[Samba] Use of sambaShare Objectclass
Hi list, how can i use the following objectclass that are defined in samba.schema sambaShare sambaConfigOption sambaConfig Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] BDC and Windwos seven
hi list, somebody have been already tested to log into Windows seven when PDC is off line. ( so on BDC) I have joined my seven workstation in samba 3.4.0 successfully and my user can log into it. but when PDC is offline i have an error message that concern the trust relationship between workstation and server. thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] limit user logon to
Miguel, Awesome answer. Just what I needed to get me started. I really appreciate your time! Troy On Wed, Jan 28, 2009 at 5:46 PM, Miguel Medalha miguelmeda...@sapo.ptwrote: I have a question of a similar nature that I am going to post in a separate message in this forum, but what I would like to know is this: Is there a comprehensive list of ALL of the attributes of a sambaSamAccount somewhere? I would like to know all of the various things that you could control on a per user or per workstation basis using Samba and LDAP. LDAP Admin: http://ldapadmin.sourceforge.net/ You can also manage your directory with a browser using the following (among many): phpLDAPadmin http://phpldapadmin.sourceforge.net/wiki/index.php/Main_Page LDAP Account Manager http://lam.sourceforge.net/ Every one of the above LDAP directory management programs will show you the available object classes and their attributes. See Schema Browser under the first two or Schema under the third one. You can also manually open the samba3.schema under /etc/openldap/schema and read them from there. Nevertheless, here it goes: The samba3.schema contains the following object classes: sambaConfig sambaConfigOption sambaDomain sambaGroupMapping sambaIdmapEntry sambaSamAccount sambaShare sambaSidEntry sambaTrustedDomainPassword sambaTrustPassword sambaUnixIdPool The attributes pertaining to the objectClass sambaSamAccount are the following: *sambaSID *uid,userid (inherited from core.schema) cn,commonName (inherited from core.schema) description (inherited from core.schema) displayName (inherited from inetorgperson.schema) sambaAcctFlags sambaBadPasswordCount sambaBadPasswordTime sambaDomainName sambaHomeDrive sambaHomePath sambaKickoffTime sambaLMPassword sambaLogoffTime sambaLogonHours sambaLogonScript sambaLogonTime sambaMungedDial sambaNTPassword sambaPasswordHistory sambaPrimaryGroupSID sambaProfilePath sambaPwdCanChange sambaPwdLastSet sambaPwdMustChange sambaUserWorkstations * The attributes marked with * are required attributes which MUST be present. The others are optional and MAY be present. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows profile properties with Samba
John, Thank you VERY much for your input! That is exactly the information I was looking for. I am continuing to make my way through your How To and By Example books too. I have been lurking on this list for a couple of months and have been very impressed with the level of expertise and the willingness to help here. Knowing this resource exists is one of the things that gives me enough confidence and peace of mind to roll out Samba as a critical system in our work environment, even though I don't have an official channel of paid support. I can't say enough good things about the work that you all accomplish here. Thanks again! Troy On Wed, Jan 28, 2009 at 6:11 PM, John H Terpstra j...@samba.org wrote: On Wednesday 28 January 2009 17:24:52 Troy Heidner wrote: Hello everyone, We are investigating migrating our Windows 2003 active directory domain to a purely Samba one. I am a relative novice to Samba. I have used it many times to do simple file and printer sharing on an individual or workgroup basis, but never in a domain environment. One of the things I need to find out how to do involves delivering Windows profiles. On our Windows network, some users use local profiles, some use roaming profiles, and some use mandatory profiles; depending on their status as staff, faculty, or student. Currently, I set these attributes individually in each user object's properties in active directory. Samba currently implements only NT4 style profile handling. It is easily possible to create any type of NT4-style windows profile. The capability exits for: a) Roaming per-user profiles b) Mandatory profiles (per-user or per-group) c) Network default profiles Samba makes it possible to do this per group also. It is also possible to apply NTConfig.POL policies but so far as I am aware this does not work with Vista and Windows 7. I have successfully deployed a roaming profile on my test Samba network. This is the simplest to deploy. It is documented in Samba3-ByExample. See: http://www.samba.org/samba/docs/Samba3-ByExample.pdf But so far I can only see how to do this globally for all users in the global section of the smb.conf. With an LDAP backend it is possible to specify the location of a per-user profile. This also makes it possible to specify a group profile. I HAVE to be able to assign these on an individual or group basis based on the needs of different users. I intend to use LDAP for my backend. As I understand it, you can set many different user attributes using LDAP. I would like to find out specifically how to setup individual windows profiles, and generally whatever other windows property managements may be possible? Any setting that is available in NT4 can be set with Samba. I'd also like to know if it is possible to assign these kinds of attributes to groups in Samba. Samba does NOT implement group policy objects as does active directory. For that capability you need Samba4 which has not yet been released for production use. You may want to evaluate Samba4 and be part of the feedback team on that. Samba4 implements active directory technology. It would be convenient to be able to set up an environment configuration based on group membership. Then I could control these things merely by moving users in and out of different groups. It is possible to test for group membership in a logon script and then to map drives to or paths to a location at which a group profile is shared. It's one one to get mostly what you want. Cheers, John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Windows profile properties with Samba
Hello everyone, We are investigating migrating our Windows 2003 active directory domain to a purely Samba one. I am a relative novice to Samba. I have used it many times to do simple file and printer sharing on an individual or workgroup basis, but never in a domain environment. One of the things I need to find out how to do involves delivering Windows profiles. On our Windows network, some users use local profiles, some use roaming profiles, and some use mandatory profiles; depending on their status as staff, faculty, or student. Currently, I set these attributes individually in each user object's properties in active directory. I have successfully deployed a roaming profile on my test Samba network. But so far I can only see how to do this globally for all users in the global section of the smb.conf. I HAVE to be able to assign these on an individual or group basis based on the needs of different users. I intend to use LDAP for my backend. As I understand it, you can set many different user attributes using LDAP. I would like to find out specifically how to setup individual windows profiles, and generally whatever other windows property managements may be possible? I'd also like to know if it is possible to assign these kinds of attributes to groups in Samba. It would be convenient to be able to set up an environment configuration based on group membership. Then I could control these things merely by moving users in and out of different groups. Thanks in advance for your help! Troy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] List search question
Hello everyone, I'm a new member here at Samba lists. I've been a lightweight Samba user for several years, but now I am investigating replacing our Active Directory domain with a pure Samba domain. I already have a few questions, but before I start posting them I though I'd ask about searching the list archives. I might be missing something here, but I haven't found a way to do it? I found the list archives, but it would be impractical to browse through all the historical postings to find an answer. Surely there is a way to search that I haven't found? If so, I'd love some pointers. Then I can search for answers to my questions before I begin posting them here. I don't want to rehash old topics if it's not necessary. Thanks in advance for your help! Troy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba with cups. when cups shutingdown client view nothing
hi list, I have installed a samba with cups for share all printers on network. When i stop the cups server i was thinking that the windows client veiw their print device as on error however the client view nothing. All printers are allways shared? when i send a print job on a queue the client says nothing on error and the jobs is not stored in /var/spool/samba and of course it's not printed When i do refresh from Windows clients i always see the printers. Version: OS Fedora core 3 samba 3.0.21b-2 My configuration: ; Directive de configuraiton des impressions printcap cache time = 10 printcap name = cups load printers = yes printing = cups printer admin = @MERCATOR-OCEAN\admins du domaine cups options = raw security = ADS local master = no os level = 10 domain master = no preferred master = no domain logons = no Everything works fine else In the log file i see Printcap cache time expired. [2008/08/06 15:19:04, 3] printing/pcap.c:pcap_cache_reload(117) reloading printcap cache [2008/08/06 15:19:04, 0] printing/print_cups.c:cups_cache_reload(85) Unable to connect to CUPS server cups.domaine.com - Connection refused [2008/08/06 15:19:04, 3] printing/pcap.c:pcap_cache_reload(223) reload status: error -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Mac OSX doesn't retain file timestamp when copying to SAMBA share
Hi All, I'm not sure what's causing this but every time I copy a file from one of the Macs (details below) to the Samba server the file timestamp is changed to the copy time rather than retaining the last modified time. Does anyone know what could be causing this? Systems: Mac OSX (versions 10.3.x - 10.4.x) Windows 2000 Professional Solaris 10 running Samba 3.0.11 Tests... Mac OSX - Mac OSX retains timestamp Mac OSX - W2K share retains timestamp Mac OSX - Solaris Samba share REPLACES timestamp with copy time W2K - Solaris Samba share retains timestamp smb.conf [global] workgroup = OTP server string = OTP Server security = share load printers = yes log file = /usr/local/samba/var/log.%m max log size = 50 socket options = TCP_NODELAY dns proxy = no [otpserver] comment = OTP Server browseable = no writable = yes [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes [otpdata] comment = OTP Data path = /otp/Shared guest ok = yes read only = no writable = yes public = yes [ftpdata] comment = FTP Data path = /otp/user/guest guest ok = yes read only = no writable = yes public = yes Regards, Troy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Errors in log.smbd
Can anyone tell me why these errors are appearing and what I need to do to correct. Thanks in advance. Troy Meyer [2006/08/04 14:55:03, 0] passdb/pdb_smbpasswd.c:build_sam_account(1183) build_sam_account: smbpasswd database is corrupt! username Archive with uid 2 07 is not in unix passwd database! [2006/08/04 14:55:03, 1] smbd/service.c:make_connection_snum(705) ihsea019 (10.25.90.19) connect to service pacs initially as user nobody (uid=- 2, gid=-2) (pid 499780) [2006/08/04 14:55:15, 1] smbd/service.c:close_cnum(887) ihsea019 (10.25.90.19) closed connection to service pacs [2006/08/04 14:55:33, 0] passdb/pdb_smbpasswd.c:build_sam_account(1183) build_sam_account: smbpasswd database is corrupt! username Archive with uid 2 07 is not in unix passwd database! [2006/08/04 14:55:33, 1] smbd/service.c:make_connection_snum(705) ihsea019 (10.25.90.19) connect to service pacs initially as user nobody (uid=- 2, gid=-2) (pid 499780) [2006/08/04 14:55:45, 1] smbd/service.c:close_cnum(887) ihsea019 (10.25.90.19) closed connection to service pacs [2006/08/04 14:56:03, 0] passdb/pdb_smbpasswd.c:build_sam_account(1183) build_sam_account: smbpasswd database is corrupt! username Archive with uid 2 07 is not in unix passwd database! [2006/08/04 14:56:03, 1] smbd/service.c:make_connection_snum(705) ihsea019 (10.25.90.19) connect to service pacs initially as user nobody (uid=- 2, gid=-2) (pid 499780) [2006/08/04 14:56:15, 1] smbd/service.c:close_cnum(887) ihsea019 (10.25.90.19) closed connection to service pacs [2006/08/04 14:56:33, 0] passdb/pdb_smbpasswd.c:build_sam_account(1183) build_sam_account: smbpasswd database is corrupt! username Archive with uid 2 07 is not in unix passwd database! [2006/08/04 14:56:33, 1] smbd/service.c:make_connection_snum(705) ihsea019 (10.25.90.19) connect to service pacs initially as user nobody (uid=- 2, gid=-2) (pid 499780) dsm-tsm:# This message and accompanying documents are covered by the Electronic Communications Privacy Act, 18 U.S.C. ยงยง 2510-2521, and contain information intended for the specified individual(s) only. This information is confidential. If you are not the intended recipient or an agent responsible for delivering it to the intended recipient, you are hereby notified that you have received this document in error and that any review, dissemination, copying, or the taking of any action based on the contents of this information is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail, and delete the original message. * -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Firewalling Samba server
On 10/27/05, John H Terpstra [EMAIL PROTECTED] wrote: On Thursday 27 October 2005 12:23, Loren M. Lang wrote: On Thu, Oct 27, 2005 at 10:56:28AM -0700, DSanchez wrote: I'm planning on firewalling my samba server, i understand that the ports for samba are 137 139 445. Does anyone know if these are udp or tcp ports? 137 udp for nmbd 139 and 445 tcp for smbd Add port 138 UDP (nmbd). Windows also uses port 135 TCP for MS DEC RPC, Samba-3 does not use this port. - John T. You could demonstrate this by: [EMAIL PROTECTED] ~]# service smb stop [EMAIL PROTECTED] ~]# netstat -ln netstat-ln-smb.before [EMAIL PROTECTED] ~]# service smb start [EMAIL PROTECTED] ~]# netstat -ln netstat-ln-smb.after [EMAIL PROTECTED] ~]# diff netstat-ln-smb.* and do it for other services by changing smb to something else. Good luck, Troy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Launching workstation local applications creates SMB traffic and STATUS_NO_SUCH_FILE errors
Launching workstation local applications creates SMB traffic and STATUS_NO_SUCH_FILE errors I am using Samba 2.2.12 as a domain controller without any use of roaming profiles. Everything is working fine, but I have noticed some strange behavior. I've been working on a problem for quite some time. No matter what local application I launch on a workstation, I will see the following server message block (SMB) packets going from the workstation to the server. I don't want to include the server in local applications being launched. I checked the path environmental variable and there are no references to network drives at all. Trans2 Request, QUERY_PATH_INFO Query File Basic Info, Path: \.appname Trans2 Response, QUERY_PATH_INFO Trans2 Request FIND_FIRST2, Pattern: \.appname Trans2 Response, FIND_FIRST2, Error: STATUS_NO_SUCH_FILE Another example will be if I go to run cmd to bring up a DOS window, I will see the following SMB packets from the workstation to the server which clearly creates creates performance problems. Trans2 Request, FIND_FIRST2, Pattern: \CMD* Trans2 Response, FIND_FIRST2, Error: STATUS_NO_SUCH_FILE Trans2 Request QUERY_PATH_INFO, Query File Basic Info, Path: \cmd Trans2 Response, QUERY_PATH_INFO, Error: STATUS_OBJECT_NAME_NOT_FOUND Trans2 Request, FIND_FIRST2, Pattern: \CMD* Trans2 Response, FIND_FIRST2, Error: STATUS_NO_SUCH_FILE Trans2 Request, FIND_FIRST2, Pattern: \CMD* Trans2 Response, FIND_FIRST2, Error: STATUS_NO_SUCH_FILE Trans2 Request, QUERY_PATH_INFO, Query File Basic Info, Path: \cmd.exe Trans2 Response, QUERY_PATH_INFO, Error: STATUS_OOBJECT_NAME_NOT_FOUND It will then bring up the CMD window, and the prompt will be at the Z: drive (users home directory). I want it to come up with C:\ by default. I would like to get this behavior to stop and have tried searching to no avail. Please let me know what I need to do in order to stop the local workstation from this inefficient behavior. Thanks, -Troy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3.0.4 ldap replication and tls will not work
I recently installed samba 3.0.4 with ldap on fedora core 1 and 2. Eveything works fine except for when I turn on tls which I need for secuity. I get tls handshake errors and nothing will work. I had the same setup with redhat 7.1 samba 2.28 and ldap and tls worked great. I seem to have tracked it down to the ldap libraries. If I use ldap libraries 2.1.16 or up the tls handshake errors show up. If I use ldap libraries lower than this tls will work if pointed to the master but if pointed to a slave ldap server a segmentaion fault happens when I try to change passwords or add machines. Replication works fine with tls off. Any ideas if this is a bug in samba, ldap or has something changed in samba 3 and I am doing something wrong -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] vfs recycle and symlinks
Hello, I'm running samba 3.0.1 on RHEL ES3.0 and I'm trying to use the recycle vfs module. The samba share has been expanded with symlinks and the recycle module seems to have problems with this. Below you can see logging from debug level 3. Is there a way to workaround this? [2004/02/24 10:05:06, 2, pid=29502, effective(10044, 10108), real(0, 0)] smbd/open.c:open_file(250) JDTROY opened file groups/Research/private/2.6.3-mm3.bz2 read=Yes write=No (numopen=1) [2004/02/24 10:05:06, 2, pid=29502, effective(10044, 10108), real(0, 0)] smbd/close.c:close_normal_file(228) jdtroy closed file groups/Research/private/2.6.3-mm3.bz2 (numopen=0) [2004/02/24 10:05:06, 3, pid=29502, effective(10044, 10108), real(0, 0)] modules/vfs_recycle.c:recycle_unlink(465) recycle: Move error 18 (Invalid cross-device link), purging file groups/Research/private/2.6.3-mm3.bz2 (.recycle/groups/Research/private/2.6.3-mm3.bz2) [2004/02/24 10:05:07, 3, pid=29502, effective(10044, 10108), real(0, 0)] smbd/process.c:process_smb(890) Transaction 165 of length 44 Best Regards, Jo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba