Re: [Samba] SMB over SSH tunnel
2008/8/11 Wojtek Bogusz [EMAIL PROTECTED] hi. thank you for reply. i enabled connection from firewall to windows server on 137/udp, 138/udp, 139/udp and 139/tcp. i tunnelled 137, 138 and 139 to windows server over SSH in putty. i switched off 'file and printer sharing in MS network' and it does not work? it behaves same way as i described it in my last email (i copy it below your email). any help please? regards, Wojtek Try to enable file and printer sharing, it's needed to use Samba. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Two subnets in one PDC ?
Of course, it is possible. Enable the WINS server on your PDC and tell your clients to use it. This can be achieved in two ways: - setting them up by hand (slow and painful solution, if your network has a lot of hosts) - using DHCP options number 44 and number 46. Option 44 stands for WINS server address, 46 stands for NetBIOS node type. If you use a node type of 8, your clients will use WINS exclusively for NetBIOS name resolution, therefore broadcast traffic will decrease on your network, thus leaving more bandwidth for useful data. If you use dnsmasq, add the following lines to /etc/dnsmasq.conf for each of your DHCP subnet definitions: dhcp-range=192.168.100.0,255.255.255.0,24h dhcp-option=44,192.168.100.1 (substitute this with the address of your PDC) dhcp-option=46,8 dhcp-range=192.168.200.0,255.255.255.0,24h dhcp-option=44,192.168.200.1 (your PDC's IP address) dhcp-option=46,8 The WINS server part of nmbd can be enable with a single option in smb.conf: [global] wins support = Yes That's all you have to do for proper name resolution across subnets. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SMB over SSH tunnel
I think, you have to enable the following UDP ports on your firewall to use Samba: - 137/udp - 138/udp Also, you have to use WINS or DNS to resolve computer names, if you need to. You don't have to enable any other ports to use WINS. DNS runs on ports 53/tcp and 53/udp. Enable these ports on your firewall, and try to connect to your share from the remote machine. This worked for me through a VPN connection, I hope it will work for you, too. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Connection reset by peer
What error message do your users get? The error message you mentioned can be ignored. Sometimes I get the same message, but I have no problems with copying files or logging in to my domain. Please attach your smb.conf file, so that we can see where the problem is and not just guess, what the problem can be. Regards Gergely Kiss -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Joining Samba host to a Windows DOMAIN
You can join your Samba server to your AD domain as a member server. It should work with Samba 3. The basic steps you have to take: 1, Install the Kerberos libraries (I have already tried Heimdal Kerberos, it's known to work) Look for the appropriate client package in your package manager. If you use any recent distribution, this shouldn't be a problem. For example, in Ubuntu, the name of the required package is libkrb5-22-heimdal. Also, make sure you have installed the winbind package (in case it is shipped as a separate package in your distribution). 2, Configure Samba to act as an AD member server: # Lines to add or change in the smb.conf file: [globals] realm = the name of your AD domain security = ADS ldap ssl = No template shell = /bin/bash winbind separator = + idmap uid = 1-2 idmap gid = 1-2 3, Restart Samba daemons and join your server to the domain: net ads join -UAdministrator%password You should get a feedback after issuing this command, which tells you, that your host has been successfully joined to the domain. 4, Enable your system to resolve user and group names using LDAP by editing the following lines in /etc/nsswitch.conf: passwd: files ldap shadow: files ldap group: files ldap It's very important to have a properly configured DNS server on your network and to ensure, that local name resolution works fine on your Samba host. You may read more in chapter 7.3.4 of the Samba 3 By Example guide, which is available at: http://us1.samba.org/samba/docs/man/Samba-Guide/ Best Regards: Gergely Kiss -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba with apps clipper very slow
In my opinion, the reason could be a network overload. Make sure you have a fast network connection (Gigabit Ethernet for backbone connections and Fast Ethernet for connecting your clients to the network), and enable the WINS server of Samba. It will dramatically increase your network performance. It's very easy to implement, just add wins support = Yes to the [global] section of smb.conf and make sure, your clients use the WINS server Samba provides. (Set them up manually, or use DHCP option number 44 to tell them, which name server should they use for NetBIOS name resolution.) Tell us, if you need some help on how to implement this. I see you have some settings regarding file locking. The smb.conf man page says, you should never need to change those parameters by hand. If I was you, I would remove all of the locking options from the config file. Another thing to note: it's not necessary to set socket options manually, in case you use a recent kernel (I assume, you have some Linux OS running on your server). I've just read in the smb.conf man page regarding level2 oplocks: It is recommended that this parameter be turned on to speed access to shared executables. Probably this will be the key for your problem, if I understood you right. Regardless, that it helped or not, it is still a good idea to segment your network and use WINS for name resolution. 2008/7/29 Alejandro Paredes [EMAIL PROTECTED] Hello. I have an app running on a clipper Samba version 3.02319121616102 . In my network there are approximately 80 clients Win98 and 20 clients NT-XP. By connecting customers begins to degrade the performance of the app very slow getting around. Any help? Thank you. Deputy smb.conf. Hola. Tengo una app en clipper ejecutándose sobre Samba version 3.02319121616102 . En mi red hay aproximadamente 80 clientes Win98 y 20 clientes NT-XP. Al conectarse los clientes comienza a degradarse la performance de la app poniéndose muy lento todo. Alguna ayuda? Gracias. Adjunto smb.conf. # Samba config file # Date: 2008/07/29 10:50:03 [global] workgroup = UEPC netbios name = MENDIETA server string = Samba Server security = user null passwords = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *Retype*new*UNIX*password* %n\n *Enter*new*UNIX*password* %n\n *Retype*new*UNIX*password* %n\n *passwd: *all*authentication*tokens*updated*successfully* passwd chat debug = Yes unix password sync = Yes log level = 1 log file = /var/log/samba/%m.log max log size = 50 socket options = IPTOS_LOWDELAY TCP_NODELAY SO_KEEPALIVE SO_RCVBUF=32768 SO_SNDBUF=32768 printcap name = cups logon script = %G.bat domain logons = Yes os level = 64 domain master = Yes time server = Yes dns proxy = No wins support = Yes idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 winbind trusted domains only = Yes admin users = @adm cups options = raw interfaces = 10.1.3.2/16 127.0.0.1 bind interfaces only = Yes kernel oplocks = No level2 oplocks = No lock spin count = 50 lock spin time = 25 oplocks = No add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$ local master = Yes preferred master = Yes [homes] comment = Home Directories read only = No browseable = No [netlogon] comment = Network Logon Service path = /home/netlogon force user = root force group = root read only = No guest ok = Yes browseable = No share modes = No write list = root [printers] comment = All Printers path = /usr/spool/samba printable = Yes browseable = No [sistemas] comment = Sistemas de UEPC writeable = yes path = /sistemas write list = @autorizador,@optica,@faradm,@fardep,@fardom,@farinv,@farvta,@sistemas,@csrecodo [autorizador] browseable = no comment = Autorizador para Imed writable = yes path = /sistemas/farmacia [compartido] comment = Para transferencia de archivos en la red browseable = no writable = yes path = /sistemas/compartido [cola_sistemas] comment = Cola de Impres. del Depto. Sistemas path = /sistemas guest ok = Yes printable = Yes use client driver = Yes force printername = Yes [cola_optica] comment = Cola de Impresion de Optica path = /sistemas guest ok = Yes printable = Yes use client driver = Yes force printername = Yes [cola_faradm] comment = Cola de Impresion de Administracion de Farmacia path = /sistemas
Re: [Samba] Mutli-Homed Subnetting - Advice please
Hi Jools, I'm not an expert of this, but I have some ideas: 1, WINS was made exactly, what you would like to use it for. I should not cause any problems, if you split your network to multiple subnets (as long as you modify your firewall scripts according to the new topology). WINS is part of nmbd, so if you set wins support = Yes in your smb.conf file, you will have a working WINS server on every interface you have nmdb listening on. Just configure your DHCP server to give the WINS server address to the clients (DHCP option no. 44) and WINS name resolution should work from that on. Also, setting NetBIOS node type to P-mode is a good idea (DHCP option no. 46, set it to a value of 8). That way none of your clients will ever try to broadcast any name resolution requests, they will send them immediately to the WINS server, therefore causing less bandwidth usage. 2, I'm not an expert of this, but probably NFS would be the correct solution. Dedicating a Gigabit Ethernet connection to this purpose should be enough for ~300 users, I think. I don't know too much about NFS drives, but as far as I know, you can mount and use an NFS drive as if it were on the local computer. You can read more about the NFS protocol on this site: http://en.wikipedia.org/wiki/Network_File_System_(protocol) 3, Create logon scripts for each group and add a command to the scripts like this: net use Z: %LOGONSERVER%\share_name Append the following line to the [global] section of smb.conf: logon script = %G.bat That way, during a user logon, the appropriate logon script will be run on the client machine. (I have never tried it yet, but it should work). I hope, I could help you a bit. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind problem
[global] server string = Samba Proxy password server = win2003test security = domain encrypt passwords = yes workgroup = TEST.LOCAL winbind separator = @ template homedir = /home/%D/%U template shell = /bin/bash winbind uid = 1-2 winbind gid = 1-2 winbind enum users = yes winbind enum groups = yes log file = /var/log/samba/%m.log max log size = 50 socket options = TCP_NODELAY realm = TEST.LOCAL You must use security = ads to join an Active Directory domain. Read the smb.conf man page for more information. Also, make sure, that you have the Kerberos libraries installed on your Debian machine (Heimdal or MIT). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems to join domain (clients XP send false SID !)
First of all, try to re-join the machine to your domain. Add the machines to a local workgroup (you can assign any name to it), then, after a reboot, try to rejoin the machines to your domain. If this doesn't help, check user data in the LDAP database: id username you should see something like this: uid=10001(administrator) gid=512(Domain Admins) groups=512(Domain Admins),513(Domain Users) Check if the gid is: 512 for Domain Administrators 513 for Domain Users 514 for Domain Guests This is very important, because Windows determines the primary group based on the group id (for example, if you log in to your domain as the root user, you won't get administrator privileges on the local computer, because the group ID for root is always zero). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] help
Check, if user nobody has at least read access to /home/Guest. If not, then it must be the reason, why you get an access denied error message (you cannot access a child directory, if you don't have at least read access to the parent directory). Chown the directory /home/Guest as nobody:root or give read permission to other users (chmod o+r /home/Guest). Regards Gergely Kiss -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba group rights problem (Domain Admins not working)
Could you please post your config files (/etc/samba/smb.conf, /etc/ldap.conf, /etc/ldap/slapd.conf, /etc/smbldap-tools/smbldap.conf, smbldap_bind.conf)? Try to set loglevel 256 in slapd.conf and log level = 10 in smb.conf, and check messages in syslog while logging in as an administrative user. There should be at least one error message in the log, which will tell you what causes this strange problem. 2008/7/23 Jeroen Vriesman [EMAIL PROTECTED]: Thanks for the reply, I did check that, I should have posted that in the original mail. The group ends with -512, and, has gid 512, my 'administrator' account is called root, but this is about the members of the 'Domain Admins group, the group maps to 'Domain Admins' (I use pam/nssldap config, where 'getent group' shows all the ldap groups as local groups, so the map is ok by default). Before the ldap upgrade it worked, and the ldap data is exactly the same. So I'm a bit lost, I do have the schema with sambaSID SUB and a sub index on sambaSID, the schema's are also the same as in the old situation. cheers, Jeroen. On Tue, Jul 22, 2008 at 8:02 PM, kissg [EMAIL PROTECTED] wrote: Check the GID of your Domain Admins group. It should end with 512 and should be mapped to a UNIX group which have a GID of the same value. If it's anything else, that can be a reason why your admin users actually don't have administrator rights on the client machines. Run the following command to see how your group mappings look like: net groupmap list You should see the number 512 at the end of the Domain Admins SID. After you have verified, that your Domain Admins group has the appropriate SID, check the UID and GID of an administrative user, for example: id administrator You should see gid=512 in the output of the command. Regards Gergely Kiss 2008/7/22 Jeroen Vriesman [EMAIL PROTECTED]: Hi list, after upgrading our ldap server, the Domain Admins group doesn't work anymore. Members of the domain admins group don't have any special rights on the workstations (for example, they cannot even change the date of a machine in the domain anymore). When I lookup the group members I get: [EMAIL PROTECTED]:/etc/samba# net rpc group members 'Domain Admins' Password: HIVOS.NL\root HIVOS.NL\foctaaf HIVOS.NL\lhilarides HIVOS.NL\administrator HIVOS.NL\executor HIVOS.NL\fbodijn HIVOS.NL\psomer HIVOS.NL\jvriesman And the rights of the group: [EMAIL PROTECTED]:/etc/samba# net rpc rights list 'Domain Admins' Password: SeMachineAccountPrivilege SeRemoteShutdownPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege That seems ok, but when I lookup the rights of a member of the Domain Admins group: [EMAIL PROTECTED]:/etc/samba# net rpc rights list 'HIVOS.NL\jvriesman' Password: SeAddUsersPrivilege [EMAIL PROTECTED]:/etc/samba# net rpc rights list 'HIVOS.NL\psomer' Password: nothing here Any idea why members of the Domain Admin group do not get the rights of the group? cheers, Jeroen. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba group rights problem (Domain Admins not working)
By the way, it can be a bug in the new version of OpenLDAP, or a permission problem (Samba is unable to read a required attribute etc.). Check the OpenLDAP list, or post a bugreport, if you haven't already done so. 2008/7/23 Jeroen Vriesman [EMAIL PROTECTED]: Thanks for the reply, I did check that, I should have posted that in the original mail. The group ends with -512, and, has gid 512, my 'administrator' account is called root, but this is about the members of the 'Domain Admins group, the group maps to 'Domain Admins' (I use pam/nssldap config, where 'getent group' shows all the ldap groups as local groups, so the map is ok by default). Before the ldap upgrade it worked, and the ldap data is exactly the same. So I'm a bit lost, I do have the schema with sambaSID SUB and a sub index on sambaSID, the schema's are also the same as in the old situation. cheers, Jeroen. On Tue, Jul 22, 2008 at 8:02 PM, kissg [EMAIL PROTECTED] wrote: Check the GID of your Domain Admins group. It should end with 512 and should be mapped to a UNIX group which have a GID of the same value. If it's anything else, that can be a reason why your admin users actually don't have administrator rights on the client machines. Run the following command to see how your group mappings look like: net groupmap list You should see the number 512 at the end of the Domain Admins SID. After you have verified, that your Domain Admins group has the appropriate SID, check the UID and GID of an administrative user, for example: id administrator You should see gid=512 in the output of the command. Regards Gergely Kiss 2008/7/22 Jeroen Vriesman [EMAIL PROTECTED]: Hi list, after upgrading our ldap server, the Domain Admins group doesn't work anymore. Members of the domain admins group don't have any special rights on the workstations (for example, they cannot even change the date of a machine in the domain anymore). When I lookup the group members I get: [EMAIL PROTECTED]:/etc/samba# net rpc group members 'Domain Admins' Password: HIVOS.NL\root HIVOS.NL\foctaaf HIVOS.NL\lhilarides HIVOS.NL\administrator HIVOS.NL\executor HIVOS.NL\fbodijn HIVOS.NL\psomer HIVOS.NL\jvriesman And the rights of the group: [EMAIL PROTECTED]:/etc/samba# net rpc rights list 'Domain Admins' Password: SeMachineAccountPrivilege SeRemoteShutdownPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege That seems ok, but when I lookup the rights of a member of the Domain Admins group: [EMAIL PROTECTED]:/etc/samba# net rpc rights list 'HIVOS.NL\jvriesman' Password: SeAddUsersPrivilege [EMAIL PROTECTED]:/etc/samba# net rpc rights list 'HIVOS.NL\psomer' Password: nothing here Any idea why members of the Domain Admin group do not get the rights of the group? cheers, Jeroen. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Acess from windows to share get closed..
Printers path = /var/spool/samba browseable = yes guest ok = yes writable = yes printable = yes # Un-comment the following and create the netlogon directory for Domain Logons ; [netlogon] ; comment = Network Logon Service ; path = /var/lib/samba/netlogon ; guest ok = yes ; writable = no ; share modes = no # Un-comment the following to provide a specific roving profile share # the default is to use the user's home directory ; [Profiles] ; path = /var/lib/samba/profiles ; browseable = no ; guest ok = yes # A publicly accessible directory, but read only, except for people in # the staff group ; [public] ; comment = Public Stuff ; path = /home/samba ; public = yes ; writable = yes ; printable = no ; write list = +staff [F] comment = Server Linux path = /F writeable = yes ; browseable = yes guest ok = yes oplocks = yes level2 oplocks = no - Original Message - *From:* kissg [EMAIL PROTECTED] *To:* Tito [EMAIL PROTECTED] *Cc:* samba@lists.samba.org *Sent:* Tuesday, July 22, 2008 6:45 PM *Subject:* Re: [Samba] Acess from windows to share get closed.. It's because PAM rejects user nobody. Adding the following line to the [global] section of /etc/samba/smb.conf should help: obey pam restrictions = No Try it, and see what happens. By the way, it's always a good idea to attach your config files if you experience problems. It's much easier to help, if we can see how your configuration looks like. Regards Gergely Kiss 2008/7/22 Tito [EMAIL PROTECTED]: I'm using FC8 Server with Samba 3.0.30-fc8 and have an erratic problem assecing the share. I have a Share that every one can acess and I use the nobody user to acess everithing without any problem, and from time to time when user tries to acess a file the share gets closed, than we have to resart the machine and it goes wel again. the log for one user is below why does it closes the conection? and what can be done ? [2008/07/16 17:41:22, 1] smbd/service.c:close_cnum(1230) carlap (192.168.6.114) closed connection to service HPArma [2008/07/16 17:41:22, 1] smbd/service.c:close_cnum(1230) carlap (192.168.6.114) closed connection to service F [2008/07/17 07:48:34, 1] smbd/service.c:make_connection_snum(1033) carlap (192.168.6.114) connect to service HPArma initially as user nobody (uid=99, gid=99) (pid 6337) [2008/07/17 07:48:36, 0] auth/pampass.c:smb_pam_passcheck(809) smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User nobody ! [2008/07/17 07:48:36, 1] smbd/service.c:make_connection_snum(1033) carlap (192.168.6.114) connect to service F initially as user nobody (uid=99, gid=99) (pid 6337) [2008/07/17 07:48:38, 0] auth/pampass.c:smb_pam_passcheck(809) smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User nobody ! [2008/07/17 09:51:49, 1] smbd/service.c:close_cnum(1230) carlap (192.168.6.114) closed connection to service F [2008/07/17 09:51:49, 1] smbd/service.c:close_cnum(1230) carlap (192.168.6.114) closed connection to service HPArma [2008/07/17 09:55:09, 1] smbd/service.c:make_connection_snum(1033) carlap (192.168.6.114) connect to service HPArma initially as user nobody (uid=99, gid=99) (pid 6660) [2008/07/17 09:55:11, 0] auth/pampass.c:smb_pam_passcheck(809) smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User nobody ! [2008/07/17 09:55:11, 1] smbd/service.c:make_connection_snum(1033) carlap (192.168.6.114) connect to service F initially as user nobody (uid=99, gid=99) (pid 6660) [2008/07/17 09:55:13, 0] auth/pampass.c:smb_pam_passcheck(809) smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User nobody ! [2008/07/17 14:19:39, 1] smbd/service.c:close_cnum(1230) carlap (192.168.6.114) closed connection to service F [2008/07/17 14:19:39, 1] smbd/service.c:close_cnum(1230) carlap (192.168.6.114) closed connection to service HPArma [2008/07/17 14:26:26, 1] smbd/service.c:make_connection_snum(1033) carlap (192.168.6.114) connect to service HPArma initially as user nobody (uid=99, gid=99) (pid 7199) [2008/07/17 14:26:28, 0] auth/pampass.c:smb_pam_passcheck(809) smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User nobody ! [2008/07/17 14:26:28, 1] smbd/service.c:make_connection_snum(1033) carlap (192.168.6.114) connect to service F initially as user nobody (uid=99, gid=99) (pid 7199) [2008/07/17 14:26:30, 0] auth/pampass.c:smb_pam_passcheck(809) smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User nobody ! [2008/07/17 16:46:04, 1] smbd/service.c:close_cnum(1230) carlap (192.168.6.114) closed connection to service HPArma [2008/07/17 16:46:04, 1] smbd/service.c:close_cnum(1230) carlap (192.168.6.114) closed connection to service F [2008/07/18 07:39:38, 1] smbd/service.c:make_connection_snum(1033) carlap (192.168.6.114) connect to service HPArma initially as user nobody (uid=99, gid=99) (pid 10523) [2008/07/18 07:39:44, 0] auth/pampass.c:smb_pam_passcheck(809) smb_pam_passcheck
Re: [Samba] domain user part of unix group problem
I'm not sure about it, but probably your user should be a member of the squid group, as its primary group. But that way, Windows wouldn't let the user to log in to the system... Another option could be to leave the original permissions alone and copy the log file to a Samba share (for example, your home directory or a share which is only accessible to the members of the Domain Admins group). Create a cron job which does this every minute, or every 5 minutes.. as often as you like (but not too often, because as you may know, log files like growing huge in size). -rw-rw 1 username Domain Admins 17M Jul 23 02:59 access.log Well, it's just an idea, I'm not an expert, but would like to help. Regards Gergely Kiss 2008/7/23 Elvar [EMAIL PROTECTED]: Hello, I'm trying to allow a specific windows user to be able to access a samba share which points to the /var/log/squid directory on my squid proxy server and read the access.log files there. The permissions on the access.log file are below... -rw-r- 1 squid squid 17M Jul 23 02:59 access.log Now, I've tried adding the name of the domain users account to the unix group squid but I'm still getting access denied errors. If I chmod 644 the access.log then the windows user can read the file fine but I'm trying to avoid 644 and stick to 640. If I 'chown squid:Domain Admins access.log' then the user can also access it that way but again, I'd prefer to keep it squid:squid. How is it that I can successfully make the domain user read the access.log file successfully as a member of the unix group squid with the permissions listed above? Winbind is functioning properly and all of the standard tests succeed such as wbinfo -g, wbinfo -u etc. Kind regards, Elvar -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Acess from windows to share get closed..
It's because PAM rejects user nobody. Adding the following line to the [global] section of /etc/samba/smb.conf should help: obey pam restrictions = No Try it, and see what happens. By the way, it's always a good idea to attach your config files if you experience problems. It's much easier to help, if we can see how your configuration looks like. Regards Gergely Kiss 2008/7/22 Tito [EMAIL PROTECTED]: I'm using FC8 Server with Samba 3.0.30-fc8 and have an erratic problem assecing the share. I have a Share that every one can acess and I use the nobody user to acess everithing without any problem, and from time to time when user tries to acess a file the share gets closed, than we have to resart the machine and it goes wel again. the log for one user is below why does it closes the conection? and what can be done ? [2008/07/16 17:41:22, 1] smbd/service.c:close_cnum(1230) carlap (192.168.6.114) closed connection to service HPArma [2008/07/16 17:41:22, 1] smbd/service.c:close_cnum(1230) carlap (192.168.6.114) closed connection to service F [2008/07/17 07:48:34, 1] smbd/service.c:make_connection_snum(1033) carlap (192.168.6.114) connect to service HPArma initially as user nobody (uid=99, gid=99) (pid 6337) [2008/07/17 07:48:36, 0] auth/pampass.c:smb_pam_passcheck(809) smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User nobody ! [2008/07/17 07:48:36, 1] smbd/service.c:make_connection_snum(1033) carlap (192.168.6.114) connect to service F initially as user nobody (uid=99, gid=99) (pid 6337) [2008/07/17 07:48:38, 0] auth/pampass.c:smb_pam_passcheck(809) smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User nobody ! [2008/07/17 09:51:49, 1] smbd/service.c:close_cnum(1230) carlap (192.168.6.114) closed connection to service F [2008/07/17 09:51:49, 1] smbd/service.c:close_cnum(1230) carlap (192.168.6.114) closed connection to service HPArma [2008/07/17 09:55:09, 1] smbd/service.c:make_connection_snum(1033) carlap (192.168.6.114) connect to service HPArma initially as user nobody (uid=99, gid=99) (pid 6660) [2008/07/17 09:55:11, 0] auth/pampass.c:smb_pam_passcheck(809) smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User nobody ! [2008/07/17 09:55:11, 1] smbd/service.c:make_connection_snum(1033) carlap (192.168.6.114) connect to service F initially as user nobody (uid=99, gid=99) (pid 6660) [2008/07/17 09:55:13, 0] auth/pampass.c:smb_pam_passcheck(809) smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User nobody ! [2008/07/17 14:19:39, 1] smbd/service.c:close_cnum(1230) carlap (192.168.6.114) closed connection to service F [2008/07/17 14:19:39, 1] smbd/service.c:close_cnum(1230) carlap (192.168.6.114) closed connection to service HPArma [2008/07/17 14:26:26, 1] smbd/service.c:make_connection_snum(1033) carlap (192.168.6.114) connect to service HPArma initially as user nobody (uid=99, gid=99) (pid 7199) [2008/07/17 14:26:28, 0] auth/pampass.c:smb_pam_passcheck(809) smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User nobody ! [2008/07/17 14:26:28, 1] smbd/service.c:make_connection_snum(1033) carlap (192.168.6.114) connect to service F initially as user nobody (uid=99, gid=99) (pid 7199) [2008/07/17 14:26:30, 0] auth/pampass.c:smb_pam_passcheck(809) smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User nobody ! [2008/07/17 16:46:04, 1] smbd/service.c:close_cnum(1230) carlap (192.168.6.114) closed connection to service HPArma [2008/07/17 16:46:04, 1] smbd/service.c:close_cnum(1230) carlap (192.168.6.114) closed connection to service F [2008/07/18 07:39:38, 1] smbd/service.c:make_connection_snum(1033) carlap (192.168.6.114) connect to service HPArma initially as user nobody (uid=99, gid=99) (pid 10523) [2008/07/18 07:39:44, 0] auth/pampass.c:smb_pam_passcheck(809) smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User nobody ! [2008/07/18 07:39:44, 1] smbd/service.c:make_connection_snum(1033) carlap (192.168.6.114) connect to service F initially as user nobody (uid=99, gid=99) (pid 10523) [2008/07/18 07:39:46, 0] auth/pampass.c:smb_pam_passcheck(809) smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User nobody ! [2008/07/18 17:00:48, 1] smbd/service.c:close_cnum(1230) carlap (192.168.6.114) closed connection to service HPArma [2008/07/18 17:00:48, 1] smbd/service.c:close_cnum(1230) carlap (192.168.6.114) closed connection to service F [2008/07/21 07:50:46, 1] smbd/service.c:make_connection_snum(1033) carlap (192.168.6.114) connect to service HPArma initially as user nobody (uid=99, gid=99) (pid 5759) [2008/07/21 07:50:49, 0] auth/pampass.c:smb_pam_passcheck(809) smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User nobody ! [2008/07/21 07:50:49, 1] smbd/service.c:make_connection_snum(1033) carlap (192.168.6.114) connect to service F initially as user nobody (uid=99, gid=99) (pid 5759) [2008/07/21 07:50:51, 0]
Re: [Samba] samba group rights problem (Domain Admins not working)
Check the GID of your Domain Admins group. It should end with 512 and should be mapped to a UNIX group which have a GID of the same value. If it's anything else, that can be a reason why your admin users actually don't have administrator rights on the client machines. Run the following command to see how your group mappings look like: net groupmap list You should see the number 512 at the end of the Domain Admins SID. After you have verified, that your Domain Admins group has the appropriate SID, check the UID and GID of an administrative user, for example: id administrator You should see gid=512 in the output of the command. Regards Gergely Kiss 2008/7/22 Jeroen Vriesman [EMAIL PROTECTED]: Hi list, after upgrading our ldap server, the Domain Admins group doesn't work anymore. Members of the domain admins group don't have any special rights on the workstations (for example, they cannot even change the date of a machine in the domain anymore). When I lookup the group members I get: [EMAIL PROTECTED]:/etc/samba# net rpc group members 'Domain Admins' Password: HIVOS.NL\root HIVOS.NL\foctaaf HIVOS.NL\lhilarides HIVOS.NL\administrator HIVOS.NL\executor HIVOS.NL\fbodijn HIVOS.NL\psomer HIVOS.NL\jvriesman And the rights of the group: [EMAIL PROTECTED]:/etc/samba# net rpc rights list 'Domain Admins' Password: SeMachineAccountPrivilege SeRemoteShutdownPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege That seems ok, but when I lookup the rights of a member of the Domain Admins group: [EMAIL PROTECTED]:/etc/samba# net rpc rights list 'HIVOS.NL\jvriesman' Password: SeAddUsersPrivilege [EMAIL PROTECTED]:/etc/samba# net rpc rights list 'HIVOS.NL\psomer' Password: nothing here Any idea why members of the Domain Admin group do not get the rights of the group? cheers, Jeroen. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Error setting initial password for a user when using LDAP as backend and trying to set Samba and Unix password to the same value
Could you please try what happens if you set admin dn in smb.conf to your LDAP administrator account? In my opinion, it would be better to use the scripts provided by smbldap-tools to change unix account information, and let Samba to handle the rest of the attributes. That way, use of the passwd sync setting would be unnecessary. I'm attaching my config files, try to set up your configuration according to them. I don't have such problems like you, my DC works wonderfully with an LDAP backend. Regards Gergely Kiss, Hungary 2008/7/20 Jörg Spilker [EMAIL PROTECTED]: Hello, i´ve some problems setting the initial password for Windows and Unix User with Samba configured to use LDAP as backend. I´ve attached the configuration files and the errors. Creating a new user with net rpc user add xyz is working without problem. Using for example GQ as LDAP browser, i can see the account and also getent passwd is showing the entry. I´ve activated ldap passwd sync = yes which should update NT Password and unix password. I´ve set the password for the ldap admin dn with smbpasswd -W. However when issuing the command smbpasswd xyz i got the attached error message. I´m not sure why, because i´ve difficulties to read the ldap debug information. I know that error 50 means insufficient privileges. But when i remove the passwd sync = yes commandline, smbpasswd updates the NT Password without problems. What is wrong? Greetings, Joerg # Sample access control policy: # Root DSE: allow anyone to read it # Subschema (sub)entry DSE: allow anyone to read it # Other DSEs: # Allow self write access to user password # Allow anonymous users to authenticate # Allow read access to everything else # Directives needed to implement policy: access to dn.base= by dn=cn=samba,dc=jetsys,dc=de write by * read access to dn.base=cn=Subschema by * read access to attrs=userPassword,userPKCS12 by self write by * auth access to attrs=shadowLastChange by self write by * read access to * by dn=cn=samba,dc=jetsys,dc=de write by * read [global] log level = all:10 workgroup = JETSYS security = user domain logons = yes domain master = yes wins support = yes passdb backend = ldapsam ldap admin dn = cn=samba,dc=jetsys,dc=de ldap suffix = dc=jetsys,dc=de ldap user suffix = ou=users ldap group suffix = ou=groups ldap machine suffix = ou=computers ldap idmap suffix = ou=idmaps ldap passwd sync = yes ldapsam:trusted = yes ldapsam:editposix = yes idmap domains = JETSYS idmap alloc backend = ldap idmap alloc config:ldap_base_dn = ou=idmap,dc=jetsys,dc=de idmap alloc config:ldap_user_dn = cn=samba,dc=jetsys,dc=de idmap alloc config:ldap_url = ldap://localhost idmap alloc config:range = 5-50 Jul 20 18:35:56 [EMAIL PROTECTED] slapd[3134]: conn=9 op=3 SRCH base=dc=jetsys,dc=de scope=2 deref=0 filter=((uid=js)(objectClass=sambaSamAccount)) Jul 20 18:35:56 [EMAIL PROTECTED] slapd[3134]: conn=9 op=3 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp uidNumber Jul 20 18:35:56 [EMAIL PROTECTED] slapd[3134]: = bdb_equality_candidates: (uid) not indexed Jul 20 18:35:56 [EMAIL PROTECTED] slapd[3134]: conn=9 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text= Jul 20 18:35:56 [EMAIL PROTECTED] slapd[3134]: conn=9 op=4 SRCH base=sambaDomainName=JETSYS,dc=jetsys,dc=de scope=0 deref=0 filter=(objectClass=*) Jul 20 18:35:56 [EMAIL PROTECTED] slapd[3134]: conn=9 op=4 SRCH attr=sambaPwdHistoryLength Jul 20 18:35:56 [EMAIL PROTECTED] slapd[3134]: conn=9 op=4 SEARCH RESULT tag=101 err=0 nentries=1 text= Jul 20 18:35:56 [EMAIL PROTECTED] slapd[3134]: conn=9 op=5 SRCH base=sambaDomainName=JETSYS,dc=jetsys,dc=de scope=0 deref=0 filter=(objectClass=*) Jul 20 18:35:56 [EMAIL PROTECTED] slapd[3134]: conn=9 op=5 SRCH attr=sambaMaxPwdAge Jul 20 18:35:56 [EMAIL PROTECTED] slapd[3134]: conn=9 op=5 SEARCH RESULT tag=101 err=0 nentries=1 text= Jul 20 18:35:56 [EMAIL PROTECTED] slapd[3134]: conn=9 op=6 SRCH base=ou=groups,dc=jetsys,dc=de scope=2 deref=0 filter=((objectClass=sambaGroupMapping)(gidNumber=5)) Jul 20 18:35:56 [EMAIL PROTECTED] slapd[3134]: conn=9 op=6 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn
Re: [Samba] WINS name resolution doesn't work
Thanks for your answer. I played with my network (I can do it, because it is only for testing and learning purposes) and found the followings: My Windows client do use the WINS server specified, it seems, the only problem is, that my PDC somehow forgets to register itself in WINS. Look what I get if I try to join the client to my domain (the client is on a different subnet as Samba is listening on): 07/19 22:51:41 NetpDoDomainJoin 07/19 22:51:41 NetpMachineValidToJoin: 'WINXP-CLIENT' 07/19 22:51:41 NetpGetLsaPrimaryDomain: status: 0x0 07/19 22:51:41 NetpMachineValidToJoin: status: 0x0 07/19 22:51:41 NetpJoinDomain 07/19 22:51:41 Machine: WINXP-CLIENT 07/19 22:51:41 Domain: universe 07/19 22:51:41 MachineAccountOU: (NULL) 07/19 22:51:41 Account: universe\rendszergazda 07/19 22:51:41 Options: 0x27 07/19 22:51:41 OS Version: 5.1 07/19 22:51:41 Build number: 2600 07/19 22:51:41 ServicePack: Szervizcsomag 2 07/19 22:51:41 NetpValidateName: checking to see if 'universe' is valid as type 3 name 07/19 22:51:42 NetpCheckDomainNameIsValid [ Exists ] for 'universe' returned 0x0 07/19 22:51:42 NetpValidateName: name 'universe' is valid for type 3 07/19 22:51:42 NetpDsGetDcName: trying to find DC in domain 'universe', flags: 0x1020 07/19 22:51:49 NetpDsGetDcName: found DC '\\LEMONTREE' in the specified domain 07/19 22:51:49 NetUseAdd to \\LEMONTREE\IPC$ returned 53 07/19 22:51:49 NetpJoinDomain: status of connecting to dc '\\LEMONTREE': 0x35 07/19 22:51:49 NetpDoDomainJoin: status: 0x35 So, according to this, the WINS server of Samba works okay (the client found the domain), but it cannot resolve the name of my PDC for some reason. So this must be a server-side problem. Am I right? I'm going to check the logfiles on my PDC thoroughly and tell you what I found. 2008/7/19 satish patel [EMAIL PROTECTED]: This is a big problem with samba 3.x because it's use NetBIOS for domain logon. DNS is not supported on samba 3.x because Samba 3.x working on NT.4 technology and its only support Netbios domain name. If you want to use DNS with Samba then you should go for Samba 4.0 it's base on Windows 2003 technology and working like Active Directory. I am also working on samba 4.x but still it in beta test not for production. $ cat ~/satish/url.txt http://www.linuxbug.org _ --- On *Fri, 18/7/08, kissg [EMAIL PROTECTED]* wrote: From: kissg [EMAIL PROTECTED] Subject: [Samba] WINS name resolution doesn't work To: samba@lists.samba.org Date: Friday, 18 July, 2008, 8:20 PM I've set up my Samba PDC to act as a WINS server, because I need remote access to it (through a VPN connection). I put wins support = Yes into the smb.conf file. As far as I know, WINS doesn't use a unique port number, so enabling the usual NetBIOS ports (137/udp, 138/udp, 139/tcp) on the firewall should be enough to make WINS work. I did this already. I tried to connect to a share on my PDC through a VPN connection. My VPN server properly sends the address of the WINS server, that's sure, I can see the correct address in the output of ipconfig /all. smdb and nmdb are bound to the wildcard address to accept connections from ppp interfaces created on the fly. Everything seems to work correctly, but my clients cannot use NetBIOS names, when connecting to a share. Connecting to the server by its IP address works with no problem. I am creative, so I decided to disable WINS and use DNS instead. After that, name resolution worked wonderfully. But it's not that easy... by using DNS, my PDC is not able to resolve the netbios names of remote clients, because they don't register their names in DNS when connecting. Is there any way to use WINS on VPN clients? It seems, that Windows silently ignores my WINS server and only tries to resolve names with broadcasting, which is of course not possible through a PPP connection. Do you have any ideas? I use Samba 3.0.28a on my PDC and Windows XP Professional on my client. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- Get an email ID as [EMAIL PROTECTED] or [EMAIL PROTECTED] Click here.http://in.rd.yahoo.com/tagline_dbid_4/*http://in.promos.yahoo.com/address -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] WINS name resolution doesn't work
I've set up my Samba PDC to act as a WINS server, because I need remote access to it (through a VPN connection). I put wins support = Yes into the smb.conf file. As far as I know, WINS doesn't use a unique port number, so enabling the usual NetBIOS ports (137/udp, 138/udp, 139/tcp) on the firewall should be enough to make WINS work. I did this already. I tried to connect to a share on my PDC through a VPN connection. My VPN server properly sends the address of the WINS server, that's sure, I can see the correct address in the output of ipconfig /all. smdb and nmdb are bound to the wildcard address to accept connections from ppp interfaces created on the fly. Everything seems to work correctly, but my clients cannot use NetBIOS names, when connecting to a share. Connecting to the server by its IP address works with no problem. I am creative, so I decided to disable WINS and use DNS instead. After that, name resolution worked wonderfully. But it's not that easy... by using DNS, my PDC is not able to resolve the netbios names of remote clients, because they don't register their names in DNS when connecting. Is there any way to use WINS on VPN clients? It seems, that Windows silently ignores my WINS server and only tries to resolve names with broadcasting, which is of course not possible through a PPP connection. Do you have any ideas? I use Samba 3.0.28a on my PDC and Windows XP Professional on my client. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with moving PDC to new server
First of all, check the domain SID on the new server. It should match the domain SID which was used on the old server. Also make sure, that permissions are correctly set on profile directories. To display the domain SID, type the following on the PDC: net getlocalsid To set the domain SID use net setlocalsid SID Permissions of profile directories should be set like this: - User ownership: the usename which the profiles belongs to - Group ownership: the primary group of the user - Permission for the profile directory: 1777 - Permission for the profile directory of a user: 0700 or 1700 (not sure about it) I hope, I could help you. Regards Gergely Kiss 2008/7/16 Aaron Johnson [EMAIL PROTECTED]: All, I am in the process of moving a PDC to a new server, the config, *.tdb files, linux user account files (/etc/passwd,shadow,group) and /home have all been moved successfully, shares and authentication is working great. Issue: When I login and the system loads my roaming profile all my recent Programs list are gone, I cannot add more programs to this list in the start menu (no error just won't show) and it appears other windows settings are not getting properly loaded either (i.e. I have a gray start bar instead of my normal green/blue bar) Background on the move: Old Server: Ubuntu 6.06(i386) running Samba 3.0.22 New Server: Centos 5.2(i386) running Samba 3.0.28 Clients: All Windows XP Pro previously part of the Domain Any one have any advice for solving this issue? Aaron -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Sporadic Homedirs lost
Try to set obey pam restrictions = No and see if it solves your problem. In most cases, it's not required to use PAM for authenticating domain clients. 2008/7/16 Achim Frank [EMAIL PROTECTED]: Hi List, since the upgrade of a LDAP based PDC/BDC system to PDC/BDC and fileserver we have problems with users sporadic loolsing their homedirs. These events are unreproducible and only sporadic. Only the homedir not any of the other shares mounted from the fileserver are subject to this connection breakoff. The logs seem to suggest the username has been forgotten by the fileserver as the user wants to access this private share. Attached find a portion of the logs from fileserver at the event of loosing a homedir (loglevel 3): [2008/07/15 09:43:01, 3] auth/auth.c:check_ntlm_password(221) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2008/07/15 09:43:01, 3] auth/auth.c:check_ntlm_password(224) check_ntlm_password: mapped user is: [EMAIL PROTECTED] [2008/07/15 09:43:01, 3] auth/auth.c:check_ntlm_password(270) check_ntlm_password: guest authentication for user [] succeeded In the morning everything works ok like this: [2008/07/15 08:09:44, 3] auth/auth.c:check_ntlm_password(221) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2008/07/15 08:09:44, 3] auth/auth.c:check_ntlm_password(224) check_ntlm_password: mapped user is: [EMAIL PROTECTED] [2008/07/15 08:09:44, 3] auth/auth.c:check_ntlm_password(270) check_ntlm_password: winbind authentication for user [myself] succeeded [2008/07/15 08:09:44, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: authentication for user [myself] - [myself] - [myself] succeeded Versions of Samba: The systems are running Debian Etch. PDC/BDC on Backports kernel 2.6.24-1-686, fileserver on stock Etch Kernel. Samba is installed as Sernet Etch Packages (http://ftp.sernet.de/pub/samba/debian/ sernet-samba_3.0.28-21_i386.deb sernet-samba-common_3.0.28-21_i386.deb sernet-samba-doc_3.0.28-21_all.deb sernet-smbclient_3.0.28-21_i386.deb). We also tried sernet-samba versions 3.0.30-22 and 3.2.0-22 but to no avail. Samba configuration: PDC/BDC: [global] ... map to guest = Bad User obey pam restrictions = Yes template homedir = /home/%U veto files = /lost+found/users/ ... only shares [profiles] and [netlogon] fileserver: [global] ... security = domain map to guest = Bad User obey pam restrictions = Yes template homedir = /home/%U veto files = /lost+found/users/ [homes] comment = Heimatverzeichnis read only = No create mask = 0700 browseable = No Has anybody a clue why this could happen? Are there magic switches to be set with smb.conf on PDC/BDC if homedirs are not present on the authenticating servers or anything else we migght have overlooked? Any recommendation on how to track down this misbehaving? Thanks for your answers, --achim -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows XP Files Disapearing
Try to replace the last three lines (map archive/system/hidden) with a single line like this: store dos attributes = Yes This will ensure, that file attributes get correctly set by using extended attributes (see the smb.conf manual for more details). I think, it's a lot better way for storing Windows/DOS attributes, than using UNIX permission bits. The most important thing to note is that you have to mount the shared filesystem with the 'user_xattr' mount option. That way, I could manage to copy the Default User folder to the netlogon share including proper file attributes (like the system and hidden attributes for desktop.ini files). Your share definition is fully wrong, I think. Using read only = Yes and writable = Yes have a probably unwanted behavior - it's because these settings are equal (again, read the smb.conf man page, it's a very useful reading for configuring Samba). Regards Gergely Kiss 2008/7/14 David Dzikowski [EMAIL PROTECTED]: When I mount a drive via Windows XP and copy a file via Samba, the file appears to be copied. When I refresh the window in Windows Explorer, however, it disappears! When I copy the *same* file a second time, Windows asks me if I want to *replace* the file (as if it were there but I just can't see it). I've attached the Samba drive to my Windows XP machine and I can see the file that I copied so I know it's are being copied to the drive. It seems like Samba is hiding the file once it's copied to the drive for some reason. I've set the attribute browseable = yes, but that doesn't seem to solve the problem. This is my first foray into Linux and Samba. I am running Samba 3.2.0 and Unslung 6.10 on an NSLU2 device. I have a 500GB USB NTFS-formatted drive attached via a hub to the NSLU2 device. It seems like I may have a permissions problem. Here is my smb.conf file. Any suggestions would be much appreciated! [global] wins support = yes bind interfaces only = no interfaces = 192.168.1.203/24 hosts allow = 192.168. localhost 127. log level = 1 config file=/opt/etc/samba/smb.conf unix charset = CP437 dos charset = CP437 os level = 8 workgroup = unslung server string = unslung printcap name = /opt/etc/printcap load printers = no max log size = 10 security = user encrypt passwords = yes smb passwd file =/opt/etc/samba/smbpasswd socket options = TCP_NODELAY SO_KEEPALIVE SO_SNDBUF=65535 SO_RCVBUF=65535 preferred master = no local master = yes domain master = no dns proxy = no preserve case = yes short preserve case = yes default case = upper case sensitive = no mangled names = yes null passwords = yes dos filetimes = yes veto files = /.ShareConfFile/quota.user/quota.user~/lost+found/$*/ System Volume Information/ delete veto files = false create mask = 771 force create mode = 660 force directory mode = 771 directory security mask = 771 map system = yes map to guest = Bad User guest account = guest name resolve order = wins lmhosts hosts bcast winbind use default domain = no browseable = yes # # [DISK 1] valid users=@administrators,@everyone path=/share/hdd/data/ read only = yes write list= @administrators,@everyone browseable = yes guest ok = yes writeable = yes map archive = yes map system = yes map hidden = yes _ Making the world a better place one message at a time. http://www.imtalkathon.com/?source=EML_WLH_Talkathon_BetterPlace-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.2 Ldap problem
Have you installed the libnss-ldap module on Server B? It's required if you have your users in an LDAP-database. What do you see if you type the command on Server B: id username For example, I have a user in my LDAP database, named kissg_02a. In my case, I see the followings: [EMAIL PROTECTED] id kissg_02a uid=10003(kissg_02a) gid=513(Domain Users) groups=513(Domain Users) Try to set loglevel 256 on your slapd.conf and look for entries in your syslog file, which have an err value, other than zero. If you don't have any, it means that communication with the LDAP-server works as expected, but Samba cannot access the uid attribute. It can also be, that the samba.schema file changed since Samba version 3.0, and the new version stores UIDs in a different attribute or in a different place of the LDAP directory structure. Check if there is a new version available for Samba 3.2. Best regards Gergely Kiss 2008/7/2 Ernesto Silva [EMAIL PROTECTED]: Hi, I've running a samba 3.0.22-13.30 server in standalone mode (security=user) for quite a while. It's authenticated against an openLdap and works great, say Server A. A few days ago I've installed OpenSuSE 11 Beta 2 in another server, it came with samba 3.2.0-18, so as I'm very lazy I copied the smb.conf file from the working server to the new one with little modifications like the netbios name and which shares it serves, say Server B. I'm connecting to the same Ldap server. The problem is that I can't reach any share, from the Server B logs... [2008/07/01 04:54:01, 1] passdb/pdb_ldap.c:init_sam_from_ldap(567) init_sam_from_ldap: No uid attribute found for this user! [2008/07/01 04:54:01, 1] passdb/pdb_ldap.c:ldapsam_getsampwnam(1531) ldapsam_getsampwnam: init_sam_from_ldap failed for user 'x'! I've been googleing for the last 8 hours and I can't fix the problem, with a more verbose debug level I can see that the Ldap connection works fine. I've also checked the Ldap logs and everything is fine. May be it's a problem with idmap-ing. Here is my smb.conf file from the Server B, I've placed comments on lines which differ from the Server A and commented out lines I believe are not relevant to Server B. - [global] passdb expand explicit = no utmp = Yes workgroup = CPD netbios name = OPEN# I've changed the server string = File Server passdb backend = ldapsam:ldap://ldapon.my.company time server = Yes printing = cups printcap name = cups printcap cache time = 750 cups options = raw username map = /etc/samba/smbusers map to guest = Bad User wins support = no # it's 'Yes' in the old server local master = no # it's 'Yes' in the old server domain master = no # it's 'Yes' in the old server domain logons = no # it's 'Yes' in the old server security = user preferred master = no os level = 64 encrypt passwords = yes #logon script = test.bat #logon path = \\%L\profiles\%U #logon home = \\%L\%U #logon drive = z: #add user script = ldapsmb -a -u %u #delete user script = ldapsmb -d -u %u #add machine script = ldapsmb -a -s -wks %u -v --logfile /var/log/samba/ldapsmb.log #add group script = ldapsmb -a -g %g #delete group script = ldapsmb -d -g %g #add user to group script = ldapsmb -j -u %u -g %g #delete user from group script = ldapsmb -j -u %u -g %g #set primary group script = ldapsmb -m -u %u -gid %g ldap admin dn = cn=Manager,dc=my,dc=company ldap suffix = dc=my,dc=company ldap machine suffix = ou=Computers ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap user suffix= ou=People ldap passwd sync= Yes log file = /var/log/samba/%m.log log level = 1 load printers = no [www2] comment = webpages path = /path/to/webpages public = no writeable = yes browseable = yes valid users = +groupA +groupB force user = www2 create mask = 0775 dont descend = /bin,/boot,/dev,/etc,/lib,. - Please, any ideas? Best regards, -- Ing. Ernesto Silva. Coordinador de Desarrollo Web y Sistemas Abiertos Centro de Procesamiento de Datos Universidad ORT Uruguay. E-mail: [EMAIL PROTECTED] Tel: (+5982) 903-1995, (+5982) 902-9687 ext. 102 Fax: (+5982) 900-2952 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Error messages while managing groups in User Manager
I still haven't found any solution. Have anyone of you ever had this problem? I also tried it with tdbsam backend, and I got the same error, so it's not an LDAP-related issue. I have upgraded to Samba version 3.0.30, but the problem still exists. Please help, I'm out of ideas! My original message was: I recently set up a PDC using Samba version 3.0.28a. According to the official Samba documentation, I should be able to use the Microsoft User Manager tool to manage my Samba domain controller. I am able to add/delete/modify user accounts with no problem, but editing groups is not possible for some reason. For example, if I try to add a user account to a group, I get an Access denied error message. This sounds a bit strange to me, since I log in to the domain as root, so privilege problems should not happen. Is this a bug or have I misconfigured something? What I have already done: - Install Samba from package - Edit smb.conf to suit my needs - Create basic group mapping with the correct RIDs (512 for domain admins, 513 for users, 514 for guests) - Create a separated directory structure for all the shares My shares are located on separate partitions, each have the user_xattr option enabled in /etc/fstab. I attached my smb.conf file to this message, to make it easier to understand my configuration. Thanks for you help in advance! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] can join,but not log into domain
Do you get the same results if you try to log in or join the domain from another machine? Have you set up a machine trust account? You have to create a machine account for each workstation in your domain, unless you have set an add machine script in your smb.conf file, which would do this job automatically. Windows error messages are less detailed or confusing sometimes, so please check the %SYSTEMROOT%\Debug\NetSetup.log file on the client computer to have more information about the problem. 2008/6/21 Peter Hartmann [EMAIL PROTECTED]: Hi, I have a problem where I can join an xpsp2 machine to a domain but, no matter what %COMPUTERNAME% i use, it says system error: a duplicate name exists on the network after the reboot when upon successfully joining.If I try to log in as a valid user, i get the the system could not log you on because domain 'DOMAIN' is not available. I'd just like to stress that I do not have a duplicate name on the network...I've tried more than 4 and each time I have same error. Does this ring any bells for anyone? Thanks, Peter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Access denied while trying to edit a group in usrmgr.exe
First of all, I am new to Samba, so please pardon me if I ask something stupid. Thanks! I recently set up a PDC using Samba version 3.0.28a. According to the official Samba documentation, I should be able to use the Microsoft User Manager tool to manage my Samba domain controller. I am able to add/delete/modify user accounts with no problem, but editing groups is not possible for some reason. For example, if I try to add a user account to a group, I get an Access denied error message. This sounds a bit strange to me, since I log in to the domain as root, so privilege problems should not happen. Is this a bug or have I misconfigured something? What I have already done: - Install Samba from package - Edit smb.conf to suit my needs - Create basic group mapping with the correct RIDs (512 for domain admins, 513 for users, 514 for guests) - Create a separated directory structure for all the shares My shares are located on separate partitions, each have the user_xattr option enabled in /etc/fstab. I attached my smb.conf file to this message, to make it easier to understand my configuration. Thanks for you help in advance! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] linux server not caching users
It seems, that sometimes your system is unable to resolve UIDs and GIDs. Maybe it's a problem with your Samba configuration or the network connection to the domain controller. I'm not an expert of this, but I'm sure, that experienced Samba users and developers will help you to solve your problem. Best regards: Gergely Kiss 2008/6/18 Lee, Steven P [EMAIL PROTECTED]: I've got a CentOS 5 server joined to a Windows 2003 Domain. The Linux machine joined the Windows domain successfully and imported users, created their home directories and migrated their passwords. When looking at the current home directory It lists permissions and ownership properly for a few minutes drwxr-xr-x 2 jdoe domain users4.0K Jun 14 2007 jdoe drwxr-xr-x 2 jqpublic domain users4.0K May 23 2007 jqpublic after a few minutes running the command whoami and crontab fails and looking at the home directory shows the userid number as opposed to the usernames drwxr-xr-x 2 16785470 1629 4.0K Mar 27 2007 jdoe drwxr-xr-x 5 16785433 1629 4.0K Jun 2 10:27 jqpublic running getent will reacquire the usernames allowing whoami to work again. Any help is appreciated. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] HomeDir with machinenname
Dear Marc, it's always a good idea to read man pages (this is from the smb.conf man page): %m the NetBIOS name of the client machine (very useful). This parameter is not available when Samba listens on port 445, as clients no longer send this information. If you use this macro in an include statement on a domain that has a Samba domain controller be sure to set in the [global] section smb ports = 139. This will cause Samba to not listen on port 445 and will permit include functional‐ ity to function as it did with Samba 2.x. So, according to this, you should add an entry to the [global] section of your smb.conf file: smb ports = 139 Another thing to note, is that you have to write a script, that creates the machine's directory, if it doesn't exist yet and instruct Samba to run the script, when a user logs in. To do this, add the following to the [netlogon] share in smb.conf: root preexec = /usr/local/sbin/createmachinedir.sh %m %u This script will test if the username is general and create a directory with the name of the machine where the user has logged in from. Create a file in the directory /usr/local/sbin, named createmachinedir.sh and copy the followings to it: # Script start # #!/bin/sh SHAREPATH=/shares/Public/general if [ ! -e $SHAREPATH/$1 -a $2 = general] then mkdir $SHAREPATH/$1 # Set permissions with chown and chmod: # general will be the owner of this directory: chown general:users $SHAREPATH/$1 # We give access only to general for this machine directory # (correct this if you want to grant permissions to other users, too) chmod 0700 $SHAREPATH/$1 fi exit 0 # End of script # Save the script and set the executable bit: chmod a+x /usr/local/sbin/createmachinedir.sh The next step is, to map the correct directory when the user logs in. This can be achieved by adding the following command to the user's logon script: net use Z: %LOGONSERVER%\Public\general\%COMPUTERNAME% You can use any drive letter instead of Z:, just make sure, it is not already taken. I think, this could provide a perfect solution to your problem. By the way, I use a similar script to create home directories for domain users, when they log in for the first time. Please tell me whether this method works for you or not. Best regards: Gergely Kiss 2008/6/18 Marc Muehlfeld [EMAIL PROTECTED]: No one any idea how I can get this working? Marc Muehlfeld schrieb: Hello. I have a Folder /shares/Public/ which is shared. The Account general should have a separate HomeDir below /shares/Public/general depending on the machine name. So I set the attribute homeDirectory in LDAP to /shares/Public/general/%m (i also tried %M). But when I log on at PC01, the HomeDir is not mounted, because %m/%M was not resolved to the machinename: /shares/Public/general/10.1.0.17' does not exist or permission denied when connecting to [general] Error was No such file or directory I use %m for the logfile name too, where it is mapped to the machine name (not the IP). Any idea what could went wrong and how else I can get the needed setup? Currently we use 3.0.22 and can't upgrade because of different problems with trusted domains in our setup. Regards Marc Muehlfeld -- Marc Muehlfeld (Leitung IT) Zentrum fuer Humangenetik und Laboratoriumsmedizin Dr. Klein und Dr. Rost Lochhamer Str. 29 - D-82152 Martinsried Telefon: +49(0)89/895578-0 - Fax: +49(0)89/895578-78 http://www.medizinische-genetik.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba