[Samba] S4 file server : access to large file 1 GB
Hi all My S4 is configured as a file server. The AD DC is a 2003 win server. My users are talking about slow speed on open pst file or other largest file. I have this in my smb.conf socket options = TCP_NODELAY SO_RCVBUF=32768 SO_SNDBUF=32768 I tranfer a 3GB file on the server and I see variations in speed transfer. Generally it cost 28% of my bandwith (1 Gb/s) but, after a while, it speed down to 8% or 5% for a little time (1 second) and then go to 28%. I see this 4 times in the transfer. From what can it be ? Thanks FRanck -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Error in DRS Showrepl
It is !! Thanks !! But what about that : From DC2 I run samba-tool drs showrepl DC1 Failed to bind to uuid e3514235-4b06-11d1-ab04-**00c04fc2dcd2 for e3514235-4b06-11d1-ab04-**00c04fc2dcd2 at ncacn_ip_tcp:DC1[**1024,seal] NT_STATUS_UNSUCCESSFUL ERROR(class 'samba.drs_utils.drsException'**): DRS connection to DC1 failed - drsException: DRS connection to DC1 failed: (-1073741823, 'Undetermined error') File /samba/lib/python2.6/site-**packages/samba/netcmd/drs.py, line 39, in drsuapi_connect (ctx.drsuapi, ctx.drsuapi_handle, ctx.bind_supported_extensions) = drs_utils.drsuapi_connect(ctx.**server, ctx.lp, ctx.creds) File /samba/lib/python2.6/site-**packages/samba/drs_utils.py, line 54, in drsuapi_connect raise drsException(DRS connection to %s failed: %s % (server, e)) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] S4 : trusting NT4 domain
2013-03-16
Thread
DDT 67/SG/MGI/CI (Cellule informatique) emis par BOTZ Franck (Informaticien) - DDT 67/SG/MGI/CI
Hi ! I want to trust a 2003 domain on my S4 PDC The final is to access shares on 2003 domain How do i do this ? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] S4 : trusting 2003 domain
Hi Andrew My question: is it possible to mix a solution to enable a trusting relation ? I explain : I have 2 different domains name : DOMAIN1 and DOMAIN2 DOMAIN1 = manage with windows 2003 PDC DOMAIN2 = the new domain Like building a trust relation isn't possible between S4 and 2003 if I do this : 1- Install a Win2003Server which manage the DOMAIN2 2- Build a trust relation between the DOMAIN1 and DOMAIN2 will be functionnal 3- Joining a new DC on DOMAIN2 (a Samba4 DC) 4- Joining a new member server for file share (Samba4 member server) Can I use the DOMAIN1 users/groups on this member server ? If I stop the Win2003Server which manage the DOMAIN2, what's happened ? Best regards, Franck Le 08.03.2013, Andrew Bartlett (par Internet) abart...@samba.org a écrit: On Wed, 2013-03-06 at 12:45 +0100, BOTZ Franck (Informaticien) - DDT 67/SG/MGI/CI wrote: Hi ! I want to trust a 2003 domain on my S4 PDC The final is to access shares on 2003 domain How do i do this ? You can join a new Samba 4.0 AD DC to your Windows 2003 domain with 'samba-tool domain join dc'. However, if you are asking about having a domain trust between two different domains, then sorry, you cannot currently trust a Windows domain from a Samba 4.0 AD Domain, or vice versa. This remains a feature we plan to develop, but currently is is not possible. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] S4 : trusting 2003 domain
Hi ! I want to trust a 2003 domain on my S4 PDC The final is to access shares on 2003 domain How do i do this ? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [INTERNET] Re: Samba 4 DC - idmap config on a samba 4 member server
Hello I test your solution but if getent return all users and groups (AD + local), all have the same UID/GID. Strange ... This morning I commented idmap config DDCS67:range = 500-4 and it works !! ADs users/groups idmap config *:backend = tdb idmap config *:range = 7-7 idmap config DDCS67:backend = ad idmap config DDCS67:schema_mode = rfc2307 #idmap config DDCS67:range = 500-4 winbind nss info = rfc2307 winbind trusted domains only = no winbind use default domain = Yes winbind enum users = yes winbind enum groups = yes user1:*:70001:70001:user1l:/data/individuel/DDCS67/user1:/bin/false user2:*:70002:70001:user2:/data/individuel/DDCS67/user2:/bin/false user3:*:70011:70001:user3:/data/individuel/DDCS67/user3:/bin/false administrator:*:70003:70001:Administrator:/data/individuel/DDCS67/administrator:/bin/false user4:*:70004:70001:user4:/data/individuel/DDCS67/user4:/bin/false user5:*:70005:70001:user5:/data/individuel/DDCS67/user5:/bin/false It's good but I don't understand why Franck Le 21/02/2013 08:21, Hervé Hénoch (par Internet) a écrit : Hello Franck I had the same problem. When I removed config in the two lines, getent group worked. idmap config *:backend = tdb idmap config *:range = 70001-8 For the role of idmap you can read : http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html Regards Le 20/02/2013 21:39, BOTZ Franck (Informaticien) - DDT 67/SG/MGI/CI a écrit : Without idmap line, it work too. [global] workgroup = DDCS security = ADS realm = DDCS.LOCAL encrypt passwords = yes # idmap config *:backend = tdb # idmap config *:range = 70001-8 # idmap config DDCS:backend = ad # idmap config DDCS:schema_mode = rfc2307 # idmap config DDCS:range = 500-4 winbind nss info = rfc2307 winbind trusted domains only = no winbind use default domain = yes winbind enum users = yes winbind enum groups = yes What is the really role of idmap's line ? I have of to miss something -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [INTERNET] Re: Samba 4 DC - idmap config on a samba 4 member server
Yes. I compiled samba with this : ./configure --with-ads --with-shared-modules=idmap_ad --enable-debug --enable-selftest --prefix=/samba Le 21/02/2013 12:27, Thomas Simmons (par Internet) a écrit : Did you compile Samba --with-shared-modules=idmap_ad? On Thu, Feb 21, 2013 at 2:21 AM, Hervé Hénoch h.hen...@isc84.org mailto:h.hen...@isc84.org wrote: Hello Franck I had the same problem. When I removed config in the two lines, getent group worked. idmap config *:backend = tdb idmap config *:range = 70001-8 For the role of idmap you can read : http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html Regards Le 20/02/2013 21:39, BOTZ Franck (Informaticien) - DDT 67/SG/MGI/CI a écrit : Without idmap line, it work too. [global] workgroup = DDCS security = ADS realm = DDCS.LOCAL encrypt passwords = yes # idmap config *:backend = tdb # idmap config *:range = 70001-8 # idmap config DDCS:backend = ad # idmap config DDCS:schema_mode = rfc2307 # idmap config DDCS:range = 500-4 winbind nss info = rfc2307 winbind trusted domains only = no winbind use default domain = yes winbind enum users = yes winbind enum groups = yes What is the really role of idmap's line ? I have of to miss something -- Hervé Hénoch Responsable informatique Institut Sainte Catherine 250 chemin de Baigne-Pieds CS 80005 — 84918 AVIGNON cedex 9 Téléphone : 04.90.27.57.44 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [INTERNET] Re: Re: Samba 4 DC - idmap config on a samba 4 member server
Hello I test your solution but if getent return all users and groups (AD + local), all have the same UID/GID. Strange ... This morning I commented idmap config DDCS67:range = 500-4 and it works !! ADs users/groups I am testing idmap_ad as well and I have lot of issue with idmap_ad but I was thinking that it's because I haven't provision with rfc2307 at that time. Perhaps, but how doing that on a member server ? I use provisionning on the first DC (DC1). Next DC2 synchronize itself. For the member, no synchronization biut writing a smb.conf with (or not) the idmap. When you say it work, do you mean that the returned uid/gid are the ones stored in the directorie (uidNumber/gidNumber) ? thanks Yes. Here is the result of a getfacl ./ on a directory on the member server Domain Users, administrator, sg-ci are AD groups. getfacl ./ # file: . # owner: administrator # group: domain\040users user::rwx user:administrator:rwx group::--- group:domain\040users:--- group:domain\040admins:rwx group:sg-ci:rwx mask::rwx other::--- default:user::rwx default:user:administrator:rwx default:group::--- default:group:domain\040users:--- default:group:domain\040admins:rwx default:group:sg-ci:rwx default:mask::rwx default:other::--- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Error in DRS Showrepl
Hi. Here is my problem. I have 2 DC (DC1, DC2) From DC1 I run samba-tool drs showrepl DC1 - INBOUND NEIGHBORS : OK OUTBOUND NEIGHBORS : OK KCC CONNECTION OBJECTS Connection -- Connection name: 179ef6ba-a138-46d7-9a64-880ab4608b04 Enabled: TRUE Server DNS name : DC2.SHORTDOMAIN.LOCAL Server DN name : CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SHORTDOMAIN,DC=LOCAL TransportType: RPC options: 0x0001 Warning: No NC replicated for Connection! - From DC1 I run samba-tool drs showrepl DC2 - INBOUND NEIGHBORS : OK OUTBOUND NEIGHBORS : OK KCC CONNECTION OBJECTS Connection -- Connection name: 27614816-0679-43a7-8c2e-41d36d98930a Enabled: TRUE Server DNS name : DC1.SHORTDOMAIN.LOCAL Server DN name : CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SHORTDOMAIN,DC=LOCAL TransportType: RPC options: 0x0001 Warning: No NC replicated for Connection! - Why those warnings ? From DC2 i run samba-tool drs showrepl DC2 - INBOUND NEIGHBORS : OK OUTBOUND NEIGHBORS : OK KCC CONNECTION OBJECTS Connection -- Connection name: 27614816-0679-43a7-8c2e-41d36d98930a Enabled: TRUE Server DNS name : DC1.SHORTDOMAIN.LOCAL Server DN name : CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SHORTDOMAIN,DC=LOCAL TransportType: RPC options: 0x0001 Warning: No NC replicated for Connection! - From DC2 I run samba-tool drs showrepl DC1 Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for e3514235-4b06-11d1-ab04-00c04fc2dcd2@ncacn_ip_tcp:DC1[1024,seal] NT_STATUS_UNSUCCESSFUL ERROR(class 'samba.drs_utils.drsException'): DRS connection to DC1 failed - drsException: DRS connection to DC1 failed: (-1073741823, 'Undetermined error') File /samba/lib/python2.6/site-packages/samba/netcmd/drs.py, line 39, in drsuapi_connect (ctx.drsuapi, ctx.drsuapi_handle, ctx.bind_supported_extensions) = drs_utils.drsuapi_connect(ctx.server, ctx.lp, ctx.creds) File /samba/lib/python2.6/site-packages/samba/drs_utils.py, line 54, in drsuapi_connect raise drsException(DRS connection to %s failed: %s % (server, e)) What's that ?? Regards Franck -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4 DC - idmap config on a samba 4 member server
Hi I configure a member server as discribe on this page : http://wiki.samba.org/index.php/Samba4/Domain_Member My smb.conf looks like that : [global] workgroup = DDCS security = ADS realm = DDCS.LOCAL encrypt passwords = yes idmap config *:backend = tdb idmap config *:range = 70001-8 idmap config DDCS:backend = ad idmap config DDCS:schema_mode = rfc2307 idmap config DDCS:range = 500-4 winbind nss info = rfc2307 winbind trusted domains only = no winbind use default domain = yes winbind enum users = yes winbind enum groups = yes With this config, wbinfo -u and -g works fine but getent passwd or group don't display AD user or group. I test that : [global] workgroup = DDCS security = ADS realm = YOUR.SAMBA.DOMAIN.NAME encrypt passwords = yes idmap config *:backend = tdb idmap config *:range = 70001-8 idmap config TEST:backend = ad idmap config TEST:schema_mode = rfc2307 idmap config TEST:range = 500-4 winbind nss info = rfc2307 winbind trusted domains only = no winbind use default domain = yes winbind enum users = yes winbind enum groups = yes The workgroup name didn't change but on idmap config I replace DDCS with TEST (or anything else) and the getent commands are yet OK. Why ? Regards Franck -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4 DC - idmap config on a samba 4 member server
Without idmap line, it work too. [global] workgroup = DDCS security = ADS realm = DDCS.LOCAL encrypt passwords = yes # idmap config *:backend = tdb # idmap config *:range = 70001-8 # idmap config DDCS:backend = ad # idmap config DDCS:schema_mode = rfc2307 # idmap config DDCS:range = 500-4 winbind nss info = rfc2307 winbind trusted domains only = no winbind use default domain = yes winbind enum users = yes winbind enum groups = yes What is the really role of idmap's line ? I have of to miss something -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [INTERNET] Re: Samba 4 : File server
Thanks for the answer.
So net join ads work fine
Here is my smb.conf :
[global]
workgroup = DDCS67
security = ADS
realm = DDCS67.INTRA
encrypt passwords = yes
idmap config *:backend = tdb
idmap config *:range = 70001-8
idmap config SHORTDOMAINNAME:backend = ad
idmap config SHORTDOMAINNAME:schema_mode = rfc2307
idmap config SHORTDOMAINNAME:range = 500-4
winbind nss info = rfc2307
winbind trusted domains only = no
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
[test]
path = /samba/test
read only = no
nsswitch.conf
passwd: compat winbind
group: compat winbind
shadow: compat
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc:db files
netgroup: nis
After starting smbd/nmbd/winbindd, I run this
* /samba/bin/wbinfo -t works fine
* /samba/bin/wbinfo -u get the users domain
* /samba/bin/wbinfo -g get the group domain
* getent passwd get local AND ad users
* getent group get local AND ad groups
Next step is to set acl
setfacl with ad group or user works well on the domain member. Looks good !
From an XP, I go to the share \\ddcs67-imp\test and create
subdirectories and files without any problem !
Next I would to manage the share security trough the ADTools.
I see the DDCS67-IMP in the Computers OU.
The share test is available and i can get the properties. I add an AD
group in the security options. The group is resolved and appear in the
list. When I validate the box I got this error: Access Denied
Is It normal ? The ACL on a domain member must be set on the member ?
Regards
Le 11/02/2013 22:51, Andrew Bartlett (par Internet) a écrit :
On Mon, 2013-02-11 at 16:54 +0100, BOTZ Franck (Informaticien) - DDT
67/SG/MGI/CI wrote:
Hi !
I have installed a DC with samba-tool command and it works perfectly !
Control AD with the 2003 tools is very amazing, thanks for the job !
So, my next step is to install a file server as a member of the AD and
not as a DC
I read carfully this one :
https://wiki.samba.org/index.php/Samba4/Domain_Member
Compiling samba :
* ./configure --with-ads --with-shared-modules=idmap_ad
--enable-debug --enable-selftest --prefix=/samba
First of all why --with-ads ? It is not the default feature ?
It is, but what this changes is that the compile will fail (prompting
you to install some development headers, typically) if the right things
are not found. The is very helpful, and long ago I promised to make
that the default behaviour. Sadly I never got around to it.
* make
* make install
The krb5.conf was fill with that :
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = DDCS67.INTRA
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
forwardable = yes
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
What is appsection ? It is not necessary in a DC wich sharing a
directory. But why not.
After that , the smb.conf
I was wondering that the smb.conf must be fill by the hand. For the DC,
running samba-tool command will generate a smb.conf. Before doing this I
search the options of samba-tool and i find this :
samba-tool domain join DDCS67 --realm=DDCS67.intra -U Administrator
Password for [WORKGROUP\Administrator]:
Joined domain DDCS67 (S-1-5-21-1814795784-576591386-2449700327)
Fine, the domain is join !! And the server appear as a Computer in the
MMC. Good !
Let's run /samba/sbin/samba
The log are :
At this time the 'samba' binary should only be used for either: 'server
role = active directory domain controller' or to access the ntvfs file
server with 'server services = +smb' or the rpc proxy with 'dcerpc
endpoint servers = remote'
You should start smbd/nmbd/winbindd instead for domain member and
standalone file server tasks
Is it me or i read the ntvfs is deprecatted ?
So I run the/samba/sbin/smbd, but with no smb.conf the server does not start
Tesparm give me :
Load smb config files from /samba/etc/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
params.c:OpenConfFile() - Unable to open configuration file
/samba/etc/smb.conf:
Can i Genrate a valid smb.conf for a member with samba-tool ?
I do apologise for this not being as integrated as you would expect.
I'm very proud of the new level of ease of use found in 'samba-tool' and
in the AD DC configuration. Sadly while this command will successfully
join you to the domain, it does not currently generate the smb.conf.
You don't need much, just set:
[globals]
server role = domain member
workgroup = DDCS67
realm = DDCS67.intra
BTW
[Samba] Samba 4 : File server
Hi !
I have installed a DC with samba-tool command and it works perfectly !
Control AD with the 2003 tools is very amazing, thanks for the job !
So, my next step is to install a file server as a member of the AD and
not as a DC
I read carfully this one :
https://wiki.samba.org/index.php/Samba4/Domain_Member
Compiling samba :
* ./configure --with-ads --with-shared-modules=idmap_ad
--enable-debug --enable-selftest --prefix=/samba
First of all why --with-ads ? It is not the default feature ?
* make
* make install
The krb5.conf was fill with that :
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = DDCS67.INTRA
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
forwardable = yes
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
What is appsection ? It is not necessary in a DC wich sharing a
directory. But why not.
After that , the smb.conf
I was wondering that the smb.conf must be fill by the hand. For the DC,
running samba-tool command will generate a smb.conf. Before doing this I
search the options of samba-tool and i find this :
samba-tool domain join DDCS67 --realm=DDCS67.intra -U Administrator
Password for [WORKGROUP\Administrator]:
Joined domain DDCS67 (S-1-5-21-1814795784-576591386-2449700327)
Fine, the domain is join !! And the server appear as a Computer in the
MMC. Good !
Let's run /samba/sbin/samba
The log are :
At this time the 'samba' binary should only be used for either: 'server
role = active directory domain controller' or to access the ntvfs file
server with 'server services = +smb' or the rpc proxy with 'dcerpc
endpoint servers = remote'
You should start smbd/nmbd/winbindd instead for domain member and
standalone file server tasks
Is it me or i read the ntvfs is deprecatted ?
So I run the/samba/sbin/smbd, but with no smb.conf the server does not start
Tesparm give me :
Load smb config files from /samba/etc/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
params.c:OpenConfFile() - Unable to open configuration file
/samba/etc/smb.conf:
Can i Genrate a valid smb.conf for a member with samba-tool ?
Regards
Franck Botz
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Cant add admin right to group
Hye, Have yout try to test a unix group without _ underscore caractère ? Best regards Franck -Message d'origine- De : samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] De la part de Pedro Ribeiro Envoyé : vendredi 7 mai 2010 15:57 À : samba@lists.samba.org Objet : [Samba] Cant add admin right to group Im working on a samba server, debian box, samba version 3.2.5-4lenny9 I´ve added some users to the group g_staff, but it seems not to work. Also tried to map the groupmap to unixgroup with command: net groupmap [modify/add] ntgroup=Domain Admins unixgroup=g_staff type=domain and again, cant add admins rights to group g_staff, tried a lot of others stuff, but all of them fails, and just for knowledge, Im migrating the old samba to this new one, with same version samba and box, below follow the smb.conf [global] workgroup = ANY server string = ANY SERVER admin users = @g_staff interfaces = lo, eth0 obey pam restrictions = Yes passdb backend = tdbsam pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . unix password sync = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 name resolve order = lmhosts host wins bcast printcap name = cups logon script = %U.bat logon path = logon drive = H: domain logons = Yes domain master = Yes dns proxy = No panic action = /usr/share/samba/panic-action %d idmap uid = 1-2 idmap gid = 1-2 hosts allow = 127., 146.164.65.64/255.255.255.192 need a bit of help, please, att. Pedrib -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba / ldap problem with cpu load
First of all, I am french. My english is not very good and i am sorry for this ;). One month ago, I have upgrade my server in debian Etch (it was in debian sarge). So now, samba is in 3.0.24 version. My server use samba and ldap. Since this upgrade, i have some problems with cpu loading when the users log on the samba domain (smbd and slapd services). I have take a look at samba log but i don't see anything. After that, i have take a look on the ldap logs in debug level 256. I can see the problem in the logs but i can't explain it, i hope you can help me about it. In the log file, i have this entry thousand of time (2 entry) base=ou=Groups,ou=clg-hugo-gisors,ou=ac-rouen,ou=education,o=gouv,c=fr scope=2 deref=0 filter=((objectClass=sambaGroupMapping)(gidNumber=0)) thanks for your help, bye -- ~~ Franck MOLLE Animateur de Secteur Relais assistance Tice, Louviers-Vernon ~~ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] SambaDomainName strange Ldap authentification
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 hye all, I have a samba server on sid with openldap backend with xp worstations. many services are configured to use ldap authentification (postfix,ftp,squid and samba off course) my sambaDomainName is DOMAINE... Everything work perfectly :) I see in log many lines like : slapd[23331] = bdb_equality_candidates: (uid) not indexed slapd[23331] = bdb_equality_candidates: (memberUid) not indexed slapd[23331] = bdb_equality_candidates: (uniqueMember) not indexed slapd[23331] = bdb_equality_candidates: (giuNumber) not indexed slapd[23331] = bdb_equality_candidates: (sambaSID) not indexed slapd[23331] = bdb_equality_candidates: (sambaGroupType) not indexed slapd[23331] = bdb_equality_candidates: (sambaSIDList) not indexed to clean log of this lines, i have add this lines in my /etc/ldap/sladpd.conf : index uid eq index memberUid eq index uniqueMember eq index gidNumber eq index sambaSID eq index sambaGroupType eq index sambaSIDList eq i have restart ldap and samba i was very surprise to see the automatique creation of a new sambaDomainName i see in phpldapadmin 2 sambaDomainName ! sambaDomainName=DOMAINE and sambaDomainName=WORKGROUP newly created after restart... and all authentification work off...:( no samba authentification ! no proxy ! no ftp ! no mail ! getent passwd seems to be OK but smbldap-usershow admin say : no user !!! very surprisei finally return to my initial configuration. can someone explain it ? what's going on ? logs with not indexed are normal ? or i do a bad index ? regards Franck Dufau -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkk5f9QACgkQrKIazktK/hJVswCfZj5BUxqo714LBUKMBliGFehr vYoAn0SfHDK1A12U3DLy1AbRvwZYWtYn =GPQk -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba ldap how work group ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hye all, i have install samba as PDC with openldap authentification everything work fine. But i want to create différent group with différent privileges on folder How gestion of group work with Openldap authentification because users are not in /etc/passwd and domain group are not in /etc/group !? I don't find information about this... can you help me ? cordialement Franck Dufau -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkkz6gkACgkQrKIazktK/hInmgCdHNXj1rzoT0L8D7g5kYdCkyBX iVEAn0SLop9FZTtAoRODQEGAeLUUbUIc =jWCR -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: RE [Samba] samba ldap how work group ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 hye tks for answer, libnss-ldap.conf libpam-ldap are installed... actualy i have modifie libnss-ldap.conf like this : host 127.0.0.1 base dc=domaine,dc=local uri ldap://127.0.0.1 rootbinddn cn=admin,dc=domaine,dc=local bind_policy soft and pam_ldap.conf like this : host 127.0.0.1 base dc=domaine,dc=local uri ldap://127.0.0.1/ i have modifie too nsswitch.conf like this : passwd: compat ldap group: compat ldap shadow: compat ldap like this win station can use samba pdc with ldap authentification but on the pdc samba server users of domaine can NOT logging !! ldap users are not recognized ! BUT when i do as root getent passwd result looks like OK with my users from domaine !?! What's wrong ? many tanks for time and help... Cordialement Franck Dufau Stéphane PURNELLE wrote: You must configure nss_ldad and pam_ldap. And Linux will see accounts and groups in your ldap tree same as /etc/group . Bien à vous --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 [EMAIL PROTECTED] a écrit sur 01/12/2008 14:43:44 : Hye all, i have install samba as PDC with openldap authentification everything work fine. But i want to create différent group with différent privileges on folder How gestion of group work with Openldap authentification because users are not in /etc/passwd and domain group are not in /etc/group !? I don't find information about this... can you help me ? cordialement Franck Dufau - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkkz8fkACgkQrKIazktK/hLxVACdFpZVCQEeMCvcx+nLq1gKFg1p oKoAn2QNxKcTNrTipUekGoIZW2KiZFMV =s5FS -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: RE [Samba] samba ldap how work group ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 YES posixAccount is in my ldap tree ! perhaps everything is ok in fact ! i need to find a doc for ACL...!!! my pb is all user i create are in group : Domain Users i want to add an new/other group for an user can a user be in many group in ldap ? i don't know how to do this ! cordialement Franck Dufau Stéphane PURNELLE wrote: Have you posixAccount objectclass in your ldap tree? If getent work fine, you can set ACL on group same as you want. Is secure if users cannot connect to samba PDC. --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 franck dufau [EMAIL PROTECTED] 01/12/2008 15:22 A Stéphane PURNELLE [EMAIL PROTECTED] cc samba@lists.samba.org Objet Re: RE [Samba] samba ldap how work group ? hye tks for answer, libnss-ldap.conf libpam-ldap are installed... actualy i have modifie libnss-ldap.conf like this : host 127.0.0.1 base dc=domaine,dc=local uri ldap://127.0.0.1 rootbinddn cn=admin,dc=domaine,dc=local bind_policy soft and pam_ldap.conf like this : host 127.0.0.1 base dc=domaine,dc=local uri ldap://127.0.0.1/ i have modifie too nsswitch.conf like this : passwd: compat ldap group: compat ldap shadow: compat ldap like this win station can use samba pdc with ldap authentification but on the pdc samba server users of domaine can NOT logging !! ldap users are not recognized ! BUT when i do as root getent passwd result looks like OK with my users from domaine !?! What's wrong ? many tanks for time and help... Cordialement Franck Dufau Stéphane PURNELLE wrote: You must configure nss_ldad and pam_ldap. And Linux will see accounts and groups in your ldap tree same as /etc/group . Bien à vous --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 [EMAIL PROTECTED] a écrit sur 01/12/2008 14:43:44 : Hye all, i have install samba as PDC with openldap authentification everything work fine. But i want to create différent group with différent privileges on folder How gestion of group work with Openldap authentification because users are not in /etc/passwd and domain group are not in /etc/group !? I don't find information about this... can you help me ? cordialement Franck Dufau -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkkz+hwACgkQrKIazktK/hJARACfS6HZUu83yVCPPZDskkdDOz7w 8WoAnjHbpWCf8W0tKcEqI5BX2lAM7h3P =oA1T -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: RE [Samba] samba ldap how work group ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 PERFECT ! Many thanks !! Stéphane PURNELLE wrote: look for smbldap account as this URL : https://gna.org/projects/smbldap-tools/ You will find tools for manage user and group in ldap witn same usage than passwd management. You can find here (in french) some ACL information : http://www.linuxplusvalue.be/mylpv.php?id=153 --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 franck dufau [EMAIL PROTECTED] a écrit sur 01/12/2008 15:52:20 : YES posixAccount is in my ldap tree ! perhaps everything is ok in fact ! i need to find a doc for ACL...!!! my pb is all user i create are in group : Domain Users i want to add an new/other group for an user can a user be in many group in ldap ? i don't know how to do this ! cordialement Franck Dufau Stéphane PURNELLE wrote: Have you posixAccount objectclass in your ldap tree? If getent work fine, you can set ACL on group same as you want. Is secure if users cannot connect to samba PDC. --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 franck dufau [EMAIL PROTECTED] 01/12/2008 15:22 A Stéphane PURNELLE [EMAIL PROTECTED] cc samba@lists.samba.org Objet Re: RE [Samba] samba ldap how work group ? hye tks for answer, libnss-ldap.conf libpam-ldap are installed... actualy i have modifie libnss-ldap.conf like this : host 127.0.0.1 base dc=domaine,dc=local uri ldap://127.0.0.1 rootbinddn cn=admin,dc=domaine,dc=local bind_policy soft and pam_ldap.conf like this : host 127.0.0.1 base dc=domaine,dc=local uri ldap://127.0.0.1/ i have modifie too nsswitch.conf like this : passwd: compat ldap group: compat ldap shadow: compat ldap like this win station can use samba pdc with ldap authentification but on the pdc samba server users of domaine can NOT logging !! ldap users are not recognized ! BUT when i do as root getent passwd result looks like OK with my users from domaine !?! What's wrong ? many tanks for time and help... Cordialement Franck Dufau Stéphane PURNELLE wrote: You must configure nss_ldad and pam_ldap. And Linux will see accounts and groups in your ldap tree same as /etc/group . Bien à vous --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 [EMAIL PROTECTED] a écrit sur 01/12/2008 14:43:44 : Hye all, i have install samba as PDC with openldap authentification everything work fine. But i want to create différent group with différent privileges on folder How gestion of group work with Openldap authentification because users are not in /etc/passwd and domain group are not in /etc/group !? I don't find information about this... can you help me ? cordialement Franck Dufau [rattachement franckdufau.vcf supprimé par Stéphane PURNELLE/COR/SOPARIND] -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkkz/8QACgkQrKIazktK/hLLYQCglUJRsyMwVREsIYjd+Dg3laiE 2MUAnjIVT6U5fxc9linXXB0DKRDX3aqS =Imw7 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[SAMBA] Weird Problem with file permissions and samba
Hello Folks, I have a samba server that i use as a file sharing system. I change the old machine for a new Ahtlon X2. Everything was perfect but when i did the installation and attribution ; i have the same problem! The client (WINXP) keeps telling me that he cannot access to my sharing folder due to permissions on the folder. I did a 770 on the folder and the did a chgroup on it. But i still don't know what's happening. I thought at first that it was the password but i can login to the personal folder on the server (the /home folder); but i cannot write on it. If you can take a look on this i will be really appreciated ! Thanks, Franck [global] log file = /var/log/samba/%m.log load printers = no smb ports = 139 prefered master = yes domain master = yes username map = /etc/samba/smbusers dns proxy = no cups options = raw writeable = yes server string = Samba Server local master = yes workgroup = kingnet printcap name = /etc/printcap max log size = 50 guest account = alain [GENERAL] recycle: repository = .deleted/%U recycle: exclude = *.tmp, *.temp, *.log write list = @general recycle: keeptree = yes force directory mode = 770 vfs object = recycle force group = general case sensitive = no recycle: versions = yes path = /data/general/ msdfs proxy = no force create mode = 770 valid users = @general create mode = 770 directory mode = 770 -- Franck -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [SAMBA] Weird Problem with file permissions and samba
Anyone has a clue ? I don't even know where to start Thanks you Franck On 5/7/07, Franck Y [EMAIL PROTECTED] wrote: Hello Folks, I have a samba server that i use as a file sharing system. I change the old machine for a new Ahtlon X2. Everything was perfect but when i did the installation and attribution ; i have the same problem! The client (WINXP) keeps telling me that he cannot access to my sharing folder due to permissions on the folder. I did a 770 on the folder and the did a chgroup on it. But i still don't know what's happening. I thought at first that it was the password but i can login to the personal folder on the server (the /home folder); but i cannot write on it. If you can take a look on this i will be really appreciated ! Thanks, Franck [global] log file = /var/log/samba/%m.log load printers = no smb ports = 139 prefered master = yes domain master = yes username map = /etc/samba/smbusers dns proxy = no cups options = raw writeable = yes server string = Samba Server local master = yes workgroup = kingnet printcap name = /etc/printcap max log size = 50 guest account = alain [GENERAL] recycle: repository = .deleted/%U recycle: exclude = *.tmp, *.temp, *.log write list = @general recycle: keeptree = yes force directory mode = 770 vfs object = recycle force group = general case sensitive = no recycle: versions = yes path = /data/general/ msdfs proxy = no force create mode = 770 valid users = @general create mode = 770 directory mode = 770 -- Franck -- Franck -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[SAMBA] VFS
Hello Folks, i tried to implement the VFS recycle bin But i must be missing something... I've several folders DATA2, DATA1 But it's exactly the same samba definition! I wanted to keep the structure when it's deleted. Thanks for your help ! [global] log file = /var/log/samba/%m.log load printers = no guest account = Tomas smb ports = 139 idmap gid = 16777216-33554431 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 prefered master = yes domain master = yes username map = /etc/samba/smbusers dns proxy = no cups options = raw writeable = yes server string = Samba Server idmap uid = 16777216-33554431 only user = yes local master = yes workgroup = niumin printcap name = /etc/printcap max log size = 50 [DATA2] path = /home/DATA2/ write list = @joe force directory mode = 770 msdfs proxy = no force group = @joe force create mode = 770 create mask = 770 directory mask = 770 user = @joe case sensitive = no vfs object = recycle recycle:touch = True recycle:repository = .deleted/ recycle:keeptree = True recycle: mode = KEEP_DIRECTORIES|VERSIONS recycle:versions = yes recycle: touch = yes recycle: maxsize = 0 recycle: exclude = *.tmp *.temp *.obj ~$* *.$$$ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Xp Home hack + Domain join
Hello fellows, Does anyone of you has found the hack to permit win xp home edition to join a domain controller. I found somewhere on the net a software that does this. But it cost 145 $ US, so like the upgrade... ( the only difference in that i will not give the money to Bill Gates) My problem is with the password modification. Every times someone does change his password, he has to go onto the server and put his password again. If someone found a solution. I m running samba 3.X on a fedora 4. Thanks -- Franck -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Password Xp Home
Hello Everyone, How can i make a password synchronisation between XP Home samba unix ? Is it the fact that Xp home cannot ioin a domain group ? Otherwise do i have to make a domain controler thanks for the help -- Franck -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with crpyt password under XP
hi, i installed samba with openldap support and all works fine ... I used scripts called smbldap_passwd (from idealx) to change the password of users on the linux server. I modified the parameter of the file smbldap.conf hash_encrypt to PLAINTEXT (I know it's dangerous but it's just for test). When i change the user's password with the command smblda_password , the encrpytion's format is good for the 3 following passwords : sambalmpassword,sambantpassword and userPassword.So the userPassword 's format is PLAINTEXT. All is good. But when a user change his password under windows XP or 2000 (ctrl-alt-sup + change password), it's ok but the userpassword 's format has changed .The format is SMD5 and not plaintext. what configuration'file i have to change to keep format plaintext when a user change his password under windows xp/2000? Thanks for your help -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] getpeername failed
Fellows, I need some help regarding this thing!1! I get tons of messages like this ? Can anyone help me with resolving this problem ? Dec 18 13:52:42 constellation smbd[8063]: [2005/12/18 13:52:42, 0] lib/util_sock.c:send_smb(647) Dec 18 13:52:42 constellation smbd[8063]: Error writing 4 bytes to client. -1. (Connection reset by peer) Dec 18 14:00:01 constellation crond(pam_unix)[8126]: session opened for user root by (uid=0) Dec 18 14:00:04 constellation syslogd 1.4.1: restart. Dec 18 14:00:04 constellation crond(pam_unix)[8126]: session closed for user root Dec 18 14:01:01 constellation crond(pam_unix)[8136]: session opened for user root by (uid=0) Dec 18 14:01:02 constellation crond(pam_unix)[8136]: session closed for user root Dec 18 14:24:55 constellation smbd[8333]: [2005/12/18 14:24:55, 0] lib/util_sock.c:get_peer_addr(1150) Dec 18 14:24:55 constellation smbd[8333]: getpeername failed. Error was Transport endpoint is not connected Dec 18 14:24:55 constellation smbd[8333]: [2005/12/18 14:24:55, 0] lib/util_sock.c:write_socket_data(430) Dec 18 14:24:55 constellation smbd[8333]: write_socket_data: write failure. Error = Connection reset by peer Dec 18 14:24:55 constellation smbd[8333]: [2005/12/18 14:24:55, 0] lib/util_sock.c:write_socket(455) Dec 18 14:24:55 constellation smbd[8333]: write_socket: Error writing 4 bytes to socket 24: ERRNO = Connection reset by peer Thanks ! -- Franck -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[SAMBA] getpeername failed
Fellows, I need some help regarding this thing!1! I get tons of messages like this ? Can anyone help me with resolving this problem ? Dec 18 13:52:42 constellation smbd[8063]: [2005/12/18 13:52:42, 0] lib/util_sock.c:send_smb(647) Dec 18 13:52:42 constellation smbd[8063]: Error writing 4 bytes to client. -1. (Connection reset by peer) Dec 18 14:00:01 constellation crond(pam_unix)[8126]: session opened for user root by (uid=0) Dec 18 14:00:04 constellation syslogd 1.4.1: restart. Dec 18 14:00:04 constellation crond(pam_unix)[8126]: session closed for user root Dec 18 14:01:01 constellation crond(pam_unix)[8136]: session opened for user root by (uid=0) Dec 18 14:01:02 constellation crond(pam_unix)[8136]: session closed for user root Dec 18 14:24:55 constellation smbd[8333]: [2005/12/18 14:24:55, 0] lib/util_sock.c:get_peer_addr(1150) Dec 18 14:24:55 constellation smbd[8333]: getpeername failed. Error was Transport endpoint is not connected Dec 18 14:24:55 constellation smbd[8333]: [2005/12/18 14:24:55, 0] lib/util_sock.c:write_socket_data(430) Dec 18 14:24:55 constellation smbd[8333]: write_socket_data: write failure. Error = Connection reset by peer Dec 18 14:24:55 constellation smbd[8333]: [2005/12/18 14:24:55, 0] lib/util_sock.c:write_socket(455) Dec 18 14:24:55 constellation smbd[8333]: write_socket: Error writing 4 bytes to socket 24: ERRNO = Connection reset by peer Thanks ! -- Franck -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
