Re: [Samba] web client for samba
Davenport, a WebDAV-SMB gateway could be also of interest to you: http://davenport.sourceforge.net/ -sd 2009/12/30 jcflores jcflo...@cablenet.com.pe: Thanks Gary, that's what i'm looking for. If you know a page or link to describe howto implement it, please let me know. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] working smbpasswd webinterface for samba 3.4?
Hello Eero, ChangePassword seems like what you're looking for: http://changepassword.sourceforge.net/ Kind regards, -sd 2009/8/23 Eero Volotinen eero.voloti...@iki.fi: I am using smbpasswd backend without domain model on samba. Is there any working www based interface that users can use to change their smbpasswd ? -- Eero -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] working smbpasswd webinterface for samba 3.4?
Hey Eero, I'm sorry, I was not aware of any bugs in that application. I once used it for users to let them change their system passwords and remembered that it also supports samba password change - that's why I recommended it. Kind regards, -sd 2009/8/23 Eero Volotinen eero.voloti...@iki.fi: Stefan Dengscherz kirjoitti: Hello Eero, ChangePassword seems like what you're looking for: http://changepassword.sourceforge.net/ This one is buggy and corrupts smbpasswd database? -- Eero -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] getent group fails
Hello Kevin, make sure you don't have winbind enum users = yes winbind enum groups = yes turned off in your configuration; it's however set to yes as default. Regards, -sd 2009/6/17 Kevin Blackwell akblack...@gmail.com: Hi, Well, I'll try to start at what I think the root of my problems are. When I do a getent group, I only get a list of the BUILTIN groups. BUILTIN+administrators BUILTIN+users But if I do a wbinfo -g, all the AD groups show up. This alone is not the overall problem, but it is creating a problem because I need getent to return the groups for logging different AD groups to different log files in squid. Another problem is the wbinfo_group.pl and I know this is a squid app, but from what I understand it used wbinfo. /usr/lib/squid/wbinfo_group.pl tuser password Could not get groups for user tuser I can provice config data and anything else necessary. Thanks in advance. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Tool to extract LDAP
Hello Jimmy, ldapadmin (http://ldapadmin.sourceforge.net/) provides a nice win32 GUI for LDAP browsing and editing. It also supports export/import (in LDIF) format. Regards, -sd 2009/4/23 Jimmy PIERRE jimmypierre.rouen.fra...@gmail.com: Greetings, Kindly give me some advice on what tools that you use to extract a LDAP export from SAMBA into a CSV or better? Cheers, Jimmy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC Squid NTLM Auth - Same machine
Hello Victor, did you try supplying the domain name along with the username? Like DOMAIN\administrator. Or adding winbind use default domain = yes to your samba configuration. Regards, -sd 2009/3/31 Victor Medina vitt...@gmail.com: David, it did not work. Any suggestion? Victor Medina Samuel Goldwyn - I don't think anyone should write their autobiography until after they're dead. On Wed, Apr 1, 2009 at 12:13 PM, David Wells d.we...@vitalcan.com.ar wrote: Victor Medina wrote: Hi Guys! Probably this is not the best place to ask, I'll try anyway... =) I've been trying to configure a Samba PDC and a Squid Porxy server with NTLM auth on the same machine but NTML_AUTH keeps complaining about: NT_STATUS_INVALID_HANDLE I have others machines running Squid and Authenticating against a Samba Server but on different machines, this is the first time a try both on the same machine. Can I use Squid+NTLM Auth and Samba configured as PDC on the same machine? Is there any winbind issue with this kind of configuration? I'm using SLES10+SP2 Samba version as reported by rpm is 3.0.32-0.8 Squid version as reported by rpm is 2.5.STABLE12-18.13 - This is my smb.conf [global] dos charset = 850 unix charset = ISO8859-1 workgroup = C1.SV netbios name = PDCSRVC1SV server string = interfaces = eth0 bind interfaces only = Yes map to guest = Bad Password passdb backend = ldapsam:ldap://127.0.0.1 guest account = Invitado time server = Yes deadtime = 20 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = cups logon path = logon home = domain logons = Yes os level = 65 preferred master = Yes domain master = Yes wins support = Yes ldap admin dn = cn=Administrador,o=Ferreteria EPA ldap delete dn = Yes ldap group suffix = ou=group ldap machine suffix = ou=people ldap passwd sync = Yes ldap suffix = ou=c1,c=sv,o=Ferreteria EPA ldap user suffix = ou=people idmap domains = DEFAULT idmap alloc backend = ldap idmap alloc config:range = 1-10 idmap alloc config:ldap_url = ldap://127.0.0.1 idmap alloc config:ldap_user_dn = cn=Administrador,o=Ferreteria EPA idmap alloc config:ldap_base_dn = ou=idmap,ou=c1,c=sv,o=Ferreteria EPA idmap config DEFAULT:range = 1-10 idmap config DEFAULT:ldap_url = ldap://127.0.0.1 idmap config DEFAULT:ldap_user_dn = cn=Administrador,o=Ferreteria EPA idmap config DEFAULT:ldap_base_dn = ou=idmap,ou=c1,c=sv,o=Ferreteria EPA idmap config DEFAULT:default = yes idmap config DEFAULT:readonly = no idmap config DEFAULT:backend = ldap ldapsam:editposix = yes ldapsam:trusted = yes create mask = 0640 force create mode = 0640 directory mask = 0750 force directory mode = 0750 case sensitive = No dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd My relevant squid.conf lines... auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp C1.SV/PDCSRVC1SV auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic C1.SV/PDCSRVC1SV auth_param ntlm children 100 auth_param basic children 100 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours The pdc works as expected, machine join works like charm, users and groups management works equally right, all accounts are placed in the LDAP, getent passwd, groups and shadow shows the ldap accounts I also did a few tests with wbinfo e01ssvsai:/var/lib/samba/winbindd_privileged # wbinfo -u invitado usuarioprueba e01ggen e01glogis e01gcont e01jcomp1 e01jcomp2 e01jcomp3 e01jcomp4 e01jrepo e01jreclu e01rrece e01gcom e01ssvsai:/var/lib/samba/winbindd_privileged # wbinfo -g BUILTIN BUILTIN domain users domain admins domain guests grupoprueba gcentralsv gcompras gcontrol ggerencia glogistica gmercadeo gpersonal gventas gjefecompras gjefecontrol gjefelogistica gjefepersonal e01ssvsai:/var/lib/samba/winbindd_privileged # wbinfo --all-domains C1.SV I also made sure squid users can read /var/lib/samba/winbindd_privileged I also noted this error: e01ssvsai:/var/lib/samba/winbindd_privileged # wbinfo --authenticate=administrator%12345678 plaintext password authentication failed error code was NT_STATUS_NO_SUCH_USER (0xc064) error messsage was: No such user Could not authenticate user administrator%12345678 with plaintext password winbind separator was NULL! challenge/response password authentication failed error code was NT_STATUS_INVALID_HANDLE (0xc008) error messsage was: Invalid handle Could not authenticate user
Re: [Samba] disable logons for all users but Domain Admin?
Hello Tomasz, you can easily modify Samba LDAP users through a script with the smbldap-tools (http://linux.die.net/man/8/smbldap-usermod in this particular case). Regards 2009/3/2 Tomasz Chmielewski man...@wpkg.org: Tomasz Chmielewski schrieb: Is it possible to disable domain logons for all users but Domain Admins? Seems like setting L in sambaAcctFlags does the job. The problem is how to do it globally ;) I exported users from LDAP and added L flag to all User accounts, but Administrator. Then, deleted users and imported the changed ldif. -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- The box said Windows Vista or better. So I bought a Mac. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] disable samba logging
Hello, setting log level to 0 in your configuration should suppress any log messages. -sd 2009/2/7 Nagy Daniel n.dan...@gmail.com: How can I disable samba logging? I already searched Google... :( -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- The box said Windows Vista or better. So I bought a Mac. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] SWAT with an LDAP Backend
Hello David, unfortunately no answer to your question - but once I had the same problem and I've used http://www.karylstein.com/phpLdapPasswd successfully with a bit of hacking (I can't remember exactly what was not working but there were a few patches in the search results when googling for phpLdapPasswd). Another alternative would be to use more mature LDAP Account management web utils: - GOSA - phpLdapAdmin (don't know if it supports user login change Samba password hash) Hope that helps! 2009/2/4 David Markey dmar...@dodds.dmarkey.com: Hi I have a PDC with an LDAP backend that i want to use SWAT to give users the option to change their password via the web interface. I cant seem to be able to get SWAT to authenticate any users it always gives me an authorization error. Is swat with an LDAP backend supported? Cheers. David. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- The box said Windows Vista or better. So I bought a Mac. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba group rights problem (Domain Admins not working)
Hello Jeroen, I just had the same problem you described. The cause of it was, that the LDAP configuration on my new os (Ubuntu 8.04) included an option to ignore the root user from LDAP: nss_initgroups_ignoreusers backup,bin,daemon,dhcp,games,gnats,irc,klog,libuuid,list,lp,mail,man,mysql,news,openldap,proxy,sshd,statd,sync,sys,syslog,uucp,www-data in /etc/ldap.conf. I can't remember if it was the stock config file or if I added it following some howto. However the root user on the server side was not a member of the 'Domain Admins' group because the data came from /etc/passwd. I removed root from the ignore list and it worked. Just check on your PDC, if the root user is really a member of the 'Domain Admins' group with 'id root' - if not - there's your problem. Kind regards, -sd 2008/7/18 Jeroen Vriesman [EMAIL PROTECTED]: Hi list, after upgrading our ldap server, the Domain Admins group doesn't work anymore. Members of the domain admins group don't have any special rights on the workstations (for example, they cannot even change the date of a machine in the domain anymore). When I lookup the group members I get: [EMAIL PROTECTED]javascript:open_compose_win('to=root%40hermesthismailbox=INBOX.Sent');:/etc/samba# net rpc group members 'Domain Admins' Password: HIVOS.NL\root HIVOS.NL\foctaaf HIVOS.NL\lhilarides HIVOS.NL\administrator HIVOS.NL\executor HIVOS.NL\fbodijn HIVOS.NL\psomer HIVOS.NL\jvriesman And the rights of the group: [EMAIL PROTECTED]javascript:open_compose_win('to=root%40hermesthismailbox=INBOX.Sent');:/etc/samba# net rpc rights list 'Domain Admins' Password: SeMachineAccountPrivilege SeRemoteShutdownPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege That seems ok, but when I lookup the rights of a member of the Domain Admins group: [EMAIL PROTECTED]javascript:open_compose_win('to=root%40hermesthismailbox=INBOX.Sent');:/etc/samba# net rpc rights list 'HIVOS.NL\jvriesman' Password: SeAddUsersPrivilege [EMAIL PROTECTED]javascript:open_compose_win('to=root%40hermesthismailbox=INBOX.Sent');:/etc/samba# net rpc rights list 'HIVOS.NL\psomer' Password: nothing here Any idea why members of the Domain Admin group do not get the rights of the group? cheers, Jeroen. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] File/directory renaming denied but write access is okay with Samba/LDAP PDC
Hello List, i recently re-setup our Samba/LDAP PDC. I have the following problem now: The shares lehre and public are writeable, but i cannot rename files/folders on it from Windows (getting an access denied message in Explorer) - however, my user can rename the files manually by logging into the PDC with his account, so permissions seem to be okay. These problems don't occur on the other shares. Any hints? This is Samba version 3.0.28a-1ubuntu4 obviously on Ubuntu (8.04). [global] netbios name = LX01 server string = ... workgroup = ... security = user encrypt passwords = true passdb backend = ldapsam:ldap://localhost/ obey pam restrictions = no local master = yes preferred master = yes os level = 200 domain master = yes domain logons = yes logon drive = z: logon script = logon.bat logon path = \\lx01\%U\.windows profile acls = yes hide files = /?esktop.ini/ntuser.ini/NTUSER.*/?humbs.db/ wins support = yes name resolve order = lmhosts host wins bcast log file = /var/log/samba/%m.log log level = 3 max log size = 1 syslog = 0 socket options = TCP_NODELAY [LDAP STUFF cut] [homes] comment = Homelaufwerk browseable = no writable = yes create mask = 0700 directory mask = 0700 valid users = %U root preexec = /mnt/samba/scripts/smb-home.sh %U profile acls = no [netlogon] comment = Netlogon-Verzeichnis path = /mnt/samba/netlogon guest ok = yes writable = no share modes = no browseable = no [public] comment = Allgemeines Laufwerk path = /mnt/samba/public writeable = yes guest ok = yes create mask = 0750 directory mask = 0750 [lehre] comment = Lehrmaterialien path = /mnt/samba/lehre read list = @Domain Users write list = @Dozenten guest ok = yes create mask = 0755 directory mask = 0755 [web] comment = Webverzeichnisse writable = yes create mask = 0770 directory mask = 0770 valid users = %U path = /var/www/users/%U Thanks in advance, -sd -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba ldap squid dansgardian
Hello L.P.H., Just a note to save you some time: authentication is unfortunately not possible in transparent mode. See the following FAQ for details: http://wiki.squid-cache.org/SquidFaq/InterceptionProxy#head-e56904dd4dfe0e21e5c2903473c473d401533ac7 Kind regards, -sd L.P.H. van Belle schrieb: Hi, Just a question. I have a samba PDC with LDAP backend. I want squid / dansguardian use the user auth from samba NTLM bases. i need user and group filtering and i want it transparent. 2 steps, auth, first the NTLM auth on port 80 to be transparent. second, the dansgadian filter filtering groups. this looks bit like it, but this authenicates against ADS. http://www.howtoforge.com/dansguardian-with-ntlm-auth-and-multi-group-config urations-on-debian-etch Louis http://www.bazuin.nl _ De informatie verzonden in en met dit e-mail bericht is uitsluitend bestemd voor de geadresseerde(n) en is mogelijk vertrouwelijk van aard. Gebruik van deze informatie door anderen dan de geadresseerde is niet toegestaan. Het is voorts niet toegestaan deze informatie openbaar te maken, te verveelvoudigen, te verspreiden en/of aan derden te verstrekken. Bazuin en Partners staat niet in voor de juiste en volledige overbrenging van de inhoud van een verzonden e-mail, noch voor de tijdige ontvangst ervan. The information contained in this e-mail and in any attachments is intended solely for the attention and use of the named addressee(s) and may be confidential. The use of this information by others than the named addressee(s) is not allowed. Moreover, it is not allowed to disclose, copy or distribute this information. Bazuin en Partners is neither liable for the proper and complete transmission of the information contained in this e-mail, nor for any delay in its receipt. _ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba PDC and Samba domain member - LDAP/Winbind/Idmap confusion
Hello List, I have the following scenario: 1x Samba PDC with LDAP backend 1x Samba member server 1x Samba member server (Openfiler) However, I'm confused about Idmapping. I want to use ACLs on the PDC and both member servers. Are my thoughts correct? - Samba member server knows the unix users through LDAP (added in nsswitch.conf) - Authentication when accessing a member server share is performed by the PDC - ACLs won't work without a proper Idmapping backend setup (i want to use LDAP for this) - how does Idmapping fit into here? - Would it be possible to achieve my scenario with winbind? - Could I spare the LDAP configuration on the member servers then? Thanks in advance for enlightening me, Stefan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Member Server creates Samba Domain in LDAP
Hello everyone, my environment consists of a Samba PDC on a Linux box, and another Samba server on Linux that acts as a member server. The PDC runs against an LDAP database. When I join the member server to the PDC, everything works fine, except there is an entry sambaDomainName=LX03 (LX03 is the name of the member server) created in the LDAP root (additionally to the machine Account in my ou=Computers). Is this behaviour ok, do I need the entry in the LDAP root for my member server? Regards, Stefan Dengscherz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba