I believe that means that samba could not find the PDC via name resolution. Samba is indeed running. If I run smbclient with an existing user I get: I found this entry in the domain controllers samba log: [2007/07/16 13:55:13, 5] rpc_server/srv_netlog_nt.c:_net_sam_logon_internal(934) _net_sam_logon: check_password returned status NT_STATUS_OK [2007/07/16 13:55:13, 1] rpc_server/srv_netlog_nt.c:_net_sam_logon_internal(1004) _net_sam_logon: user GLASTENDERNET\jrolfe has user sid S-1-5-21-3568796296-2565465778-716510536-3404 but group sid S-1-5-21-1194936901-2368177035-684874509-513. The conflicting domain portions are not supported for NETLOGON calls --CUT-- This is saying that your user and group have confilcting sids because they should share the same base sid as everything else on the domain. To fix this you need to go through your ldap database and make sure that all sids have the same base. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems since upgrade from 3.0.23 to 3.0.25b
net rpc info should match. I am not sure about get local sid as it failed on my pdc. # net rpc info Password: Domain Name: GLASTENDERNET Domain SID: S-1-5-21-1194936901-2368177035-684874509 Sequence number: 1184678015 Num users: 100 Num domain groups: 39 Num local groups: 0 This seems correct. I re-ran the smbldap_tools configuration script, so I'm quite sure all is correct with that. *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT$ d- s: a C++$ LU+++$ P+ L++L !E--- W+++ N o? K? w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++ --END GEEK CODE BLOCK-- John Drescher wrote: On 7/17/07, *Jason Baker* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: This is saying that your user and group have confilcting sids because they should share the same base sid as everything else on the domain. To fix this you need to go through your ldap database and make sure that all sids have the same base. This is very strange. I added this user using the /etc/smbldap-tools/smbldap-useradd script. Which yielded a user SID of S-1-5-21-3568796296-2565465778-716510536-3404 but group sid S-1-5-21-1194936901-2368177035-684874509-513. If I check all my other users they have a user sid such as; S-1-5-21-1194936901-2368177035-684874509- and a group sid such as; S-1-5-21-1194936901-2368177035-684874509- If I run the command: net getlocalsid on the PDC I get: SID for domain ASTER is: S-1-5-21-3568796296-2565465778-716510536 Shouldn't the PDC SID match the user and group SIDs? net rpc info should match. I am not sure about get local sid as it failed on my pdc. So I deleted the user account, went into the LDAP Account Manager tool from a web browser, recreated the user, and now the user SID is correct: S-1-5-21-1194936901-2368177035-684874509-3408 I then went back and tried to add a test user account using the /etc/smbldap-tools/smbldap-useradd script, and I get the following error: Could not find base dn, to get next uidNumber at /etc/smbldap-tools//smbldap_tools.pm line 1046, DATA line 283 I'm not sure whats going on, everything worked fine until I upgraded to 3.0.25. Are you sure your smbldap tools conf files did not get updated somehow? John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems since upgrade from 3.0.23 to 3.0.25b
Now I am unable to set the user's account to Must Change Password. I tried it in LDAP Account Manager and with PDBEDIT and it simply will not change, something is definitely wrong here with my setup. *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT$ d- s: a C++$ LU+++$ P+ L++L !E--- W+++ N o? K? w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++ --END GEEK CODE BLOCK-- Jason Baker wrote: net rpc info should match. I am not sure about get local sid as it failed on my pdc. # net rpc info Password: Domain Name: GLASTENDERNET Domain SID: S-1-5-21-1194936901-2368177035-684874509 Sequence number: 1184678015 Num users: 100 Num domain groups: 39 Num local groups: 0 This seems correct. I re-ran the smbldap_tools configuration script, so I'm quite sure all is correct with that. *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT$ d- s: a C++$ LU+++$ P+ L++L !E--- W+++ N o? K? w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++ --END GEEK CODE BLOCK-- John Drescher wrote: On 7/17/07, *Jason Baker* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: This is saying that your user and group have confilcting sids because they should share the same base sid as everything else on the domain. To fix this you need to go through your ldap database and make sure that all sids have the same base. This is very strange. I added this user using the /etc/smbldap-tools/smbldap-useradd script. Which yielded a user SID of S-1-5-21-3568796296-2565465778-716510536-3404 but group sid S-1-5-21-1194936901-2368177035-684874509-513. If I check all my other users they have a user sid such as; S-1-5-21-1194936901-2368177035-684874509- and a group sid such as; S-1-5-21-1194936901-2368177035-684874509- If I run the command: net getlocalsid on the PDC I get: SID for domain ASTER is: S-1-5-21-3568796296-2565465778-716510536 Shouldn't the PDC SID match the user and group SIDs? net rpc info should match. I am not sure about get local sid as it failed on my pdc. So I deleted the user account, went into the LDAP Account Manager tool from a web browser, recreated the user, and now the user SID is correct: S-1-5-21-1194936901-2368177035-684874509-3408 I then went back and tried to add a test user account using the /etc/smbldap-tools/smbldap-useradd script, and I get the following error: Could not find base dn, to get next uidNumber at /etc/smbldap-tools//smbldap_tools.pm line 1046, DATA line 283 I'm not sure whats going on, everything worked fine until I upgraded to 3.0.25. Are you sure your smbldap tools conf files did not get updated somehow? John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] [Urgent] Cannot make changes via pdbedit
I have been having some problems since I updated from Samba 3.0.23 to 3.0.25b. I have installed the latest version of smbldap-tools but I am still not able to make certain changes to a user's account. I have created a new user named JROLFE. After I set up a new user, I will set it so they are required to change their password when they first login. I usually do this through LDAP Account Manager. I set User can change password to a date in the past and User must change password to a date in the past. But for some reason it didn't work. If I run pdbedit -Lv -u jrolfe, I get: Password last set:Mon, 01 Jan 2007 03:00:00 EST Password can change: Mon, 08 Jan 2007 03:00:00 EST Password must change: never If I run ../smbldap-usershow jrolfe, I get: sambaPwdCanChange: 1183795200 sambaPwdLastSet: 1167638400 sambaPwdMustChange: 1167638400 The unix times converted to english are: Sat, 07 Jul 2007 08:00:00 GMT and Mon, 01 Jan 2007 08:00:00 GMT. So you can see that the dates do not match between pdbedit and smbldap-tools. This is really causing a problem because I am trying to set up a new user and cannot get his password to expire. -- *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT$ d- s: a C++$ LU+++$ P+ L++L !E--- W+++ N o? K? w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++ --END GEEK CODE BLOCK-- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Performance problem with file 2Gb
I had this same issue when I first setup samba on our network. I too am using a 3ware RAID controller. Do you have write caching enabled on your RAID controllers? If you do not, this will slow down performance quite noticeably. I purchased the battery backup units for the cards and enabled write caching *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT$ d- s: a C++$ LU+++$ P+ L++L !E--- W+++ N o? K? w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++ --END GEEK CODE BLOCK-- Sébastien CRAMATTE wrote: Hello, I've setup an Samba 3 server on a Debian Etch 4 The server has : - 8x 500Gb raid 5 via 3ware Raid Controller - Filesystem is Ext3 over Lvm2 (I know that be better an Xfs FS instead ... now I can't change it easily ) - Xeon dual core 2 - 2Gb of RAM - connected to a gigabit switch using 2 bonded NIC When I copy big files ( 2Gb MPEG files) from Windows clients the copy do a pause on the end ... If at the same time I open another video from another client the movie playback start to skip frame and become very very slow ... Any Ideas ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problems since upgrade from 3.0.23 to 3.0.25b
mask = 0700 force user = %U [profiles] comment = Profile Share path = /var/lib/samba/profiles writeable = yes browseable = no profile acls = yes [netlogon] path = /var/lib/samba/netlogon guest ok = yes locking = no LDAP is also working fine. I'm at a loss to figure this out. -- *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT$ d- s: a C++$ LU+++$ P+ L++L !E--- W+++ N o? K? w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++ --END GEEK CODE BLOCK-- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems since upgrade from 3.0.23 to 3.0.25b
I believe that means that samba could not find the PDC via name resolution. I have a DNS and DHCP server running and I can ping the PDC by name from the client machine. *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT$ d- s: a C++$ LU+++$ P+ L++L !E--- W+++ N o? K? w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++ --END GEEK CODE BLOCK-- John Drescher wrote: On 7/16/07, Jason Baker [EMAIL PROTECTED] wrote: I have a working Samba PDC, I can log in and out from a windows xp workstation. I recently upgraded to 3.0.25b-33 and now, when I add a new user, I get: The system cannot log you on due to the following error: A device attached to the system is not fuctioning Please try again or consult your system administrator I have network connectivity. I was able to join this machine to the domain through windows xp. I can log on to the domain from this machine with an existing user. All file and directory permissions are correct: If I run the smbclient command I get: session setup failed: NT_STATUS_NO_LOGON_SERVERS I believe that means that samba could not find the PDC via name resolution. Samba is indeed running. If I run smbclient with an existing user I get: I found this entry in the domain controllers samba log: [2007/07/16 13:55:13, 5] rpc_server/srv_netlog_nt.c:_net_sam_logon_internal(934) _net_sam_logon: check_password returned status NT_STATUS_OK [2007/07/16 13:55:13, 1] rpc_server/srv_netlog_nt.c:_net_sam_logon_internal(1004) _net_sam_logon: user GLASTENDERNET\jrolfe has user sid S-1-5-21-3568796296-2565465778-716510536-3404 but group sid S-1-5-21-1194936901-2368177035-684874509-513. The conflicting domain portions are not supported for NETLOGON calls --CUT-- This is saying that your user and group have confilcting sids because they should share the same base sid as everything else on the domain. To fix this you need to go through your ldap database and make sure that all sids have the same base. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Is there a way to support both local and roaming profile with one server / domain?
I'm not sure of a way to do it in Samba literally, but I have some local users on my roaming network. They are given a local user account on a workstation and they log into the local computer instead of the domain. Samba still handles all authentication for the user when they want to access Samba shares. But as far as a way to configure Samba for both, I don't have an answer. I would be highly interested to know how if it were possible. *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT$ d- s: a C++$ LU+++$ P+ L++L !E--- W+++ N o? K? w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++ --END GEEK CODE BLOCK-- Michael Lueck wrote: Recent list messages got me thinking... Is there a way to support both local and roaming profile with one server / domain? As I understand it, the magic line that tells Samba not to do roaming profiles is the smb.conf line: logon path = Which the line must exist, and must be set to null. But that is in the global section. So is there a way to support both local and roaming... with some Samba magic?! ;-) TIA! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Keeping old profiles
Given roaming profiles, then the local profile would have to be copied to the server. Might be best to reboot the Windows box and log on with local Administrator, make a copy of the user profile (use InfoZip zip.exe for example), then log on with a Samba domain account to gain network access and copy the backup of the profile to the server. This is pretty much how we handle it. I have a workstation with a local account. I join that machine to the domain. Then log on to the domain as the user, then log out again. Now (as long as you don't have delete roaming cache enabled yet), you can log back into the machine as the local admin. If you go to Documents and Settings (WinXP), you will see the users local profile, lets call it FRED. Then you will see FRED.DOMAIN. I simply copy all the data from Application Data, My Documents and Desktop from the local profile to the roaming profile (FREDFRED.DOMAIN). You can also copy things like Favorites and Start Menu depending on your needs. It confirm everything copied over by logging into the domain as the user. Make sure all files are available and that email and other programs work. Then log out so the profile gets saved back to the server (PDC). Then I reboot the client workstation, log in as local admin again, set DeleteRoamingCache in the registry, delete the local copies of the profiles (FRED and FRED.DOMAIN), then log out, and log in as FRED to the domain. After you log out, there will be no profile left on the local machine (as very good idea in a roaming environment). *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT$ d- s: a C++$ LU+++$ P+ L++L !E--- W+++ N o? K? w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++ --END GEEK CODE BLOCK-- Michael Lueck wrote: Walmiro Muzzi wrote: The user did not log in samba. Now, log in samba, how I make to keep the old profile? I don't want that a new profile is created. The username is the same. As much as I know, (and given local user profiles) it is necessary to do a registry update to tell Windows to load the existing profile rather than the new one. Given roaming profiles, then the local profile would have to be copied to the server. Might be best to reboot the Windows box and log on with local Administrator, make a copy of the user profile (use InfoZip zip.exe for example), then log on with a Samba domain account to gain network access and copy the backup of the profile to the server. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Access denied-message when joining domain
I also want the users to be able to log in from any computer in the network. This is called roaming profiles, and you will need a domain in order to do this, otherwise the user's desktop will not follow them to different computers. *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT$ d- s: a C++$ LU+++$ P+ L++L !E--- W+++ N o? K? w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++ --END GEEK CODE BLOCK-- Huyth Jenssen wrote: Hello list. I have Samba working as a PDC, but when I try to join from a XP computer I get the message: Access denied. The message appears right after I change the domain name in the XP network settings and the login window pops up. My smb.conf is: [global] workgroup = DOMAIN.NAME server string = %h server (Samba, Ubuntu) obey pam restrictions = Yes passdb backend = ldapsam:ldap://127.0.0.1 passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* . syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 logon script = logon.bat logon path = \\%N\profiles logon drive = H: logon home = \\%N\%U\data domain logons = Yes dns proxy = No wins support = Yes ldap admin dn = cn=admin,dc=domain,dc=name ldap group suffix = ou=groups ldap machine suffix = ou=machines ldap passwd sync = Yes ldap suffix = dc=domain,dc=name ldap user suffix = ou=users panic action = /usr/share/samba/panic-action %d invalid users = root [homes] comment = Home Directories path = /home/%S/data valid users = %S read only = No create mask = 0600 directory mask = 0700 browseable = No [netlogon] comment = Network Logon Service path = /data/samba/netlogon write list = @admins guest ok = Yes share modes = No [profiles] comment = Users profiles path = /home/%U/profiles read only = No create mask = 0600 directory mask = 0700 browseable = No [printers] comment = All Printers path = /var/spool/samba create mask = 0700 printable = Yes browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/printers Also, I'm not quite sure if I need a domain. All I want to do is to create different users with different rights, the data stored will be the same for everybody, just different rights. Two printers will be shared and I want everybody to have access to them. I also want the users to be able to log in from any computer in the network. Do I need a domain or can this be solved in another way? Thankful for any responses. Huyth -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Strange network file access behavior
,*.lnk,*.idlk,*.ldb,*.db,*.dwl,*.bak -- *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT$ d- s: a C++$ LU+++$ P+ L++L !E--- W+++ N o? K? w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++ --END GEEK CODE BLOCK-- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Access denied-message when joining domain
No worries...only trying to be helpful. *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT$ d- s: a C++$ LU+++$ P+ L++L !E--- W+++ N o? K? w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++ --END GEEK CODE BLOCK-- Michael Lueck wrote: Jason Baker wrote: I also want the users to be able to log in from any computer in the network. This is called roaming profiles The OP stated that they want users to be able to log in from any workstation... he did NOT specify that it is expected that on each computer they receive the same desktop environment. Please be careful not to jump to solutions before the requirements are clearly understood. If in the OP's environment it is only necessary to be able to log onto any workstation, and then when logged on to use the programs which are installed on that workstation, then he will be able to do so without the use of roaming profiles. This avoids the complications of Roaming Profiles. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Strange network file access behavior
I just tried what you suggested. I shut down all instances of AVG on the client and it is still screeching to a halt. I've got 57% CPU and 68% Network Utilization and the browse window will eventually show (NOT RESPONDING). I have ran benchmark tests on the network, and everything is fine. It only happens on this share. I can zip through all other shares on the network, even directories full of JPG's with thumbnail previews, but once I get into that /information_systems/ share, everything slows to a crawl. I wondered if it was maybe the share name, maybe the underscore is a bad idea. I also thought maybe its a file that is causing the issue. Maybe I should one by one start moving files out of that share and see how it affects it. *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT$ d- s: a C++$ LU+++$ P+ L++L !E--- W+++ N o? K? w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++ --END GEEK CODE BLOCK-- Ian McDonald wrote: What happens if you turn off the anti-virus on the client machine? Jason Baker wrote: I have a Samba PDC and a file server (domain member). They are both running CentOS 4, with Samba3-3.0.24-30 and LDAP 2.3 (on PDC). Domain authentication seems to be running fine and file access on the file server works also. I have one share on the file server that gives me trouble. Whenever I access files from this one directory, the network seems to lock up for close to a minute. I get 64% or more network utilization on the client PC, no packets seem to be moving. If I run TOP on the file server, I see that the top process is the SMBD command from the user who is accessing the directory in question. It shows about 16% or more CPU utilization on the server and the process will stay there for close to a minute. Also, during this hang time the PC client is pretty much frozen, I cannot minimize the browse window or bring up task manager. After about a minute or so, suddenly it will come back to life and I can access the file, or run the executable that I am trying to access from that directory. Any other directory seems to work fine. I don't no have any other slow-downs. See conf file below: SMB Conf for PDC: [global] unix charset = LOCALE workgroup = mynet netbios name = aster server string = Domain Controller running %v interfaces = eth1, lo bind interfaces only = yes os level = 255 preferred master = yes local master = yes domain master = yes security = user time server = yes username map = /etc/samba/smbusers wins support = yes encrypt passwords = yes pam password change = yes name resolve order = wins bcast hosts winbind nested groups = no passdb backend = ldapsam:ldap://myhost; ldap passwd sync = Yes ldap suffix = dc=mydomain,dc=com ldap admin dn = cn=Manager,dc=mydomain,dc=com ldap ssl = no ldap group suffix = ou=Groups ldap user suffix = ou=People ldap machine suffix = ou=People ldap idmap suffix = ou=Idmap idmap backend = ldap://myhost idmap uid = 1-2 idmap gid = 1-2 map acl inherit = yes add user script = /etc/smbldap-tools/smbldap-useradd -m %u #delete user script = /etc/smbldap-tools/smbldap-userdel %u add machine script = /etc/smbldap-tools/smbldap-useradd -w %u add group script = /etc/smbldap-tools/smbldap-groupadd -p %g add user to group script = /etc/smbldap-tools/smbldap-groupmod -m %u %g delete user from group script = /etc/smbldap-tools/smbldap-groupmod -x %u %g set primary group script = /etc/smbldap-tools/smbldap-usermod -g %g %u domain logons = yes log file = /var/log/samba/log.%m log level = 1 syslog = 0 max log size = 50 #smb ports = 139 445 smb ports = 139 hosts allow = 127.0.0.1 192.168.0.0/255.255.255.0 # User profiles and home directories logon drive = U: logon path = \\%L\profiles\%U logon script = %U.bat large readwrite = no read raw = no write raw = no printcap name = /etc/printcap load printers = no printing = template shell = /bin/false winbind use default domain = no cut SMB Conf for file server: [global] unix charset = LOCALE workgroup = mynet server string = File Server security = domain username map = /etc/samba/smbusers log level = 1 syslog = 0 log file = /var/log/samba/%m.log max log size = 50 smb ports = 139 name resolve order = wins bcast hosts wins server = 192.168.0.1 ldap suffix
Re: [Samba] Strange network file access behavior
There are mainly .EXE files, windows software. This is where the IT department keeps most of the programs we need to install on other machines. There is also a fairly large .ZIP file located in this directory. I've renamed the share IT, and moved the contents out of the directory, created a new directory, now I'm going to start adding files back in one at a time and see if I can repeat the problem. *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT$ d- s: a C++$ LU+++$ P+ L++L !E--- W+++ N o? K? w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++ --END GEEK CODE BLOCK-- Herb Lewis wrote: is there anything strange about the number of files in that dir compared to the others, or strange naming (mixed case)? Jason Baker wrote: I just tried what you suggested. I shut down all instances of AVG on the client and it is still screeching to a halt. I've got 57% CPU and 68% Network Utilization and the browse window will eventually show (NOT RESPONDING). I have ran benchmark tests on the network, and everything is fine. It only happens on this share. I can zip through all other shares on the network, even directories full of JPG's with thumbnail previews, but once I get into that /information_systems/ share, everything slows to a crawl. I wondered if it was maybe the share name, maybe the underscore is a bad idea. I also thought maybe its a file that is causing the issue. Maybe I should one by one start moving files out of that share and see how it affects it. *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT$ d- s: a C++$ LU+++$ P+ L++L !E--- W+++ N o? K? w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++ --END GEEK CODE BLOCK-- Ian McDonald wrote: What happens if you turn off the anti-virus on the client machine? Jason Baker wrote: I have a Samba PDC and a file server (domain member). They are both running CentOS 4, with Samba3-3.0.24-30 and LDAP 2.3 (on PDC). Domain authentication seems to be running fine and file access on the file server works also. I have one share on the file server that gives me trouble. Whenever I access files from this one directory, the network seems to lock up for close to a minute. I get 64% or more network utilization on the client PC, no packets seem to be moving. If I run TOP on the file server, I see that the top process is the SMBD command from the user who is accessing the directory in question. It shows about 16% or more CPU utilization on the server and the process will stay there for close to a minute. Also, during this hang time the PC client is pretty much frozen, I cannot minimize the browse window or bring up task manager. After about a minute or so, suddenly it will come back to life and I can access the file, or run the executable that I am trying to access from that directory. Any other directory seems to work fine. I don't no have any other slow-downs. See conf file below: SMB Conf for PDC: [global] unix charset = LOCALE workgroup = mynet netbios name = aster server string = Domain Controller running %v interfaces = eth1, lo bind interfaces only = yes os level = 255 preferred master = yes local master = yes domain master = yes security = user time server = yes username map = /etc/samba/smbusers wins support = yes encrypt passwords = yes pam password change = yes name resolve order = wins bcast hosts winbind nested groups = no passdb backend = ldapsam:ldap://myhost; ldap passwd sync = Yes ldap suffix = dc=mydomain,dc=com ldap admin dn = cn=Manager,dc=mydomain,dc=com ldap ssl = no ldap group suffix = ou=Groups ldap user suffix = ou=People ldap machine suffix = ou=People ldap idmap suffix = ou=Idmap idmap backend = ldap://myhost idmap uid = 1-2 idmap gid = 1-2 map acl inherit = yes add user script = /etc/smbldap-tools/smbldap-useradd -m %u #delete user script = /etc/smbldap-tools/smbldap-userdel %u add machine script = /etc/smbldap-tools/smbldap-useradd -w %u add group script = /etc/smbldap-tools/smbldap-groupadd -p %g add user to group script = /etc/smbldap-tools/smbldap-groupmod -m %u %g delete user from group script = /etc/smbldap-tools/smbldap-groupmod -x %u %g set primary group script = /etc/smbldap-tools/smbldap-usermod -g %g %u domain logons = yes log file = /var/log/samba/log.%m log level = 1 syslog = 0 max log size = 50 #smb ports = 139 445 smb ports = 139 hosts allow = 127.0.0.1 192.168.0.0/255.255.255.0 # User profiles and home directories logon drive = U: logon path = \\%L\profiles\%U logon script = %U.bat large
[Samba] Backup Domain not working
I recently set up a backup domain controller using Samba 3.0.23. I have a Samba PDC already running, and all is working fine, but once I added the BDC, now when people log in to their windows account, their home directory is now being mapped to their home on the BDC (which is empty) instead of the PDC. Conf files from each below: PDC Samba Conf: [global] unix charset = LOCALE workgroup = mydomain netbios name = PDC server string = Domain Controller running %v interfaces = eth1, lo bind interfaces only = yes os level = 255 preferred master = yes local master = yes domain master = yes security = user time server = yes username map = /etc/samba/smbusers wins support = yes encrypt passwords = yes pam password change = yes name resolve order = wins bcast hosts winbind nested groups = no passdb backend = ldapsam:ldap://127.0.0.1 ldap://BDC; ldap passwd sync = Yes ldap suffix = dc=mydomain,dc=com ldap admin dn = cn=Manager,dc=mydomain,dc=com ldap ssl = no ldap group suffix = ou=Groups ldap user suffix = ou=People ldap machine suffix = ou=People ldap idmap suffix = ou=Idmap idmap backend = ldap:ldap://127.0.0.1/ idmap uid = 1-2 idmap gid = 1-2 map acl inherit = yes add user script = /etc/smbldap-tools/smbldap-useradd -m %u #delete user script = /etc/smbldap-tools/smbldap-userdel %u add machine script = /etc/smbldap-tools/smbldap-useradd -w %u add group script = /etc/smbldap-tools/smbldap-groupadd -p %g #delete group script = /etc/smbldap-tools/smbldap-groupdel %g add user to group script = /etc/smbldap-tools/smbldap-groupmod -m %u %g delete user from group script = /etc/smbldap-tools/smbldap-groupmod -x %u %g set primary group script = /etc/smbldap-tools/smbldap-usermod -g %g %u domain logons = yes log file = /var/log/samba/log.%m log level = 1 syslog = 0 max log size = 50 #smb ports = 139 445 smb ports = 139 hosts allow = 127.0.0.1 172.16.0.0/255.255.0.0 # User profiles and home directories logon drive = U: logon path = \\%L\profiles\%U logon script = %U.bat large readwrite = no read raw = no write raw = no printcap name = /etc/printcap load printers = no printing = template shell = /bin/false winbind use default domain = no BDC Samba Conf. [global] unix charset = LOCALE workgroup = mydomain server string = Backup Domain Controller security = domain username map = /etc/samba/smbusers log level = 1 syslog = 0 log file = /var/log/samba/%m.log max log size = 50 smb ports = 139 name resolve order = wins bcast hosts wins server = 172.16.24.7 ldap suffix = dc=mydomain,dc=com ldap machine suffix = ou=People ldap user suffix = ou=People ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap admin dn = cn=Manager,dc=mydomain,dc=com idmap backend = ldap:ldap://PDC idmap uid = 1-2 idmap gid = 1-2 winbind trusted domains only = yes password server = 172.16.24.7 template shell = /bin/false domain master = no local master = no os level = 0 preferred master = no winbind use default domain = no veto oplock files = /*.mbd/ large readwrite = no read raw = no write raw = noprintcap name = /etc/printcap load printers = no printing = -- *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT$ d- s: a C++$ LU+++$ P+ L++L !E--- W+++ N o? K? w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++ --END GEEK CODE BLOCK-- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Backup Domain not working
That makes sense. I will try that and report back. *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT$ d- s: a C++$ LU+++$ P+ L++L !E--- W+++ N o? K? w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++ --END GEEK CODE BLOCK-- Gary Dale wrote: I suspect you need to specify the logon home with actual server name (PDC). Otherwise it defaults to the server you logged onto - in this case your BDC. Jason Baker wrote: I recently set up a backup domain controller using Samba 3.0.23. I have a Samba PDC already running, and all is working fine, but once I added the BDC, now when people log in to their windows account, their home directory is now being mapped to their home on the BDC (which is empty) instead of the PDC. Conf files from each below: PDC Samba Conf: [global] unix charset = LOCALE workgroup = mydomain netbios name = PDC server string = Domain Controller running %v interfaces = eth1, lo bind interfaces only = yes os level = 255 preferred master = yes local master = yes domain master = yes security = user time server = yes username map = /etc/samba/smbusers wins support = yes encrypt passwords = yes pam password change = yes name resolve order = wins bcast hosts winbind nested groups = no passdb backend = ldapsam:ldap://127.0.0.1 ldap://BDC; ldap passwd sync = Yes ldap suffix = dc=mydomain,dc=com ldap admin dn = cn=Manager,dc=mydomain,dc=com ldap ssl = no ldap group suffix = ou=Groups ldap user suffix = ou=People ldap machine suffix = ou=People ldap idmap suffix = ou=Idmap idmap backend = ldap:ldap://127.0.0.1/ idmap uid = 1-2 idmap gid = 1-2 map acl inherit = yes add user script = /etc/smbldap-tools/smbldap-useradd -m %u #delete user script = /etc/smbldap-tools/smbldap-userdel %u add machine script = /etc/smbldap-tools/smbldap-useradd -w %u add group script = /etc/smbldap-tools/smbldap-groupadd -p %g #delete group script = /etc/smbldap-tools/smbldap-groupdel %g add user to group script = /etc/smbldap-tools/smbldap-groupmod -m %u %g delete user from group script = /etc/smbldap-tools/smbldap-groupmod -x %u %g set primary group script = /etc/smbldap-tools/smbldap-usermod -g %g %u domain logons = yes log file = /var/log/samba/log.%m log level = 1 syslog = 0 max log size = 50 #smb ports = 139 445 smb ports = 139 hosts allow = 127.0.0.1 172.16.0.0/255.255.0.0 # User profiles and home directories logon drive = U: logon path = \\%L\profiles\%U logon script = %U.bat large readwrite = no read raw = no write raw = no printcap name = /etc/printcap load printers = no printing = template shell = /bin/false winbind use default domain = no BDC Samba Conf. [global] unix charset = LOCALE workgroup = mydomain server string = Backup Domain Controller security = domain username map = /etc/samba/smbusers log level = 1 syslog = 0 log file = /var/log/samba/%m.log max log size = 50 smb ports = 139 name resolve order = wins bcast hosts wins server = 172.16.24.7 ldap suffix = dc=mydomain,dc=com ldap machine suffix = ou=People ldap user suffix = ou=People ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap admin dn = cn=Manager,dc=mydomain,dc=com idmap backend = ldap:ldap://PDC idmap uid = 1-2 idmap gid = 1-2 winbind trusted domains only = yes password server = 172.16.24.7 template shell = /bin/false domain master = no local master = no os level = 0 preferred master = no winbind use default domain = no veto oplock files = /*.mbd/ large readwrite = no read raw = no write raw = noprintcap name = /etc/printcap load printers = no printing = -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cannot join Win XP SP2 client to domain
Are you really using that LDAP servers? The error is mostly related to LDAP more than Samba... perhaps ACL problems. Yes I am. I have an LDAP server on the PDC (which is localhost) and a slave on the BDC (which is myserver). It all works fine. As far as the issue I was having regarding adding a machine to the domain, I have solved it. Here's what I did: I create an LDIF file with the following content: dn: cn=NextFreeUnixId,dc=mydomain,dc=com objectClass: inetOrgPerson objectClass: sambaUnixIdPool uidNumber: 1160 #(/set these numbers above your highest user and group ID's/) gidNumber: 1160 cn: NextFreeUnixId sn: NextFreeUnixId Now run: /ldapadd -x -D cn=Manager,dc=mydomain,dc=com -w LDAP password -f filename.ldif/ Then go into smbldap-tools/smbldap.conf and add the following: /sambaUnixIdPooldn=cn=NextFreeUnixId,${suffix}/ After that I am able to add a machine to the domain from within the windows client. See http://sourceforge.net/docman/display_doc.php?docid=33543group_id=166108 http://sourceforge.net/docman/display_doc.php?docid=33543group_id=166108 for more information on using and configuring the IdealX scripts. *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT$ d- s: a C++$ LU+++$ P+ L++L !E--- W+++ N o? K? w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++ --END GEEK CODE BLOCK-- Asier Baranguán wrote: El Martes, 15 de Mayo de 2007 21:42, Jason Baker escribió: [global] unix charset = LOCALE workgroup = mydomain netbios name = myserver server string = Domain Controller running %v interfaces = eth1, lo bind interfaces only = yes os level = 255 preferred master = yes local master = yes domain master = yes security = user time server = yes username map = /etc/samba/smbusers wins support = yes encrypt passwords = yes pam password change = yes name resolve order = wins bcast hosts winbind nested groups = no passdb backend = ldapsam:ldap://127.0.0.1 ldap://myserver; Are you really using that LDAP servers? The error is mostly related to LDAP more than Samba... perhaps ACL problems. add user script = /etc/smbldap-tools/smbldap-useradd -m %u It's not related to this error, but if your users are going to be Windows users you shuld add an '-a' here add group script = /etc/smbldap-tools/smbldap-groupadd -p %g And perhaps here, to make the group mappings automatically -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cannot join Win XP SP2 client to domain
Maybe you can tell me a bit more about your server. Which backend do you use? Do you use the smbldap scripts as well? Maybe we can find the similarities in our machines which cause the problem and fix it. Thomas, I installed Samba 3.0.23d-30 from an RPM to a CentOS 4 server. This machine is running an LDAP backend (OpenLDAP 2.3). When I first got the server configured and up and running for the first time, I was able to join a machine to the domain from the client being joined. I accomplished this though the Windows Network ID Wizard. But then after finishing up the configuration on the server and getting ready to join all my workstations it quit working. Suddenly it complained that my root password had expired and I was no longer able to join any workstations remotely. I got the root password problem figured out, but still could not join machines remotely. I have LDAP Account Manager installed and it is working just great. I also have the IdealX SMB-LDAP scripts installed. These no longer work either. Maybe the problem is in the scripts. I will investigate further and post my findings. *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT$ d- s: a C++$ LU+++$ P+ L++L !E--- W+++ N o? K? w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++ --END GEEK CODE BLOCK-- Thomas Ußmüller wrote: Dear Jason, Thanks a lot. This solved my problem. When creating the user and machine accounts directly with LDAP everything works fine. But when either trying to directly connect the machine (i.e. without creating the account manually) or when using the User Manager for domains, it doesn't work. I have noticed that the smbldap script create the accounts in my directory. But interestingly the SambaSamAccount objectclass is not added by the scripts. Is this behaviour normal? Shall the scripts or samba add the attributes? I think one possible solution might be to modify the scripts, so that they add the needed objectclass/ attributes. What do the others in the group think about that solution? Maybe you can tell me a bit more about your server. Which backend do you use? Do you use the smbldap scripts as well? Maybe we can find the similarities in our machines which cause the problem and fix it. Regards Thomas Jason Baker schrieb: When trying to join the client to the domain I get an error message that the user does not exist (although connecting to the shares works with this username). Furthermore the user has the SeMachineAccountPrivilege set. I had this same problem. I ended up creating the machine accounts via the LDAP Account Manager. I never did figure out why I cannot add a machine to the domain through the Windows Network ID Wizard. Have you tried to create the machine account manually on the server, and then join the machine to the domain? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cannot join Win XP SP2 client to domain
Thomas, I have some more info: I CD'd into my SMB-LDAP scripts directory (the IdealX scripts) and ran /./smbldap-useradd -w test$ /and received the following error: Could not find base dn, to get next uidNumber at /etc/smbldap-tools//smbldap_tools.pm line 1046, DATA line 283. I would have to believe the reason I cannot add a machine to the domain remotely from the client is because of this script failing (see smb.conf) [global] unix charset = LOCALE workgroup = mydomain netbios name = myserver server string = Domain Controller running %v interfaces = eth1, lo bind interfaces only = yes os level = 255 preferred master = yes local master = yes domain master = yes security = user time server = yes username map = /etc/samba/smbusers wins support = yes encrypt passwords = yes pam password change = yes name resolve order = wins bcast hosts winbind nested groups = no passdb backend = ldapsam:ldap://127.0.0.1 ldap://myserver; ldap passwd sync = Yes ldap suffix = dc=myserver,dc=com ldap admin dn = cn=Manager,dc=myserver,dc=com ldap ssl = no ldap group suffix = ou=Groups ldap user suffix = ou=People ldap machine suffix = ou=People ldap idmap suffix = ou=Idmap idmap backend = ldap:ldap://127.0.0.1/ idmap uid = 1-2 idmap gid = 1-2 map acl inherit = yes add user script = /etc/smbldap-tools/smbldap-useradd -m %u #delete user script = /etc/smbldap-tools/smbldap-userdel %u add machine script = /etc/smbldap-tools/smbldap-useradd -w %u add group script = /etc/smbldap-tools/smbldap-groupadd -p %g #delete group script = /etc/smbldap-tools/smbldap-groupdel %g add user to group script = /etc/smbldap-tools/smbldap-groupmod -m %u %g delete user from group script = /etc/smbldap-tools/smbldap-groupmod -x %u %g set primary group script = /etc/smbldap-tools/smbldap-usermod -g %g %u domain logons = yes log file = /var/log/samba/log.%m log level = 1 syslog = 0 max log size = 50 #smb ports = 139 445 smb ports = 139 hosts allow = 127.0.0.1 172.16.0.0/255.255.0.0 # User profiles and home directories logon drive = U: logon path = \\%L\profiles\%U logon script = %U.bat large readwrite = no read raw = no write raw = no printcap name = /etc/printcap load printers = no printing = template shell = /bin/false winbind use default domain = no *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT$ d- s: a C++$ LU+++$ P+ L++L !E--- W+++ N o? K? w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++ --END GEEK CODE BLOCK-- Thomas Ußmüller wrote: Dear Jason, Thanks a lot. This solved my problem. When creating the user and machine accounts directly with LDAP everything works fine. But when either trying to directly connect the machine (i.e. without creating the account manually) or when using the User Manager for domains, it doesn't work. I have noticed that the smbldap script create the accounts in my directory. But interestingly the SambaSamAccount objectclass is not added by the scripts. Is this behaviour normal? Shall the scripts or samba add the attributes? I think one possible solution might be to modify the scripts, so that they add the needed objectclass/ attributes. What do the others in the group think about that solution? Maybe you can tell me a bit more about your server. Which backend do you use? Do you use the smbldap scripts as well? Maybe we can find the similarities in our machines which cause the problem and fix it. Regards Thomas Jason Baker schrieb: When trying to join the client to the domain I get an error message that the user does not exist (although connecting to the shares works with this username). Furthermore the user has the SeMachineAccountPrivilege set. I had this same problem. I ended up creating the machine accounts via the LDAP Account Manager. I never did figure out why I cannot add a machine to the domain through the Windows Network ID Wizard. Have you tried to create the machine account manually on the server, and then join the machine to the domain? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman
Re: [Samba] Cannot join Win XP SP2 client to domain
When trying to join the client to the domain I get an error message that the user does not exist (although connecting to the shares works with this username). Furthermore the user has the SeMachineAccountPrivilege set. I had this same problem. I ended up creating the machine accounts via the LDAP Account Manager. I never did figure out why I cannot add a machine to the domain through the Windows Network ID Wizard. Have you tried to create the machine account manually on the server, and then join the machine to the domain? *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT$ d- s: a C++$ LU+++$ P+ L++L !E--- W+++ N o? K? w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++ --END GEEK CODE BLOCK-- Thomas Ußmüller wrote: Dear all, I have created two virtual machines on my computer (With Vmware 5.5.3). One is running SuSE Linux Enterprise Server 10 with Samba 3.0.22. The other one is runnung a WinXP SP2 client (name: test01). I can browse the shares of the Samba Server. Furthermore I can connect to them with different user names. When trying to join the client to the domain I get an error message that the user does not exist (although connecting to the shares works with this username). Furthermore the user has the SeMachineAccountPrivilege set. What might cause this error? I have added the log.test01, log.smbd and the smb.conf file. Hope somebody can help me Regards Thomas log.test01: --- [2007/05/16 17:51:41, 2] lib/smbldap.c:smbldap_open_connection(724) smbldap_open_connection: connection opened [2007/05/16 17:51:41, 2] passdb/pdb_ldap.c:init_sam_from_ldap(640) init_sam_from_ldap: Entry found for user: root [2007/05/16 17:51:41, 2] passdb/pdb_ldap.c:init_group_from_ldap() init_group_from_ldap: Entry found for group: 512 [2007/05/16 17:51:41, 2] smbd/server.c:exit_server(614) Closing connections [2007/05/16 17:51:41, 2] auth/auth.c:check_ntlm_password(307) check_ntlm_password: authentication for user [root] - [root] - [root] succeeded [2007/05/16 17:51:41, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2670) Returning domain sid for domain LTE - S-1-5-21-4205727931-4131263253-1851132061 [2007/05/16 17:51:42, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2415) _samr_create_user: Running the command `/usr/local/sbin/smbldap-useradd -w test01$' gave 9 [2007/05/16 17:51:42, 2] smbd/server.c:exit_server(614) Closing connections the error message in smbldap-useradd script only means that the account has already been created in the LDAP directory (only unix attributes are set, no win or samba specific stuff). When deleting the user from the directory the message disappears, but nothing else changes. log.smbd: - [2007/05/16 17:51:36, 0] smbd/server.c:main(805) smbd version 3.0.22-13.16-SUSE-SLES10 started. Copyright Andrew Tridgell and the Samba Team 1992-2006 [2007/05/16 17:51:36, 2] param/loadparm.c:do_section(3721) Processing section [homes] [2007/05/16 17:51:36, 2] param/loadparm.c:do_section(3721) Processing section [profiles] [2007/05/16 17:51:36, 2] param/loadparm.c:do_section(3721) Processing section [netlogon] [2007/05/16 17:51:36, 2] param/loadparm.c:do_section(3721) Processing section [intranet] [2007/05/16 17:51:36, 2] param/loadparm.c:do_section(3721) Processing section [literatur] [2007/05/16 17:51:36, 2] param/loadparm.c:do_section(3721) Processing section [projekte] [2007/05/16 17:51:36, 2] param/loadparm.c:do_section(3721) Processing section [software] [2007/05/16 17:51:36, 2] param/loadparm.c:do_section(3721) Processing section [transfer] [2007/05/16 17:51:36, 2] param/loadparm.c:do_section(3721) Processing section [sekretariat] [2007/05/16 17:51:36, 0] printing/print_cups.c:cups_cache_reload(85) Unable to connect to CUPS server localhost - Connection refused [2007/05/16 17:51:36, 0] printing/print_cups.c:cups_cache_reload(85) Unable to connect to CUPS server localhost - Connection refused [2007/05/16 17:51:36, 2] lib/interface.c:add_interface(81) added interface ip=192.168.1.50 bcast=192.168.1.255 nmask=255.255.255.0 [2007/05/16 17:51:36, 2] lib/smbldap_util.c:smbldap_search_domain_info(228) Searching for:[((objectClass=sambaDomain)(sambaDomainName=LTE))] [2007/05/16 17:51:36, 2] lib/smbldap.c:smbldap_open_connection(724) smbldap_open_connection: connection opened [2007/05/16 17:51:36, 2] lib/tallocmsg.c:register_msg_pool_usage(61) Registered MSG_REQ_POOL_USAGE [2007/05/16 17:51:36, 2] lib/dmallocmsg.c:register_dmalloc_msgs(71) Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED [2007/05/16 17:51:36, 2] lib/smbldap.c:smbldap_open_connection(724) smbldap_open_connection: connection opened [2007/05/16 17:51:36, 2] passdb
Re: [Samba] Samba 3 as PDC and hidden folders
However, the Local Settings folder and everything within it are hidden folders in Windows, and seem not to get synced with the server when user logs out of domain. Is there a way to make this folder sync? Any notable downsides to doing so? What you are referring to is roaming profiles. The Local Settings folder by default does not get saved back to the server at logout. You can change this however, but it could result in some minor problems. I have a similar issue running AutoCAD on workstations that have roaming profiles. I have it set so that the profile is removed from the workstation at logout. You could probably get away with leaving the profile on the machines, but that wouldn't solve your problem if someone wanted to get their mail when logged into a different workstation. I would find out if there is a way to move the location of the .pst file in Outlook. *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT$ d- s: a C++$ LU+++$ P+ L++L !E--- W+++ N o? K? w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++ --END GEEK CODE BLOCK-- John Sherling wrote: I'm running Samba 3.0.10 as a PDC for Win XP Pro (SP2) workstations. User Outlook .pst files on desktop machines are (obviously) very important, and must be synced with server at logout for proper backup (which occurs on server). I've noticed that said Outlook .pst files are stored on the XP Pro desktops in a folder called: C:\Documents and Settings\user_name\Local Settings\Application Data\Microsoft\Outlook However, the Local Settings folder and everything within it are hidden folders in Windows, and seem not to get synced with the server when user logs out of domain. Is there a way to make this folder sync? Any notable downsides to doing so? Better to just move the .pst file to a visible folder in the user profile? Would love to hear any best practice advice frmm folks who've done this. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] That new user changes password at start first session
It is, but you will need to use LDAP for your password backend. *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT$ d- s: a C++$ LU+++$ P+ L++L !E--- W+++ N o? K? w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++ --END GEEK CODE BLOCK-- Ricardo Chamorro wrote: How apply I, in Samba 3.0.24 with tdbsam backend, that new user changes the password (the passw has been applied by the administrator) in the first sessions start, just as in MSWindos? It is this possible one? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC - Auth-Ldap + Quotas, HowTo
Easier to use the disk quotas. This can be configured on a per user or group basis. First add this to your /etc/fstab: /dev/VolGroup00/LogVol00 / ext3 defaults,usrquota,grpquota1 1 Then restart. After the restart, run the quotacheck command. You may need to create a script to start disk quotas when the computer starts. After it is setup, use the edquota -u username command to edit the quota sizes. Here is a link for more info: http://www.redhat.com/docs/manuals/linux/RHL-8.0-Manual/admin-primer/s1-storage-quotas.html You can also configure quotas using the Webmin utility (which I find much easier). *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT$ d- s: a C++$ LU+++$ P+ L++L !E--- W+++ N o? K? w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++ --END GEEK CODE BLOCK-- Duarte Lázaro wrote: Hi all, I´m working on a PDC solution using samba + Ldap authentication. Now i´m trying to set up quotas, but i´m have some problem getting a clue how to do that, Read VFS but was not able to set it up properly. could some one give me a clue? i would like to use quotas and if possible to samba get the info from ldap Thanks, Duarte Lázaro -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] PDC problems
I have a Samba PDC, running on Centos 4. The samba version is 3.0.23d.30. I have an LDAP backend. Everything seems to be running fine. I recently configured a BDC, to help with load balancing and to act as a backup in the event the PDC went down. Before I installed the PDC, when a new user logged into the domain, their home directory on the PDC was automatically mapped to the drive letter U. Now that the BDC is running, when a new user logs into the domain, their home directory is automatically mapped to U, but it points to their home directory on the BDC and not the PDC. This created a problem at first because there were no home directories on the BDC. I mounted all home directories from the PDC to the BDC and it works fine, but why is the BDC the default home when a user logs in? Also, when a new user logs in, their login script is being pulled from the netlogon share on the BDC and not the PDC, so I had to make a copy of the netlogon directory from the PDC to the BDC. I'm assuming that I have something configured incorrectly. I have included the samba conf files from both PDC and BDC. PDC Samba Conf: [global] unix charset = LOCALE workgroup = mydomain netbios name = PDC server string = Domain Controller running %v interfaces = eth1, lo bind interfaces only = yes os level = 255 preferred master = yes local master = yes domain master = yes security = user time server = yes username map = /etc/samba/smbusers wins support = yes encrypt passwords = yes pam password change = yes name resolve order = wins bcast hosts winbind nested groups = no passdb backend = ldapsam:ldap://127.0.0.1 ldap://BDC; ldap passwd sync = Yes ldap suffix = dc=mydomain,dc=com ldap admin dn = cn=Manager,dc=mydomain,dc=com ldap ssl = no ldap group suffix = ou=Groups ldap user suffix = ou=People ldap machine suffix = ou=People ldap idmap suffix = ou=Idmap idmap backend = ldap:ldap://127.0.0.1/ idmap uid = 1-2 idmap gid = 1-2 map acl inherit = yes add user script = /etc/smbldap-tools/smbldap-useradd -m %u #delete user script = /etc/smbldap-tools/smbldap-userdel %u add machine script = /etc/smbldap-tools/smbldap-useradd -w %u add group script = /etc/smbldap-tools/smbldap-groupadd -p %g #delete group script = /etc/smbldap-tools/smbldap-groupdel %g add user to group script = /etc/smbldap-tools/smbldap-groupmod -m %u %g delete user from group script = /etc/smbldap-tools/smbldap-groupmod -x %u %g set primary group script = /etc/smbldap-tools/smbldap-usermod -g %g %u domain logons = yes log file = /var/log/samba/log.%m log level = 1 syslog = 0 max log size = 50 #smb ports = 139 445 smb ports = 139 hosts allow = 127.0.0.1 172.16.0.0/255.255.0.0 # User profiles and home directories logon drive = U: logon path = \\%L\profiles\%U logon script = %U.bat large readwrite = no read raw = no write raw = no printcap name = /etc/printcap load printers = no printing = template shell = /bin/false winbind use default domain = no BDC Samba Conf. [global] unix charset = LOCALE workgroup = mydomain server string = Backup Domain Controller security = domain username map = /etc/samba/smbusers log level = 1 syslog = 0 log file = /var/log/samba/%m.log max log size = 50 smb ports = 139 name resolve order = wins bcast hosts wins server = 172.16.24.7 ldap suffix = dc=mydomain,dc=com ldap machine suffix = ou=People ldap user suffix = ou=People ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap admin dn = cn=Manager,dc=mydomain,dc=com idmap backend = ldap:ldap://PDC idmap uid = 1-2 idmap gid = 1-2 winbind trusted domains only = yes password server = 172.16.24.7 template shell = /bin/false domain master = no local master = no os level = 0 preferred master = no winbind use default domain = no veto oplock files = /*.mbd/ large readwrite = no read raw = no write raw = no printcap name = /etc/printcap load printers = no printing = -- *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT$ d- s: a C++$ LU+++$ P+ L++L !E--- W+++ N o? K? w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++ --END GEEK CODE BLOCK
Re: [Samba] cpu load on centOS 4.4
Deno, I had a similar problem when I installed our new servers a couple months ago. I'm running 3Ware 9550SX-4LP (SATA) cards in CentOS 4 boxes. I had absolutely horrible performance and tried everything I could to get it working better. Finally I discovered that I had the on-board caching turned off on the cards, because they don't have the on-board battery backup. My entire system is on a battery backup, so I figured I'd give it a shot. My speeds went through the roof. Now the server is what I would consider normal, even copying large files doesn't slow things down. I would check and see if your cards have any time of on-board caching and enable it. Good luck. *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT$ d- s: a C++$ LU+++$ P+ L++L !E--- W+++ N o? K? w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++ --END GEEK CODE BLOCK-- On 4/24/2007 1:30 PM, Deno Vichas wrote: Hello all, I've installed samba on pretty basic install on centos 4.4. I'm running a P4 2.8Ghz, 1G Ram, Raid 5 SATA-2 disks running on both a 3ware and Highpoint Rocket raid (this is going to get swapped out for a 3ware card soon). When users copy files from a mac os x client I'm seeing the cpu load avg (in top) get up to 7. These copies included 150+Gigs of lots of smaller files inside lots of directories. Is this type of load normal? If not where and what should I be looking at to find the problem? Thanks, deno -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] BDC problems
/ utmp = yes #SHARES### [homes] comment = Home Directories browseable = no read only = no write list = %U create mask = 0600 directory mask = 0700 force user = %U [profiles] comment = Profile Share path = \\aster\profiles writeable = yes browseable = no profile acls = yes [netlogon] path = \\aster\netlogon guest ok = yes locking = no -- *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT$ d- s: a C++$ LU+++$ P+ L++L !E--- W+++ N o? K? w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++ --END GEEK CODE BLOCK-- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Backup Domain Controller
I created a BDC for my network, running a slave LDAP server. Do I need specify the same workgroup as the PDC in the smb.conf? I was thinking I'd put it on a different workgroup just for organizational purposes. -- *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT$ d- s: a C++$ LU+++$ P+ L++L !E--- W+++ N o? K? w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++ --END GEEK CODE BLOCK-- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Backup Domain Controller
Thanks for the answer. I'm just going to keep everything on the same domain to eliminate complexity. I suppose I could set up another subnet, but that sounds too much like work. *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT$ d- s: a C++$ LU+++$ P+ L++L !E--- W+++ N o? K? w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++ --END GEEK CODE BLOCK-- On 4/10/2007 11:54 AM, Wolfgang Ratzka wrote: Jason Baker schrieb: I created a BDC for my network, running a slave LDAP server. Do I need specify the same workgroup as the PDC in the smb.conf? I was thinking I'd put it on a different workgroup just for organizational purposes. The workgroup name serves as the domain name if you are running your samba servers as domain controlers. A BDC must have the same domain name as the PDC, so the answer is no. Once you start with PDCs and BDCs you must stop thinking of workgroups. You have a domain. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Backup Domain Controller
On a related note. How do I know if my BDC is actually working? I am able to run getent passwd and see all the correct users (even with the BDC disconnected to the network) and if I add a new user it shows up on the BDC, but how do I know that the machines on my network are using the BDC? How does load balancing work, are the workstations only sent to the BDC is the PDC is too busy? Is there a tool available to monitor the way the network load balances? Maybe I could use Wireshark to watch network traffic and see the authentication requests. Just curious. *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT$ d- s: a C++$ LU+++$ P+ L++L !E--- W+++ N o? K? w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++ --END GEEK CODE BLOCK-- On 4/10/2007 11:54 AM, Wolfgang Ratzka wrote: Jason Baker schrieb: I created a BDC for my network, running a slave LDAP server. Do I need specify the same workgroup as the PDC in the smb.conf? I was thinking I'd put it on a different workgroup just for organizational purposes. The workgroup name serves as the domain name if you are running your samba servers as domain controlers. A BDC must have the same domain name as the PDC, so the answer is no. Once you start with PDCs and BDCs you must stop thinking of workgroups. You have a domain. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can No Longer Join to Domain
I tried recreating the password and I still get the same error. *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT$ d- s: a C++$ LU+++$ P+ L++L !E--- W+++ N o? K? w !O M !V PS PE- Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++ --END GEEK CODE BLOCK-- On 3/24/2007 10:32 AM, sato x wrote: Hi... Sorry if I was wrong. I just want to ask, did you join the machine (via windows machine) using root account? If it's true, then I guess you have to have samba password for your root. If you have made it before, try to recreate your root's samba password (with smbldap-passwd), then try to join the machine. Let me know if it failed. :) Regards, sato On 3/24/07, *Jason Baker* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: I have Samba 3.0.24 running on CentOS 4 as a PDC with an LDAP backend. When I first set everything up, I could join workstations to the domain automatically with the Windows Network ID Wizard. Now when I try to join a workstation I get: Your computer could not be joined to the domain because the following error has occurred: The user name could not be found. If I add the computer name to the domain manually from the command line or with LDAP Account Manager, then go back and join it, it works. But it sure would be nice not to have to set up each machine manually. Any thoughts? [global] unix charset = LOCALE workgroup = glastendernet netbios name = aster server string = Glastender Domain Controller running %v interfaces = eth1, lo bind interfaces only = yes os level = 255 preferred master = yes local master = yes domain master = yes security = user time server = yes username map = /etc/samba/smbusers wins support = yes encrypt passwords = yes pam password change = yes name resolve order = wins bcast hosts winbind nested groups = no passdb backend = ldapsam:ldap://127.0.0.1/ ldap passwd sync = Yes ldap suffix = dc=glastender,dc=com ldap admin dn = cn=Manager,dc=glastender,dc=com ldap ssl = no ldap group suffix = ou=Groups ldap user suffix = ou=People ldap machine suffix = ou=People ldap idmap suffix = ou=Idmap idmap backend = ldap:ldap://127.0.0.1/ idmap uid = 1-2 idmap gid = 1-2 map acl inherit = yes add user script = /etc/smbldap-tools/smbldap-useradd -m %u #delete user script = /etc/smbldap-tools/smbldap-userdel %u add machine script = /etc/smbldap-tools/smbldap-useradd -w %u add group script = /etc/smbldap-tools/smbldap-groupadd -p %g #delete group script = /etc/smbldap-tools/smbldap-groupdel %g add user to group script = /etc/smbldap-tools/smbldap-groupmod -m %u %g delete user from group script = /etc/smbldap-tools/smbldap-groupmod -x %u %g set primary group script = /etc/smbldap-tools/smbldap-usermod -g %g %u domain logons = yes log file = /var/log/samba/log.%m log level = 1 syslog = 0 max log size = 50 #smb ports = 139 445 smb ports = 139 hosts allow = 127.0.0.1 http://127.0.0.1 172.16.0.0/255.255.0.0 http://172.16.0.0/255.255.0.0 # User profiles and home directories logon drive = U: logon path = \\%L\profiles\%U logon script = %U.bat large readwrite = no read raw = no write raw = no printcap name = /etc/printcap load printers = no printing = #=Shares=== template shell = /bin/false winbind use default domain = no [homes] comment = Home Directories browseable = no -- *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com http://www.glastender.com -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT$ d- s: a C++$ LU+++$ P+ L++L !E--- W+++ N o? K? w !O M !V PS PE- Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++ --END GEEK CODE BLOCK-- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman
Re: [Samba] Recycle
The first thing I notice is a typo in your conf file. Check out: recycle:maxsixe = 0 Should be: recycle:maxsize = 0 Other than that run the testparm command and check for errors. Here is my recycle conf which works fine. vfs objects = recycle recycle:repository = recycle_bin recycle:versions = yes recycle:touch_mtime = true recycle:keeptree = yes *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT$ d- s: a C++$ LU+++$ P+ L++L !E--- W+++ N o? K? w !O M !V PS PE- Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++ --END GEEK CODE BLOCK-- On 3/23/2007 8:14 AM, William M. Fennell wrote: Good Day, My recycle bin is not working. Here is the share I am testing it on. I am running samba 3.0.14a on Solaris 9. Any help is appreciated. Regards, Bill [share] path = /pc/share browseable = no printable = no writable = yes guest ok = no create mask = 0755 directory mask = 0755 follow symlinks = no vfs objects = audit recycle recycle:repository = .recycle/%U recycle:keeptree = Yes recycle:touch = Yes recycle:versions = Yes recycle:maxsixe = 0 recycle:exclude = *.tmp recycle:exclude_dir = /tmp recycle:noversions = *.doc wide links = no valid users = user1, user2 force user = user1 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Can No Longer Join to Domain
I have Samba 3.0.24 running on CentOS 4 as a PDC with an LDAP backend. When I first set everything up, I could join workstations to the domain automatically with the Windows Network ID Wizard. Now when I try to join a workstation I get: Your computer could not be joined to the domain because the following error has occurred: The user name could not be found. If I add the computer name to the domain manually from the command line or with LDAP Account Manager, then go back and join it, it works. But it sure would be nice not to have to set up each machine manually. Any thoughts? [global] unix charset = LOCALE workgroup = glastendernet netbios name = aster server string = Glastender Domain Controller running %v interfaces = eth1, lo bind interfaces only = yes os level = 255 preferred master = yes local master = yes domain master = yes security = user time server = yes username map = /etc/samba/smbusers wins support = yes encrypt passwords = yes pam password change = yes name resolve order = wins bcast hosts winbind nested groups = no passdb backend = ldapsam:ldap://127.0.0.1/ ldap passwd sync = Yes ldap suffix = dc=glastender,dc=com ldap admin dn = cn=Manager,dc=glastender,dc=com ldap ssl = no ldap group suffix = ou=Groups ldap user suffix = ou=People ldap machine suffix = ou=People ldap idmap suffix = ou=Idmap idmap backend = ldap:ldap://127.0.0.1/ idmap uid = 1-2 idmap gid = 1-2 map acl inherit = yes add user script = /etc/smbldap-tools/smbldap-useradd -m %u #delete user script = /etc/smbldap-tools/smbldap-userdel %u add machine script = /etc/smbldap-tools/smbldap-useradd -w %u add group script = /etc/smbldap-tools/smbldap-groupadd -p %g #delete group script = /etc/smbldap-tools/smbldap-groupdel %g add user to group script = /etc/smbldap-tools/smbldap-groupmod -m %u %g delete user from group script = /etc/smbldap-tools/smbldap-groupmod -x %u %g set primary group script = /etc/smbldap-tools/smbldap-usermod -g %g %u domain logons = yes log file = /var/log/samba/log.%m log level = 1 syslog = 0 max log size = 50 #smb ports = 139 445 smb ports = 139 hosts allow = 127.0.0.1 172.16.0.0/255.255.0.0 # User profiles and home directories logon drive = U: logon path = \\%L\profiles\%U logon script = %U.bat large readwrite = no read raw = no write raw = no printcap name = /etc/printcap load printers = no printing = #=Shares=== template shell = /bin/false winbind use default domain = no [homes] comment = Home Directories browseable = no -- *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT$ d- s: a C++$ LU+++$ P+ L++L !E--- W+++ N o? K? w !O M !V PS PE- Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++ --END GEEK CODE BLOCK-- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Move local profile to domain profile.
So far I haven't found an automated way. I just log in to the domain as the user, which creates the roaming profile on the network. Then log out, log in to the local machine as admin and copy the contents of My Documents, Desktop and Application Data (all from Documents and Settings/username) from the local profile to the roaming profile. Then log back in to the domain as the user and all the desktop icons and user settings should be there. Just remember to delete the local profile to avoid confusion. *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT$ d- s: a C++$ LU+++$ P+ L++L !E--- W+++ N o? K? w !O M !V PS PE- Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++ --END GEEK CODE BLOCK-- On 3/14/2007 6:57 PM, Dennis McLeod wrote: Ok, I got the W2K3 resource kit tool to move my local profile to my domain profile (moveuser.exe). Didn't really work that cleanly. Even though I used the /k (keep the local account), it didn't really. It seemed to change the permissions on MOST of the files. It didn't really move the files either. It's just pointed my profile (or parts of it) to the existing folder. Can't really go back now. It didn't do My Documents and lower. I had to log out, log is as domain administrator, and take ownership of those files. Even then, it lost some of my passwords (which is ok with me). Does anyone have a nice CLEAN way to migrate the local profile to a domain profile? (something automated, perhaps...) How about using the right click on My computer on the desktop, advanced tab, User Profiles button, and copy to. Has anyone tried that? I supposed I'll need to re-image my machine and try it... Dennis -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with Desktop
I have Samba 3.0.23d-30 running on CentOs 4 PDC using an LDAP backend. My users can log in to the domain without a problem. I have roaming profiles set up and they are deleted from the local machine at log out. When the user logs back in, their desktop wallpaper is gone. Any ideas? -- *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT$ d- s: a C++$ LU+++$ P+ L++L !E--- W+++ N o? K? w !O M !V PS PE- Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++ --END GEEK CODE BLOCK-- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] roaming profile not uploaded correctly when logging out for the first time
I experienced this same issue and it turned out to be a permissions problem in the windows client. I had copied some files from the users old machine profile to their new domain profile and then logged out. It complained that it could not write to the roaming profile. I went back into the account, in your case it would be C:\Documents and Settingsd\user\SendTo\31/2Floppy(A).lnk and right click the file and go to Sharing and Security. You need to make sure the domain user has read write access to that file. After I changed the permissions, logout was successful. *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT$ d- s: a C++$ LU+++$ P+ L++L !E--- W+++ N o? K? w !O M !V PS PE- Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++ --END GEEK CODE BLOCK-- On 3/14/2007 7:33 AM, Tomasz Chmielewski wrote: I have a strange issue with roaming profiles. It only happens for users which has no roaming profile on a Samba server yet. When a user logs out for the first time, some files can't be copied from: C:\Documents and Settings\username\SendTo\ to a profiles directory on the server. (Files like 31/2Floppy(A).lnk, some *.tmp files etc.). Only very rarely, a first-time logout process happens without any problems. Second and any later logouts are without problems. I found another reference on the list: lists.samba.org/archive/samba/2002-December/057885.html When user logoff it appear Windows cannot copy file C:\Documents and Settingsd\user\SendTo\31/2Floppy(A).lnk to location \\192.168.0.1\domain\profiles\user\SendTo\3 1/2 Floppy(A).lnk. Contact your network administrator Are there someone found like me? Is it a Windows problem, or Samba problem? I'm using Samba 3.0.24. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Cannot Join Client to Domain
I have a Samba PDC with LDAP running on a CentOs 4.4 machine. When I first had it all configured, everything worked fine, but now for some reason, login scripts will not run on the client (even though they have access to the shares the login script is trying to map) and I cannot join client machines to the domain automatically using the Windows XP Network Identification Wizard. When I try to join a workstation to the domain I get an error that tells me the user name could not be found. If I add the machine manually through LDAP Account Manager, then I can join the machine to the domain. Also, when I join the machine and setup the user, their home directory is mapped correctly to the drive letter I selected (in this case U:) and the login script will appear on the desktop, but it errors out claiming that the username is not found and it prompts the user for their username and password, but if they enter it in, it won't authenticate them, yet they can browse the network shares and access them through network neighborhood as well as map shares to drive letters manually. Here is my conf file: [global] #General Settings=== unix charset = LOCALE workgroup = mydomain netbios name = myserver server string = Domain Controller running %v socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 interfaces = eth1, lo bind interfaces only = yes os level = 35 #Domain Settings preferred master = yes local master = yes domain master = yes security = user time server = yes username map = /etc/samba/smbusers wins support = yes #=Security== encrypt passwords = yes pam password change = yes name resolve order = wins bcast hosts winbind nested groups = no # obey pam restrictions = yes # check password script = /usr/local/sbin/crackcheck -d /usr/lib/cracklib_dict #---LDAP passdb backend = ldapsam:ldap://127.0.0.1/ ldap passwd sync = Yes ldap suffix = dc=mydomain,dc=com ldap admin dn = cn=Manager,dc=mydomain,dc=com ldap ssl = no ldap group suffix = ou=Groups ldap user suffix = ou=People ldap machine suffix = ou=People ldap idmap suffix = ou=Idmap idmap backend = ldap:ldap://127.0.0.1/ idmap uid = 1-2 idmap gid = 1-2 map acl inherit = yes add user script = /etc/smbldap-tools/smbldap-useradd -m %u #delete user script = /etc/smbldap-tools/smbldap-userdel %u add machine script = /etc/smbldap-tools/smbldap-useradd -w %u add group script = /etc/smbldap-tools/smbldap-groupadd -p %g #delete group script = /etc/smbldap-tools/smbldap-groupdel %g add user to group script = /etc/smbldap-tools/smbldap-groupmod -m %u %g delete user from group script = /etc/smbldap-tools/smbldap-groupmod -x %u %g set primary group script = /etc/smbldap-tools/smbldap-usermod -g %g %u domain logons = yes log file = /var/log/samba/log.%m log level = 1 syslog = 0 max log size = 50 #smb ports = 139 445 smb ports = 139 hosts allow = 127.0.0.1 172.16.0.0/255.255.0.0 # User profiles and home directories logon drive = U: logon path = \\%L\profiles\%U logon script = %U.bat #=Shares= template shell = /bin/false winbind use default domain = no [homes] comment = Home Directories browseable = no read only = no write list = %U create mask = 0600 directory mask = 0700 force user = %U [profiles] comment = Profile Share path = /var/lib/samba/profiles writeable = yes browseable = no profile acls = yes [netlogon] path = /var/lib/samba/netlogon guest ok = yes locking = no -- *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT$ d- s: a C++$ LU+++$ P+ L++L !E--- W+++ N o? K? w !O M !V PS PE- Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++ --END GEEK CODE BLOCK-- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Duplicate SID for Root and Samba Server Machine Name
I have a samba PDC with LDAP backend running on CentOs 4. Everything is working fine, but my log watch report showed two users with the same SID. I checked it out and it appears that ROOT and the samba machine ASTER$ both have the same SID. If I do a pdbedit -Lv I get this: --- Unix username: aster$ NT username: aster$ Account Flags: [W ] User SID: S-1-5-21-1194936901-2368177035-684874509-1000 Primary Group SID: S-1-5-21-1194936901-2368177035-684874509-515 snip --- Unix username: root NT username: root Account Flags: [U ] User SID: S-1-5-21-1194936901-2368177035-684874509-1000 Primary Group SID: S-1-5-21-1194936901-2368177035-684874509-513 snip I'm know enough to change the SID, but should I change the ROOT SID to S-1-5-21-1194936901-2368177035-684874509-0? The UNIX UID # for Root is 0. Could this also explain why I cannot join a machine to the domain using the client workstation? -- *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT$ d- s: a C++$ LU+++$ P+ L++L !E--- W+++ N o? K? w !O M !V PS PE- Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++ --END GEEK CODE BLOCK-- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba3 pdc ldap idealx
Try removing uidNumber and just use uid. Here is a section from my slapd.conf file. index objectClass eq index cn,mail,givenname,sn,displayName eq,subinitial,pres index uidNumber,gidNumber,memberUID,member,uniqueMember eq index uid eq,subinitial,pres index sambaSID,sambaDomainName,sambaPrimaryGroupSID eq *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com On 2/14/2007 3:06 PM, Miguel wrote: Hi, i have followed the idealx tutorial to the letter, however i get this error when i try to start slapd: ambepdc# /usr/local/etc/rc.d/slapd start Starting slapd. /usr/local/etc/openldap/slapd.conf: line 74: index type uidNumber undefined this is my slapd.conf ambepdc# cat /usr/local/etc/openldap/slapd.conf # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /usr/local/etc/openldap/schema/nis.schema include /usr/local/etc/openldap/schema/samba.schema # log loglevel 4095 # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org pidfile /var/run/openldap/slapd.pid argsfile/var/run/openldap/slapd.args # Load dynamic backend modules: modulepath /usr/local/libexec/openldap moduleload back_bdb # moduleloadback_ldap # moduleloadback_ldbm # moduleloadback_passwd # moduleloadback_shell # Sample security restrictions # Require integrity protection (prevent hijacking) # Require 112-bit (3DES or better) encryption for updates # Require 63-bit encryption for simple bind # security ssf=1 update_ssf=112 simple_bind=64 # Sample access control policy: # Root DSE: allow anyone to read it # Subschema (sub)entry DSE: allow anyone to read it # Other DSEs: # Allow self write access # Allow authenticated users read access # Allow anonymous users to authenticate # Directives needed to implement policy: # access to dn.base= by * read # access to dn.base=cn=Subschema by * read # access to * # by self write # by users read # by anonymous auth # # if no access controls are present, the default policy # allows anyone and everyone to read anything but restricts # updates to rootdn. (e.g., access to * by * read) # # rootdn can always read and write EVERYTHING! ### # BDB database definitions ### databasebdb suffix dc=sv,dc=amnetcorp,dc=com rootdn cn=Manager,dc=sv,dc=amnetcorp,dc=com # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw {SSHA}v6130sVnBx1z/2/c3e7qipTB5Y41TQOu # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /var/db/openldap-data # Indices to maintain index objectClass, uidNumber, gidNumber eq index cn, sn, ui, displayName pres, sub, eq index memberUid, mail, givennameeq, subinitial index sambaSID, sambaPrimaryGroupSID, sambaDomainName eq # users can authenticate and change their password access to attrs=userPassword , sambaNTPassword , sambaLMPassword by self write by anonymous auth by * none # all others attributes are readable to everybody access to * by * read ambepdc# I dont knowe what else to do, there are many docs in the net but everbody seems to prefer the idealx one, what freebsd's special settings am i missing? thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] CentOS samba upgrade
Follow this link to the Enterprise Samba page and download the latest Samba 3 rpm for RHEL 4 (providing you're using CentOs 4). I have Samba 3.0.23 running on CentOS 4. http://enterprisesamba.com/index.php?id=64 *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com On 2/5/2007 10:41 PM, M Azer wrote: Centos samba version is 3.0.10 which is the package that comes with the disto - is the only way to upgrade to the latest samba 3.0.24 is to recompile the samba source? I have tried yum update samba however it says 3.0.10 is the latest so i downloaded 3.0.24 and tried rpm -Uvh or yum localinstall but i get the following dependency errors to # yum install samba-common-3.0.24-1.i386.rpm Setting up Install Process Setting up repositories Reading repository metadata in from local files Parsing package install arguments Examining samba-common-3.0.24-1.i386.rpm: samba-common - 3.0.24-1.i386 Marking samba-common-3.0.24-1.i386.rpm as an update to samba-common - 3.0.10-1.4E.9.i386 Resolving Dependencies -- Populating transaction set with selected packages. Please wait. --- Package samba-common.i386 0:3.0.24-1 set to be updated -- Running transaction check -- Processing Dependency: libc.so.6(GLIBC_2.4) for package: samba-common -- Processing Dependency: libkrb5.so.3(krb5_3_MIT) for package: samba-common -- Processing Dependency: libgssapi_krb5.so.2(gssapi_krb5_2_MIT) for package: samba-common -- Processing Dependency: libldap-2.3.so.0 for package: samba-common -- Processing Dependency: libpam.so.0(LIBPAM_1.0) for package: samba-common -- Processing Dependency: liblber-2.3.so.0 for package: samba-common -- Processing Dependency: samba-common = 0:3.0.10 for package: samba-client -- Processing Dependency: rtld(GNU_HASH) for package: samba-common -- Processing Dependency: libk5crypto.so.3(k5crypto_3_MIT) for package: samba-common -- Finished Dependency Resolution *Error: Missing Dependency: libc.so.6(GLIBC_2.4) is needed by package samba-common Error: Missing Dependency: libkrb5.so.3(krb5_3_MIT) is needed by package samba-common Error: Missing Dependency: libgssapi_krb5.so.2(gssapi_krb5_2_MIT) is needed by package samba-common Error: Missing Dependency: libldap-2.3.so.0 is needed by package samba-common Error: Missing Dependency: libpam.so.0(LIBPAM_1.0) is needed by package samba-common Error: Missing Dependency: liblber-2.3.so.0 is needed by package samba-common Error: Missing Dependency: samba-common = 0:3.0.10 is needed by package samba-client Error: Missing Dependency: rtld(GNU_HASH) is needed by package samba-common Error: Missing Dependency: libk5crypto.so.3(k5crypto_3_MIT) is needed by package samba-common* -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Refining Directory Access
I have my new Samba PDC up and running along with a 1 terabyte domain member server, acting as a file server. What I would like yo know is, Is there a way to allow only certain users to create or delete directories in a certain share? For example. I have a share called Accounting. Only members of the Accounting group have access to this share. They can create and delete files, but I would like to prevent users from creating unnecessary directories. Any thoughts? -- *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming Profiles won't save
One thing to note is the profiles live on the old Samba server and are being mounted on the new server with NFS. This is a tricky thing. You will have some strange permissions issues to deal with if you are tying to access the profiles from a mounted share. Why not just copy the profiles to the new PDC? In the mean time, can you send a copy of the command used to create the mount? *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com On 1/12/2007 10:50 AM, Jason Martin wrote: Hello! I am migrating an old Red Hat Samba 3.0.9 server to a new Debian Etch Samba 3.0.23d with an OpenLDAP backend. I've got almost everything working with the new server except the roaming profiles. When a user logs off, Windows complains that the permissions are not correct and the profile can't be saved. I would LOVE to get rid of roaming profiles but that isn't an option here. I have read Samba-3 By Example, Second Edition and followed the roaming profiles example, but it still gives the errors. One thing to note is the profiles live on the old Samba server and are being mounted on the new server with NFS. This is a small sample from the samba logs: [2007/01/12 10:27:25, 2] smbd/open.c:open_file(352) jmartin opened file jmartin/Desktop/prf11A.tmp read=Yes write=No (numopen=6) [2007/01/12 10:27:25, 2] smbd/open.c:open_file(352) jmartin opened file jmartin/Desktop/prf11B.tmp read=Yes write=No (numopen=7) [2007/01/12 10:27:25, 2] smbd/close.c:close_normal_file(344) jmartin closed file jmartin/Desktop/prf11A.tmp (numopen=6) [2007/01/12 10:27:25, 2] smbd/close.c:close_normal_file(344) jmartin closed file jmartin/Desktop/prf11B.tmp (numopen=5) [2007/01/12 10:27:25, 2] smbd/open.c:open_file(352) jmartin opened file jmartin/Desktop/prf11A.tmp read=Yes write=Yes (numopen=6) [2007/01/12 10:27:25, 2] smbd/open.c:open_file(352) jmartin opened file jmartin/Desktop/prf11B.tmp read=Yes write=Yes (numopen=7) [2007/01/12 10:27:37, 2] smbd/close.c:close_normal_file(344) jmartin closed file jmartin/Desktop/prf119.tmp (numopen=6) I will gladly provide any other conf files and logs if they are asked for. Thank you for your help! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] configure SAMBA(PDC)+LDAP for win XP clients
There are plenty of good on-line resources on how to do this. Google the following: Samba 3 by Example, The Official Samba How To and The Linux Samba-OpenLDAP Howto (from IdealX). These will get you started. Then you can use the board for more specific questions. *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com On 2/2/2007 12:51 AM, suresh bollu wrote: Hi all, i want to setup SAMBA(PDC) with LDAP for my work place, server is on FC5, and clients are Win XP, when user login to samba it will save the profile of the user and retrive back when he login again. please help me to setup the above, Regards, Suresh Bollu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Failed join a domain, root found ok, Administrator not found
Check the file /etc/samba/smbusers and make sure it contains the following entry: root = Administrator This maps the administrator account when joining a domain to the root user. *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com On 2/2/2007 7:17 AM, jamurph wrote: I'm trying to join a Windows PC to a domain. I've got a root user set-up to add machines to the domain. When prompted by windows, I enter in root and the password. But I get a windows error dialog, indicating a user was not found. However, in the samba log file for the machine I'm trying to connect to the domain, I can see that the root user was found in ldap, however, for some reason I can see samba is trying to find another user Administrator entry in LDAP. There is no entry in ldap for Administrator. Anyone know why it is looking for this Administrator user? I'm relatively comfortable with LDAP, but my samba knowledge isn't good to be honest. I've used smbldap-populate to create entries in LDAP. The entry for the PC is added to LDAP ok on my attempt to join the domain. I did change /etc/samba/smbusers and added a mapping for Administrator = root, but this didn't help Following is more details and log file output Any help much appreciated Microsoft Windows Server 2003 Service Pack 1 Samba installed on Centos 4.3 smbd -V =Version 3.0.22 winbindd -V = Version 3.0.10-1.4E.9 Running Openldap [2007/02/02 11:32:08, 2] lib/smbldap.c:smbldap_open_connection(722) smbldap_open_connection: connection opened [2007/02/02 11:32:08, 2] passdb/pdb_ldap.c:init_sam_from_ldap(640) init_sam_from_ldap: Entry found for user: root [2007/02/02 11:32:08, 2] auth/auth.c:check_ntlm_password(307) check_ntlm_password: authentication for user [root] - [root] - [root] succeeded [2007/02/02 11:32:08, 2] auth/auth.c:check_ntlm_password(317) check_ntlm_password: Authentication for user [Administrator] - [Administrator] FAILED with error NT_STATUS_NO_SUCH_USER [2007/02/02 11:32:09, 2] smbd/server.c:exit_server(614) Closing connections [2007/02/02 11:32:09, 2] lib/smbldap.c:smbldap_open_connection(722) smbldap_open_connection: connection opened [2007/02/02 11:32:09, 2] passdb/pdb_ldap.c:init_sam_from_ldap(640) init_sam_from_ldap: Entry found for user: root [2007/02/02 11:32:09, 2] auth/auth.c:check_ntlm_password(307) check_ntlm_password: authentication for user [root] - [root] - [root] succeeded [2007/02/02 11:32:09, 2] auth/auth.c:check_ntlm_password(317) check_ntlm_password: Authentication for user [Administrator] - [Administrator] FAILED with error NT_STATUS_NO_SUCH_USER [2007/02/02 11:32:09, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2670) Returning domain sid for domain XXXDEV - S-1-5-21-3798003437-3932026004-3600456286 [2007/02/02 11:32:10, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2415) _samr_create_user: Running the command `/opt/IDEALX/sbin/smbldap-useradd -t 1 -w dev-prefect-1$' gave 9 [2007/02/02 11:32:10, 2] smbd/server.c:exit_server(614) Closing connections # Global parameters [global] workgroup = XXXDEV netbios name = XXXDEV-PDC security = user #enable privileges = yes #interfaces = 10.192.3.21 #username map = /etc/samba/smbusers server string = Samba Server encrypt passwords = Yes #pam password change = no #obey pam restrictions = No #ldap passwd sync = Yes unix password sync = Yes passwd program = /usr/sbin/ldap_userPassword_change %u passwd chat = *New*password* %n\n *Re-enter*new*password* %n\n *Result**Success # Settings to debug passwd chat #passwd chat debug = Yes #debug level = 103 #log level = passdb:5 # Crackcheck settings to allow NT style password complexity checks check password script = /sbin/crackcheck -c -d /usr/lib/cracklib_dict log level = 2 syslog = 0 log file = /var/log/samba/%m.log max log size = 10 time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 mangling method = hash2 Dos charset = 850 Unix charset = ISO8859-1 # logon script = logon.bat # logon drive = H: logon home = logon path = domain logons = Yes domain master = Yes os level = 65 preferred master = Yes wins support = yes passdb backend = ldapsam:ldap://ldap-1 ldap://ldap-2; ldap admin dn = cn=Manager,dc=blah,dc=co,dc=uk ldap suffix = dc=blah,dc=co,dc=uk ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap idmap suffix = ou=Idmap idmap backend = ldap:ldap://ldap-1 ldap://ldap-2; add user script = /opt/IDEALX/sbin/smbldap-useradd -m %u #ldap
Re: [Samba] Dual boot Win98 Centos sharing files
He's right. I forgot your using Win 98 which is FAT32 by default. I guess the only reason to create a separate partition is if you were using a NTSF formatted drive or if you just wanted to keep it separate from the drive the OS's are on. *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com On 2/1/2007 11:49 AM, James A. Dinkel wrote: -Original Message- From: Jeff Boyce Sent: Tuesday, January 16, 2007 4:17 PM jbaker_signatureSo, it sounds like using Samba is not the way to achieve my objective. And that I just need to learn about partitioning. So my new question would be can anyone point me to a good how-to for creating a FAT32 partition within the LVM on my 160 GB drive that I have Linux installed. I am new to LVM and don't have much of any experience with partitioning. Or, maybe someone should point me to a better mailing list to ask this question since I am probably diverging from the Samba topic. Thanks. Jeff You're Windows partition is already a FAT partition and already readable by CentOS. All you need to do is mount it. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Cannot change expired password
I have a samba PDC set up and configured. I have been doing tests and everything was working fine. I was able to set User must change password to today's date and it would prompt the user that their password has expired when logging into windows xp. I could then enter a new password and be on my way. Now when I set the password to User must change password, when I enter the new password twice I get: The password on this account cannot be changed at this time. I'm not sure why it was working and now suddenly it isn't. Any thoughts? -- *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cannot change expired password
I should have checked log files before I posted. Anyway, here is some additional info. I checked the log file for the machine I was trying to change the password on and here is what it says: [2007/01/31 10:28:06, 1] auth/auth_sam.c:sam_account_ok(178) sam_account_ok: Account for user 'test' password expired!. [2007/01/31 10:28:06, 1] auth/auth_sam.c:sam_account_ok(179) sam_account_ok: Password expired at 'Tue, 30 Jan 2007 10:09:38 EST' (1170169778) unix time. [2007/01/31 10:28:19, 1] smbd/chgpasswd.c:change_oem_password(1040) user test cannot change password now, must wait until Wed, 07 Feb 2007 10:09:38 EST So the section where is says Password expired at Tue, 30 Jan 2007 is correct. A pdbedit -Lv username shows: Logoff time: Mon, 18 Jan 2038 22:14:07 EST Kickoff time: Thu, 31 Jan 2030 22:14:07 EST Password last set:Wed, 31 Jan 2007 10:09:38 EST Password can change: Mon, 01 Jan 2007 00:00:00 EST Password must change: Tue, 30 Jan 2007 10:09:38 EST But the log file claims that the password cannot change until Friday Feb 2, 2007, which is seven days from Password last set: Wed, 31 Jan 2007. BUT...Password CAN CHANGE time says: Mon, 01 Jan 2007. I do have Minimum Password Age set to 7 days, but shouldn't Password can change show a date 7 days from Password last set? For some reason pdbedit is not showing the correct information. If I run pdbedit --pwd-can-change-time=today's date --time-format=%Y-%m-%d, it will change the date to today, but will still be counting 7 days from Password last set. Is there a ways to alter Password last set? *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com On 1/31/2007 10:47 AM, Jason Baker wrote: I have a samba PDC set up and configured. I have been doing tests and everything was working fine. I was able to set User must change password to today's date and it would prompt the user that their password has expired when logging into windows xp. I could then enter a new password and be on my way. Now when I set the password to User must change password, when I enter the new password twice I get: The password on this account cannot be changed at this time. I'm not sure why it was working and now suddenly it isn't. Any thoughts? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cannot change expired password
Sorry again to answer my own post, but I at least figured out how to change the Password Last Set value using the LDAP Account Manager. Basically you need to set a date further back than 7 days. Convert it to Unix time stamp and enter it into the users LDAP info. Then your user will be allowed to change their expired password. But that still doesn't explain why the Password Can Change attribute doesn't sync with Password last set in pdbedit. *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com On 1/31/2007 11:20 AM, Jason Baker wrote: I should have checked log files before I posted. Anyway, here is some additional info. I checked the log file for the machine I was trying to change the password on and here is what it says: [2007/01/31 10:28:06, 1] auth/auth_sam.c:sam_account_ok(178) sam_account_ok: Account for user 'test' password expired!. [2007/01/31 10:28:06, 1] auth/auth_sam.c:sam_account_ok(179) sam_account_ok: Password expired at 'Tue, 30 Jan 2007 10:09:38 EST' (1170169778) unix time. [2007/01/31 10:28:19, 1] smbd/chgpasswd.c:change_oem_password(1040) user test cannot change password now, must wait until Wed, 07 Feb 2007 10:09:38 EST So the section where is says Password expired at Tue, 30 Jan 2007 is correct. A pdbedit -Lv username shows: Logoff time: Mon, 18 Jan 2038 22:14:07 EST Kickoff time: Thu, 31 Jan 2030 22:14:07 EST Password last set:Wed, 31 Jan 2007 10:09:38 EST Password can change: Mon, 01 Jan 2007 00:00:00 EST Password must change: Tue, 30 Jan 2007 10:09:38 EST But the log file claims that the password cannot change until Friday Feb 2, 2007, which is seven days from Password last set: Wed, 31 Jan 2007. BUT...Password CAN CHANGE time says: Mon, 01 Jan 2007. I do have Minimum Password Age set to 7 days, but shouldn't Password can change show a date 7 days from Password last set? For some reason pdbedit is not showing the correct information. If I run pdbedit --pwd-can-change-time=today's date --time-format=%Y-%m-%d, it will change the date to today, but will still be counting 7 days from Password last set. Is there a ways to alter Password last set? *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com On 1/31/2007 10:47 AM, Jason Baker wrote: I have a samba PDC set up and configured. I have been doing tests and everything was working fine. I was able to set User must change password to today's date and it would prompt the user that their password has expired when logging into windows xp. I could then enter a new password and be on my way. Now when I set the password to User must change password, when I enter the new password twice I get: The password on this account cannot be changed at this time. I'm not sure why it was working and now suddenly it isn't. Any thoughts? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Enforce Strong Passwords LDAP PDC
I've scoured the mailing list archives and the internet...has anyone actually figured out how to enforce strong passwords when using Samba and LDAP as a PDC? My users are allowed to change their Windows XP passwords, how do I enforce the use of strong passwords (either locally or globally)? -- *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Should samba be split between client server
Samba is basically used in 2 different ways: It can also be used as a PDC without ADS involved at all, using Windows XP clients. Highly recommended. IMHO I think SAMBA is more or less designed as a replacement for a windows server. That is the beauty of SAMBA, you can keep you Windows clients, and rid yourself of the high overhead costs of running a Windows ADS. I think much of the difficulty I am seeing on this board comes when someone tries to run SAMBA as a client or domain member to a Windows ADS machine. Configuring SAMBA as a PDC (especially with LDAP and Roaming Profiles) is definitely not for the faint of heart. It is very challenging, but you will be well rewarded. There is ample documentation out there to help you make it work. I am just wondering what issues we will all face with the coming of Windows Vista. Once I start purchasing client machines with Vista pre-installed, how will this impact making that new machine a member of a SAMBA controlled domain? *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com Andrew Watkins wrote: The more I use samba and the more I read the e-mail coming into this list, I believe that a new look should be taken into how samba his configured, since more and more people are having problems with setup up of samba. Samba is basically used in 2 different ways: client) In a Windows ADS environment where you want to access facilities on UNIX servers: printers: - print to Unix printers. File-system: - access to Unix files plus ACL. server) In a Windows environment where you don't have (or don't want) a windows ADS Samba Domain Server - Samba replaces the Microsoft ADS I know you will say that it does all these things, but people are having many problems setting it up (i.e. in a client mode you need an ldap server if you want ACL to work) OR is it simply down to documentation OR user error! Andrew PS. I have been using samba for years and I would not be able to live with out! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Should samba be split between client server
Aaron, Well said. I think that will be my stance as well. I will purchase a copy for testing, but as far as new workstations go, I will order them with XP Pro. I like your thoughts on Codeweavers/WINE. We are very interested in getting some of our users off of a windows desktop all-together. I am already moving toward virtualizing some of our Win 2000 servers. I just installed a new SAMBA PDC that isn't even live yet. Once up and running I will migrate a couple win servers over to VMWare. Let me know if you find any success with WINE. *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com Aaron Kincer wrote: As an IT Manager, I personally have said we won't even begin _testing_ Vista until it hits SP1. Upper management was very enthusiastic about that approach. Perhaps your environment is different. It seems to me that until you can determine how clients are going to mix with your environment you should adopt a similar approach. You should be able to continue to purchase computers without Vista for a while until you fully determine the total impact it will have. Besides client-server interaction, this would include all of your applications as well. I'm hoping we can bypass Vista completely and utilize a combination of Codeweavers/WINE and virtualization technologies for Windows based applications that don't get ported over the coming years. Jason Baker wrote: Samba is basically used in 2 different ways: It can also be used as a PDC without ADS involved at all, using Windows XP clients. Highly recommended. IMHO I think SAMBA is more or less designed as a replacement for a windows server. That is the beauty of SAMBA, you can keep you Windows clients, and rid yourself of the high overhead costs of running a Windows ADS. I think much of the difficulty I am seeing on this board comes when someone tries to run SAMBA as a client or domain member to a Windows ADS machine. Configuring SAMBA as a PDC (especially with LDAP and Roaming Profiles) is definitely not for the faint of heart. It is very challenging, but you will be well rewarded. There is ample documentation out there to help you make it work. I am just wondering what issues we will all face with the coming of Windows Vista. Once I start purchasing client machines with Vista pre-installed, how will this impact making that new machine a member of a SAMBA controlled domain? *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com Andrew Watkins wrote: The more I use samba and the more I read the e-mail coming into this list, I believe that a new look should be taken into how samba his configured, since more and more people are having problems with setup up of samba. Samba is basically used in 2 different ways: client) In a Windows ADS environment where you want to access facilities on UNIX servers: printers: - print to Unix printers. File-system: - access to Unix files plus ACL. server) In a Windows environment where you don't have (or don't want) a windows ADS Samba Domain Server - Samba replaces the Microsoft ADS I know you will say that it does all these things, but people are having many problems setting it up (i.e. in a client mode you need an ldap server if you want ACL to work) OR is it simply down to documentation OR user error! Andrew PS. I have been using samba for years and I would not be able to live with out! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Default Profile Problems
Thanks I'll check that out. I simply disabled the default profile and now all is well. Maybe when I have more time I'll look into the default profile. It would be a nice feature. *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com Felipe Augusto van de Wiel wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/17/2007 02:17 PM, Jason Baker escreveu: I am trying to set up the Default Profile in XP for use with Samba. I am following the instructions in Samba 3 by Example. I have my profdata folder setup and shared, I have my NETLOGON/Default User folder created and populated with the Default Profile I created from the Hive using regedt32 in windows XP. I created a new user for Samba and attempted to log on to the domain to test the default profile. I get a small pop-up window in XP that says: USER ENVIRONMENT Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network or that you network is functioning correctly. If this problem persists contact your network administrator Detail: Not enough storage is available to process this command I have over 400 gig of space on the server and 80 gig on the client, I'm sure space isn't an issue. Has anyone else had this problem? I'm not a 'Profile' guy, but maybe you can take a look at Samba Wiki: http://wiki.samba.org/index.php/Samba_%26_Windows_Profiles I hope this helps. - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFr5r4Cj65ZxU4gPQRAvxzAJ45qul5LgHcVjgBNoRPHT0MnUNhtgCfSU9l pffKJCq9frWFVmn6QQuiEDE= =WJ6d -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Domain Member Server or Mounted Shares?
Now that I have my Samba PDC up and running, I will soon be building a NAS for network file storage, backups and running virtual machines and tests. I need to make some shares on this machine that network users can access for file storage. I can either design it to be a Samba Domain Member and set up shares that would be authenticated via the PDC or I could simply mount the shares to the PDC via CIFS and let the users access them locally through the PDC. Does anyone have any advice on how to handle this? -- *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbldap-useradd question
I have Samba 3 setup to work with LDAP and I am using the IdealX tools to create new users. If I issue the command /./smbldap-useradd -m -a -c User Name username/, then my new user is added, but I do not see the user in //etc/passwd/ and there is no entry in //var/mail/. Do I need to create a Unix account for this user also? They already have a /home directory. If I want a mail box for the user, could I just create one manually? -- *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Default Profile Problems
I am trying to set up the Default Profile in XP for use with Samba. I am following the instructions in Samba 3 by Example. I have my profdata folder setup and shared, I have my NETLOGON/Default User folder created and populated with the Default Profile I created from the Hive using regedt32 in windows XP. I created a new user for Samba and attempted to log on to the domain to test the default profile. I get a small pop-up window in XP that says: USER ENVIRONMENT Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network or that you network is functioning correctly. If this problem persists contact your network administrator Detail: Not enough storage is available to process this command I have over 400 gig of space on the server and 80 gig on the client, I'm sure space isn't an issue. Has anyone else had this problem? -- *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Administrator is Root
I just got Samba + LDAP up and running as a PDC. If I list the users in the LDAP directory with pdbedit -L I see: root:0:test nobody:99:nobody aster$:1001:Computer toast$:1002:TOAST$ fordprefect:1003:Test Account Shouldn't there be an Administrator account and no root? I don't want my Linux root account even remotely confused or associated with a Samba/LDAP account. Any ideas? -- *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Error setting up Samba with LDAP
I am following the Samba 3 How To and Samba 3 By Example to set up a Samba PDC. I have everything configured as shown, but when I run the command: /net getlocalsid/ I get this error: /Failed to issue the StartTLS instruction: Connect error Connection to LDAP server failed for the 1 try! / I'll post configs on Monday. Just wondered if anyone has encountered this and could shed some light. Thanks. -- *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] pdbedit problems
Greetings, I am running samba-3.0.10-1.4E.9 installed from rpm on CentOS 4.4. I have it configured as a PDC. It is using the /passdb backend = tdbsam/ backend. I am using /pdbedit/ to make some configuration changes to user passwords. I would like to expire a users password, so that they are required to change it the next time they log in. From all that I have read in on-line resources (including the Samba How To), it says to run the following command (this should effect the individual user). /pdbedit --pwd-must-change-time=2007-01-01 --time-format=%y-%m-%d test / It however only returns: / / /test:501:Victor Aluicious Laan. / If I enter /pdbedit -Lv/ test, I see the following: /[EMAIL PROTECTED] ~]# pdbedit -Lv test/ /Unix username:test/ /NT username:/ /Account Flags:[U ]/ /User SID: S-1-5-21-3030426004-1519544323-488087672-2002/ /Primary Group SID:S-1-5-21-3030426004-1519544323-488087672-2003/ /Full Name:Victor Aluicious Laan/ /Home Directory: \\aster\test/ /HomeDir Drive:U:/ /Logon Script: test.bat/ /Profile Path: \\aster\profiles\test/ /Domain: GLASTENDERNET/ /Account desc:/ /Workstations:/ /Munged dial:/ /Logon time: 0/ /Logoff time: Mon, 18 Jan 2038 22:14:07 GMT/ /Kickoff time: Mon, 18 Jan 2038 22:14:07 GMT/ /Password last set:Thu, 11 Jan 2007 12:54:40 GMT/ /Password can change: Thu, 11 Jan 2007 12:54:40 GMT/ /Password must change: Mon, 18 Jan 2038 22:14:07 GMT/ /Last bad password : Thu, 11 Jan 2007 12:49:51 GMT/ /Bad password count : 2/ /Logon hours : FF/ I can run: /pdbedit -r --fullname=Change to Test test /and it will indeed change the Full Name, so I know it is working in some form. /[EMAIL PROTECTED] ~]# pdbedit -Lv test/ /Unix username:test/ /NT username:/ /Account Flags:[U ]/ /User SID: S-1-5-21-3030426004-1519544323-488087672-2002/ /Primary Group SID:S-1-5-21-3030426004-1519544323-488087672-2003/ /Full Name:Change to Test/ /Home Directory: \\aster\test cut / I have searched the Samba mailing list archives and have found a few other's who have asked this same question, but haven't found any resolutions. Is there an easier way to instantly make a samba password expired so that a user has to change their password on the next login? I know many of you will answer that I should change to LDAP, that may be so, but the documentation claims this should work in /tdbsam/ but yet it seems to not work. Any advice would be helpful. -- *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Complicated question
I'm not sure if this is the right place to post this, but here goes. I just put together a PDC using Samba. I have given users the ability to change their passwords (once every 7 days) if they wish. I used to keep a list of usernames and passwords in a spread-sheet, so I could keep track of the servers that I needed to update with the correct password if anything changed. That being said. What do I do about authentication if I want to add a NAS? I basically won't know what user's passwords are and if/when they change them. How do I allow them access to the NAS shares with the proper permissions, while still maintaining the flexibility of allowing them to change their passwords? -- *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem accessing network shares Linux to Linux
I have a main file server running RH9 and countless workstations running Windows XP Pro, and an NT 4 box thrown in as a PDC. All of the XP workstations can view the entire network as well as connect to the RH9 file server through the Network Neighborhood browser and connect to shares on the main file server (providing they are in the correct group and have the proper permissions). We have decided to start adding some FC3 boxes to the network. I have Samba 3 running on an FC3 box. I can mount shares to the Main File Server through the command line and even set them to mount at startup. It works flawlessly. I can even browse the entire network through the Network Servers browser on FC3. However, when I try to access the main file server through the Network Servers browser in FC3, it hangs. It never connects to the server showing the shares. The hour glass icon just keeps spinning. If I close the browser, I can no longer view the network if I open up a new instance of the Network Servers browser. I have to restart the computer. I suppose I could get away with mounting all my shares, but sometimes it is nice just to browse the shares in the GUI and connect to the ones you need with out needing to mount them. Also, I created another test workstation with FC3 and was able to access shares through the Network Servers browser between both FC3 machines. Could it be incompatibilities between FC3 and RH9. I am running Samba 2.2.7 on the RH9 box, should I update that to Samba 3? Any suggestions: Here is the conf from the RH9 File Server: [global] workgroup = workgroup server string = Samba Server hosts allow = 192.168.1. 192.168.2. 127. printcap name = /etc/printcap load printers = yes printing = cups guest account = smbuser log file = /var/log/samba/%m.log max log size = 5000 security = SERVER password server = 192.168.1.5 password level = 4 username level = 4 encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd unix password sync = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* pam password change = yes obey pam restrictions = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = no os level = 33 domain master = no preferred master = no wins server = 192.168.1.5 guest ok = yes dns proxy = no [homes] comment = Home Directories browseable = no writeable = yes valid users = %S create mode = 0664 directory mode = 0775 [shared] comment = shared browseable = yes writeable = yes create mode = 0665 path = /home/shared valid users = @shared directory mode = 0777 And here is the conf from my workstation: [global] workgroup = workgroup server string = Network Administrator hosts allow = 192.168.1. 192.168.2. 127. printcap name = /etc/printcap load printers = yes cups options = raw log file = /var/log/samba/%m.log max log size = 50 security = server password server = 192.168.1.5 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 name resolve order = wins lmhosts bcast wins server = 192.168.1.5 [homes] comment = Home Directories browseable = no writeable = yes [shared] comment = Shared browseable = yes writable = yes path = /home/shared quest ok = yes -- *Jason Baker */Network Administrator/ /Desktop Publishing/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba