[Samba] Upgrade path v 3.0.0 to 3.0.3
Hello all, Just a question on upgrading from Samba 3.0.0 to 3.0.3. I have several servers running 3.0.0 that I want to upgrade.They all use OpenLDAP backend. What I think I should backup are: samba/lib/smb.conf samba/var/locks/*.tdb samba/private/secrets.tdb Wipe the old system, recompile and install the new system, restore above files to appropriate location. Anything else I should backup, or suggestions? -- Kent L. Nasveschuk [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Release 3.0.1 group enumeration
Hello, I was looking at the release notes for version 3.0.1 and it mentions a bug fix for enumerating group mappings from an LDAP directory. I know the version that I run 3.0.0, is not able to get group membership from an OpenLDAP directory. Could someone just confirm that this is is the case in version 3.0.1? Thanks. -- Kent L. Nasveschuk [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Logon scripts
Hello Urs, I've been experimenting with RunAsP.exe to do exactly what you are suggesting. By using kixtart script processor you can fork part of your clients that login (2000/XP) to runasp.exe. This can switch user context to an administrator, run a program, then return to the user's context. The only drawback is that they charge $ per client machine. The passwords are kept in an encrypted form in a file that can be launched from the netlogon directory. I've evaluated it enough that to determine that I can't do without it. I've tested it for automating Norton AV virus definition updates from login scripts as well as running older programs that write to priveleged directories, but there are many thing it can be used for. Nobody has written a free version to my knowledge, would be a great project. Good luck -- Kent L. Nasveschuk [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smb.conf
This is just a quick question, what is the difference between + and @ when using groups for say valid users or write list ex valid users = +staff valid users = @staff -- Kent L. Nasveschuk [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0 PDC+LDAP Help in Fedora Core 1
/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/samba.schema pidfile /var/run/slapd.pid argsfile /var/run/slapd.args database bdb suffix dc=test,dc=edu rootdn cn=root,dc=test,dc=edu rootpw testing directory /var/lib/ldap index objectClass eq index cn pres,sub,eq index sn pres,sub,eq index uid pres,sub,eq index displayName pres,sub,eq index uidNumber eq index gidNumber eq index memberUid eq index sambaSID eq index sambaPrimaryGroupSID eq index sambaDomainName eq index default sub end slapd.conf begin smb.conf [global] passdb backend = ldapsam ldap suffix = dc=test,dc=edu ldap machine suffix = ou=Computers ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap admin dn = cn=root,dc=test,dc=edu ldap ssl = no idmap backend = ldap:ldap://127.0.0.1 passwd chat debug = Yes passwd program =/usr/local/sbin/smbldap-passwd.pl -o %u passwd chat = *new*password* %n\n *new*password:* %n\ *successfully* socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 Never used the IDEALX scripts. Right now I use a shell script to batch add computers and users. add machine script = /usr/local/sbin/smbldap-useradd.pl -w %m add user script = /usr/local/sbin/smbldap-useradd.pl -a %u delete user script = /usr/local/sbin/smbldap-userdel.pl %u add group script = /usr/local/sbin/smbldap-groupadd.pl %g delete group script = /usr/local/sbin/smbldap-groupdel.pl %g add user to group script = /usr/local/sbin/smbldap-groupmod.pl -m %u %g delete user from group script = /usr/local/sbin/smbldap-groupmod.pl -x %u %g set primary group script = /usr/local/sbin/smbldap-usermod.pl -G %g %u workgroup = TEST netbios name = donald comment = test samba pdc security = user null passwords = yes encrypt passwords = yes logon script=logon.bat logon drive = logon path = domain master = yes domain logons = yes preferred master = yes os level = 33 wins support = yes wins proxy = no log file = /var/log/samba/%m.log public = No browseable = yes writable = No ; necessary share for domain controller [netlogon] path = /netlogon locking = no read only = yes write list = ntadmin ;test share [tmp] writeable = yes public = yes path = /tmp [profiles] path = /profiles read only = no writeable = yes create mask = 0600 directory mask = 0700 end smb.conf --- One other thing I found that would cause problems adding a computer to a domain. Duplicate names. If you use ghost disk imaging this is a common problem. -- Kent L. Nasveschuk [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Secondary, tertiary group problems in Samba LDAP
I don't, is it essential for this to work correctly? On Fri, 2004-01-09 at 10:52, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 7 Jan 2004, Kent L. Nasveschuk wrote: Hello, I found an interesting thing that I don't know if it is a bug, by design or I need to be doing something that I'm not but here goes. My system RedHat 8.0 (1) PDC with LDAP 2.1.23 backend master, (3) BDC with LDAP slave backend. All are Samba 3.0. I had a probelem with secondary, tertiary etc groups that people belong to and Samba recognizing these groups if they were stored in LDAP. The primary group was no problem. When I created shares but used @groupname for valid users or write list, Samba would fail to get that info from LDAP. They needed to be in /etc/group to work. As soon as I added users in secondary groups to /etc/group users were recognized and rights were assigned. do you have nss_ldap setup correctly? cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song --Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE//s5YIR7qMdg1EfYRApHUAKDfecFReHBdV4XU8femIsKXkbdR5wCg6Rxa 2DWV4KTXVLdyl22z1Tkcjzs= =ptcK -END PGP SIGNATURE- -- Kent L. Nasveschuk [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: WAS: Re: [Samba] net groupmap / domain admins problem - Amazon prize
John, I actually did try this out +groupe name, I don't believe I could get it to work. I tryed many variations. I guess I need to experiment more with how nsswitch.conf and how pam is configured. I'm not real knowledgeable in this area. I found an interesting work around for those of you looking for mapping drives from login scripts based on secondary + groups. /etc/group dusers:x:500: staff:x:680:kent,fred,joe /etc/passwd kent:x:4044:500::/accounts/staff/kent:/bin/bash ksnider:x:4045:500::/accounts/staff/fred:/bin/bash joe:x:4045:500::/accounts/staff/joe:/bin/bash Users primary group is dusers 500 but have secondary group staff 680. In netlogon directory I put directory same name as share for example: netlogon/staff-files In the directory put single file secured by directory permissions example: netlogon/staff-files/readme directory permissions on staff-files directory in netlogon (0750) drwxr-x---2 root staff 4096 Jan 7 07:40 staff-files share is smb.conf: [staff-files] comment = Staff Files path = /accounts/staff/staff-files valid users = @staff write list = @staff In netlogon script reads as follows: if exist \\SERVERNAME\netlogon\staff-files net use S: \\SERVERNAME\staff-files Samba checks local Linux groups and if user is in group he/she is capable of reading file, drive is mapped. Of course I wish all this info was in LDAP so I wouldn't have to mess with local groups but Christmas has gone by and I didn't find this solution in my stocking. I can't take any credit for this idea. I found it in a 1999 posting but it's a temporary fix for something that I believe many of us are seeking. Just have to say this stuff is marvelous. I've been utterly frustrated and amazed at the versatilaty of Samba. Thanks for you support. On Thu, 2004-01-08 at 03:54, John H Terpstra wrote: Hansjoerg, Instead of: valid users = @Groupe Please try: valid users = +Groupe Thanks. - John T. On Thu, 8 Jan 2004, Hansjoerg Maurer wrote: Hi thank you, for your fast replay. I have a user sporer [EMAIL PROTECTED] root]# id -a sporer uid=1000(sporer) gid=1000(sensodrivegroup) Gruppen=1000(sensodrivegroup),1001(managementgroup) The user and the group is in ldap and nss_ldap seems to work.. [EMAIL PROTECTED] root]# getent group root:x:0:root Domain Admins:x:912: Domain Users:x:913: Domain Guests:x:914: Administrators:x:944: Users:x:945: Guests:x:946: Power Users:x:947: Account Operators:x:948: Server Operators:x:949: Print Operators:x:950:Administrator Backup Operators:x:951: Replicator:x:952: Domain Computers:x:953: sensodrivegroup:x:1000:sporer,haehnle,sporers,unterholzner,geist,bertleff,hauschild,sensodrive,root managementgroup:x:1001:management,root,haehnle,sporer,sporers I am using [EMAIL PROTECTED] root]# rpm -q nss_ldap nss_ldap-207-3 on RH9 Within samba I have to shares [Projekte] comment = Sensodrive-Projekte path = /home/sensodrive force group = sensodrivegroup force user = sensodrive valid users = @sensodrivegroup,root [Management] comment = Sensodrive-Management path = /home/management force group = managementgroup force user = management valid users = @managementgroup,root Every user can access the Projekte share, because the primary group of every user is sensodrivegroup. When user sporer tries to acess the Management share, he gets user 'sporer' (from session setup) not permitted to access this share (Management) If I add the user sporer by his username to valid users it works valid users = @managementgroup,root,sporer,haehnle,sporers Maybe this helps to solve the problem If you need more information, or further testing give me a note Thank you very much Greetings Hansjrg John H Terpstra wrote: On Thu, 8 Jan 2004, Hansjoerg Maurer wrote: Hi i have a question related to the groupmapping with ldapsam as backend. You discribed, that groupentries have to be in /etc/group with tdbsam as backend. I recognized, that samba 3,0.1 with ldapsam does not recognize secondary groups in ldap. (e.g for accessing a share) The problem is described by [EMAIL PROTECTED] to (see his email attached). Do secondary groups have to be in /etc/groups in order to be recognized by samba even with ldapsam? Whether or not this will work depends on how you configure ID resolution. Winbind apparently does not resolve secondary group membership. On the other hand, if you configure LDAP based ID resolution via the name service switcher (NSS) for both users and groups then secondary group membership resolution seems to work ok. The Posix user account should be in the LDAP database. You can then add users to multiple groups either in /etc/group or in the LDAP groups container. How did you
[Samba] Secondary, tertiary group problems in Samba LDAP
Hello, I found an interesting thing that I don't know if it is a bug, by design or I need to be doing something that I'm not but here goes. My system RedHat 8.0 (1) PDC with LDAP 2.1.23 backend master, (3) BDC with LDAP slave backend. All are Samba 3.0. I had a probelem with secondary, tertiary etc groups that people belong to and Samba recognizing these groups if they were stored in LDAP. The primary group was no problem. When I created shares but used @groupname for valid users or write list, Samba would fail to get that info from LDAP. They needed to be in /etc/group to work. As soon as I added users in secondary groups to /etc/group users were recognized and rights were assigned. As a side note each line of /etc/group is limited to 1024 bytes, so there is a limit on how many users you can add to a group using /etc/group. If you exceed that when the system scans the /etc/group file, it will fail at the line 1024 bytes and any groups below will fail to be recognized. I believe that this is a bug. If you do ls on a directory or id username where one of the entries in your /etc/group has exceeded the limit, the groups will show as numbers and not a group name. Can I use pam_winbindd to extract group membership from LDAP at this time for secondary, tertiary etc groups? -- Kent L. Nasveschuk [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Several people on this mailing list have the W32/Swen@MM virus
I get these often, but I use Linux as a desktop machine so it's not from me. On Fri, 2004-01-02 at 08:07, Rob Taft wrote: Ever since I signed up for this mailing list and sent my first question, I have been bombarded with the W32/[EMAIL PROTECTED] and the emails aren't all from the same person. Is anyone else experiencing this? Rob -- Kent L. Nasveschuk [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] How do I get Winbind accounts in LDAP?
I've seen this posting before but I need to get a grasp on this. I am using winbindd for users that don't have a local account on a Linux box. I thought that placing the entries below in the smb.conf would create users in ou=Idmap. Instead the ou=Idmap increments the uidNumber with every user that is added,but the user ID mappings are stored in /usr/local/var/locks/winbindd_idmap.tdb. What entry in smb.conf will change this. These are the applicable portions of smb.conf. ldap suffix = dc=tow,dc=net ldap machine suffix = ou=Computers ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap admin dn = cn=admin,dc=tow,dc=net ldap ssl = no idmap backend = ldap:ldap://127.0.0.1 ldap idmap suffix = ou=Idmap winbind separator = + idmap uid = 4-5 idmap gid = 4-5 winbind enum users = yes winbind enum groups = yes template homedir = /accounts/default/%D/%U template shell = /bin/bash winbind use default domain = yes winbind cache time = 15 obey pam restrictions = yes So I use wbinfo -c username. This returns a RID number. User can now login or use smbclient -L localhost -U username password and get available shares on this BDC. In LDAP directory is incremented by 1, but there are no entries. How do I move the entries that are stored in /usr/local/var/locks/winbindd_idmap.tdb to the LDAP directory? What I've omitted in all this is that pam and pam_winbind is setup correctly, which I believe it is. -- Kent [EMAIL PROTECTED] [EMAIL PROTECTED] Tips:-- OpenOffice.org ... Stops Word macro viruses DEAD! Postgresql.org ... Don't 'kill -9' the postmaster Technology is legislation - C. Einfeldt on OO.o discuss list -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind not quite working yet
Hello, I'm trying to get Winbind to authenticate users that don't have local accounts on a SAMBA BDC. I have (3) BDCs (1) PDC running OpenLDAP 2.1.23 pass backend and Samba 3.0. These are on RedHat 8.0 systems. 3 BDC are also slave LDAP and 1 master directory server on the PDC. I went through the Samba documentation CH21 and made modifications to the BDCs and PDC as follows: nsswitch.conf files winbind for passwd and group pam.d/login #%PAM-1.0 #auth required /lib/security/pam_securetty.so auth sufficient /lib/security/pam_winbind.so auth sufficient /lib/security/pam_unix.so use_first_pass auth required /lib/security/pam_stack.so service=system-auth auth required /lib/security/pam_nologin.so accountsufficient /lib/security/pam_winbind.so accountrequired /lib/security/pam_stack.so service=system-auth password required /lib/security/pam_stack.so service=system-auth sessionrequired /lib/security/pam_stack.so service=system-auth sessionoptional /lib/security/pam_console.so pam.d/samba #%PAM-1.0 #authrequired/lib/security/pam_stack.so service=system-auth #account required/lib/security/pam_stack.so service=system-auth authrequired/lib/security/pam_nologin.so authrequired/lib/security/pam_pwdb.so nullok shadow authrequired/lib/security/pam_stack.so service=system-auth account required/lib/security/pam_winbind.so account required/lib/security/pam_pwdb.so account required/lib/security/pam_stack.so service=system-auth session required/lib/security/pam_stack.so service=system-auth password required /lib/security/pam_stack.so service=system-auth pam.d.system-auth #%PAM-1.0 authsufficient/lib/security/pam_winbind.so authrequired /lib/security/pam_env.so authsufficient/lib/security/pam_unix.so likeauth nullok use_first_pass authrequired /lib/security/pam_deny.so account sufficient/lib/security/pam_winbind.so account required /lib/security/pam_unix.so passwordrequired /lib/security/pam_cracklib.so retry=3 type= passwordsufficient/lib/security/pam_unix.so nullok use_authtok md5 shadow passwordrequired /lib/security/pam_deny.so session required /lib/security/pam_mkhomedir.so umask=0022 session required /lib/security/pam_limits.so session required /lib/security/pam_unix.so pam_winbind.s is in /lib/security libnss_winbind.so and symbolic link to it from libnss_winbind.so.2 smb.conf ... winbind separator = + idmap uid = 1-2 idmap gid = 1-2 winbind enum users = yes winbind enum groups = yes template homedir = /accounts/default/%D/%U template shell = /bin/bash winbind use default domain = yes ... If I run smbclient on a BDC: smbclient -L localhost -U fred where fred is a local account I get shares and an appropriate response. When I check the logs, samba.bdc name it indicates that samba is getting information from the LDAP directory, including password. When I do the same for a person without a local account, the LDAP directory returns user found but : session setup failed: NT_STATUS_LOGON_FAILURE Also when I run getent passwd as root I only get local accounts. When I run wbinfo -u I get all users in the LDAP directory, wbinfo -g only domain groups no local groups. Any help would be appreciated. I'm a little stumped with this one. -- Kent [EMAIL PROTECTED] [EMAIL PROTECTED] Tips:-- OpenOffice.org ... Stops Word macro viruses DEAD! Postgresql.org ... Don't 'kill -9' the postmaster Technology is legislation - C. Einfeldt on OO.o discuss list -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Valid users as group fails
Just wondering if anyone is experiencing a similar problem. System: RedHat 8.0 Samba 3.0 LDAP 2.1.23 vaild users on a share fails yet individual users works. I've seen other posts similar to this. Users have a memberUID entry directory in LDAP. The Linux box has group 506 mapped to sambaSid Sxxx...-2013 Where can I look for problems? -- Kent L. Nasveschuk [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Winbindd
The message I got from Jerry Carter yesterday says that Winbindd is only required for trust accounts between 2 domains. I was confused also, the documentation seems to lead one to the contrary. -- Kent L. Nasveschuk [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba BDC doesn't talk to LDAP slave on same machine
Hello,
I can't get my BDC to talk to the LDAP slave running on the same
machine. Replication between slave and master works but samba on the BDC
doesn't appear to be communicating with the slave LDAP server.
Everything off the PDC works fine.
--
smb.conf on BDC
--
[global]
workgroup = WarehamPS
encrypt passwords = Yes
time offset = 60
time server = Yes
socket options = TCP_NODELAY
security = user
logon script = netlogon.bat
writable = Yes
dns proxy = no
directory mask = 02770
preferred master = yes
netbios name = Decas2
server string = RedHat 8.0 Samba LDAP
passdb backend = ldapsam:ldap://172.16.0.3 ldap://127.0.0.1;
ldap passwd sync = Yes
machine password timeout = 604800
passwd program = /usr/local/samba/bin/smbpasswd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUnix\spassword:* %n\n
log file = /var/log/samba.%m
debug level = 2
max log size = 50
add user script = /usr/local/sbin/smbldap-useradd.pl %u
delete user script = /usr/local/sbin/smbldap-useradd.pl %u
add group script = /usr/local/sbin/smbldap-groupadd.pl
delete group script = /usr/local/sbin/smbldap-groupdel.pl
add machine script = /usr/local/samba/bin/smbpasswd -a -m %u
logon script = netlogon.bat
logon path =
logon drive = H:
logon home =
domain logons = Yes
os level = 64
domain master = No
dns proxy = Yes
admin users = @domain_admins
wins support = no
wins server = 172.16.0.3
wins proxy = no
name resolve order = wins hosts bcast
ldap suffix = dc=tow,dc=net
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap admin dn = cn=admin,dc=tow,dc=net
ldap ssl = no
[homes]
comment = Home Directories
read only = no
browseable = no
writable = yes
path = %H
# valid users = %S
hide files = /.*/
[netlogon]
comment = Netlogon share
path = /usr/local/samba/netlogon
locking = no
browseable = no
read only = yes
write list = @domain_admins
[programs]
comment = Programs
path = /accounts/programs
[printers]
comment = All Printers
path = /var/spool/samba
read only = Yes
printable = Yes
browseable = No
--
slapd.conf ond BDC
--
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.4 2000/08/26
17:06:18 kurt Exp $
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/samba.schema
databaseldbm
suffix dc=tow,dc=net
rootdn cn=admin,dc=tow,dc=net
rootpw {SSHA}bbcOI00dfOOJdNCsuFfWf8forJC/Q2P8
directory /usr/local/var/openldap-slurp/wareham
updatedncn=admin,dc=tow,dc=net
updateref ldap://172.16.0.3;
schemacheck on
lastmod on
# Indices to maintain
#index objectClass eq
index objectClass,uid,uidNumber,gidNumber eq
#index cn,mail,surname,givenname eq,subinitial
index cn,snpres,eq,sub
access to dn=.*dc=tow,dc=net
by self write
by * read
access to attrs=userPassword,sambaNTPassword,sambaLMPassword
by dn=cn=root,ou=Users,dc=tow,dc=net write
by self write
# by anonymousauth
by * none
--
LDAP.conf on BDC
--
# $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.9 2000/09/04
19:57:01 kurt Exp $
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
BASEdc=tow,dc=net
URI ldap://172.16.151.254
host172.16.151.254 172.16.0.20
ldap_version 3
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
--
Kent L. Nasveschuk [EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind pdc bdc problem
Do I need to use winbind between pdc and bdc if I'm using LDAP backend? I have a PDC setup with LDAP master on backend and a BDC with slave LDAP in another building.I'm just having a problem with getting users to authenticate and use the BDC for home directories and exactly how to have W2k clients join the domain.. The BDC is in another building (connected by a slow connection) so it needs to have a copy of LDAP for authentication purposes. I've tested LDAP replication and it works fine and receives updates from the master. The PDC does everthing that it should. I can join W2k clients, and users can get to their home directories. My problem is in Samba and how to configure the BDC for users to use it. System description RedHat 8.0 LDAP 2.1.23 Samba 3.0 Any help or suggestions would be appreciated. -- Kent L. Nasveschuk [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind pdc bdc problem
Thanks, guess I don't need it then. I wasn't quite sure what the full function was for winbindd. On Tue, 2003-12-16 at 10:01, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kent L. Nasveschuk wrote: | Do I need to use winbind between pdc and bdc if I'm | using LDAP backend? On a Samba DC, Winbindd is only needed when the DC's have established trusts with other domains (and you need winbindd to generate accounts for the trusted users and groups). - -- ciao, jerry ~ -- ~ Hewlett-Packard- http://www.hp.com ~ SAMBA Team -- http://www.samba.org ~ GnuPG Key http://www.plainjoe.org/gpg_public.asc ~ If we're adding to the noise, turn off this song --Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/3x5NIR7qMdg1EfYRAu0aAJ0bf1xldkSU72onr/iL1l9wl70n1QCfTi+f pj/6UNQJrMakJb0dUhTVO1E= =nmX/ -END PGP SIGNATURE- -- Kent L. Nasveschuk [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Authenticating to BDC with LDAP backend
Hello, I'm still trying to get this straightened out. I have the following system: System description RedHat 8.0 LDAP 2.1.23 Samba 3.0 I have basically 2 BDC that I want users to have home directories on. These also run LDAP backend as slave servers. Do all machines using the domain need to have machine accounts on the PDC or do some that use the BDC for home directories need to have machine accounts on the BDC? Any help or suggestions would be appreciated. -- Kent L. Nasveschuk [EMAIL PROTECTED] -- Kent L. Nasveschuk [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Help with home directories on BDC using LDAP
Hello, I'm having problems with creating machine accounts with W2K clients connecting to a Samba server that is also a BDC.I'm using LDAP as a backend for Samba 3.0. I have LDAP running as a master on the PDC and slave on the BDC. I am unsure where to create the UNIX machine accounts for clients that will be using the BDC for home directories. Do the machine accounts (computername$) need to be created on the PDC or the BDC? I am able to authenticate to the BDC and access shares as a user but when I attempt to join the domain with it fails unless I have the machine account on the PDC. Any help would be appreciated. -- Kent L. Nasveschuk [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba LDAP multiple servers
Thank you. I have set up one server as BDC and slave LDAP to master. The
others should be easy now that I have one set up. The only way I was
able to achieve replication was using the rootdn account. In the slave
slapd.conf one specifies the updatedn and updateref. Is there any place
to put a password if bindmethod is simple? I believe that is the
problem. I configured write access to a replication account as:
slave slapd.conf...
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.4 2000/08/26
17:06:18 kurt Exp $
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/samba.schema
databaseldbm
suffix dc=tow,dc=net
rootdn cn=admin,dc=tow,dc=net
rootpw {SSHA}bbcOI00dfOOJdNCsuFfWf8forJC/Q2P8
directory /usr/local/var/openldap-slurp/wareham
updatednuid=hugo,ou=users,dc=tow,dc=net
updateref ldap://172.16.0.3;
schemacheck on
lastmod on
# Indices to maintain
#index objectClass eq
index objectClass,uid,uidNumber,gidNumber eq
#index cn,mail,surname,givenname eq,subinitial
index cn,snpres,eq,sub
access to dn=.*dc=tow,dc=net
by self write
by dn=uid=hugo,ou=users,dc=tow,dc=net write
by * read
access to attrs=userPassword,sambaNTPassword,sambaLMPassword
by dn=cn=hugo,ou=Users,dc=tow,dc=net write
by self write
by anonymousauth
by * none
When I start slapd -d1 I can watch attempts to update from the master
but it doesn't occur.
Suggestions?
CH 6 samba-howto collection helped with setup also.
On Wed, 2003-11-26 at 14:34, Patrick wrote:
Adam Williams wrote:
I have 1 Samba 3.0 server with LDAP 2.1.23 running on backend from the same
machine. These are both RedHat 8.0. I have 2 other servers I would like to use the
same LDAP directory. I used net join to join the servers to the domain. Prior to
joining the domain the the servers had no SID. After using net join they got a new
SID (net getlocalsid). In the LDAP directory what SID base should be attached to
users and computers that I add? The original Domain SID?
You should really add users VIA samba, or at least the sambaSamAccount
objectclass. This will work if you already have a posixAccount
objectclass. It will generate the SID based upon the domain SID and the
uidNumber/gidNumber.
I may have messed this up. What I want to do is set up the second 2 servers as
member servers in the domain, and put user accounts with home directories on them.
User uses LDAP to authenticate to member server. So far I can create an account
and login in but I am unsure if I m using the SID for the user correctly.
Let Samba set the SID.
What is a recommended for master slave LDAP servers that are used primarily for
authentication to Samba servers. Should I set up a slave LDAP server for the
member servers? These member servers would be located in separate buildings. The
main server has about 1000 user accounts, and member servers about 120 each when
finished.
Eh? User accounts exist in the SAM, in this case LDAP - everywhere.
Slaves are just replicas of the master for redundancy and performance.
At any one time I anticipate 20-30% will be logged in during peak hours.
Any help that anyone can give me on this I'd appreciate. This is a fairly large
installation that eventually will span 8 building each with there own Samba server
but authenticating to a single OpenLDAP directory.
Make a master LDAP on the PDC, load all the users.
Join the member servers to the domain.
Create LDAP replicas on several/all member servers.
Setup NSS on the member servers to use their local/near-by LDAP replica.
From what it sounds like you want to span the load of the PDC to
mahines that will be in each building. In this case the samba server in
each building should not be member servers. They should instead be a
BDC. Each machine should me using a replica LDAP server and have samba
configured as a BDC. As mentioned by Adam Williams you will need each
of the BDC machines using NSS setup to use the LDAP replicas.
To setup the BDC the Samba 3 HowTo Collection gives all the information
you should need. This is what I used and everything seems to be working
here.
Partick
--
Kent L. Nasveschuk [EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Join Machine to Domain
Hey, Thanks for getting back to me. I could not put this down till I knew why things weren't working.I finally succeded in making everyting work and finding out why I had problems. I couldn't make it work with administrator. As soon as I deleted the administrator user and replaced user with root, Wah lah! I can join workstations. I removed username map from smb.conf. I also had a very strange error message that I have discovered is caused by some keys in the workstation registry that I changed. These are keys that are reported to need to be changed in XP and not W2K. The learning curve for this is high. I learned a great deal about Samba and LDAP but both packages are slick and work together quite well. All the time I've spent on this has been well worth it. Thanks for your help. Kent N On Mon, 2003-11-17 at 09:27, [EMAIL PROTECTED] wrote: Hi, I forgot to tell you, that the samba password from the uid=Administrator,ou=Users,dc=tow,dc=net MUST be the same like the samba password for root . Because samba will expect both the client and the server user to have the same password. After that the option username map will work correctly. Regards Manuel Piessnegger Kent L. Nasveschuk [EMAIL PROTECTED] To .ma.us [EMAIL PROTECTED] cc 14.11.2003 17:44 Samba List Server [EMAIL PROTECTED] Subject Re: [Samba] Join Machine to Domain I appreciate your help on this. I still am having problems. Attached a some of the pertinent configuration files. I can login in with any account so connection and password to access ldap server works, just can't join domain. I get an error message bad passwd or unknown user. I added the username map but root = administrator still doesn't work. # Administrator, Users, tow.net dn: uid=Administrator,ou=Users,dc=tow,dc=net cn: Administrator sn: Administrator objectClass: inetOrgPerson objectClass: sambaSAMAccount objectClass: posixAccount gidNumber: 0 uid: Administrator uidNumber: 0 homeDirectory: /accounts/Administrator sambaPwdLastSet: 1068814077 sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 1068814077 sambaPwdMustChange: 2147483647 sambaHomePath: \\whs1\Administrator sambaHomeDrive: H: sambaProfilePath: \\whs1\profiles\ sambaLMPassword: E3B4E05BE6A182C9E13B8E8F6853DCAC sambaNTPassword: F4858C7E53BB628AE91E00E9DB6CD467 sambaAcctFlags: [U ] sambaSID: S-1-5-21-1129281578-1295143107-3311307472-1000 loginShell: /bin/bash gecos: Netbios Domain Administrator sambaPrimaryGroupSID: S-1-5-21-1129281578-1295143107-3311307472-1001 userPassword:: e1NNRDV9ZGpiNFo3ODQ3VFlKYWJYZEM5ZGRtSkFpMklzPQ== smb.conf: [global] workgroup = WarehamPS encrypt passwords = Yes time server = Yes socket options = TCP_NODELAY security = user logon script = netlogon.bat writable = Yes dns proxy = no directory mask = 02770 preferred master = yes netbios name = WHS1 server string = RedHat 8.0 LDAP Server passdb backend = ldapsam ldap passwd sync = Yes passwd program = /usr/local/samba/bin/smbpasswd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUnix\spassword:* %n\n log file = /var/log/samba.%m debug level = 2 max log size = 50 add user script = /usr/local/sbin/smbldap-useradd.pl %u #delete user script = /usr/local/sbin/smbldap-useradd.pl #add group script = /usr/local/sbin/smbldap-groupadd.pl delete group script = /usr/local/sbin/smbldap-groupdel.pl add machine script = /usr/local/samba/bin/smbpasswd -a -m %u #add machine script = /usr/sbin/useradd -d /dev/null -g 502 -s /bin/false -M %u logon script = netlogon.bat logon path = \\%N\profiles\%g logon drive = H: logon home = \\%L\%U
[Samba] Login after join domain fails
Hello, Samba 3.0.0/LDAP 2.1.23 RedHat 8.0 After wrestling with the probelem of attempting to join a W2K computer to domain I finally succeded only to run into another problem. First I was not able to use user administrator as samba admin alias root to join computers to domain.I needed to create user root in LDAP with: uid=root uidNumber=0 gidNumber=0 sambaSID=S-1...1000 sambaPrimaryGroup=S-1...1001 Then I was able to join to domain. When I reboot I get an error message when trying to login: error 3221356590 I can't login with any account, same message. An account must be used, I'm assuming nobody, through the network to create authentication tokens so that any user that logs in with a valid login name in LDAP will be able to login on this machine.The machine must authenticate first prior to the user. Anyone have this problem before. Could use some insite into where to look to fix this problem. -- Kent [EMAIL PROTECTED] [EMAIL PROTECTED] W 508 291-3510 X122 C 508 317-2755 Tips:-- OpenOffice.org ... Stops Word macro viruses DEAD! Postgresql.org ... Don't 'kill -9' the postmaster Technology is legislation - C. Einfeldt on OO.o discuss list -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problem Samba 3.0 with net groupmap access LDAP 2.1.23
Hello,
I thought I had this all figured out but I don't. I have a RedHat 8
system using LDAP 2.1.23 as backend to Samba 3.0.0. I wasn't able to get
machines to join the domain so I used the debug option in slapd -d 10 to
see what Samba was sending the LDAP server.
It looked like it was resolving my admin to the guest account. I went
back to check groupmap list and got the following error messages:
[EMAIL PROTECTED] root]# /usr/local/samba/bin/net groupmap list
[2003/11/12 12:44:29, 0] passdb/pdb_ldap.c:ldapsam_setsamgrent(2048)
ldapsam_setsamgrent: LDAP search failed: No such object
[2003/11/12 12:44:29, 0]
passdb/pdb_ldap.c:ldapsam_enum_group_mapping(2113)
ldapsam_enum_group_mapping: Unable to open passdb
I cannot tell you how many times I've run accross this message. One time
an error in my smb.conf caused it. This time I don't know. I get this
error message whether I load a base tree or it is empty. There are only
2 other configuration files that
I'm sure someone has run accross this. Any suggestions I'm running low
on patience.
Another question..
To add a computer to a domain, realize that to store the admin password
for Samba to use for this I need to run smppasswd -w . There are
different options in slapd.conf for encrypting the root user password.
What do I use? Nothing, {SSHA} {CRYPT} ..I may have a GCE (gross
conceptual error) about how this password is accessed. Help!
--
Kent L. Nasveschuk [EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: novice level question
I can't speak about whether or not this is a good practice, but I recently removed an intermediate organization from my LDAP tree. It was great as a logical entity but in practice it added an another layer to an already complex structure. I've had a great deal of experience with Novell that allows many layers to a directory structure through NDS. It can become very confusing to the average user about where they reside in the directory structure. Keep it as simple as possible. On Mon, 2003-11-10 at 17:11, Shekhar Ayyappan wrote: Guys, I have recently been playing around with directory servers. My quick question of the day is as follows. I have a directory installed whose root points to o=xyz So for a user the dn is cn=user1,ou=users,o=xyz is this a good practice??? Is it ok to omit the c=nz??? I am not goin to hook my directory onto the internet, this is for my private disposal.. Any thoughts guys??? Cheers and thnx in advance. shekhar __ This email message and attachments are confidential to our organisation and subject to legal privilege. If you have received this email in error, please advise the sender immediately and destroy the message and any attachments. If you are not the intended recipient you are notified that any use, distribution, amendment, copying or any action taken or omitted to be taken in reliance of this message or attachments is prohibited. You can read our Privacy Policy here: www.asbbank.co.nz/privacystatement.stm __ -- Kent [EMAIL PROTECTED] [EMAIL PROTECTED] W 508 291-3510 X122 C 508 317-2755 Tips:-- OpenOffice.org ... Stops Word macro viruses DEAD! Postgresql.org ... Don't 'kill -9' the postmaster Technology is legislation - C. Einfeldt on OO.o discuss list -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smb.conf problems causes net groupmap to fail
Hello, I just thought I would post this since it may be helpful to others if they run into the same issues I did. I am using Samba 3.0 with openLDAP 2.1.23 as backend db on a Slackware 9 system. This is purely a test system that I need to test at home reliably enough to put into production in a school system. I was getting error messages when I went to run samba/bin/net commands. Couldn't figure it out until now. If you have a problem in your smb.conf when you try to run samba/bin/net commands like groupmap list, you get error messages. My guess and the developers can probably elaborate on this, net command reads the smb.conf whether or not the daemons smbd or nmbd is running. Errors in the config file will cause the net commands to fail. It took me a long time to experiment and find this out but I thought I should pass it on. -- Kent [EMAIL PROTECTED] [EMAIL PROTECTED] W 508 291-3510 X122 C 508 317-2755 Tips:-- OpenOffice.org ... Stops Word macro viruses DEAD! Postgresql.org ... Don't 'kill -9' the postmaster Technology is legislation - C. Einfeldt on OO.o discuss list -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Net groupmap fails
Operators description: Netbios Domain Print Operators (need smb.conf configuration) # Backup Operators, Groups, 30GreatNeck, home.net dn: cn=Backup Operators,ou=Groups,o=30GreatNeck,dc=home,dc=net objectClass: posixGroup gidNumber: 551 cn: Backup Operators description: Netbios Domain Members can bypass file security to back up files (not implemented yet) # Replicator, Groups, 30GreatNeck, home.net dn: cn=Replicator,ou=Groups,o=30GreatNeck,dc=home,dc=net objectClass: posixGroup gidNumber: 552 cn: Replicator description: Netbios Domain Supports file replication in a sambaDomainName (no t implemented yet) # Domain Computers, Groups, 30GreatNeck, home.net dn: cn=Domain Computers,ou=Groups,o=30GreatNeck,dc=home,dc=net objectClass: posixGroup gidNumber: 553 cn: Domain Computers description: Netbios Domain Computers accounts # 30GREATNECK, 30GreatNeck, home.net dn: sambaDomainName=30GREATNECK,o=30GreatNeck,dc=home,dc=net sambaDomainName: 30GREATNECK sambaSID: S-1-5-21-739112995-4084651483-89095900 sambaAlgorithmicRidBase: 1000 objectClass: sambaDomain /usr/local/src# /usr/local/samba/bin/net groupmap add ntgroup=Domain Admins unixgroup=root rid=512 adding entry for group Domain Admins failed! /usr/local/samba/bin/net groupmap modify ntgroup=Domain Admins unixgroup=root NT Group Domain Admins doesn't exist in mapping DB I also tryed the above I know I need to map Domain Admins to root users to be able to create machine accounts for W2k machines. What are some reasons for this to fail? I've read a great deal of documentation and everything I try fails. -- Kent L. Nasveschuk [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: Réf. : [Samba] Net groupmap fails
Stephanie, Thank you for your help. I tryed what you suggest but no luck.. I get this: [EMAIL PROTECTED]:~# /usr/local/samba/bin/net groupmap add ntgroup=Domain Admins unixgroup=Domain Admins rid=512 Can't lookup UNIX group Domain Admins Is there something with initial compiling samba 3.0.0 that would disable this? All the documentation that I've seen makes it look so easy, but I can't get it to work. On Fri, 2003-11-07 at 06:48, [EMAIL PROTECTED] wrote: try /usr/local/samba/bin/net groupmap add ntgroup=Domain Admins unixgroup=Domain Admins rid=512 dn: cn=Domain Admins,ou=Groups,o=30GreatNeck,dc=home,dc=net objectClass: posixGroup This group is the unix group. --- Stphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 Kent L. Nasveschuk [EMAIL PROTECTED] Envoy par : Pour : Samba List Server [EMAIL PROTECTED] [EMAIL PROTECTED]cc : .samba.org Objet : [Samba] Net groupmap fails 07/11/2003 12:31 I have yet to get group mapping to work in samba 3.0. Getting very frustrated. I'm using openldap 2.1.23 as the backend database for samba 3.0.0. I've added the base domain groups as posixAccounts to the LDAP database using smbldap-populate.pl. [EMAIL PROTECTED]:/usr/local/etc/openldap# ldapsearch -xv -b o=30greatneck,dc=home,dc=net # Administrator, Users, 30GreatNeck, home.net dn: uid=Administrator,ou=Users,o=30GreatNeck,dc=home,dc=net cn: Administrator sn: Administrator objectClass: inetOrgPerson objectClass: sambaSAMAccount objectClass: posixAccount gidNumber: 512 uid: Administrator uidNumber: 998 homeDirectory: /accounts sambaPwdLastSet: 0 sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaPwdMustChange: 2147483647 sambaHomePath: \\Lnxsrv2\accounts sambaHomeDrive: H: sambaProfilePath: \\Lnxsrv2\profiles\ sambaPrimaryGroupSID: S-1-5-21-739112995-4084651483-89095900-512 sambaLMPassword: XXX sambaNTPassword: XXX sambaAcctFlags: [U ] sambaSID: S-1-5-21-739112995-4084651483-89095900-2996 loginShell: /bin/false gecos: Netbios Domain Administrator # nobody, Users, 30GreatNeck, home.net dn: uid=nobody,ou=Users,o=30GreatNeck,dc=home,dc=net cn: nobody sn: nobody objectClass: inetOrgPerson objectClass: sambaSAMAccount objectClass: posixAccount gidNumber: 514 uid: nobody uidNumber: 999 homeDirectory: /dev/null sambaPwdLastSet: 0 sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaPwdMustChange: 2147483647 sambaHomePath: \\Lnxsrv2\accounts sambaHomeDrive: H: sambaProfilePath: \\Lnxsrv2\profiles\ sambaPrimaryGroupSID: S-1-5-21-739112995-4084651483-89095900-514 sambaLMPassword: NO PASSWORDX sambaNTPassword: NO PASSWORDX sambaAcctFlags: [NU ] sambaSID: S-1-5-21-739112995-4084651483-89095900-2998 loginShell: /bin/false # Domain Admins, Groups, 30GreatNeck, home.net # Domain Admins, Groups, 30GreatNeck, home.net dn: cn=Domain Admins,ou=Groups,o=30GreatNeck,dc=home,dc=net objectClass: posixGroup gidNumber: 512 cn: Domain Admins memberUid: Administrator description: Netbios Domain Administrators (need smb.conf configuration) # Domain Users, Groups, 30GreatNeck, home.net dn: cn=Domain Users,ou=Groups,o=30GreatNeck,dc=home,dc=net objectClass: posixGroup gidNumber: 513 cn: Domain Users description: Netbios Domain Users (not implemented yet) memberUid: kent # Domain Guests, Groups, 30GreatNeck, home.net dn: cn=Domain Guests,ou=Groups,o=30GreatNeck,dc=home,dc=net objectClass
Re: Réf. : [Samba] Net groupmap fails
When I ran smbldap_populate.pl the objectclass sambaGroupMapping was not present.I don't know if it is supposed to be created or not but when I used ldapmodify with and a file that contained: dn: cn=Domain Admins,ou=Groups,o=30GreatNeck,dc=home,dc=net add: objectclass objectclass: sambaGroupMapping sambaSID: S-1-5-21-739112995-4084651483-89095900-512 sambaGroupType: 2 Now when I run net groupmap list I get Domain Admins (S-1-5-21...512) = 512 Guess I will have to do that with all of the groups created by smbldap-populate.pl. found at archive: http://www.mail-archive.com/[EMAIL PROTECTED]/msg21134.html Am I doing this right? On Fri, 2003-11-07 at 10:31, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kent L. Nasveschuk wrote: | [EMAIL PROTECTED]:~# /usr/local/samba/bin/net groupmap add ntgroup=Domain | Admins unixgroup=Domain Admins rid=512 | Can't lookup UNIX group Domain Admins | | Is there something with initial compiling samba 3.0.0 that would disable | this? All the documentation that I've seen makes it look so easy, but I | can't get it to work. Should work as far as I can tell. try running ~ net groupmap add ntgroup=Domain Admins \ ~ unixgroup=Domain Admins rid=512 --debuglevel=10 and see if you get any clues. cheers, jerry - -- ~ -- ~ Hewlett-Packard- http://www.hp.com ~ SAMBA Team -- http://www.samba.org ~ GnuPG Key http://www.plainjoe.org/gpg_public.asc ~ You can never go home again, Oatman, but I guess you can shop there. ~--John Cusack - Grosse Point Blank (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/q7rgIR7qMdg1EfYRApNLAJ9Vl+zRDF6dcF/ILcLBXx1KUyEniQCg2jm8 awcVVG2Haash31wV5FKIRvo= =AzvU -END PGP SIGNATURE- -- Kent L. Nasveschuk [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: Réf. : [Samba] Net groupmap fails
Did run a lower debug level -d 2 which gave me a clue that there was no objectclass sambaGroupMapping. Kent On Fri, 2003-11-07 at 11:09, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 John H Terpstra wrote: |Should work as far as I can tell. try running | |~ net groupmap add ntgroup=Domain Admins \ |~ unixgroup=Domain Admins rid=512 --debuglevel=10 | |and see if you get any clues. | | | Hint: Make sure that you have all your add scripts | in place. Also, make sure that these scripts can handle | object names that have upper case characters and/or | spaces in them. Does matter here. net group map doesn't run them for you anyways. And in this case the group already existed. | PS: groupadd does NOT permit spaces or upper case | characters in a group name. In the unix group name? or the nt group name? I know the ntgroup name is fine. If the unix group name won't accept spaces, then this is a bug. (which is why I asked for a log to start with). ciao, jerry - -- ~ -- ~ Hewlett-Packard- http://www.hp.com ~ SAMBA Team -- http://www.samba.org ~ GnuPG Key http://www.plainjoe.org/gpg_public.asc ~ If we're adding to the noise, turn off this song --Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/q8OvIR7qMdg1EfYRAsyGAKDtVsl4h/vIi+E1ZuMjuV368esfwwCgxZ8W gDyTYIou+TeI+46od+gdbxU= =YkeB -END PGP SIGNATURE- -- Kent L. Nasveschuk [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] PDC can't get SID
Hello, I'm attempting to install and run Samba 3.0 with ldap backend. The system that it is on is Redhat 8.0. I get this error message when attempting to get the SID. [EMAIL PROTECTED] root]# /usr/local/samba/bin/net getlocalsid [2003/11/03 15:00:15, 0] utils/net.c:net_getlocalsid(414) Can't fetch domain SID for name: WHSF1 The smbd and nmbd are running, any suggestions? I did a similar installation on a Slackware 9 system without a hitch. Had no problem obtaining a SID for the system. -- Kent L. Nasveschuk [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
