Re: [Samba] Strange problem - Samba 3.0.23 on Solaris 9 Sparc
Hmmm, i'm going to check but that user is not logged, what we do is to login with an operator account, next we do a su - root and there we do 'groups $user'. Thanks! El Miércoles 26 Julio 2006 13:38, Gerald (Jerry) Carter escribió: Samuel Partida wrote: Our problem begins with a production Solaris 9 Sparc server, everything runs succesful, but there is just one user on the Active Directory that when we change some group membership, the changes are not reflected on the Solaris 9 server (verifying with groups command)... is very strange because for other users it is working perfectly. new group membership is guaranteed to be available when a user logins in. When you say you are using the 'groups' command to verify membership, is the user actually logging in? And 'su - $User' doesn't count here. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -- --- Samuel Partida Amores ISOTROL. Área de Seguridad. [EMAIL PROTECTED] Tfno. 955 036 836 --- -- --- Samuel Partida Amores ISOTROL. Área de Seguridad. [EMAIL PROTECTED] Tfno. 955 036 836 --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind cache
Hi all, we are having some troubles with the integration of some Solaris 9 Sparc servers on a Windows 2003 Server Active Directory domain. When we made the tests on a Solaris 9 Intel server, everything run successfully. After that we run some group membership tests, just changing users from one to another group on the W2K3 Server. We've seen on those tests that winbind was caching the group membership for some users (sometimes just for one user). The tests we have done from a local user on Solaris 9 server: 1 Run 'groups aduser', the group membership for aduser is shown. 2 Change 'aduser' membership on the AD server. 3 Run 'groups aduser', the group membership for aduser is shown but is not reflecting the changes made. 4 Restart winbind setting cache time to zero. 5 Repeat steps 1,2,3 and now it reflects all changes made on AD server. We have read the documentation and found two options: · Setting the cache time: winbind cache time = 0 (We don't know if zero is zero or it is unlimited time) · Running winbindd: winbindd -n (it is no caching mode) We still don't know really if the problem is from Winbind but the tests seem that setting out the winbind cache, the group membership resolution is more effective. The questions are, does someone know how the winbind cache works and how it could be effectively shut down to be sure it won't cache anything anymore? should we set the cache time to zero, another value, run winbindd with -n, do both things (cache time = 0 winbindd -n)? is there another site/doc where we should rtfm for winbind? did someone had similar troubles? By the way, the nscd is not running on the Solaris 9 server. Thanks! -- --- Samuel Partida Amores ISOTROL. Área de Seguridad. [EMAIL PROTECTED] Tfno. 955 036 836 --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Strange problem - Samba 3.0.23 on Solaris 9 Sparc
Hi, we have deployed successfully Linux clients to an Active Directory domain
with Samba 3.0.23. We had no problem with the ads authentication, winbind,
kerberos, and id resolutions.
Late we did the same on a test Solaris 9 x86 server, with a successful result
again.
Our problem begins with a production Solaris 9 Sparc server, everything runs
succesful, but there is just one user on the Active Directory that when we
change some group membership, the changes are not reflected on the Solaris 9
server (verifying with groups command)... is very strange because for other
users it is working perfectly.
We thought that the winbind cache was implicated so we deleted the files and
ran the daemon in no-caching mode, without success
¿Does someone has any clue? Thanks!
P.D.: Attached are the config files.
--
---
Samuel Partida Amores
ISOTROL. Área de Seguridad.
[EMAIL PROTECTED]
Tfno. 955 036 836
---
[libdefaults]
default_realm = SEGURIDAD.RED.ISOTROL.COM
[realms]
SEGURIDAD.RED.ISOTROL.COM = {
kdc = 192.168.101.138:88
}
#
#ident @(#)pam.conf 1.2002/01/23 SMI
#
# Copyright 1996-2002 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
# PAM configuration
#
# Unless explicitly defined, all services use the modules
# defined in the other section.
#
# Modules are defined with relative pathnames, i.e., they are
# relative to /usr/lib/security/$ISA. Absolute path names, as
# present in this file in previous releases are still acceptable.
#
# Authentication management
#
# login service (explicit because of pam_dial_auth)
#
login auth requisite pam_authtok_get.so.1
login auth sufficient pam_dhkeys.so.1
login auth sufficient pam_unix_auth.so.1
login auth sufficient pam_dial_auth.so.1
login auth sufficient /usr/lib/security/pam_winbind.so.1 debug
try_first_pass
#
# rlogin service (explicit because of pam_rhost_auth)
#
rlogin auth sufficient pam_rhosts_auth.so.1
rlogin auth requisite pam_authtok_get.so.1
rlogin auth sufficient pam_dhkeys.so.1
rlogin auth sufficient pam_unix_auth.so.1
rlogin auth sufficient /usr/lib/security/pam_winbind.so.1 debug
try_first_pass
#
# rsh service (explicit because of pam_rhost_auth,
# and pam_unix_auth for meaningful pam_setcred)
#
rsh auth sufficient pam_rhosts_auth.so.1
rsh auth sufficient pam_unix_auth.so.1
rsh auth sufficient /usr/lib/security/pam_winbind.so.1 debug
try_first_pass
#
# PPP service (explicit because of pam_dial_auth)
#
ppp auth requisite pam_authtok_get.so.1
ppp auth required pam_dhkeys.so.1
ppp auth required pam_unix_auth.so.1
ppp auth required pam_dial_auth.so.1
#
# Default definitions for Authentication management
# Used when service name is not explicitly mentioned for authenctication
#
other auth requisite pam_authtok_get.so.1
other auth sufficient pam_dhkeys.so.1
other auth sufficient pam_unix_auth.so.1
other auth sufficient /usr/lib/security/pam_winbind.so.1 debug
try_first_pass
#
# passwd command (explicit because of a different authentication module)
#
passwd auth required pam_passwd_auth.so.1
#
# cron service (explicit because of non-usage of pam_roles.so.1)
#
cronaccount requiredpam_projects.so.1
cronaccount requiredpam_unix_account.so.1
#
# Default definition for Account management
# Used when service name is not explicitly mentioned for account management
#
other account requisite pam_roles.so.1
other account sufficient pam_projects.so.1
other account sufficient pam_unix_account.so.1
other account sufficient /usr/lib/security/pam_winbind.so.1
#
# Default definition for Session management
# Used when service name is not explicitly mentioned for session management
#
other session sufficient pam_unix_session.so.1
other session sufficient /usr/lib/security/pam_winbind.so
#
# Default definition for Password management
# Used when service name is not explicitly mentioned for password management
#
other password required pam_dhkeys.so.1
other password requisite pam_authtok_get.so.1
other password requisite pam_authtok_check.so.1
other password required pam_authtok_store.so.1
#
# Support for Kerberos V5 authentication (uncomment to use Kerberos)
#
#rlogin auth optional pam_krb5.so.1 try_first_pass
#login auth optional pam_krb5.so.1 try_first_pass
#other auth optional pam_krb5.so.1 try_first_pass
#cron account optionalpam_krb5.so.1
#other account optionalpam_krb5.so.1
#other session optionalpam_krb5.so.1
#other password optional pam_krb5.so.1 try_first_pass
[global]
workgroup = SEGURIDAD
log file = /var/log/samba/log.%m
max log size
[Samba] Application Server
Hi there! Is possible to install software on the Samba Server and make users run that software from their workstations instead of installing locally? I know that it could take down the network perfomance but it could be useful for some little software like 7-zip, yahoo messenger, etc... Thanks. Samuel Partida. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba acting as ADS Server
Hello, i'm new in the list so hi everybody! I think that this question could be asked many times, is possible make Samba act as ADS server? Maybe with the Samba-TNG fork or with some CVS version? Thanks. -- Samuel Partida Área de Informática Fundación Radio ECCA Delegación Andalucía [EMAIL PROTECTED] www.eccandalucia.org Tel.: 954 54 62 60 Fax.: 954 53 45 32 Av Luis de Morales, 32 Edf. Forum Modulos 228-230 41018 Sevilla -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Avoiding the desktop.ini notepad popup on startup, and other hidden files.
Hi there, we had some problems with that issue, i know it is covered and i solved it with veto file = /*ktop.ini/ etc... But now i'm thinking about it again, it's because Windows XP saves some metainformation in some hidden files, one of them is desktop.ini, which is very annoying because notepad is opened on every user session, but, there is another file, thumbs.db, it becomes visible on remote shares and roaming profiles. My question is: it is possible to mantain the functionallity of those files while make them hidden? Maybe with hide files? If I use hide files instead of veto files for desktop.ini will dissapear the problem of the notepad pop up? I'm going to make another Samba server for testing those things but I'm short of time now so if someone know the answer it would help a lot. :) Thanks and excuse my english!! Samuel Partida -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba PDC and NT Domain Policies on XP Professional.
Hi there! How can I manage NT Domain Policies on a Samba PDC? How can I make the XP Pro workstations get those policies applied? Which tool do I need to generate those policies? Thanks!!! Samuel Partida. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
