Re: [Samba] Rid generation
Den Friday 19 September 2008 09:48:38 skrev Nuno Fernandes: On Thursday 18 September 2008 18:26:00 Helmut Hullen wrote: Hallo, Nuno, Du (npf-mlists) meintest am 18.09.08: If i have smbpasswd with: user1:1416:803A317873C24BBDAAD3B435B51404EE:2DF2CB1538FE718DE034707A5 21AA893: [U ]:LCT-1221415636: [EMAIL PROTECTED] samba]# pdbedit -L -v user1 User SID: S-1-5-21-1454471165-2146950999-672003340-1416 Where does it get the 1416 Rid from? What tells getent passwd user1 The Samba Rid looks like the Linux group ID. Viele Gruesse! Helmut Nop.. it's not the uid... # pdbedit -L -v user2|grep SID; getent passwd user2 User SID: S-1-5-21-1713105005-2794899747-1095719273-4648 Primary Group SID:S-1-5-21-1713105005-2794899747-1095719273-513 user2:x:1824:1824::/home/user1:/sbin/nologin Best regards, Nuno Fernandes It's the following algorithm tas used: uid*2+1000 1824*2+1000=4648 /Ulf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Is there a way to support both local and roaming profile with one server / domain?
On Saturday 14 July 2007, Michael Lueck wrote: Recent list messages got me thinking... Is there a way to support both local and roaming profile with one server / domain? As I understand it, the magic line that tells Samba not to do roaming profiles is the smb.conf line: logon path = Which the line must exist, and must be set to null. But that is in the global section. So is there a way to support both local and roaming... with some Samba magic?! ;-) Using LDAP you can. Setting the attribute sambaProfilePath to a profile share for a user enables roaming profile while users without this attribute gets a local profile. /Ulf TIA! -- Michael Lueck Lueck Data Systems http://www.lueckdatasystems.com/ -- Ulf Norén IT-avd, Mittuniversitetet 070-5142781 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] What triggers a make_user_info_map
We have a quite large samba installation/domain spanning 4 campuses with a DC/LDAP on every campus. On one campus, one big computer-lab behaves a bit strange. All the computers connects to the DC every 2-3 minutes or so and triggers a make_user_info_map mapping 100-300 or so username's to RID's. This places high load on the LDAP-server. It doesn't matter if anyone is logged on. They do this around the clock! The lab is reinstalled and is not configured any differently than all the others. I can't find any reason for this behavior. Anyone out there got a clue? /Ulf -- Ulf Norén IT-avd, Mittuniversitetet 0660-57899,070-5142781 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] domain logons - prevent multiple logins with the same account
On Monday 12 February 2007 11:03, Nagy Zoltan wrote: hi i'm trying to solve this problem, i've came up with a solution, but i don't think that this is the best availibe method for this problem i read about that samba does provides a 'preexec' call that can prevent a share to be accessed, and i figured out, that with this i can reject access to a share if the user have already logged in from another maschine. and if i wrote the currently logged in computer name to a file on a share that can be accessed when the login is unsuccessfull, i can pop up a dialog on the client from the network logon script at client side when it detects that the user is trying to login to the domain twice, and write him where he have been logged in before. so..solution's logical outline: samba * [netlogon] * logon.bat * compare $home/.login_magic, $profile/.login_magic, if not the same, the client is trying to login twice.. pop-up message box with $home/.successfull_login_machine_name logoff user * this file check's %home%/.successfull_login_machine_name * [profiles] preexec close=yes preexec = prevent_multiple_logon.bash * if machine is the first login to the domain write machine name to $home/.successfull_login_machine_name write a random number to $home/.login_magic, $profile/.login_magic return ok else return false * [homes] not protected with preexec i haven't found a solution to prevent the client from logging in when the profile connection has been rejected, maybe i've missed the setting on the windows local security policy settings panel or i've missed a configuration option in my samba config? any suggestions? :) best regards, kirk I have done this. just put the preexec in the global scope. [global] . . preexec close=yes preexec = prevent_multiple_logon.bash . . [netlogon] /Ulf -- Ulf Norén IT-avd, Mittuniversitetet 0660-57899,070-5142781 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] domain logons - prevent multiple logins with the same account
On Monday 12 February 2007 14:10, Nagy Zoltan wrote: I have done this. just put the preexec in the global scope. [global] . . preexec close=yes preexec = prevent_multiple_logon.bash . i've tried this too, but the client still can login to the domain (or i missed something...i will try this again tonight) it won't be denied to use that computer and force him to logout on the other i'm looking for an alternative for this, because i find this solution a kind of a 'hack around' .. i don't know that is it possible with ldap, to limit the number of logins of an account...in this case 1 ;) Strange. I use this method to deny access to a copy-machine that can authenticate to a windows/samba-server. The script checks if the user got money on his copy-account. If has_money exit 0 else exit 1 exit 1 effectively fails the authentication. I don't see why a domain logon would work any different... /Ulf -- Ulf Norén IT-avd, Mittuniversitetet 0660-57899,070-5142781 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How to handle domain logout?
On Sunday 01 October 2006 14:22, DRVTiny wrote: I need to create a server-side (bash or perl script) handler for domain user logoff event. Is it possible to do it theoretically and if it is possible, how can i realize this in practice? My configuration: PDC running Samba 3.0.23b with 35 workstations under Windows 2000 Pro connected to PDC Thanks! A clean logoff can be handled through a logout script on the client. That script could connect to a special share on the server that has a configured preexec-script. I use this teqnique for logging purposes. /ULf -- Ulf Norén IT-avd, Mittuniversitetet 0660-57899,070-5142781 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Two samba installation on the same host
On Friday 04 August 2006 14:51, [EMAIL PROTECTED] wrote: Dear all For some reasons I would like to run two samba installations (/opt/samba1 and /opt/samba2) on the same host. Is such a dual installation supported? If yes, what do I have to consider? I have done that for years without problems.With even more instances. You just have to compile two instances with differnet install-prefix. Then you need to configure a second IP-address on the network interface. something like ifconfig eth0:1 ip-address In smb.conf configure samba to bind to that second interface using the parameters socket address and interfaces And of course you need different netbiosnames... /Ulf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem joining klient on a BDC
Hi I have set up a Samba-environment with , at the moment, one PDC and three BDC's. LDAP-master at the PDC and slaves on the BDC's. I can logon to the domain through whichever DC is choosen but when i try to join a machine the PDC MUST be available. The client seems to check among the avilable DC's but if the PDC is down it just tells me it can't find a domain-controller for the domain. If the PDC is up and running it gets selected to process the join. As I understand it, it should be possible to join a machine via the BDC as long as the LDAP-master is available. Correct? If I configure the BDC with Domain master = yes it is accepted as a valid DC and joining the client works. The client i have tested with is WinXP SP2. Anyone have any ideas or corrections? It's not a major showstopper but for redundancy and load-balancing it would be nice to get this working if possible. After all the domaincontrollers reside in 4 different cities... /Ulf -- Ulf Norén IT-division, Mid Sweden University -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] disallowing copying files to the shares by extension
On Thursday 03 March 2005 09:52, Mitch (WebCob) wrote: hi, Is it possible to filter files by their extensions for samba shares? For example no mp3 files can be coppied to the file server. thanks.. [Mitch says:] I'm up late - so I'll give you an idea... there are options to hide files, and I think to restrict access to hidden files - not sure if they will prevent file creation, but they might prevent access once they exist, then you could just do a : find /some/path -name *.mp3 -exec rm {} \; to get rid of them. Check out veto files = /*.mp3/*.MP3/*.avi/*.AVI/ /Ulf -- Ulf Norén IT-avd, Mittuniversitetet 0660-57899,070-5142781 OBS! Den 1 januari 2005 blev Mitthögskolan Mittuniversitetet. Ny webbadress fr o m 050101: www.miun.se http://www.miun.se/ Ny E-postadress fr o m 050101: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba