Re: [Samba] Samba 4 provisioning error on Ubuntu 12.04
Hello, 2012/6/14 todd kman tkma...@yahoo.com: I looked up ACL and how to get them supported and tried the following: sudo apt-get install attr Almost. Install libattr1-dev HTH, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba StartTLS
2011/11/11 steve st...@steve-ss.com: So, On a win 7 client, where do I put the CA cert? You don't :-) Win will talk to samba. Samba talks to OpenLDAP over a tls conection. From my experience (since -from my pov- it is not clear in the docs), Samba needs: passdb backend = ldapsam:ldaps://ldap.yourdomain.tld ldap ssl = off Or passdb backend = ldapsam:ldap://ldap.yourdomain.tld ldap ssl = start tls BTW, the CN in the certificate must match the ldap uri if smb.conf. In other words, if your certificate was created using CN=ldap.mydomian, and you put ldapsam:ldap://localhost in smb.conf, it won't work. HTH, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba StartTLS
Hi Steve, 2011/11/12 steve st...@steve-ss.com: My smb conf looks like this: passdb backend = ldapsam:ldap://hh1.site idmap backend = ldap:ldap://hh1.site ldap ssl = start tls Looks right. hh1.site is my FQDN and is also the CN for the CA and servercerts. Good But I'm wondering. Since the samba and ldap servers are both on the same box, is that why TLS isn't working? Nope. But you could disable ssl/tls in that case: ldap ssl = off Because it doesn't make sense to have it? It doesn't make sense to use ssl/tls connections in your case, but it is not the cause your setup is not working. There is no communication between samba and ldap over the network as they are both on the same machine. Would this explain the errors: No However, they can connect with: TLS_REQCERT never in /etc/openldap/ldap.conf Yes, because you're are missing your CA. If you want samba to connect to openldap over tls/ssl, you need something like this: TLS_REQCERT hard TLS_CACERT /path/to/your/ca.crt Confused! Basically you either need to disable tls (ldapsam:ldap:// and ldap ssl = off) or put your CA in your samba server and tell ldap where to find it. Regards, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba StartTLS
2011/11/12 steve st...@steve-ss.com: Nearly understood it but I'm missing this: How does the username and password that is typed in on the win client travel over the network to the samba (and in my case also ldap) server? It must be sent as plain text no? Cheers, Steve. Yup... more or less. I don't know the internals of NTLM(or whatever 7 is using). But yes, the username and a hash of the password travels over the network to the samba server, not openldap. You can add kerberos to the mix if you're concerned about security. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba StartTLS
2011/11/11 steve st...@steve-ss.com: On 11/11/2011 08:31 AM, steve wrote: Hi Scenario: Lan with opensuse 11.4 Samba and LDAP server. Linux, win-xp and win7 clients. Nov 10 11:20:16 hh1 smbd[6066]: [2011/11/10 11:20:16.268556, 0] lib/smbldap.c:731(smb_ldap_start_tls) Nov 10 11:20:16 hh1 smbd[6066]: Failed to issue the StartTLS instruction: Connect error Solved? Adding: TLS_REQCERT never to /etc/openldap/ldap.conf allows windows to connect to the samba domain with TLS. Can anyone comment on the security of this workaround? Thanks Or you can copy your servers' CA to your clients, in this case your samba server and use TLS_REQCERT hard Your solution works, but some other machine can impersonate your ldap server and your smb server will never know the difference. Regards, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] XP machine wont join domain
2011/10/20 Lachlan Musicman data...@gmail.com that 'only root can add a machine to a domain'. or any user in admin users = Regards, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Forum vs. Mailing List?`!
2010/6/29 Tom H. Lautenbacher mailingli...@lautenbacher.biz I wanted to ask if there is an official Samba Forum, because I could not find any on the Project Page. If there isn't any, is there a particular reason for this not-existance? You cannot have an offline archive of a forum. That makes forums completely useless (at least for me.) There's no way someone can delete emails from my machines. Forums admins can -and actually DO- delete offensive messages from forums. Forums require more resources. Etc. Why do you want a forum? Regards, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Can only see files one level deep
2010/6/4 DNK d.k.emailli...@gmail.com: Just bumping this one back onto the radar. I still have not been able to fix the issue. Hello, I got a Macbook Pro last week so I was able to test your smb.conf in a VM running centos 5.5. It turned out that I have to disable iptables and selinux (system-config-securitylevel-tui) to make samba run on centos. I'm a debian/ubuntu guy and sure there's a better way; anyway, for testing, disabling is ok. After that, your smb.conf run flawless here; except for this line in [myshare]: users = @ myshare I really hope that space between @ and myshare is a typo in your email and not in your actual smb.conf. I'll keep the VM for a few days, just in case you want me to run some more tests. Best regards, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Can only see files one level deep
2010/5/31 DNK d.k.emailli...@gmail.com: I don't think I posted back to the list, but this did not help anything. Are there any other suggestions? Would there be any value in backing up my config, and reinstalling samba? please, post output of: ls -ld /shares/myshare ls -ld /shares/myshare/Docs -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Can only see files one level deep
Are users members of myshare? El 31/05/2010 18:46, DNK d.k.emailli...@gmail.com escribió: Here we go... ls -ld /shares/myshare drwxrws--- 12 dnk myshare 4096 May 31 12:16 /shares/myshare ls -ld /shares/myshare/Docs/ drwxrws--- 9 dnk myshare 4096 May 19 12:35 /shares/myshare/Docs/ D On 2010-05-31, at 1:31 PM, zoolook wrote: 2010/5/31 DNK d.k.emailli...@gmail.com: I don't ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] SWAT does not show some buttons
2010/5/30 YES NOPE9 y...@nope9.com: What might I do to get Computers B and C to match A ? login as root -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Login Samba/LDAP
2010/5/17 Thiago Gonzaga B. Galvão thiagobandi...@yahoo.com.br: So, my question is: if the user is logged into your workstation (authentication Samba/LDAP), can I store this login/password used for later use it to log on other systems? You want kerberos -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba.org has been revised!
Hello Michael, 2010/5/19 Michael Adam ob...@samba.org: zoolook wrote: 2010/5/18 Karolin Seeger ksee...@samba.org: [1] http://samba.org/ Do you have a sans-serif version of it? Hmm, only the headlines are in serif fonts. All the text bodies are sans-serif. Are you speaking of the headlines? Headlines and buttons; i.e.: * Home * think Samba * get Samba * ... Also, the color combination (specially on the wiki) is awful; red on gray, really hurt my eyes. I hope it can be improved soon. Regards, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba.org has been revised!
2010/5/18 Karolin Seeger ksee...@samba.org: [1] http://samba.org/ Do you have a sans-serif version of it? Regards, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba/LDAP share issue -- user with invalid SID
2010/5/18 Alex McKenzie a...@chem.umass.edu: r...@sl1:/etc/samba# testparm Server role: ROLE_DOMAIN_PDC [global] workgroup = CHEMBMB domain logons = Yes preferred master = Yes domain master = Yes This is a standalone server providing file sharing, but not acting as a domain login controller: if I ever want that, I'll be building a different server for it. Hm!? Thanks to tms3 for the instructions: I'd been spinning my wheels for two weeks before his (her?) advice! Can you (or someone else) please explain this because either, I'm too dumb or too sleepy. From what I can see, your samba server IS a PDC. If you want SL1 to be a member of CHEMBMB, you need to: domain logons = No security = DOMAIN Then: # net rpc join ((or net ads join)) Am I missing something here? Thanks, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Alternate Data Streams
Hello, 2010/5/16 Marten Gajda marten.ga...@fernuni-hagen.de: Greetings, I don't know if this is what are you looking for: http://www.mail-archive.com/samba@lists.samba.org/msg101989.html Regards, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] net rpc rights grant root SeDiskOperatorPrivilege failed with Failed to grant privileges for root (NT_STATUS_ACCESS_DENIED)
You need to tell net with which user you run the command: net rpc rights grant USERNAME SeDiskOperatorPrivilege -Uroot HTH, Norberto El 13/05/2010 9:53, Nagaraj Shyam nagaraj_sh...@symantec.com escribió: Hi, I have a samba server setup as a domain member. I am trying to grant SeDiskOperatorPrivilege to some user accounts e.g. domainaname\User, but I always get the above error. It doesnot matter what I specify as the server in -S option to the command. The command syntax I use is: net rpc rights grant username SeDiskOperatorPrivilege OR net -S ADserver -U support rpc rights grant 'domain\Administrator' SeDiskOperatorPrivilege I am trying to grant the above privilege because managing samba shares through mmc from remote windows system is failing with: _srvsvc_NetShareSetInfo: uid 10500 doesn't have the SeDiskOperatorPrivilege privilege needed to modify share myshare Uid 10500 is 'domain\Administrator' account I can send the relevant smb.conf and any additional traces I need to capture. Can anyone provide ideas on what could be going wrong? The above feature(s) is supposed to be supported by samba 3.5.1 which I am using. Thanks for the help. -s -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] select read/write access by user or group?
2010/5/12 William P.N. Smith w_sm...@compusmiths.com: It seems if I have a share that someone can read, anyone can read it, is that right? depends; how did you configure your shares? but +staff isn't documented anywhere (user or @group is, but not +staff), and adding creating a Linux group called staff and adding users to it doesn't help. + is explained in the manual. Did you read it? Thanks in advance for any hints! man smb.conf: valid users (S) This is a list of users that should be allowed to login to this service. Names starting with �...@´, ´+´ and ´´ are interpreted using the same rules as described in the invalid users parameter. If this is empty (the default) then any user can login. If a username is in both this list and the invalid users list then access is denied for that user. The current servicename is substituted for %S. This is useful in the [homes] section. Default: valid users = # No valid users list (anyone can login) Example: valid users = greg, @pcusers HTH, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Authentication of local users (smbpasswd) fails with security = domain
2010/5/11 Matthias Kellermann matthias.kellerm...@googlemail.com: Any idea how I can use local users and domain users at the same time? Is winbind running? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Authentication of local users (smbpasswd) fails with security = domain
2010/5/11 Matthias Kellermann matthias.kellerm...@googlemail.com: local users. Local users!!! I misread; sorry. Is your pam configured correctly? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Failed login with some of the accounts
2010/5/10 Shu Hung (Koala) koa...@gmail.com:
Its possible.
But if that's true, how am I going to fix that?
First, check if it is really the case. `pdbedit -Lv ${username}` is your friend.
Do you have a LDAP backend? If so, the fix is a piece of cake :-)
Also. Please, don't break CC. There is more knowledgeable people on the list.
Regards,
Norberto
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Failed login with some of the accounts
2010/5/10 Shu Hung (Koala) koa...@gmail.com: Any suggestion? Something has to be different between old-user and new-user. Can you use smbclient with a new user? smbclient -W $DOMAIN -U $USER //$PDC/$HOME (where $HOME is some share where the user has permission. if HOMES is enabled, try //PDC/USERNAME) What about the permissions on the server? Do the paths of new-users have the correct permissions? Regards, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Failed login with some of the accounts
2010/5/8 Shu Hung (Koala) koa...@gmail.com: My Samba server has undergone a series of migration. And recently, I found that the newer accounts fails to login to older computers in the network. Hm. What about the SIDs? Use pdbedit to compare a new-user and an old-user. My wild guess is: the SIDs of the new-users do not match the domain SID. HTH, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Can Not join to domain, from different networks (Vlans)
2010/5/7 Jose j.se...@gmail.com: I think the problem is router (comunications) ( replicate wins in the all network) yup. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] member server, doesn't show full browse list
Is it nomal with Samba? It's not with Windows member servers... 2010/5/5 zoolook nbe...@gmail.com: Hello, I don't know how to put this on words, so maybe an example is better: On a PDC: zool...@venkman:~$ smbclient -L localhost -U% Domain=[BENSA] OS=[Unix] Server=[Samba 3.4.7] Sharename Type Comment - --- print$ Disk Printer Drivers IPC$ IPC IPC Service (venkman server (Samba, Ubuntu)) EPSON_Stylus_CX5900 Printer EPSON Stylus CX5900 Domain=[BENSA] OS=[Unix] Server=[Samba 3.4.7] Server Comment - --- EGON egon server (Samba, Ubuntu) GOZER gozer server (Samba, Ubuntu) PECK peck server (Samba, Ubuntu) VENKMAN venkman server (Samba, Ubuntu) WINDBLOWS windblows (Windows 2000 Professional SP4) WINSTONE winstone (Windows Server 2003 R2) Workgroup Master - --- BENSA VENKMAN On (any) member server: zool...@egon:~$ smbclient -L localhost -U% Domain=[BENSA] OS=[Unix] Server=[Samba 3.4.7] Sharename Type Comment - --- IPC$ IPC IPC Service (egon server (Samba, Ubuntu)) Domain=[BENSA] OS=[Unix] Server=[Samba 3.4.7] Server Comment - --- EGON egon server (Samba, Ubuntu) VENKMAN venkman server (Samba, Ubuntu) Workgroup Master - --- BENSA VENKMAN Why the browse list shows only localhost and the PDC? Is this a feature, a bug, or a configuration issue? Thanks!! Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Join domain broken after update
2010/5/6 mar...@happyhammer.com: The error I get on the WS is: The specified domain either does not exist or could not be contacted. This is the error whether I use the Administrator login or just type some garbage. nmblookup yourdomain#1c is nmbd running? Regards, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Can Not join to domain, from different networks (Vlans)
2010/5/6 Jose j.se...@gmail.com: where is problem? what's the netmask? do you have a wins server at the router? hth, norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] member server, doesn't show full browse list
Hello, I don't know how to put this on words, so maybe an example is better: On a PDC: zool...@venkman:~$ smbclient -L localhost -U% Domain=[BENSA] OS=[Unix] Server=[Samba 3.4.7] Sharename Type Comment - --- print$ Disk Printer Drivers IPC$IPC IPC Service (venkman server (Samba, Ubuntu)) EPSON_Stylus_CX5900 Printer EPSON Stylus CX5900 Domain=[BENSA] OS=[Unix] Server=[Samba 3.4.7] Server Comment ---- EGON egon server (Samba, Ubuntu) GOZERgozer server (Samba, Ubuntu) PECK peck server (Samba, Ubuntu) VENKMAN venkman server (Samba, Ubuntu) WINDBLOWSwindblows (Windows 2000 Professional SP4) WINSTONE winstone (Windows Server 2003 R2) WorkgroupMaster ---- BENSAVENKMAN On (any) member server: zool...@egon:~$ smbclient -L localhost -U% Domain=[BENSA] OS=[Unix] Server=[Samba 3.4.7] Sharename Type Comment - --- IPC$IPC IPC Service (egon server (Samba, Ubuntu)) Domain=[BENSA] OS=[Unix] Server=[Samba 3.4.7] Server Comment ---- EGON egon server (Samba, Ubuntu) VENKMAN venkman server (Samba, Ubuntu) WorkgroupMaster ---- BENSAVENKMAN Why the browse list shows only localhost and the PDC? Is this a feature, a bug, or a configuration issue? Thanks!! Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] The user name could not be found when joining a samba domain
2010/4/29 Michael Leonetti mleone...@evolutionce.com: The problem is the log doesn't give me any information on what's going on and this happened out of nowhere. Any help would really be appreciated. and your smb.conf? Most of the time, add machine script has '%u' (or %u), remove the quotes (or add them; depends on versions, and if a butterfly is flying somewhere in Japan) and it will work. HTH, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] nslookup from Windows resolves domain and pdc correctly but still gets cannot contact on samba 3.2.5-4 on lenny
Hint: interfaces El 28/04/2010 8:55, Siju George sgeorge...@gmail.com escribió: Hi, I have installed ii samba 2:3.2.5-4lenny9a LanManager-like file and printer server for Unix ii samba-common 2:3.2.5-4lenny9 Samba common files used by both the server and the client On Debian Lenny and i am sharing directories to Windows Users successfully. I configured it as a PDC with the following configuration. [global] workgroup = HIFXNX netbios name = HIFXNXDC server string = HIFXNX Domain Controller, PHP Development Server, Subversion Server, DNS Server interfaces = 172.16.2.0/255.255.255.255 bind interfaces only = Yes obey pam restrictions = Yes passdb backend = tdbsam pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . unix password sync = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 name resolve order = lmhosts host wins bcast add user script = /usr/sbin/adduser --quiet --disabled-password --gecos %u add group script = /usr/sbin/addgroup --force-badname %g add machine script = /usr/sbin/useradd -g machines -c %u machine account -d /var/lib/samba -s /bin/false %u domain logons = Yes os level = 33 preferred master = Auto domain master = Yes dns proxy = No panic action = /usr/share/samba/panic-action %d [homes] comment = Home Directories valid users = %S create mask = 0700 directory mask = 0700 browseable = No [netlogon] comment = Network Logon Service path = /home/samba/netlogon guest ok = Yes share modes = No I can get the domain domain controller resolved using DNS from the Windows XP machine. C:\Documents and Settings\securenslookup hifxnx.local Server: hifxpms.hifxchn2.local Address: 172.16.2.26 Name:hifxnx.local Address: 172.16.2.0 C:\Documents and Settings\securenslookup hifxnxdc.hifxnx.local Server: hifxpms.hifxchn2.local Address: 172.16.2.26 Name:hifxnxdc.hifxnx.local Address: 172.16.2.0 C:\Documents and Settings\secureipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : winxsp2-vm Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : AMD PCNET Family PCI Ethernet Adapter Physical Address. . . . . . . . . : 08-00-27-DE-AB-29 Dhcp Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 172.16.2.51 Subnet Mask . . . . . . . . . . . : 255.240.0.0 Default Gateway . . . . . . . . . : 172.17.1.0 DNS Servers . . . . . . . . . . . : 172.16.2.26 172.17.1.0 But when I try to join the domain from the Windows XP machine. I get the error A Domain Controller for the domain hifxnx.local could not be contacted and the debug log file dcdiag.txt contains these details. The following error occurred when DNS was queried for the service location (SRV) resource record used to locate a domain controller for domain hifxnx.local: The error was: DNS name does not exist. (error code 0x232B RCODE_NAME_ERROR) The query was for the SRV record for _ldap._tcp.dc._msdcs.hifxnx.local Common causes of this error include the following: - The DNS SRV record is not registered in DNS. - One or more of the following zones do not include delegation to its child zone: hifxnx.local local . (the root zone) For information about correcting this problem, click Help It will be great if some one can point out the problem to me :-) Thanks --Siju -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ntconfig.pol decode tool (?)
is there any tool that would dump a plain-text version of ntconfig.pol? JFYI, I solved it like this: on debian/ubuntu: aptitude install libparse-win32registry-perl I'm sure your favorite distro also has the same package. Thanks, -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] nslookup from Windows resolves domain and pdc correctly but still gets cannot contact on samba 3.2.5-4 on lenny
2010/4/28 Siju George sgeorge...@gmail.com: On Wed, Apr 28, 2010 at 4:36 AM, Zoolook nbe...@gmail.com wrote: Hint: interfaces Could you please explain? yes of course. I'm sorry I didn't before. I was traveling and my phone is not the best device to write an email (touch screens REALLLY s*cks) Basically, and just from my experience, /32 doesn't do what you think it does. If you want samba to listen on certain ip/net range, just do: interfaces = 172.16.2.0/12 and it will do the right thing (unless your server have more than one ip on 172.16.2.0/12) I'm actually surprised that 172.16.2.0/32 does serve your clients. I tried that configuration a few years back and it didn't work at all (samba 3.0.1something on debian) Also, I remember having problems with domain subfixes named .local; perhaps you'd like to rename it to .localdomain (I hope this is a test network...) Oh. And you don't have a wins support = yes (default is no IIRC) What's the output of: smbclient -L 172.16.2.0 -U% nmblookup -A 172.16.2.0 ? Regards, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ntconfig.pol decode tool (?)
Hello, is there any tool that would dump a plain-text version of ntconfig.pol? Thanks in advance, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] DFS/FRS
Hi! 2010/4/7 Raymond Fagnon raymond_fag...@jabil.com: What alternatives can I use for FRS, rsync? glusterfs: http://gluster.com/community/documentation/index.php/Main_Page drbd: http://www.drbd.org/ hth, norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] how to synch multiple servers?
2010/3/26 PTaco beatr...@yahoo.com: DRDB is a whole file system correct? No. It's a block device. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] config backend = registry; printers not shown
Hello Michael, 2010/3/22 Michael Adam ob...@samba.org The registry config backend is not an experiment, but apparently, it was not much tested with printing. (Since most of the time, it is used in clustererd installations (with ctdb), where usually no printing is done at all, and most of the time it is used in the include = registry form.) Thanks for the explanation. I am going to investigate this. Would you mind filing a bug in bugzilla.samba.org for this? Yes, of course. I will tonight. 12 hours from now. Thanks for your patience and stay tuned... :-) Regards, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] config backend = registry; printers not shown
2010/3/22 Zoolook nbe...@gmail.com: I am going to investigate this. Would you mind filing a bug in bugzilla.samba.org for this? Yes, of course. I will tonight. 12 hours from now. Bug #7280 Thanks! Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] config backend = registry; printers not shown
Ok so in 3.4.6 it is fixed, just no the way I like: printers are show only if config backend = file :-/ So. What is config backend = registry good for? or was it an experiment no one really cared? 2010/3/19 Zoolook nbe...@gmail.com hi! no one knows? 2009/12/22 Zoolook nbe...@gmail.com: Hello, I couldn't find an answer to this small question in google/man/faq: why do I use lose my printer if I use registry backend? config backend = file (full config file below): ... [printers] comment = All Printers path = /var/spool/samba create mask = 0700 printable = Yes browseable = No guest ok = yes ... $ smbclient -kL //venkman ... EPSON_Stylus_CX5900 Printer EPSON Stylus CX5900 ... config backend = files, delete everything except [printers] and include include = registry: ... [global] include = registry [printers] comment = All Printers path = /var/spool/samba create mask = 0700 printable = Yes browseable = No guest ok = yes ... $ smbclient -kL //venkman ... EPSON_Stylus_CX5900 Printer EPSON Stylus CX5900 ... **BUT** if I change to config backend = registry, I no longer see my printer ... [global] config backend = registry ... $ smbclient -kL //venkman Domain=[BENSA] OS=[Unix] Server=[Samba 3.4.0] Sharename Type Comment - --- IPC$IPC IPC Service (venkman server (Samba, Ubuntu)) zoolook Disk Home Directory print$ Disk Printer Drivers Domain=[BENSA] OS=[Unix] Server=[Samba 3.4.0] Server Comment ---- VENKMAN venkman server (Samba, Ubuntu) WorkgroupMaster ---- BENSAVENKMAN Why? (and no, disabling kerberos makes no difference...) samba is 2:3.4.0-3ubuntu5.3, ubuntu karmic. Here's my net conf list $ sudo net conf list [global] workgroup = BENSA server string = %h server (Samba, Ubuntu) map to guest = Bad User obey pam restrictions = Yes passdb backend = ldapsam:ldap://localhost dedicated keytab file = /etc/samba/smb.keytab kerberos method = dedicated keytab syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 announce version = 5.9 time server = Yes add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel '%u' add group script = /usr/sbin/smbldap-groupadd '%g' delete group script = /usr/sbin/smbldap-userdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/sbin/smbldap-useradd -t 0 -w '%u' domain logons = Yes os level = 255 preferred master = Yes dns proxy = No wins support = Yes ldap admin dn = cn=admin,dc=bensa,dc=ar ldap group suffix = ou=groups ldap idmap suffix = ou=idmap ldap machine suffix = ou=machines ldap passwd sync = yes ldap suffix = dc=bensa,dc=ar ldap ssl = no ldap user suffix = ou=users usershare allow guests = Yes panic action = /usr/share/samba/panic-action %d realm = BENSA.AR [printers] comment = All Printers path = /var/spool/samba create mask = 0700 printable = Yes browseable = No guest ok = yes [print$] comment = Printer Drivers path = /var/lib/samba/printers [homes] comment = Home Directory browseable = No -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Second user password.
2010/3/19 Vincent Zakofski vlamsd...@gmail.com: In this way the sysadmin can avoid to ask password A of the user if he must work in his environment. Hm, don't do that unless you have your user's written permission. Depending on where you live, you could get into legal trouble. We ask the password to our users and after we did whatever we wanted to do on the account, we simply ask them to change the password so they know we won't mess with their information. Anyway, if really really really really really really really want to mess with users' info without they knowing, you could setup LDAP to store clear-text passwords, and configure samba to sync unix passwords. Then simple read userpassword attribute from ldap. HTH, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] config backend = registry; printers not shown
hi! no one knows? 2009/12/22 Zoolook nbe...@gmail.com: Hello, I couldn't find an answer to this small question in google/man/faq: why do I use lose my printer if I use registry backend? config backend = file (full config file below): ... [printers] comment = All Printers path = /var/spool/samba create mask = 0700 printable = Yes browseable = No guest ok = yes ... $ smbclient -kL //venkman ... EPSON_Stylus_CX5900 Printer EPSON Stylus CX5900 ... config backend = files, delete everything except [printers] and include include = registry: ... [global] include = registry [printers] comment = All Printers path = /var/spool/samba create mask = 0700 printable = Yes browseable = No guest ok = yes ... $ smbclient -kL //venkman ... EPSON_Stylus_CX5900 Printer EPSON Stylus CX5900 ... **BUT** if I change to config backend = registry, I no longer see my printer ... [global] config backend = registry ... $ smbclient -kL //venkman Domain=[BENSA] OS=[Unix] Server=[Samba 3.4.0] Sharename Type Comment - --- IPC$ IPC IPC Service (venkman server (Samba, Ubuntu)) zoolook Disk Home Directory print$ Disk Printer Drivers Domain=[BENSA] OS=[Unix] Server=[Samba 3.4.0] Server Comment - --- VENKMAN venkman server (Samba, Ubuntu) Workgroup Master - --- BENSA VENKMAN Why? (and no, disabling kerberos makes no difference...) samba is 2:3.4.0-3ubuntu5.3, ubuntu karmic. Here's my net conf list $ sudo net conf list [global] workgroup = BENSA server string = %h server (Samba, Ubuntu) map to guest = Bad User obey pam restrictions = Yes passdb backend = ldapsam:ldap://localhost dedicated keytab file = /etc/samba/smb.keytab kerberos method = dedicated keytab syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 announce version = 5.9 time server = Yes add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel '%u' add group script = /usr/sbin/smbldap-groupadd '%g' delete group script = /usr/sbin/smbldap-userdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/sbin/smbldap-useradd -t 0 -w '%u' domain logons = Yes os level = 255 preferred master = Yes dns proxy = No wins support = Yes ldap admin dn = cn=admin,dc=bensa,dc=ar ldap group suffix = ou=groups ldap idmap suffix = ou=idmap ldap machine suffix = ou=machines ldap passwd sync = yes ldap suffix = dc=bensa,dc=ar ldap ssl = no ldap user suffix = ou=users usershare allow guests = Yes panic action = /usr/share/samba/panic-action %d realm = BENSA.AR [printers] comment = All Printers path = /var/spool/samba create mask = 0700 printable = Yes browseable = No guest ok = yes [print$] comment = Printer Drivers path = /var/lib/samba/printers [homes] comment = Home Directory browseable = No -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] domain member, how to change passwords?
Hello list, I'll give a detailed explanation below. The quick question is: How can I configure a workstation (running Linux) so it can change user password on the PDC? Details: At work we are migrating from Windows to Linux and we decided to have user's /home exported with NFS4 (no kerberos yet). User database is in LDAP. Some users have shared directories. Since NFS doesn't allow to force groups permission (or I've been unable to find a way) we export shared resources via Samba. The problem is, we also have a 180-day password policy. We have no problems with LDAP, but we're unable to change the samba password on the PDC from the workstations. The test workstation is configured like this: smb.conf: [global] security = domain workgroup = OURDOMAIN password server = * local master = no (note: I tried password server = PDCNETBIOSNAME, but I get the same results) /etc/pam.d/common-password: password [success=2 default=ignore] pam_unix.so obscure sha512 password [success=1 user_unknown=ignore default=die] pam_ldap.so use_authtok try_first_pass password sufficient pam_winbind.so use_authtok nullok try_first_pass password requisite pam_deny.so password required pam_permit.so password optional pam_gnome_keyring.so (note: the file was configured by ubuntu's pam-auth-update; I added the pam_winbind.so line) Now, when I try passwd I get: $ LC_ALL=C passwd Enter login(LDAP) password: passwd: Authentication token manipulation error passwd: password unchanged When I use smbpasswd: $ LC_ALL=C smbpasswd Old SMB password: New SMB password: Retype new SMB password: Could not connect to machine 127.0.0.1: NT_STATUS_LOGON_FAILURE But if I add -r: $ LC_ALL=C smbpasswd -r PDCNETBIOSNAME Old SMB password: New SMB password: Retype new SMB password: Password changed for user nbensa Note that changing passwords from a Windows workstation works. Yes, the Linux workstations were joined to the domain (net rpc join...) I don't know if this is the better way to do this. Maybe there's a better way using only LDAP. We're not considering deploying kerberos for now but I think it will be a much better solution if we could integrate our kerberos database with LDAP. Many thanks in advance for any suggestion, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Users from trusted domains get Your Password expires today in 3.4.3
2009/12/30 Deyan Stoykov dstoy...@ru.acad.bg: Ideas anyone? ldap acl? (hint: shadowlastchange) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Users from trusted domains get Your Password expires today in 3.4.3
2009/12/30 Zoolook nbe...@gmail.com: 2009/12/30 Deyan Stoykov dstoy...@ru.acad.bg: Ideas anyone? ldap acl? (hint: shadowlastchange) please discard. I had a problem with ldap acl last week and I thought you got the same;I didn't read it was a domain trust issue. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Fw: W2KSP4 Problem
2009/12/22 Javier Colella jacole...@afip.gov.ar: I tried changing the netbios name and does the same thing. with WinXP machines have no problem. was this working before? what changes did you do? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Fw: W2KSP4 Problem
2009/12/22 Javier Colella jacole...@afip.gov.ar: Approval by host-seeking was gone (samba + ldap approval) when we try to pass it on to production and did not work. then tested the following mix-: Samba (approval) + ldap (production), did not work Samba (production) + ldap (approval), did not work Samba + ldap (production) did not work I'm having some trouble trying to understand your message. approval = test/prueba ? host-seeking... Perhaps network browsing? If I take into account those assumptions, then: samba+ldap in prueba was working. Then you moved from prueba into production but it didn't work. Was it the same domain (name)? If so, had it the same SID? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] new user can't log
2009/12/21 Leonardo Carneiro lscarne...@veltrac.com.br: Hi guys. I'm still stuck with that user that can't logon. This is what i got with some commands: was that the user with SID S-1-5-21-4161212321-1980848047-2820993626-3468 ? his SID doesn't match your domain. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] new user can't log
2009/12/21 Leonardo Carneiro lscarne...@veltrac.com.br: It's strange. I've found that this problem isn't with this particular user, but with every new user that i create. How can i make the smbldap-useradd to create the users with the right sid? Check your smbldap config. I'm sure the SID there doesn't match. Either remove it or change it to the right value. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Fw: W2KSP4 Problem
2009/12/21 Diego Vera div...@afip.gov.ar: [global] workgroup = DCHOMO netbios name = DCHOMO Change your workgroup name or your netbios name. Both can't be the same. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] config backend = registry; printers not shown
Hello, I couldn't find an answer to this small question in google/man/faq: why do I use lose my printer if I use registry backend? config backend = file (full config file below): ... [printers] comment = All Printers path = /var/spool/samba create mask = 0700 printable = Yes browseable = No guest ok = yes ... $ smbclient -kL //venkman ... EPSON_Stylus_CX5900 Printer EPSON Stylus CX5900 ... config backend = files, delete everything except [printers] and include include = registry: ... [global] include = registry [printers] comment = All Printers path = /var/spool/samba create mask = 0700 printable = Yes browseable = No guest ok = yes ... $ smbclient -kL //venkman ... EPSON_Stylus_CX5900 Printer EPSON Stylus CX5900 ... **BUT** if I change to config backend = registry, I no longer see my printer ... [global] config backend = registry ... $ smbclient -kL //venkman Domain=[BENSA] OS=[Unix] Server=[Samba 3.4.0] Sharename Type Comment - --- IPC$IPC IPC Service (venkman server (Samba, Ubuntu)) zoolook Disk Home Directory print$ Disk Printer Drivers Domain=[BENSA] OS=[Unix] Server=[Samba 3.4.0] Server Comment ---- VENKMAN venkman server (Samba, Ubuntu) WorkgroupMaster ---- BENSAVENKMAN Why? (and no, disabling kerberos makes no difference...) samba is 2:3.4.0-3ubuntu5.3, ubuntu karmic. Here's my net conf list $ sudo net conf list [global] workgroup = BENSA server string = %h server (Samba, Ubuntu) map to guest = Bad User obey pam restrictions = Yes passdb backend = ldapsam:ldap://localhost dedicated keytab file = /etc/samba/smb.keytab kerberos method = dedicated keytab syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 announce version = 5.9 time server = Yes add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel '%u' add group script = /usr/sbin/smbldap-groupadd '%g' delete group script = /usr/sbin/smbldap-userdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/sbin/smbldap-useradd -t 0 -w '%u' domain logons = Yes os level = 255 preferred master = Yes dns proxy = No wins support = Yes ldap admin dn = cn=admin,dc=bensa,dc=ar ldap group suffix = ou=groups ldap idmap suffix = ou=idmap ldap machine suffix = ou=machines ldap passwd sync = yes ldap suffix = dc=bensa,dc=ar ldap ssl = no ldap user suffix = ou=users usershare allow guests = Yes panic action = /usr/share/samba/panic-action %d realm = BENSA.AR [printers] comment = All Printers path = /var/spool/samba create mask = 0700 printable = Yes browseable = No guest ok = yes [print$] comment = Printer Drivers path = /var/lib/samba/printers [homes] comment = Home Directory browseable = No -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] new user can't log
2009/12/18 Leonardo Carneiro lscarne...@veltrac.com.br: [2009/12/18 16:47:29, 2] auth/auth.c:check_ntlm_password(308) check_ntlm_password: authentication for user [dsribeiro] - [dsribeiro] - [dsribeiro] succeeded [2009/12/18 16:47:29, 1] rpc_server/srv_netlog_nt.c:_netr_LogonSamLogon(1060) _netr_LogonSamLogon: user DOMINIO\dsribeiro has user sid S-1-5-21-4161212321-1980848047-2820993626-3468 but group sid S-1-5-21-874179082-3571801642-3889913597-513. The conflicting domain portions are not supported for NETLOGON calls Can anyone point me to how to solve this? I'm not what you guys could call an expert in samba :D The SIDs do not match. Is this the only domain there? If so, I would simply use ldapmodify to modify users' SID to match the domain SID. You'll need to replace S-1-5-21-4161212321-1980848047-2820993626 with S-1-5-21-874179082-3571801642-3889913597 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] nmbd won't start
2009/12/17 Stephen Eastman stephen_east...@yahoo.com: I am using Ubuntu Linux 9.10 (the latest). ... Could this update be broken? Nope. Maybe you disabled NB? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] nmbd won't start
(please, cc to the list.) 2009/12/17 Stephen Eastman stephen_east...@yahoo.com: No NETBIOS is not disabled in the smb.conf file (I assume that is what you are referring to) Yes I am also assuming you are running Ubuntu. Yes, karmic, and samba's working fine here. Maybe you'll like to post your config (run testparm on it) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] nmbd won't start
2009/12/17 Stephen Eastman stephen_east...@yahoo.com: interfaces = 10.10.65.2/8, eth0, 127.0.0.1/8, lo have you tried removing that line or formating it correctly (hint: remove commas)? maybe making it just: interfaces = eth0 lo as you can see, your config (removing interfaces) works here: zool...@venkman:/etc/samba$ smbclient -L //localhost -U% Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.4.0] Sharename Type Comment - --- homes Disk Home Directories print$ Disk Printer Drivers www Disk gateway to apache IPC$IPC IPC Service (venkman server (Samba, Ubuntu)) EPSON_Stylus_CX5900 Printer EPSON Stylus CX5900 Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.4.0] Server Comment ---- VENKMAN venkman server (Samba, Ubuntu) WorkgroupMaster ---- WORKGROUPVENKMAN zool...@venkman:/etc/samba$ ps ax | grep mbd 17205 ?Ss 0:00 /usr/sbin/nmbd -D 17208 ?Ss 0:00 /usr/sbin/smbd -D 17212 ?S 0:00 /usr/sbin/smbd -D -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] nmbd won't start
2009/12/18 Stephen Eastman stephen_east...@yahoo.com: I commented out that line and it seems to be working. good! regards, norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] smbclient, meaning of workgroup/master table
Hello list, I have a little question. When I do smbclient -L //server, what does the following table mean? WorkgroupMaster ---- ADMINISTRACION ADM003 AEYT AEYT4 TRABAJO ESTEEQUIPO WORKGROUPJUKEBOX I'm asking because I have 5 samba domains and when I do smbclient -L against the domain servers, I get different information in the table. For example I get something like the following: smbclient -L //server1 -U% WorkgroupMaster ---- domain1 server1 domain2 server2 domain3 server3 smbclient -L //server2 -U% WorkgroupMaster ---- domain1 server1 domain2 someworkstation-in.domain2 domain3 someworkstation-in-domain3 smbclient -L //server3 -U% WorkgroupMaster ---- domain1 server1 domain2 someworkstation-in-domain2 domain3 server3 Is this normal? Thanks, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Manual creation of machine account
try: smbldap-useradd -w machine On Fri, Oct 16, 2009 at 1:05 PM, M. Rodrigo Monteiro fale...@rodrigomonteiro.net wrote: I'm using Samba + OpenLDAP and I'm trying to create machine account manually using smbldap-useradd -w machine$ but the machine still can't logon in the domain. -- M. Rodrigo Monteiro fale...@rodrigomonteiro.net Free as in Freedom, not free as in free beer As we are liberated from our own fear, our presence automatically liberates others Linux User # 403730 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 Support
On Wed, Sep 30, 2009 at 9:23 AM, John Drescher dresche...@gmail.com wrote: Glad to hear that. Even Windows 7 x64 is included? :) That is the only version I use since all processors are 64 bit now. Anyways samba 3.3 supports this. Does it support policies too? Thanks! Regards, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to bulk add machine accounts during PDC hardware refresh?
On Mon, Oct 5, 2009 at 2:18 PM, Michael Lueck mlu...@lueckdatasystems.com wrote: Eero Volotinen wrote: just copy and paste entries to /etc/passwd and /etc/group ? That is what I was thinking to do... just wanted to be sure that such would actually work... that I did not need to actually execute adduser and have it create the entries as it also knows to update some other place that I was not thinking of. Also be sure to copy these: /var/lib/samba /var/spool/samba /var/cache/samba Regards, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to bulk add machine accounts during PDC hardware refresh?
On Mon, Oct 5, 2009 at 2:36 PM, Michael Lueck mlu...@lueckdatasystems.com wrote: Just no one happened to explain how to move machine accounts to the new PDC. machine accounts are user accounts from the *nix point of view ;-) regards, norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
