Re: [Samba] Multiple domains issue
I haven't set up a trusts involving Windows PDC's and a Samba member server. I have set up trusts Samba based domains (Samba PDC, Samba BDC and Samba member server) and Active Directory based domains (Windows 200x PDC.) In general, a samba server will see trusted users in the output of wbinfo -u (courtesy of the winbindd daemon.) Samba should also allocate unix uid and gid numbers. The nsswitch.conf file will include passwd: winbind... so that file permissions can be allocated at the underlying unix file system. smb.conf would also have to include idmap settings for each trusted domain. My guess is that your samba machine never knew about trusted domain, and was just mapping TRUSTEDDOMAIN\user to local user for file system access. And since the pw's were the same, everything was OK. If you type testparm -v what is map untrusted to domain set to? You may also want to change the file shares to be everyone and then rely on file permissions for the security. On 01/31/2011 05:53 PM, Ron García-Vidal wrote: Thanks for your reply. On 01/31/2011 05:22 PM, Gaiseric Vandal wrote: Did you reestablish the domain trusts between your NT domain and your AD domain? No, but I never broke the trust, only removed and re-added the single machine into the old NT domain. If I break and re-establish the trust relationship, I'm worried about what else might break in the process. Don't want to make a problem worse in the process of fixing it. Does wbinfo -u and wbinfo -g on your samba server show the users and groups from the trusted AD domain? Does getent passwd and getent group on your samba server show the users and groups from the trusted AD domain? Both wbinfo and getent passwd only show the info from the NTDOMAIN. My username is actually the same on both, but NTDOMAIN is the default domain on this box. Shoud it have shown user and ADDOMAIN+user? I don't remember the latter being in the output of getent passwd before making this change either though. It should also be noted that in auth.log, it does show the user ADDOMAIN+user being granted access, and session opened, so PAM seems ok with these users, it's smbd that's balking. Do your AD users still have accounts in the NT domain? Are the passwords the same? Maybe they can connect as NT\username instead (e.g net use \\samba1\share1 /user:nt\username) that could probably put in the login script) and skip domain trusts altogether since this is a short terms solution. This does work, but I guess I would like to better understand why this broke in the first place. Thanks a lot. I really appreciate your time. -Ron On 01/31/2011 04:25 PM, Ron García-Vidal wrote: Sorry to nudge, but does anyone have any ideas of how to resolve this? During the migration period to our AD server, it's crucial that users on both the old and new domain see the Samba server. On 01/24/2011 04:40 PM, Ron García-Vidal wrote: Here's some more info. This is an excerpt from the log on a connection attempt: [2011/01/24 15:30:55, 1] smbd/service.c:make_connection_snum(950) CLIENT_STATION (X.X.X.46) connect to service USERNAME initially as user ADDOMAIN+USERNAME (uid=1, gid=1) (pid 18741) [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:57, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:57, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:57, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:59, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:59, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24
Re: [Samba] Multiple domains issue
Sorry to nudge, but does anyone have any ideas of how to resolve this? During the migration period to our AD server, it's crucial that users on both the old and new domain see the Samba server. On 01/24/2011 04:40 PM, Ron García-Vidal wrote: Here's some more info. This is an excerpt from the log on a connection attempt: [2011/01/24 15:30:55, 1] smbd/service.c:make_connection_snum(950) CLIENT_STATION (X.X.X.46) connect to service USERNAME initially as user ADDOMAIN+USERNAME (uid=1, gid=1) (pid 18741) [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:57, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:57, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:57, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:59, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:59, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:31:05, 1] smbd/service.c:close_cnum(1150) CLIENT_STATION (X.X.X.46) closed connection to service USERNAME As I said, prior to Friday's domain drop and rejoin, this worked properly. I think there just needs to be able to say ADDOMAIN+USERNAME=NTDOMAIN+USERNAME. -Ron On 01/24/2011 06:52 AM, Ron García-Vidal wrote: Understood and agreed, but since we're migrating to the AD in a piecemeal fashion must get this to work for users in both domains until the migration is complete. Any suggestions? -Ron On 01/23/2011 01:05 PM, t...@tms3.com wrote: I encountered a strange problem recently when changing the IP of my Samba server. We are in the process of moving from an ancient NT4 domain to an AD domain. We did a full migration of all the users, and up until Friday, our AD users were able to access the Samba server (which is still on the NT domain) with full permissions, etc. On Friday for reasons completely unrelated, we had to change the IP of the Samba server. When we brought it up on the new IP, it gave an error bringing up the Samba daemons. I was rushed and didn't pay to much attention to the error, but instead took the easy route of removing Samba from the NT domain, and re-joining. That got the Samba daemons up and running and we mostly had no problem, except now the AD users aren't allowed to access their home directories. Home directories in a trusted domain is probably a bad idea, and likely has some permission issues. It might be best to join the samba server to the AD domain instead. The AD and NT domains have a mutual trust relationship, and all SSIDs for the users on both domains are the same. As I said, prior to Friday, these users were able to access. I'm not entirely sure how Samba handles multiple domains, etc. and I have no idea how to even begin to trouble shoot this problem. Any suggestions would be welcome. -Ron -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Multiple domains issue
Did you reestablish the domain trusts between your NT domain and your AD domain? Does wbinfo -u and wbinfo -g on your samba server show the users and groups from the trusted AD domain? Does getent passwd and getent group on your samba server show the users and groups from the trusted AD domain? Do your AD users still have accounts in the NT domain? Are the passwords the same? Maybe they can connect as NT\username instead (e.g net use \\samba1\share1 /user:nt\username) that could probably put in the login script) and skip domain trusts altogether since this is a short terms solution. On 01/31/2011 04:25 PM, Ron García-Vidal wrote: Sorry to nudge, but does anyone have any ideas of how to resolve this? During the migration period to our AD server, it's crucial that users on both the old and new domain see the Samba server. On 01/24/2011 04:40 PM, Ron García-Vidal wrote: Here's some more info. This is an excerpt from the log on a connection attempt: [2011/01/24 15:30:55, 1] smbd/service.c:make_connection_snum(950) CLIENT_STATION (X.X.X.46) connect to service USERNAME initially as user ADDOMAIN+USERNAME (uid=1, gid=1) (pid 18741) [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:57, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:57, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:57, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:59, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:59, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:31:05, 1] smbd/service.c:close_cnum(1150) CLIENT_STATION (X.X.X.46) closed connection to service USERNAME As I said, prior to Friday's domain drop and rejoin, this worked properly. I think there just needs to be able to say ADDOMAIN+USERNAME=NTDOMAIN+USERNAME. -Ron On 01/24/2011 06:52 AM, Ron García-Vidal wrote: Understood and agreed, but since we're migrating to the AD in a piecemeal fashion must get this to work for users in both domains until the migration is complete. Any suggestions? -Ron On 01/23/2011 01:05 PM, t...@tms3.com wrote: I encountered a strange problem recently when changing the IP of my Samba server. We are in the process of moving from an ancient NT4 domain to an AD domain. We did a full migration of all the users, and up until Friday, our AD users were able to access the Samba server (which is still on the NT domain) with full permissions, etc. On Friday for reasons completely unrelated, we had to change the IP of the Samba server. When we brought it up on the new IP, it gave an error bringing up the Samba daemons. I was rushed and didn't pay to much attention to the error, but instead took the easy route of removing Samba from the NT domain, and re-joining. That got the Samba daemons up and running and we mostly had no problem, except now the AD users aren't allowed to access their home directories. Home directories in a trusted domain is probably a bad idea, and likely has some permission issues. It might be best to join the samba server to the AD domain instead. The AD and NT domains have a mutual trust relationship, and all SSIDs for the users on both domains are the same. As I said, prior to Friday, these users were able to access. I'm not entirely sure how Samba handles multiple domains, etc. and I have no idea how to even begin to trouble shoot this problem. Any suggestions would be welcome. -Ron -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the
Re: [Samba] Multiple domains issue
Thanks for your reply. On 01/31/2011 05:22 PM, Gaiseric Vandal wrote: Did you reestablish the domain trusts between your NT domain and your AD domain? No, but I never broke the trust, only removed and re-added the single machine into the old NT domain. If I break and re-establish the trust relationship, I'm worried about what else might break in the process. Don't want to make a problem worse in the process of fixing it. Does wbinfo -u and wbinfo -g on your samba server show the users and groups from the trusted AD domain? Does getent passwd and getent group on your samba server show the users and groups from the trusted AD domain? Both wbinfo and getent passwd only show the info from the NTDOMAIN. My username is actually the same on both, but NTDOMAIN is the default domain on this box. Shoud it have shown user and ADDOMAIN+user? I don't remember the latter being in the output of getent passwd before making this change either though. It should also be noted that in auth.log, it does show the user ADDOMAIN+user being granted access, and session opened, so PAM seems ok with these users, it's smbd that's balking. Do your AD users still have accounts in the NT domain? Are the passwords the same? Maybe they can connect as NT\username instead (e.g net use \\samba1\share1 /user:nt\username) that could probably put in the login script) and skip domain trusts altogether since this is a short terms solution. This does work, but I guess I would like to better understand why this broke in the first place. Thanks a lot. I really appreciate your time. -Ron On 01/31/2011 04:25 PM, Ron García-Vidal wrote: Sorry to nudge, but does anyone have any ideas of how to resolve this? During the migration period to our AD server, it's crucial that users on both the old and new domain see the Samba server. On 01/24/2011 04:40 PM, Ron García-Vidal wrote: Here's some more info. This is an excerpt from the log on a connection attempt: [2011/01/24 15:30:55, 1] smbd/service.c:make_connection_snum(950) CLIENT_STATION (X.X.X.46) connect to service USERNAME initially as user ADDOMAIN+USERNAME (uid=1, gid=1) (pid 18741) [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:57, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:57, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:57, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:59, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:59, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:31:05, 1] smbd/service.c:close_cnum(1150) CLIENT_STATION (X.X.X.46) closed connection to service USERNAME As I said, prior to Friday's domain drop and rejoin, this worked properly. I think there just needs to be able to say ADDOMAIN+USERNAME=NTDOMAIN+USERNAME. -Ron On 01/24/2011 06:52 AM, Ron García-Vidal wrote: Understood and agreed, but since we're migrating to the AD in a piecemeal fashion must get this to work for users in both domains until the migration is complete. Any suggestions? -Ron On 01/23/2011 01:05 PM, t...@tms3.com wrote: I encountered a strange problem recently when changing the IP of my Samba server. We are in the process of moving from an ancient NT4 domain to an AD domain. We did a full migration of all the users, and up until Friday, our AD users were able to access the Samba server (which is still on the NT domain) with full permissions, etc. On Friday for reasons completely unrelated, we had to change the IP of the Samba server. When we brought it up on the new IP, it gave an error bringing up the Samba daemons.
Re: [Samba] Multiple domains issue
Understood and agreed, but since we're migrating to the AD in a piecemeal fashion must get this to work for users in both domains until the migration is complete. Any suggestions? -Ron On 01/23/2011 01:05 PM, t...@tms3.com wrote: I encountered a strange problem recently when changing the IP of my Samba server. We are in the process of moving from an ancient NT4 domain to an AD domain. We did a full migration of all the users, and up until Friday, our AD users were able to access the Samba server (which is still on the NT domain) with full permissions, etc. On Friday for reasons completely unrelated, we had to change the IP of the Samba server. When we brought it up on the new IP, it gave an error bringing up the Samba daemons. I was rushed and didn't pay to much attention to the error, but instead took the easy route of removing Samba from the NT domain, and re-joining. That got the Samba daemons up and running and we mostly had no problem, except now the AD users aren't allowed to access their home directories. Home directories in a trusted domain is probably a bad idea, and likely has some permission issues. It might be best to join the samba server to the AD domain instead. The AD and NT domains have a mutual trust relationship, and all SSIDs for the users on both domains are the same. As I said, prior to Friday, these users were able to access. I'm not entirely sure how Samba handles multiple domains, etc. and I have no idea how to even begin to trouble shoot this problem. Any suggestions would be welcome. -Ron -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Multiple domains issue
Here's some more info. This is an excerpt from the log on a connection attempt: [2011/01/24 15:30:55, 1] smbd/service.c:make_connection_snum(950) CLIENT_STATION (X.X.X.46) connect to service USERNAME initially as user ADDOMAIN+USERNAME (uid=1, gid=1) (pid 18741) [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:57, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:57, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:57, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:59, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:59, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:31:05, 1] smbd/service.c:close_cnum(1150) CLIENT_STATION (X.X.X.46) closed connection to service USERNAME As I said, prior to Friday's domain drop and rejoin, this worked properly. I think there just needs to be able to say ADDOMAIN+USERNAME=NTDOMAIN+USERNAME. -Ron On 01/24/2011 06:52 AM, Ron García-Vidal wrote: Understood and agreed, but since we're migrating to the AD in a piecemeal fashion must get this to work for users in both domains until the migration is complete. Any suggestions? -Ron On 01/23/2011 01:05 PM, t...@tms3.com wrote: I encountered a strange problem recently when changing the IP of my Samba server. We are in the process of moving from an ancient NT4 domain to an AD domain. We did a full migration of all the users, and up until Friday, our AD users were able to access the Samba server (which is still on the NT domain) with full permissions, etc. On Friday for reasons completely unrelated, we had to change the IP of the Samba server. When we brought it up on the new IP, it gave an error bringing up the Samba daemons. I was rushed and didn't pay to much attention to the error, but instead took the easy route of removing Samba from the NT domain, and re-joining. That got the Samba daemons up and running and we mostly had no problem, except now the AD users aren't allowed to access their home directories. Home directories in a trusted domain is probably a bad idea, and likely has some permission issues. It might be best to join the samba server to the AD domain instead. The AD and NT domains have a mutual trust relationship, and all SSIDs for the users on both domains are the same. As I said, prior to Friday, these users were able to access. I'm not entirely sure how Samba handles multiple domains, etc. and I have no idea how to even begin to trouble shoot this problem. Any suggestions would be welcome. -Ron -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Multiple domains issue
I encountered a strange problem recently when changing the IP of my Samba server. We are in the process of moving from an ancient NT4 domain to an AD domain. We did a full migration of all the users, and up until Friday, our AD users were able to access the Samba server (which is still on the NT domain) with full permissions, etc. On Friday for reasons completely unrelated, we had to change the IP of the Samba server. When we brought it up on the new IP, it gave an error bringing up the Samba daemons. I was rushed and didn't pay to much attention to the error, but instead took the easy route of removing Samba from the NT domain, and re-joining. That got the Samba daemons up and running and we mostly had no problem, except now the AD users aren't allowed to access their home directories. The AD and NT domains have a mutual trust relationship, and all SSIDs for the users on both domains are the same. As I said, prior to Friday, these users were able to access. I'm not entirely sure how Samba handles multiple domains, etc. and I have no idea how to even begin to trouble shoot this problem. Any suggestions would be welcome. -Ron -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Multiple domains issue
I encountered a strange problem recently when changing the IP of my Samba server. We are in the process of moving from an ancient NT4 domain to an AD domain. We did a full migration of all the users, and up until Friday, our AD users were able to access the Samba server (which is still on the NT domain) with full permissions, etc. On Friday for reasons completely unrelated, we had to change the IP of the Samba server. When we brought it up on the new IP, it gave an error bringing up the Samba daemons. I was rushed and didn't pay to much attention to the error, but instead took the easy route of removing Samba from the NT domain, and re-joining. That got the Samba daemons up and running and we mostly had no problem, except now the AD users aren't allowed to access their home directories. Home directories in a trusted domain is probably a bad idea, and likely has some permission issues. It might be best to join the samba server to the AD domain instead. The AD and NT domains have a mutual trust relationship, and all SSIDs for the users on both domains are the same. As I said, prior to Friday, these users were able to access. I'm not entirely sure how Samba handles multiple domains, etc. and I have no idea how to even begin to trouble shoot this problem. Any suggestions would be welcome. -Ron -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Multiple domains on the same subnet
I have asked Uncle Google to no avail, probibly asking the wrong question. We are wanting to migrate from an Active Directory to a Samba Domain, I have setup the samba domain and it seems to be working (from the local machine). But this domain cannot be seen from any of the windows boxen. Is there something I need to do to get the windows boxen to see this domain? The AD Domain is EXAMPLE / example.local.uk smb.conf [global] ## Browsing/Identification ### workgroup = TESTEXAMPLE server string = %h server wins support = yes dns proxy = no Networking interfaces = eth0 bind interfaces only = true Debugging/Accounting log file = /var/log/samba/log.%m max log size = 1000 panic action = /usr/share/samba/panic-action %d ### Authentication ### security = user encrypt passwords = true passdb backend = ldapsam:ldap://localhost/ ldap admin dn = cn=admin,dc=example,dc=lan ldap suffix = dc=example, dc=lan ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap idmap suffix = ou=Users ldap passwd sync = Yes ldap delete dn = Yes add user script = /usr/sbin/smbldap-useradd -m %u delete user script = /usr/sbin/smbldap-userdel %u add machine script = /usr/sbin/smbldap-useradd -w %u add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u obey pam restrictions = no passwd program = /usr/sbin/smbldap-passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *all*authentication*tokens*updated* ## Domains ### domain logons = yes logon path = \\%L\profiles\%U logon drive = H: logon home = \\%L\%U logon script = logon.bat ## Printing ## load printers = yes printing = cups printcap name = cups Misc socket options = TCP_NODELAY domain master = yes ## Share Definitions # [homes] comment = Home Directories browseable = no writable = yes create mask = 0700 directory mask = 0700 valid users = %S [netlogon] comment = Network Logon Service path = /home/samba/netlogon guest ok = yes writable = no share modes = no [profiles] comment = Users profiles path = /home/samba/profiles read only = no guest ok = no browseable = no create mask = 0600 directory mask = 0700 hide files = /.*/desktop.ini/NTUSER.*/outlook*.lnk/*Briefcase*/Thumbs.db/ root preexec = /usr/local/bin/samba-mkprofiledir %U %G [printers] comment = All Printers browseable = no path = /var/spool/samba printable = yes public = no writable = no create mode = 0700 [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = yes guest ok = no /smb.conf I have also tried this with two samba domains (in a VM enviroment) and windows only see's the first domain that it was attached to. What am I doing wrong... -- Thank you, Clifford W. Hansen PHP Developer / Linux Administrator (Cell)+27 82 883 8677 (Fax) +27 86 503 0634 (E-Mail) [EMAIL PROTECTED] (MSN) [EMAIL PROTECTED] (GPG) 0x936D6C19 We have seen strange things today! () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments signature.asc Description: This is a digitally signed message part. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Multiple Domains?
I was able to get my windows domain authentication working to enable single sign on for a wiki we recently deployed on a CentOS server. I understand the wiki is capable of supporting single sign on for multiple windows domains with a few configuration changes and have made those changes. My question however revolves around my /etc/samba/smb.conf file which I had to edit to get winbind working correctly in order to do all of this. My smb.conf contains specific information obviously about the domain such as: workgroup = domainname1 security = domain password server = pdc.domainname1.someplace.com bdc.domainname1.someplace.com idmap uid = 1-2 idmap gid = 1-2 winbind use default domain = yes I suspect one of two things has to happen. I have edit my existing smb.conf and add the new info or create a new smb.conf that will possibly be used by a second instance of winbind? I say that because I question whether you could do something like: workgroup = domainname1 workgroup = domainname2 security = domain password server = pdc.domainname1.someplace.com bdc.domainname1.someplace.com password server = pdc.domainname2.someplace.com bdc.domainname2.someplace.com idmap uid = 1-2 idmap gid = 1-2 winbind use default domain = yes I would think you would have to some how tie the new workgroup to the right password server/s. Am I off base here? Can anyone get me guided in the right direction? Thanks, Dane -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] multiple domains and one PDC w/ ldap?
[EMAIL PROTECTED] wrote: Adam Williams wrote: Is it possible to have multiple domains and all of them authenticate to one PDC running openldap? Each building at work has a network segment, 10.8.1.x - 10.8.18.x, each having their own samba server using smbpasswd and DOMAIN name. Like the server arrowhead 10.8.9.2 has domain = HPADMIN in smb.conf, server archives 10.8.8.2 has domain = OLDCAPITOL in smb.conf, roark 10.8.2.3 has domain = ADMIN in smb.conf. I'd like to replace all of these smbpasswd backends with a single LDAP server and am reading Samba 3 by Example. Would it be possible to have each server keep its seperate DOMAIN = configuration, but have them all use the PDC of roark for authentication on its OpenLDAP configuration? You can't use a single PDC, but you can have all your inidividual PDCs use the same LDAP server as a backend -- you just reconfigure each of the existing domain controllers with its own base distinguished name within the LDAP server... e.g.: dc=hpadmin,dc=your,dc=domain dc=oldcapitol,dc=your,dc=domain dc=admin,dc=your,dc=domain Migrating the accounts from the local smbpasswd to LDAP is left as an exercise for the sysadmin :-) but as long as you give each domain its own branch in your LDAP database, you should not run into problems. Don Piven What about just having a dc=ldap,dc=your,dc=domain with all the user accounts in it, and then every samba PDC use passdb backend = ldapsam:ldap://ldap.your.domain Basically I just want it so all the username/passwords are in a central location so when a user does ctrl-alt-del and clicks change password, it will change their windows logon password, their email password, etc. i just have to also keep the legacy PDC servers because of registry and file permissions. otherwise I have to load the registry hive of 100 users and change the permissions on them and their profiles. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] multiple domains and one PDC w/ ldap?
Is it possible to have multiple domains and all of them authenticate to one PDC running openldap? Each building at work has a network segment, 10.8.1.x - 10.8.18.x, each having their own samba server using smbpasswd and DOMAIN name. Like the server arrowhead 10.8.9.2 has domain = HPADMIN in smb.conf, server archives 10.8.8.2 has domain = OLDCAPITOL in smb.conf, roark 10.8.2.3 has domain = ADMIN in smb.conf. I'd like to replace all of these smbpasswd backends with a single LDAP server and am reading Samba 3 by Example. Would it be possible to have each server keep its seperate DOMAIN = configuration, but have them all use the PDC of roark for authentication on its OpenLDAP configuration? If all the servers much be changed to DOMAIN = ADMIN to work, that will screw up everyone's registry permissions in their profile since their registry is owned by for example, HPADMIN\username and then someone else has OLDCAPITOL\username. but if I change everyone to ADMIN\theirusername it will screw up their registry permissions for HKEY_CURRENT_USER, but if I can have all the servers stay as is, but just authenticate against the PDC or the LDAP database on it. I won't have that problem. But can the servers join to the PDC even though they are in different domains? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] multiple domains and one PDC w/ ldap?
Adam Williams wrote: Is it possible to have multiple domains and all of them authenticate to one PDC running openldap? Each building at work has a network segment, 10.8.1.x - 10.8.18.x, each having their own samba server using smbpasswd and DOMAIN name. Like the server arrowhead 10.8.9.2 has domain = HPADMIN in smb.conf, server archives 10.8.8.2 has domain = OLDCAPITOL in smb.conf, roark 10.8.2.3 has domain = ADMIN in smb.conf. I'd like to replace all of these smbpasswd backends with a single LDAP server and am reading Samba 3 by Example. Would it be possible to have each server keep its seperate DOMAIN = configuration, but have them all use the PDC of roark for authentication on its OpenLDAP configuration? You can't use a single PDC, but you can have all your inidividual PDCs use the same LDAP server as a backend -- you just reconfigure each of the existing domain controllers with its own base distinguished name within the LDAP server... e.g.: dc=hpadmin,dc=your,dc=domain dc=oldcapitol,dc=your,dc=domain dc=admin,dc=your,dc=domain Migrating the accounts from the local smbpasswd to LDAP is left as an exercise for the sysadmin :-) but as long as you give each domain its own branch in your LDAP database, you should not run into problems. Don Piven -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Multiple Domains and Machine Addition issue
If I would like to have multiple domains hosted off a single server, do I need to create multiple smb.conf and start the daemon individually for each one? Are there any special catches when doing this with an LDAP backend? Having an issue when adding a machine to my current domain. When I attempt to add the machine to the domain, I will get a login error. If I go and manually add the machine through adduser, then I can add the machine to the domain but then I get a duplicate machine on the domain error when the machine comes back up. Any ideas what is happening? Unfortunately, when I start in debug mode and try to add the machine, I get a machine not found and then samba dies. I haven't tested it yet, will try tonight, but do I need to have the home directory for the machine exist in home prior to adding the machine to the domain? What information can I provide to help? the authentication seems to be ok as if I try to hit a share and log in with one of the users, everything works fine. Thank you for any help you can provide Here is my smb.conf [global] workgroup = mail1 netbios name = mail1 os level = 33 preferred master = yes enable privileges = yes server string = %h server (Samba - mail server - RHEL4) wins support =yes dns proxy = no name resolve order = wins bcast hosts log file = /var/log/samba/log.%m log level = 3 max log size = 1000 syslog only = no syslog = 0 panic action = /usr/share/samba/panic-action %d security = user encrypt passwords = true ldap passwd sync = yes passdb backend = ldapsam:ldap://localhost/ ldap admin dn = uid=admin,cn=admins,cn=mail ldap suffix = dc=mail1,dc=test,dc=com ldap group suffix = ou=groups ldap user suffix = ou=people ldap machine suffix = ou=machines obey pam restrictions = no passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* . domain logons = yes logon path = \\mail1.test.com\%U\profilefile://mail1.test.com/%25U/profile logon home = \\mail1.test.com\%U file://mail1.test.com/%25U logon script = logon.cmd add user script = /usr/sbin/adduser --quiet --disabled-password --gecos %u add machine script = /usr/sbin/adduser --shell /bin/false --disabled-password --quiet --gecos machine account --force-badname %u socket options = TCP_NODELAY domain master = yes local master = yes [homes] comment = Home Directories browseable =yes read only = No valid users = %S [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon guest ok = yes locking = no [profiles] comment = Users profiles path = /var/lib/samba/profiles read only = No [profdata] comment = Profile Data Share path = /var/lib/samba/profdata read only = No profile acls = Yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Multiple Domains; 1 PDC
I am having a small problem. I have only one server, running Debian... I need to have multiple domains; especially to segregate the finance department How do I do this, and how do I have peculiar users for each domain I have tried google and the advice given is very scanty... Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Multiple Domains; 1 PDC
Phares Kariuki wrote: I am having a small problem. I have only one server, running Debian... I need to have multiple domains; especially to segregate the finance department How do I do this, and how do I have peculiar users for each domain I have tried google and the advice given is very scanty... Thanks. Check out http://wiki.samba.org/index.php/Multiple_Server_Instances for instructions. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] multiple domains/ ldap /smbldap_search function/pdbedit/
i guess an easy way to fix this w/out changing your structure is to use slapd ACLs, that prohibit access to other domains for the first samba manager instance (e.g. uid=manager,ou=People,dc=univ,dc=fr). greez Didier Roques wrote: the organization is: 1)ou=People,dc=univ,dc=fr (the first domain) And your answer is here! dc=univ,dc=fr includes EVERYTHING - domain2 and domain3 and of course People,Groups from the top of LDAP tree. 2)ou=People,ou=domain2,dc=univ,dc=fr This for example consists ONLY with EVERYTHING in subtree: ou=domain2,dc=univ,dc=fr - that's why if you try and change samba ldap suffix = ou=domain2,dc=univ,dc=fr - it will work OK. You will ONLY see people,groups and whatever you have but from this particular subtree. 3)ou=People,ou=domain3,dc=univ,dc=fr Sorry i've made a mistake: the three domains: 1)ou=People,dc=univ,dc=fr 2)ou=People,dc=domain2,dc=univ,dc=fr (dc and not ou) 2)ou=People,dc=domain3,dc=univ,dc=fr (dc and not ou) and i thought samba search only into the People branch under the suffix ldap mentioned into the smb.conf dc=univ,dc=fr and not under the other one . -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] multiple domains/ ldap /smbldap_search function/pdbedit/
Hi all, I use samba 3.0.20 the ldap paramaters into the smb.conf are: passdb backend = ldapsam:ldap://localhost smbpasswd guest ldap suffix = dc=univ,dc=fr ldap machine suffix = ou=Hosts ldap user suffix = ou=People ldap group suffix = ou=Group ldap idmap suffix = ou=Idmap Into my ldap tree i've got 3 domains samba defined some uid exists into 2 of 3 domains (toto01 exists twice but into two differents domains) If i use pdbedit -L -v -d 10 toto01 i've got the following thing: smbldap_search_ext: base = [dc=univ,dc=fr], filter = [((uid=toto01)(objectclass=sambaSamAccount))], scope = [2] ldapsam_getsampwnam: Duplicate entries for this user [toto01] Failing. count=2 Why the smbldap_search_ext doesn't search uid only in the ou=People,dc=univ,dc=fr branch the filter returned by the smbldap_search_ext seems to be [((uid=toto01)(objectclass=sambaSamAccount)) How to force smb to search only the uid into the branch defined by the ldap parameters (ou=People,dc=univ,dc=fr) ? thanks a lot -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] multiple domains/ ldap /smbldap_search function/pdbedit/
Didier Roques napisał(a): Hi all, Hello, I use samba 3.0.20 the ldap paramaters into the smb.conf are: passdb backend = ldapsam:ldap://localhost smbpasswd guest ldap suffix = dc=univ,dc=fr ldap machine suffix = ou=Hosts ldap user suffix = ou=People ldap group suffix = ou=Group ldap idmap suffix = ou=Idmap Into my ldap tree i've got 3 domains samba defined some uid exists into 2 of 3 domains I also have more than 3 domains in my LDAP ... but it works great!!! (toto01 exists twice but into two differents domains) If i use pdbedit -L -v -d 10 toto01 i've got the following thing: smbldap_search_ext: base = [dc=univ,dc=fr], filter = [((uid=toto01)(objectclass=sambaSamAccount))], scope = [2] ldapsam_getsampwnam: Duplicate entries for this user [toto01] Failing. count=2 How are the domains organized? According to your information it seems that dc=univ,dc=fr is a base for all 3 domains - am I right? In such case the message you get is NORMAL. Shouldn't it be like this: 1) ou=People,ou=domain1,dc=univ,dc=fr 2) ou=People,ou=domain2,dc=univ,dc=fr 3) ou=People,ou=domain3,dc=univ,dc=fr? But then your samba ldap suffix should be: ldap suffix = ou=domainx,dc=univ,dc=fr Why the smbldap_search_ext doesn't search uid only in the ou=People,dc=univ,dc=fr branch the filter returned by the smbldap_search_ext seems to be [((uid=toto01)(objectclass=sambaSamAccount)) How to force smb to search only the uid into the branch defined by the ldap parameters (ou=People,dc=univ,dc=fr) ? thanks a lot Hope this helps you ;) Regards, Marcin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] multiple domains/ ldap /smbldap_search function/pdbedit/
Didier Roques napisaÅ(a): Hi all, Hello, I use samba 3.0.20 the ldap paramaters into the smb.conf are: passdb backend = ldapsam:ldap://localhost smbpasswd guest ldap suffix = dc=univ,dc=fr ldap machine suffix = ou=Hosts ldap user suffix = ou=People ldap group suffix = ou=Group ldap idmap suffix = ou=Idmap Into my ldap tree i've got 3 domains samba defined some uid exists into 2 of 3 domains I also have more than 3 domains in my LDAP ... but it works great!!! (toto01 exists twice but into two differents domains) If i use pdbedit -L -v -d 10 toto01 i've got the following thing: smbldap_search_ext: base = [dc=univ,dc=fr], filter = [((uid=toto01)(objectclass=sambaSamAccount))], scope = [2] ldapsam_getsampwnam: Duplicate entries for this user [toto01] Failing. count=2 How are the domains organized? According to your information it seems that dc=univ,dc=fr is a base for all 3 domains - am I right? In such case the message you get is NORMAL. Shouldn't it be like this: 1) ou=People,ou=domain1,dc=univ,dc=fr 2) ou=People,ou=domain2,dc=univ,dc=fr 3) ou=People,ou=domain3,dc=univ,dc=fr? But then your samba ldap suffix should be: ldap suffix = ou=domainx,dc=univ,dc=fr the organization is: 1)ou=People,dc=univ,dc=fr (the first domain) 2)ou=People,ou=domain2,dc=univ,dc=fr 3)ou=People,ou=domain3,dc=univ,dc=fr the three domains are not at the same level into the ldap tree ! I think the solution you give is a nice one (i thought to use it before). But i'd like to know why the function smbldap_search_ext doesn't search into the right branch given by the ldap parameters of smb.conf? is it a bug or normal ? thanks a lot about your response -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] multiple domains/ ldap /smbldap_search function/pdbedit/
Didier Roques napisał(a): Didier Roques napisaÅ‚(a): Hi all, Hello, I use samba 3.0.20 the ldap paramaters into the smb.conf are: passdb backend = ldapsam:ldap://localhost smbpasswd guest ldap suffix = dc=univ,dc=fr ldap machine suffix = ou=Hosts ldap user suffix = ou=People ldap group suffix = ou=Group ldap idmap suffix = ou=Idmap Into my ldap tree i've got 3 domains samba defined some uid exists into 2 of 3 domains I also have more than 3 domains in my LDAP ... but it works great!!! (toto01 exists twice but into two differents domains) If i use pdbedit -L -v -d 10 toto01 i've got the following thing: smbldap_search_ext: base = [dc=univ,dc=fr], filter = [((uid=toto01)(objectclass=sambaSamAccount))], scope = [2] ldapsam_getsampwnam: Duplicate entries for this user [toto01] Failing. count=2 How are the domains organized? According to your information it seems that dc=univ,dc=fr is a base for all 3 domains - am I right? In such case the message you get is NORMAL. Shouldn't it be like this: 1) ou=People,ou=domain1,dc=univ,dc=fr 2) ou=People,ou=domain2,dc=univ,dc=fr 3) ou=People,ou=domain3,dc=univ,dc=fr? But then your samba ldap suffix should be: ldap suffix = ou=domainx,dc=univ,dc=fr the organization is: 1)ou=People,dc=univ,dc=fr (the first domain) And your answer is here! dc=univ,dc=fr includes EVERYTHING - domain2 and domain3 and of course People,Groups from the top of LDAP tree. 2)ou=People,ou=domain2,dc=univ,dc=fr This for example consists ONLY with EVERYTHING in subtree: ou=domain2,dc=univ,dc=fr - that's why if you try and change samba ldap suffix = ou=domain2,dc=univ,dc=fr - it will work OK. You will ONLY see people,groups and whatever you have but from this particular subtree. 3)ou=People,ou=domain3,dc=univ,dc=fr the three domains are not at the same level into the ldap tree ! I think the solution you give is a nice one (i thought to use it before). But i'd like to know why the function smbldap_search_ext doesn't search into the right branch given by the ldap parameters of smb.conf? is it a bug or normal ? thanks a lot about your response BR, Marcin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] multiple domains/ ldap /smbldap_search function/pdbedit/
the organization is: 1)ou=People,dc=univ,dc=fr (the first domain) And your answer is here! dc=univ,dc=fr includes EVERYTHING - domain2 and domain3 and of course People,Groups from the top of LDAP tree. 2)ou=People,ou=domain2,dc=univ,dc=fr This for example consists ONLY with EVERYTHING in subtree: ou=domain2,dc=univ,dc=fr - that's why if you try and change samba ldap suffix = ou=domain2,dc=univ,dc=fr - it will work OK. You will ONLY see people,groups and whatever you have but from this particular subtree. 3)ou=People,ou=domain3,dc=univ,dc=fr Sorry i've made a mistake: the three domains: 1)ou=People,dc=univ,dc=fr 2)ou=People,dc=domain2,dc=univ,dc=fr (dc and not ou) 2)ou=People,dc=domain3,dc=univ,dc=fr (dc and not ou) and i thought samba search only into the People branch under the suffix ldap mentioned into the smb.conf dc=univ,dc=fr and not under the other one . -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Multiple domains served by a single LDAP tree
Hi,
I have a very similar question to this. Are there any Samba/LDAP
howto's or documentation on this issue.
In my situation the users are split over two subnets but many users
need the same access to coroporate resources. However, they should be
using local file server and samba authentication servers.
Any hints or tips are welcome.
Regards,
Abdul-Wahid
On 2/27/06, David B Harris [EMAIL PROTECTED] wrote:
Good {morning,afternoon,evening} everybody,
A while ago I wrote to the list asking about whether the
uidNumber/gidNumber of the commonly-known SIDs had to match the RID of
the SID; the answer was no.
I asked because I intended to implement multiple NT4/Samba domains using
a single LDAP tree; each Samba PDC/BDC instance would only use the
relevant subset of the tree. Unix/Linux hosts would use the full LDAP
tree to resolve every possible UID/GID, but Windows hosts would use
DOMAIN\group and/or DOMAIN\user stuff.
I've read the documentation more, in particular those bits corresponding
to inter-Samba domain trusts, and the documentation quite clearly states
that this isn't particularly recommended given the fragility of SMB
trusts, and the availability of such scalable backends as LDAP.
My question, then, is do people here put together multiple NT4/Samba
domains using a single LDAP backend? I'm betting not. Assuming that's
the case, from Windows, how does one assign permissions and whatnot?
From a single large flatspace containing every user and group? If not,
how are they separated?
Part of this is a user-acceptance issue; I'd like it to be very clear
that a particular user belongs to a particular business group (ie:
DEVEL, EXEC, FINANCE).
I guess the crux of the question is, is there any way to have multiple
NT4/Samba domains served from a single multi-branch LDAP backend without
inter-domain trusts, or is there some better way to go about what I'm
trying to accomplish?
Thanks very much in advance.
--
Arguing with an engineer is like wrestling with a pig in mud.
After a while, you realise the pig is enjoying it.
OpenPGP v4 key ID: 4096R/59DDCB9F
Fingerprint: CC53 F124 35C0 7BC2 58FE 7A3C 157D DFD9 59DD CB9F
Retrieve from subkeys.pgp.net
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Multiple domains served by a single LDAP tree
My question, then, is do people here put together multiple NT4/Samba domains using a single LDAP backend? I'm betting not. Assuming that's the case, from Windows, how does one assign permissions and whatnot? From a single large flatspace containing every user and group? If not, how are they separated? What you describe resembles a user domain + multiple resource domain NT/AD construction. The local domains implement policy that restricts access to subsets of the total pool. If all the domains trust the same user domain, permissions are straightforward, and interdomain trusts are not required. [EMAIL PROTECTED] -- Matiu Carr[EMAIL PROTECTED] http://www.people.auckland.ac.nz/Mat/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Multiple domains served by a single LDAP tree
On Wed Mar 01, 01:54am +1300, Matiu Carr wrote: What you describe resembles a user domain + multiple resource domain NT/AD construction. The local domains implement policy that restricts access to subsets of the total pool. If all the domains trust the same user domain, permissions are straightforward, and interdomain trusts are not required. True, and that's obviously an option. However, there are three things I'm trying to accomplish: 1) This network is being built from scratch, and I'm trying to do things in such a way that everything won't need to be rebuilt entirely a year or two down the line. 2) We're a small but rapidly-growing group, and it won't be too long before we have one or more administratively separate domains. That means multiple authentication servers; I'm hoping there's a better way to do it in a Samba-exclusive environment than inter-domain trusts. 3) My users will be much happier if they see EXEC\TheBoss as and DEVEL\LowLevelMonkey as opposed to EVERYBODY\TheBoss and EVERYBODY\LowLevelMonkey -- Arguing with an engineer is like wrestling with a pig in mud. After a while, you realise the pig is enjoying it. OpenPGP v4 key ID: 4096R/59DDCB9F Fingerprint: CC53 F124 35C0 7BC2 58FE 7A3C 157D DFD9 59DD CB9F Retrieve from subkeys.pgp.net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Multiple domains served by a single LDAP tree
Good {morning,afternoon,evening} everybody,
A while ago I wrote to the list asking about whether the
uidNumber/gidNumber of the commonly-known SIDs had to match the RID of
the SID; the answer was no.
I asked because I intended to implement multiple NT4/Samba domains using
a single LDAP tree; each Samba PDC/BDC instance would only use the
relevant subset of the tree. Unix/Linux hosts would use the full LDAP
tree to resolve every possible UID/GID, but Windows hosts would use
DOMAIN\group and/or DOMAIN\user stuff.
I've read the documentation more, in particular those bits corresponding
to inter-Samba domain trusts, and the documentation quite clearly states
that this isn't particularly recommended given the fragility of SMB
trusts, and the availability of such scalable backends as LDAP.
My question, then, is do people here put together multiple NT4/Samba
domains using a single LDAP backend? I'm betting not. Assuming that's
the case, from Windows, how does one assign permissions and whatnot?
From a single large flatspace containing every user and group? If not,
how are they separated?
Part of this is a user-acceptance issue; I'd like it to be very clear
that a particular user belongs to a particular business group (ie:
DEVEL, EXEC, FINANCE).
I guess the crux of the question is, is there any way to have multiple
NT4/Samba domains served from a single multi-branch LDAP backend without
inter-domain trusts, or is there some better way to go about what I'm
trying to accomplish?
Thanks very much in advance.
--
Arguing with an engineer is like wrestling with a pig in mud.
After a while, you realise the pig is enjoying it.
OpenPGP v4 key ID: 4096R/59DDCB9F
Fingerprint: CC53 F124 35C0 7BC2 58FE 7A3C 157D DFD9 59DD CB9F
Retrieve from subkeys.pgp.net
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba multiple domains on single linux machine
Would a FreeBSD jail situation help? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John H Terpstra Sent: February 23, 2004 10:03 PM To: w w Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Samba multiple domains on single linux machine On Mon, 23 Feb 2004, w w wrote: Hello I have a problem, I work in a company with 50 P.C. organized in 5 workgroups with Windows 98, 2000, NT, XP Workstations. I want to place this 50 P.C. , using Samba from Linux, in 5 Samba domains on a single linux machine. This can be done, but it is not a good idea. You will face a number of obstacles in due time. I' ve made a Samba PDC, but i didn't succed to make another domain on the same machine. There is anybody ho can help me ( example, configuration). You must use IP aliasing and bind each instance of Samba (smbd) to that IP Aliased interface. Read the man page for smb.conf in respsect of: interfaces = bind interfaces only = - John T. Thank you very much!!! - Do you Yahoo!? Yahoo! Mail SpamGuard - Read only the mail you want. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba multiple domains on single linux machine
Hello I have a problem, I work in a company with 50 P.C. organized in 5 workgroups with Windows 98, 2000, NT, XP Workstations. I want to place this 50 P.C. , using Samba from Linux, in 5 Samba domains on a single linux machine. I' ve made a Samba PDC, but i didn't succed to make another domain on the same machine. There is anybody ho can help me ( example, configuration). Thank you very much!!! - Do you Yahoo!? Yahoo! Mail SpamGuard - Read only the mail you want. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Multiple domains on one PDC
Hello, Is it possible to maintain multiple domains on a single samba server ? If needed we can create an overall masterdomain (eg forest) where the Current domains could be trees. Currently we manage every domain on a separate server and running as An separate PDC . We would like to maintain an single server . Is it possible.. Peter Depuydt -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Multiple domains on one PDC
im looking forward for this i wish i could setup our network like this... On Tue, 2004-01-13 at 01:56, Peter Depuydt wrote: Hello, Is it possible to maintain multiple domains on a single samba server ? If needed we can create an overall masterdomain (eg forest) where the Current domains could be trees. Currently we manage every domain on a separate server and running as An separate PDC . We would like to maintain an single server . Is it possible.. Peter Depuydt -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Multiple domains on one PDC
Hi, If you're using LDAP as the passdb backend, such as OpenLDAP, the trees would be maintained via LDAP tools, user accounts can login from any domain, but comp accounts only in one domain some tips are: 1. modify objectClasss for samba, to attributes SambaSID and sambaPrimarySID to be multivalued (delete the SINGLE VALUE option in both attrs) 2. make the users have more sambaSID and sambaPrimaryGroupSID Hope it could help, Rgds Widi Pradnyana im looking forward for this i wish i could setup our network like this... On Tue, 2004-01-13 at 01:56, Peter Depuydt wrote: Hello, Is it possible to maintain multiple domains on a single samba server ? If needed we can create an overall masterdomain (eg forest) where the Current domains could be trees. Currently we manage every domain on a separate server and running as An separate PDC . We would like to maintain an single server . Is it possible.. Peter Depuydt -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Multiple Domains and Network Browsing
Hi all,
I have been working on a multi-domain network (2 of them) with one domain
being controlled by Samba/Openldap config and the other a standard Win2k AD.
I have had success getting all computers on the Samba domain to see the
Win2k controller via the Network browser but it does not seem to be working
the other way around.
My network config is split up into two separate VLANs using an extreme
switch (192.168.1.0 and 192.168.1.0). They talk to each other through a
router, have gateways out to a firewall and then pass into the internet.
Both domains have WINS/DNS/DHCP running. Each domain has each others
WINS/DNS in their config files. Both DHCP servers have propagated each
others DNS/WINS to the various workstations (Each DHCP services only one
sub-net).
On workstations within the Win2k domain I can type in the desired
workstation and it does appear or I can search for it. However, the Domain
container for the SAMBA group is missing on workstations within the Win2k
domain (hope that makes sense).
Below is a version of my smb.conf file:
server string =
workgroup = BOGUSGROUP
netbios name = BOGUSNAME
null passwords = yes
passdb backend = ldapsam:ldap://localhost
log level =1
add user script = /usr/local/sbin/smbldap-useradd.pl -a -m %u
add group script = /usr/local/sbin/smbldap-groupadd.pl -g %g
add machine script = /usr/local/sbin/smbldap-useradd.pl -w %u
logon path = \{}\{}%L\{}profiles\{}$user
logon drive = H:
logon home = \{}\{}%L\{}$user\{}.profiles
domain logons = yes
os level = 64
preferred master =yes
domain master = yes
ldap suffix = dc=group,dc=ca
ldap machine suffix =
cn=Computers,ou=Systems,sambaDomainName=BOGUSGROUP,dc=group,dc=ca
ldap user suffix =
cn=Users,ou=People,sambaDomainName=BOGUSGROUP,dc=group,dc=ca
#ldap group suffix =
cn=Group,ou=Groups,sambaDomainName=BOGUSGROUP,dc=group,dc=ca
ldap filter = ((uid=%u)(objectclass=sambaSamAccount))
ldap admin dn = cn=Manager,dc=group,dc=ca
ldap ssl = no
idmap uid = 1-2
idmap gid = 1-2
template homedir = /home/%D/%U
template shell = /bin/bash
winbind separator = +
wins support = yes
wins server = 192.168.2.17, 192.168.1.9
wins proxy = yes
dns proxy = yes
admin users = administrator, root
remote announce = 192.168.1.9/SAMBADOMAIN
interfaces = 192.168.2.16/24 192.168.2.17/24
I thought that maybe the remote announce would work but it hasn't seemed to.
The problem is it is hard to tell which domain controller is at fault. I
don't think that the Samba is the problem. The WINS on the win2k box was
mangled until recently and the DNS is also flaky (hence the move over to
Samba). But I have to keep both domains up for the next little while
(production environment) and then we will slowly migrate everyone over.
Any thoughts would be appreciated.
Jason
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Multiple Domains and Network Browsing
I'm sure you can make this work better if you only use one wins server. If you
are migrating to samba anyway is it an option to at least point everyone to
samba as WINS?
I've never had any luck with remote announce and in any case it will only
announce the server and not any of the other workstations. You might try
using the broadcast address of that subnet instead though in case the server
is not the browse master.
Could you add an interface on the samba machine that was on the other VLAN
(ie: multihomed). This way it would announce itself on both broadcast
domains.
WINS and broadcast seems to be the only way to make network neighborhoods
work.
hope this helps,
Greg
On Tuesday 16 December 2003 21:42, Jason Gray wrote:
Hi all,
I have been working on a multi-domain network (2 of them) with one domain
being controlled by Samba/Openldap config and the other a standard Win2k
AD. I have had success getting all computers on the Samba domain to see the
Win2k controller via the Network browser but it does not seem to be working
the other way around.
My network config is split up into two separate VLANs using an extreme
switch (192.168.1.0 and 192.168.1.0). They talk to each other through a
router, have gateways out to a firewall and then pass into the internet.
Both domains have WINS/DNS/DHCP running. Each domain has each others
WINS/DNS in their config files. Both DHCP servers have propagated each
others DNS/WINS to the various workstations (Each DHCP services only one
sub-net).
On workstations within the Win2k domain I can type in the desired
workstation and it does appear or I can search for it. However, the Domain
container for the SAMBA group is missing on workstations within the Win2k
domain (hope that makes sense).
Below is a version of my smb.conf file:
server string =
workgroup = BOGUSGROUP
netbios name = BOGUSNAME
null passwords = yes
passdb backend = ldapsam:ldap://localhost
log level =1
add user script = /usr/local/sbin/smbldap-useradd.pl -a -m %u
add group script = /usr/local/sbin/smbldap-groupadd.pl -g %g
add machine script = /usr/local/sbin/smbldap-useradd.pl -w %u
logon path = \{}\{}%L\{}profiles\{}$user
logon drive = H:
logon home = \{}\{}%L\{}$user\{}.profiles
domain logons = yes
os level = 64
preferred master =yes
domain master = yes
ldap suffix = dc=group,dc=ca
ldap machine suffix =
cn=Computers,ou=Systems,sambaDomainName=BOGUSGROUP,dc=group,dc=ca
ldap user suffix =
cn=Users,ou=People,sambaDomainName=BOGUSGROUP,dc=group,dc=ca
#ldap group suffix =
cn=Group,ou=Groups,sambaDomainName=BOGUSGROUP,dc=group,dc=ca
ldap filter = ((uid=%u)(objectclass=sambaSamAccount))
ldap admin dn = cn=Manager,dc=group,dc=ca
ldap ssl = no
idmap uid = 1-2
idmap gid = 1-2
template homedir = /home/%D/%U
template shell = /bin/bash
winbind separator = +
wins support = yes
wins server = 192.168.2.17, 192.168.1.9
wins proxy = yes
dns proxy = yes
admin users = administrator, root
remote announce = 192.168.1.9/SAMBADOMAIN
interfaces = 192.168.2.16/24 192.168.2.17/24
I thought that maybe the remote announce would work but it hasn't seemed
to. The problem is it is hard to tell which domain controller is at fault.
I don't think that the Samba is the problem. The WINS on the win2k box was
mangled until recently and the DNS is also flaky (hence the move over to
Samba). But I have to keep both domains up for the next little while
(production environment) and then we will slowly migrate everyone over.
Any thoughts would be appreciated.
Jason
--
Greg Dickie
just a guy
[EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] multiple domains
G'day, Is it possible to have a windows XP-Pro Computer to be a member of more than 1 domain at a time. So a user could go to log on and get to local computer or a couple of domains rather than a single domain? I cann't find anything in the docs. WHen I tried it the second domain replaced the first :-( Just an idea I had to make life a bit easier but looks like a looser. If anybody knows for certain I'd appreciate it Thanks Ashley -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] multiple domains
Ashley, I cann't find anything in the docs. WHen I tried it the second domain replaced the first :-( Don't know but depending on your situation you could setup an interdomain trust. DSL -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Multiple domains, one PDC
I know this has to be frequently asked, but I haven't found enough info to strike out on my own and do it right myself. I'm somewhat rusty in regards to Samba. I haven't used the server since 1999 or so. I want to use a single server to be PDC for several NT/2000 type domains. Can this be done effectively, and, if so, what is the *right* way to proceed. Bear in mind that I'm wanting to be fairly ambitious with this... I want to try to integrate LDAP/S and even possibly MS Exchange without syncing two separate stores of accounts (i.e., a SAMBA SAM and an NT SAM). Am I on crack or is it in the realm of possibility? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Multiple domains in the logon window
On Monday 23 June 2003 11:01, Alexandru Molodoi wrote: I wish that a user could be able to choose to which domain he should log on to (and I think that is the normal way). Why do you think that is the normal way? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Multiple domains in the logon window
On Monday 23 June 2003 11:01, Alexandru Molodoi wrote: I wish that a user could be able to choose to which domain he should log on to (and I think that is the normal way). Why do you think that is the normal way? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba youre right choosing between multiple domains is normal to winnt clients at logon regards -- +++ GMX - Mail, Messaging more http://www.gmx.net +++ Bitte lächeln! Fotogalerie online mit GMX ohne eigene Homepage! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Multiple domains in the logon window
Think about mobile users (with laptops) that logon in different locations to different domains. Do you think it's normal that they should change the domain they belong to everytime they need to logon, beeing forced to do a restart at the same time?!?!? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Smith Sent: 23 iunie 2003 20:53 To: [EMAIL PROTECTED] Subject: Re: [Samba] Multiple domains in the logon window On Monday 23 June 2003 11:01, Alexandru Molodoi wrote: I wish that a user could be able to choose to which domain he should log on to (and I think that is the normal way). Why do you think that is the normal way? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Multiple domains
Hi all, is it possible to set up samba to act as PDC for multiple domains? Best regards, -- Benilton Carvalho DE / IMECC / UNICAMP Red Hat Linux i18n Team -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Multiple domains
On Mon, 9 Jun 2003, Benilton de Sa Carvalho wrote: Hi all, is it possible to set up samba to act as PDC for multiple domains? Yes, but only by running separate instances of smbd, each bound to it's own IP address/es and each with it's own config and control files. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] multiple domains with samba
Hi guys, I have Samba server on a Solaris 2.6 platform with one domain. I was asked if is possible to create the second domain. I am new to this stuff, can somebody help, please. Regards, Ilie Mihut System Administrator, Unix Technical Support Mid Range Technical Services - Sun Commercial IBM Global Services Australia Work : 02-892-52681 Home: 02-92124469 Mobile: 0410551657 e-mail:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Multiple Domains/Workgroups (again sigh)
Hi All, After a couple of months break (and running only a single instance of SAMBA) I once again need to try and get two simultaneous instances of SAMBA running on the same machine, each serving up a different domain/workgroup. Here's the scoop: one machine, with dual NICs, the first one is on 192.168.1 (students) and the second one is on 192.168.2 (staff). Here's the diff on the conf files, smb.conf.students smb.conf.staff: -su-2.05b# diff smb.conf.students smb.conf.staff 3c3 workgroup = STUDENTS --- workgroup = STAFF 5,7c5,7 hosts allow = 192.168.1. 127. interfaces = 192.168.1.200/24 pid directory = /var/run2 --- hosts allow = 192.168.2. 127. interfaces = 192.168.2.200/24 pid directory = /var/run Here's my startup script: -su-2.05b# more /etc/startsamba #!/usr/local/bin/bash /usr/local/sbin/smbd -D -s /usr/local/etc/smb.conf.staff /usr/local/sbin/nmbd -D -s /usr/local/etc/smb.conf.staff /usr/local/sbin/smbd -D -s /usr/local/etc/smb.conf.students /usr/local/sbin/nmbd -D -s /usr/local/etc/smb.conf.students If I comment out the staff launch, the student domain works as expected. When I try to launch the staff one though, neither works, but there's no errors in the log files... - Should I bump up the logging level? - Do I need to add a piddir directive at launch time as well as having it in the .conf file? It's 2.2.6pre2 (built from ports on FreeBSD 4.7-Stable). I know there's 2.2.7 but really don't want to risk breaking what's working, as this box is live and can't afford to go down. But... if someone knows for certain tht this was broken in 2.2.6 or something, that would help big time. TIA Steve -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Multiple Domains
Is it possible to setup samba/winbind so that users from 2 different domains can login to the same machine? As far as I can tell, you can only set one domain in the config. I can make the linux machine join both domains, but when I try to use domain2+user to try and login, it doesn't work. Any ideas? Ferras Elshair
Re: [Samba] Multiple Domains?
Hi, Downloading the latest now. Okay, now for the scary part. This machine is live, and in use all day every day. Anything I should know about upgrading from 2.0.7 to 2.2.5? Wait until later tonight for 2.2.6 :-) :) Have now downloaded 2.2.6, thanx. Seriously, an upgrade from 2.0.7 to 2.2.6 should not be taken lightly. How big of a server and number of clietns are we talking about? It's the fileserver for a school, lab has 24 machines, and there's another dozen scattered around the school. There's only a couple hundred users all told. I'm not really doing anything special, I have a printer hung off the server, each user has their own file share, and there are two public shares. I run a connect.bat script, and that's it. If they had the budget, I'd be completely building a new server then swap them into place, but I'm stuck with what I've got :( Does SAMBA rely on anything outside it's own directory? I want to make a couple of tarballs so I can go back if needed. tar up /usr/local/samba and you should be ok. Thanx. Wish me luck. Steve -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Multiple Domains?
Hi Again, A bunch of people contacted me telling me to start up a second copy of SAMBA, but unfortunately, no one seems to know how to do it? When I try to launch a second copy of smb and nmb with pointers to the new smb.conf file, I get: [2002/08/27 18:37:20, 0] lib/pidfile.c:pidfile_create(86) ERROR: nmbd is already running. File /usr/local/samba/var/locks/nmbd.pid exist s and process id 39187 is running. [2002/08/27 18:41:14, 0] nmbd/nmbd.c:sig_term(65) Got SIGTERM: going down... And I can't see any way to tell nmb to place the second .pid file elsewhere. Do I need to recompile a second copy of samba, using /usr/local/samba2 as the directory or something? TIA Steve -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Multiple Domains?
I thought someone suggested configuring smbd on a different port but am not sure , never did this but curious as i think only one root smbd runs and all are children -Original Message- From: Steve Morley [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 16, 2002 4:33 PM To: [EMAIL PROTECTED] Subject: Re: [Samba] Multiple Domains? Hi Again, A bunch of people contacted me telling me to start up a second copy of SAMBA, but unfortunately, no one seems to know how to do it? When I try to launch a second copy of smb and nmb with pointers to the new smb.conf file, I get: [2002/08/27 18:37:20, 0] lib/pidfile.c:pidfile_create(86) ERROR: nmbd is already running. File /usr/local/samba/var/locks/nmbd.pid exist s and process id 39187 is running. [2002/08/27 18:41:14, 0] nmbd/nmbd.c:sig_term(65) Got SIGTERM: going down... And I can't see any way to tell nmb to place the second .pid file elsewhere. Do I need to recompile a second copy of samba, using /usr/local/samba2 as the directory or something? TIA Steve -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Multiple Domains?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 16 Oct 2002, Clark Rawlins wrote: [2002/08/27 18:37:20, 0] lib/pidfile.c:pidfile_create(86) ERROR: nmbd is already running. File /usr/local/samba/var/locks/nmbd.pid exist s and process id 39187 is running. [2002/08/27 18:41:14, 0] nmbd/nmbd.c:sig_term(65) Got SIGTERM: going down... And I can't see any way to tell nmb to place the second .pid file elsewhere. See the pid directory parameter (or is it pidfile directory?) cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE9reHdIR7qMdg1EfYRAgxfAJ96jqtYDJKh8qtk3baX9ufIAVK+iQCfUE6M g1r9MlXRIIQ0A+kc3E9FKHA= =WAXO -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Multiple Domains?
Hi, And I can't see any way to tell nmb to place the second .pid file elsewhere. See the pid directory parameter (or is it pidfile directory?) Okay, lightbulb went off, I'm still at 2.0.7, reading the docs online, I see that this was added to 2.2.4 Downloading the latest now. Thanx Steve -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Multiple Domains?
Downloading the latest now. Okay, now for the scary part. This machine is live, and in use all day every day. Anything I should know about upgrading from 2.0.7 to 2.2.5? I always like having a backup plan in place before something major like this. Does SAMBA rely on anything outside it's own directory? I want to make a couple of tarballs so I can go back if needed. TIA Steve -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Multiple Domains?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 16 Oct 2002, Steve Morley wrote: Downloading the latest now. Okay, now for the scary part. This machine is live, and in use all day every day. Anything I should know about upgrading from 2.0.7 to 2.2.5? Wait until later tonight for 2.2.6 :-) Seriously, an upgrade from 2.0.7 to 2.2.6 should not be taken lightly. How big of a server and number of clietns are we talking about? Does SAMBA rely on anything outside it's own directory? I want to make a couple of tarballs so I can go back if needed. tar up /usr/local/samba and you should be ok. cheers, jerry - Hewlett-Packard - http://www.hp.com SAMBA Team-- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ISBN 0-672-32269-2SAMS Teach Yourself Samba in 24 Hours 2ed I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE9rgadIR7qMdg1EfYRApaRAKDqi07TaWEZOLsBnEKnnf1iUAM5YgCfVuwA 3hkueGZ/EUNQoqPweRVinjA= =RUSz -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Multiple Domains?
Would this be also possible with only one NIC? regards Dariush Am Don, 2002-10-10 um 02.44 schrieb Yura Pismerov: To accomplish that task you will have to run multiple Samba instances (one per Domain/group). Network aliases are your friends. You can create aliases on each NIC and bind Samba instances to separate aliases on the same network. Hope this helps. Steve Morley wrote: Hi All, I just joined this list, and I'm looking for some help. I've been running a Samba server for a few years now, and it's been doing everything I've asked it too, but I'm hitting a wall trying to implement something new. Google searches aren't turning up too much, except to indicate that other people have done what I want, but I haven't gotten much responses when I tried to contact them :( The few vague instructions I turned up in my searches seem to fail... I need to make my current Samba server (one FreebSD box) serve up multiple domains. I added a second NIC for the second network, and all the TCP/IP stuff is configured and working properly. Whenever I try to add stuff for a second domain though, the whole thing (Samba) fails so I've undone everything to keep the current status. Here's the scoop on the Network: Two completely seperate LANs, one on 192.168.1 and the other on 192.168.2 The students are all on .1, and the staff is on .2 The students currently log into the STUDENTS workgroup with no problem. As the staff has increased, we now need the staff to log into a workgroup themselves. I have two choices: 1) re-configure the current server (preferred) 2) build a duplicate LAN out of spare parts and start from scratch I'm more than happy to do either, I just want to know if someone has indeed gotten a single Samba box to server up multiple domains at the same time. TIA Steve -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Multiple Domains?
yes a network alias is an extra ip address to an existing nic, which then responds to both ip adresses. You set an alias with the following syntax ifconfig eth0:0 ip broadcast broadcast netmask netmask up /Rasmus At 15:12 10-10-2002 +0200, Dariush Forouher wrote: Would this be also possible with only one NIC? regards Dariush Am Don, 2002-10-10 um 02.44 schrieb Yura Pismerov: To accomplish that task you will have to run multiple Samba instances (one per Domain/group). Network aliases are your friends. You can create aliases on each NIC and bind Samba instances to separate aliases on the same network. Hope this helps. Steve Morley wrote: Hi All, I just joined this list, and I'm looking for some help. I've been running a Samba server for a few years now, and it's been doing everything I've asked it too, but I'm hitting a wall trying to implement something new. Google searches aren't turning up too much, except to indicate that other people have done what I want, but I haven't gotten much responses when I tried to contact them :( The few vague instructions I turned up in my searches seem to fail... I need to make my current Samba server (one FreebSD box) serve up multiple domains. I added a second NIC for the second network, and all the TCP/IP stuff is configured and working properly. Whenever I try to add stuff for a second domain though, the whole thing (Samba) fails so I've undone everything to keep the current status. Here's the scoop on the Network: Two completely seperate LANs, one on 192.168.1 and the other on 192.168.2 The students are all on .1, and the staff is on .2 The students currently log into the STUDENTS workgroup with no problem. As the staff has increased, we now need the staff to log into a workgroup themselves. I have two choices: 1) re-configure the current server (preferred) 2) build a duplicate LAN out of spare parts and start from scratch I'm more than happy to do either, I just want to know if someone has indeed gotten a single Samba box to server up multiple domains at the same time. TIA Steve -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Multiple Domains?
Dariush Forouher wrote: Would this be also possible with only one NIC? Of course. -- Yuri Pismerov, Sr. System Administrator, TUCOWS.COM INC. (416) 535-0123 ext. 1352 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Multiple Domains?
but don't ever bring down eth0 unless you can do without eth0:*. I learned that one the hard way. Sometimes remote data centers can suck ... Rasmus Reinholdt Nielsen wrote: yes a network alias is an extra ip address to an existing nic, which then responds to both ip adresses. You set an alias with the following syntax ifconfig eth0:0 ip broadcast broadcast netmask netmask up /Rasmus At 15:12 10-10-2002 +0200, Dariush Forouher wrote: Would this be also possible with only one NIC? regards Dariush Am Don, 2002-10-10 um 02.44 schrieb Yura Pismerov: To accomplish that task you will have to run multiple Samba instances (one per Domain/group). Network aliases are your friends. You can create aliases on each NIC and bind Samba instances to separate aliases on the same network. Hope this helps. Steve Morley wrote: Hi All, I just joined this list, and I'm looking for some help. I've been running a Samba server for a few years now, and it's been doing everything I've asked it too, but I'm hitting a wall trying to implement something new. Google searches aren't turning up too much, except to indicate that other people have done what I want, but I haven't gotten much responses when I tried to contact them :( The few vague instructions I turned up in my searches seem to fail... I need to make my current Samba server (one FreebSD box) serve up multiple domains. I added a second NIC for the second network, and all the TCP/IP stuff is configured and working properly. Whenever I try to add stuff for a second domain though, the whole thing (Samba) fails so I've undone everything to keep the current status. Here's the scoop on the Network: Two completely seperate LANs, one on 192.168.1 and the other on 192.168.2 The students are all on .1, and the staff is on .2 The students currently log into the STUDENTS workgroup with no problem. As the staff has increased, we now need the staff to log into a workgroup themselves. I have two choices: 1) re-configure the current server (preferred) 2) build a duplicate LAN out of spare parts and start from scratch I'm more than happy to do either, I just want to know if someone has indeed gotten a single Samba box to server up multiple domains at the same time. TIA Steve -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- Justin Georgeson UnBound Technologies, Inc. http://www.unboundtech.com Main 713.329.9330 Fax713.460.4051 Mobile 512.789.1962 5295 Hollister Road Houston, TX 77040 Real Applications using Real Wireless Intelligence(tm) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Multiple Domains?
Hi, To accomplish that task you will have to run multiple Samba instances (one per Domain/group). Network aliases are your friends. You can create aliases on each NIC and bind Samba instances to separate aliases on the same network. This was one of the things I tried previously, but got errors like: [2002/08/27 18:37:20, 0] lib/pidfile.c:pidfile_create(86) ERROR: nmbd is already running. File /usr/local/samba/var/locks/nmbd.pid exist s and process id 39187 is running. [2002/08/27 18:41:14, 0] nmbd/nmbd.c:sig_term(65) Got SIGTERM: going down... I shouldn't need to use Network aliases I believe, unless I'm missing something, please let me know if they're needed though. I can't seem to get into samba.org right now, is there a flag to tell nmbd to place it's .pid file in another location? Steve -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Multiple Domains?
Hi, Wouldn't it be easier to keep you BSD box as your PDC, have staff and students login on to that one domain and have logon scripts if you need to do anything cleaver?? I definitely want to keep the BSD box as the PDC, but need the seperate workgroups, as there is some peer sharing going on with the staff and I don't want there to be any possibility of the students taking a peek in there. That's also why I run two seperate LANs (no packet sniffing). Steve -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Multiple Domains?
Hi All, I just joined this list, and I'm looking for some help. I've been running a Samba server for a few years now, and it's been doing everything I've asked it too, but I'm hitting a wall trying to implement something new. Google searches aren't turning up too much, except to indicate that other people have done what I want, but I haven't gotten much responses when I tried to contact them :( The few vague instructions I turned up in my searches seem to fail... I need to make my current Samba server (one FreebSD box) serve up multiple domains. I added a second NIC for the second network, and all the TCP/IP stuff is configured and working properly. Whenever I try to add stuff for a second domain though, the whole thing (Samba) fails so I've undone everything to keep the current status. Here's the scoop on the Network: Two completely seperate LANs, one on 192.168.1 and the other on 192.168.2 The students are all on .1, and the staff is on .2 The students currently log into the STUDENTS workgroup with no problem. As the staff has increased, we now need the staff to log into a workgroup themselves. I have two choices: 1) re-configure the current server (preferred) 2) build a duplicate LAN out of spare parts and start from scratch I'm more than happy to do either, I just want to know if someone has indeed gotten a single Samba box to server up multiple domains at the same time. TIA Steve -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
