[Samba] Samba 4 file-server usage
Hi, I test samba 4 for AD authentification and file-server usage. My file-server use posix ACL (XFS filesystem) for manage acces between user. So I must use some trick (steve posix-tify script) for adding posixAccount to activedirectory tree. But my questions are : who use samba 4 file-server part ? How other sys admin permit user to store data on a server (and not on user's workstation)? I have more than 300 groups, more than 200 users and machines. I have more than 800 Gb of data. Create user or group in ADUC and after pass a posix-tify script) script will add complexity for management. best regards Stéphane PS : I see in smb.conf (valid for samba 4) that there is a add user script, but I don't understand how it work ! --- Stéphane PURNELLE Admin. Systèmes et Réseaux Service Informatique Corman S.A. Tel : 00 32 (0)87/342467 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 file-server usage
On Fri, 2013-08-30 at 11:25 +0200, Stéphane PURNELLE wrote: Hi, I test samba 4 for AD authentification and file-server usage. My file-server use posix ACL (XFS filesystem) for manage acces between user. So I must use some trick (steve posix-tify script) for adding posixAccount to activedirectory tree. You do not need to add posixAccount. For recent versions of Samba4: samba-tool user add stephane --uid-number=322 gid-number=20513 home-directory=/some/place lofin-shell=/bin/sh You only need the hack for old versions of Samba. We use a Samba 4.0.9 file server for a mix of about 80 xp and LXDE clients over cifs. It server profiles, home folders and loads of other rubbish. HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 file-server usage
samba-tool user delete dpu getent passwd dpu nothing samba-tool user create dpu getent passwd dpu nothing why getent return nothing, user exist, I can see by ldbsearch. But not posixAccount objectclass ! samba 4.0.9 --- Stéphane PURNELLE Admin. Systèmes et Réseaux Service Informatique Corman S.A. Tel : 00 32 (0)87/342467 samba-boun...@lists.samba.org wrote on 30/08/2013 11:57:18: De : steve st...@steve-ss.com A : samba@lists.samba.org, Date : 30/08/2013 11:58 Objet : Re: [Samba] Samba 4 file-server usage Envoyé par : samba-boun...@lists.samba.org On Fri, 2013-08-30 at 11:25 +0200, Stéphane PURNELLE wrote: Hi, I test samba 4 for AD authentification and file-server usage. My file-server use posix ACL (XFS filesystem) for manage acces between user. So I must use some trick (steve posix-tify script) for adding posixAccount to activedirectory tree. You do not need to add posixAccount. For recent versions of Samba4: samba-tool user add stephane --uid-number=322 gid-number=20513 home-directory=/some/place lofin-shell=/bin/sh You only need the hack for old versions of Samba. We use a Samba 4.0.9 file server for a mix of about 80 xp and LXDE clients over cifs. It server profiles, home folders and loads of other rubbish. HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4 : File server
Hi ! I have installed a DC with samba-tool command and it works perfectly ! Control AD with the 2003 tools is very amazing, thanks for the job ! So, my next step is to install a file server as a member of the AD and not as a DC I read carfully this one : https://wiki.samba.org/index.php/Samba4/Domain_Member Compiling samba : * ./configure --with-ads --with-shared-modules=idmap_ad --enable-debug --enable-selftest --prefix=/samba First of all why --with-ads ? It is not the default feature ? * make * make install The krb5.conf was fill with that : [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = DDCS67.INTRA dns_lookup_realm = true dns_lookup_kdc = true ticket_lifetime = 24h forwardable = yes [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } What is appsection ? It is not necessary in a DC wich sharing a directory. But why not. After that , the smb.conf I was wondering that the smb.conf must be fill by the hand. For the DC, running samba-tool command will generate a smb.conf. Before doing this I search the options of samba-tool and i find this : samba-tool domain join DDCS67 --realm=DDCS67.intra -U Administrator Password for [WORKGROUP\Administrator]: Joined domain DDCS67 (S-1-5-21-1814795784-576591386-2449700327) Fine, the domain is join !! And the server appear as a Computer in the MMC. Good ! Let's run /samba/sbin/samba The log are : At this time the 'samba' binary should only be used for either: 'server role = active directory domain controller' or to access the ntvfs file server with 'server services = +smb' or the rpc proxy with 'dcerpc endpoint servers = remote' You should start smbd/nmbd/winbindd instead for domain member and standalone file server tasks Is it me or i read the ntvfs is deprecatted ? So I run the/samba/sbin/smbd, but with no smb.conf the server does not start Tesparm give me : Load smb config files from /samba/etc/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) params.c:OpenConfFile() - Unable to open configuration file /samba/etc/smb.conf: Can i Genrate a valid smb.conf for a member with samba-tool ? Regards Franck Botz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 : File server
On Mon, 2013-02-11 at 16:54 +0100, BOTZ Franck (Informaticien) - DDT 67/SG/MGI/CI wrote: Hi ! I have installed a DC with samba-tool command and it works perfectly ! Control AD with the 2003 tools is very amazing, thanks for the job ! So, my next step is to install a file server as a member of the AD and not as a DC I read carfully this one : https://wiki.samba.org/index.php/Samba4/Domain_Member Compiling samba : * ./configure --with-ads --with-shared-modules=idmap_ad --enable-debug --enable-selftest --prefix=/samba First of all why --with-ads ? It is not the default feature ? It is, but what this changes is that the compile will fail (prompting you to install some development headers, typically) if the right things are not found. The is very helpful, and long ago I promised to make that the default behaviour. Sadly I never got around to it. * make * make install The krb5.conf was fill with that : [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = DDCS67.INTRA dns_lookup_realm = true dns_lookup_kdc = true ticket_lifetime = 24h forwardable = yes [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } What is appsection ? It is not necessary in a DC wich sharing a directory. But why not. After that , the smb.conf I was wondering that the smb.conf must be fill by the hand. For the DC, running samba-tool command will generate a smb.conf. Before doing this I search the options of samba-tool and i find this : samba-tool domain join DDCS67 --realm=DDCS67.intra -U Administrator Password for [WORKGROUP\Administrator]: Joined domain DDCS67 (S-1-5-21-1814795784-576591386-2449700327) Fine, the domain is join !! And the server appear as a Computer in the MMC. Good ! Let's run /samba/sbin/samba The log are : At this time the 'samba' binary should only be used for either: 'server role = active directory domain controller' or to access the ntvfs file server with 'server services = +smb' or the rpc proxy with 'dcerpc endpoint servers = remote' You should start smbd/nmbd/winbindd instead for domain member and standalone file server tasks Is it me or i read the ntvfs is deprecatted ? So I run the/samba/sbin/smbd, but with no smb.conf the server does not start Tesparm give me : Load smb config files from /samba/etc/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) params.c:OpenConfFile() - Unable to open configuration file /samba/etc/smb.conf: Can i Genrate a valid smb.conf for a member with samba-tool ? I do apologise for this not being as integrated as you would expect. I'm very proud of the new level of ease of use found in 'samba-tool' and in the AD DC configuration. Sadly while this command will successfully join you to the domain, it does not currently generate the smb.conf. You don't need much, just set: [globals] server role = domain member workgroup = DDCS67 realm = DDCS67.intra BTW, while I've hooked up 'samba-tool' to work, the advertised command for joining a domain member is 'net ads join'. We are working to consolidate the code, but currently it is a different codebase. From my understanding however, it also will not generate the smb.conf. I hope this helps, and feel free to file a bug as fixing this should not be difficult. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba