[Samba] SWAT reports smbd not running
Hello When I start up my swat (installed together with samba 3.0.6) and show the status tab, it says that smbd is not running. However: [EMAIL PROTECTED]:~$ ps ax | grep smbd 7697 ?S 0:00 /usr/local/samba/sbin/smbd 7705 ?S 0:00 /usr/local/samba/sbin/smbd 27179 ?S 0:00 /usr/local/samba/sbin/smbd 29716 ?S 0:00 /usr/local/samba/sbin/smbd 12116 ?S 0:01 /usr/local/samba/sbin/smbd 12297 ?S 0:00 /usr/local/samba/sbin/smbd 12864 ?S 4:58 /usr/local/samba/sbin/smbd 13512 ?S 0:00 /usr/local/samba/sbin/smbd 13577 ?S 0:00 /usr/local/samba/sbin/smbd 13602 ?S 0:00 /usr/local/samba/sbin/smbd 13621 ?S 0:00 /usr/local/samba/sbin/smbd 13847 pts/0S 0:00 grep smbd [EMAIL PROTECTED]:~$ locate smbd.pid warning: locate: warning: database /var/lib/slocate/slocate.db' is more than 8 days old /usr/local/samba/var/locks/smbd.pid [EMAIL PROTECTED]:~$ cat `locate smbd.pid` 7697 Why is SWAT reporting a bogus information? Is there some option that I forgot to enable or is this a bug that I should report to the bugzilla? What should I report? I doubt the information that swat is reporting bogus on smbd status will be of any value. Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] encrypted passwords and /etc/passwd
On 31 Aug 2004 , Karel Kulhavy entreated about [Samba] encrypted passwords and /etc/passwd: } Isn't it possible to tell Samba server that on the way between a } client and the server, the passwords sould be encrypted, and after } decryption, they will be checked against /etc/passwd and not } smbpasswd, tdb or whatever backend? passwords are never decrypted since they use a one way hash function. in other words, the CANNOT be decrypted, for good security reasons. when a server stores your password, it stores the encrypted version, and can only check an encrypted password against that. Windows and Unix use different password encryption therefore, in order to use the Unix encrypted hash in the /etc/passwd, the unix box needs to receive the plain text password from Windows so it can encrypt it itself. Windows encrypted passwords are stored in smbpasswd and are incompatible with the /etc/passwd format Thanks, I completely understand it now. I didn't get this idea reading man smb.conf, the entry about encrypt passwords =. The manpage says that setting encrypt passwords = yes requires usage of smbpasswd. However it doesn't say why. Shouldn't the explanation why be also part of the manpage? Should I file a bugreport against the manpage? The manpage omits also one fact: that when encrypt passwords = no, then the server won't try to access smbpasswd file and will use /etc/passwd directly. I thinks this should be added too. It can't be deduced from what is in the manpage currently. Should I file this also as a bugreport against the man smb.conf manpage? Cl -- DA Fo rsythNetwork Supervisor Principal Technical Officer -- Institute for Water Research http://www.ru.ac.za/institutes/iwr/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] encrypted passwords: what negotiation with what client?
Hello man smb.conf encrypt passwords says: This boolean controls whether encrypted passwords will be negotiated with the client. Note that Windows NT 4.0 SP3 and above and also Windows 98 will by default expect encrypted passwords unless a registry entry is changed. What does this mean? From my point of view it can mean 4 totally different things: 1) That when I run smbd with encrypt passwords = no and NT4.0 client with default installation, it won't work because NT4.0 client will send encrypted password and Samba require a plaintext password? 2) That when I run smbd with encrypt passwords = no and NT4.0 client with default installation, it will work, because NT4.0 client will albeit expect encrypted passwords, however will resort to unencrypted passwords upon being told by the server they are the only available option? 3) That when I run smbclient //windows_machine_with_nt40/share with encrypt passwords = no, it won't work because NT4.0 server will expect encrypted bassword and will be supplied with unencrypted one 4) That when I run smbclient //windows_machine_with_nt40/share with encrypt passwords = no, it will work, because NT4.0 server will albeit expect encrypted passwords, however will resort to accepting unencrypted one after being told by smbclient unencrypted ones are the only possible option? Basically, the manpage doesn't say two things: 1) whether this relates to a win client - samba server or samba client - win server case 2) What does the word expect mean. What does encrypt passwords = no mean? From my point of view it can mean 3 totally different things: 1) Encrypted passwords won't be negotiated at all (i. e., it will be left up to the client whether encrypted or unencrypted passwords will be used) 2) Unencrypted passwords will be negotiated with the client and if the client refuses to use unencrypted passwords, then the connection will be terminated 3) Unencrypted passwords will be negotiated with the client, however if the client refuses to use unencrypted passwords, then encrypted ones will be used? Basically the man page says what happens when I say yes, but doesn't say anything what happens when I say no. Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] encrypted passwords and /etc/passwd
On 1 Sep 2004 , Karel Kulhavy entreated about Re: [Samba] encrypted passwords and /etc/passwd: Hiya } passwords are stored in smbpasswd and are incompatible with the } /etc/passwd format } } Thanks, I completely understand it now. } } I didn't get this idea reading man smb.conf, the entry about encrypt } passwords =. The manpage says that setting encrypt passwords = yes } requires usage of smbpasswd. However it doesn't say why. Shouldn't the } explanation why be also part of the manpage? Should I file a bugreport } against the manpage? must say I never got the idea of using plaintext passwords to bypass the smbpasswd either, but then I'm not looking for that at all, I'd for what? bypassing smbpasswd, or using plaintext passwords? Cl much prefer my Samba users to be unable to login to the *nix part of the box. My security model goes they don't need to, therefore prevent them (-: } Should I file this also as a bugreport against the man smb.conf } manpage? I don't know what a bugreport all entails so it's your call there. I'd say that if you can put all the facts together, with references, and just send that as a HOWTO to the list, and maybe a bugreport, that would achieve a lot. -- DA Fo rsythNetwork Supervisor Principal Technical Officer -- Institute for Water Research http://www.ru.ac.za/institutes/iwr/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] plaintext backend
Hello I would like to use plaintext backend with a simple Samba 3.0.6 configuration to get rid of the system of double passwords and rely just on the plain old unix /etc/passwd ones. However I couldn't find any information about it in 1) man smb.conf 2) online Samba official HOWTO I tried putting passdb backend = plaintext into a smb.conf file with security=share and the Samba server doesn't seem to work at all: [EMAIL PROTECTED]:~# smbclient -L oberon protocol negotiation failed However when the line passdb backend = plaintext is commented out, the smbclient -L oberon normally runs - prints out the shares. I have tried to put passdb backend = fuck into the config file and testparm said the smb.conf if OK (!!!). So the I can't even determine what should be put into smb.conf to get plaintext passdb backend: 1) the official HOWTO lacks this info 2) manpage lacks this info 3) testparm is broken Please tell me what should be put into passdb backend to get a security=share server and plaintext passdb backend. Thanks, Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] plaintext backend
I would like to use plaintext backend plaintext is an authentication method, not a backend. The option is ^ //encrypt passwords/ = no/ No, according to Samba official HOWTO, plaintext is a password backend: http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/passdb.html grep user information - you'll see Plaintext heading listed under the heading Password Backends. Also the table of contents implies that Plaintext is a Password Backend (from the same URL): Password Backends Plaintext smbpasswd Encrypted Password Database tdbsam ldapsam MySQL XML Please tell me what should be put into passdb backend to get a security=share server and plaintext passdb backend. You also want security = share. -- Paul Gienger Office: 701-281-1884 Applied Engineering Inc. Information Systems Consultant Fax:701-281-1322 URL: www.ae-solutions.commailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] plaintext backend
| | However I couldn't find any information about it in | 1) man smb.conf | 2) online Samba official HOWTO There's a reason why you can't find any information about it. There's no such thing as a 'plaintext' passdb backend. According to Samba official HOWTO, plaintext is a password backend: http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/passdb.html grep user information - you'll see Plaintext heading listed under the heading Password Backends. Also the table of contents implies that Plaintext is a Password Backend (from the same URL): Password Backends Plaintext smbpasswd Encrypted Password Database tdbsam ldapsam MySQL XML Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] plaintext backend
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Karel Kulhavy wrote: | Hello | | I would like to use plaintext backend with a | simple Samba 3.0.6 configuration to get rid of | the system of double passwords and rely just | on the plain old unix /etc/passwd ones. The just set 'encrypt passwords = no'. It should be pretty simple really. Thanks, it works now. Even the authentication seems to work as I expected - it lets me in if I supply a user/password from /etc/passwd/ - /etc/shadow Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] encrypted passwords and /etc/passwd
Hello Why is it necessary to specify encrypt passwords = no to make Samba server start using solely /etc/passwd? Isn't it possible to tell Samba server that on the way between a client and the server, the passwords sould be encrypted, and after decryption, they will be checked against /etc/passwd and not smbpasswd, tdb or whatever backend? Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] encrypt passwords = no
Hello I have been told that to get athentication with /etc/passwd only, I have to set up encrypt passwords = no. Is this information contained somwehere in Samba documentation? I have checked man smb.conf and it doesn't say anything about connection between encrypt passwords = and method of authenticating users in the section about encrypt passwords. Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] How clients respond to Samba
Hello man smb.conf says at security: This option affects how clients respond to Samba. I always thought that client-server model implies that server responds to client, not the other way. Is this intentional or is it a typo? If it's intentional. can you please explain what is meant by it and how does it work? Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Local security settings
Hello Does Samba 3 have an equivalent of NT4's Administrative Tools - Local Security Settings - Local Policies - User Rights Assignment - Access This Computer From Network? Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] pdbedit -a and -x inconsistency
Hello When adding a machine I call pdbedit -u neptun -a -m When deleting a machine I call pdbedit -x -u neptun$ Note the asymmetry between neptun and neptun$. Is this intended? Isn't it a bug? Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Unexpected network failure
Hello When I am trying to access a share on Samba PDC from a workstation in trusted domain (bidirectional trust) and the client says Unexpected network error expected after asking me for username and password for the share (which I enter correctly). What can be the problem? Cl # Samba config file created using SWAT # from 127.0.0.1 (127.0.0.1) # Date: 2003/11/19 15:51:41 # Global parameters [global] security = user wins support = no workgroup = KEVF_D4 encrypt passwords = yes domain logons = yes null passwords = yes interfaces = eth1 preferred master = Yes domain master = Yes debuglevel = 3 ldap ssl = no admin users = admin,prech,root,test hosts allow = 195.113. # hide local users = yes name resolve order=lmhosts,bcast socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 unix password sync = yes passwd program = /bin/passwd %u passwd chat = *ew*password* %n\n *ew*password* %n\n add user to group script = /usr/local/samba/bin/myaddusertogroup '%u' '%g' add user script = /usr/sbin/useradd -c 'Samba User' -d /dev/null -g smbusers -s /bin/false '%u' add machine script = /usr/sbin/useradd -c 'Machine' -d /dev/null -g machines -s /bin/false '%u' add group script = /usr/local/samba/bin/mygroupadd '%g' delete group script = /usr/sbin/groupdel '%g' delete user script = /usr/sbin/userdel '%u' delete user from group script = /usr/local/samba/bin/mydeleteuserfromgroupscript '%u' '%g' delete user script = /usr/sbin/userdel '%u' set primary group script = /usr/sbin/usermod -g '%g' '%u' map to guest = Bad User passdb backend = tdbsam logon drive = h: logon home = \\oberon\%U logon path = \\oberon\profiles\%U server schannel = auto server signing = auto client schannel = auto #Winbind configuration. Separator is default \ idmap uid = 1-2 idmap gid = 1-2 winbind enum users = yes winbind enum groups = yes template homedir = /home/winnt/%D/%U template shell = /bin/bash [netlogon] path=/usr/local/samba/netlogon read only = yes guest ok = yes browseable = yes write list = admin prech root test locking = no csc policy = disable [homes] comment = Home Directories browseable = no writable = yes [admin] comment = Admin Home writable = yes path = /home/admin [root] comment = Root Home writable = yes path = /home/admin [test] comment = test's home writable = yes path = /home/test [linux] comment = Linux Kernel Sources path = /usr/src/linux guest ok = no [cluster] comment = cluster_temp path = /mnt/raid/cluster_temp read only = no [profiles] create mode = 0600 csc policy = disable directory mode = 0700 comment = Profiles path = /usr/local/samba/profiles/ profile acls = yes read only = no -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] schannels
Hello Can anybody point me to some text explaining what the server and client schannels are? Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] username password client machine
Hello Page xli of Samba HOWTO says that with user level security, the client sends username, password and client computer name. Does the client also send the domain for which the username is meant? Or is this a part of the username, so that the username is in form DOMAINNAME\username? Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Nondeterministic share connect failures
Hello I have a Samba PDC in domain KEVF_D4 called OBERON and a NT4 workstation NEPTUN in workgroup (not domain, workgroup) WORKGROUP I tried to map \\oberon\linux from OBERON using smbclient oberon\\linux -U username and gave password and it worked. I tried to map \\oberon\linux from NEPTUN and 1) got error message: \\Oberon is not accessible. Logon failure: the user has not been granted the requested logon type at this computer.. No share was mapped. Logged out and in and tried the same again 2) \\oberon\linux has been mapped without problems. Logged out and in and tried the same again 3) the same error message, no share was mapped. Relogged, tried again 4) without problems 5) OK 6) OK 7) OK. Tried killing all killable connection with SWAT (why can't I kill those IPC connections with SWAT?). 8) OK. Shutdown, RESET of the PC 9) the error message occurs when mere clicking on OBERON, preventing me even from clicking on the linux share. relogging. 10) OK 11) OK 12) OK. Rebooting 13) OK How can I determine what am I doing wrong? I want to make it work all the time, not just sometimes. What does the error message mean? Does the user mean the user I am logged in on NEPTUN or the remote user I am putting into the form when connecting the drive? Does this computer mean NEPTUN or OBERON? The network is OK, no packetloss. Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Profiles and mapping share under different username
Hello Are flawlessly workingroaming profiles or whatever profiles a necessary prerequisity for working mechanism of mapping shares under different username? For example, sitting on NT4 machine IAPETUS in domain KEVF_D1, KEVF_D1 - KEVF_D4 mutual trust,KEVF_D4 PDC is Samba 3 OBERON, user from IAPETUS wants to map \\OBERON\linux under username from KEVF_D4 Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] deleting Domain Admins
Hello Is it normal that net groupmap delete ntgroup=Domain Admins does nothing? Man net states: Delete a group mapping entry net groupmap delete {ntgroup=string|sid=SID} This is a behaviour contradictory to the manpage. Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Locally resolvable groups
Hello Does locally resolvable groups (Samba HOWTO page cxxxix) mean ( Local groups in MS Windows terminology)? Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] 2 NT groups mapping into 1 UNIX group
Hello Is it correct to map two NT groups into one UNIX group? For example Domain Users - users Kosmos Users - users Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] wbinfo -u sometimes returns only nontrusted users
Hello I have experienced numerously (but not experiencing them anymore, maybe because already not restarting winbindd so often) that wbinfo -u returned only local users, omitting the trusted domains. This often happens after restart of winbindd. When I issue wbinfo -m it fixes itself. It looks like waiting alone doesn't help. Is this a bug? Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Should adding trusted user into groups work?
Hello I have set up winbind in my samba-3.0.2 according to Samba HOWTO and tried to add an user from trusted domain into local group. The local group is samba, the trusted domain is NT4, samba trusts NT4. It doesn't work. I tried to do it from usrmgr.exe and it says The user name could not be found. Is this supposed to work? Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] 20s delay with nsswitch winbind
Hello I have installed winbind into nsswitch according to Samba HOWTO Chapter 21 Winbind: Use of Domain Accounts. However when I log in from console as unix user (who hasn't any account in the samba) I get a 20s delay. This is what the 12th console says: Feb 20 17:27:22 oberon pam_winbind[6241]: user 'clock' granted acces Feb 20 17:27:42 oberon login(pam_unix)[6241]: session opened for user clock by (uid=0) The first message is generated at the moment I submit my password. The second one is generated at the same moment when my shell appears. The 20s of waiting is between I submit my password and the moment the shell prompt appears. /etc/nsswitch.conf says: passwd: files winbind shadow: files group: files winbind When I login as root (root is samba user, according to pdbedit -L) the prompt appears immediately. Also when I login as an user from trusted domain (KEVF_D1\clock and put my windows NT paswword there and it WORKS!) I get no delay, I get immediate prompt. When I remove the 'winbind' words from nsswitch.conf, it disappears. However, it refuses the KEVF_D1\clock user with User not known to the underlying authentication module Does anyone know why does this happen? What does it mean? How to get rid of it? Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] DOMAIN missing in net rpc join example command
On Thu, 2004-02-19 at 01:13, edd payne wrote: On Wednesday 18 Feb 2004 2:10 pm, Karel Kulhavy wrote: root# /usr/local/samba/bin/net rpc join -S PDC -U Administrator The proper response to the command should be: Joined the domain DOMAIN where DOMAIN is your DOMAIN name. There is no DOMAIN in the command. What is the correct command that I should enter instead of this? AFAIK it pulls the domain from the workgroup= parameter in your smb.conf The command in HOWTO reads net rpc join -S PDC -U Administrator -S means server which obviously must fail unless my server is named 'PDC'. My server is not named PDC, my server is named oberon, and there it fails :) There is nothing said about I should replace 'PDC' with the servername. Instead there is said I should replace DOMAIN with my domainname, which pattern doesn't occur in the example command, so that this replacement is effectively a NOP. Actually, it asks the remote machine (the -S PDC) what it's domain name is, and joins that. If you don't specify -S, it will join the PDC of the domain in smb.conf. If you specify -w DOMAIN, it will join that domain (agian, by finding the PDC). The HOWTO is obviously botched. What I suggest is to fix it in either of these ways: 1) Replace 'replace DOMAIN with ...' with 'replace PDC with name of your PDC machine' 2) change the HOWTO line 'net rpc join -S PDC -U Administrator' to 'net rpc join -U Administrator' 3) change the HOWTO line 'net rpc join -S PDC -U Administrator' to 'net rpc join PDC -U Administrator' 4) change the HOWTO line 'net rpc join -S PDC -U Administrator' to 'net rpc join -w DOMAIN -U Administrator' Thank you for your hint. Now, even wbinfo -u works for me :) Cl Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] winbind separator '\'
Hello I get response from getent passwd in the form of DOMAIN'\'username:x:number:number:name:/home/winnt/DOMAIN/usr:/bin/bash The entry in smb.conf is winbind separator = '\' Why are there the apostrophes around \ in the entry? Shouldn't there be bare \ in that entry? I tried putting \ instead of '\' into smb.conf but the config file even doesn't get parsed - it reports syntax error on the next line. Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] DOMAIN missing in net rpc join example command
Hello Samba HOWTO Collection states at page xxxccc: 21.5.3.4 Join the Samba Server to the PDC Domain Enter the following command to make the Samba server join the PDC domain, where DOMAIN is the name of your Windows domain and Administrator is a domain user who has administrative privileges in the domain. root# /usr/local/samba/bin/net rpc join -S PDC -U Administrator The proper response to the command should be: Joined the domain DOMAIN where DOMAIN is your DOMAIN name. There is no DOMAIN in the command. What is the correct command that I should enter instead of this? Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: interdomain trust rpc error (error in winbindd?)
Hello, I'm getting the following error: The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you. See Samba HOWTO Collection and grep the message. You'll get an answer. Cl Do you have the CVS Code that fixes this? Could you email this to me? Thank you, Jamie Green-Tool Designer Twoson Tool Co. (765) 282-2221 ext.237 www.twoson.com [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Recognizing trusted domain users
Hello I am having a Samba 3.0.2 PDC which trusts another domain (served by NT4 PDC). I would like to make Samba recognize users from the trusted domain up to the point that * Permissions could be granted to them to access shares, directories, files * The users from trusted domain can be added into groups on Samba PDC How can I accomplish this? I have brought up the trust (it works) but any attempt to assign a privilege from usrmgr.exe silently fails and any attempt to add a user from trusted domain into one of Samba's groups fails with No Such User. Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind and interdomain trusts
If I install winbind on my Samba PDC and Samba trusts NT4 domain, will I be able to add members from the trusted domains into groups on Samba or ACL's on Samba? Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] + or \ as winbind separator?
Hello Samba HOWTO Section 21.5 example 21.5.1: # separate domain and username with '+', like DOMAIN+username winbind separator = + page cccxxiv: The only obvious indication that Winbind is being user is that user and group names take the form DOMAIN\{}user and DOMAIN\{}group. What is then the winbind separator? Is it '+' or is it '\'? Or should I choose it according to my taste? Are the {} meant seriously or is it just some bug resulting from the problems with LaTeX? Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Roman numerals in Samba HOWTO collection
Hello What is the purpose of Roman numbering of pages in Samba HOWTO Collection? Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Documentation bug? domadm privileges
Hello I have been solving a problem how to make a nonroot user able to administer the domain (add users, groups, modify them etc.) from Windows workstation using usrmgr.exe It looks like what is stated in Samba HOWTO collection as prerequisites is not enough. First I found Chapter 12 cxl How to make Samba PDC users member of the Domain Admins group - made the nonroot user member of domadm group, added domadm unix group and groupmapped Domain Admins NT group to domadm UNIX group. This didn't work. I suggest changing steps describe how to make Samba PDC users members of the Domain Admins to steps describe how to make Samba PDC users members of the Domain Admins (note that this won't assure same functionality as being a Domain Admin on an NT4 PDC, for further details, see 12.2.1 Important Administrative Information (page cxli) (why the heck was the numbering changed from Arabic to Roman numerals?). Then I searched further for the term 'Admins' in the Samba HOWTO Collection pdf and found 12.2.1 Important Administrative Information. It states among others: [...]adding users or groups, requires root level privilege.[...]Provision of root privileges can be done [...] by permitting [...] users to use a UNIX account that is a member of the UNIX group that has a GID=0 as the primary group in the /etc/passwd database. So I made the non-root user's primary group root (GID=0) and it still didn't work. I tried to restart samba. Still didn't work. Logout user from Windows and login back. Still didn't work. Restart samba again. Still didn't work. - Is there a place in the HOWTO that describes how to determine what sequence of reboots, logouts, domain removal and reattachments and Samba restarts is necessary to assure integrity of any given operation when dealing with Samba? Then I discovered another place in Samba HOWTO that contains example: Section 31.2. Migration Options cdxv (why the heck were the Arabic numerals replaced with Roman? Comparison of two Roman numeral takes about a minute to me and decreases the speed of manual binary search for a given page by several orders of magnitude) 5. Now assign each of the UNIX groups to NT groups: [...] # First assign well known domain global groups net groupmap modify ntgroup=Domain Admins unixgroup=root rid=512 This didn't work: oberon root # net groupmap modify ntgroup=Domain Admins unixgroup=root rid=512 Bad option: rid=512 However I got the idea behind the command and tried: net groupmap modify ntgroup=Domain Admins unixgroup=root oberon root # net groupmap modify ntgroup=Domain Admins unixgroup=root Updated mapping entry for Domain Admins oberon root # net groupmap list [...] Domain Admins (S-1-5-21-3784068046-1792391053-1311982112-512) - root Suggestion: replace net groupmap modify ntgroup=\Domain Admins\ unixgroup=root rid=512 in the Samba HOWTO Collection with net groupmap modify ntgroup=\Domain Admins\ unixgroup=root After that I reloaded Samba and tried the running usrmgr.exe: Invalid handle. Exited the usrmgr.exe and restarted usrmgr.exe (without logout) and it -- MIRACULOUSLY WORKED! Suggestion: replace Users of such accounts can use tools like the NT4 Domain User Management with Users of such accounts cannot still use tools like the NT4 Domain User Management because having root as primary group is not enough. However, if the Domain Admins group is in addition mapped to root group, this task becomes possible into chapter 12.2.1 Important Administrative Information (page cxli) Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Reloading in usrmgr.exe
usrmgr.exe administration works for me. However, sometimes it is necessary to reopen the domain up to couple of times until the administration starts working. Allegedly also it's not necessary to press F5-reload after adding an user on Windows NT. However didn't test it, never used Windows NT for adding users on an Windows NT DC :) With Samba, I always have to press F5-reload in usrmgr.exe after adding an user. Is this some kind of bug-reliance of usrmgr.exe - NT 4.0 DC communication that is not implemented in Samba or is it a lack in Samba? Is this behaviour common or does it occur only for me? Cl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba