Re: [Samba] filtering user files
- Original Message - From: Lonnie Cumberland [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, August 21, 2005 7:42 PM Subject: [Samba] filtering user files Hello all, I think that this is probably an easy question so I hope that I will be able to get a quick response. In our users directories, there are a number of dot files and folders and I was wondering if there was a way to tell Samba not to show them when a user is in their directory? Maybe some sort of file filter perhaps. thanks Lonnie Hello Check the man page for xmb.conf. There is a directive 'hide dot files'. I was testing this last week on 3.0.14 and I still saw hidden dot files from the client [XP Pro] which had folder_optionsviewsdo_not_show_hidden_files/folders enabled. Check it out and let me know how you do. Kevin B -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] filtering user files
Make that smb.conf [typo sorry] Kevin - Original Message - From: Kevin B [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, August 21, 2005 8:21 PM Subject: Re: [Samba] filtering user files - Original Message - From: Lonnie Cumberland [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, August 21, 2005 7:42 PM Subject: [Samba] filtering user files Hello all, I think that this is probably an easy question so I hope that I will be able to get a quick response. In our users directories, there are a number of dot files and folders and I was wondering if there was a way to tell Samba not to show them when a user is in their directory? Maybe some sort of file filter perhaps. thanks Lonnie Hello Check the man page for xmb.conf. There is a directive 'hide dot files'. I was testing this last week on 3.0.14 and I still saw hidden dot files from the client [XP Pro] which had folder_optionsviewsdo_not_show_hidden_files/folders enabled. Check it out and let me know how you do. Kevin B -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Migrated fine except passwords
Hello, I migrated 140 users and computer accounts from NT4 to Samba 3.0.14 with ldap today. Smbldap-tools are the latest stable version from tarball. No errors during vampire and everyone came over and the groups and group memberships populated fine. We couldn't connect to the server as any user from client PC's. The smbldaptools were set to use SSHA encryption for password attribute but phpldapadmin showed the passwords as CRYPT with only 8 chars for all users. I suspect the passwords never came over. In my previous lab, the passwords migrated as SSHA encryption and worked fine. I used smbldap-passwd to reset the password for one of the users and it shows it is now SSHA and phpldapadmin lets me confirm the password. Remote MS and Linux clients can now connect with the reset password. I can reset all the user passwords manually but wonder what I may have missed. TIA Kevin [global] unix charset = LOCALE workgroup = GDAY netbios name = GDAY1 server string = GDAY1 encrypt passwords = Yes username map = /etc/samba/smbusers log level = 0 syslog = 0 os level = 35 passdb backend = ldapsam:ldap://localhost add user script = /usr/local/sbin/smbldap-useradd -m '%u' #delete user script = /usr/local/sbin/smbldap-userdel '%u' add group script = /usr/local/sbin/smbldap-groupadd '%g' #delete group script = /usr/local/sbin/smbldap-groupdel '%g' add user to group script = /usr/local/sbin/smbldap-groupmod -m '%u' '%g' #delete user from group script = /usr/local/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/local/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/local/sbin/smbldap-useradd -w '%u' domain logons = yes preferred master = no domain master = no ldap suffix = dc=domain,dc=net ldap machine suffix = ou=People ldap user suffix = ou=People ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap admin dn = cn=admin,dc=domain,dc=net ldap ssl = no idmap uid = 1-2 idmap gid = 1-2 logon path = logon drive = H: wins support = yes [homes] comment = Home Directories valid users = %S read only = no browseable = no -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Migrated fine except passwords
Kevin B wrote: Hello, We couldn't connect to the server as any user from client PC's. The smbldaptools were set to use SSHA encryption for password attribute but phpldapadmin showed the passwords as CRYPT with only 8 chars for all users. I suspect the passwords never came over. In my previous lab, the passwords migrated as SSHA encryption and worked fine. You know that no POSIX passwd info will come over don't you? To do that the samba passwd stuff would have to be cracked ond then put into SSHA or MD5 format. Which the tools don't do. So you will only get the samba passwd and then if you are wanting to use other linux services that require POSIX passwords you will need to use some of the password sync option s in smb.conf. Cheers GS Hello I dodn't know that. What I discovered later on was that when I originally migrated, I had some errors getting groups to come over. So I removed all of the .tdb and .dat files and deleted the ldap files to start over with everything neat and tidy. I fixed the errors and the migration looked perfect. What I didn't do was remove all of the users home directories. When I vampired the second time, I rec'd no errors but the uid mappings on the filesystem in were all messed up. I didn't see that untill a couple of hours later. The effect of this was the user could see their home directory [so they did auth propery with CRYPT] but they could not connect to their own home directory as it was 'owned' by some other uid. So I removed everything including the /home directories and now they connect. I'm not sure why a password reset with SSHA did anything but it's all good now running with CRYPT. Thanks for the info and the prompt reply. Kevin B -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Documentation clarification re: SLES9 and nsswitch
On Tuesday 02 August 2005 23:03, Kevin B wrote: Hello, I've been unable to succeed with Samba-Ldap setup on SLES9 until this evening. I thought I had a PAM issue but that was not the case. To cut to the chase, I ran Yast's 'ldap-server' module without any changes as it found the ldap server settings. Once finished I could join the domain from XP Pro which is what I was unable to do. I checked what Yast did and it reset /etc/nsswitch.conf -with- the 'compat' entries that are Hello, Thanks for taking the time to respond. Did you also check to see how yast2 configured your /etc/ldap.conf file? Looks like it didn't touch it. It's as I left it. I never used Yast until yesterday as the doc's don't use it. Everything was done with vi. not to be used according to the 'Examples' Doc's: http://us1.samba.org/samba/docs/man/Samba-Guide/happy.html#sbehap-PAM-NSS [note the warning box re: Suse at 5.4-5.5] You can use the SUSE provided method - but it is unique to SUSE Linux. The documentation provides a method of implementation that is fully portable across Linux systems. That's why I was concerned I had a problem unique to SLES9. On my Centos4.1 box, the 'compat' lines were removed and the server works fine. On SLES9 I can only succeed with 'compat'. Remove them and it fails to find 'root' username to join. Did you follow the diagnostic info provided in chapter 5? What did you find? getent worked. I missed the test of 'id'. Everything else seemed to work normally. Re: the Docs, I guess I assumed that Suse9 and SLES9 would act the same way. They must not. I'll have to setup a Suse9 box to test it. The devil is in all the details. I suggest that to get a handle on the differences you need to compare the SUSE yast2 generated configuration with the example configurations I provided in the Samba3-ByExample book. Also, in chapter 5, section 5.3.1.7, you will find detailed diagnostic hints by which you can debug the LDAP/NSS configuration. Have fun! I've read it many times. I'll read it again. Can anyone verify this please? What answer are you looking for? How much more detail that I have already provided do you believe is needed to remove all doubt? - John T. Just looking to see if anyone else on SLES9 had to use 'compat' in nsswitch. I wonder if I must have something else wrong to have it only working with the 'compat' lines in nsswitch. Your response is very clear and I have no doubt since I see it working on 2 platforms. The documentation is very thorough and very appreciated. I hope my question didn't come across as complaining. Emails can sometimes come across with a different tone than intended. I'm grateful for all the work you do. 'My' issue is getting more familiar with Suse as you stated above. I'm sure someone else will make the errors I've made and have to resolve them the way I did. My goal is to learn this correctly and have some fun in the process. Thank you for your help. Sincerly, Kevin B -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Documentation clarification re: SLES9 and nsswitch
Hello, I've been unable to succeed with Samba-Ldap setup on SLES9 until this evening. I thought I had a PAM issue but that was not the case. To cut to the chase, I ran Yast's 'ldap-server' module without any changes as it found the ldap server settings. Once finished I could join the domain from XP Pro which is what I was unable to do. I checked what Yast did and it reset /etc/nsswitch.conf -with- the 'compat' entries that are not to be used accorting to the 'Examples' Doc's: http://us1.samba.org/samba/docs/man/Samba-Guide/happy.html#sbehap-PAM-NSS [note the warning box re: Suse at 5.4-5.5] On my Centos4.1 box, the 'compat' lines were removed and the server works fine. On SLES9 I can only succeed with 'compat'. Remove them and it fails to find 'root' username to join. Re: the Docs, I guess I assumed that Suse9 and SLES9 would act the same way. They must not. I'll have to setup a Suse9 box to test it. Can anyone verify this please? Thanks in advance to the samba team and everyone here who helps out on the list. Kevin B -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Upgrade to 3.0.14??
Hellp I have a simple RH9 samba server running samba 2.2.12 from fedoralegacy.org. They have a 5 user Quickbooks company file that's 200mb. They complain opening the file is getting slower [obviously] as they add more data and the file grows. If I upgrade samba to 3.0.14 will that help with performance? The LAN is 100mbps and the server is Dell P3-2.2 with 640ram and scsi drives in Raid1 [perc3]. TIA Kevin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] PAM problem on SLES9
Hello, I was setting up Samba 3.0.14 PDC on SLES9, migrating from NT4. I had all kinds of problems after successfull migration of user accounts that I was thinking were PAM related on the SLES9 box. The howto has the PAM setup for SLES9: http://us5.samba.org/samba/docs/man/Samba-Guide/happy.html#sbehap-PAM-NSS 'strings'shows pam_unix2.so is ldap aware but I tried both ways described. Neither worked for me. Since I was never able to succeed with SLES9, I setup a Centos4.1 box with Samba 3.0.10, migrated the users, Joined the domain with XP Pro, Logged in as any user, logon scripts, roaming profiles etc all work without any single error during my setup from scratch. Centos [RHEL based] has 'authconfig' to setup PAM to use LDAP. IIRC Yast doesn't have a utility to setup PAM. Can anyone that has SLES9 working share the details of the setup with me? Thanks in advance. Kevin B -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Understaning Domain Name Resolution
Hello, I've read chapter 4 [and all other chapters btw] of the Samba by Example latest version online and the mailing list archives and have a question re: domain name resolution. If I have a domain 'AD.NET' I can setup a zone in Bind with an SRV record and my XP Pro clients can find the domain controller and join the domain. A simple zone looks like this: $ttl 38400 ad.net. IN SOA ad.ad.net. admin.ad.net. ( 1113970738 10800 3600 604800 38400 ) ad.net. IN NS ad.ad.net. ad.ad.net. IN A 192.168.4.3 _ldap._tcp.dc._msdcs.ad INSRV ad.ad.net Now if my domain name happens to be 'AD' instead of 'AD.NET', I have problems when joining the domain, XP Pro reports it cannot find the SRV record. I tried defining domain 'AD' in dhcp scope instead of DNS [per chapter 4] and tried running the Samba server as a WINS server and pointing XP to it. XP and the Samba DC are registering in wins.dat -but- it still fails looking for an SRV record. Ethereal shows XP asking the whole lan for the DC via DNS and no one knows it. So I setup a master zone in bind for 'AD'[removing '.net' from each relevent line] above but still the DC cannot be found. I'm sure a lot of old NT4 domains were single name so I'm hoping someone has resolved this before. Any pointers are greatly appreciated. Hi I had some time to work on this tonight. I ended up creating an entry in XP LMHOSTS file 192.168.4.200 SLES9 #PRE #DOM:DOMAIN Joining the domain still errors with 'no such user' -but- ethereal [filtering for SAMR] show the communication between the 2 hosts. XP now finds the DC which is great. I reset the root passwd to be sure but still fail to join. I verified roots password with phpldapadmin. So I try to SSH to the server with putty just to see if I can login. It asks me for root password and once I enter it, it now asks me for 'LDAP Password'. I've never seen a double prompt for a password. Any ideas?? Thanks in advance?? Kevin B -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Understaning Domain Name Resolution
Hello, I've read chapter 4 [and all other chapters btw] of the Samba by Example latest version online and the mailing list archives and have a question re: domain name resolution. If I have a domain 'AD.NET' I can setup a zone in Bind with an SRV record and my XP Pro clients can find the domain controller and join the domain. A simple zone looks like this: $ttl 38400 ad.net. IN SOA ad.ad.net. admin.ad.net. ( 1113970738 10800 3600 604800 38400 ) ad.net. IN NS ad.ad.net. ad.ad.net. IN A 192.168.4.3 _ldap._tcp.dc._msdcs.ad INSRV ad.ad.net Now if my domain name happens to be 'AD' instead of 'AD.NET', I have problems when joining the domain, XP Pro reports it cannot find the SRV record. I tried defining domain 'AD' in dhcp scope instead of DNS [per chapter 4] and tried running the Samba server as a WINS server and pointing XP to it. XP and the Samba DC are registering in wins.dat -but- it still fails looking for an SRV record. Ethereal shows XP asking the whole lan for the DC via DNS and no one knows it. So I setup a master zone in bind for 'AD'[removing '.net' from each relevent line] above but still the DC cannot be found. I'm sure a lot of old NT4 domains were single name so I'm hoping someone has resolved this before. Any pointers are greatly appreciated. Thanks in advance. Kevin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] NT4 migration errors
Kevin B wrote: Geoff kindly replied... It also looks like the /home directoy has everyones $HOME but the uid and gid for each user is numeric instead of resolving the username and groupname [same as before btw]. Thanks for the help Geoff. If you have any more ideas let me know :] Kevin net rpc vampire -S nt4 -W DOMAIN Fetching DOMAIN database Creating unix group: 'Domain Admins' /usr/local/sbin/smbldap-groupadd: group Domain Admins exists [2005/07/14 14:27:20, 0] groupdb/mapping.c:smb_create_group(978) smb_create_group: Running the command `/usr/local/sbin/smbldap-groupadd 'Domain Admins'' gave 6 Creating unix group: 'Domain Users' /usr/local/sbin/smbldap-groupadd: group Domain Users exists [2005/07/14 14:27:20, 0] groupdb/mapping.c:smb_create_group(978) smb_create_group: Running the command `/usr/local/sbin/smbldap-groupadd 'Domain Users'' gave 6 Creating unix group: 'Domain Guests' /usr/local/sbin/smbldap-groupadd: group Domain Guests exists [2005/07/14 14:27:21, 0] groupdb/mapping.c:smb_create_group(978) smb_create_group: Running the command `/usr/local/sbin/smbldap-groupadd 'Domain Guests'' gave 6 Creating unix group: 'Sales' Creating unix group: 'Accounting' Creating account: Administrator Could not create posix account info for 'Administrator' You need to revisit: http://au1.samba.org/samba/docs/man/Samba-Guide/happy.html#sbehap-PAM-NSS Your systems ability to resolve posix info is hosed or not set up properly. Geoff Hi Thanks for the help. I was confinced it was PAM related. I found my slap.conf was config'd like my standalone domain controller, or the wrong/old doc's [too late to research that] the samples at the bottom. We migrated users and groups tonight in the lab :) Question... In Chapter 9, it says to leave smbd off untill after shutting down the PDC and BDCs -but- the smbldap-tools ./configure.pl script complains if it's not running. I start it and then stop it immediatly after running ./configure.pl. Does the documentation need updating?? It seems this method is ok. Thanks for the help. Kevin ### Incorrect ## # Indices to maintain for this database #index objectClass eq,pres #index ou,cn,mail,surname,givenname eq,pres,sub #index uidNumber,gidNumber,loginShelleq,pres #index uid,memberUid,displayName eq,pres,sub #index nisMapName,nisMapEntryeq,pres,sub #index sambaSIDeq #index sambaPrimaryGroupSIDeq #index sambaDomainName eq #index default sub Correct # index objectClass eq index cn pres,sub,eq index sn pres,sub,eq index uid pres,sub,eq index displayName pres,sub,eq index uidNumber eq index gidNumber eq index memberUid eq index sambaSID eq index sambaPrimaryGroupSIDeq index sambaDomainName eq index default sub -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] NT4 migration errors
Hi I've setup samba 3.0.14 with the latest idealx scripts on FC3. Now I have a test lab to migrate from NT4 box which different than the standalone PDC I have running. Here's the order I used and my ldap and samba configs are clean as far as I can tell since I do get a partial migration. When using 'net rpc vampire -S nt4 -W DOMAIN' it populates the groups from NT4 and shows the group membership but the users fail to come over. Here's what I've done so far. BTW SLES9 server. [continued below] From a clean ldap database I add in the top level ldif: -- dn: dc=kblan,dc=com o: kblan objectClass: top objectClass: dcObject objectClass: organization dc: kblan Then ldapadd the preload ldif to be ready for the NT4 accounts: -- dn: cn=admin,dc=kblan,dc=com objectClass: organizationalRole cn: admin description: Directory Manager dn: ou=People,dc=kblan,dc=com objectClass: top objectClass: organizationalUnit ou:People dn: ou=Groups,dc=kblan,dc=com objectClass: top objectClass: organizationalUnit ou:Groups dn: ou=Idmap,dc=kblan,dc=com objectClass: top objectClass: organizationalUnit ou:Idmap dn: ou=Domains,dc=kblan,dc=com objectClass: top objectClass: organizationalUnit ou:Domains Then ldapadd the NextFreeUnixID ldif: - dn: cn=NextFreeUnixId,dc=kblan,dc=com objectClass: inetOrgPerson objectClass: sambaUnixIdPool uidNumber: 1000 gidNumber: 1000 cn: NextFreeUnixId sn: NextFreeUnixId Next add the smbpasswd to secrets.tdb. Then grab the NT4 SID: net rpc getsid -S nt4 -W DOMAIN [which succeeds and tdbdump shows it] Now join the domain: net rpc join -S nt4 -W DOMAIN -U Administrator%34567 [it joins] Now we migrate: I'll show the 'net rpc vampire' first and then show a slapcat dump of the ldap contents after migrating. Comparing to the standalone PDC I setup before, it seems I'm missing the sambaSamAccount object and all the relevant attributes, but I don't know if in fact they are 'supposed' to existwhen migrating from NT4 [??]. In any case, I need some help to get the migration done whatever my mistakes are. I only have 2 groups and a couple of members in each group. I don't have any local /etc/group entries other than for services. [all gid less than 100] Everything should be in ldap. Any help is greatly appreciated. Thanks in advance. Kevin linux:~ # net rpc vampire -S nt4 -W DOMAIN Fetching DOMAIN database Creating unix group: 'Domain Admins' Creating unix group: 'Domain Users' Creating unix group: 'Domain Guests' Creating unix group: 'Sales' Creating unix group: 'Accounting' Creating account: Administrator Error: SID not set for unix group 1001 check if your unix group is mapped to an NT group [2005/07/14 12:18:55, 0] utils/net_rpc_samsync.c:fetch_account_info(527) fetch_account: Running the command `/usr/local/sbin/smbldap-useradd -a -m 'Administrator'' gave 7 Could not create posix account info for 'Administrator' Creating account: Guest Error: SID not set for unix group 1001 check if your unix group is mapped to an NT group [2005/07/14 12:18:56, 0] utils/net_rpc_samsync.c:fetch_account_info(527) fetch_account: Running the command `/usr/local/sbin/smbldap-useradd -a -m 'Guest'' gave 7 Could not create posix account info for 'Guest' Creating account: NT4$ Can't call method get_value on an undefined value at /usr/local/sbin/smbldap-useradd line 171, DATA line 283. [2005/07/14 12:18:56, 0] utils/net_rpc_samsync.c:fetch_account_info(527) fetch_account: Running the command `/usr/local/sbin/smbldap-useradd -a -w 'NT4$'' gave 3 Could not create posix account info for 'NT4$' Creating account: IUSR_NT4 Error: SID not set for unix group 1001 check if your unix group is mapped to an NT group [2005/07/14 12:18:57, 0] utils/net_rpc_samsync.c:fetch_account_info(527) fetch_account: Running the command `/usr/local/sbin/smbldap-useradd -a -m 'IUSR_NT4'' gave 7 Could not create posix account info for 'IUSR_NT4' Creating account: sales1 Error: SID not set for unix group 1001 check if your unix group is mapped to an NT group [2005/07/14 12:18:58, 0] utils/net_rpc_samsync.c:fetch_account_info(527) fetch_account: Running the command `/usr/local/sbin/smbldap-useradd -a -m 'sales1'' gave 7 Could not create posix account info for 'sales1' Creating account: sales2 Error: SID not set for unix group 1001 check if your unix group is mapped to an NT group [2005/07/14 12:18:58, 0] utils/net_rpc_samsync.c:fetch_account_info(527) fetch_account: Running the command `/usr/local/sbin/smbldap-useradd -a -m 'sales2'' gave 7 Could not create posix account info for 'sales2' Creating account: acct1 Error: SID not set for unix group 1001 check if your unix group is mapped to an NT group [2005/07/14 12:18:59, 0] utils/net_rpc_samsync.c:fetch_account_info(527) fetch_account: Running the command
RE: [Samba] NT4 migration errors
Geoff kindly replied... It kind of looks like you are working off an old copy of the Samba3 by example book. Would that be right? Hello Geoff Most likely. The samba site looks newer than the pdf I used. I'll try it. I just checked through some of the output in you post, and think that I am spot on with that assumption. You are using: add user script = /usr/local/sbin/smbldap-useradd -a -m '%u' In you smb.conf aren't you? It should be: add user script = /usr/local/sbin/smbldap-useradd -m '%u' No *-a* flag. Samba now takes care of the samba attributes for a user. You are correct. I recall at one point I had to add the -a to fix some other problem. Sounds like my whole approach was a bit off [or maybe a byte] so that fix wasn't really relevent. Without looking too hard at what you are doing, I would suggest that you follow the online version where you'll see that the smbldap-tools make it very easy to set up the initial groups by doing the following: Set up your smb.conf Go to the smbldap-tools directory and run the configure.pl to configure the tools. The tools now pick up most of your settings from the smb.conf Run the smbldap-populate script as per JHT's example (the reason that I suggest this is that it will reduce any human errors made in creating the initial ldif) Then follow on as before, checking against the examples shown in the samba3 I'd be interested to see if you still had problems after that. Happy samba-ing, Geoff I wiped the ldap clean and did as you advised. Everything was looking good up to this point [step 16]: pc-00129:~ # net groupmap list Domain Admins (S-1-5-21-1348277581-813059936-1947940980-512) - 512 Domain Users (S-1-5-21-1348277581-813059936-1947940980-513) - 513 Domain Guests (S-1-5-21-1348277581-813059936-1947940980-514) - 514 Domain Computers (S-1-5-21-1348277581-813059936-1947940980-515) - 515 Administrators (S-1-5-32-544) - 544 Account Operators (S-1-5-32-548) - 548 Print Operators (S-1-5-32-550) - 550 Backup Operators (S-1-5-32-551) - 551 Replicators (S-1-5-32-552) - 552 The migration step result is different than before, but says it still fails to add the users -but- they were added. [current slapcat dump below] I see more of the samba objectclasses and attributes added but users are not listed in their group. It also looks like the /home directoy has everyones $HOME but the uid and gid for each user is numeric instead of resolving the username and groupname [same as before btw]. Thanks for the help Geoff. If you have any more ideas let me know :] Kevin net rpc vampire -S nt4 -W DOMAIN Fetching DOMAIN database Creating unix group: 'Domain Admins' /usr/local/sbin/smbldap-groupadd: group Domain Admins exists [2005/07/14 14:27:20, 0] groupdb/mapping.c:smb_create_group(978) smb_create_group: Running the command `/usr/local/sbin/smbldap-groupadd 'Domain Admins'' gave 6 Creating unix group: 'Domain Users' /usr/local/sbin/smbldap-groupadd: group Domain Users exists [2005/07/14 14:27:20, 0] groupdb/mapping.c:smb_create_group(978) smb_create_group: Running the command `/usr/local/sbin/smbldap-groupadd 'Domain Users'' gave 6 Creating unix group: 'Domain Guests' /usr/local/sbin/smbldap-groupadd: group Domain Guests exists [2005/07/14 14:27:21, 0] groupdb/mapping.c:smb_create_group(978) smb_create_group: Running the command `/usr/local/sbin/smbldap-groupadd 'Domain Guests'' gave 6 Creating unix group: 'Sales' Creating unix group: 'Accounting' Creating account: Administrator Could not create posix account info for 'Administrator' Creating account: Guest Could not create posix account info for 'Guest' Creating account: NT4$ Could not create posix account info for 'NT4$' Creating account: IUSR_NT4 Could not create posix account info for 'IUSR_NT4' Creating account: sales1 Could not create posix account info for 'sales1' Creating account: sales2 Could not create posix account info for 'sales2' Creating account: acct1 Could not create posix account info for 'acct1' Creating account: acct2 Could not create posix account info for 'acct2' Creating account: sles9$ Could not create posix account info for 'sles9$' [2005/07/14 14:27:32, 0] utils/net_rpc_samsync.c:fetch_group_mem_info(675) Could not find global group 512 [2005/07/14 14:27:32, 0] utils/net_rpc_samsync.c:fetch_group_mem_info(675) Could not find global group 513 [2005/07/14 14:27:32, 0] utils/net_rpc_samsync.c:fetch_group_mem_info(675) Could not find global group 514 [2005/07/14 14:27:32, 0] utils/net_rpc_samsync.c:fetch_group_mem_info(675) Could not find global group 1006 [2005/07/14 14:27:32, 0] utils/net_rpc_samsync.c:fetch_group_mem_info(675) Could not find global group 1007 Fetching BUILTIN database skipping SAM_DOMAIN_INFO delta for 'Builtin' (is not my domain) Creating unix group: 'Account Operators' /usr/local/sbin/smbldap-groupadd: group Account Operators exists [2005/07/14 14:27:33, 0] groupdb/mapping.c:smb_create_group(978) smb_create_group: Running the command
[Samba] Samba LDAP replication weirdness...
I have the PDC/BDC with a master slave LDAP directory set up and operating. One problem is that I've only been able to get the LDAP Master/Slave replication working if I use Manager as the binddn for the replication. I'm using the IDEALX smbldap tools. If I use another user I get a ERROR: Insufficient access: no write access to entry error and a .rej file is created. Each entry shows modifiersName: cn=Manager,dc=mphqcops,dc=opmg,dc=local for all the change entries. Isn't this supposed to match the binddn entry from the slapd.conf file Kevin B. McCrory Network Engineer - COPS US Government Solutions 13600 EDS Drive Mail stop: A4S-B21 Herndon, VA 20171 * phone: +01-703-733-3255 * mailto:[EMAIL PROTECTED] * AKO mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba-3 By Example correction...
Chapter 7, Section 7.3 Step 3 needs a correction: The step has users create an admin-accts.ldif file. As currently written the userpaddword: not24get should be userPassword with the P capitalized. Failure to have this causes a replication error: access denied since the password for updateuser is never loaded. Kevin B. McCrory Network Engineer - COPS US Government Solutions 13600 EDS Drive Mail stop: A4S-B21 Herndon, VA 20171 * phone: +01-703-733-3255 * mailto:[EMAIL PROTECTED] * AKO mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] PDC Samba 3+LDAP
Domain: ARZUR-NT ^ | There's your problem. Get rid of the - in the domain name. Windows machines can't handle anything other than alpha-numerics in the Domain name. Kevin B. McCrory Network Engineer - COPS US Government Solutions 13600 EDS Drive Mail stop: A4S-B21 Herndon, VA 20171 * phone: +01-703-733-3255 * mailto:[EMAIL PROTECTED] * AKO mailto:[EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, March 18, 2005 11:14 AM To: samba@lists.samba.org Subject: [Samba] PDC Samba 3+LDAP Hello all, I've some problem with my new Samba / Ldap PDC : I cannot join the Domain from Windows (XP) computers Okay, all configuration seem to be okay on the serveur, I can create Users,Computers for samba (and unix) I put here some config file, if someone can help me, I'm on since 5 days, it's my first PDC so I use the tutorial from Idealx (smbldap-howto) getent passwd give me local and ldap account (here are the LDAP account) ... Administrateur:x:0:512:Netbios Domain Administrator:/root:/sbin/nologin nobody:x:999:514:nobody:/dev/null:/sbin/nologin bdupuis:x:1005:512:Benjamin Dupuis:/home/data1/samba/bdupuis:/sbin/nologin POIL-BAREBONE$:x:1008:515:Computer:/dev/null:/sbin/nologin POIL-BAREBONE is a computer is it normal smbldap-tools add me a $ to computer's name? pdbedit -Lv give me samba accout (here is just the Administrator): Unix username:Administrateur NT username: Administrateur Account Flags:[U ] User SID: S-1-5-21-3150904180-1303617548-1471141863-1000 Primary Group SID:S-1-5-21-1911238739-97561441-2706018148-512 Full Name:Administrateur Home Directory: \\PDC-SMB3\homes\Administrator HomeDir Drive:X: Logon Script: logon.bat Profile Path: \\PDC-SMB3\profiles\Administrator\ Domain: ARZUR-NT Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Tue, 19 Jan 2038 04:14:07 GMT Kickoff time: Tue, 19 Jan 2038 04:14:07 GMT Password last set:Fri, 18 Mar 2005 16:15:41 GMT Password can change: 0 Password must change: Sat, 25 Jun 2005 17:15:41 GMT Last bad password : 0 Bad password count : 0 Logon hours : FF init_sam_from_ldap: Entry found for user: nobody Now when I try to join the domain From windows XP, I enter username : bdupuis password: toto domain name : ARZUR-NT computer name : POIL-BAREBONE (I try POIL-BAREBONE$ also) User name: Administrateur password: toto domain name : ARZUR-NT and I have an error Log on Samba : [2005/03/18 17:08:34, 2] lib/smbldap.c:smbldap_open_connection(692) smbldap_open_connection: connection opened [2005/03/18 17:08:34, 2] passdb/pdb_ldap.c:init_sam_from_ldap(518) init_sam_from_ldap: Entry found for user: Administrateur [2005/03/18 17:08:34, 2] passdb/pdb_ldap.c:init_group_from_ldap(2057) init_group_from_ldap: Entry found for group: 512 [2005/03/18 17:08:34, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [Administrateur] - [Administrateur] - [Administrateur] succeeded [2005/03/18 17:08:34, 2] smbd/server.c:exit_server(575) Closing connections Log on LDAP : Mar 18 17:08:50 mastok slapd[5569]: conn=131 fd=8 ACCEPT from IP=127.0.0.1:33002 (IP=0.0.0.0:389) Mar 18 17:08:50 mastok slapd[5569]: conn=131 op=0 BIND dn=cn=samba,ou=DSA,dc=arzur,dc=local method=128 Mar 18 17:08:50 mastok slapd[5569]: conn=131 op=0 BIND dn=cn=samba,ou=DSA,dc=ARZUR,dc=LOCAL mech=SIMPLE ssf=0 Mar 18 17:08:50 mastok slapd[5569]: conn=131 op=0 RESULT tag=97 err=0 text= Mar 18 17:08:50 mastok slapd[5569]: conn=131 op=1 SRCH base=dc=arzur,dc=local scope=2 deref=0 filter=((uid=arzur)(objectClass=sambaSamAccount)) Mar 18 17:08:50 mastok slapd[5569]: conn=131 op=1 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp Mar 18 17:08:50 mastok slapd[5569]: conn=131 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text= Mar 18 17:09:00 mastok slapd[5569]: conn=131 fd=8 closed Mar 18 17:09:01 mastok slapd[5569]: conn=132 fd=8 ACCEPT from IP=127.0.0.1:33004 (IP=0.0.0.0:389) Mar 18 17:09:01 mastok slapd[5569]: conn=132 op=0 BIND dn=cn=samba,ou=DSA,dc=arzur,dc=local method=128 Mar 18 17:09:01 mastok slapd[5569]: conn=132 op=0 BIND dn=cn=samba,ou=DSA,dc=ARZUR,dc=LOCAL mech=SIMPLE ssf=0 Mar 18 17:09:01 mastok slapd[5569]: conn=132 op=0 RESULT tag=97
RE: [Samba] PDC Samba 3+LDAP
I have had issues with joining windows servers to domains that have a - in the Domain Name. I ran into the same problem when I was creating an Active Directory Domain and used a - as in opmg-cops.opmg-eds.local. I had nothing but problems. Changed the domain name to opmgcops.opmg-eds.local and it worked fine. When building the Samba PDC/BDC to replace AD I again used a -. The Linux BDC could join the domain but my Windows 2000 and XP machines were getting rejected. Took the - out and they joined fine. My rule of thumb (which I violated this past week) is not to use special characters in the Windows Domain name. It has caused me problems in the past. If its working for you, fantastic. My experience has been to the contrary. If you're just building things, it should be a fairly easy task to change the name. Cheers. Kevin B. McCrory Network Engineer - COPS US Government Solutions 13600 EDS Drive Mail stop: A4S-B21 Herndon, VA 20171 * phone: +01-703-733-3255 * mailto:[EMAIL PROTECTED] * AKO mailto:[EMAIL PROTECTED] -Original Message- From: Prakash Velayutham [mailto:[EMAIL PROTECTED] Sent: Friday, March 18, 2005 4:11 PM To: Mccrory, Kevin B Cc: [EMAIL PROTECTED]; samba@lists.samba.org Subject: Re: [Samba] PDC Samba 3+LDAP Hi, Are you sure about this? Here is my pdbedit -Lv output. Looks like Windows does accept '-' in the domain name. My windows clients join the domain just fine, and the users do login to the PDC without any hitches. Unix username: NT username: Account Flags:[U ] User SID: S-1-5-21-709429014-924526411-3950163471-15102 Primary Group SID:S-1-5-21-709429014-924526411-3950163471-513 Full Name:X X - Network User Home Directory: \\MCPILDAP1\homes\winprofile HomeDir Drive:Z: Logon Script: scripts\logon.bat Profile Path: \\MCPILDAP1\homes\winprofile Domain: CMC-NT Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Mon, 18 Jan 2038 22:14:07 GMT Kickoff time: Mon, 18 Jan 2038 22:14:07 GMT Password last set:Tue, 08 Mar 2005 17:05:12 GMT Password can change: Tue, 08 Mar 2005 17:05:12 GMT Password must change: Mon, 18 Jan 2038 22:14:07 GMT Last bad password : 0 Bad password count : 0 Logon hours : FF Prakash Mccrory, Kevin B wrote: Domain: ARZUR-NT ^ | There's your problem. Get rid of the - in the domain name. Windows machines can't handle anything other than alpha-numerics in the Domain name. Kevin B. McCrory Network Engineer - COPS US Government Solutions 13600 EDS Drive Mail stop: A4S-B21 Herndon, VA 20171 * phone: +01-703-733-3255 * mailto:[EMAIL PROTECTED] * AKO mailto:[EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, March 18, 2005 11:14 AM To: samba@lists.samba.org Subject: [Samba] PDC Samba 3+LDAP Hello all, I've some problem with my new Samba / Ldap PDC : I cannot join the Domain from Windows (XP) computers Okay, all configuration seem to be okay on the serveur, I can create Users,Computers for samba (and unix) I put here some config file, if someone can help me, I'm on since 5 days, it's my first PDC so I use the tutorial from Idealx (smbldap-howto) getent passwd give me local and ldap account (here are the LDAP account) ... Administrateur:x:0:512:Netbios Domain Administrator:/root:/sbin/nologin nobody:x:999:514:nobody:/dev/null:/sbin/nologin bdupuis:x:1005:512:Benjamin Dupuis:/home/data1/samba/bdupuis:/sbin/nologin POIL-BAREBONE$:x:1008:515:Computer:/dev/null:/sbin/nologin POIL-BAREBONE is a computer is it normal smbldap-tools add me a $ to computer's name? pdbedit -Lv give me samba accout (here is just the Administrator): Unix username:Administrateur NT username: Administrateur Account Flags:[U ] User SID: S-1-5-21-3150904180-1303617548-1471141863-1000 Primary Group SID:S-1-5-21-1911238739-97561441-2706018148-512 Full Name:Administrateur Home Directory: \\PDC-SMB3\homes\Administrator HomeDir Drive:X: Logon Script: logon.bat Profile Path: \\PDC-SMB3\profiles\Administrator\ Domain: ARZUR-NT Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Tue, 19 Jan 2038 04:14:07 GMT Kickoff time: Tue, 19 Jan 2038 04:14:07 GMT Password last set:Fri, 18 Mar 2005 16:15:41 GMT Password can change: 0 Password must change: Sat, 25 Jun 2005 17:15:41 GMT Last bad password : 0 Bad password count : 0 Logon hours : FF init_sam_from_ldap: Entry found for user: nobody Now when I try to join the domain From windows XP, I enter username : bdupuis password: toto domain
RE: [Samba] Problem joining a Samba 3 domain - DC can't be contac ted
Change the domain name to sambadomain. Having the - in the name prevents the windows machines from joining. I ran into the same problem here. Kevin B. McCrory Network Engineer - COPS US Government Solutions 13600 EDS Drive Mail stop: A4S-B21 Herndon, VA 20171 * phone: +01-703-733-3255 * mailto:[EMAIL PROTECTED] * AKO mailto:[EMAIL PROTECTED] -Original Message- From: fatima riadi [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 16, 2005 12:28 PM To: Mccrory, Kevin B; samba@lists.samba.org Subject: RE: [Samba] Problem joining a Samba 3 domain - DC can't be contac ted My domain name is SAMBA-DOMAIN, I can't join it from a win 2003 machine. Now, if I try to join it from a XP machine, I am asked to enter a username and password for a user allowed to join the domain, however, the info I enter is not accepted!!! Any idea please? Thank you Note: to manage joining my samba domain from a xp machine, I had to change a registry key. --- Mccrory, Kevin B [EMAIL PROTECTED] wrote: What is your domain name? If you have special characters in the domain name the workstations won't join properly. The domain name should be all one word. Kevin B. McCrory Network Engineer - COPS US Government Solutions 13600 EDS Drive Mail stop: A4S-B21 Herndon, VA 20171 * phone: +01-703-733-3255 * mailto:[EMAIL PROTECTED] * AKO mailto:[EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of fatima riadi Sent: Wednesday, March 16, 2005 11:59 AM To: samba@lists.samba.org Subject: [Samba] Problem joining a Samba 3 domain - DC can't be contacted Dear all, I configured samba 3.0.11 as PDC with openLDAP. Wehen I try to join my samba domain from a windows machine (XP or 2003) I get this error message a domain controller for the domain my_samba_domain could not be contacted. Do have any idea of what is hapening? Just for reference: I do not have a dns server. Regards. Découvrez nos promotions exclusives destination de la Tunisie, du Maroc, des Baléares et la Rép. Dominicaine sur Yahoo! Voyages : http://fr.travel.yahoo.com/promotions/mar14.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Découvrez nos promotions exclusives destination de la Tunisie, du Maroc, des Baléares et la Rép. Dominicaine sur Yahoo! Voyages : http://fr.travel.yahoo.com/promotions/mar14.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] W2K Server and Workstation can't join SMB/LDAP domain
I found the error. MS Windows Domain names can't have special characters in them. I forgot about that little wrinkle. Changed Domain mphq-cops.opmg.local to mphqcops.opmg.local and everything is working fine. Kevin B. McCrory Network Engineer - COPS US Government Solutions 13600 EDS Drive Mail stop: A4S-B21 Herndon, VA 20171 * phone: +01-703-733-3255 * mailto:[EMAIL PROTECTED] * AKO mailto:[EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mccrory, Kevin B Sent: Monday, March 14, 2005 6:02 PM To: samba@lists.samba.org Subject: [Samba] W2K Server and Workstation can't join SMB/LDAP domain I have a SMB Domain set up with a PDC and BDC. The BDC is joined to the PDC domain fine and shows up in the LDAP directory. I can add and delete users to the LDAP directory. I can use the user accounts to access the Linux boxes. My W2K boxes see the domain and domain servers when browsing. I can access the shared drive on the PDC. I cannot join the Windows servers to the domain. I get an error that the domain mphq-cops can't be located. I've run an nbtstat that shows the domain name listed and its resolving to the correct IP address. In fact I turned off the BDC for a while so that there would only be one DC in the mix in case my config was wrong. The W2K machines showed the domain with the PDC IP address. When I turned the BDC back on nbstat showed the domain name resolving to the BDC ip address which is what I would expect would happen. I've tried adding the workstation accounts manually using smbldap-useradd -w . The machine name correctly appears when I do a ldapsearch -x -b however using getent group does not show the machine names in the Domain Computers group. Is this normal? I've checked and rechecked the Administrator account and made sure the password is correct for the account. Not sure where to go from here... Some pointers on what to look at would be greatly appreciated... Thanks Kevin B. McCrory Network Engineer - COPS US Government Solutions 13600 EDS Drive Mail stop: A4S-B21 Herndon, VA 20171 * phone: +01-703-733-3255 * mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] * AKO mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Changing SMB Administrator account name
How do you change the Administrator account name for Samba/LDAP? On all of our Windows machines we change the default Administrator account name to something else. I want to do that for the Samba/LDAP PDC so that all the machines are in sync. Kevin B. McCrory Network Engineer - COPS US Government Solutions 13600 EDS Drive Mail stop: A4S-B21 Herndon, VA 20171 * phone: +01-703-733-3255 * mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] * AKO mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] W2K Server and Workstation can't join SMB/LDAP domain
I have a SMB Domain set up with a PDC and BDC. The BDC is joined to the PDC domain fine and shows up in the LDAP directory. I can add and delete users to the LDAP directory. I can use the user accounts to access the Linux boxes. My W2K boxes see the domain and domain servers when browsing. I can access the shared drive on the PDC. I cannot join the Windows servers to the domain. I get an error that the domain mphq-cops can't be located. I've run an nbtstat that shows the domain name listed and its resolving to the correct IP address. In fact I turned off the BDC for a while so that there would only be one DC in the mix in case my config was wrong. The W2K machines showed the domain with the PDC IP address. When I turned the BDC back on nbstat showed the domain name resolving to the BDC ip address which is what I would expect would happen. I've tried adding the workstation accounts manually using smbldap-useradd -w . The machine name correctly appears when I do a ldapsearch -x -b however using getent group does not show the machine names in the Domain Computers group. Is this normal? I've checked and rechecked the Administrator account and made sure the password is correct for the account. Not sure where to go from here... Some pointers on what to look at would be greatly appreciated... Thanks Kevin B. McCrory Network Engineer - COPS US Government Solutions 13600 EDS Drive Mail stop: A4S-B21 Herndon, VA 20171 * phone: +01-703-733-3255 * mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] * AKO mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] LDAP items that might help for How-to
Might want to include the following command in LDAP config incase LDAP doesn't start. slapd -u ldap -g ldap -d -1 This command pointed out that I hadn't copied my samba.schema to the /etc/openldap/schema directory. Might want to put that in the doc before you start LDAP. A newbie like me might pass over that little detail while following the instructions... Kevin B. McCrory Network Engineer - COPS US Government Solutions 13600 EDS Drive Mail stop: A4S-B21 Herndon, VA 20171 * phone: +01-703-733-3255 * mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] * AKO mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Chapter 6: Making Users Happy...
Not sure if this is the place to post this butI'm just going through the process of installing Samba and LDAP using the current version of Chapter 6: Making Users Happy (http://us4.samba.org/samba/docs/man/Samba-Guide/happy.html#id2557011 http://us4.samba.org/samba/docs/man/Samba-Guide/happy.html#id2557011 ) I found one error in the Install and Configure Idealx smbldap-tools Scripts...Item 4. Should read Change to the /etc/smbldap-tools/ directory, then edit the /etc/smbldap-tools/smbldap_conf.pm instead of CHange to the /opt/IDEALX/sbin/ directory then edit the /opt/IDEALX/sbin/smbldap_conf.pm . Kevin B. McCrory Network Engineer - COPS US Government Solutions 13600 EDS Drive Mail stop: A4S-B21 Herndon, VA 20171 * phone: +01-703-733-3255 * mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] * AKO mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba as PDC and BDC on the same network.
This is the way it should be working. The BDC handles authentication requests for the domain unless it becomes overloaded at which time the PDC steps in to take over. Refer to Chapter 4 section 4.2 of the Official Samba-3 HOWTO and Reference Guide that explains Domain Control. Kevin B. McCrory Network Engineer - COPS US Government Solutions 13600 EDS Drive Mail stop: A4S-B21 Herndon, VA 20171 * phone: +01-703-733-3255 * mailto:[EMAIL PROTECTED] * AKO mailto:[EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Clement DIEBOLD Sent: Wednesday, March 02, 2005 8:14 AM To: samba@lists.samba.org Subject: [Samba] Samba as PDC and BDC on the same network. I have recently configured two servers to be controlers of my domain. The first one is the PDC and is configured like : domain master = yes prefered master = yes local master = yes domain logons = yes security = user os level = 99 And the second, the BDC like : domain master = no prefered master = no local master = no domain logons = yes security = user password server = PDC BDC os level = 40 When the two servers are started, i see in the logs : DOMAIN(1) current master browser = PDC BDC 40009a03 (BDC) PDC 400c9b0b (PDC) but my clients (windows 2000 and XP) are authenticated by the BDC. I don't unterstand why it's working like this !! The PDC becomes the master if I set the domain logons option to no. Thanks. -- Clément DIEBOLD Service Informatique LMARC Université de Franche-Comté 24, chemin de l'Epitaphe 25000 Besançon Tel : 03 81 66 60 53 Fax : 03 81 66 67 00 -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Simple PDC/BDC with LDAP config
I want to be able to use Samba to manage a Windows cluster account for failing over two Windows clusters. This is a small system, 8 web servers with two DB clusters along with a couple of other servers handling backup and management functions. I run DNS services on the firewall for the internal machines. The AD DNS is only for the clusters. All the machines are Domain members for single Sign on but this is a nice to have. The developers don't even use it to access the web pages. I have an Windows 2003 AD set up but the issue is that the implementation didn't go right so replication isn't working. Its also massive overkill for what I need. I want to simplify the whole mess. The PDC/BDC configuration is to ensure that the cluster always has the ability to access the domain account for failover along with a minimum of 4 DB servers configured in two clusters. All of the docs go into configurations that support many users, logon profiles, shared drives off the server, etc. I plan on using LDAP to provide replication of machine accounts and the Cluster Account between the two DCs. Can I bypass using DNS and just use /etc/hosts with all other requests going to the firewall DNS? My question is what is the minimum that I need to have to support the Domain Cluster login account? Kevin B. McCrory Network Engineer - COPS US Government Solutions 13600 EDS Drive Mail stop: A4S-B21 Herndon, VA 20171 * phone: +01-703-733-3255 * mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] * AKO mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba