Re: [Samba] Multiple Login scripts
Paul Gienger wrote: basis. Is it possible to set up multiple login scripts that would be executed in sequence i.e. run by user is %u, and machine is %m is it possible to say run %u to set up shares followed by %m to set up the right printers for the room their in? We have a perl script set in the prelogon section of netlogon that will determine lots of fun stuff about the user and where they are coming from. Once the script has determined who/what is connecting and where from, it will write out a batch file into the netlogon share that the user then executes, since our logon script variable is something like %U.bat I do nearly the same at my site, except that i get the info from ldap for which i wrote a little schema with a script attribute. I extract that attributes with preexec in [netlogon] using a util written in C (_starts_ faster than perl) and write static logon scripts as well. I put the scripts in user (machine), group and artificial room entries. I would never claim that this is the most clever solution, but it works for me. Your choice! Kind regards, Malte -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Quota on Windows Profile
Liew Toh Seng wrote: Hi, I've problem to control the size for each users's windows profile. Is there anyway for me to set quota for users's profile ? Hi, yes there are two ways who could/should be used in conjunction: 1.: You can set the maximum profile-size using policies, for example using the microsoft policy editor (poledit, orktools) and a administrative template (system.adm e.g.). Create a NTConfig.POL with appropriate settings and store that in the [netlogon] share. 2.: use folder redirection, explained in detail in Mr. John Terpstra's famous Samba-Guide, to keep profiles small and minimize the danger of corrupted profiles. Hope this helps, Malte Müller -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with ldapsam:trusted = yes
Hi, either my question was dumb or nobody ever used that parameter. The latter could be excluded easely: Does anybody sucessfully use ldapsam:trusted = yes? If so, could you point out any difference between your confgiguration and mine? Thanks a lot, Malte Mueller M. Müller schrieb: Hi, I updated from 3.0.11 to 3.0.12 and tried the new ldapsam:trusted parameter. Alas smbd dies silently a second after startup. With debug level 2 I can't see any reason in the logfile. My smb.conf is (relevant part I hope): = [global] workgroup = BBS_XXX netbios aliases = fileserver revreselif passdb backend = ldapsam:ldap://localhost idmap backend = ldapsam:ldap://localhost ldap suffix = dc=bbs-xxx,dc=schule ldap user suffix = ou=accounts ldap group suffix = ou=groups ldap machine suffix = ou=hardware ldap idmap suffix = ou=idmap idmap uid = 4-6 idmap gid = 4-6 ldap admin dn = cn=root,dc=bbs-xxx,dc=schule ldap ssl = off #ldapsam:trusted = yes #smbd doesn't work with ldapsam:trusted = yes utmp = yes invalid users = @wheel, mail, daemon, adt interfaces = eth0 bind interfaces only = yes log level = 2 syslog = 0 log file = /var/log/samba-%G.log getwd cache = yes socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192 keep alive = 60 dead time = 50 locking = yes map hidden = yes map archive = yes map system = yes security = user encrypt passwords = yes domain master = yes domain logons = yes preferred master = yes os level = 30 time server = yes logon script = %U.cmd logon path = logon home = logon drive = p: load printers = yes printing = cups printcap name = cups dos charset = 850 unix charset = ISO-8859-15 display charset = ISO-8859-15 = All acounts samba should know have a posixAccount and sambaSamAccount e.g.: == dn: uid=administrator,ou=accounts,dc=bbs-xxx,dc=schule displayName: administrator mailLocalAddress: [EMAIL PROTECTED] objectClass: posixAccount objectClass: account objectClass: mailRecipient objectClass: spezifikumUser objectClass: sambaSamAccount sambaLogonTime: 0 sambaHomeDrive: P: uid: administrator mail: administrator@official-mail-address uidNumber: 5471 cn: administrator cn: M. Mueller cn:: TS4gTcO8bGxlcg== sambaLogoffTime: 2147483647 mailDeliveryOption: accept loginShell: /bin/bash gidNumber: 501 description: Administrator homeDirectory: /home/lehrer/administrator sambaKickoffTime: 2147483647 sambaHomePath: \\fileserver\administrator script: if not exist t: net use t: \\revreselif\treiber sambaPrimaryGroupSID: S-1-5-21-1091375802-1471697927-1951840895-2003 sambaSID: S-1-5-21-1091375802-1471697927-1951840895-512 sambaAcctFlags: [U ] mailAlternateAddress: [EMAIL PROTECTED] sambaPwdMustChange: 2147483647 sambaPasswordHistory: sambaPwdCanChange: 1108028782 sambaPwdLastSet: 1108028782 == Neither root, nor the ldap-manager do have their account in the directory (doesn't make sense i believe). Besides that, samba is running flawlessly, but I always had some perfomance problems due to large groups so i wondered if ldapsam:trusted could help me. Nscd is not running, winbindd is not running. I tried both a self compiled samba and the binaries. System is SuSE9.2. Can anybody give me a hint what I could test to find the source of this problem? Thanks a lot, Malte Mueller -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with ldapsam:trusted = yes
Thanks for your tip, which I will remember in future. Please apologize, but the error does not show up again now. I changed several settings - the server is new and i am still configuring it. Among other things I updated to 3.0.13 and changed the SID. Thanks a lot, Malte Mueller Guenther Deschner schrieb: Hi, On Fri, Mar 25, 2005 at 02:58:24PM +0100, M. Müller wrote: Hi, I updated from 3.0.11 to 3.0.12 and tried the new ldapsam:trusted parameter. Alas smbd dies silently a second after startup. With debug level 2 I can't see any reason in the logfile. you should start smbd interactively with smbd -d 10 -i. Then you most probably can see the cause of your problems easily. (I suspect unmapped groups or incorrect guest account). In general, ldapsam:trusted = yes works very well. Please post the output of smbd -i -d 10 if your problem persist. Guenther -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with ldapsam:trusted = yes
Hi, I updated from 3.0.11 to 3.0.12 and tried the new ldapsam:trusted parameter. Alas smbd dies silently a second after startup. With debug level 2 I can't see any reason in the logfile. My smb.conf is (relevant part I hope): = [global] workgroup = BBS_XXX netbios aliases = fileserver revreselif passdb backend = ldapsam:ldap://localhost idmap backend = ldapsam:ldap://localhost ldap suffix = dc=bbs-xxx,dc=schule ldap user suffix = ou=accounts ldap group suffix = ou=groups ldap machine suffix = ou=hardware ldap idmap suffix = ou=idmap idmap uid = 4-6 idmap gid = 4-6 ldap admin dn = cn=root,dc=bbs-xxx,dc=schule ldap ssl = off #ldapsam:trusted = yes #smbd doesn't work with ldapsam:trusted = yes utmp = yes invalid users = @wheel, mail, daemon, adt interfaces = eth0 bind interfaces only = yes log level = 2 syslog = 0 log file = /var/log/samba-%G.log getwd cache = yes socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192 keep alive = 60 dead time = 50 locking = yes map hidden = yes map archive = yes map system = yes security = user encrypt passwords = yes domain master = yes domain logons = yes preferred master = yes os level = 30 time server = yes logon script = %U.cmd logon path = logon home = logon drive = p: load printers = yes printing = cups printcap name = cups dos charset = 850 unix charset = ISO-8859-15 display charset = ISO-8859-15 = All acounts samba should know have a posixAccount and sambaSamAccount e.g.: == dn: uid=administrator,ou=accounts,dc=bbs-xxx,dc=schule displayName: administrator mailLocalAddress: [EMAIL PROTECTED] objectClass: posixAccount objectClass: account objectClass: mailRecipient objectClass: spezifikumUser objectClass: sambaSamAccount sambaLogonTime: 0 sambaHomeDrive: P: uid: administrator mail: administrator@official-mail-address uidNumber: 5471 cn: administrator cn: M. Mueller cn:: TS4gTcO8bGxlcg== sambaLogoffTime: 2147483647 mailDeliveryOption: accept loginShell: /bin/bash gidNumber: 501 description: Administrator homeDirectory: /home/lehrer/administrator sambaKickoffTime: 2147483647 sambaHomePath: \\fileserver\administrator script: if not exist t: net use t: \\revreselif\treiber sambaPrimaryGroupSID: S-1-5-21-1091375802-1471697927-1951840895-2003 sambaSID: S-1-5-21-1091375802-1471697927-1951840895-512 sambaAcctFlags: [U ] mailAlternateAddress: [EMAIL PROTECTED] sambaPwdMustChange: 2147483647 sambaPasswordHistory: sambaPwdCanChange: 1108028782 sambaPwdLastSet: 1108028782 == Neither root, nor the ldap-manager do have their account in the directory (doesn't make sense i believe). Besides that, samba is running flawlessly, but I always had some perfomance problems due to large groups so i wondered if ldapsam:trusted could help me. Nscd is not running, winbindd is not running. I tried both a self compiled samba and the binaries. System is SuSE9.2. Can anybody give me a hint what I could test to find the source of this problem? Thanks a lot, Malte Mueller -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Building two redundant servers without clustering
Thanks a lot Charles. I will try to follow that route. Malte Mueller Charles Zealey schrieb: WE've gone the drdb route with similar requirements to yours. Works fine. Also we've set up heartbeat to do auto failover although not strictly part of the requirement. Charles M. Müller wrote: Hi, my Fileserver lately refused to work anymore. I'm quite thankfull for that for that it was a bit slow anyway ;-) My idea is to set up two relativley samba-hosts instead of byuing one real server with many build in redundancies. That can only work if I can manage to keep both filesystems in sync and I see two alternatives: 1.: Use drdb to build a RAID1 across the two host's filesystems. If one host fails, the RAID runs in degraded mode but it runs - or does it crawl anyway because drdb is slow? 2.: Use rsync. If I remember correctly, rsync was not supposed to run permanently as a daemon to keep two filesystems in sync(?). I could live with that, but how big is the overhead if I ran rsync every 5 or 10 minutes? I want to achieve a trouble free passive fallover. I one host fails, people might have to login again and they even might have to wait up to 30 minutes but then it has to work and they have to get all their files. This is a public school and data is not worth real money most of the time, but once in year there are final exams written and if the server breaks down the whole exam has to be redesigned - that could bring me into the news. Does anybody know of any better alternatives I didn't think of? Thanks a lot, Malte Müller BBS1 Emden P.S.: My current plans for hardware are two servers, each made up of: ASUS A8N-SLI plus 2 SATA (WD or Seagate) drives as RAID0 or JBOD. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Building two redundant servers without clustering
Thanks for your helpfull comments Mitch and Fred! As I was already pushed a bit towards drdb I did a bit searching and found that drdb seems not to slow down things too much (I belive it was about 30% for writing). I am absolutely new to Network RAID and clustering and have a timeframe of about 40 days. As I don't want to make it an adventure I will start simple and use drdb and leave out heartbeat and other HA-stuff for now. Rsync seems to be possible but not quite the right tool. With kind regards, Malte Mueller Greg Freemyer schrieb: On Mon, 28 Feb 2005 07:57:13 -0800, Mitch (WebCob) wrote: Hi M 1.: Use drdb to build a RAID1 across the two host's filesystems. If one host fails, the RAID runs in degraded mode but it runs - or does it crawl anyway because drdb is slow? [Mitch says:] I've never used this, and a quick google doesn't give me anything useful - what's the home page? They have their website hidden at http://www.drbd.org/;-) But if you want to build a failover cluster with drbd as the underlying network RAID1 layer, you will also want to look into Linux-HA. Linux-HA provides the heartbeat / failover logic typically used to manage drbd. http://www.linux-ha.org FYI: I don't think Redhat supports any of the above. (They have alternate solutions they prefer.) SUSE OTOH does support both Linux-HA and drbd on there distro. In particular with their SLES server releases linux-ha/drbd is the recommended HA cluster solution and they provide break/fix support. Since drbd requires kernel patches, I would definately look into a distro that has those built-in. The linux-ha project is funded / sponsored by IBM and SUSE and has thousands of production installs. FYI2: I don't know if SUSE SLES officially supports linux-ha/drbd/samba or not. Greg -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Building two redundant servers without clustering
Hi, my Fileserver lately refused to work anymore. I'm quite thankfull for that for that it was a bit slow anyway ;-) My idea is to set up two relativley samba-hosts instead of byuing one real server with many build in redundancies. That can only work if I can manage to keep both filesystems in sync and I see two alternatives: 1.: Use drdb to build a RAID1 across the two host's filesystems. If one host fails, the RAID runs in degraded mode but it runs - or does it crawl anyway because drdb is slow? 2.: Use rsync. If I remember correctly, rsync was not supposed to run permanently as a daemon to keep two filesystems in sync(?). I could live with that, but how big is the overhead if I ran rsync every 5 or 10 minutes? I want to achieve a trouble free passive fallover. I one host fails, people might have to login again and they even might have to wait up to 30 minutes but then it has to work and they have to get all their files. This is a public school and data is not worth real money most of the time, but once in year there are final exams written and if the server breaks down the whole exam has to be redesigned - that could bring me into the news. Does anybody know of any better alternatives I didn't think of? Thanks a lot, Malte Müller BBS1 Emden P.S.: My current plans for hardware are two servers, each made up of: ASUS A8N-SLI plus 2 SATA (WD or Seagate) drives as RAID0 or JBOD. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Building two redundant servers without clustering
Ilia Chipitsine schrieb: Thanks a lot, Malte M?ller BBS1 Emden P.S.: My current plans for hardware are two servers, each made up of: ASUS A8N-SLI plus 2 SATA (WD or Seagate) drives as RAID0 or JBOD. SATA sucks. choose SCSI. anyway You are going to pay more for hardware, so why to choose SATA ? Why should SATA suck? Several comanies build RAIDs with ATA or SATA drives (e.g. Transtec). Anyway, I get three years warranty and some drives are said to hold that promise. A full fledged server with redundant power-supplies and RAID-5 SCSI costs more than 2.5k Euro. A cheap one less than 1k. With PCIe it should be possible to get the necessary I/O bandwidth. Thanks for your comment, Malte Müller -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Creating mandatory profiles (not making profiles mandatory)
Ilia Chipitsine schrieb: Hi, is it possible to create the user profiles by copying a template, change file ownership and modify the SID in NTUSER.DAT using the profile tool? We have many problems with broken profiles. This has become time consuming ^^^ there're few tips which I came to after using roaming profiles for several years, those tips will significately reduce number of problems with roaming profiles: 1) watch that profiles are less than 30Mb (number of files also is important) 2) when user first logs in, if there no profile exists, Default User profile is taken from \\$LOGONSERVER\NETLOGON, so you can have special default profile for new users. otherwise local Default User profile is taken. 3) redirect common folders like Desktop, My Documents out of roaming profile. they can live on network share in user's home directory, but not in the roaming profile. this can be achived either by manipulating registry directly or by using nt4 style domain policies, I can even send You custom ADM template for that. Outlook.pst can also be redirected out of roaming profile. simply move it to another place and start MS Outlook, it will ask You where to find outlook.pst 4) be careful with terminal services. samba doesn't understand separate profiles for terminal services, so you can ruin roaming profile. 5) make sure you are using the same version of Windows on all computers. w2k -- xp can also break many things in profile 6) make sure other things than Windows are the same on all computers. particularly MS Office. 7) You can create profile backup system, put, for example regedit /e \\SERVER\share\%UserName%-of2k3.reg HKEY_CURRENT_USER\Software\Microsoft\Office\11.0 at logon script and after that You can easily delete broken profile and restore required things from backup. 8) xp behave weird on roaming profiles. even if You reqiure delete cached copies of roaming profiles on exit, xp leaves copy and !!! if You delete network copy of roaming profile (in order to create profile from Default User), xp picks up local cached copy. so, in such case You need to remove both network and local cached copy of profile. no idea how to make xp delete it on exit. and frustrating - when a user experiences an error or weird behaviour of an application I can never be sure wether the cause is a wrong user error, a broken profile or defect in installation. If I want all users or groups of users to have the same profile I should be able to create it for them. I already use the default user, but with that I only can make a profile mandatory after the user's first logoff. I could try myself, but I sometimes experience that tricks that work at first and look good have some side effects I didn't think of, so I would appreciate comments from people who tried that, or maybe someone knows why this is rather a bad idea. With kind regards, Malte Mueller -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Thanks a lot Ilia! We have 200 PC and nearly all have a reborn-card or such, which prevents any lokal changes, so local copies of profiles do not exist. Users log in very often to different Computers and need to have a defined environment i.e. an available profile. I already use a default user-profile and redirected folders (thanks John, the book helped a lot). Nevertheless I feel that I cannot rely on the profiles' integrety once a user had a chance to modify it. Making a registry copy is a good tip, i will use that, at least for some users. But rather than backing up I would very much appreciate to set up a defined profile for each user. I think it would make life a lot easier for me (and the users). With kind regards Malte Mueller -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Creating mandatory profiles (not making profiles mandatory)
John H Terpstra schrieb: On Wednesday 02 February 2005 08:58, M. Müller wrote: Thanks a lot Ilia! We have 200 PC and nearly all have a reborn-card or such, which prevents any lokal changes, so local copies of profiles do not exist. Users log in very often to different Computers and need to have a defined environment i.e. an available profile. I already use a default user-profile and redirected folders (thanks John, the book helped a lot). Nevertheless I feel that I cannot rely on the profiles' integrety once a user had a chance to modify it. Making a registry copy is a good tip, i will use that, at least for some users. But rather than backing up I would very much appreciate to set up a defined profile for each user. I think it would make life a lot easier for me (and the users). The last time I tried to create a Default User profile that was set as a mandatory profile the Windows client could not handle this on login. You can of course use a normal Default User profile that has folder redirection, set the client to delete cached profiles on logout, and NOT have a profile share. This means that every user will get a fresh profile on login every time. - John T. Yes indeed that should have the same effect. As far as I can see I can test it with a smaller user group whom I give a profilePath= in their ldap-entry(?). So that would not be too dangerous. Thanks a lot, Malte Mueller -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Creating mandatory profiles (not making profiles mandatory)
Hi, is it possible to create the user profiles by copying a template, change file ownership and modify the SID in NTUSER.DAT using the profile tool? We have many problems with broken profiles. This has become time consuming and frustrating - when a user experiences an error or weird behaviour of an application I can never be sure wether the cause is a wrong user error, a broken profile or defect in installation. If I want all users or groups of users to have the same profile I should be able to create it for them. I already use the default user, but with that I only can make a profile mandatory after the user's first logoff. I could try myself, but I sometimes experience that tricks that work at first and look good have some side effects I didn't think of, so I would appreciate comments from people who tried that, or maybe someone knows why this is rather a bad idea. With kind regards, Malte Mueller -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Veto files applied per group
ReHi, You could also include just a students.conf or students-home.conf in the [home] Definition: [home] path=/home ... include %G-home.conf If there is no %G-home.conf e.g. teachers-home.conf, then nothing is included. Otherwise the definitions are overwritten or extended by the %G-home.conf. You just have to write less lines. HTH, Malte Mueller David Wilson schrieb: Hi guys, I use veto files = /.mp3/.mpg/ etc. on the [homes] share to prevent users from storing media files on a Samba server in the home directories. My client now wishes to make this restriction apply to users who are members of only certain groups. E.g. This restriction must apply to users who are members of the Students group and not apply to users in the Teachers group. I was thinking of having a blank smb.conf file with only the following in it: include = /etc/samba/smb.conf.%G Then having two smb.conf files, namely smb.conf.Teachers and smb.conf.Students. The smb.conf.Students file would have the entire config file and the veto files parameter. The smb.conf.Teachers file would have the entire config file but without the veto files parameter. Makes sense ? Is there perhaps a better way to do this ? Many thanks Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ Computers are not intelligent. They only think they are. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba log analysis and report
Hi, you could also use the [netlogon] and execute a preexec script there that writes %U, %I and whatever in a database. You will never get logoff times reliably, only if you could convince all your users to allways shutdown their PC and not simply switch it off. Kind regards, Malte Mueller David Wilson schrieb: Hi guys, Does anyone know of some decent Samba log analysis software that will report things like user logon/logoff times, computer names etc. ? Thanks in advance. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ Computers are not intelligent. They only think they are. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] More than one LDAP-Server in smb.conf?
This might not be necessary, but an entry in the /etc/ldap.conf might help if one LDAP-server goes down: URI ldap://localhost:389/ ldap://other-server:389/ nsswitch can use other-server if localhost doesn't provide ldap-services any more. Kind regards, Malte Mueller William Jojo schrieb: This is from: http://us4.samba.org/samba/docs/man/smb.conf.5.html pay close attention to the quotes. passdb backend = ldapsam:ldap://ldap-1.example.com ldap://ldap-2.example.com; Bill On Sun, 7 Nov 2004, Matthias Spork wrote: Hello, can I use more than one LDAP-Server in my smb.conf? I would like to have a backup, if the first OpenLDAP crashed. In my installation (306), this had no effekt: passdb backend = ldapsam:ldap://127.0.0.1:389, ldapsam:ldap://server2:389 , ldapsam:ldap://server1:389 matze -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Logging user auth with mysql
Hi all, I would like to log the user acces with something like: root preexec = echo INSERT INTO logins (user, host, ip, date, time) VALUES ('%u', '%m', '%I', CURDATE(), CURTIME() ); | /usr/bin/mysql -u root sambaLogins Alas this doesn't work, I get nothing logged. I write this statement to /tmp/logons with: root preexec = echo insert into logins (user, host, ip, date, time) values ('%u', '%m', '%I', CURDATE(), CURTIME() ); /tmp/logons In /tmp/logons I see lines saying e.g.: insert into logins (user, host, ip, date, time) values ('wer', 'kiebitz', '172.18.14.22', CURDATE(), CURTIME() ); When I cut and paste this as user root, it works. Has anybody an Idea, what i do wrong? Or an working example? Thanks, Malte Mueller -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Weird problem with mixed up id's
Several users get sometimes the wrong profile. I have one example here: The user bfs1a-15 logs in. The batch file is created, transfered to the client and executed. Among others there is a line saying: net use p: /home The user gets an error, saying the password for \\fileserver\fg13z-15 is wrong, type in the for \\fileserver\fg13z-15: (translated from german). I know from the past that some people are missing some files. I saw some people very confused about files that are in there profile (e.g.: Desktop) that they never created. When I look at it, the files have their user-id but it is absolutely unlikely that: 1.: these files wre created by a hacker 2.: they created those themselfes (they werent here at that day). In short: The wrong profile is loaded. Files are written into the profile with the corresponding id. I can't prove it yet, but it looks like the wrong user-id is transfered to samba. I noticed that one user logged in from different computers in different rooms at nearly the same time. But that might also be two people sharing the same id (very unlikely). I notice that both ids have the same length and end with -15 I use samba2.2.7 and Openldap 2.1.8. I turned on optimization in the samba makefile (CFLAGS=-O9) . When people log in, the server is under stress from ldap-queries. The clients are manly NT4 and Win2k. As this happens infrequently, I don't know where I could start to find the reason. The ldap-entry of fg13z-15: dn: cn=fg13z-15,dc=bbs1-emden,dc=schule objectClass: posixAccount objectClass: sambaAccount objectClass: account objectClass: mailRecipient gidNumber: 500 loginShell: /bin/false description: schueler uid: fg13z-15 pwdLastSet: 1028701166 logonTime: 0 logoffTime: 2147483647 kickoffTime: 2147483647 pwdCanChange: 0 pwdMustChange: 2147483647 displayName: fg13z-15 cn: fg13z-15 rid: 3436 primaryGroupID: 2001 acctFlags: [UX ] uidNumber: 5258 mail: [EMAIL PROTECTED] mailLocalAddress: [EMAIL PROTECTED] mailDeliveryOption: accept homeDirectory: /home/schueler/fg13z-15 homeDrive: P: smbHome: \\fileserver\fg13z-15 The ldap-entry of bfs1a-15: dn: cn=bfs1a-15,dc=bbs1-emden,dc=schule objectClass: posixAccount objectClass: sambaAccount objectClass: account objectClass: mailRecipient uidNumber: 1218 gidNumber: 500 loginShell: /bin/false description: schueler uid: bfs1a-15 pwdLastSet: 1028309071 logonTime: 0 logoffTime: 2147483647 kickoffTime: 2147483647 pwdCanChange: 0 pwdMustChange: 2147483647 displayName: bfs1a-15 cn: bfs1a-15 rid: 3436 primaryGroupID: 2001 acctFlags: [UX ] mail: [EMAIL PROTECTED] mailLocalAddress: [EMAIL PROTECTED] mailDeliveryOption: accept homeDirectory: /home/schueler/bfs1a-15 homeDrive: P: smbHome: \\fileserver\bfs1a-15 Aarrgh! They have the same rid! Might that be the reason? Entries were modified by smbpasswd. How can I solve that (1400+ users). Don't look for errors in smbpasswd, it is very likely my mistake. Thanks for any help, Malte Mueller -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] how to use policy files with samba (NT/w2k)
Hi, I have set up samba as a PDC with OPenLDAP. I would like to have the users have some policys enforced. I read some things about *.adm files but do not know how to create or use them. Especially there is a system.adm which could be very valuable in creating network-wide policys. But where do I put them? In the profile path of all users? Are there any documents describing the possibilitys I have (written for a windows novice)? Thanks, Malte Mueller -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba