Re: [Samba] Public no-password share with security = domain, is it possible ?
You can try to use: guest ok = yes also you might need to specify the guest account. On 11/2/10 11:12 PM, Ronal Andadinata wrote: Hi, I have one samba act as PDC controlling a domain and another one act as a Fileserver joined to that domain. Now i need to create a public share that doesn't need user/password. Is that possible ? I tried the following on the Fileserver but didnt work : [public] path=/share/public public=yes read only=no The directory is already in 777 mode. When i try to connect to them from a Windows box that's not it keeps asking me username/password. If enter a domain username/password, it works, but that's not not what i wanted :( Thanks. -- Max León Systems Director Wire Watchers : enterprise : technology : genius -- Avenida 11 y Calle 7-9, Barrio Amón, San José, Costa Rica cel: +(506) 8364-6261 | fax: +(506) 2258-3695 email: ml...@wirewatchers.com mailto:ml...@wirewatchers.com | www.wirewatchers.com http://www.wirewatchers.com -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] help with AD integration
..and the manager gave that work to newly joined me.. :( i don't have any AD and core unix experience..i have only experience in linux.not much may this project will affect my job.. :( my nsswitch.conf */passwd: files ldap winbind group: files ldap winbind hosts: dns files ipnodes:dns files/* *nsswitch+winbind (which I do) or the smb pam module*..? :( i don't know..my client's need is he has a linux machine..also a ADS..from the unix machine, he want to share secure folder's to the AD user's..so eash user can only access that particular shared folder..when the password of user changed in AD, that will affect to the smbpassword...means without changing that particular user's smb password in the unix machine.. for this need which method is useful..from your experience *Does getent passwd show the windows users?* please check the output ..i think getent password only shows unix system password */bash-3.00# getent passwd root:x:0:0:Super-User:/:/sbin/sh daemon:x:1:1::/: bin:x:2:2::/usr/bin: sys:x:3:3::/: adm:x:4:4:Admin:/var/adm: lp:x:71:8:Line Printer Admin:/usr/spool/lp: uucp:x:5:5:uucp Admin:/usr/lib/uucp: nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico smmsp:x:25:25:SendMail Message Submission Program:/: listen:x:37:4:Network Admin:/usr/net/nls: gdm:x:50:50:GDM Reserved UID:/: webservd:x:80:80:WebServer Reserved UID:/: postgres:x:90:90:PostgreSQL Reserved UID:/:/usr/bin/pfksh svctag:x:95:12:Service Tag UID:/: nobody:x:60001:60001:NFS Anonymous Access User:/: noaccess:x:60002:60002:No Access User:/: nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/: ramana:x:100:1::/export/home/ramana:/bin/sh teju:x:101:1::/export/home/teju:/bin/sh user1:x:102:1::/export/home/user1:/bin/sh ben:x:103:1::/home/ben:/bin/sh/* you already have a unix ben and a ADS ben defined? Yes i defined the ben user in Unix and ADS...bcoz i don't have much knowledge about that sorry Hope u will help me Thanks Ben.T.George On Thu, Sep 30, 2010 at 3:59 PM, Gaiseric Vandal gaiseric.van...@gmail.com mailto:gaiseric.van...@gmail.com wrote: disclaimer: I don't use Samba as an ADS member server. I use samba as PDC with trusts to an ADS domain. So my observations may not be valuid. Did you try updating nsswitch.conf passwd: files winbind group:files winbind If you are using a Windows domain and have a user defined in the domain, you generally don't want to add the user as a local user. Since the underlying unix OS needs to know about the domain users you need to either use nsswitch+winbind (which I do) or the smb pam module (which I don't use, and not sure if it really is the correct approach.) If you use nsswitch.conf+winbind you can then also OPTIONALLY allow windows users unix access like ssh.My samba server is a PDC- I have a domain trust with windows domains BUT the default shell is /bin/false.(It is still a little flaky...) Does getent passwd show the windows users? It should show something like ben:*:10001:10001:Ben George:/home/SRE/ben/bin/false or SRE+ben:*:10001:10001:Ben George:/home/SRE/ben/bin/false It looks like = you already have a unix ben and a ADS ben defined? wbinfo -s and wbinfo -n are also useful for making sure that the name-to-sid and sid-to-name mappings are correct for domain users. -- Max León Systems Director Wire Watchers : enterprise : technology : genius -- Avenida 11 y Calle 7-9, Barrio Amón, San José, Costa Rica cel: +(506) 8364-6261 | fax: +(506) 2258-3695 email: ml...@wirewatchers.com mailto:ml...@wirewatchers.com | www.wirewatchers.com http://www.wirewatchers.com
Re: [Samba] samba with AD help.
Can you post the global part of your smb.conf, your nsswitch and your kerberos.conf? On 9/29/10 5:33 AM, Ben George wrote: when i try to join the domain in UNIX (Sun Solaris 10 SPARC),i got error message like this bash-3.00# ./net ads -d3 join -U administra...@sre.com [2010/09/29 14:26:02, 3] param/loadparm.c:(5055) lp_load: refreshing parameters [2010/09/29 14:26:02, 3] param/loadparm.c:(1440) Initialising global parameters [2010/09/29 14:26:02, 3] param/params.c:(572) params.c:pm_process() - Processing configuration file /etc/sfw/smb.conf [2010/09/29 14:26:02, 3] param/loadparm.c:(3794) Processing section [global] [2010/09/29 14:26:02, 2] lib/interface.c:(81) added interface ip=192.168.1.11 bcast=192.168.1.255 nmask=255.255.255.0 Host is not configured as a member server. Invalid configuration. Exiting Failed to join domain: Invalid domain role [2010/09/29 14:26:02, 2] utils/net.c:(1075) return code = -1 please help me solve this thanks -- Max León Systems Director Wire Watchers : enterprise : technology : genius -- Avenida 11 y Calle 7-9, Barrio Amón, San José, Costa Rica cel: +(506) 8364-6261 | fax: +(506) 2258-3695 email: ml...@wirewatchers.com mailto:ml...@wirewatchers.com | www.wirewatchers.com http://www.wirewatchers.com -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Throughput problem with Samba 3.3.1 on NetBSD
Hello everyone, I need some collective wisdom, I have recently start using NetBSD and works quite well on everything but with Samba. I have played with the smb.conf to try to improve performance but to no avail. The setup is fairly simple. Here is my smb.conf [global] workgroup=HOME netbios aliases = MEDIALAB security = user socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 use sendfile = true local master = yes os level = 33 wins support = yes [homes] comment = Home Directories browseable = no writable = yes [musica] comment= Musica para alegrar la vida path = /media/external/Multimedia/Musica public = no writable = no write list = @wheel browsable = yes [peliculas] comment= Algunas pelis para entretenerse path = /media/external/Multimedia/Peliculas public = no writable = no write list = @wheel browsable = yes The problem is that I cannot get not even 1Mbps, while on the exact same environment with CentOS 5 I was getting over the Wireless G 48Mbps. Any ideas on how I might improve performance?, I tried already the NetBSD user mail list to no avail. Thanks in advanced. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem with Centos 5.3 + Samba 3.0.33 +AD (2k3)
Hi everyone, I have an issue with Samba agains Active Directory. The authentication works just fine but when it comes to shares I've ran into some problems. If I use any group mapping from the AD it won't let me access it so I figure that is where the problem lays. If I comment out valid users, force user and force group then I have no problems and it goes by the file system restrictions. Does anyone ever run into the same problem?, is there a way to fix it? Thanks in advanced. Here is my smb.conf: [global] netbios name = filer workgroup = MYCOMPANY realm = MYCOMPANY.COM preferred master = no server string = mycompany Filer security = ADS map to guest = Bad User obey pam restrictions = Yes password server = * log level = 1 vfs:2 log file = /var/log/samba/log.%m max log size = 1000 name resolve order = wins lmshosts bcast socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 os level = 33 local master = no domain master = no wins server = 192.168.0.10 allow trusted domains = no idmap backend = rid:MYCOMPANY=1000-11000 idmap uid = 1000-11000 idmap gid = 1000-11000 winbind use default domain = yes winbind enum users = yes winbind enum groups = yes template shell = /bin/bash template homedir = /home/%U winbind separator = | winbind use default domain = Yes winbind cache time = 30 use kerberos keytab = Yes printcap name = /etc/printcap unix extensions = no [homes] comment = Home Directories valid users = %D|%S path = %H read only = no security mask = 0640 directory security mask = 0750 browsable = no vfs objects = recycle recycle: keeptree = yes recycle: maxsize = 52428800 [Internal] comment = Internal Projects path = /filer/internal read only = yes create mask = 0664 directory mask = 0775 browsable = yes vfs object = recycle recycle: keeptree = yes recycle: maxsize = 52428800 valid users = @pm, @design write list = @pm force group = pm force user = root hide dot files = yes msdfs root = yes Here is the error from the workstation that is trying to get access to the server. The user is part of the Group PM. Error from log.%m: [2009/05/26 10:36:55, 1] smbd/service.c:close_cnum(1230) traveller (192.168.0.71) closed connection to service Internal [2009/05/26 10:36:58, 0] auth/auth_util.c:create_builtin_administrators(844) create_builtin_administrators: Failed to create Administrators [2009/05/26 10:36:58, 0] auth/auth_util.c:create_builtin_users(810) create_builtin_users: Failed to create Users [2009/05/26 10:36:58,id max.leon uid=2109(max.leon) gid=2216(mycompany) groups=2216(mycompany),2152(browse),2108(remote),2190(macadmin),2146(developers),2204(flashdev),2140(qa),2141(design),2180(it-tech),1513(domain users),2139(engineering),2177(pm),1512(domain admins) 1] smbd/service.c:make_connection_snum(1033) traveller (192.168.0.71) connect to service Internal initially as user MYCOMPANY|max.leon (uid=2109, gid=2216) (pid 14369) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] getent passwd not adding users
You need to add idmap uid with the same range as the gid, well at least that is what I've always have done. Jamie Gordon wrote: I'm running Samba version Version 3.0.25b-1.el5_1.2 on RH Enterprise Linux 5. I've configured the SMB server to get users from a Windows 2003 Server Active Directory tree. I was able to join the machine to the domain with no problem. Here's the smb.conf Quote: [global] idmap gid = 6-9 winbind trusted domains only = yes encrypt passwords = yes show add printer wizard = No winbind use default domain = Yes realm = domain netbios name = servername printing = cups idmap uid = 1-5 password server = dcname workgroup = domain os level = 20 printcap name = cups security = domain winbind separator = \ disable spoolss = Yes winbind enum groups = yes winbind enum users = yes My nsswitch.conf has the following; Quote: passwd: files winbind shadow: files group: files winbind wbinfo -u and wbinfo-g work well, returning a list of users and groups. However, when I issue 'getent passwd' my winbind log (/var/log/samba/winbindd.log) shows a long list of the following and no users are added to the passwd db; Quote: [2007/12/04 12:11:03, 1] nsswitch/winbindd_ads.c:query_user_list(209) Not a user account? atype=0x3000 Not sure where to go from here. Any help or hints would be appreciated. Jamie Gordon QA Manager WideOrbit [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] You can't make what you can't measure, 'cause you don't know when you've got it made. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.27a, ubuntu server7.10 auth issues
What does the: net ads testjoin command outputs? Does the wbinfo -u and wbinfo -g give you any output? Guillermo Gutierrez wrote: Well, I tried it but no luck. Getent still won't display the AD users. Guillermo Gutierrez _ (818) 575-2017 (818) 324-0871 [EMAIL PROTECTED] -Original Message- From: Aaron J. Zirbes [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 05, 2007 3:51 PM To: Guillermo Gutierrez Subject: Re: [Samba] 3.0.27a, ubuntu server7.10 auth issues Have winbindd, smbd, nmbd all been restarted? ... just a guess since winbindd is saying it's getting requests of a different size than expected, and I've seen that when I've restarted one daemon, but not the other. You could also try clearing out your tdb cache files I know I run the following command on FreeBSD. I'm not exactly sure what it would be on ubuntu though /usr/local/samba/bin/tdbbackup -v /usr/local/samba/var/locks/*.tdb perhapse? tdbbackup -v var/samba/locks/*.tdb -- Aaron Guillermo Gutierrez wrote: I don't have nscd installed Guillermo Gutierrez _ (818) 575-2017 (818) 324-0871 [EMAIL PROTECTED] -Original Message- From: Aaron J. Zirbes [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 05, 2007 3:37 PM To: Guillermo Gutierrez Subject: Re: [Samba] 3.0.27a, ubuntu server7.10 auth issues Did you restart nscd? Guillermo Gutierrez wrote: I have upgraded to version 3.0.27a on ubuntu 7.10 server and now the getent command wont display the active directory users, but wbinfo will. It worked fine with 3.0.26a and I have not changed my configuration. I do however have this in my winbind log: [2007/12/04 13:39:01, 0] nsswitch/winbindd.c:request_len_recv(544) request_len_recv: Invalid request size received: 2084 (expected 2088) [2007/12/04 13:39:01, 0] nsswitch/winbindd.c:request_len_recv(544) request_len_recv: Invalid request size received: 2084 (expected 2088) [2007/12/04 13:44:09, 1] nsswitch/winbindd_ads.c:query_user_list(209) Not a user account? atype=0x3000 [2007/12/04 13:44:09, 1] nsswitch/winbindd_ads.c:query_user_list(209) Not a user account? atype=0x3000 [2007/12/04 13:44:09, 1] nsswitch/winbindd_ads.c:query_user_list(209) Not a user account? atype=0x3000 [2007/12/04 13:44:09, 1] nsswitch/winbindd_ads.c:query_user_list(209) Not a user account? atype=0x3000 [2007/12/04 13:44:09, 1] nsswitch/winbindd_ads.c:query_user_list(209) Not a user account? atype=0x3000 [2007/12/04 13:44:18, 0] nsswitch/winbindd.c:request_len_recv(544) request_len_recv: Invalid request size received: 2084 (expected 2088) [2007/12/04 13:44:18, 0] nsswitch/winbindd.c:request_len_recv(544) request_len_recv: Invalid request size received: 2084 (expected 2088) [2007/12/04 13:45:34, 0] nsswitch/winbindd.c:request_len_recv(544) request_len_recv: Invalid request size received: 2084 (expected 2088) [2007/12/04 13:45:34, 0] nsswitch/winbindd.c:request_len_recv(544) request_len_recv: Invalid request size received: 2084 (expected 2088) [2007/12/04 13:45:54, 0] nsswitch/winbindd.c:request_len_recv(544) request_len_recv: Invalid request size received: 2084 (expected 2088) [2007/12/04 13:46:19, 0] nsswitch/winbindd.c:request_len_recv(544) request_len_recv: Invalid request size received: 2084 (expected 2088) [2007/12/04 13:46:19, 0] nsswitch/winbindd.c:request_len_recv(544) request_len_recv: Invalid request size received: 2084 (expected 2088) [2007/12/04 13:46:19, 0] nsswitch/winbindd.c:request_len_recv(544) request_len_recv: Invalid request size received: 2084 (expected 2088) [2007/12/04 13:49:35, 1] nsswitch/winbindd_ads.c:query_user_list(209) Not a user account? atype=0x3000 [2007/12/04 13:49:35, 1] nsswitch/winbindd_ads.c:query_user_list(209) Not a user account? atype=0x3000 [2007/12/04 13:49:35, 1] nsswitch/winbindd_ads.c:query_user_list(209) Not a user account? atype=0x3000 [2007/12/04 13:49:35, 1] nsswitch/winbindd_ads.c:query_user_list(209) Not a user account? atype=0x3000 [2007/12/04 13:49:35, 1] nsswitch/winbindd_ads.c:query_user_list(209) Not a user account? atype=0x3000 [2007/12/04 13:49:42, 0] nsswitch/winbindd.c:request_len_recv(544) request_len_recv: Invalid request size received: 2084 (expected 2088) [2007/12/04 13:49:42, 0] nsswitch/winbindd.c:request_len_recv(544) request_len_recv: Invalid request size received: 2084 (expected 2088) [2007/12/04 13:50:17, 1] nsswitch/winbindd.c:main(990) winbindd version 3.0.27a started. Copyright Andrew Tridgell and the Samba Team 1992-2007 [2007/12/04 13:50:17, 0] nsswitch/winbindd_cache.c:initialize_winbindd_cache() initialize_winbindd_cache: clearing cache and re-creating with version number 1
Re: [Samba] 3.0.27a, ubuntu server7.10 auth issues
Well none of the options on your conf file seem to be wrong, however some of them might been stepping over each other toes. For instance, in my experience: You either use de the idmap backend or the idmap gid and uid and the winbind enum groups and users, due the fact that you are running the latest version of samba I recommend to use the idmap backend one. That might be what is causing the conflict. Regards, Max. Guillermo Gutierrez wrote: I don't mean to sound whiny, but I really would like to get some help figuring this thing out. I am including my smb.conf as well: #=== Global Settings === [global] ## Browsing/Identification ### netbios name = Maximus workgroup = MARKETSCAN realm = MARKETSCAN.COM server string = %h server (Samba %v, Ubuntu) dns proxy = no name resolve order = lmhosts host wins bcast Networking interfaces = 127.0.0.0/8 eth0 bind interfaces only = true Debugging/Accounting log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d ### Authentication ### security = ADS encrypt passwords = true password server = * passdb backend = tdbsam obey pam restrictions = yes invalid users = root passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *passwd:*password\supdated\ssuccessfully* . Misc socket options = TCP_NODELAY domain master = no idmap uid = 1-2 idmap gid = 1-2 idmap backend = idmap_rid:MARKETSCAN=1-2 template shell = /bin/bash template home dir = /home/MARKETSCAN/%U winbind enum groups = yes winbind enum users = yes winbind use default domain = yes #=== Share Definitions === [homes] comment = Home Directories browseable = no vfs object = readahead inherit permissions = yes nt acl support = yes valid users = %D/%U writable = yes create mask = 0700 directory mask = 0700 [printers] comment = All Printers browseable = no path = /var/spool/samba printable = yes public = no writable = no create mode = 0700 [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = yes guest ok = no [public] comment = Public Share on %h path = /home/samba/public writeable = yes inherit permissions = yes nt acl support = yes create mask = 0775 directory mask = 0775 vfs object = readahead Guillermo Gutierrez _ (818) 575-2017 (818) 324-0871 [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Guillermo Gutierrez Sent: Tuesday, December 04, 2007 5:09 PM To: samba@lists.samba.org Subject: [Samba] 3.0.27a, ubuntu server7.10 auth issues I have upgraded to version 3.0.27a on ubuntu 7.10 server and now the getent command wont display the active directory users, but wbinfo will. It worked fine with 3.0.26a and I have not changed my configuration. I do however have this in my winbind log: [2007/12/04 13:39:01, 0] nsswitch/winbindd.c:request_len_recv(544) request_len_recv: Invalid request size received: 2084 (expected 2088) [2007/12/04 13:39:01, 0] nsswitch/winbindd.c:request_len_recv(544) request_len_recv: Invalid request size received: 2084 (expected 2088) [2007/12/04 13:44:09, 1] nsswitch/winbindd_ads.c:query_user_list(209) Not a user account? atype=0x3000 [2007/12/04 13:44:09, 1] nsswitch/winbindd_ads.c:query_user_list(209) Not a user account? atype=0x3000 [2007/12/04 13:44:09, 1] nsswitch/winbindd_ads.c:query_user_list(209) Not a user account? atype=0x3000 [2007/12/04 13:44:09, 1] nsswitch/winbindd_ads.c:query_user_list(209) Not a user account? atype=0x3000 [2007/12/04 13:44:09, 1] nsswitch/winbindd_ads.c:query_user_list(209) Not a user account? atype=0x3000 [2007/12/04 13:44:18, 0] nsswitch/winbindd.c:request_len_recv(544) request_len_recv: Invalid request size received: 2084 (expected 2088) [2007/12/04 13:44:18, 0] nsswitch/winbindd.c:request_len_recv(544) request_len_recv: Invalid request size received: 2084 (expected 2088) [2007/12/04 13:45:34, 0] nsswitch/winbindd.c:request_len_recv(544) request_len_recv: Invalid request size received: 2084 (expected 2088) [2007/12/04 13:45:34, 0] nsswitch/winbindd.c:request_len_recv(544) request_len_recv: Invalid request size received: 2084 (expected 2088) [2007/12/04 13:45:54, 0] nsswitch/winbindd.c:request_len_recv(544) request_len_recv: Invalid request size received: 2084 (expected 2088) [2007/12/04 13:46:19, 0] nsswitch/winbindd.c:request_len_recv(544) request_len_recv: Invalid request size received: 2084 (expected 2088) [2007/12/04 13:46:19, 0]
Re: [Samba] Wondering if there is an option like banner
Well while the global option security is still set as server, it will prompt for a user and a password, I do have it set to a guest account, which I designated to nobody but the user must know this and this is why I'm looking for an easy embedded way to let hem be aware of it. On 11/23/07, Koenraad Lelong [EMAIL PROTECTED] wrote: Max León schreef: Hi everyone, I have been googling quite a bit and going through the samba documentation looking for something like a banner for a share and nothing came up. I need to setup a public share on a server that is currently running with server security, so I addedd the nobody account to the smbpasswd with null password, but I want to set a banner on the share that let people know this. Is this possible? Running samba 3.0.26a on slackware 12.0 Thanks so much. There is a comment field for the share. Regards, Koenraad Lelong. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Wondering if there is an option like banner
Hi everyone, I have been googling quite a bit and going through the samba documentation looking for something like a banner for a share and nothing came up. I need to setup a public share on a server that is currently running with server security, so I addedd the nobody account to the smbpasswd with null password, but I want to set a banner on the share that let people know this. Is this possible? Running samba 3.0.26a on slackware 12.0 Thanks so much. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
