[Samba] Samba 4 file-server usage
Hi, I test samba 4 for AD authentification and file-server usage. My file-server use posix ACL (XFS filesystem) for manage acces between user. So I must use some trick (steve posix-tify script) for adding posixAccount to activedirectory tree. But my questions are : who use samba 4 file-server part ? How other sys admin permit user to store data on a server (and not on user's workstation)? I have more than 300 groups, more than 200 users and machines. I have more than 800 Gb of data. Create user or group in ADUC and after pass a posix-tify script) script will add complexity for management. best regards Stéphane PS : I see in smb.conf (valid for samba 4) that there is a add user script, but I don't understand how it work ! --- Stéphane PURNELLE Admin. Systèmes et Réseaux Service Informatique Corman S.A. Tel : 00 32 (0)87/342467 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 file-server usage
On Fri, 2013-08-30 at 11:25 +0200, Stéphane PURNELLE wrote: Hi, I test samba 4 for AD authentification and file-server usage. My file-server use posix ACL (XFS filesystem) for manage acces between user. So I must use some trick (steve posix-tify script) for adding posixAccount to activedirectory tree. You do not need to add posixAccount. For recent versions of Samba4: samba-tool user add stephane --uid-number=322 gid-number=20513 home-directory=/some/place lofin-shell=/bin/sh You only need the hack for old versions of Samba. We use a Samba 4.0.9 file server for a mix of about 80 xp and LXDE clients over cifs. It server profiles, home folders and loads of other rubbish. HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 file-server usage
samba-tool user delete dpu getent passwd dpu nothing samba-tool user create dpu getent passwd dpu nothing why getent return nothing, user exist, I can see by ldbsearch. But not posixAccount objectclass ! samba 4.0.9 --- Stéphane PURNELLE Admin. Systèmes et Réseaux Service Informatique Corman S.A. Tel : 00 32 (0)87/342467 samba-boun...@lists.samba.org wrote on 30/08/2013 11:57:18: De : steve st...@steve-ss.com A : samba@lists.samba.org, Date : 30/08/2013 11:58 Objet : Re: [Samba] Samba 4 file-server usage Envoyé par : samba-boun...@lists.samba.org On Fri, 2013-08-30 at 11:25 +0200, Stéphane PURNELLE wrote: Hi, I test samba 4 for AD authentification and file-server usage. My file-server use posix ACL (XFS filesystem) for manage acces between user. So I must use some trick (steve posix-tify script) for adding posixAccount to activedirectory tree. You do not need to add posixAccount. For recent versions of Samba4: samba-tool user add stephane --uid-number=322 gid-number=20513 home-directory=/some/place lofin-shell=/bin/sh You only need the hack for old versions of Samba. We use a Samba 4.0.9 file server for a mix of about 80 xp and LXDE clients over cifs. It server profiles, home folders and loads of other rubbish. HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4 : File server
Hi !
I have installed a DC with samba-tool command and it works perfectly !
Control AD with the 2003 tools is very amazing, thanks for the job !
So, my next step is to install a file server as a member of the AD and
not as a DC
I read carfully this one :
https://wiki.samba.org/index.php/Samba4/Domain_Member
Compiling samba :
* ./configure --with-ads --with-shared-modules=idmap_ad
--enable-debug --enable-selftest --prefix=/samba
First of all why --with-ads ? It is not the default feature ?
* make
* make install
The krb5.conf was fill with that :
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = DDCS67.INTRA
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
forwardable = yes
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
What is appsection ? It is not necessary in a DC wich sharing a
directory. But why not.
After that , the smb.conf
I was wondering that the smb.conf must be fill by the hand. For the DC,
running samba-tool command will generate a smb.conf. Before doing this I
search the options of samba-tool and i find this :
samba-tool domain join DDCS67 --realm=DDCS67.intra -U Administrator
Password for [WORKGROUP\Administrator]:
Joined domain DDCS67 (S-1-5-21-1814795784-576591386-2449700327)
Fine, the domain is join !! And the server appear as a Computer in the
MMC. Good !
Let's run /samba/sbin/samba
The log are :
At this time the 'samba' binary should only be used for either: 'server
role = active directory domain controller' or to access the ntvfs file
server with 'server services = +smb' or the rpc proxy with 'dcerpc
endpoint servers = remote'
You should start smbd/nmbd/winbindd instead for domain member and
standalone file server tasks
Is it me or i read the ntvfs is deprecatted ?
So I run the/samba/sbin/smbd, but with no smb.conf the server does not start
Tesparm give me :
Load smb config files from /samba/etc/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
params.c:OpenConfFile() - Unable to open configuration file
/samba/etc/smb.conf:
Can i Genrate a valid smb.conf for a member with samba-tool ?
Regards
Franck Botz
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 : File server
On Mon, 2013-02-11 at 16:54 +0100, BOTZ Franck (Informaticien) - DDT
67/SG/MGI/CI wrote:
Hi !
I have installed a DC with samba-tool command and it works perfectly !
Control AD with the 2003 tools is very amazing, thanks for the job !
So, my next step is to install a file server as a member of the AD and
not as a DC
I read carfully this one :
https://wiki.samba.org/index.php/Samba4/Domain_Member
Compiling samba :
* ./configure --with-ads --with-shared-modules=idmap_ad
--enable-debug --enable-selftest --prefix=/samba
First of all why --with-ads ? It is not the default feature ?
It is, but what this changes is that the compile will fail (prompting
you to install some development headers, typically) if the right things
are not found. The is very helpful, and long ago I promised to make
that the default behaviour. Sadly I never got around to it.
* make
* make install
The krb5.conf was fill with that :
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = DDCS67.INTRA
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
forwardable = yes
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
What is appsection ? It is not necessary in a DC wich sharing a
directory. But why not.
After that , the smb.conf
I was wondering that the smb.conf must be fill by the hand. For the DC,
running samba-tool command will generate a smb.conf. Before doing this I
search the options of samba-tool and i find this :
samba-tool domain join DDCS67 --realm=DDCS67.intra -U Administrator
Password for [WORKGROUP\Administrator]:
Joined domain DDCS67 (S-1-5-21-1814795784-576591386-2449700327)
Fine, the domain is join !! And the server appear as a Computer in the
MMC. Good !
Let's run /samba/sbin/samba
The log are :
At this time the 'samba' binary should only be used for either: 'server
role = active directory domain controller' or to access the ntvfs file
server with 'server services = +smb' or the rpc proxy with 'dcerpc
endpoint servers = remote'
You should start smbd/nmbd/winbindd instead for domain member and
standalone file server tasks
Is it me or i read the ntvfs is deprecatted ?
So I run the/samba/sbin/smbd, but with no smb.conf the server does not start
Tesparm give me :
Load smb config files from /samba/etc/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
params.c:OpenConfFile() - Unable to open configuration file
/samba/etc/smb.conf:
Can i Genrate a valid smb.conf for a member with samba-tool ?
I do apologise for this not being as integrated as you would expect.
I'm very proud of the new level of ease of use found in 'samba-tool' and
in the AD DC configuration. Sadly while this command will successfully
join you to the domain, it does not currently generate the smb.conf.
You don't need much, just set:
[globals]
server role = domain member
workgroup = DDCS67
realm = DDCS67.intra
BTW, while I've hooked up 'samba-tool' to work, the advertised command
for joining a domain member is 'net ads join'. We are working to
consolidate the code, but currently it is a different codebase. From my
understanding however, it also will not generate the smb.conf.
I hope this helps, and feel free to file a bug as fixing this should not
be difficult.
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
