[Samba] pdbedit error
Samba Version 3.6.3 on Ubuntu 12.04 tbdsam back end. I discovered a couple of accounts we created before the Domain was configured was was an account named administrator intended to be the Smaba Administrator account. In order to change the domain ai ran this command # pdbedit -I DOMAINNAME -U username it worked on a number of accounts when I tried it on administrator I get the # pdbedit -I DOMAINNAME -u administrator Unable to modify TDB passwd: NT_STATUS_UNSUCCESSFUL! Unable to modify entry! # pdbedit -v -u administrator gives the following output Unix username:administrator NT username: Account Flags:[U ] User SID: S-1-5-21-1504512832-3249319461-1142831928-500 Primary Group SID:S-1-5-21-1504512832-3249319461-1142831928-513 Full Name:Samba Administrator,,, Home Directory: \\hamlet\administrator HomeDir Drive:U Logon Script: Profile Path:deleted for privacy Domain: HAMLET Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: never Kickoff time: never Password last set:Fri, 30 Dec 2005 17:29:27 CST Password can change: Fri, 30 Dec 2005 17:29:27 CST Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FF I don't see anything here that looks out of place but I don't know what it all means. -- rob steinmetz Signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Double user name
I have two samba servers running Ubuntu 10.04 Samba Version 3.4.7 One server acts as domain controller and stores user ids in a .tdb Somehow I've ended up with a duplicate user name. On the Domain Controller # pdbedit -w -L|grep debbie debbie:1005::84DEC6FE3B018B0FB977EDDF5009742C:[U ]:LCT-4D4B086F: On the other Server running winbind I get # getent passwd|grep debbie debbie:*:10025:10001::/home/ATLANTA/debbie:/bin/bash LOUISE\debbie:*:10055:10232::/home/LOUISE/debbie:/bin/bash LOUISE\thelma\debbie:*:10056:10232::/home/LOUISE/thelma\debbie:/bin/bash # wbinfo -u|grep debbie LOUISE\debbie LOUISE\thelma\debbie debbie This is the only user that does this. Any ideas what is going on? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Identical Servers, Different Results
I have a small work group with a Domain Controller and 2 Member Servers. I am upgrading everything to the Ubuntu 10.04 LTS and then to LDAP The Domain Controller - HAMLET Ubuntu 8.04 LTS Samba Version 3.0.28a Member Server -REMUS Ubuntu 10.04 LTS Samba Version 3.4.7 Member Server -ROMULUS Ubuntu 10.04 LTS Samba Version 3.4.7 The member servers are identical hardware and the operating system configuration is very similar. The [Globals] in the smb.conf files on the Member Servers are identical as far as I can tell. [global] ROMULUS workgroup = ORLEANS server string = %h server (Samba, Ubuntu, Files) security = DOMAIN map to guest = Bad User obey pam restrictions = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . unix password sync = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 local master = No domain master = No dns proxy = No ldap ssl = no usershare allow guests = Yes panic action = /usr/share/samba/panic-action %d idmap uid = 1-2 idmap gid = 1-2 template shell = /bin/bash winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes invalid users = root admin users = root, administrator hosts allow = 192.168.1.0/255.255.255.0 [global] REMUS workgroup = ORLEANS server string = %h server (Samba, Ubuntu, Authentication, Groupware) security = DOMAIN map to guest = Bad User obey pam restrictions = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . unix password sync = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 dns proxy = No ldap ssl = no usershare allow guests = Yes panic action = /usr/share/samba/panic-action %d idmap uid = 1-2 idmap gid = 1-2 template shell = /bin/bash winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes invalid users = root admin users = root, administrator hosts allow = 192.168.1.0/255.255.255.0 User mapping works as expected, all utilities return the same information. However group mapping does not seem to work the same on both machines. # net groupmap list returns an empty list on REMUS On ROMULUS # net groupmap list Administrators (S-1-5-32-544) - BUILTIN\administrators Users (S-1-5-32-545) - BUILTIN\users # Similarly wbinfo -g returns different results romulus# wbinfo -g BUILTIN\administrators BUILTIN\users domain users domain admins domain guests romulus# remus# wbinfo -g domain users domain admins domain guests remus# # net rpc group -S HAMLET -U administrator Enter administrator's password: Domain Users Domain Admins Domain Guests # Returns the same information on both member servers. I have checked /etc/nsswitch.conf and both appear the same -- Rob Steinmetz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem Samba Share
You are correct! Thank you for catching that. I hope someone can help with the problem. I should learn to type. I wonder why this list is not set up to insert a Reply To header. I imagine a lot of stuff gets lost because of that. I don't use this list much so I'm always forgetting. Michael Wood wrote: 2010/1/26 Robert Steinmetz AIAr...@steinmetznet.com: I'm running out of things to check. I have two servers running Samba 2.3.3, one as a Domain Controller one as a Sorry, I don't know what's causing your problems, but I suspect you mean version 3.2.3, which is what Ubuntu 8.10 ships with. http://packages.ubuntu.com/intrepid/samba The 2: is not part of the Samba version number. It's an epoch, which is explained in Debian's policy manual as follows: It is provided to allow mistakes in the version numbers of older versions of a package, and also a package's previous version numbering schemes, to be left behind. http://www.debian.org/doc/debian-policy/ch-controlfields.html#s-f-Version -- Robert Steinmetz, AIA Principal Steinmetz Associates -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Missing record in share-info.tdb
I may have a clue. I have two servers running Samba 3.2.3, one as a Domain Controller one as a Member Server. Both are running Ubuntu 8.10. smbd, nmbd and winbindd using the tdb back end are running on both. On the Member Server when I access the [Projects] share everything works as expected. When I access the [Windows] share I get prompted for a user name and password but no combination works If I comment out the force group then [Windows] mostly works but not there are issues with one application which will gives error indication it cant create files. I have begun looking in the various .tdb files and have found that there is no entry for the [Windows] share in share_info.tdb r...@louise:/var/lib/samba# tdbtool tdb open share_info.tdb tdb keys key 15 bytes: SECDESC/Hamlet key 18 bytes: SECDESC/Recovered key 14 bytes: SECDESC/Sigma key 14 bytes: SECDESC/Vault key 15 bytes: SECDESC/Office key 16 bytes: SECDESC/Testing key 13 bytes: INFO/version key 17 bytes: SECDESC/Projects tdb The question now is how do I add a record and why isn't it there? I did discover that tdb-tools package was missing from this server (or had been removed or disables). I had to add it back. -- Robert Steinmetz, AIA Principal Steinmetz Associates -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Missing record in share-info.tdb - More information and testing
From testparm notice the [Windows] share is listed. Processing section [printers] Processing section [print$] Processing section [Hamlet] Processing section [Projects] Processing section [Office] Processing section [Sigma] Processing section [Windows] Processing section [Recovered] Processing section [Vault] Processing section [Testing] It appears that share-info.tdb is not being properly updated. To test I added a new share and it showed up in testparm with no error but after restarting Samba nothing was added to share-info.tdb. None of the .tdb files seem to have been updated in several months, which isn't surprising since the Samba configuration of this server hasn't changed in months. Robert Steinmetz AIA wrote: I may have a clue. I have two servers running Samba 3.2.3, one as a Domain Controller one as a Member Server. Both are running Ubuntu 8.10. smbd, nmbd and winbindd using the tdb back end are running on both. On the Member Server when I access the [Projects] share everything works as expected. When I access the [Windows] share I get prompted for a user name and password but no combination works If I comment out the force group then [Windows] mostly works but not there are issues with one application which will gives error indication it cant create files. I have begun looking in the various .tdb files and have found that there is no entry for the [Windows] share in share_info.tdb r...@louise:/var/lib/samba# tdbtool tdb open share_info.tdb tdb keys key 15 bytes: SECDESC/Hamlet key 18 bytes: SECDESC/Recovered key 14 bytes: SECDESC/Sigma key 14 bytes: SECDESC/Vault key 15 bytes: SECDESC/Office key 16 bytes: SECDESC/Testing key 13 bytes: INFO/version key 17 bytes: SECDESC/Projects tdb The question now is how do I add a record and why isn't it there? I did discover that tdb-tools package was missing from this server (or had been removed or disables). I had to add it back. Robert Steinmetz AIA wrote: I may have a clue. I have two servers running Samba 3.2.3, one as a Domain Controller one as a Member Server. Both are running Ubuntu 8.10. smbd, nmbd and winbindd using the tdb back end are running on both. On the Member Server when I access the [Projects] share everything works as expected. When I access the [Windows] share I get prompted for a user name and password but no combination works If I comment out the force group then [Windows] mostly works but not there are issues with one application which will gives error indication it cant create files. I have begun looking in the various .tdb files and have found that there is no entry for the [Windows] share in share_info.tdb r...@louise:/var/lib/samba# tdbtool tdb open share_info.tdb tdb keys key 15 bytes: SECDESC/Hamlet key 18 bytes: SECDESC/Recovered key 14 bytes: SECDESC/Sigma key 14 bytes: SECDESC/Vault key 15 bytes: SECDESC/Office key 16 bytes: SECDESC/Testing key 13 bytes: INFO/version key 17 bytes: SECDESC/Projects tdb The question now is how do I add a record and why isn't it there? I did discover that tdb-tools package was missing from this server (or had been removed or disables). I had to add it back. -- Robert Steinmetz, AIA Principal Steinmetz Associates -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Missing record in share-info.tdb - More information and testing - Error log
Error in log files; log.wb-BUILTIN.old:[2010/01/12 09:51:37, 2] lib/util_tdb.c:tdb_log(682) log.wb-BUILTIN.old: tdb(unnamed): tdb_open_ex: could not open file /var/run/samba/unexpected.tdb: No such file or directory This error occurs many times and is present is other wb- logs. r...@louise:/var/run/samba# ls -l total 544 -rw-r--r-- 1 root root 40200 2010-01-26 11:22 brlock.tdb -rw-r--r-- 1 root root 90112 2010-01-26 11:34 connections.tdb -rw-r--r-- 1 root root 12288 2010-01-22 09:03 gencache.tdb -rw-r--r-- 1 root root 61440 2010-01-26 11:33 locking.tdb -rw--- 1 root root 94208 2010-01-25 17:12 messages.tdb -rw--- 1 root root 696 2010-01-22 09:03 mutex.tdb -rw-r--r-- 1 root root6989 2010-01-24 07:44 namelist.debug -rw-r--r-- 1 root root 6 2010-01-26 11:22 nmbd.pid -rw-r--r-- 1 root root 16384 2010-01-26 11:33 notify.tdb -rw-r--r-- 1 root root 163840 2010-01-26 11:34 sessionid.tdb -rw-r--r-- 1 root root 6 2010-01-26 11:22 smbd.pid -rw-r--r-- 1 root root 28672 2010-01-26 11:22 unexpected.tdb -rw-r--r-- 1 root root 5 2010-01-25 15:00 winbindd.pid drwxr-x--- 2 root winbindd_priv 60 2010-01-25 15:00 winbindd_privileged r...@louise:/var/run/samba# tdbtool tdb open unexpected.tdb tdb keys tdb dump tdb info 0 records totalling 0 bytes tdb Robert Steinmetz AIA wrote: From testparm notice the [Windows] share is listed. Processing section [printers] Processing section [print$] Processing section [Hamlet] Processing section [Projects] Processing section [Office] Processing section [Sigma] Processing section [Windows] Processing section [Recovered] Processing section [Vault] Processing section [Testing] It appears that share-info.tdb is not being properly updated. To test I added a new share and it showed up in testparm with no error but after restarting Samba nothing was added to share-info.tdb. None of the .tdb files seem to have been updated in several months, which isn't surprising since the Samba configuration of this server hasn't changed in months. Robert Steinmetz AIA wrote: I may have a clue. I have two servers running Samba 3.2.3, one as a Domain Controller one as a Member Server. Both are running Ubuntu 8.10. smbd, nmbd and winbindd using the tdb back end are running on both. On the Member Server when I access the [Projects] share everything works as expected. When I access the [Windows] share I get prompted for a user name and password but no combination works If I comment out the force group then [Windows] mostly works but not there are issues with one application which will gives error indication it cant create files. I have begun looking in the various .tdb files and have found that there is no entry for the [Windows] share in share_info.tdb r...@louise:/var/lib/samba# tdbtool tdb open share_info.tdb tdb keys key 15 bytes: SECDESC/Hamlet key 18 bytes: SECDESC/Recovered key 14 bytes: SECDESC/Sigma key 14 bytes: SECDESC/Vault key 15 bytes: SECDESC/Office key 16 bytes: SECDESC/Testing key 13 bytes: INFO/version key 17 bytes: SECDESC/Projects tdb The question now is how do I add a record and why isn't it there? I did discover that tdb-tools package was missing from this server (or had been removed or disables). I had to add it back. Robert Steinmetz AIA wrote: I may have a clue. I have two servers running Samba 3.2.3, one as a Domain Controller one as a Member Server. Both are running Ubuntu 8.10. smbd, nmbd and winbindd using the tdb back end are running on both. On the Member Server when I access the [Projects] share everything works as expected. When I access the [Windows] share I get prompted for a user name and password but no combination works If I comment out the force group then [Windows] mostly works but not there are issues with one application which will gives error indication it cant create files. I have begun looking in the various .tdb files and have found that there is no entry for the [Windows] share in share_info.tdb r...@louise:/var/lib/samba# tdbtool tdb open share_info.tdb tdb keys key 15 bytes: SECDESC/Hamlet key 18 bytes: SECDESC/Recovered key 14 bytes: SECDESC/Sigma key 14 bytes: SECDESC/Vault key 15 bytes: SECDESC/Office key 16 bytes: SECDESC/Testing key 13 bytes: INFO/version key 17 bytes: SECDESC/Projects tdb The question now is how do I add a record and why isn't it there? I did discover that tdb-tools package was missing from this server (or had been removed or disables). I had to add it back. -- Robert Steinmetz, AIA Principal Steinmetz Associates -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem Samba Share
I'm running out of things to check. I have two servers running Samba 2.3.3, one as a Domain Controller one as a Member Server. Both are running Ubuntu 8.10. smbd, nmbd and winbindd using the tdb back end are running on both. On the Member Server when I access the [Projects] share everything works as expected. When I access the [Windows] share I get prompted for a user name and password but no combination works If I comment out the force group then [Windows] mostly works but not there are issues with one application which will gives error indication it cant create files. I have worked through a number of issues eventually finding that pam was not configured correctly, now it seems to be correct, getent now includes the domain users and groups. I can find no difference between the two shares but one works as expected and one doesn't. The only significant apparent difference is that [Windows] is much larger. [Projects] comment = Project Specific Data path = /files/Lucretia/Projects force group = ATLANTA\domain users read only = No create mask = 0764 directory mask = 0775 [Windows] comment = Atlanta Windows Files path = /files/Lucretia/Windows force group = ATLANTA\domain users read only = No create mask = 0764 directory mask = 0775 A list of the directory r...@louise:/files/Lucretia# drwxrwsr-x 36 trish domain users 1608 2010-01-20 15:53 Projects drwxrwsrwx 291 trish domain users 23600 2010-01-25 15:15 Windows There are no acl's set on either directory. -- Robert Steinmetz, AIA Principal Steinmetz Associates -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] wbinfo, net, getent and groups
I have two servers running Samba 2.3.3, one as a Domain Controller one as a Member Server. Both are running Ubuntu 8.10. smbd, nmbd and winbindd using the tdb back end are running on both. I am don't understand the results. As far as I can tell I have everything configured as it should be. The basic globals for the DC [global] workgroup = ATLANTA time server = Yes hostname lookups = Yes domain logons = Yes preferred master = Yes domain master = Yes wins support = Yes idmap uid = 1-2 idmap gid = 1-2 winbind enum users = Yes winbind enum groups = Yes hide dot files = No The glbals for the Member Server [global] workgroup = ATLANTA security = DOMAIN password server = 192.168.1.24 name resolve order = wins bcast hosts wins proxy = Yes wins server = 192.168.1.24 idmap uid = 1-2 idmap gid = 1-2 template shell = /bin/bash winbind enum users = Yes winbind enum groups = Yes hosts allow = 192.168.1.0/255.255.255.0 getent does not return the names on any domain groups or users. wbinfo does return the names on domains groups and users. BUILTIN\administrators BUILTIN\users ATLANTA\domain users ATLANTA\domain guests ATLANTA\domain admins net groupmap list on the DC shows mapping to groups Backup Operators (S-1-5-32-551) - backup Power Users (S-1-5-32-547) - atlanta Replicators (S-1-5-32-552) - staff Domain Users (S-1-5-21-4166445610-3302986456-3838465043-513) - samba Domain Guests (S-1-5-21-4166445610-3302986456-3838465043-514) - nogroup Administrators (S-1-5-32-544) - staff Account Operators (S-1-5-32-548) - account Users (S-1-5-32-545) - samba Print Operators (S-1-5-32-550) - print Guests (S-1-5-32-546) - nogroup System Operators (S-1-5-32-549) - operator Domain Admins (S-1-5-21-4166445610-3302986456-3838465043-512) - staff net groupmap list on the Member Server shows only the builtin in groups Administrators (S-1-5-32-544) - BUILTIN\administrators Users (S-1-5-32-545) - BUILTIN\users -- Robert Steinmetz, AIA Principal Steinmetz Associates -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Permissions Problem
Dale Schroeder wrote: On 01/21/2010 3:08 PM, Robert Steinmetz AIA wrote: I need help understanding what is happening and trouble shooting. I have two servers running Samba 2.3.3, one as a Domain Controller one as a Member Server. Both are running Ubuntu 8.10. smbd, nmbd and winbindd using the tdb back end are running on both. I have two shares on the member server and as far as I can tell they are identical. [Projects] works as expected but [Windows] always asks for a login name even though the smb.conf entries for both are are the same. If I comment out the force group in [Windows] users can access the share but there are errors writing and creating files. If I create a new share it acts as the [Windows] share. Here are the share definitions and a list of the files in the directory; [Projects] Comment = Project Files path = /files/Lucretia/Projects writeable = yes browseable = yes create mask = 0764 directory mask = 0775 force group = ATLANTA\domain users [Windows] comment = Atlanta Windows Files path = /files/Lucretia/Windows browseable = yes writeable = yes create mask = 0764 directory mask = 0775 force group = ATLANTA\domain users r...@louise:/files/Lucretia# ls -l total 66 drwxrwsr-x 2 root 1000148 2008-07-17 03:17 Arris -rw-r-Sr-- 1 root 10001 5952 2008-07-17 04:25 list drwxrwsr-x 74 ATLANTA\rob 10001 17040 2009-12-17 15:25 Office drwxrwsr-x 67 rob 10001 14456 1969-12-31 19:00 Office.orig drwxrwsr-x 51 ATLANTA\trish 10001 4528 2010-01-14 14:26 Projects drwxrwsr-x 8 ATLANTA\rob 10001 400 2009-07-10 15:52 Sigma drwxrwsr-x 6 rob 10001 304 2008-07-17 02:50 Sigma.old drwxrwsr-x 314 ATLANTA\trish 10001 24280 2010-01-13 09:49 Windows Testparm shows no problems although it does rearrange the share definitions somewhat. The problem must be in windows permissions but I don't know how to check them, especially since I have only ssh access because the site is remote. I have to rely on local users for testing. How can I get a list of ATLANTA\domain admin group users? How can I change the permissions? Any possibility of acl's, especially default acl's? getfacl /files/Lucretia/Projects getfacl /files/Lucretia/Windows Looks like not; r...@louise:/etc/samba# getfacl /files/Lucretia/Projects getfacl: Removing leading '/' from absolute path names # file: files/Lucretia/Projects # owner: ATLANTA\134trish # group: 10001 user::rwx group::rwx other::r-x r...@louise:/etc/samba# getfacl /files/Lucretia/Windows getfacl: Removing leading '/' from absolute path names # file: files/Lucretia/Windows # owner: ATLANTA\134trish # group: 10001 user::rwx group::rwx other::rwx -- Robert Steinmetz, AIA Principal Steinmetz Associates -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba Permissions Problem
I need help understanding what is happening and trouble shooting. I have two servers running Samba 2.3.3, one as a Domain Controller one as a Member Server. Both are running Ubuntu 8.10. smbd, nmbd and winbindd using the tdb back end are running on both. I have two shares on the member server and as far as I can tell they are identical. [Projects] works as expected but [Windows] always asks for a login name even though the smb.conf entries for both are are the same. If I comment out the force group in [Windows] users can access the share but there are errors writing and creating files. If I create a new share it acts as the [Windows] share. Here are the share definitions and a list of the files in the directory; [Projects] Comment = Project Files path = /files/Lucretia/Projects writeable = yes browseable = yes create mask = 0764 directory mask = 0775 force group = ATLANTA\domain users [Windows] comment = Atlanta Windows Files path = /files/Lucretia/Windows browseable = yes writeable = yes create mask = 0764 directory mask = 0775 force group = ATLANTA\domain users r...@louise:/files/Lucretia# ls -l total 66 drwxrwsr-x 2 root 1000148 2008-07-17 03:17 Arris -rw-r-Sr-- 1 root 10001 5952 2008-07-17 04:25 list drwxrwsr-x 74 ATLANTA\rob 10001 17040 2009-12-17 15:25 Office drwxrwsr-x 67 rob 10001 14456 1969-12-31 19:00 Office.orig drwxrwsr-x 51 ATLANTA\trish 10001 4528 2010-01-14 14:26 Projects drwxrwsr-x 8 ATLANTA\rob 10001 400 2009-07-10 15:52 Sigma drwxrwsr-x 6 rob 10001 304 2008-07-17 02:50 Sigma.old drwxrwsr-x 314 ATLANTA\trish 10001 24280 2010-01-13 09:49 Windows Testparm shows no problems although it does rearrange the share definitions somewhat. The problem must be in windows permissions but I don't know how to check them, especially since I have only ssh access because the site is remote. I have to rely on local users for testing. How can I get a list of ATLANTA\domain admin group users? How can I change the permissions? -- Robert Steinmetz, AIA Principal Steinmetz Associates -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] erratic winbind authentication
I have had a long term problem with my set up. winbind authentication is erratic. Whenever I restart one of my servers the member server refuses to authenticate users. Sometimes is will only authenticate some users on some shares. Usually by fiddling with it I can eventually get it to work but I can't identify the solution so I can replicate it. Once I get can finally get it to work it works fine until the next restart. Ubuntu 8.04 LTS AMD 64 Samba Version 3.0.28a I have an NT style domain with XP pro desktops. 1 -PDC 1- Member Server No AD No LDAP -- Robert Steinmetz, AIA Principal Steinmetz Associates -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] erratic winbind authentication
Jeremy Allison wrote: On Tue, Nov 18, 2008 at 11:51:25AM -0600, Robert Steinmetz AIA wrote: I have had a long term problem with my set up. winbind authentication is erratic. Whenever I restart one of my servers the member server refuses to authenticate users. Sometimes is will only authenticate some users on some shares. Usually by fiddling with it I can eventually get it to work but I can't identify the solution so I can replicate it. Once I get can finally get it to work it works fine until the next restart. This request is a little short on details, e.g. by fiddling with it I can eventually get it to work. Might help to have more info :-). Jeremy. I apologize for the lack of information, but fiddling with it means that I run a bunch of commands to try to identify the problem and it eventually starts working. I haven't been able identify which command actually causes the system to start working. It doesn't appear to be the same one every time. For example sometimes net join seems to work, but not this time. Users on the NT machines can browse the network and see the Domain, both servers and all of the shares on either server. they can access the PDC with no problem. When they attempt to access the shares on the Member Server sometimes they get a user/password window and no combination of user and password is accepted. If any other information would help let me know. I'm completely stumped, which isn't hard. Ubuntu 8.04 LTS AMD 64 Samba Version 3.0.28a I have an NT style domain with XP pro desktops. 1 -PDC 1- Member Server No AD No LDAP On the PDC smbd and nmbd are unning On the Member Server smbd nmbd and winbind are running. Here is part of nsswitch.con; passwd: compat winbind group: compat winbind shadow: compat winbind Here is the Globals Section of the PDC [global] workgroup = ATLANTA server string = %h mail passwd server (Samba, Ubuntu) passdb backend = tdbsam passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* . syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 time server = Yes hostname lookups = Yes logon path = \\THELMA\%U\.profiles logon drive = U: logon home = \\THELMA\%U domain logons = Yes domain master = Yes preferred master = Yes security = user Here is the Globals for the Member Server [global] workgroup = ATLANTA server string = %h file server (Samba, Ubuntu) security = domain password server = 192.168.1.24 log level = 3 syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 wins proxy = yes wins server = 192.168.1.24 panic action = /usr/share/samba/panic-action %d idmap uid = 1-2 idmap gid = 1-2 template shell = /bin/bash name resolve order = wins bcast hosts hosts allow = 192.168.1.0/255.255.255.0 winbind enum groups = yes winbind enum users = yes Here are two shares one works and one doesn't. [Projects] path = /files/Lucretia/Projects comment = Project Specific Data force group = samba read only = no create mask = 0764 directory mask = 0775 [Office] comment = General Office Data path = /files/Lucretia/Office force group = samba read only = No create mask = 0764 directory mask = 0775 Both directories have the same ownership and linux permissions drwxrwsr-x 69 rob samba 16416 2008-10-24 17:15 Office drwxrwsr-x 51 rob samba 4032 2008-11-12 09:43 Projects Among other commands I have run; wbinfo -u and -g and get what I expect net status shares returns a list of shares net status sessions return a list of sessions getent passwd lists the domain users getent group lists the groups including the domain groups netlookup dc returns the correct ip address netlookup master returns the correct ip address -- Robert Steinmetz, AIA Principal Steinmetz Associates -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Users Profile PDC.name instead of DOMAIN.name
I'm not sure if this is a problem or not. When a user logs into our domain the user profile in Windows is listed as PDC.name where PDC is the name of our domain controller and login server. It seems to me the user should be listed as DOMAIN.user, just like it is in all of the domain query utilities. Samba 3.0.28a Ubuntu 8.05 LTS I'd appreciate any insight in to this anyone can give me. -- Robert Steinmetz, AIA Principal Steinmetz Associates -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] New User Can't access Domain Member Server
I added a new user to and existing PDC and that user only can't access the Member Server, all other users can. When trying to map a share on a Windows machine the users is prompted for a network password. I added the user first as a Linux user using useradd, and that login works Next I used smbpasswd -a to add the user to the PDC, that logon works on the PDC. On the Member Server wbinfo -u lists the new user getent passwd lists the user net usersidlist lists the user net rpc user does not return anything Smbclient fails with this error Domain=[ATLANTA] OS=[Unix] Server=[Samba 3.0.28a] tree connect failed: NT_STATUS_ACCESS_DENIED -- Robert Steinmetz, AIA Principal Steinmetz Associates -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Domain Member Server Problem
I have a problem with a Member Server on Samba 3.0.28a running on Ubuntu Heady. Both systems were recently upgraded using Ubuntu's automated upgrade. It's also possible I broke a working configuration by accident. The shares on the Member server are visible on the XP clients and some users can authenticate properly. At least one user on one XP desktop cannot. The shares are visible but attempting to connect gives a login window and no login works. The PDC (Thelma) also serves as Password Server and Wins Server. Here is the Globals section of smb.conf [global] workgroup = ATLANTA server string = %h server (Samba, Ubuntu) password server = passdb backend = tdbsam passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n*password\supdated\ssuccessfully* . syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 time server = Yes hostname lookups = Yes logon path = \\THELMA\%U\.profiles logon drive = U: logon home = \\THELMA\%U domain logons = Yes os level = 33 domain master = Yes wins proxy = Yes wins server = 127.0.0.1 wins support = Yes ldap ssl = no panic action = /usr/share/samba/panic-action %d idmap uid = 1-2 idmap gid = 1-2 admin users = root, administrator hosts allow = 192.168.1.0/255.255.255.0 profile acls = Yes hide dot files = No The Member Server (Louise) acts as a File Server and was working until I started messing with it. One odd symptom is that in the swat Status Windows shares for that user show up as delilah$, the name of another machine on the network. [global] workgroup = ATLANTA server string = %h server (Samba, Ubuntu) security = DOMAIN password server = THELMA 192.168.1.24 * passdb backend = tdbsam passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* . log level = 1 syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 time server = Yes hostname lookups = Yes logon path = \\THELMA\%U\.profiles logon home = \\THELMA\%U domain master = No wins proxy = Yes wins server = 192.168.1.24 ldap ssl = no panic action = /usr/share/samba/panic-action %d idmap uid = 1-2 idmap gid = 1-2 template shell = /bin/bash admin users = root, administrator hosts allow = 127.0.0.1, 192.168.1. nt acl support = No Any body got a clue? -- Robert Steinmetz, AIA Principal Steinmetz Associates -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Remote Shares
It is possible to define a samba share as share on another machine using \\MACHINE\share. Can some one please describe how this process works and whether once the share is mounted if this represents a performance drag over a mount directly to the remote machine? I am migrating data from one set of servers to another and it seemed to me that the simplest way to transition would be to simply edit the smb.conf to have all users start using the new server and later complete the transition of other services (logins etc) in due time. -- Robert Steinmetz, AIA Principal Steinmetz Associates -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Linux SMB Browser
I'm working on a desktop migration project. I am planning on using Xubuntu for the Operating system, with the usual Linux desktop applications (Seamonkey, Openoffice, Gimp, Inkscape, Scribus ect.) I've been looking for a user land smb browser, similar to Microsoft Network Neighborhood. I want Linux users to be able to browse and mount shares from Windows or Samba servers. I have looked at several and non of the ones I've found ultimately use mount which is root access only. I'm wondering if there isn't a user program which would allow the users to mount share after being validated. Solaris has the mnt user command which can do this. But I'm really looking for a GUI. Any suggestions would be appreciated. -- Robert Steinmetz, AIA Principal Steinmetz Associates -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] unsupported nsswitch entry
After upgrading Samba on Solaris 8 I am unable to change passwords nsswitch.conf passwd: files winbind Attempting to change passwords results in; # passwd root passwd: Unsupported nsswitch entry for passwd:. Use -r repository . Unexpected failure. Password file/table unchanged. How do you get Solaris to recognize the winbind entry? I have installed the winbind library. -- Robert Steinmetz, AIA Principal Steinmetz Associates -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
