Re: [Samba] joining mac os x client to samba old-style PDC
On Mon, Mar 29, 2010 at 10:22, Mariano Absatz wrote: > How can I join this domain? Is there something I can install on Mac OS X > 10.5 that allows me to join a non-AD samba 3 PDC? > I already solved it with a more stupid approach... just connecting to the share with the username/password of the domain was enough. Sorry for the noise. -- Mariano Absatz - El Baby www.clueless.com.ar -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] joining mac os x client to samba old-style PDC
Hi, I have an old samba PDC (no active directory, plain smbpasswd file) running a standard ubuntu samba package (3.0.28a-1ubuntu4.10 from ubuntu 8.04.4 LTS). I have a bunch of windows xp clients which I had no problem joining to the domain. Now I need to see the shares from a macbook pro running OS X 10.5, but when I go to Applications -> Utilities -> Directory Utility If I go to the services tab, I only see Active Directory and see no way to use traditional (non-AD) mode. I nonetheless try to join the domain, but it says: "Invalid domain. An invalid domain and forest combination was specified. You shoud enter a fully qualified DNS name for the domain and forest" I even tried to add our internal DNS domain (which have no AD or LDAP service) and put as a preferred server the FQDN of my samba server to no avail. How can I join this domain? Is there something I can install on Mac OS X 10.5 that allows me to join a non-AD samba 3 PDC? TIA -- Mariano Absatz - "El Baby" el.b...@gmail.com www.clueless.com.ar -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba & unix group permissions problems
On Sat, Nov 7, 2009 at 17:21, Mariano Absatz wrote: > On Sat, Nov 7, 2009 at 07:32, vishesh kumar wrote: >> Dear mariano >> >> Why you not using 'force group' parameter . This will set group owner of >> newly created folder correctly. > That I tried to no avail... it didn't work either :-( Hi... I'm sorry I didn't follow this up on time... I did eventually solve it and wanted to share what the problem was. The problem was that the uidNumber of the users involved, as they had been created 'before samba', I had left them out of the idmap range and somehow samba was either trying to generate new unix user id's or something. Widening the idmap range to cover the already created uidNumber's solved the problem. -- Mariano Absatz - El Baby www.clueless.com.ar -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba & unix group permissions problems
On Sat, Nov 7, 2009 at 07:32, vishesh kumar wrote: > Dear mariano > >Why you not using 'force group' parameter . This will set group owner of > newly created folder correctly. That I tried to no avail... it didn't work either :-( -- Mariano Absatz - El Baby www.clueless.com.ar -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba & unix group permissions problems
Paul te Bokkel escribió el 04/11/09 06:47: Sounds like your nsswitch.conf to me, perhaps in combination with your ID backend. Check the output of: getent passwd It should list any LDAP account, with the groups you have added them to.. Well... "getent passwd mary" yelds just the "passwd" entry, something like: mary:*:100036:10:Mary James:/home/DOMAIN/mary:/bin/bash nothing further than the primary Mary's group (10). However "getent group accountatns" does include mary: accountants:*:97019:mary,patricia My nsswitch.conf looks like this: ### nsswitch.conf ### passwd: files ldap [NOTFOUND=return] db group: files ldap [NOTFOUND=return] db shadow: files ldap hosts: files dns wins networks: files protocols: db files services: db files ethers: db files rpc:db files netgroup: nis ### nsswitch.conf ### and the ID backend parts of my smb.conf look like this: ## smb.conf ## ## # IDENTINTY MAPPING between windows and unix (SID <==> UID/GID) # WINBIND ## # http://samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html ## idmap backend = ldap:ldap://ldap0.i.domain.org # http://samba.org/samba/docs/man/manpages-3/smb.conf.5.html#IDMAPUID idmap uid = 9-9 # http://samba.org/samba/docs/man/manpages-3/smb.conf.5.html#IDMAPGID idmap gid = 9-9 # ALL relevant UID/GID are stored in LDAP # http://samba.org/samba/docs/man/manpages-3/smb.conf.5.html#LDAPSAM:TRUSTED ldapsam:trusted = yes # Manage users directly on LDAP # http://samba.org/samba/docs/man/manpages-3/smb.conf.5.html#LDAPSAM:EDITPOSIX ldapsam:editposix = yes # http://samba.org/samba/docs/man/manpages-3/smb.conf.5.html#IDMAPCONFIG # http://samba.org/samba/docs/man/manpages-3/smb.conf.5.html#IDMAPBACKEND idmap config DOMAIN:backend = ldap idmap config DOMAIN:ldap_url = ldap://ldap0.i.domain.org idmap config DOMAIN:ldap_user_dn = cn=admin,cn=config idmap config DOMAIN:ldap_base_dn = ou=idmap,o=domain idmap config DOMAIN:readonly = no #idmap config DOMAIN:default = yes #idmap config DOMAIN:range = 10-50 ## smb.conf ## I'm using samba 3.3.2 from the standard Ubuntu 9.04 packages (3.3.2-1ubuntu3.2), except that I rebuilt the ubuntu winbind package because the idmap ldap.so module is not included in it (see https://bugs.launchpad.net/ubuntu/+source/samba/+bug/397203). -- Mariano Absatz - "El Baby" el.b...@gmail.com www.clueless.com.ar -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Clarke's Third Law: Any sufficiently advanced technology is indistinguishable from magic. Arthur C. Clarke, 1973 English physicist & science fiction author (1917 - 2008) -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- * TagZilla 0.066 * http://tagzilla.mozdev.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba & unix group permissions problems
Hi, I'm having permissions problems connecting to a share when the gid of the directory shared is not the primary group of the user connecting to it. Maybe I faced it the wrong way, but I did read (and at least thought I understood) the 'File, directory and share access controls' section of the howto [0]. My users have either one or another 'primary group' (the one set in /etc/passwd or, in my case the gidNumber attribute of the LDAP entry)... this is based on whether the user had a previous account with the gidNumber set (because it was their unix gid), or the user was created with only a samba account and she won't have unix access (actually created using 'net rpc user add' from the samba server). Since I need to give access to certain shares to smaller groups of people, I created a few groups using: net rpc group add accountants net rpc group add interns and the like. Then added the users to these groups using: net rpc group addmem accountants mary net rpc group addmem accountants patricia net rpc group addmem interns katherine net rpc group addmem interns paul User and group entries in LDAP look OK. However, I have the directories to share with the following permissions: drwxrwx--- Administrator accountants /data/share/accounting drwxrwx--- Administartor interns /data/share/interns And the entries en smb.conf like these: [accounting] comment = Accounting files path = /data/share/accounting #force group = +accountants browseable = yes read only = no guest ok = no [interns] comment = Interns' files path = /data/share/interns #force group = +interns browseable = yes read only = no guest ok = no However, I can't connect to either share from any account but Administrator... If I change the directory modes to 0777 I am able to connect from any account, but this defeats the whole idea of the groups... I see this in the server log: [2009/10/29 12:24:25, 0] groupdb/mapping.c:pdb_create_builtin_alias(802) pdb_create_builtin_alias: Could not add group mapping entry for alias 544 (NT_STATUS_GROUP_EXISTS) [2009/10/29 12:24:27, 0] groupdb/mapping.c:pdb_create_builtin_alias(802) pdb_create_builtin_alias: Could not add group mapping entry for alias 545 (NT_STATUS_GROUP_EXISTS) [2009/10/29 12:24:27, 0] smbd/service.c:make_connection_snum(1077) '/data/share/interns' does not exist or permission denied when connecting to [pasantes] Error was Permission denied [2009/10/29 12:24:50, 0] groupdb/mapping.c:pdb_create_builtin_alias(802) pdb_create_builtin_alias: Could not add group mapping entry for alias 544 (NT_STATUS_GROUP_EXISTS) [2009/10/29 12:24:52, 0] groupdb/mapping.c:pdb_create_builtin_alias(802) pdb_create_builtin_alias: Could not add group mapping entry for alias 545 (NT_STATUS_GROUP_EXISTS) [2009/10/29 12:24:57, 0] groupdb/mapping.c:pdb_create_builtin_alias(802) pdb_create_builtin_alias: Could not add group mapping entry for alias 544 (NT_STATUS_GROUP_EXISTS) [2009/10/29 12:24:58, 0] groupdb/mapping.c:pdb_create_builtin_alias(802) pdb_create_builtin_alias: Could not add group mapping entry for alias 545 (NT_STATUS_GROUP_EXISTS) [2009/10/29 12:25:00, 0] smbd/service.c:make_connection_snum(1077) '/data/share/interns' does not exist or permission denied when connecting to [pasantes] Error was Permission denied [2009/10/29 12:25:03, 1] smbd/service.c:make_connection_snum(1115) cejil-d998e31c3 (10.14.172.194) connect to service netlogon initially as user mabsatz (uid=10, gid=10) (pid 26652) [2009/10/29 12:25:08, 0] groupdb/mapping.c:pdb_create_builtin_alias(802) pdb_create_builtin_alias: Could not add group mapping entry for alias 544 (NT_STATUS_GROUP_EXISTS) [2009/10/29 12:25:09, 0] groupdb/mapping.c:pdb_create_builtin_alias(802) pdb_create_builtin_alias: Could not add group mapping entry for alias 545 (NT_STATUS_GROUP_EXISTS) [2009/10/29 12:25:11, 1] smbd/service.c:make_connection_snum(1115) cejil-d998e31c3 (10.14.172.194) connect to service h initially as user mabsatz (uid=10, gid=10) (pid 26652) [2009/10/29 12:25:11, 0] smbd/service.c:set_current_service(191) chdir (/data/share/accounting) failed [2009/10/29 12:25:11, 0] smbd/service.c:set_current_service(191) chdir (/data/share/accounting) failed [2009/10/29 12:25:11, 0] smbd/service.c:set_current_service(191) chdir (/data/share/accounting) failed [2009/10/29 12:25:11, 0] smbd/service.c:set_current_service(191) chdir (/data/share/accounting) failed [2009/10/29 12:25:11, 0] smbd/service.c:set_current_service(191) chdir (/data/share/accounting) failed [2009/10/29 12:25:11, 0] smbd/service.c:set_current_service(191) chdir (/data/share/accounting) failed [2009/10/29 12:25:11, 0] smbd/service.c:set_current_service(191) chdir (/data/share/accounting) failed -- [0] http://samba.org/samba/docs/man/Samba-HOWTO-Collection
Re: [Samba] using ldap only idmap
> On Sun, Oct 18, 2009 at 13:47, Miguel Medalha wrote: >> >>> Yes... I read this... and deleted the "idmap config MIDOMINIO:default >>> = yes" setting... but it still doesn't work :-( >>> >>> >> >> I suppose you will also have to remove those "idmap alloc backend" and >> "idmap alloc config" entries. Looks like THAT was the problem... today I could do a quick test and it seems to work fine now... Muito obrigado, Miguel. -- Mariano Absatz - El Baby www.clueless.com.ar -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] using ldap only idmap
On Sun, Oct 18, 2009 at 13:47, Miguel Medalha wrote: > >> Yes... I read this... and deleted the "idmap config MIDOMINIO:default >> = yes" setting... but it still doesn't work :-( >> >> > > I suppose you will also have to remove those "idmap alloc backend" and > "idmap alloc config" entries. > > Oh... I see... I didn't try that... thanx a lot for your help... I'll try and come back. -- Mariano Absatz - El Baby www.clueless.com.ar -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] using ldap only idmap
On Sun, Oct 18, 2009 at 07:52, Bruno MACADRE wrote: > I don't see any of the add ... script in your smb.conf (especially the add > machine script in your case). I don't know if it's the problem but i think > it would be usefull to tell smbd how to add machine if its name don't exist > in the LDAP... The point is that when you have "ldapsam:editposix = yes" enabled, you should NOT need those... you're actually telling samba to handle LDAP modifications directly... in fact, when I run "net rpc join" from a samba server, it DID add the machine to LDAP by itself... > > Mariano Absatz a écrit : >> >> Can anyone help me on this? I'm really stuck... >> >> On Thu, Oct 15, 2009 at 16:58, Mariano Absatz wrote: >> >>> >>> Hi, >>> >>> I'm trying to make a "pure ldap" setup, whereas users, groups, id >>> mappings >>> and everything that is supported with LDAP be in the LDAP tree and >>> managed >>> directly by samba. >>> >>> That is, I'm using: >>> >>> ldapsam:trusted = yes >>> ldapsam:editposix = yes >>> >>> And NOT using smbldap-*. >>> >>> My smb.conf is here: http://wiki.clueless.com.ar/SambaLdap/smb.conf-PDC >>> >>> I created the LDAP tree root (o=midominio) and all its branches >>> (ou=people; >>> ou=groups; ou= hosts and ou=idmap). >>> >>> I ran "net sam provision" to fill in the basic values. >>> >>> I stored the secrets in secrets.tdb: >>> # smbpasswd -w ldap_admin_password >>> # net idmap secret midominio ldap_admin_password >>> # net idmap secret alloc ldap_admin_password >>> >>> I was able to join a samba server to the domain (net rpc join -S miserver >>> -UAdministrator). >>> >>> However, when I try to join an XP host to the domain, I get an error >>> (IIRC >>> it's "An attached device is not functionning") in the workstation and the >>> samba logs show the following: >>> >>> [2009/10/15 11:17:47, 0] passdb/pdb_ldap.c:ldapsam_create_user(5119) >>> ldapsam_create_user: Unable to allocate a new user id: bailing out! >>> >>> The user I'm using to bind to the LDAP server is the LDAP administrator >>> and >>> it does have permissions on all the tree (in particular, within >>> "ou=idmap,o=midominio")... >>> >>> I manually added an entry for the workstation's account posix data, then >>> issued "smbpasswd -a workstation$" >>> >>> THEN I could join the domain... >>> >>> Clearly, I have something misconfigured regarding ldap/idmap/alloc, but I >>> can't find enough information to do it right. >>> >>> Any help REALLY appreciated... >>> >> >> >> >> > > -- Mariano Absatz - El Baby www.clueless.com.ar -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] using ldap only idmap
Can anyone help me on this? I'm really stuck... On Thu, Oct 15, 2009 at 16:58, Mariano Absatz wrote: > Hi, > > I'm trying to make a "pure ldap" setup, whereas users, groups, id mappings > and everything that is supported with LDAP be in the LDAP tree and managed > directly by samba. > > That is, I'm using: > > ldapsam:trusted = yes > ldapsam:editposix = yes > > And NOT using smbldap-*. > > My smb.conf is here: http://wiki.clueless.com.ar/SambaLdap/smb.conf-PDC > > I created the LDAP tree root (o=midominio) and all its branches (ou=people; > ou=groups; ou= hosts and ou=idmap). > > I ran "net sam provision" to fill in the basic values. > > I stored the secrets in secrets.tdb: > # smbpasswd -w ldap_admin_password > # net idmap secret midominio ldap_admin_password > # net idmap secret alloc ldap_admin_password > > I was able to join a samba server to the domain (net rpc join -S miserver > -UAdministrator). > > However, when I try to join an XP host to the domain, I get an error (IIRC > it's "An attached device is not functionning") in the workstation and the > samba logs show the following: > > [2009/10/15 11:17:47, 0] passdb/pdb_ldap.c:ldapsam_create_user(5119) > ldapsam_create_user: Unable to allocate a new user id: bailing out! > > The user I'm using to bind to the LDAP server is the LDAP administrator and > it does have permissions on all the tree (in particular, within > "ou=idmap,o=midominio")... > > I manually added an entry for the workstation's account posix data, then > issued "smbpasswd -a workstation$" > > THEN I could join the domain... > > Clearly, I have something misconfigured regarding ldap/idmap/alloc, but I > can't find enough information to do it right. > > Any help REALLY appreciated... -- Mariano Absatz - El Baby www.clueless.com.ar -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] using ldap only idmap
Sorry... I forgot a bit of info. winbindd is running I'm using the Ubuntu 9.04 samba packages which are at version 3.3.2-1ubuntu3.2 (I think is 3.3.2 plus all the security patches). I re-built the packages in order to include the /usr/lib/samba/idmap/ldap.so module because somehow, this didn't make into the official package (this was done following the steps in http://wiki.clueless.com.ar/SambaLdap/RecompilarSamba). HTH (helping me)... that is, hope that helps helping me :-P -- Mariano Absatz - El Baby www.clueless.com.ar -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] using ldap only idmap
Hi, I'm trying to make a "pure ldap" setup, whereas users, groups, id mappings and everything that is supported with LDAP be in the LDAP tree and managed directly by samba. That is, I'm using: ldapsam:trusted = yes ldapsam:editposix = yes And NOT using smbldap-*. My smb.conf is here: http://wiki.clueless.com.ar/SambaLdap/smb.conf-PDC I created the LDAP tree root (o=midominio) and all its branches (ou=people; ou=groups; ou= hosts and ou=idmap). I ran "net sam provision" to fill in the basic values. I stored the secrets in secrets.tdb: # smbpasswd -w ldap_admin_password # net idmap secret midominio ldap_admin_password # net idmap secret alloc ldap_admin_password I was able to join a samba server to the domain (net rpc join -S miserver -UAdministrator). However, when I try to join an XP host to the domain, I get an error (IIRC it's "An attached device is not functionning") in the workstation and the samba logs show the following: [2009/10/15 11:17:47, 0] passdb/pdb_ldap.c:ldapsam_create_user(5119) ldapsam_create_user: Unable to allocate a new user id: bailing out! The user I'm using to bind to the LDAP server is the LDAP administrator and it does have permissions on all the tree (in particular, within "ou=idmap,o=midominio")... I manually added an entry for the workstation's account posix data, then issued "smbpasswd -a workstation$" THEN I could join the domain... Clearly, I have something misconfigured regarding ldap/idmap/alloc, but I can't find enough information to do it right. Any help REALLY appreciated... -- Mariano Absatz - "El Baby" el.b...@gmail.com www.clueless.com.ar -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- To define recursion, we must first define recursion. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- * TagZilla 0.066 * http://tagzilla.mozdev.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Does the BDC need to "join" a domain?
On Wed, Oct 14, 2009 at 19:20, Thierry Lacoste < laco...@miage.univ-paris12.fr> wrote: > > On 14 oct. 09, at 18:36, Gaiseric Vandal wrote: > > I supposed it depends if Samba is configured to automatically create the >> underlying unix accounts when you create samba accounts. My setup doesn't. >> I created a "user" account in ldap for my BDC. (the unix passwd shd be >> *LK* and the shell shd be /bin/false) Running "net rpc join" will then add >> the appropriate samba attributes. >> >> I think you also need to grab the domain SID >> >> BDC# net rpc getsid >> Password: >> Storing SID S-...1234 for Domain MYDOMAIN in secrets.tdb >> # >> >> >> However, I am not sure the domainsid for the machine is meant to match the >> domainsid of the domain.On my PDC, they match. On the BDC, they don't. >>I am not sure if I need to change that. >> > They shoul match (see e.g. > http://lists.samba.org/archive/samba/2007-August/134734.html). > > group mappings do NOT seem to be stored in ldap. So you either need to >> copy the approp tdb file over or run the identical net group map commands on >> the BDC. >> > Group mappings should be stored in LDAP. > This is the purpose of the sambaGroupMapping auxiliary objectClass which > extends the posixGroup structural objectClass in a typical samba/ldap > implementation. > Thanx a lot, Thierry, you've helped me a lot... Is there a communication channel (other than this list, given that the samba-docs list is long gone) for commenting on the documentation itself? I don't think my stumbling abouts are only because of my particular kind of foolishness and maybe a couple more notes at the bottom of http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-bdc.html#id2568624might help other people (those with my /general/ kind of foolishness :-P ). Regards and thanx again -- Mariano Absatz - El Baby www.clueless.com.ar -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Does the BDC need to "join" a domain?
On Wed, Oct 14, 2009 at 13:36, Gaiseric Vandal wrote: > > I supposed it depends if Samba is configured to automatically create the > underlying unix accounts when you create samba accounts. My setup doesn't. > I created a "user" account in ldap for my BDC. (the unix passwd shd be > *LK* and the shell shd be /bin/false) Running "net rpc join" will then add > the appropriate samba attributes. > (...) Thanx Gaiseric, it was more or less the way you said... only changing the order: 1) BDC# net join -S PDC -UAdministrator (since I'm using ldapsam:editposix = yes, the posix account is created automatically by samba) 2) BDC# net rpc getsid (this automatically retrieves the domain SID from the PDC and stores it into secrets.tdb) The only thing that doesn't seem completely right is that after this, if I run BDC# net getdomainsid I get: "Could not fetch local SID" However, if I run BDC# sudo net getlocalsid MYDOMAIN I get the correct SID for the domain... maybe I must generate a local SID for the BDC? or something went wrong?... -- Mariano Absatz - El Baby www.clueless.com.ar -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Does the BDC need to "join" a domain?
If I configure a samba PDC and then a samba BDC, do I need a machine trust account for the BDC? That is, do I have to run "net rpc join" on the BDC? Or manually create the account for the BDC in LDAP? -- Mariano Absatz - "El Baby" el.b...@gmail.com www.clueless.com.ar -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ldapsam:editposix & add machine script
Hi, small question here... if I have all users, groups, machines and idmaps in LDAP and I set: ldapsam:trusted = yes ldapsam:editposix = yes then I *don't* need an "add machine script". Am I correct? TIA -- Mariano Absatz - "El Baby" el.b...@gmail.com www.clueless.com.ar -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] "add machine script" when using samba + ldap
On Tue, Oct 13, 2009 at 15:06, Mariano Absatz wrote: > Hi, > > I'm reading > http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-pdc.html , > http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-bdc.html and > http://samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.htmland > I'm still not quite sure... > > If I set up a network with one samba 3 PDC and a few samba 3 BDCs, all > pointing to the same OpenLDAP server and using an "idmap alloc backend = > ldap", I don't need an "add user script" nor an "add group script", is it > right? > > But, do I need an "add machine script" though? How should I handle the > uid/gid for machines... they won't be handled by idmap, or will they? > Let me rephrase this... Do I have to use "add machine script" if I use "ldapsam:trusted=yes" AND "ldapsam:editposix=yes"? Or does "editposix" also takes care of adding machine accounts to my ldap tree? -- Mariano Absatz - El Baby www.clueless.com.ar -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] "add machine script" when using samba + ldap
Hi, I'm reading http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-pdc.html , http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-bdc.html and http://samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html and I'm still not quite sure... If I set up a network with one samba 3 PDC and a few samba 3 BDCs, all pointing to the same OpenLDAP server and using an "idmap alloc backend = ldap", I don't need an "add user script" nor an "add group script", is it right? But, do I need an "add machine script" though? How should I handle the uid/gid for machines... they won't be handled by idmap, or will they? TIA -- Mariano Absatz - "El Baby" el.b...@gmail.com www.clueless.com.ar -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- There is always a well-known solution to every human problem - neat, plausible, and wrong. H. L. Mencken US editor (1880 - 1956) -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- * TagZilla 0.066 * http://tagzilla.mozdev.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] documentation bug?
Hi, I'm thoroughly RTFM'ing in order to find out what I'm doing wrong <http://lists.samba.org/archive/samba/2009-October/thread.html#151046> and I noticed that links from the *Samba-HOWTO-Collection* to the *manpages-3* don't work... the problem is that both documentation sets are on different directories but links don't include a path (nor absolute, nor relative). IIRC, this was working fine a couple of months ago, so I guess the pages are being re-ordered. This is just to let you know this should be fixed. e.g. in http://samba.org/samba/docs/man/Samba-HOWTO-Collection/NetworkBrowsing.html where it says: http://samba.org/samba/docs/man/Samba-HOWTO-Collection/smb.conf.5.html#OSLEVEL>" target="_top">os level http://samba.org/samba/docs/man/Samba-HOWTO-Collection/smb.conf.5.html#LMANNOUNCE>" target="_top">lm announce http://samba.org/samba/docs/man/Samba-HOWTO-Collection/smb.conf.5.html#LMINTERVAL>" target="_top">lm interval http://samba.org/samba/docs/man/Samba-HOWTO-Collection/smb.conf.5.html#PREFERREDMASTER>" target="_top">preferred master(*) http://samba.org/samba/docs/man/Samba-HOWTO-Collection/smb.conf.5.html#LOCALMASTER>" target="_top">local master(*) http://samba.org/samba/docs/man/Samba-HOWTO-Collection/smb.conf.5.html#DOMAINMASTER>" target="_top">domain master(*) http://samba.org/samba/docs/man/Samba-HOWTO-Collection/smb.conf.5.html#BROWSELIST>" target="_top">browse list http://samba.org/samba/docs/man/Samba-HOWTO-Collection/smb.conf.5.html#ENHANCEDBROWSING>" target="_top">enhanced browsing it should say something like this: os level lm announce lm interval preferred master(*) local master(*) domain master(*) browse list enhanced browsing Another (minor) issue is that links like the ones above land in the content of the item, but the title (the item name) lands above the browser window and (IMHO) this is a bit confusing... That is, if I click on the first item in the list I see the explanation of the *os level* config setting, but I don't see the *os level* title right above it... this can be corrected (if desired, of course) on the target page (where the ** tag is generated). That is, instead of generating: os level (G) This integer value controls what level Samba advertises itself as for browse elections. The value of this ... generate the following: os level (G) This integer value controls what level Samba advertises itself as for browse elections. The value of this ... This is a minor issue but I think would be more useable... -- Mariano Absatz - "El Baby" el.b...@gmail.com www.clueless.com.ar -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- "A system admin's life is a sorry one. The only advantage he has over Emergency Room doctors is that malpractice suits are rare. On the other hand, ER doctors never have to deal with patients installing new versions of their own innards!" -- Michael O'Brien -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- * TagZilla 0.066 * http://tagzilla.mozdev.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba PDC + BDCs + LDAP
domain master = No dns proxy = No wins proxy = Yes wins server = 10.3.14.25 ldap admin dn = cn=admin,cn=config ldap group suffix = ou=groups ldap idmap suffix = ou=idmap ldap machine suffix = ou=hosts ldap passwd sync = yes ldap suffix = o=mycompany ldap ssl = no ldap user suffix = ou=people usershare allow guests = Yes panic action = /usr/share/samba/panic-action %d idmap alloc backend = ldap idmap uid = 9-9 idmap gid = 9-9 winbind enum users = Yes winbind enum groups = Yes idmap alloc config:range = 10-50 idmap alloc config:ldap_user_dn = cn=admin,cn=config idmap alloc config:ldap_base_dn = ou=idmap,o=mycompany idmap alloc config:ldap_url = ldap://ldap0.i.mycompany.org idmap config MYCOMPANY:range = 10-50 idmap config MYCOMPANY:default = yes idmap config MYCOMPANY:readonly = no idmap config MYCOMPANY:ldap_base_dn = ou=idmap,o=mycompany idmap config MYCOMPANY:ldap_user_dn = cn=admin,cn=config idmap config MYCOMPANY:ldap_url = ldap://ldap0.i.mycompany.org idmap config MYCOMPANY:backend = ldap ldapsam:editposix = yes ldapsam:trusted = yes [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon guest ok = Yes [printers] comment = All Printers path = /var/spool/samba create mask = 0700 printable = Yes browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/printers One thing that makes me a little suspicious is that running "smbclient -L localhost -N" on the BDC doesn't show me the master: Domain=[MYCOMPANY] OS=[Unix] Server=[Samba 3.3.2] Sharename Type Comment - --- netlogonDisk Network Logon Service print$ Disk Printer Drivers IPC$IPC IPC Service (storni server (Samba, Ubuntu)) Domain=[MYCOMPANY] OS=[Unix] Server=[Samba 3.3.2] Server Comment ---- AR storni server (Samba, Ubuntu) MYCOMPANY-AR storni server (Samba, Ubuntu) STORNI storni server (Samba, Ubuntu) WorkgroupMaster ---- MYCOMPANY When I do the same in the PDC, I see: Domain=[CEJIL] OS=[Unix] Server=[Samba 3.3.2] Sharename Type Comment - --- netlogonDisk Network Logon Service print$ Disk Printer Drivers IPC$IPC IPC Service (auth0 server (Samba, Ubuntu)) Domain=[CEJIL] OS=[Unix] Server=[Samba 3.3.2] Server Comment ---- AUTH0auth0 server (Samba, Ubuntu) SAMBA-PDCauth0 server (Samba, Ubuntu) SAMBA0 auth0 server (Samba, Ubuntu) Workgroup Master ---- CEJILAUTH0 What can I be doing wrong? TIA -- Mariano Absatz - "El Baby" el.b...@gmail.com www.clueless.com.ar -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- If knowledge can create problems, it is not through ignorance that we can solve them. -- Isaac Asimov -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- * TagZilla 0.066 * http://tagzilla.mozdev.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba (vs. nfs) in all unix environment
Hi, I'm sorry if this is a very FAQ, I've been googling around and searchin' the list archive and I'll gladly accept RTFMs with somehow precise URLs (including URLs to the list archives). I'm on the drawing board (no equipment yet) for a server farm that will have a SteelEye linux cluster behind to provide (among other services) with networked file access. The setup is all-linux (likely RHEL 2.1, less likely RHL 8.0, almost unlikely RHEL 3.0), that is, there will not be no windows clients nor servers. The shared filesystems will be used by a Courier-IMAP server and an Apache httpd 2.0 server. I always did these kind of stuff with NFS and I know it would work, but recently someone told me maybe SMB would yeld better performance and resilience in case of a cluster node failing over to the other one... The point is, I don't know anything about this, and searching the web, newsgroups and mailing list archives didn't bring much light into it. I asked in the Courier-IMAP mailing list and the only answer (from Courier-IMAP developer) only stated that he thought samba wouldn't be able to correctly handle ":" charaters in filenames (which Courier-IMAP uses). I did a really quick check with stock samba 2.2.7 included in RedHat 7.3 and I can create a file named "hi:bye" and I can read it thru an smb mount... buy if I list the directory containing it, it appears as "HIBYE~7C", so it's obviously doing some mangling in there. First question is, can I disable all name mangling on a share that will be accessed only by unix machines? or is there any mounting options that allows me to do this? Second (and most important) question is... will SMB provide better performance or more resilience in an all-linux environment? or should I stick with NFS? TIA. -- Mariano Absatz El Baby -- Double your drive space - delete Windows! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba