[Samba] browsing smb shares with KDE Konquerer
with Samba 3 I can simply type in: smb://server/share and Konquerer will open the smb share. It seems that with Samba 3, Konquerer is using the kerberoes ticket that the AD domain is providing when I kinit [EMAIL PROTECTED] Unfortunelty I noticed that when I try to open a simple text docuement from an smb share on a windows machine Konquerer seems to Stall when downloading the file. Can anyone verify this as a Konquerer or Samba issue? Thanks, Tim -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] groupmap on member server
I'm not an expert please correct me if I'm wrong. With my shares I gave the unix group in question itms_office group ownership. So it looks like this: drwxrwxrwx root itms_office 4096 Oct28 14:46 test One thing to note is that my shares are not sub-directories like your are - so you may have to have the directories above test with the proper unix permissions. My current problem is that the groups I have groupmapped seem to work, but I can't specify and valid domain user account and have it just let that user in the sharejust can't seem to get it to work! Give it a try and please let me know. Tim Dean Knape wrote: drwxrwxrwx2 root root 4096 Oct 28 14:46 test dean dean Tim Jordan, Network Services wrote: How are your unix permissions set? Dean Knape wrote: Greetings, My setup is a multimaster win2k domain with full trusts established. My samba server has joined one of the master domains as a member server. smb.conf has encrypted passwords enabled and security=domain and running on Samba Version 3.0.1pre1 on Linux 2.4.20-20.9smp. Groupmap seems not to work as I was expecting it to. I am trying to map the local unix group itms_office to domain group itms office using: net groupmap add ntgroup=itms office unixgroup=itms_office type=d /etc/group contains the following line for itms_office: itms_office:x:102: The share is setup as follows: [test] comment = test share path= /export/data/test valid users = @itms_office @staff writable= yes printable = no Am I missing something? -dean -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: accessing shares
Domain Admins is a valid Active Directory group. I have it groupmapped to: Domain Admins (S-1-5-21-3417231078-1290269627-1885213793-2005) - root tim is a member of the root group [LinuxSoftware] comment = OpenSource path = /mnt/windows/Software/ public = yes writable = yes printable = no write list =@Domain Admins drwxr--r-- 57 timroot32768 Oct 8 00:49 Software (Do the unix permissions matter or just what is in the smb.conf?) For the other share is you account TIM or tim ? Unix is case sensitive as far as i know. TIM is my windows active directory account - tim is my local unix account. [TIM] comment = Tim's Service path = /home/tim/ writeable = TIM read only = No Winbind should be handling all authentication from our M$ PDC. I can log into my Samba box with a M$ domain account. I just can't seem to get the share authentication working. I'm not sure what logs to watch. I have been reviewing the smbd, nmbd, winbind, and the log that is corresponding to the workstation trying to connect to the Samba share. In the logs I noticed that winbind is trying to authenticate the microsoft workstation connecting to the Samba share. [2003/10/21 10:58:05, 10] nsswitch/winbindd.c:process_request(305) process_request: request fn GETPWNAM [2003/10/21 10:58:05, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(112) [22176]: getpwnam DOL-ANC-WTS2$ [2003/10/21 10:58:05, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(147) user 'DOL-ANC-WTS2$' does not exist Have I missed something in the HOW TO: ? I don't recall having to create machine accounts on the Samba server. I thought Samba is supposed to authenticate the user trying to access the share. If that is true perhaps I have a pam config file wrong? I don't know where to start looking at how the authentication is handled on the Samba share and more importantly what order of authentication is being done...how do I tweak that order to point authentication to my M$ PDC? I did it for the pam.d/login config file. Perhaps I'm not even on the right track... Tim Emmanuel Viennot wrote: May be you should check your write list parameter wich is @Domain Admins . Is Domain Admins a valid group and is tim a member of this group ? For the other share is you account TIM or tim ? Unix is case sensitive as far as i know. Hope that help. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] accessing shares
My experience is very limited on Unix and Samba. Please forgive me if the answer is right in front of me. Problems accessing shares on my Samba 3.0.1pre1 running on Gentoo1.4 I'm stuck big time! I've been trying to figure out why I cannot access shares. The only share I can currently read write to is: [OpenShare] comment = Temporary file space path = /tmp read only = No guest ok = Yes Linux permissions: drwxrwxrwt 36 root root 3328 Oct 21 11:25 tmp When I try to acces [LinuxSoftware {FAT32}] share I get: \\anc-gentoo1\LinuxSoftware is not accessible. You may not have permisions The network path cannot be found. **I have verified that the path is correct.** [LinuxSoftware] comment = OpenSource path = /mnt/windows/Software/ write list = @Domain Admins read only = No guest ok = Yes Linux permissions: drwxr--r-- 57 tim root32768 Oct 8 00:49 Software On this share I get a prompt for username and password; although nothing seems to let me in. TIM is a domain user. [TIM] comment = Tim's Service path = /home/bxnctej/ valid user = TIM read only = No Linux permissions: drwx-- 37 tim Domain Users 2048 Oct 21 11:58 bxnctej * tim is my local linux account I may have narrowed down the problem to this log entry. DOL-ANC-WTS2 is the W2K server that I'm trying to access the Samba shares from. I don't understand why GETPWNAM is looking for the machine name. I understand GETPWNAM to look into /etc/password. I don't understand why winbind wants to look for DOL-ANC-WTS2 in a local password file? [2003/10/21 10:58:05, 10] nsswitch/winbindd.c:process_request(305) process_request: request fn GETPWNAM [2003/10/21 10:58:05, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(112) [22176]: getpwnam DOL-ANC-WTS2$ [2003/10/21 10:58:05, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(147) user 'DOL-ANC-WTS2$' does not exist [2003/10/21 10:58:05, 10] nsswitch/winbindd.c:client_write(502) client_write: wrote 1300 bytes. [2003/10/21 10:58:05, 10] nsswitch/winbindd.c:winbind_client_read(455) client_read: read 1568 bytes. Need 0 more for a full request smb.conf: Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions # Global parameters [global] workgroup = LABOR realm = LABOR.AK server string = Samba3 on ANC-Gentoo1.4 security = ADS password server = DOL-ANC-AD1 log level = 10 log file = /usr/local/samba/var/log.%m max log size = 50 name resolve order = wins bcast socket options = SO_RCVBUF=8192 SO_SNDBUF=8192 os level = 0 preferred master = No local master = No domain master = No wins server = ###.###.###.### idmap uid = 1-2 idmap gid = 1-2 template homedir = /home/LABOR/%U template shell = /bin/bash winbind use default domain = Yes [OpenShare] comment = Temporary file space path = /tmp read only = No guest ok = Yes [TIM] comment = Tim's Service path = /home/bxnctej/ valid users =TIM read only = No [LinuxSoftware] comment = OpenSource path = /mnt/windows/Software/ write list = @Domain Admins read only = No guest ok = Yes I included my groupmap. Should I noticed two groupmappings for Domain Admins bash-2.05b# ./net groupmap list System Operators (S-1-5-32-549) - sys Replicators (S-1-5-32-552) - -1 Guests (S-1-5-32-546) - nobody Domain Users (S-1-5-21-3417231078-1290269627-1885213793-513) - users Domain Admins (S-1-5-21-3417231078-1290269627-1885213793-2005) - root Power Users (S-1-5-32-547) - sys Print Operators (S-1-5-32-550) - lp Administrators (S-1-5-32-544) - ntadmin Domain Admins (S-1-5-21-3417231078-1290269627-1885213793-512) - -1 Account Operators (S-1-5-32-548) - -1 Domain Guests (S-1-5-21-3417231078-1290269627-1885213793-514) - nobody Backup Operators (S-1-5-32-551) - -1 Users (S-1-5-32-545) - users I can do these commands with success! wbinfo -u wbinfo -g getent group getent passwd bash-2.05b# ./nmblookup anc-07-14927xp Got a positive name query response from 146.63.135.98 ( 146.63.135.98 ) 146.63.135.98 anc-07-14927xp00 Please let me know if I can send more info. Thank you for your time, Tim Jordan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] [Fwd: accessing shares]
John: I wanted to add that I have no problem logging into the samba server with a domain account, as long as it's not through KDE. The first time error's out complaining about DCOPServer and not being able to write to the home directorydon't know if this is relevant. My experience is very limited on Unix and Samba. Please forgive me if the answer is right in front of me. Problems accessing shares on my Samba 3.0.1pre1 running on Gentoo1.4 I'm stuck big time! I've been trying to figure out why I cannot access shares. The only share I can currently read write to is: [OpenShare] comment = Temporary file space path = /tmp read only = No guest ok = Yes Linux permissions: drwxrwxrwt 36 root root 3328 Oct 21 11:25 tmp When I try to acces [LinuxSoftware {FAT32}] share I get: \\anc-gentoo1\LinuxSoftware is not accessible. You may not have permisions The network path cannot be found. **I have verified that the path is correct.** [LinuxSoftware] comment = OpenSource path = /mnt/windows/Software/ write list = @Domain Admins read only = No guest ok = Yes Linux permissions: drwxr--r-- 57 tim root32768 Oct 8 00:49 Software On this share I get a prompt for username and password; although nothing seems to let me in. TIM is a domain user. [TIM] comment = Tim's Service path = /home/bxnctej/ valid user = TIM read only = No Linux permissions: drwx-- 37 tim Domain Users 2048 Oct 21 11:58 bxnctej * tim is my local linux account I may have narrowed down the problem to this log entry. DOL-ANC-WTS2 is the W2K server that I'm trying to access the Samba shares from. I don't understand why GETPWNAM is looking for the machine name. I understand GETPWNAM to look into /etc/password. I don't understand why winbind wants to look for DOL-ANC-WTS2 in a local password file? [2003/10/21 10:58:05, 10] nsswitch/winbindd.c:process_request(305) process_request: request fn GETPWNAM [2003/10/21 10:58:05, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(112) [22176]: getpwnam DOL-ANC-WTS2$ [2003/10/21 10:58:05, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(147) user 'DOL-ANC-WTS2$' does not exist [2003/10/21 10:58:05, 10] nsswitch/winbindd.c:client_write(502) client_write: wrote 1300 bytes. [2003/10/21 10:58:05, 10] nsswitch/winbindd.c:winbind_client_read(455) client_read: read 1568 bytes. Need 0 more for a full request smb.conf: Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions # Global parameters [global] workgroup = LABOR realm = LABOR.AK server string = Samba3 on ANC-Gentoo1.4 security = ADS password server = DOL-ANC-AD1 log level = 10 log file = /usr/local/samba/var/log.%m max log size = 50 name resolve order = wins bcast socket options = SO_RCVBUF=8192 SO_SNDBUF=8192 os level = 0 preferred master = No local master = No domain master = No wins server = ###.###.###.### idmap uid = 1-2 idmap gid = 1-2 template homedir = /home/LABOR/%U template shell = /bin/bash winbind use default domain = Yes [OpenShare] comment = Temporary file space path = /tmp read only = No guest ok = Yes [TIM] comment = Tim's Service path = /home/bxnctej/ valid users =TIM read only = No [LinuxSoftware] comment = OpenSource path = /mnt/windows/Software/ write list = @Domain Admins read only = No guest ok = Yes I included my groupmap. Should I noticed two groupmappings for Domain Admins bash-2.05b# ./net groupmap list System Operators (S-1-5-32-549) - sys Replicators (S-1-5-32-552) - -1 Guests (S-1-5-32-546) - nobody Domain Users (S-1-5-21-3417231078-1290269627-1885213793-513) - users Domain Admins (S-1-5-21-3417231078-1290269627-1885213793-2005) - root Power Users (S-1-5-32-547) - sys Print Operators (S-1-5-32-550) - lp Administrators (S-1-5-32-544) - ntadmin Domain Admins (S-1-5-21-3417231078-1290269627-1885213793-512) - -1 Account Operators (S-1-5-32-548) - -1 Domain Guests (S-1-5-21-3417231078-1290269627-1885213793-514) - nobody Backup Operators (S-1-5-32-551) - -1 Users (S-1-5-32-545) - users I can do these commands with success! wbinfo -u wbinfo -g getent group getent passwd bash-2.05b# ./nmblookup anc-07-14927xp Got a positive name query response from 146.63.135.98 ( 146.63.135.98 ) 146.63.135.98 anc-07-14927xp00 Please let me know if I can send more info. Thank you for your time, Tim Jordan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] domain groups accessing samba share
Hey John, I've been working on this most the day. Just can't seem to nail it down! (Yes sir I did read the How To) Winbind is working fine - I can: wbinfo -g wbinfo -u getent passwd getent group Problem is when I try to use a domain group on a Samba share I get a username and password prompt; although, nothing seems to get me in! Please advise #Samba 3.0 running under Gentoo1.4 [global] workgroup = LABOR realm = LABOR.AK server string = Samba3 on ANC-Gentoo1.4 security = ADS password server = passwordserver log file = /usr/local/samba/var/log.%m max log size = 50 socket options = SO_RCVBUF=8192 SO_SNDBUF=8192 os level = 0 preferred master = No local master = No domain master = No dns proxy = No wins server = win_server_ip idmap uid = 1-2 idmap gid = 1-2 template homedir = /home/winnt/%D/%U template shell = /bin/bash [Linux Software] comment = Open Source Software path = /home/tim/Linux Software valid users = @LABOR\domain admins write list = @LABOR\domain admins read only = No -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Host NTFS Shares on Samba Server?
Running Samba 2.2.8a I have a secondary hard drive (100GB) full of desktop images that I would like to share. The drive is installed in my Samba server and currently setup in fstab as: /dev/hda2 /mnt/myntfs ntfs defaults 0 0 This allows root access read permissions. Can I setup my Samba server to allow domain admins to access the data on this secondary drive? Please advise, Tim Jordan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Authentication Scheme for Samba3.0beta
Hello, I'm trying to configure authentication for my Samba3.0beta box against our W2K (mixed-mode), Acitve Directory network. Is Windbind still the way to go for login authentication in Samba3.0 using my Windows domain account? I want to stay with our Acitve Directory PDC authenticating me. Is there a way to get my Kerberos ticket at login for my Samba box? Being able to easily connect to windows machines, from a shell, using the Kerberos ticket is very nice! Can I do that through a broswer such as Konqueror? My current setup still prompts me for authentication to each share. I have enjoyed working with Samba over the past few weeks (I'm very new at this!). Any info. or pointers are very appreciated. TIA, Tim -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Authentication from W2K PDC..Samba 3.0beta
Hello everyone, Can I use Ldap to authenticate against our W2K PDC? I have winbind working for Samba 2.2.8a - but the boss wants me to see about Ldap. If this is possible could you provide a starting point for me? I can use getent group to get a list of domain groups after I adjusted the /etc/ldap.conf By default Samba found our State Ldap server upon installation - I work for the State of Alaska, USA. TIA, Tim -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] why is samba3.0 server showing as PDC in W2K domain?
Please advise. I'm want to bring in Samba 3 to our existing W2K mixed-mode domain as a member server. Here is my smb.conf: realm = DEPLOY.AK ads server = xxx.xxx.xxx.xxx security = ads encrypt passwords = yes name resolve order = wins lmhosts bcast netbios name = tim-on-samba3 local master = no os level = 20 log file = /var/log/samba/log.%m socket option = TCP_NODELAY SO_SNDVUR=8192 SO_RCVBUF=8192 wins server = xxx.xxx.xxx.xxx wins support = no map to guest = bad user doman master = no template shell = /bin/bash server string = samba 3.0beta perferred master = no TIA, Tim -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Joined AD, Kerberos working, now what?
I have the kerberos working on a red hat 8.0 box. I can map to shares (in our Windows 2K domain) easly via the shell. Will kerberos let me view shared directories within our Windows 2000 (mixed-mode) domain using a browser such as Nautilus or Konquerer? Also, now that my box is a domain member and I can get a kerberos ticket for the PC - do I still setup winbind to authenticate users agains Active Directory at Log on? Tim -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba