Re: [Samba] Samba PDC not in network environment (Windows 7/8)
Something weird... I connected one notbook to another samba (v3.5.5) network. Logged in as a local user on the notebook and guess what. The complete network environment is shown. The main difference between these two networks, apart form the version number of smbd, is that the working network is based on ldap while the not working network is based on tdb. Another small difference in smb.conf: 3.5.5: name resolve order = bcast lmhosts host 3.6.12: name resolve order = wins bcast lmhosts hosts Going to check if it has any impact if I remove wins from name resolve order. And another small difference: In v3.5.5 computers are members of Domain Users while v3.6.12 lists them in Domain Computers. Also going to check if this makes any difference. The last thing I will check is if it makes any difference when I login to a local account on my client. Will keep you updated. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba PDC not in network environment (Windows 7/8)
I recently changed my clients (3 notebooks, 2 desktop pcs) from Windows XP Pro to Windows 7/8 Pro. I followed the guides that can be found on samba.org and all over the internet. Client migration worked after some minor trouble. There is only one thing left that I could no resolve the last few days. All clients see each other under Network but no client sees my samba server. Though the samba PDC cannot be seen most of the network related stuff works as expected. Domain logons work, the per user netlogon script ist executed (network shares on the PDC get mapped, time is synced), shares can be opened with \\PDC\share. Executing nbtstat on the clients works except for -[s|S|R|RR] which results in no connection. Executing smbtree -N | smbclient -N works on the PDC. To prevent common questions: - client installation is not older than 30 days - disabled pw change after 30 days in registry - no firewall on clients - PDC firewall allows traffic to and from ports 137-139,445 - samba version Version 3.6.12-162.1-2943-SUSE-SL12.1-x86_64 Output of netstat -an | egrep '13[789]|445' tcp0 0 0.0.0.0:139 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:445 0.0.0.0:* LISTEN tcp0 0 192.168.11.10:60002 192.168.11.230:445 VERBUNDEN udp0 0 192.168.11.255:137 0.0.0.0:* udp0 0 192.168.11.10:137 0.0.0.0:* udp0 0 0.0.0.0:137 0.0.0.0:* udp0 0 192.168.11.255:138 0.0.0.0:* udp0 0 192.168.11.10:138 0.0.0.0:* udp0 0 0.0.0.0:138 0.0.0.0:* Remark: 192.168.11.230 is a nas storage which cannot be seen from clients either. My smb.conf: [global] unix charset = UTF8 display charset = UTF8 workgroup = MyWorkgroupName server string = MyServerString netbios name = MyServerName netbios aliases = PDC interfaces = eth0, 127.0.0.0/8 bind interfaces only = no map to guest = Bad User passdb backend = tdbsam username map = /etc/samba/smbusers username level = 1 server signing = auto max protocol = SMB2 client NTLMv2 auth = Yes log level = 2 smb:1 auth:1 sam:1 acls:1 passdb:1 tdb:1 winbind:1 idmap:1 syslog = 0 log file = /var/log/samba/log.%m max xmit = 65535 name resolve order = wins bcast lmhosts hosts time server = Yes deadtime = 10 paranoid server security = No socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY SO_BROADCAST SO _SNDBUF=16384 SO_RCVBUF=16384 hostname lookups = Yes add user script = /usr/sbin/useradd -d /home/%u -g users -k /etc/samba/s kel -m -s /bin/false %u delete user script = /usr/sbin/userdel %u add user to group script = /usr/sbin/usermod -G %g %u set primary group script = /usr/sbin/usermod -g %g %u delete user from group script = /usr/sbin/groupmod -R %u %g add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false -g machines %u logon script = %U.bat logon path = \\%N\profiles\%U\%a domain logons = Yes os level = 88 preferred master = Yes domain master = Yes local master = yes time server = yes wins support = Yes client use spnego = no ldap ssl = no winbind enum users = Yes winbind enum groups = Yes winbind expand groups = 3 winbind use default domain = no winbind rpc only = Yes winbind offline logon = no idmap config * : backend = tdb idmap config * : range = 15000 - 25000 encrypt passwords = yes pam password change = yes passwd program = /usr/bin/passwd %u passwd chat = Neues*Passwort* %n\nGeben Sie das neue Passwort erneut ein * %n\nPass*dert.\n veto files = /*.eml/*.nws/riched20.dll/*.{*}/ dos filetime resolution = Yes printing = cups printcap = cups [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon write list = @samba-domain-admins @Administrators read list = @samba-domain-users @machines @Familie force group = samba-domain-users browseable = No [profiles] path = /var/lib/samba/profiles profile acls = yes csc policy = disable read only = No browsable = no store dos attributes = yes guest ok = no printable = no hide files = /desktop.ini/*Briefcase*/ write list = %S %S%w%D root hosts allow = 192.168.11., 127.0.0.1, 10.168.11. create mask = 0600 directory mask = 0700 [IPC$] path
Re: [Samba] Samba PDC not in network environment (Windows 7/8)
Something I came across. Don't know if it is related. Trying to connect to a Windows 8 share from my PDC results in cli_session_setup: NT1 session setup failed: NT_STATUS_INVALID_PARAMETER session setup failed: NT_STATUS_INVALID_PARAMETER when client NTLMv2 auth = yes set in smb.conf. smbtree executed by a domain admin user lists all shares on PDC and nas but only the name of the client. Changing settings to client NTLMv2 auth = no client lanman auth = yes gives access to shares on the Windows 8 client. smbtree lists all adminstrative shares (C$, D$, etc.) on Windows 8 client. --- There are some entries in the samba logfile for client JOGO which seem to be problem related: [2013/02/21 12:17:27.638163, 0] rpc_server/srv_pipe.c:500(pipe_schannel_auth_bi nd) pipe_schannel_auth_bind: Attempt to bind using schannel without successful ser verauth2 [2013/02/21 12:17:27.762403, 2] rpc_server/samr/srv_samr_nt.c:4071(_samr_Lookup Domain) Returning domain sid for domain MyDomainName - S-1-5-21-3406496673- 2355577635-1274 693878 [2013/02/21 12:17:32.774569, 2] ../libcli/auth/credentials.c:308(netlogon_creds _server_check_internal) credentials check failed [2013/02/21 12:17:32.774681, 0] rpc_server/netlogon/srv_netlog_nt.c:976(_netr_S erverAuthenticate3) _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client JOGO machine account JOGO$ [2013/02/21 12:17:32.777495, 2] rpc_server/samr/srv_samr_nt.c:4071(_samr_Lookup Domain) Returning domain sid for domain MyDomainName - S-1-5-21-3406496673- 2355577635-1274 693878 [2013/02/21 12:17:45.665467, 2] smbd/smb2_server.c:2628(smbd_smb2_request_incom ing) smbd_smb2_request_incoming: client read error NT_STATUS_CONNECTION_RESET [2013/02/21 12:18:03.168300, 2] smbd/smb2_server.c:2628(smbd_smb2_request_incom ing) smbd_smb2_request_incoming: client read error NT_STATUS_CONNECTION_RESET [2013/02/21 12:18:50.279081, 2] smbd/smb2_server.c:2628(smbd_smb2_request_incom ing) smbd_smb2_request_incoming: client read error NT_STATUS_CONNECTION_RESET [2013/02/21 12:21:36.293203, 2] smbd/smb2_server.c:2628(smbd_smb2_request_incom ing) smbd_smb2_request_incoming: client read error NT_STATUS_CONNECTION_RESET -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC not in network environment (Windows 7/8)
Jörg Nissen joerg at nissen.de.hm writes: Looks like I'm talking to myself all the time. Anyway, solved this small problem. Accidentally the parameter client use spnego was set to no during testing. Setting it back to yes made the client tools on the server behave normally. Still looking for help on my starting post. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC group list empty
I give all of your indexes in my conf but nothing changed: ls -l *bdb -rw--- 1 openldap openldap 61440 Dec 3 14:22 cn.bdb -rw--- 1 openldap openldap 8192 Dec 3 14:22 dc.bdb -rw--- 1 openldap openldap 28672 Dec 3 14:22 displayName.bdb -rw--- 1 openldap openldap 40960 Dec 3 12:29 dn2id.bdb -rw--- 1 openldap openldap 8192 Nov 22 10:42 entryCSN.bdb -rw--- 1 openldap openldap 8192 Nov 22 10:42 entryUUID.bdb -rw--- 1 openldap openldap 8192 Dec 3 14:22 gidNumber.bdb -rw--- 1 openldap openldap 36864 Dec 3 14:22 givenName.bdb -rw--- 1 openldap openldap 294912 Dec 3 13:10 id2entry.bdb -rw--- 1 openldap openldap 8192 Dec 3 14:22 loginShell.bdb -rw--- 1 openldap openldap 45056 Dec 3 14:22 mail.bdb -rw--- 1 openldap openldap 69632 Dec 3 14:22 memberUid.bdb -rw--- 1 openldap openldap 36864 Dec 3 14:22 objectClass.bdb -rw--- 1 openldap openldap 8192 Dec 3 14:22 ou.bdb -rw--- 1 openldap openldap 8192 Dec 3 14:22 sambaDomainName.bdb -rw--- 1 openldap openldap 8192 Dec 3 14:22 sambaGroupType.bdb -rw--- 1 openldap openldap 8192 Dec 3 14:22 sambaPrimaryGroupSID.bdb -rw--- 1 openldap openldap 8192 Dec 3 14:22 sambaSID.bdb -rw--- 1 openldap openldap 8192 Dec 3 14:22 sambaSIDList.bdb -rw--- 1 openldap openldap 40960 Dec 3 14:22 sn.bdb -rw--- 1 openldap openldap 45056 Dec 3 14:22 uid.bdb -rw--- 1 openldap openldap 8192 Dec 3 14:22 uidNumber.bdb -rw--- 1 openldap openldap 8192 Nov 20 17:03 uniqueMember.bdb Any other suggestion? On Fri, Nov 30, 2012 at 6:16 PM, Harry Jede walk2...@arcor.de wrote: Am Donnerstag, 29. November 2012 schrieben Sie: I still dont understand why ldap search filter generated by samba ( i have this from samba log ) cannot find anything in database: smbldap_search_paged: base = [dc=gymsnv,dc=sk], filter = [((objectclass=sambaGroupMapping)(sambaGroupType=2)(sambaSID=S-1-5- 21-2390795950-2727105968-4008069955*))],scope = [2], pagesize = [1024] [2012/11/29 18:15:14.227560, 3] lib/smbldap.c:1591(smbldap_search_paged) smbldap_search_paged: search was successful [2012/11/29 18:15:14.227647, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 0 If I remove sambaSID and try to find it in ldap, I will get all my groups. Filter = ((objectclass=sambaGroupMapping)(sambaGroupType=2)(sambaSID=*)) Is this normal behavior or my ldap configuration can be incorrect? That's not normal. What indexes have you set? # ldapsearch -LLLY external -H ldapi:/// -b cn=config (objectclass=*) olcDBIndex This are my indexes: dn: olcDatabase={1}hdb,cn=config olcDbIndex: objectClass eq olcDbIndex: uidNumber eq olcDbIndex: gidNumber eq olcDbIndex: loginShell eq olcDbIndex: uid eq,pres,sub olcDbIndex: memberUid eq,pres,sub olcDbIndex: uniqueMember eq,pres olcDbIndex: sambaSID eq olcDbIndex: sambaPrimaryGroupSID eq olcDbIndex: sambaGroupType eq olcDbIndex: sambaSIDList eq olcDbIndex: sambaDomainName eq olcDbIndex: displayName eq,sub olcDbIndex: givenName eq,sub olcDbIndex: mail eq,sub olcDbIndex: dhcpHWAddress eq olcDbIndex: dhcpClassData eq olcDbIndex: cn eq,pres,sub olcDbIndex: sn eq,pres,sub olcDbIndex: ou eq olcDbIndex: dc eq olcDbIndex: default sub And this shows the files: # cd /var/lib/ldap/ # ls -l *bdb -rw--- 1 openldap openldap 32768 18. Nov 15:49 cn.bdb -rw--- 1 openldap openldap 8192 1. Jan 2012 dc.bdb -rw--- 1 openldap openldap 8192 18. Nov 15:49 dhcpHWAddress.bdb -rw--- 1 openldap openldap 24576 23. Aug 10:08 displayName.bdb -rw--- 1 openldap openldap 24576 18. Nov 15:49 dn2id.bdb -rw--- 1 openldap openldap 8192 23. Aug 10:08 gidNumber.bdb -rw--- 1 openldap openldap 8192 1. Jun 21:57 givenName.bdb -rw--- 1 openldap openldap 98304 27. Nov 22:54 id2entry.bdb -rw--- 1 openldap openldap 8192 23. Aug 10:08 loginShell.bdb -rw--- 1 openldap openldap 8192 1. Jun 21:57 mail.bdb -rw--- 1 openldap openldap 8192 1. Jun 2012 memberUid.bdb -rw--- 1 openldap openldap 16384 27. Nov 22:54 objectClass.bdb -rw--- 1 openldap openldap 8192 1. Jun 19:57 ou.bdb -rw--- 1 openldap openldap 8192 23. Aug 08:54 sambaDomainName.bdb -rw--- 1 openldap openldap 8192 10. Mai 2012 sambaGroupType.bdb -rw--- 1 openldap openldap 8192 23. Aug 08:54 sambaPrimaryGroupSID.bdb -rw--- 1 openldap openldap 8192 23. Aug 10:08 sambaSID.bdb -rw--- 1 openldap openldap 8192 27. Nov 22:54 sambaSIDList.bdb -rw--- 1 openldap openldap 8192 1. Jun 21:57 sn.bdb -rw--- 1 openldap openldap 8192 23. Aug 10:08 uid.bdb -rw--- 1 openldap openldap 8192 23. Aug 10:08 uidNumber.bdb -rw--- 1 openldap openldap 8192 1. Jan 2012 uniqueMember.bdb root@capella:/var/lib/ldap# -- Gruss Harry Jede -- To unsubscribe from this list go to the following URL and read the instructions:
Re: [Samba] Samba PDC group list empty
Am Donnerstag, 29. November 2012 schrieben Sie: I still dont understand why ldap search filter generated by samba ( i have this from samba log ) cannot find anything in database: smbldap_search_paged: base = [dc=gymsnv,dc=sk], filter = [((objectclass=sambaGroupMapping)(sambaGroupType=2)(sambaSID=S-1-5- 21-2390795950-2727105968-4008069955*))],scope = [2], pagesize = [1024] [2012/11/29 18:15:14.227560, 3] lib/smbldap.c:1591(smbldap_search_paged) smbldap_search_paged: search was successful [2012/11/29 18:15:14.227647, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 0 If I remove sambaSID and try to find it in ldap, I will get all my groups. Filter = ((objectclass=sambaGroupMapping)(sambaGroupType=2)(sambaSID=*)) Is this normal behavior or my ldap configuration can be incorrect? That's not normal. What indexes have you set? # ldapsearch -LLLY external -H ldapi:/// -b cn=config (objectclass=*) olcDBIndex This are my indexes: dn: olcDatabase={1}hdb,cn=config olcDbIndex: objectClass eq olcDbIndex: uidNumber eq olcDbIndex: gidNumber eq olcDbIndex: loginShell eq olcDbIndex: uid eq,pres,sub olcDbIndex: memberUid eq,pres,sub olcDbIndex: uniqueMember eq,pres olcDbIndex: sambaSID eq olcDbIndex: sambaPrimaryGroupSID eq olcDbIndex: sambaGroupType eq olcDbIndex: sambaSIDList eq olcDbIndex: sambaDomainName eq olcDbIndex: displayName eq,sub olcDbIndex: givenName eq,sub olcDbIndex: mail eq,sub olcDbIndex: dhcpHWAddress eq olcDbIndex: dhcpClassData eq olcDbIndex: cn eq,pres,sub olcDbIndex: sn eq,pres,sub olcDbIndex: ou eq olcDbIndex: dc eq olcDbIndex: default sub And this shows the files: # cd /var/lib/ldap/ # ls -l *bdb -rw--- 1 openldap openldap 32768 18. Nov 15:49 cn.bdb -rw--- 1 openldap openldap 8192 1. Jan 2012 dc.bdb -rw--- 1 openldap openldap 8192 18. Nov 15:49 dhcpHWAddress.bdb -rw--- 1 openldap openldap 24576 23. Aug 10:08 displayName.bdb -rw--- 1 openldap openldap 24576 18. Nov 15:49 dn2id.bdb -rw--- 1 openldap openldap 8192 23. Aug 10:08 gidNumber.bdb -rw--- 1 openldap openldap 8192 1. Jun 21:57 givenName.bdb -rw--- 1 openldap openldap 98304 27. Nov 22:54 id2entry.bdb -rw--- 1 openldap openldap 8192 23. Aug 10:08 loginShell.bdb -rw--- 1 openldap openldap 8192 1. Jun 21:57 mail.bdb -rw--- 1 openldap openldap 8192 1. Jun 2012 memberUid.bdb -rw--- 1 openldap openldap 16384 27. Nov 22:54 objectClass.bdb -rw--- 1 openldap openldap 8192 1. Jun 19:57 ou.bdb -rw--- 1 openldap openldap 8192 23. Aug 08:54 sambaDomainName.bdb -rw--- 1 openldap openldap 8192 10. Mai 2012 sambaGroupType.bdb -rw--- 1 openldap openldap 8192 23. Aug 08:54 sambaPrimaryGroupSID.bdb -rw--- 1 openldap openldap 8192 23. Aug 10:08 sambaSID.bdb -rw--- 1 openldap openldap 8192 27. Nov 22:54 sambaSIDList.bdb -rw--- 1 openldap openldap 8192 1. Jun 21:57 sn.bdb -rw--- 1 openldap openldap 8192 23. Aug 10:08 uid.bdb -rw--- 1 openldap openldap 8192 23. Aug 10:08 uidNumber.bdb -rw--- 1 openldap openldap 8192 1. Jan 2012 uniqueMember.bdb root@capella:/var/lib/ldap# -- Gruss Harry Jede -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC group list empty
Hello again, I do not know what On Tue, Nov 27, 2012 at 9:08 PM, Harry Jede walk2...@arcor.de wrote: On 20:15:56 wrote Andrej Šimko: net getdomainsid SID for local machine HOST is: S-1-5-21-2390795950-2727105968-4008069955 SID for domain EXAMPLE is: S-1-5-21-2390795950-2727105968-4008069955 I compared my smb.conf with yours. I have ldap suffix before ldap group suffix. I switched that but result still the same. ldapsearch -LLLY external -H ldapi:/// cn=admin dn 2/dev/null dn: cn=admin,dc=example,dc=sk tdbdump /var/lib/samba/secrets.tdb - looks ok ( the password too ) ldapsearch -LLLY external -H ldapi:/// ((objectclass=sambaGroupMapping)(|(cn=users)(displayname=users)(uid =users))) 2/dev/null dn: sambaSID=S-1-5-32-545,ou=Groups,dc=example,dc=sk objectClass: sambaSidEntry objectClass: sambaGroupMapping sambaSID: S-1-5-32-545 sambaGroupType: 4 displayName: Users gidNumber: 1 sambaSIDList: S-1-5-21-2390795950-2727105968-4008069955-513 Sorry, that I haven't seen this in your mail at 09:07 This is a working group object: # ldapsearch -LLLY external -H ldapi:/// ((objectclass=sambaGroupMapping)(|(cn=users)(displayname=users) (uid=users))) 2/dev/null dn: cn=users,ou=groups,dc=europa,dc=xx objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 545 cn: users description: Netbios Domain Users sambaSID: S-1-5-32-545 sambaSIDList: S-1-5-21-3958726613-3318811842-4132420312-513 sambaGroupType: 4 displayName: Users The main difference ist the objectclass posixGroup instead of sambaSidEntry. Samba Group Mapping is not a simple task. Your definition with objectclass=sambasidentry is not totally wrong, but the intended use is that you store your posixgroups in /etc/group or in NIS. With an LDAP backend that is not the best approach. I dont understand what are you trying to say :( Do you think that if I have all necessary groups in /etc/group or in NIS, than the windows computer will find grups in domain? I still dont understand why ldap search filter generated by samba ( i have this from samba log ) cannot find anything in database: smbldap_search_paged: base = [dc=gymsnv,dc=sk], filter = [((objectclass=sambaGroupMapping)(sambaGroupType=2)(sambaSID=S-1-5-21-2390795950-2727105968-4008069955*))],scope = [2], pagesize = [1024] [2012/11/29 18:15:14.227560, 3] lib/smbldap.c:1591(smbldap_search_paged) smbldap_search_paged: search was successful [2012/11/29 18:15:14.227647, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 0 If I remove sambaSID and try to find it in ldap, I will get all my groups. Filter = ((objectclass=sambaGroupMapping)(sambaGroupType=2)(sambaSID=*)) Is this normal behavior or my ldap configuration can be incorrect? Here the three standard definitions with objectclass=posixgroup ### A primary group: posix and windows primary members should NOT stored here dn: cn=teachers,ou=groups,dc=europa,dc=xx cn: teachers objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 1001 sambaSID: S-1-5-21-3958726613-3318811842-4132420312-3003 sambaGroupType: 2 displayName: teachers # getent group teachers teachers:*:1001: # net rpc group members teachers # nothing ### A regular group in posix, a global group in windows members are stored in memberUid dn: cn=DomainAdmins,ou=groups,dc=europa,dc=xx objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 512 cn: DomainAdmins memberUid: Administrator memberUid: root description: Netbios Domain Administrators sambaSID: S-1-5-21-3958726613-3318811842-4132420312-512 sambaGroupType: 2 displayName: Domain Admins # getent group domainadmins DomainAdmins:*:512:Administrator,root # Asking for the Windows name, which is stored in displayName # net rpc group members domain admins EUROPA\Administrator EUROPA\root # Asking for the posix name, which is stored in cn # net rpc group members domainadmins EUROPA\Administrator EUROPA\root ### A windows/samba builtin group no posix members Windows members must be stored in sambaSIDList. These type of groups will be used in Windows OS (client and/or server) # ldapsearch -LLLY external -H ldapi:/// ((objectclass=sambaGroupMapping)(cn=administrators)) 2/dev/null dn: cn=Administrators,ou=groups,dc=europa,dc=xx objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 544 cn: Administrators description: Netbios Domain Members can fully administer the computer sambaSID: S-1-5-32-544 sambaSIDList: S-1-5-21-3958726613-3318811842-4132420312-512 sambaGroupType: 4 displayName: Administrators # getent group administrators Administrators:*:544: # net rpc group members administrators EUROPA\Domain Admins ### -- Gruss Harry Jede -- To unsubscribe from this list go to the following URL and read the
Re: [Samba] Samba PDC group list empty
Hi Simo, Hi this is my listing: net -U administrator rpc group members Administrators Enter administrator's password: Couldn't list alias members Your samba server WILL not list the members of this global group, mostly a security issue. ldapsearch -xLLL '((objectclass=sambaGroupMapping)(sambaGroupType=4) (sambaSID=S-1-5-32*))' ldapsearch -xLLL '((objectclass=sambaGroupMapping)(sambaGroupType=4) (sambaSID=*))' dn: sambaSID=S-1-5-32-545,ou=Groups,dc=example,dc=sk objectClass: sambaSidEntry objectClass: sambaGroupMapping sambaSID: S-1-5-32-545 sambaGroupType: 4 displayName: Users gidNumber: 1 sambaSIDList: S-1-5-21-2390795950-2727105968-4008069955-513 Your LDAP client WILL list the group members. Do you know what does this mean? The reason is often wrong configured smbldap-tools. Check the /etc/smbldap-tools/smbldap.conf file for the wrong SID entry. net getdomainsid SID for local machine HOST is: S-1-5-21-2242576961-186067218-2214866780 SID for domain EXAMPLE is: S-1-5-21-2390795950-2727105968-4008069955 Your server and your domain have different SIDs, that may be is yor problem. Try: # net setlocalsid S-1-5-21-2390795950-2727105968-4008069955 and restart samba. Thanks. -- regards Harry Jede -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC group list empty
Hi Simo, please post to the list !!! On Tue, Nov 27, 2012 at 9:56 AM, Harry Jede walk2...@arcor.de wrote: Hi Simo, Hi this is my listing: net -U administrator rpc group members Administrators Enter administrator's password: Couldn't list alias members Your samba server WILL not list the members of this global group, mostly a security issue. User administrator has all rights, so I dont think it is a security issue. Or do you know some checks that I could try? ldapsearch -xLLL '((objectclass=sambaGroupMapping)(sambaGroupType=4) (sambaSID=S-1-5-32*))' ldapsearch -xLLL '((objectclass=sambaGroupMapping)(sambaGroupType=4) (sambaSID=*))' dn: sambaSID=S-1-5-32-545,ou=Groups,dc=example,dc=sk objectClass: sambaSidEntry objectClass: sambaGroupMapping sambaSID: S-1-5-32-545 sambaGroupType: 4 displayName: Users gidNumber: 1 sambaSIDList: S-1-5-21-2390795950-2727105968-4008069955-513 Your LDAP client WILL list the group members. Do you know what does this mean? The reason is often wrong configured smbldap-tools. Check the /etc/smbldap-tools/smbldap.conf file for the wrong SID entry. SID in smbldap.conf is: SID=S-1-5-21-2390795950-2727105968-4008069955 So that is correct. net getdomainsid SID for local machine HOST is: S-1-5-21-2242576961-186067218-2214866780 SID for domain EXAMPLE is: S-1-5-21-2390795950-2727105968-4008069955 Your server and your domain have different SIDs, that may be is yor problem. Try: # net setlocalsid S-1-5-21-2390795950-2727105968-4008069955 and restart samba. Tried that, nothing changed. Post: net getdomainsid Do the following steps (enclosed with ###) in order ### I compared my smb.conf with yours. I have ldap suffix before ldap group suffix. ldap suffix = dc=europa,dc=xx ldap admin dn= cn=admin,dc=europa,dc=xx ldap group suffix= ou=groups ldap user suffix = ou=people,ou=accounts ldap machine suffix = ou=machines,ou=accounts and I have NOT installed winbindd! ### Check if you have the groups defined in LDAP and in /etc/groups. The groups should only be in LDAP. ### check the admin account in ldap: # ldapsearch -LLLY external -H ldapi:/// cn=admin dn 2/dev/null dn: cn=admin,dc=europa,dc=xx Check that your ldap admin password is OK. # tdbdump /var/lib/samba/secrets.tdb look for: { key(45) = SECRETS/LDAP_BIND_PW/cn=admin,dc=europa,dc=xx data(12) = ThePassword\00 } Try to bind with this password: # ldapsearch -xLLL -D cn=admin,dc=europa,dc=xx -w ThePassword ((objectclass=sambaGroupMapping)(|(cn=users)(displayname=users) (uid=users))) Check if root get the same result: # ldapsearch -LLLY external -H ldapi:/// ((objectclass=sambaGroupMapping)(|(cn=users)(displayname=users) (uid=users))) 2/dev/null ### at last, search for duplicate names: # ldapsearch -xLLL ((objectclass=sambaGroupMapping)(|(cn=users) (displayname=users)(uid=users))) dn You should get one result. Thanks. -- regards Harry Jede -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Gruss Harry Jede -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC group list empty
net getdomainsid SID for local machine HOST is: S-1-5-21-2390795950-2727105968-4008069955 SID for domain EXAMPLE is: S-1-5-21-2390795950-2727105968-4008069955 I compared my smb.conf with yours. I have ldap suffix before ldap group suffix. I switched that but result still the same. ldapsearch -LLLY external -H ldapi:/// cn=admin dn 2/dev/null dn: cn=admin,dc=example,dc=sk tdbdump /var/lib/samba/secrets.tdb - looks ok ( the password too ) ldapsearch -LLLY external -H ldapi:/// ((objectclass=sambaGroupMapping)(|(cn=users)(displayname=users)(uid=users))) 2/dev/null dn: sambaSID=S-1-5-32-545,ou=Groups,dc=example,dc=sk objectClass: sambaSidEntry objectClass: sambaGroupMapping sambaSID: S-1-5-32-545 sambaGroupType: 4 displayName: Users gidNumber: 1 sambaSIDList: S-1-5-21-2390795950-2727105968-4008069955-513 ldapsearch -xLLL ((objectclass=sambaGroupMapping)(|(cn=users)(displayname=users)(uid=users))) dn dn: sambaSID=S-1-5-32-545,ou=Groups,dc=example,dc=sk I do not see anything bad, I do not have installed windbindd On Tue, Nov 27, 2012 at 2:46 PM, Harry Jede walk2...@arcor.de wrote: (displayname=users)(uid=users))) dn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC group list empty
On 20:15:56 wrote Andrej Šimko: net getdomainsid SID for local machine HOST is: S-1-5-21-2390795950-2727105968-4008069955 SID for domain EXAMPLE is: S-1-5-21-2390795950-2727105968-4008069955 I compared my smb.conf with yours. I have ldap suffix before ldap group suffix. I switched that but result still the same. ldapsearch -LLLY external -H ldapi:/// cn=admin dn 2/dev/null dn: cn=admin,dc=example,dc=sk tdbdump /var/lib/samba/secrets.tdb - looks ok ( the password too ) ldapsearch -LLLY external -H ldapi:/// ((objectclass=sambaGroupMapping)(|(cn=users)(displayname=users)(uid =users))) 2/dev/null dn: sambaSID=S-1-5-32-545,ou=Groups,dc=example,dc=sk objectClass: sambaSidEntry objectClass: sambaGroupMapping sambaSID: S-1-5-32-545 sambaGroupType: 4 displayName: Users gidNumber: 1 sambaSIDList: S-1-5-21-2390795950-2727105968-4008069955-513 Sorry, that I haven't seen this in your mail at 09:07 This is a working group object: # ldapsearch -LLLY external -H ldapi:/// ((objectclass=sambaGroupMapping)(|(cn=users)(displayname=users) (uid=users))) 2/dev/null dn: cn=users,ou=groups,dc=europa,dc=xx objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 545 cn: users description: Netbios Domain Users sambaSID: S-1-5-32-545 sambaSIDList: S-1-5-21-3958726613-3318811842-4132420312-513 sambaGroupType: 4 displayName: Users The main difference ist the objectclass posixGroup instead of sambaSidEntry. Samba Group Mapping is not a simple task. Your definition with objectclass=sambasidentry is not totally wrong, but the intended use is that you store your posixgroups in /etc/group or in NIS. With an LDAP backend that is not the best approach. Here the three standard definitions with objectclass=posixgroup ### A primary group: posix and windows primary members should NOT stored here dn: cn=teachers,ou=groups,dc=europa,dc=xx cn: teachers objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 1001 sambaSID: S-1-5-21-3958726613-3318811842-4132420312-3003 sambaGroupType: 2 displayName: teachers # getent group teachers teachers:*:1001: # net rpc group members teachers # nothing ### A regular group in posix, a global group in windows members are stored in memberUid dn: cn=DomainAdmins,ou=groups,dc=europa,dc=xx objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 512 cn: DomainAdmins memberUid: Administrator memberUid: root description: Netbios Domain Administrators sambaSID: S-1-5-21-3958726613-3318811842-4132420312-512 sambaGroupType: 2 displayName: Domain Admins # getent group domainadmins DomainAdmins:*:512:Administrator,root # Asking for the Windows name, which is stored in displayName # net rpc group members domain admins EUROPA\Administrator EUROPA\root # Asking for the posix name, which is stored in cn # net rpc group members domainadmins EUROPA\Administrator EUROPA\root ### A windows/samba builtin group no posix members Windows members must be stored in sambaSIDList. These type of groups will be used in Windows OS (client and/or server) # ldapsearch -LLLY external -H ldapi:/// ((objectclass=sambaGroupMapping)(cn=administrators)) 2/dev/null dn: cn=Administrators,ou=groups,dc=europa,dc=xx objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 544 cn: Administrators description: Netbios Domain Members can fully administer the computer sambaSID: S-1-5-32-544 sambaSIDList: S-1-5-21-3958726613-3318811842-4132420312-512 sambaGroupType: 4 displayName: Administrators # getent group administrators Administrators:*:544: # net rpc group members administrators EUROPA\Domain Admins ### -- Gruss Harry Jede -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC group list empty
Hai, The debian 3.5.6 is buggy, use de 3.6.6 version from backports, fixed my problems also. Louis -Oorspronkelijk bericht- Van: andrej.si...@gmail.com [mailto:samba-boun...@lists.samba.org] Namens Andrej Šimko Verzonden: vrijdag 23 november 2012 9:11 Aan: samba@lists.samba.org Onderwerp: [Samba] Samba PDC group list empty Dear samba users, I have very strange problem. I have Samba PDC up and running, but only thing is missing. I cannot see any Domain Groups at all. Here is my config: Debian Squeeze: ii samba 2:3.5.6~dfsg-3squeeze8 SMB/CIFS file, print, and login server for Unix ii samba-common2:3.5.6~dfsg-3squeeze8 common files used by both the Samba server and client ii samba-common-bin2:3.5.6~dfsg-3squeeze8 common files used by both the Samba server and client ii samba-doc 2:3.5.6~dfsg-3squeeze8 Samba documentation /etc/samba/smb.conf [global] dos charset = CP852 unix charset = UTF8 display charset = UTF8 workgroup = EXAMPLE server string = %h server map to guest = Bad User passdb backend = ldapsam:ldap://127.0.0.1/ pam password change = Yes passwd program = /usr/sbin/smbldap-passwd -u %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *all*authentication*tokens*updated* syslog = 0 time server = Yes log file = /var/log/samba/samba.log log level = 3 max log size = 1000 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 add user script = /usr/sbin/smbldap-useradd -m %u -d /home/%u %u delete user script = /usr/sbin/smbldap-userdel %u -r %u add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u add machine script = /usr/sbin/smbldap-useradd -w %u logon script = logon.bat domain logons = Yes os level = 10 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes ldap admin dn = cn=admin,dc=example,dc=sk ldap delete dn = Yes ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Computers ldap suffix = dc=example,dc=sk ldap ssl = no ldap user suffix = ou=Users panic action = /usr/share/samba/panic-action %d map acl inherit = Yes case sensitive = No hide unreadable = Yes map hidden = Yes map system = Yes [homes] comment = Home Directories valid users = %S read only = No create mask = 0644 directory mask = 0700 browseable = No path = /data/samba/homes [netlogon] comment = Network Logon Service path = /data/samba/netlogon read only = No guest ok = Yes locking = No share modes = No [profiles] comment = Users profiles path = /data/samba/profiles read only = No create mask = 0600 directory mask = 0700 hide files = /desktop.ini/ browseable = No /etc/nsswitch.conf # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc Name Service Switch' for information about this file. passwd: compat ldap group: compat ldap shadow: compat ldap hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc:db files netgroup: nis /etc/ldap/ldap.conf # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. host 127.0.0.1 base dc=example,dc=sk binddn cn=admin,dc=example,dc=sk bindpw secret bind_policy soft pam_password exop timelimit 15 nss_base_passwd ou=Users,dc=example,dc=sk nss_base_shadow ou=Users,dc=example,dc=sk nss_base_group ou=Groups,dc=example,dc=sk net getdomainsid SID for local machine HOST is: S-1-5-21-2242576961-186067218-2214866780 SID for domain EXAMPLE is: S-1-5-21-2390795950-2727105968-4008069955 net groupmap list Domain Admins (S-1-5-21-2390795950-2727105968-4008069955-512) - Domain Admins Domain Users (S-1-5-21-2390795950-2727105968-4008069955-513) - Domain Users Domain Guests (S-1-5-21-2390795950-2727105968-4008069955-514) - Domain Guests Domain Computers (S-1-5-21-2390795950-2727105968-4008069955-515) - Domain Computers Administrators (S-1-5-32-544) - Administrators Account Operators (S-1-5-32-548) - Account Operators Print Operators (S-1-5-32-550) - Print Operators Backup Operators (S-1-5-32-551) - Backup Operators Replicators (S-1-5-32-552) - Replicators The strange thing is, if I try on Win XP to search groups, i see in logs: smbldap_search_paged: base = [dc=example,dc=sk], filter = [((objectclass=sambaGroupMapping)(sambaGroupType=2)(sambaSID=S -1-5-21-2390795950-2727105968-4008069955*))],scope = [2], pagesize = [1024] smbldap_search_paged: base = [dc=example,dc=sk], filter
[Samba] Samba PDC group list empty
Dear samba users, I have very strange problem. I have Samba PDC up and running, but only thing is missing. I cannot see any Domain Groups at all. Here is my config: Debian Squeeze: ii samba 2:3.5.6~dfsg-3squeeze8 SMB/CIFS file, print, and login server for Unix ii samba-common2:3.5.6~dfsg-3squeeze8 common files used by both the Samba server and client ii samba-common-bin2:3.5.6~dfsg-3squeeze8 common files used by both the Samba server and client ii samba-doc 2:3.5.6~dfsg-3squeeze8 Samba documentation /etc/samba/smb.conf [global] dos charset = CP852 unix charset = UTF8 display charset = UTF8 workgroup = EXAMPLE server string = %h server map to guest = Bad User passdb backend = ldapsam:ldap://127.0.0.1/ pam password change = Yes passwd program = /usr/sbin/smbldap-passwd -u %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *all*authentication*tokens*updated* syslog = 0 time server = Yes log file = /var/log/samba/samba.log log level = 3 max log size = 1000 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 add user script = /usr/sbin/smbldap-useradd -m %u -d /home/%u %u delete user script = /usr/sbin/smbldap-userdel %u -r %u add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u add machine script = /usr/sbin/smbldap-useradd -w %u logon script = logon.bat domain logons = Yes os level = 10 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes ldap admin dn = cn=admin,dc=example,dc=sk ldap delete dn = Yes ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Computers ldap suffix = dc=example,dc=sk ldap ssl = no ldap user suffix = ou=Users panic action = /usr/share/samba/panic-action %d map acl inherit = Yes case sensitive = No hide unreadable = Yes map hidden = Yes map system = Yes [homes] comment = Home Directories valid users = %S read only = No create mask = 0644 directory mask = 0700 browseable = No path = /data/samba/homes [netlogon] comment = Network Logon Service path = /data/samba/netlogon read only = No guest ok = Yes locking = No share modes = No [profiles] comment = Users profiles path = /data/samba/profiles read only = No create mask = 0600 directory mask = 0700 hide files = /desktop.ini/ browseable = No /etc/nsswitch.conf # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc Name Service Switch' for information about this file. passwd: compat ldap group: compat ldap shadow: compat ldap hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc:db files netgroup: nis /etc/ldap/ldap.conf # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. host 127.0.0.1 base dc=example,dc=sk binddn cn=admin,dc=example,dc=sk bindpw secret bind_policy soft pam_password exop timelimit 15 nss_base_passwd ou=Users,dc=example,dc=sk nss_base_shadow ou=Users,dc=example,dc=sk nss_base_group ou=Groups,dc=example,dc=sk net getdomainsid SID for local machine HOST is: S-1-5-21-2242576961-186067218-2214866780 SID for domain EXAMPLE is: S-1-5-21-2390795950-2727105968-4008069955 net groupmap list Domain Admins (S-1-5-21-2390795950-2727105968-4008069955-512) - Domain Admins Domain Users (S-1-5-21-2390795950-2727105968-4008069955-513) - Domain Users Domain Guests (S-1-5-21-2390795950-2727105968-4008069955-514) - Domain Guests Domain Computers (S-1-5-21-2390795950-2727105968-4008069955-515) - Domain Computers Administrators (S-1-5-32-544) - Administrators Account Operators (S-1-5-32-548) - Account Operators Print Operators (S-1-5-32-550) - Print Operators Backup Operators (S-1-5-32-551) - Backup Operators Replicators (S-1-5-32-552) - Replicators The strange thing is, if I try on Win XP to search groups, i see in logs: smbldap_search_paged: base = [dc=example,dc=sk], filter = [((objectclass=sambaGroupMapping)(sambaGroupType=2)(sambaSID=S-1-5-21-2390795950-2727105968-4008069955*))],scope = [2], pagesize = [1024] smbldap_search_paged: base = [dc=example,dc=sk], filter = [((objectclass=sambaGroupMapping)(sambaGroupType=4)(sambaSID=S-1-5-21-2390795950-2727105968-4008069955*))],scope = [2], pagesize = [1024] smbldap_search_paged: base = [dc=example,dc=sk], filter = [((objectclass=sambaGroupMapping)(sambaGroupType=4)(sambaSID=S-1-5-32*))],scope = [2], pagesize = [1024] If I try to search in ldap with that filter, I
Re: [Samba] Samba PDC group list empty
On 18:32:29 wrote Andrej Šimko: Dear samba users, I have very strange problem. I have Samba PDC up and running, but only thing is missing. I cannot see any Domain Groups at all. ... net getdomainsid SID for local machine HOST is: S-1-5-21-2242576961-186067218-2214866780 SID for domain EXAMPLE is: S-1-5-21-2390795950-2727105968-4008069955 net groupmap list Domain Admins (S-1-5-21-2390795950-2727105968-4008069955-512) - Domain Admins Domain Users (S-1-5-21-2390795950-2727105968-4008069955-513) - Domain Users Domain Guests (S-1-5-21-2390795950-2727105968-4008069955-514) - Domain Guests Domain Computers (S-1-5-21-2390795950-2727105968-4008069955-515) - Domain Computers Administrators (S-1-5-32-544) - Administrators Account Operators (S-1-5-32-548) - Account Operators Print Operators (S-1-5-32-550) - Print Operators Backup Operators (S-1-5-32-551) - Backup Operators Replicators (S-1-5-32-552) - Replicators The strange thing is, if I try on Win XP to search groups, i see in logs: smbldap_search_paged: base = [dc=example,dc=sk], filter = [((objectclass=sambaGroupMapping)(sambaGroupType=2)(sambaSID=S-1-5-2 1-2390795950-2727105968-4008069955*))],scope = [2], pagesize = [1024] smbldap_search_paged: base = [dc=example,dc=sk], filter = [((objectclass=sambaGroupMapping)(sambaGroupType=4)(sambaSID=S-1-5-2 1-2390795950-2727105968-4008069955*))],scope = [2], pagesize = [1024] smbldap_search_paged: base = [dc=example,dc=sk], filter = [((objectclass=sambaGroupMapping)(sambaGroupType=4)(sambaSID=S-1-5-3 # net help rpc group Usage: net rpc group Alias for net rpc group list global local builtin net rpc group add Create specified group net rpc group delete Delete specified group net rpc group addmem Add member to group net rpc group delmem Remove member from group net rpc group list List groups net rpc group members List group members net rpc group rename Rename group # net -U root rpc group members Administrators EUROPA\Domain Admins view this output: # ldapsearch -xLLL '((objectclass=sambaGroupMapping)(sambaGroupType=4) (sambaSID=S-1-5-32*))' dn: cn=Administrators,ou=groups,dc=europa,dc=xx objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 544 cn: Administrators memberUid: Administrator description: Netbios Domain Members can fully administer the computer sambaSID: S-1-5-32-544 sambaSIDList: S-1-5-21-3958726613-3318811842-4132420312-512 sambaGroupType: 4 displayName: Administrators dn: cn=users,ou=groups,dc=europa,dc=xx objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 545 cn: users description: Netbios Domain Users sambaSID: S-1-5-32-545 sambaSIDList: S-1-5-21-3958726613-3318811842-4132420312-513 sambaGroupType: 4 displayName: Users dn: cn=guests,ou=groups,dc=europa,dc=xx objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 546 cn: guests memberUid: nobody description: Netbios Domain Guests sambaSID: S-1-5-32-546 sambaSIDList: S-1-5-21-3958726613-3318811842-4132420312-514 sambaGroupType: 4 displayName: Guests dn: cn=AccountOperators,ou=groups,dc=europa,dc=xx objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 548 cn: AccountOperators description: Netbios Domain Users to manipulate users accounts sambaSID: S-1-5-32-548 sambaGroupType: 4 displayName: Account Operators dn: cn=PrintOperators,ou=groups,dc=europa,dc=xx objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 550 cn: PrintOperators description: Netbios Domain Print Operators sambaSID: S-1-5-32-550 sambaGroupType: 4 displayName: Print Operators dn: cn=BackupOperators,ou=groups,dc=europa,dc=xx objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 551 cn: BackupOperators description: Netbios Domain Members can bypass file security to back up files sambaSID: S-1-5-32-551 sambaGroupType: 4 displayName: Backup Operators dn: cn=Replicators,ou=groups,dc=europa,dc=xx objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 552 cn: Replicators description: Netbios Domain Supports file replication in a sambaDomainName sambaSID: S-1-5-32-552 sambaGroupType: 4 displayName: Replicators If I try to search in ldap with that filter, I always get zero matches. I also tried to use wbinfo, wbinfo -u list all my users, wbinfo -g list is empty. If I try getent passwd and getent group I see all my users and groups. Can somebody help me with this? Thank you! -- Gruss Harry Jede -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC: Admin tools?
I use apache directory studio for LDAP management. It is not samba specific but it is easy enough to use existing user, group or machine objects as templates for new ones. It runs on Windows and Linux (and maybe on Mac.) On 08/25/12 16:39, John Drescher wrote: On Sat, Aug 25, 2012 at 4:34 PM, Alberto Moreno ports...@gmail.com wrote: Guys. I have use smbldap-tools to handle my accounts for my PDC with samba+openldap. Now, I ask here because a lot of people have PDC running on their networks, what tools do u use to manage your openldap db for samba: users, machines, groups? Working with Centos 6.x. Any input will be appreciated, thanks!!! I use ldap account manager to manage my users / machines / group accounts. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC: Admin tools?
On 30/08/12 18:57, Gaiseric Vandal wrote: I use apache directory studio for LDAP management. It is not samba specific but it is easy enough to use existing user, group or machine objects as templates for new ones. It runs on Windows and Linux (and maybe on Mac.) On 08/25/12 16:39, John Drescher wrote: On Sat, Aug 25, 2012 at 4:34 PM, Alberto Moreno ports...@gmail.com wrote: Guys. I have use smbldap-tools to handle my accounts for my PDC with samba+openldap. Now, I ask here because a lot of people have PDC running on their networks, what tools do u use to manage your openldap db for samba: users, machines, groups? Working with Centos 6.x. Any input will be appreciated, thanks!!! I use ldap account manager to manage my users / machines / group accounts. John Hi openSUSE's yast has a really nice and little known frontend to LDAP which handles samba objects too. You can point and click your way through adding/deleting samba specific users and groups. It also has an LDAP browser similar to phpldapadmin. I'm not sure if Yast will fire up on Centos but may be worth a look. Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba PDC: Admin tools?
Guys. I have use smbldap-tools to handle my accounts for my PDC with samba+openldap. Now, I ask here because a lot of people have PDC running on their networks, what tools do u use to manage your openldap db for samba: users, machines, groups? Working with Centos 6.x. Any input will be appreciated, thanks!!! -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC: Admin tools?
On Sat, Aug 25, 2012 at 4:34 PM, Alberto Moreno ports...@gmail.com wrote: Guys. I have use smbldap-tools to handle my accounts for my PDC with samba+openldap. Now, I ask here because a lot of people have PDC running on their networks, what tools do u use to manage your openldap db for samba: users, machines, groups? Working with Centos 6.x. Any input will be appreciated, thanks!!! I use ldap account manager to manage my users / machines / group accounts. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC and Local Group Policies on XP
What did you use kixtart,poledit...? It seems that you did not set the rights on your netlogon the right way!? --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von benedikt.wies...@bw-systems.net Gesendet: Montag, 30. Juli 2012 18:39 An: samba@lists.samba.org Betreff: [Samba] Samba PDC and Local Group Policies on XP Hi *, I have reinstalled a server with the newest version of samba and configured it as PDC based on this tutorial (http://www.nicht-blau.de/2010/12/28/howto-samba-3-5-6-pdc-primary-domain-co ntroller-und-windows-7-2/). I then copied the old profiles folder onto the new server and set the permissions. But however before the reinstallation every Domainuser in the Domain accepted the Group Policies I set up at every Win XP computer (i.e. Setting a specific Wallpaper, Setting a specific design, deny access to system controls) and now they are consequently ignored. Example: I log on as Administrator (locally): - I have no access to system controls - I have my Wallpaper - I have my Design (Group policies are working) I log on as Domainuser: - I have full rights, I can do everything - I have a blue Wallpaper - Nothing happened to the design What the hell is going wrong? Why does a Domainuser has more rights than the administrator and why does the group policies do nothing? I hope somebody can help me. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba PDC + ldap: segfault in uid_to_sid/_nss_ldap_getpwuid_r
All, on a fairly large (73 TB XFS) file server running CentOS 6.2, samba 3.5.10-116.el6_2 I see pretty frequently backtraces like this one: May 11 15:54:19 vrfs001 smbd[11709]: [2012/05/11 15:54:19.793851, 0] lib/fault.c:46(fault_report) May 11 15:54:19 vrfs001 smbd[11709]: === May 11 15:54:19 vrfs001 smbd[11709]: [2012/05/11 15:54:19.793921, 0] lib/fault.c:47(fault_report) May 11 15:54:19 vrfs001 smbd[11709]: INTERNAL ERROR: Signal 11 in pid 11709 (3.5.10-116.el6_2.slrdbg2) May 11 15:54:19 vrfs001 smbd[11709]: Please read the Trouble-Shooting section of the Samba3-HOWTO May 11 15:54:19 vrfs001 smbd[11709]: [2012/05/11 15:54:19.793947, 0] lib/fault.c:49(fault_report) May 11 15:54:19 vrfs001 smbd[11709]: May 11 15:54:19 vrfs001 smbd[11709]: From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf May 11 15:54:19 vrfs001 smbd[11709]: [2012/05/11 15:54:19.793982, 0] lib/fault.c:50(fault_report) May 11 15:54:19 vrfs001 smbd[11709]: === May 11 15:54:19 vrfs001 smbd[11709]: [2012/05/11 15:54:19.794010, 0] lib/util.c:1490(smb_panic) May 11 15:54:19 vrfs001 smbd[11709]: PANIC (pid 11709): internal error May 11 15:54:19 vrfs001 smbd[11709]: [2012/05/11 15:54:19.826895, 0] lib/util.c:1594(log_stack_trace) May 11 15:54:19 vrfs001 smbd[11709]: BACKTRACE: 29 stack frames: May 11 15:54:19 vrfs001 smbd[11709]:#0 smbd(log_stack_trace+0x1a) [0x7fae111cc8aa] May 11 15:54:19 vrfs001 smbd[11709]:#1 smbd(smb_panic+0x1f) [0x7fae111cc96f] May 11 15:54:19 vrfs001 smbd[11709]:#2 smbd(+0x36b26d) [0x7fae111bc26d] May 11 15:54:19 vrfs001 smbd[11709]:#3 /lib64/libc.so.6(+0x32900) [0x7fae0e030900] May 11 15:54:19 vrfs001 smbd[11709]:#4 /lib64/libnss_ldap.so.2(_nss_ldap_getpwuid_r+0x15d) [0x7fae03586a6d] May 11 15:54:19 vrfs001 smbd[11709]:#5 /lib64/libc.so.6(getpwuid_r+0xdd) [0x7fae0e0a84ed] May 11 15:54:19 vrfs001 smbd[11709]:#6 /lib64/libc.so.6(getpwuid+0x6f) [0x7fae0e0a7ddf] May 11 15:54:19 vrfs001 smbd[11709]:#7 smbd(+0x31bd5d) [0x7fae1116cd5d] May 11 15:54:19 vrfs001 smbd[11709]:#8 smbd(+0x32174f) [0x7fae1117274f] May 11 15:54:19 vrfs001 smbd[11709]:#9 smbd(uid_to_sid+0x10b) [0x7fae1117291b] May 11 15:54:19 vrfs001 smbd[11709]:#10 smbd(create_file_sids+0x1f) [0x7fae10facd0f] May 11 15:54:19 vrfs001 smbd[11709]:#11 smbd(+0x164689) [0x7fae10fb5689] May 11 15:54:19 vrfs001 smbd[11709]:#12 smbd(posix_get_nt_acl+0x10b) [0x7fae10fb63fb] May 11 15:54:19 vrfs001 smbd[11709]:#13 smbd(+0x1872bd) [0x7fae10fd82bd] May 11 15:54:19 vrfs001 smbd[11709]:#14 smbd(smb_vfs_call_get_nt_acl+0x2d) [0x7fae10fa7b9d] May 11 15:54:19 vrfs001 smbd[11709]:#15 smbd(can_access_file_acl+0x6f) [0x7fae10fc7d1f] May 11 15:54:19 vrfs001 smbd[11709]:#16 smbd(reply_ntcreate_and_X+0xf25) [0x7fae10f69a65] May 11 15:54:19 vrfs001 smbd[11709]:#17 smbd(+0x1690f5) [0x7fae10fba0f5] May 11 15:54:19 vrfs001 smbd[11709]:#18 smbd(+0x169497) [0x7fae10fba497] May 11 15:54:19 vrfs001 smbd[11709]:#19 smbd(+0x1699f8) [0x7fae10fba9f8] May 11 15:54:19 vrfs001 smbd[11709]:#20 smbd(run_events+0x22b) [0x7fae111dcbbb] May 11 15:54:19 vrfs001 smbd[11709]:#21 smbd(smbd_process+0x82b) [0x7fae10fb966b] May 11 15:54:19 vrfs001 smbd[11709]:#22 smbd(+0x678fce) [0x7fae114c9fce] May 11 15:54:19 vrfs001 smbd[11709]:#23 smbd(run_events+0x22b) [0x7fae111dcbbb] May 11 15:54:19 vrfs001 smbd[11709]:#24 smbd(+0x38bee1) [0x7fae111dcee1] May 11 15:54:19 vrfs001 smbd[11709]:#25 smbd(_tevent_loop_once+0x90) [0x7fae111dd2c0] May 11 15:54:19 vrfs001 smbd[11709]:#26 smbd(main+0xb7b) [0x7fae114cad2b] May 11 15:54:19 vrfs001 smbd[11709]:#27 /lib64/libc.so.6(__libc_start_main+0xfd) [0x7fae0e01ccdd] May 11 15:54:19 vrfs001 smbd[11709]:#28 smbd(+0xea849) [0x7fae10f3b849] May 11 15:54:19 vrfs001 smbd[11709]: [2012/05/11 15:54:19.827188, 0] lib/fault.c:326(dump_core) May 11 15:54:19 vrfs001 smbd[11709]: dumping core in /var/log/samba/cores/smbd pwuid information is stored in OpenLDAP on this machine - could this be related? anyone ever seen this - any clue how to debug this further? thanks, guenter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC with Windows 7 support request
On 02/16/12 06:21, Dermot wrote: 2012/1/31 Jiří Procházka jiri.procha...@norbou.com: Dear Samba support team, I have a question on Samba 3.5.8 please, which is not solved by searching the forums. I tried all suggested solutions, but nothing take effect. ... Domain users experience a slow login performance on Windows 7 clients that are joined into a samba domain (Samba version 3.5.4). The Windows 7 client was joined successfully into the domain with the Windows 7 registry settings adjusted according to http://wiki.samba.org/index.php/Windows7 (DomainCompatibilityMode = 0 and DNSNameResolutionRequired = 0). ... I have had similar problems. I was referred to the message in the mailing list archive [1]. I have applied what was described - used gpedit.msc - this but I am still experiencing slow login times, exactly 40 seconds on each workstation. I just checked on one workstation where the user had a jpeg as his desktop background, I mention this because there are references to a Window7 bug about slow login and a plain desktop, and that has the correct group policy setting and still the login time was exactly 40 seconds. I too be interested in hearing what others have to say on this. Thanks, Dermot. 1) http://www.mail-archive.com/samba@lists.samba.org/msg104494.html Are you using roaming profiles ? Are you using offline folders- I had problems with offline folders and Windows 7- it could break offline authentication. Does the Windows event log show anything about problems locating a domain controller? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba PDC/NIS client
On Sun, Mar 11, 2012 at 4:09 AM, Tony Molloy tony.mol...@ul.ie wrote: On Sunday 11 March 2012 05:31:35 Simon Matthews wrote: On Sat, Mar 10, 2012 at 4:24 PM, Gaiseric Vandal gaiseric.van...@gmail.comwrote: Do you have password sync enabled?If password sync is enabled, samba will try to use the passwd command to set the unix password. But with nis, you probably might need something nis specific. On solaris it was “passwd –r nis” - not sure about linux.Probably better to just disable password sync. I've got a very similar setup to you. Except I use a smbpasswd file. No, I don't have this option enabled. I am not sure how it is relevant. Problem summary: The samba PDC is an NIS client getent passwd retruns the passwd data. The user's SAMBA password was set using smbpasswd The user's NIS passwd was set using yppasswd So far all the same. ALL I had to do to allow domain logins was: ypcat passwd | grep username /etc/passwd Why duplicate the password entries. I just have them in NIS and /etc/passwd just has the system passwords. Note that after copying the user details to /etc/passwd, the password that was set with smbpasswd was the password that was used with the successful domain login. Don't really uinderstand what you mean by domain logins 1. Create the user under linux first 2. Use smbpasswd to add the user to samba You now have a user in both linux and samba but remember the passwords are stored separately, changing one does not change the other. 3. Edit /etc/nsswitch.conf. Set passwd:files nis shdow: files Removing the nis entry from shadow: in /etc/nsswitch.conf solved the issue. I don't understand why, but it did . Simon That works for me. YMMV Tony Simon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba PDC/NIS client
If your NIS passwd file did NOT have a valid password, maybe samba or unix was rejecting logins as a security measure. On 03/12/12 13:33, Simon Matthews wrote: On Sun, Mar 11, 2012 at 4:09 AM, Tony Molloytony.mol...@ul.ie wrote: On Sunday 11 March 2012 05:31:35 Simon Matthews wrote: On Sat, Mar 10, 2012 at 4:24 PM, Gaiseric Vandal gaiseric.van...@gmail.comwrote: Do you have password sync enabled?If password sync is enabled, samba will try to use the passwd command to set the unix password. But with nis, you probably might need something nis specific. On solaris it was “passwd –r nis” - not sure about linux.Probably better to just disable password sync. I've got a very similar setup to you. Except I use a smbpasswd file. No, I don't have this option enabled. I am not sure how it is relevant. Problem summary: The samba PDC is an NIS client getent passwd retruns the passwd data. The user's SAMBA password was set using smbpasswd The user's NIS passwd was set using yppasswd So far all the same. ALL I had to do to allow domain logins was: ypcat passwd | grepusername/etc/passwd Why duplicate the password entries. I just have them in NIS and /etc/passwd just has the system passwords. Note that after copying the user details to /etc/passwd, the password that was set with smbpasswd was the password that was used with the successful domain login. Don't really uinderstand what you mean by domain logins 1. Create the user under linux first 2. Use smbpasswd to add the user to samba You now have a user in both linux and samba but remember the passwords are stored separately, changing one does not change the other. 3. Edit /etc/nsswitch.conf. Set passwd:files nis shdow: files Removing the nis entry from shadow: in /etc/nsswitch.conf solved the issue. I don't understand why, but it did . Simon That works for me. YMMV Tony Simon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba PDC/NIS client
On Monday 12 March 2012 17:33:28 Simon Matthews wrote: On Sun, Mar 11, 2012 at 4:09 AM, Tony Molloy tony.mol...@ul.ie wrote: On Sunday 11 March 2012 05:31:35 Simon Matthews wrote: On Sat, Mar 10, 2012 at 4:24 PM, Gaiseric Vandal gaiseric.van...@gmail.comwrote: Do you have password sync enabled?If password sync is enabled, samba will try to use the passwd command to set the unix password. But with nis, you probably might need something nis specific. On solaris it was “passwd –r nis” - not sure about linux.Probably better to just disable password sync. I've got a very similar setup to you. Except I use a smbpasswd file. No, I don't have this option enabled. I am not sure how it is relevant. Problem summary: The samba PDC is an NIS client getent passwd retruns the passwd data. The user's SAMBA password was set using smbpasswd The user's NIS passwd was set using yppasswd So far all the same. ALL I had to do to allow domain logins was: ypcat passwd | grep username /etc/passwd Why duplicate the password entries. I just have them in NIS and /etc/passwd just has the system passwords. Note that after copying the user details to /etc/passwd, the password that was set with smbpasswd was the password that was used with the successful domain login. Don't really uinderstand what you mean by domain logins 1. Create the user under linux first 2. Use smbpasswd to add the user to samba You now have a user in both linux and samba but remember the passwords are stored separately, changing one does not change the other. 3. Edit /etc/nsswitch.conf. Set passwd:files nis shdow: files Removing the nis entry from shadow: in /etc/nsswitch.conf solved the issue. I don't understand why, but it did . Simon The shadow file /etc/shadow stores the passwords associated with the entries in the password file /etc/passwd. It has nothing to do with the NIS password database which stores the passwords in the actual database entries. Tony That works for me. YMMV Tony Simon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba PDC/NIS client
On Sunday 11 March 2012 05:31:35 Simon Matthews wrote: On Sat, Mar 10, 2012 at 4:24 PM, Gaiseric Vandal gaiseric.van...@gmail.comwrote: Do you have password sync enabled?If password sync is enabled, samba will try to use the passwd command to set the unix password. But with nis, you probably might need something nis specific. On solaris it was “passwd –r nis” - not sure about linux.Probably better to just disable password sync. I've got a very similar setup to you. Except I use a smbpasswd file. No, I don't have this option enabled. I am not sure how it is relevant. Problem summary: The samba PDC is an NIS client getent passwd retruns the passwd data. The user's SAMBA password was set using smbpasswd The user's NIS passwd was set using yppasswd So far all the same. ALL I had to do to allow domain logins was: ypcat passwd | grep username /etc/passwd Why duplicate the password entries. I just have them in NIS and /etc/passwd just has the system passwords. Note that after copying the user details to /etc/passwd, the password that was set with smbpasswd was the password that was used with the successful domain login. Don't really uinderstand what you mean by domain logins 1. Create the user under linux first 2. Use smbpasswd to add the user to samba You now have a user in both linux and samba but remember the passwords are stored separately, changing one does not change the other. 3. Edit /etc/nsswitch.conf. Set passwd:files nis shdow: files That works for me. YMMV Tony Simon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba PDC/NIS client
Do you have password sync enabled?If password sync is enabled, samba will try to use the passwd command to set the unix password. But with nis, you probably might need something nis specific. On solaris it was passwd -r nis - not sure about linux.Probably better to just disable password sync. From: Simon Matthews [mailto:simon.d.matth...@gmail.com] Sent: Friday, March 09, 2012 4:04 PM To: gaiseric.van...@gmail.com Cc: samba@lists.samba.org Subject: Re: [Samba] samba PDC/NIS client On Fri, Mar 9, 2012 at 6:15 AM, Gaiseric Vandal gaiseric.van...@gmail.com wrote: I don't think is this a samba issue. Samba accounts need to have a corresponding unix account. Shouldn't matter if they are in NIS or /etc/passwd. If you have users in both it could get a problem. Is getent passwd really showing the users from NIS? Yes. In fact, for those users who are in both the /etc/passwd and nis tables, it shows both entries (and the details match between both entries) How about getent shadow (assuming a linux machine and not solaris, No, this only shows the users with entries in /etc/shadow. However: 1. getent passwd includes the hashed passwords of users in the nis tables 2. It was not necessary to add the user to /etc/shadow in order to allow samba domain logins. All I had to do was add the user to /etc/passwd. and probably doesn't matter anyway.) Do you have an /etc/nsswitch.conf entry for shadow: files nis Yes Are you missing the : in the nsswitch.conf entries? No. Are your user names all in lower case? Are they all 8 characters or under. Yes. Simon On 03/08/12 22:46, Simon Matthews wrote: I have a server which is a samba PDC and has recently been converted to an NIS client. For historic reasons, many users login information is in the local machine's /etc/passwd and /etc/shadow files. samba is set up to use a tdbsam database. I got the first indication of problems when I tried to add a user using the smbpasswd -a command. I found that smbpasswd would not recognize the user unless either the username was in the /etc/passwd file, or I changed /etc/nsswitch.conf from passwd compat TO: passwd files nis However, if I make the latter change, the user cannot log into any Windows machines that are controlled by my PDC. To allow logins, all I have to do is ypcat passwd | grepusername/etc/passwd After this, the user can log in. Is there any configuration of samba that will allow it to properly recognize user data from the NIS map and not require the user to be listed in the /etc/passwd file? Simon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba PDC/NIS client
On Sat, Mar 10, 2012 at 4:24 PM, Gaiseric Vandal gaiseric.van...@gmail.comwrote: Do you have password sync enabled?If password sync is enabled, samba will try to use the passwd command to set the unix password. But with nis, you probably might need something nis specific. On solaris it was “passwd –r nis” - not sure about linux.Probably better to just disable password sync. No, I don't have this option enabled. I am not sure how it is relevant. Problem summary: The samba PDC is an NIS client getent passwd retruns the passwd data. The user's SAMBA password was set using smbpasswd The user's NIS passwd was set using yppasswd ALL I had to do to allow domain logins was: ypcat passwd | grep username /etc/passwd Note that after copying the user details to /etc/passwd, the password that was set with smbpasswd was the password that was used with the successful domain login. Simon ** ** ** ** ** ** *From:* Simon Matthews [mailto:simon.d.matth...@gmail.com] *Sent:* Friday, March 09, 2012 4:04 PM *To:* gaiseric.van...@gmail.com *Cc:* samba@lists.samba.org *Subject:* Re: [Samba] samba PDC/NIS client ** ** ** ** On Fri, Mar 9, 2012 at 6:15 AM, Gaiseric Vandal gaiseric.van...@gmail.com wrote: I don't think is this a samba issue. Samba accounts need to have a corresponding unix account. Shouldn't matter if they are in NIS or /etc/passwd. If you have users in both it could get a problem. Is getent passwd really showing the users from NIS? ** ** Yes. In fact, for those users who are in both the /etc/passwd and nis tables, it shows both entries (and the details match between both entries) ** ** How about getent shadow (assuming a linux machine and not solaris, No, this only shows the users with entries in /etc/shadow. However: 1. getent passwd includes the hashed passwords of users in the nis tables* *** 2. It was not necessary to add the user to /etc/shadow in order to allow samba domain logins. All I had to do was add the user to /etc/passwd. and probably doesn't matter anyway.) Do you have an /etc/nsswitch.conf entry for shadow: files nis Yes Are you missing the : in the nsswitch.conf entries? No. Are your user names all in lower case? Are they all 8 characters or under. ** ** Yes. ** ** Simon On 03/08/12 22:46, Simon Matthews wrote: I have a server which is a samba PDC and has recently been converted to an NIS client. For historic reasons, many users login information is in the local machine's /etc/passwd and /etc/shadow files. samba is set up to use a tdbsam database. I got the first indication of problems when I tried to add a user using the smbpasswd -a command. I found that smbpasswd would not recognize the user unless either the username was in the /etc/passwd file, or I changed /etc/nsswitch.conf from passwd compat TO: passwd files nis However, if I make the latter change, the user cannot log into any Windows machines that are controlled by my PDC. To allow logins, all I have to do is ypcat passwd | grepusername/etc/passwd After this, the user can log in. Is there any configuration of samba that will allow it to properly recognize user data from the NIS map and not require the user to be listed in the /etc/passwd file? Simon ** ** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba ** ** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba PDC/NIS client
I don't think is this a samba issue. Samba accounts need to have a corresponding unix account. Shouldn't matter if they are in NIS or /etc/passwd. If you have users in both it could get a problem. Is getent passwd really showing the users from NIS? How about getent shadow (assuming a linux machine and not solaris, and probably doesn't matter anyway.) Do you have an /etc/nsswitch.conf entry for shadow: files nis Are you missing the : in the nsswitch.conf entries? Are your user names all in lower case? Are they all 8 characters or under. On 03/08/12 22:46, Simon Matthews wrote: I have a server which is a samba PDC and has recently been converted to an NIS client. For historic reasons, many users login information is in the local machine's /etc/passwd and /etc/shadow files. samba is set up to use a tdbsam database. I got the first indication of problems when I tried to add a user using the smbpasswd -a command. I found that smbpasswd would not recognize the user unless either the username was in the /etc/passwd file, or I changed /etc/nsswitch.conf from passwd compat TO: passwd files nis However, if I make the latter change, the user cannot log into any Windows machines that are controlled by my PDC. To allow logins, all I have to do is ypcat passwd | grepusername/etc/passwd After this, the user can log in. Is there any configuration of samba that will allow it to properly recognize user data from the NIS map and not require the user to be listed in the /etc/passwd file? Simon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba PDC/NIS client
On Fri, Mar 9, 2012 at 6:15 AM, Gaiseric Vandal gaiseric.van...@gmail.comwrote: I don't think is this a samba issue. Samba accounts need to have a corresponding unix account. Shouldn't matter if they are in NIS or /etc/passwd. If you have users in both it could get a problem. Is getent passwd really showing the users from NIS? Yes. In fact, for those users who are in both the /etc/passwd and nis tables, it shows both entries (and the details match between both entries) How about getent shadow (assuming a linux machine and not solaris, No, this only shows the users with entries in /etc/shadow. However: 1. getent passwd includes the hashed passwords of users in the nis tables 2. It was not necessary to add the user to /etc/shadow in order to allow samba domain logins. All I had to do was add the user to /etc/passwd. and probably doesn't matter anyway.) Do you have an /etc/nsswitch.conf entry for shadow: files nis Yes Are you missing the : in the nsswitch.conf entries? No. Are your user names all in lower case? Are they all 8 characters or under. Yes. Simon On 03/08/12 22:46, Simon Matthews wrote: I have a server which is a samba PDC and has recently been converted to an NIS client. For historic reasons, many users login information is in the local machine's /etc/passwd and /etc/shadow files. samba is set up to use a tdbsam database. I got the first indication of problems when I tried to add a user using the smbpasswd -a command. I found that smbpasswd would not recognize the user unless either the username was in the /etc/passwd file, or I changed /etc/nsswitch.conf from passwd compat TO: passwd files nis However, if I make the latter change, the user cannot log into any Windows machines that are controlled by my PDC. To allow logins, all I have to do is ypcat passwd | grepusername/etc/passwd After this, the user can log in. Is there any configuration of samba that will allow it to properly recognize user data from the NIS map and not require the user to be listed in the /etc/passwd file? Simon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/**mailman/options/sambahttps://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba PDC/NIS client
I have a server which is a samba PDC and has recently been converted to an NIS client. For historic reasons, many users login information is in the local machine's /etc/passwd and /etc/shadow files. samba is set up to use a tdbsam database. I got the first indication of problems when I tried to add a user using the smbpasswd -a command. I found that smbpasswd would not recognize the user unless either the username was in the /etc/passwd file, or I changed /etc/nsswitch.conf from passwd compat TO: passwd files nis However, if I make the latter change, the user cannot log into any Windows machines that are controlled by my PDC. To allow logins, all I have to do is ypcat passwd | grep username /etc/passwd After this, the user can log in. Is there any configuration of samba that will allow it to properly recognize user data from the NIS map and not require the user to be listed in the /etc/passwd file? Simon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC with Windows 7 support request
2012/1/31 Jiří Procházka jiri.procha...@norbou.com: Dear Samba support team, I have a question on Samba 3.5.8 please, which is not solved by searching the forums. I tried all suggested solutions, but nothing take effect. ... Domain users experience a slow login performance on Windows 7 clients that are joined into a samba domain (Samba version 3.5.4). The Windows 7 client was joined successfully into the domain with the Windows 7 registry settings adjusted according to http://wiki.samba.org/index.php/Windows7 (DomainCompatibilityMode = 0 and DNSNameResolutionRequired = 0). ... I have had similar problems. I was referred to the message in the mailing list archive [1]. I have applied what was described - used gpedit.msc - this but I am still experiencing slow login times, exactly 40 seconds on each workstation. I just checked on one workstation where the user had a jpeg as his desktop background, I mention this because there are references to a Window7 bug about slow login and a plain desktop, and that has the correct group policy setting and still the login time was exactly 40 seconds. I too be interested in hearing what others have to say on this. Thanks, Dermot. 1) http://www.mail-archive.com/samba@lists.samba.org/msg104494.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC with Windows 7 support request
Have you tried these settings (posted here about a year ago)? When the following local GPO is left in its default setting Samba domain logons are delayed for 30 seconds: Computer Configuration\Administrative Templates\System\User Profiles\Set maximum wait time for the network if the user has a roaming user profile or remote home directory. Enable this and set the value to 0 to work around this timeout. The timeout does not occur when logging into an Active Directory PDC running Server 2008 R2. I have not tested this with w2k8 R2 client. In addition, if the user's desktop is set to a solid background color logons of any kind (local, AD, samba) will be delayed by 30 seconds. Set the background to any .jpg image or apply Microsoft's hotfix to work around this issue. This is a cumulative timeout; that is, if the above timeout is in affect and the solid background color timeout is also in affect the delay is 60 seconds. I also experienced a 30 second timeout when I set the local GPO to Run logon scripts synchronously. This problem has inexplicably vanished and I can't replicate it though I don't see it listed in any Windows 7 updates. Might have been happening to me with Windows 7 PRO. I'll check that if anyone is interested. The fix was to apply an old Vista reg setting. Can be Googled as Vista Run logon scripts synchronously. Marc Cain On Jan 31, 2012, at 11:45 AM, Jiří Procházka wrote: Dear Samba support team, I have a question on Samba 3.5.8 please, which is not solved by searching the forums. I tried all suggested solutions, but nothing take effect. Situation: - small public school - We have Ubuntu Server 11.04 64-bit - Samba 3.5.8 as PDC - Windows XP and Windows 7 Pro SP1 clients - On Windows XP everything works. Login is quick and reliable there. Problem: But our problem is with Windows 7 domain clients, where login and logout takes more than 1,5 minute with clear user profile. Yes, we have only 100 Mbit LAN, but why XP can operate so much faster? We are using Aero with background images, but logon locally is very fast. Only using travel profiles is very slow. I have tried: - Disable IPv6, - Disabled UAC - set policies time to wait on server, - I applied all performace recommended settings suggested at samba.org for Windows 7 (http://wiki.samba.org/index.php/Windows7) Very similar post I have found here: https://bugzilla.samba.org/show_bug.cgi?id=8300 Domain users experience a slow login performance on Windows 7 clients that are joined into a samba domain (Samba version 3.5.4). The Windows 7 client was joined successfully into the domain with the Windows 7 registry settings adjusted according to http://wiki.samba.org/index.php/Windows7 (DomainCompatibilityMode = 0 and DNSNameResolutionRequired = 0). We need solve this bug, in other case we can’t use Samba as PDC and we must change the platform. Please put this request on free support boards or send me an offer for paid support. Can help adding this to GLOBAL section? domain master = yes local master = yes preffered master = yes os level = 64 Thanks a lot, I hope I’m not disturbing main Samba developers, With best regards, Jiri Prochazka Teacher from Waldorf high school in Prague Czech and English only :-) smb.conf-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba PDC with Windows 7 support request
Dear Samba support team, I have a question on Samba 3.5.8 please, which is not solved by searching the forums. I tried all suggested solutions, but nothing take effect. Situation: - small public school - We have Ubuntu Server 11.04 64-bit - Samba 3.5.8 as PDC - Windows XP and Windows 7 Pro SP1 clients - On Windows XP everything works. Login is quick and reliable there. Problem: But our problem is with Windows 7 domain clients, where login and logout takes more than 1,5 minute with clear user profile. Yes, we have only 100 Mbit LAN, but why XP can operate so much faster? We are using Aero with background images, but logon locally is very fast. Only using travel profiles is very slow. I have tried: - Disable IPv6, - Disabled UAC - set policies time to wait on server, - I applied all performace recommended settings suggested at samba.org for Windows 7 (http://wiki.samba.org/index.php/Windows7) Very similar post I have found here: https://bugzilla.samba.org/show_bug.cgi?id=8300 Domain users experience a slow login performance on Windows 7 clients that are joined into a samba domain (Samba version 3.5.4). The Windows 7 client was joined successfully into the domain with the Windows 7 registry settings adjusted according to http://wiki.samba.org/index.php/Windows7 (DomainCompatibilityMode = 0 and DNSNameResolutionRequired = 0). We need solve this bug, in other case we can’t use Samba as PDC and we must change the platform. Please put this request on free support boards or send me an offer for paid support. Can help adding this to GLOBAL section? domain master = yes local master = yes preffered master = yes os level = 64 Thanks a lot, I hope I’m not disturbing main Samba developers, With best regards, Jiri Prochazka Teacher from Waldorf high school in Prague Czech and English only :-) # # Sample configuration file for the Samba suite for Debian GNU/Linux. # # # This is the main Samba configuration file. You should read the # smb.conf(5) manual page in order to understand the options listed # here. Samba has a huge number of configurable options most of which # are not shown in this example # # Some options that are often worth tuning have been included as # commented-out examples in this file. # - When such options are commented with ;, the proposed setting #differs from the default Samba behaviour # - When commented with #, the proposed setting is the default #behaviour of Samba but the option is considered important #enough to be mentioned here # # NOTE: Whenever you modify this file you should run the command # testparm to check that you have not made any basic syntactic # errors. # A well-established practice is to name the original file # smb.conf.master and create the real config file with # testparm -s smb.conf.master smb.conf # This minimizes the size of the really used smb.conf file # which, according to the Samba Team, impacts performance # However, use this with caution if your smb.conf file contains nested # include statements. See Debian bug #483187 for a case # where using a master file is not a good idea. # #=== Global Settings === [global] ## Browsing/Identification ### # Change this to the workgroup/NT-domain name your Samba server will part of workgroup = LYCEUM # server string is the equivalent of the NT Description field server string = %h server (Samba, Ubuntu) # Windows Internet Name Serving Support Section: # WINS Support - Tells the NMBD component of Samba to enable its WINS Server # wins support = no # WINS Server - Tells the NMBD components of Samba to be a WINS Client # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both ; wins server = w.x.y.z # This will prevent nmbd to search for NetBIOS names through DNS. dns proxy = no # What naming service and in what order should we use to resolve host names # to IP addresses ; name resolve order = lmhosts host wins bcast Networking # The specific set of interfaces / networks to bind to # This can be either the interface name or an IP address/netmask; # interface names are normally preferred ; interfaces = 127.0.0.0/8 eth0 # Only bind to the named interfaces and/or networks; you must use the # 'interfaces' option above to use this. # It is recommended that you enable this feature if your Samba machine is # not protected by a firewall or is a firewall itself. However, this # option cannot handle dynamic or non-broadcast interfaces correctly. ; bind interfaces only = yes Debugging/Accounting # This tells Samba to use a separate log file for each machine # that connects log file = /var/log/samba/log.%m # Cap the size of the individual log files (in KiB). max log size = 1000 # If you want Samba to only log through syslog then set the following # parameter to 'yes'. # syslog only = no
[Samba] Samba PDC cluster with RHCS
Dear Sir, I have implemented Samba PDC. Its working fine. But o do Highly Available, I have been trying to make it in 2 node cluster. Everything is running fine. But facing a problem, which I want to share. When I shift PDC to another cluster node. Everything is shifting fine. But my existing user can not log in. The can logged in again if I rejoined that mechine again to domain. I am explaining little bit more. Suppose user X can log in to my ClusterNode 1 PDC from a machine Y. If my ClusterNode 1 goes down all the resources are shifting to the ClusterNode 2. When user X try to log in from the same machine Y. X cant. I need to rejoined machine Y to the ClusterNode 2 then user X can log in. My believe. I will get a solution from you. Please. -- Rgds. *Shyfur* -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC cluster with RHCS
If you running samba3 you will need to setup a bdc to take over business of your pdc. Or a real time synced pdc copy on the other node that starts up when the real pdc is going down. In cases of ha I made also best experiences with samba4 in replication mode. Good Luck Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Md. Shyfur Rahman Gesendet: Sonntag, 11. Dezember 2011 19:04 An: ob...@samba.org Cc: samba@lists.samba.org Betreff: [Samba] Samba PDC cluster with RHCS Dear Sir, I have implemented Samba PDC. Its working fine. But o do Highly Available, I have been trying to make it in 2 node cluster. Everything is running fine. But facing a problem, which I want to share. When I shift PDC to another cluster node. Everything is shifting fine. But my existing user can not log in. The can logged in again if I rejoined that mechine again to domain. I am explaining little bit more. Suppose user X can log in to my ClusterNode 1 PDC from a machine Y. If my ClusterNode 1 goes down all the resources are shifting to the ClusterNode 2. When user X try to log in from the same machine Y. X cant. I need to rejoined machine Y to the ClusterNode 2 then user X can log in. My believe. I will get a solution from you. Please. -- Rgds. *Shyfur* -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba PDC [profiles] how to add AppData/Local
Hello everybody, # smbd -V Version 3.5.6 I am running a domain controller for windows 7 clients and there is the Kerio mailserver saves important data to AppData/Local/Kerio The default [profiles] only saves AppData/Roaming how can I add AppData/Local or even the complete AppData to the profiles stored by our Samba DC? Thanks in advance, Kind regards, Jelle signature.asc Description: OpenPGP digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba PDC disabling roaming profiles
Hi all, I have tested it with several users (with winxp and win7) and it works fine. Hope that helps anyone who has this problem, Greetings, ESG 2011/10/11 ESGLinux esggru...@gmail.com Hi again, I have found this: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ProfileMgmt.html#id2660484 In smb.conf Affect the following settings and ALL clients will be forced to use a local profile: logon home = http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/smb.conf.5.html#LOGONHOMEand logon path = http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/smb.conf.5.html#LOGONPATH The arguments to these parameters must be left blank. It is necessary to include the = sign to specifically assign the empty value. Anyone can confirm that this is right? can I have problems with existing profiles? Thanks, ESG 2011/10/11 ESGLinux esggru...@gmail.com Hi All, I recently have updated my samba server to 3.3.7-1. I use this server as PDC of my Windows Domain, The problem is that the profiles of the server are saved in the home dir of the users. The users have a lot of GigaB so I want to disable this feature. I have read ( http://www.linuxquestions.org/questions/linux-general-1/samba-pdc-without-roaming-profiles-2-a-47604/, for example) that this feature is disabled in the client side but I have a lof of them. So my question is if is there any way to disable it on the server side, Thanks in advance ESG -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba PDC disabling roaming profiles
Hi All, I recently have updated my samba server to 3.3.7-1. I use this server as PDC of my Windows Domain, The problem is that the profiles of the server are saved in the home dir of the users. The users have a lot of GigaB so I want to disable this feature. I have read ( http://www.linuxquestions.org/questions/linux-general-1/samba-pdc-without-roaming-profiles-2-a-47604/, for example) that this feature is disabled in the client side but I have a lof of them. So my question is if is there any way to disable it on the server side, Thanks in advance ESG -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba PDC disabling roaming profiles
Hi again, I have found this: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ProfileMgmt.html#id2660484 In smb.conf Affect the following settings and ALL clients will be forced to use a local profile: logon home = http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/smb.conf.5.html#LOGONHOMEand logon path = http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/smb.conf.5.html#LOGONPATH The arguments to these parameters must be left blank. It is necessary to include the = sign to specifically assign the empty value. Anyone can confirm that this is right? can I have problems with existing profiles? Thanks, ESG 2011/10/11 ESGLinux esggru...@gmail.com Hi All, I recently have updated my samba server to 3.3.7-1. I use this server as PDC of my Windows Domain, The problem is that the profiles of the server are saved in the home dir of the users. The users have a lot of GigaB so I want to disable this feature. I have read ( http://www.linuxquestions.org/questions/linux-general-1/samba-pdc-without-roaming-profiles-2-a-47604/, for example) that this feature is disabled in the client side but I have a lof of them. So my question is if is there any way to disable it on the server side, Thanks in advance ESG -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC 3.4 + wins server
So, your samba PDC is acting as WINS (better way samba4wins=full working wins server oan a sanba basis). Why don't you set the wins settings in your windows 7 clients? Why do you need remote announce=...? On Wed, 27 Jul 2011 16:42:28 +0200, Jubacca juba...@ngi.it wrote: Linux Ubuntu 10.04 LTS - I used the package of distribution. On 27/07/2011 16.18, Gaiseric Vandal wrote: On 07/27/2011 05:52 AM, Jubacca wrote: Hi , I use Samba 3.4.7 PDC + ldap backend . I can't put the machine if I don't specify the wins server on Pc-client. I try different name resolve order , but nothing change ? Can you help me ? My global is : [global] workgroup = workgroup netbios name = SERVER server string = Server Samba wins support = yes browse list = Yes remote announce = 10.0.0.255/workgroup lm announce = yes lm interval = 30 dns proxy = yes hosts allow = 127.0.0.1 10.0.0.1/255.255.255.0 name resolve order = wins lmhosts host bcast # name resolve order = bcast host lmhosts wins interfaces = bond0 , eth1 ,lo bind interfaces only = no log file = /var/log/samba/%U.%m.log log level = 0 passdb:6 auth:10 vfs:5 acls:3 msdfs:3 max log size = 5000 syslog = 0 panic action = /usr/share/samba/panic-action %d security = user username map = /etc/samba/usermap case sensitive = no encrypt passwords = true enable privileges = yes passdb backend = ldapsam:ldap://server:389/ ldap admin dn = cn=admin,dc=domain,dc=com ldap suffix = dc=domain,dc=com ldap user suffix = ou=users ldap group suffix = ou=groups ldap machine suffix = ou=computers ldap idmap suffix = ou=idmap ldap ssl = off ldap delete dn = nomap to guest = bad user domain logons = yes domain master = yes local master = yes preferred master = yes os level = 255 logon path = \\%N\profiles\%U logon drive = S: logon home = \\%N\%U logon script = logon.bat add user script = /usr/sbin/smbldap-useradd -a -m %u delete user script = /usr/sbin/smbldap-userdel %u add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u add machine script = /usr/sbin/smbldap-useradd -t 0 -w %u add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/smbldap-groupdel %g printing = cups socket options = TCP_NODELAY idmap uid = 1-2 idmap gid = 1-2 time server = yes null passwords = no idmap backend = ldap:ldap://server:389/ obey pam restrictions = yes ldap passwd sync = yes unix password sync = no passwd program = /usr/sbin/smbldap-passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes What OS? Did you compile from source? I ran into the following weird issue once: Two servers with samba bundled with the OS. One server with samba compiled from source. Windows machines connecting from VPN- with the firewall blocking netbios traffic. The Windows clients could connect by name to the 1st 2 servers, but only by IP to the 3rd one, even tho DNS name resolution worked. (I could add an lmhosts entry on the client but this is clunky.) This indicated to be that the server does try to resolve client names or ip's and that something I did when I compiled samba broke this functionality. Snooping traffic DID show the client reaching the server but some sort of handshaking NOT completing. I would turn up the general log level. I would also snoop traffic for a client with out WINS to see if it is even locating the samba server. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba PDC 3.4 + wins server
Hi , I use Samba 3.4.7 PDC + ldap backend . I can't put the machine if I don't specify the wins server on Pc-client. I try different name resolve order , but nothing change ? Can you help me ? My global is : [global] workgroup = workgroup netbios name = SERVER server string = Server Samba wins support = yes browse list = Yes remote announce = 10.0.0.255/workgroup lm announce = yes lm interval = 30 dns proxy = yes hosts allow = 127.0.0.1 10.0.0.1/255.255.255.0 name resolve order = wins lmhosts host bcast # name resolve order = bcast host lmhosts wins interfaces = bond0 , eth1 ,lo bind interfaces only = no log file = /var/log/samba/%U.%m.log log level = 0 passdb:6 auth:10 vfs:5 acls:3 msdfs:3 max log size = 5000 syslog = 0 panic action = /usr/share/samba/panic-action %d security = user username map = /etc/samba/usermap case sensitive = no encrypt passwords = true enable privileges = yes passdb backend = ldapsam:ldap://server:389/ ldap admin dn = cn=admin,dc=domain,dc=com ldap suffix = dc=domain,dc=com ldap user suffix = ou=users ldap group suffix = ou=groups ldap machine suffix = ou=computers ldap idmap suffix = ou=idmap ldap ssl = off ldap delete dn = nomap to guest = bad user domain logons = yes domain master = yes local master = yes preferred master = yes os level = 255 logon path = \\%N\profiles\%U logon drive = S: logon home = \\%N\%U logon script = logon.bat add user script = /usr/sbin/smbldap-useradd -a -m %u delete user script = /usr/sbin/smbldap-userdel %u add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u add machine script = /usr/sbin/smbldap-useradd -t 0 -w %u add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/smbldap-groupdel %g printing = cups socket options = TCP_NODELAY idmap uid = 1-2 idmap gid = 1-2 time server = yes null passwords = no idmap backend = ldap:ldap://server:389/ obey pam restrictions = yes ldap passwd sync = yes unix password sync = no passwd program = /usr/sbin/smbldap-passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC 3.4 + wins server
On 07/27/2011 05:52 AM, Jubacca wrote: Hi , I use Samba 3.4.7 PDC + ldap backend . I can't put the machine if I don't specify the wins server on Pc-client. I try different name resolve order , but nothing change ? Can you help me ? My global is : [global] workgroup = workgroup netbios name = SERVER server string = Server Samba wins support = yes browse list = Yes remote announce = 10.0.0.255/workgroup lm announce = yes lm interval = 30 dns proxy = yes hosts allow = 127.0.0.1 10.0.0.1/255.255.255.0 name resolve order = wins lmhosts host bcast # name resolve order = bcast host lmhosts wins interfaces = bond0 , eth1 ,lo bind interfaces only = no log file = /var/log/samba/%U.%m.log log level = 0 passdb:6 auth:10 vfs:5 acls:3 msdfs:3 max log size = 5000 syslog = 0 panic action = /usr/share/samba/panic-action %d security = user username map = /etc/samba/usermap case sensitive = no encrypt passwords = true enable privileges = yes passdb backend = ldapsam:ldap://server:389/ ldap admin dn = cn=admin,dc=domain,dc=com ldap suffix = dc=domain,dc=com ldap user suffix = ou=users ldap group suffix = ou=groups ldap machine suffix = ou=computers ldap idmap suffix = ou=idmap ldap ssl = off ldap delete dn = nomap to guest = bad user domain logons = yes domain master = yes local master = yes preferred master = yes os level = 255 logon path = \\%N\profiles\%U logon drive = S: logon home = \\%N\%U logon script = logon.bat add user script = /usr/sbin/smbldap-useradd -a -m %u delete user script = /usr/sbin/smbldap-userdel %u add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u add machine script = /usr/sbin/smbldap-useradd -t 0 -w %u add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/smbldap-groupdel %g printing = cups socket options = TCP_NODELAY idmap uid = 1-2 idmap gid = 1-2 time server = yes null passwords = no idmap backend = ldap:ldap://server:389/ obey pam restrictions = yes ldap passwd sync = yes unix password sync = no passwd program = /usr/sbin/smbldap-passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes What OS? Did you compile from source? I ran into the following weird issue once: Two servers with samba bundled with the OS. One server with samba compiled from source. Windows machines connecting from VPN- with the firewall blocking netbios traffic. The Windows clients could connect by name to the 1st 2 servers, but only by IP to the 3rd one, even tho DNS name resolution worked. (I could add an lmhosts entry on the client but this is clunky.) This indicated to be that the server does try to resolve client names or ip's and that something I did when I compiled samba broke this functionality. Snooping traffic DID show the client reaching the server but some sort of handshaking NOT completing. I would turn up the general log level. I would also snoop traffic for a client with out WINS to see if it is even locating the samba server. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC 3.4 + wins server
Linux Ubuntu 10.04 LTS - I used the package of distribution. On 27/07/2011 16.18, Gaiseric Vandal wrote: On 07/27/2011 05:52 AM, Jubacca wrote: Hi , I use Samba 3.4.7 PDC + ldap backend . I can't put the machine if I don't specify the wins server on Pc-client. I try different name resolve order , but nothing change ? Can you help me ? My global is : [global] workgroup = workgroup netbios name = SERVER server string = Server Samba wins support = yes browse list = Yes remote announce = 10.0.0.255/workgroup lm announce = yes lm interval = 30 dns proxy = yes hosts allow = 127.0.0.1 10.0.0.1/255.255.255.0 name resolve order = wins lmhosts host bcast # name resolve order = bcast host lmhosts wins interfaces = bond0 , eth1 ,lo bind interfaces only = no log file = /var/log/samba/%U.%m.log log level = 0 passdb:6 auth:10 vfs:5 acls:3 msdfs:3 max log size = 5000 syslog = 0 panic action = /usr/share/samba/panic-action %d security = user username map = /etc/samba/usermap case sensitive = no encrypt passwords = true enable privileges = yes passdb backend = ldapsam:ldap://server:389/ ldap admin dn = cn=admin,dc=domain,dc=com ldap suffix = dc=domain,dc=com ldap user suffix = ou=users ldap group suffix = ou=groups ldap machine suffix = ou=computers ldap idmap suffix = ou=idmap ldap ssl = off ldap delete dn = nomap to guest = bad user domain logons = yes domain master = yes local master = yes preferred master = yes os level = 255 logon path = \\%N\profiles\%U logon drive = S: logon home = \\%N\%U logon script = logon.bat add user script = /usr/sbin/smbldap-useradd -a -m %u delete user script = /usr/sbin/smbldap-userdel %u add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u add machine script = /usr/sbin/smbldap-useradd -t 0 -w %u add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/smbldap-groupdel %g printing = cups socket options = TCP_NODELAY idmap uid = 1-2 idmap gid = 1-2 time server = yes null passwords = no idmap backend = ldap:ldap://server:389/ obey pam restrictions = yes ldap passwd sync = yes unix password sync = no passwd program = /usr/sbin/smbldap-passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes What OS? Did you compile from source? I ran into the following weird issue once: Two servers with samba bundled with the OS. One server with samba compiled from source. Windows machines connecting from VPN- with the firewall blocking netbios traffic. The Windows clients could connect by name to the 1st 2 servers, but only by IP to the 3rd one, even tho DNS name resolution worked. (I could add an lmhosts entry on the client but this is clunky.) This indicated to be that the server does try to resolve client names or ip's and that something I did when I compiled samba broke this functionality. Snooping traffic DID show the client reaching the server but some sort of handshaking NOT completing. I would turn up the general log level. I would also snoop traffic for a client with out WINS to see if it is even locating the samba server. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba PDC + OpenLDAP + Windows 7 user name length
Hello, We have the following configuration: - OpenLDAP 2.4.21 - Samba 3.5.2 - Windows 7 x64 - Roaming Profiles We have 2500 users and format of usernames are: name.firtsname.secondname (Spanish has first and second name) Windows 7 clients are joined to the Samba domain. Everything works fine, users can logon in Samba domain, network volumes (F: , G: ...) are mapped correctly and the user profile is stored on the server at user logoff. What is wrong? We have problems when the username is longer than 19 characters. These users, can't logon, they see next error in the screen: error in the local Session Manager service to start a session. The data area passed to a system call is too small. (translated from Spanish version) After this, Windows 7 makes an automatic logoff. The funny thing is that the profile of these users with too long name, are stored in profile shared and the whole name, not truncated. This same environment with Samba + OpenLDAP works fine with Windows XP clients and users with names greater than 19 characters haven't any problem. Any ideas? Any help would be welcome. Greetings Jantoni -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC + OpenLDAP + Windows 7 user name length
On Tue, Apr 19, 2011 at 08:54:18AM +0200, Joan Antoni Torres wrote: Hello, We have the following configuration: - OpenLDAP 2.4.21 - Samba 3.5.2 - Windows 7 x64 - Roaming Profiles We have 2500 users and format of usernames are: name.firtsname.secondname (Spanish has first and second name) Windows 7 clients are joined to the Samba domain. Everything works fine, users can logon in Samba domain, network volumes (F: , G: ...) are mapped correctly and the user profile is stored on the server at user logoff. What is wrong? We have problems when the username is longer than 19 characters. These users, can't logon, they see next error in the screen: https://bugzilla.samba.org/show_bug.cgi?id=7343 This is known and sounds VERY much like a Win7 bug. You might contact Microsoft about this. I've tried without success. With best regards, Volker -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
Am 16.03.2011 18:00, schrieb TAKAHASHI Motonobu: From: J. Echter j.ech...@elektro-mayer-echter.de Date: Wed, 16 Mar 2011 17:34:35 +0100 You should show us enough information for us to re-produce such as all content of smb.conf and related settings: In my lab, profile dir is successfully created. My env is... (snip) smb.conf (snip) ls -lR /home/samba/profile (snip) At first you had better try a simple settings like me. To look at your smb.conf, I tried with the smb.conf below: - [global] workgroup = SAMBA domain logons = yes add machine script = useradd %u map to guest = bad user logon path = \\%L\profiles\%U hide files = /desktop.ini/ntuser.ini/NTUSER.*/Thumbs.db/ [homes] writeable = yes browseable = no [profiles] path = /var/lib/samba/shares/profiles guest ok = yes browseable = no create mask = 0600 directory mask = 0700 writeable = yes profile acls = yes - and although still my user can create profile dirs and files... --- TAKAHASHI Motonobu mo...@monyo.com Hi, i have reduced my smb.conf a bit :) now it works. is there any option you would recommend to set for an PDC? Greetings and many many thanks for your hints. juergen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
sorry, forgot to add my smb.conf [global] printing = bsd workgroup = workgroup map to guest = bad user domain logons = yes add user script = /usr/sbin/useradd -m '%u' -g ntusers -G ntusers -s /bin/false delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/usermod -G '%g' '%u' add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody '%u' -g machines logon path = \\%L\profile\%U logon script = %U.bat hide files = /desktop.ini/ntuser.ini/NTUSER.*/Thumbs.db/ [homes] comment = Home Directories browseable = no writeable = yes # valid users = %S [profile] comment = Profildateien path = /home/samba/profile guest ok = yes browseable = no create mask = 0600 directory mask = 0700 writeable = yes profile acls = yes [netlogon] comment = Network Logon Service path = /home/samba/netlogon guest ok = yes writeable = no share modes = no failure was the commented # line. cheers. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba PDC adding new user, profile dir is not created
Hi, i have a Samba PDC (no LDAP) and added add user script to my config. I can create the user with no problems, login is possible but the /home/samba/profile/user dir is not created. Any hints on that? script commands i added: add user script = /usr/sbin/useradd -m '%u' -g ntusers -G ntusers -s /bin/false delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/usermod -G '%g' '%u' add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody '%u' -g machines this is running on Ubuntu 10.04-LTS server greetings Juergen. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
On Wed, Mar 16, 2011 at 11:09:59AM +0100, J. Echter wrote: Hi, i have a Samba PDC (no LDAP) and added add user script to my config. I can create the user with no problems, login is possible but the /home/samba/profile/user dir is not created. Any hints on that? IMHO you have to create it with a script. In that script you will create the user (with useradd) and then the profile dir... -- Marco Ciampa ++ | Linux User #78271 | | FSFE fellow #364 | ++ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
Hi You must have something like this: in smb.conf^ [profiles] . root preexec = /usr/local/bin/mkprofile.sh %u %g mkprofile.sh: #!/bin/sh PROFILE=/data2/profiles/$1 if [ ! -e $PROFILE ]; then mkdir -pm700 $PROFILE chown $1:$2 $PROFILE fi Wed, 16 Mar 2011 11:09:59 +0100 письмо от J. Echter j.ech...@elektro-mayer-echter.de: Hi, i have a Samba PDC (no LDAP) and added add user script to my config. I can create the user with no problems, login is possible but the /home/samba/profile/user dir is not created. Any hints on that? script commands i added: add user script = /usr/sbin/useradd -m '%u' -g ntusers -G ntusers -s /bin/false delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/usermod -G '%g' '%u' add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody '%u' -g machines this is running on Ubuntu 10.04-LTS server greetings Juergen. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
Am 16.03.2011 11:21, schrieb Marco Ciampa: On Wed, Mar 16, 2011 at 11:09:59AM +0100, J. Echter wrote: Hi, i have a Samba PDC (no LDAP) and added add user script to my config. I can create the user with no problems, login is possible but the /home/samba/profile/user dir is not created. Any hints on that? IMHO you have to create it with a script. In that script you will create the user (with useradd) and then the profile dir... ok, seems i need to figure out how this has to be done... greetings. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
Am 16.03.2011 11:33, schrieb Wasil: Hi You must have something like this: in smb.conf^ [profiles] . root preexec = /usr/local/bin/mkprofile.sh %u %g mkprofile.sh: #!/bin/sh PROFILE=/data2/profiles/$1 if [ ! -e $PROFILE ]; then mkdir -pm700 $PROFILE chown $1:$2 $PROFILE fi Wed, 16 Mar 2011 11:09:59 +0100 письмо от J. Echterj.ech...@elektro-mayer-echter.de: Hi, i have a Samba PDC (no LDAP) and added add user script to my config. I can create the user with no problems, login is possible but the /home/samba/profile/user dir is not created. Any hints on that? script commands i added: add user script = /usr/sbin/useradd -m '%u' -g ntusers -G ntusers -s /bin/false delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/usermod -G '%g' '%u' add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody '%u' -g machines this is running on Ubuntu 10.04-LTS server greetings Juergen. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Hi, thanks for the hint. but the profile dir doesn't get created. i edited the path in the script and gave it chmod u+x (to be sure :) ) still nothing created. if i run the script by hand it works. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
On Wed, Mar 16, 2011 at 11:09:59AM +0100, J. Echter wrote: Hi, i have a Samba PDC (no LDAP) and added add user script to my config. I can create the user with no problems, login is possible but the /home/samba/profile/user dir is not created. It'll be created automatically when the user first logs in, if you have the right permissions on the profile share. It is possible to set the permissions/acls such that this doesn't allow users to read or interfere with each other's profiles. You only need to create it yourself if you want to preload it with some data. Is this what you need to do? -- Bruce Bitterly it mathinketh me, that I spent mine wholle lyf in the lists against the ignorant. -- Roger Bacon, Doctor Mirabilis -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
Am 16.03.2011 11:50, schrieb Bruce Richardson: On Wed, Mar 16, 2011 at 11:09:59AM +0100, J. Echter wrote: Hi, i have a Samba PDC (no LDAP) and added add user script to my config. I can create the user with no problems, login is possible but the /home/samba/profile/user dir is not created. It'll be created automatically when the user first logs in, if you have the right permissions on the profile share. It is possible to set the permissions/acls such that this doesn't allow users to read or interfere with each other's profiles. You only need to create it yourself if you want to preload it with some data. Is this what you need to do? no, i want to have a profile dir created when a new created user logs in. that's it. :) in my setup it doesnt get created. permission: drwxrwxrwx 4 root root4096 Feb 12 10:51 samba drwxrwxrwx 16 root root 4096 Mar 16 11:50 profile should be working for automagic creation. is there an special option on that? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
Am 16.03.2011 11:50, schrieb Bruce Richardson: On Wed, Mar 16, 2011 at 11:09:59AM +0100, J. Echter wrote: Hi, i have a Samba PDC (no LDAP) and added add user script to my config. I can create the user with no problems, login is possible but the /home/samba/profile/user dir is not created. It'll be created automatically when the user first logs in, if you have the right permissions on the profile share. It is possible to set the permissions/acls such that this doesn't allow users to read or interfere with each other's profiles. You only need to create it yourself if you want to preload it with some data. Is this what you need to do? ah maybe this is interesting too [profile] comment = Profildateien path = /home/samba/profile guest ok = yes browseable = no create mask = 0600 directory mask = 0700 writeable = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
You must add root preexec to the Section [profiles] my section [profiles]: comment = Network Profiles Service #path = %H path = /data2/profiles read only = No store dos attributes = Yes create mask = 0600 directory mask = 0700 write list = @DomainUsers @root root preexec = /usr/local/bin/mkprofile.sh %u %g Wed, 16 Mar 2011 12:04:40 +0100 письмо от J. Echter j.ech...@elektro-mayer-echter.de: Am 16.03.2011 11:33, schrieb Wasil: Hi You must have something like this: in smb.conf^ [profiles] . root preexec = /usr/local/bin/mkprofile.sh %u %g mkprofile.sh: #!/bin/sh PROFILE=/data2/profiles/$1 if [ ! -e $PROFILE ]; then mkdir -pm700 $PROFILE chown $1:$2 $PROFILE fi Wed, 16 Mar 2011 11:09:59 +0100 письмо от J. Echterj.ech...@elektro-mayer-echter.de: Hi, i have a Samba PDC (no LDAP) and added add user script to my config. I can create the user with no problems, login is possible but the /home/samba/profile/user dir is not created. Any hints on that? script commands i added: add user script = /usr/sbin/useradd -m '%u' -g ntusers -G ntusers -s /bin/false delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/usermod -G '%g' '%u' add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody '%u' -g machines this is running on Ubuntu 10.04-LTS server greetings Juergen. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Hi, thanks for the hint. but the profile dir doesn't get created. i edited the path in the script and gave it chmod u+x (to be sure :) ) still nothing created. if i run the script by hand it works. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Мой Мир@Mail.Ru в твоем мобильном! Просто зайди с телефона на m.mail.ru -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
thats what i did. maybe there's something else wrong with my profiles definition in this case? [profile] comment = Profildateien path = /home/samba/profile guest ok = yes browseable = no create mask = 0600 directory mask = 0700 writeable = yes root preexec = /usr/local/bin/mkprofiles.sh %u %g Am 16.03.2011 12:16, schrieb Wasil: You must add root preexec to the Section [profiles] my section [profiles]: comment = Network Profiles Service #path = %H path = /data2/profiles read only = No store dos attributes = Yes create mask = 0600 directory mask = 0700 write list = @DomainUsers @root root preexec = /usr/local/bin/mkprofile.sh %u %g Wed, 16 Mar 2011 12:04:40 +0100 письмо от J. Echterj.ech...@elektro-mayer-echter.de: Am 16.03.2011 11:33, schrieb Wasil: Hi You must have something like this: in smb.conf^ [profiles] . root preexec = /usr/local/bin/mkprofile.sh %u %g mkprofile.sh: #!/bin/sh PROFILE=/data2/profiles/$1 if [ ! -e $PROFILE ]; then mkdir -pm700 $PROFILE chown $1:$2 $PROFILE fi Wed, 16 Mar 2011 11:09:59 +0100 письмо от J. Echterj.ech...@elektro-mayer-echter.de: Hi, i have a Samba PDC (no LDAP) and added add user script to my config. I can create the user with no problems, login is possible but the /home/samba/profile/user dir is not created. Any hints on that? script commands i added: add user script = /usr/sbin/useradd -m '%u' -g ntusers -G ntusers -s /bin/false delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/usermod -G '%g' '%u' add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody '%u' -g machines this is running on Ubuntu 10.04-LTS server greetings Juergen. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Hi, thanks for the hint. but the profile dir doesn't get created. i edited the path in the script and gave it chmod u+x (to be sure :) ) still nothing created. if i run the script by hand it works. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
On Wed, Mar 16, 2011 at 12:16:52PM +0100, J. Echter wrote: no, i want to have a profile dir created when a new created user logs in. that's it. :) Well, as long as you have the correct acls on the share and permissons on the directory, the user's workstation should try to create the user directory on the profiles share when the user first logs in. As far as I can see, your share definition and directory permissions are sufficient. What do you have in your logon path setting in smb.conf? And can you see anything in the logs? in my setup it doesnt get created. permission: drwxrwxrwx 4 root root4096 Feb 12 10:51 samba Um, if that's the /home/samba directory from your /home/samba/profile/%username profile path, then you've set the permissions there insecurely; ordinary users don't need to be creating directories in /home/samba, so you shouldn't need any more than 755 (or even 751) permissions there. drwxrwxrwx 16 root root 4096 Mar 16 11:50 profile Assuming that is /home/samba/profile, then I would recommend you change the permissions from 777 to 1777. It's a minor point and doesn't have anything to do with your problem. If you create these directories manually and then a user logs in, does the user's profile information then appear in their profile directory? -- Bruce Explota!: miles de lemmings no pueden estar equivocados. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
On Wed, Mar 16, 2011 at 11:21:42AM +0100, Marco Ciampa wrote: IMHO you have to create it with a script. In that script you will create the user (with useradd) and then the profile dir... I think it is probably a bad idea to do this with a script unless you have some good reason to need it. The auto-creation of the directory shows you that profiles are working properly. -- Bruce I unfortunately do not know how to turn cheese into gold. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
Am 16.03.2011 13:01, schrieb Bruce Richardson: On Wed, Mar 16, 2011 at 12:16:52PM +0100, J. Echter wrote: no, i want to have a profile dir created when a new created user logs in. that's it. :) Well, as long as you have the correct acls on the share and permissons on the directory, the user's workstation should try to create the user directory on the profiles share when the user first logs in. As far as I can see, your share definition and directory permissions are sufficient. What do you have in your logon path setting in smb.conf? And can you see anything in the logs? [netlogon] comment = Network Logon Service path = /home/samba/netlogon guest ok = yes writeable = no share modes = no imho nothing belongs to the problem. i increased log level = 12 meanwhile in my setup it doesnt get created. permission: drwxrwxrwx 4 root root4096 Feb 12 10:51 samba Um, if that's the /home/samba directory from your /home/samba/profile/%username profile path, then you've set the permissions there insecurely; ordinary users don't need to be creating directories in /home/samba, so you shouldn't need any more than 755 (or even 751) permissions there. drwxrwxrwx 16 root root 4096 Mar 16 11:50 profile Assuming that is /home/samba/profile, then I would recommend you change the permissions from 777 to 1777. It's a minor point and doesn't have anything to do with your problem. If you create these directories manually and then a user logs in, does the user's profile information then appear in their profile directory? permissions are set :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
Am 16.03.2011 13:01, schrieb Bruce Richardson: On Wed, Mar 16, 2011 at 12:16:52PM +0100, J. Echter wrote: no, i want to have a profile dir created when a new created user logs in. that's it. :) If you create these directories manually and then a user logs in, does the user's profile information then appear in their profile directory? sorry didn't mention this, nothing is copied to the manually added dir. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
On Wed, Mar 16, 2011 at 04:17:05PM +0100, J. Echter wrote: Am 16.03.2011 13:01, schrieb Bruce Richardson: On Wed, Mar 16, 2011 at 12:16:52PM +0100, J. Echter wrote: no, i want to have a profile dir created when a new created user logs in. that's it. :) If you create these directories manually and then a user logs in, does the user's profile information then appear in their profile directory? sorry didn't mention this, nothing is copied to the manually added dir. Does the manually added dir have the correct ownership? Has it been chown-ed to the right user and do they have write access? If the answer to those questions yes but nothing is being copied up, then your problem is that the user workstations are not looking in the correct place. Either your domain controller is not advertising the correct location, or it isn't advertising *any* location for profiles. -- Bruce I see a mouse. Where? There, on the stair. And its clumsy wooden footwear makes it easy to trap and kill. -- Harry Hill -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
On Wed, Mar 16, 2011 at 12:01:52PM +, Bruce Richardson wrote: What do you have in your logon path setting in smb.conf? You never answered this question. You don't need to have anything there, because it defaults to \\%N\%U\profile, but if you do have something there, what is it? Are you sure you have actually activated domain logins? It is possible that you have simply set up a stand-alone file server. For the PDC to be working properly, you need security = user domain master = yes domain logons = yes -- Bruce A problem shared brings the consolation that someone else is now feeling as miserable as you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
Am 16.03.2011 16:55, schrieb Bruce Richardson: On Wed, Mar 16, 2011 at 12:01:52PM +, Bruce Richardson wrote: What do you have in your logon path setting in smb.conf? You never answered this question. You don't need to have anything there, because it defaults to \\%N\%U\profile, but if you do have something there, what is it? sorry, logon path = \\%L\profile\%U Are you sure you have actually activated domain logins? It is possible that you have simply set up a stand-alone file server. For the PDC to be working properly, you need security = user domain master = yes domain logons = yes this is all set. if i add my users manually (adduser, make profile dir), it works. i also set the permissions to the regarding testuser user profile dir. drwx-- 2 testerroot4096 Mar 16 14:41 tester greetings. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
From: J. Echter j.ech...@elektro-mayer-echter.de Date: Wed, 16 Mar 2011 11:09:59 +0100 i have a Samba PDC (no LDAP) and added add user script to my config. I can create the user with no problems, login is possible but the /home/samba/profile/user dir is not created. Any hints on that? You should show us enough information for us to re-produce such as all content of smb.conf and related settings: In my lab, profile dir is successfully created. My env is... - Debian lenny (hostname is lenny5) + self-compiled Samba 3.5.6 - my smb.conf and shares --- [global] workgroup = SAMBA domain logons = yes add machine script = useradd %u map to guest = bad user logon path = \\lenny5\profiles\%U [homes] writeable = yes browseable = no [profiles] path = /var/lib/samba/shares/profiles guest ok = yes browseable = no create mask = 0600 directory mask = 0700 writeable = yes --- # ls -lR /var/lib/samba /var/lib/samba/: total 4 drwxr-xr-x 6 root root 4096 2011-03-15 20:48 shares /var/lib/samba/shares: total 16 drwxrwxrwx 6 root root 4096 2011-03-17 01:07 profiles - Created a user: # useradd -d /var/home/test01 test01 # smbpasswd -a test01 # pdbedit -v test01 ... Profile Path: \\lenny5\profiles\test01 ... - When I logon as test01 from Windows XP workstation which is already joined to the SAMBA domain and logoff, profiles are created like: # ls -lR /var/lib/samba total 4 drwxr-xr-x 6 root root 4096 2011-03-15 20:48 shares /var/lib/samba/shares: total 16 drwxrwxrwx 6 root root 4096 2011-03-17 01:07 profiles /var/lib/samba/shares/profiles: total 16 drwx-- 13 test01 test01 4096 2011-03-17 01:08 test01 /var/lib/samba/shares/profiles/test01: total 568 drwx-- 3 test01 test01 4096 2010-10-11 01:10 Start Menu drwx-- 2 test01 test01 4096 2010-10-11 01:10 Desktop drwx-- 4 test01 test01 4096 2011-03-17 01:08 Application Data drwx-- 2 test01 test01 4096 2010-10-11 01:18 Cookies drwx-- 3 test01 test01 4096 2011-03-17 01:08 Favorites drwx-- 4 test01 test01 4096 2011-03-17 01:08 My Documents drwx-- 2 test01 test01 4096 2010-10-11 01:10 NetHood -rw--- 1 test01 test01 524288 2011-03-17 01:08 NTUSER.DAT -rw--- 1 test01 test01 1024 2011-03-17 01:08 ntuser.dat.LOG -rw--- 1 test01 test01270 2011-03-17 01:08 ntuser.ini ... --- TAKAHASHI Motonobu mo...@monyo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
Am 16.03.2011 17:21, schrieb TAKAHASHI Motonobu: From: J. Echterj.ech...@elektro-mayer-echter.de Date: Wed, 16 Mar 2011 11:09:59 +0100 i have a Samba PDC (no LDAP) and added add user script to my config. I can create the user with no problems, login is possible but the /home/samba/profile/user dir is not created. Any hints on that? You should show us enough information for us to re-produce such as all content of smb.conf and related settings: In my lab, profile dir is successfully created. My env is... - Debian lenny (hostname is lenny5) + self-compiled Samba 3.5.6 - my smb.conf and shares --- [global] workgroup = SAMBA domain logons = yes add machine script = useradd %u map to guest = bad user logon path = \\lenny5\profiles\%U [homes] writeable = yes browseable = no [profiles] path = /var/lib/samba/shares/profiles guest ok = yes browseable = no create mask = 0600 directory mask = 0700 writeable = yes --- # ls -lR /var/lib/samba /var/lib/samba/: total 4 drwxr-xr-x 6 root root 4096 2011-03-15 20:48 shares /var/lib/samba/shares: total 16 drwxrwxrwx 6 root root 4096 2011-03-17 01:07 profiles - Created a user: # useradd -d /var/home/test01 test01 # smbpasswd -a test01 # pdbedit -v test01 ... Profile Path: \\lenny5\profiles\test01 ... - When I logon as test01 from Windows XP workstation which is already joined to the SAMBA domain and logoff, profiles are created like: # ls -lR /var/lib/samba total 4 drwxr-xr-x 6 root root 4096 2011-03-15 20:48 shares /var/lib/samba/shares: total 16 drwxrwxrwx 6 root root 4096 2011-03-17 01:07 profiles /var/lib/samba/shares/profiles: total 16 drwx-- 13 test01 test01 4096 2011-03-17 01:08 test01 /var/lib/samba/shares/profiles/test01: total 568 drwx-- 3 test01 test01 4096 2010-10-11 01:10 Start Menu drwx-- 2 test01 test01 4096 2010-10-11 01:10 Desktop drwx-- 4 test01 test01 4096 2011-03-17 01:08 Application Data drwx-- 2 test01 test01 4096 2010-10-11 01:18 Cookies drwx-- 3 test01 test01 4096 2011-03-17 01:08 Favorites drwx-- 4 test01 test01 4096 2011-03-17 01:08 My Documents drwx-- 2 test01 test01 4096 2010-10-11 01:10 NetHood -rw--- 1 test01 test01 524288 2011-03-17 01:08 NTUSER.DAT -rw--- 1 test01 test01 1024 2011-03-17 01:08 ntuser.dat.LOG -rw--- 1 test01 test01270 2011-03-17 01:08 ntuser.ini ... --- TAKAHASHI Motonobumo...@monyo.com smb.conf [global] printing = bsd netbios name = PDC server string = PDC (%h) workgroup = workgroup interfaces = eth0,lo security = user encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . local master = yes preferred master = yes os level = 200 domain master = yes domain logons = yes add user script = /usr/sbin/useradd -m '%u' -g ntusers -G ntusers -s /bin/false delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/usermod -G '%g' '%u' add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody '%u' -g machines logon path = \\%L\profile\%U logon drive = h: logon script = %U.bat profile acls = yes hide files = /desktop.ini/ntuser.ini/NTUSER.*/Thumbs.db/ wins support = no log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 log level = 12 panic action = /usr/share/samba/panic-action %d use sendfile = yes [homes] comment = Home Directories browseable = no valid users = %S writeable = yes create mode = 0600 directory mode = 0700 [profile] comment = Profildateien path = /home/samba/profile guest ok = yes browseable = no create mask = 0600 directory mask = 0700 writeable = yes [netlogon] comment = Network Logon Service path = /home/samba/netlogon guest ok = yes writeable = no share modes = no ls -lR /home/samba/profile /home/samba/profile: total 60 drwx-- 16 info root4096 Mar 16 16:48 info drwx-- 15 root root4096 Oct 28 11:10 root all manually added users are logged in fine, and all get their profile dir loaded from pdc. thanks, and greetings. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
Am 16.03.2011 17:21, schrieb TAKAHASHI Motonobu: - Created a user: # useradd -d /var/home/test01 test01 # smbpasswd -a test01 # pdbedit -v test01 ... Profile Path: \\lenny5\profiles\test01 ... - When I logon as test01 from Windows XP workstation which is already joined to the SAMBA domain and logoff, profiles are created like: # ls -lR /var/lib/samba total 4 drwxr-xr-x 6 root root 4096 2011-03-15 20:48 shares /var/lib/samba/shares: total 16 drwxrwxrwx 6 root root 4096 2011-03-17 01:07 profiles /var/lib/samba/shares/profiles: total 16 drwx-- 13 test01 test01 4096 2011-03-17 01:08 test01 /var/lib/samba/shares/profiles/test01: total 568 drwx-- 3 test01 test01 4096 2010-10-11 01:10 Start Menu drwx-- 2 test01 test01 4096 2010-10-11 01:10 Desktop drwx-- 4 test01 test01 4096 2011-03-17 01:08 Application Data drwx-- 2 test01 test01 4096 2010-10-11 01:18 Cookies drwx-- 3 test01 test01 4096 2011-03-17 01:08 Favorites drwx-- 4 test01 test01 4096 2011-03-17 01:08 My Documents drwx-- 2 test01 test01 4096 2010-10-11 01:10 NetHood -rw--- 1 test01 test01 524288 2011-03-17 01:08 NTUSER.DAT -rw--- 1 test01 test01 1024 2011-03-17 01:08 ntuser.dat.LOG -rw--- 1 test01 test01270 2011-03-17 01:08 ntuser.ini ... --- TAKAHASHI Motonobumo...@monyo.com sorry again, something missing... i have to handle ringing telephones... i added a user like you did pdbedit -v bla Profile Path: \\pdc\profile\bla login as this user and logout again, no profile dir is created. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
From: J. Echter j.ech...@elektro-mayer-echter.de Date: Wed, 16 Mar 2011 17:34:35 +0100 You should show us enough information for us to re-produce such as all content of smb.conf and related settings: In my lab, profile dir is successfully created. My env is... (snip) smb.conf (snip) ls -lR /home/samba/profile (snip) At first you had better try a simple settings like me. To look at your smb.conf, I tried with the smb.conf below: - [global] workgroup = SAMBA domain logons = yes add machine script = useradd %u map to guest = bad user logon path = \\%L\profiles\%U hide files = /desktop.ini/ntuser.ini/NTUSER.*/Thumbs.db/ [homes] writeable = yes browseable = no [profiles] path = /var/lib/samba/shares/profiles guest ok = yes browseable = no create mask = 0600 directory mask = 0700 writeable = yes profile acls = yes - and although still my user can create profile dirs and files... --- TAKAHASHI Motonobu mo...@monyo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
You should show us enough information for us to re-produce such as all content of smb.conf and related settings: In my lab, profile dir is successfully created. My env is... - Debian lenny (hostname is lenny5) + self-compiled Samba 3.5.6 - my smb.conf and shares --- [global] workgroup = SAMBA domain logons = yes add machine script = useradd %u map to guest = bad user logon path = \\lenny5\profiles\%U [homes] writeable = yes browseable = no [profiles] path = /var/lib/samba/shares/profiles guest ok = yes browseable = no create mask = 0600 directory mask = 0700 writeable = yes --- # ls -lR /var/lib/samba /var/lib/samba/: total 4 drwxr-xr-x 6 root root 4096 2011-03-15 20:48 shares /var/lib/samba/shares: total 16 drwxrwxrwx 6 root root 4096 2011-03-17 01:07 profiles - Created a user: # useradd -d /var/home/test01 test01 # smbpasswd -a test01 # pdbedit -v test01 ... Profile Path: \\lenny5\profiles\test01 ... - When I logon as test01 from Windows XP workstation which is already joined to the SAMBA domain and logoff, profiles are created like: # ls -lR /var/lib/samba total 4 drwxr-xr-x 6 root root 4096 2011-03-15 20:48 shares /var/lib/samba/shares: total 16 drwxrwxrwx 6 root root 4096 2011-03-17 01:07 profiles /var/lib/samba/shares/profiles: total 16 drwx-- 13 test01 test01 4096 2011-03-17 01:08 test01 /var/lib/samba/shares/profiles/test01: total 568 drwx-- 3 test01 test01 4096 2010-10-11 01:10 Start Menu drwx-- 2 test01 test01 4096 2010-10-11 01:10 Desktop drwx-- 4 test01 test01 4096 2011-03-17 01:08 Application Data drwx-- 2 test01 test01 4096 2010-10-11 01:18 Cookies drwx-- 3 test01 test01 4096 2011-03-17 01:08 Favorites drwx-- 4 test01 test01 4096 2011-03-17 01:08 My Documents drwx-- 2 test01 test01 4096 2010-10-11 01:10 NetHood -rw--- 1 test01 test01 524288 2011-03-17 01:08 NTUSER.DAT -rw--- 1 test01 test01 1024 2011-03-17 01:08 ntuser.dat.LOG -rw--- 1 test01 test01270 2011-03-17 01:08 ntuser.ini ... --- TAKAHASHI Motonobumo...@monyo.com smb.conf [global] printing = bsd netbios name = PDC server string = PDC (%h) workgroup = workgroup interfaces = eth0,lo security = user encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . local master = yes preferred master = yes os level = 200 domain master = yes domain logons = yes add user script = /usr/sbin/useradd -m '%u' -g ntusers -G ntusers -s /bin/false delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/usermod -G '%g' '%u' add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody '%u' -g machines logon path = \\%L\profile\%U logon drive = h: logon script = %U.bat profile acls = yes hide files = /desktop.ini/ntuser.ini/NTUSER.*/Thumbs.db/ wins support = no log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 log level = 12 panic action = /usr/share/samba/panic-action %d use sendfile = yes Where is your profile path? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
Am 16.03.2011 18:02, schrieb t...@tms3.com: You should show us enough information for us to re-produce such as all content of smb.conf and related settings: In my lab, profile dir is successfully created. My env is... - Debian lenny (hostname is lenny5) + self-compiled Samba 3.5.6 - my smb.conf and shares --- [global] workgroup = SAMBA domain logons = yes add machine script = useradd %u map to guest = bad user logon path = \\lenny5\profiles\%U [homes] writeable = yes browseable = no [profiles] path = /var/lib/samba/shares/profiles guest ok = yes browseable = no create mask = 0600 directory mask = 0700 writeable = yes --- # ls -lR /var/lib/samba /var/lib/samba/: total 4 drwxr-xr-x 6 root root 4096 2011-03-15 20:48 shares /var/lib/samba/shares: total 16 drwxrwxrwx 6 root root 4096 2011-03-17 01:07 profiles - Created a user: # useradd -d /var/home/test01 test01 # smbpasswd -a test01 # pdbedit -v test01 ... Profile Path: \\lenny5\profiles\test01 ... - When I logon as test01 from Windows XP workstation which is already joined to the SAMBA domain and logoff, profiles are created like: # ls -lR /var/lib/samba total 4 drwxr-xr-x 6 root root 4096 2011-03-15 20:48 shares /var/lib/samba/shares: total 16 drwxrwxrwx 6 root root 4096 2011-03-17 01:07 profiles /var/lib/samba/shares/profiles: total 16 drwx-- 13 test01 test01 4096 2011-03-17 01:08 test01 /var/lib/samba/shares/profiles/test01: total 568 drwx-- 3 test01 test01 4096 2010-10-11 01:10 Start Menu drwx-- 2 test01 test01 4096 2010-10-11 01:10 Desktop drwx-- 4 test01 test01 4096 2011-03-17 01:08 Application Data drwx-- 2 test01 test01 4096 2010-10-11 01:18 Cookies drwx-- 3 test01 test01 4096 2011-03-17 01:08 Favorites drwx-- 4 test01 test01 4096 2011-03-17 01:08 My Documents drwx-- 2 test01 test01 4096 2010-10-11 01:10 NetHood -rw--- 1 test01 test01 524288 2011-03-17 01:08 NTUSER.DAT -rw--- 1 test01 test01 1024 2011-03-17 01:08 ntuser.dat.LOG -rw--- 1 test01 test01270 2011-03-17 01:08 ntuser.ini ... --- TAKAHASHI Motonobumo...@monyo.com smb.conf [global] printing = bsd netbios name = PDC server string = PDC (%h) workgroup = workgroup interfaces = eth0,lo security = user encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . local master = yes preferred master = yes os level = 200 domain master = yes domain logons = yes add user script = /usr/sbin/useradd -m '%u' -g ntusers -G ntusers -s /bin/false delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/usermod -G '%g' '%u' add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody '%u' -g machines logon path = \\%L\profile\%U logon drive = h: logon script = %U.bat profile acls = yes hide files = /desktop.ini/ntuser.ini/NTUSER.*/Thumbs.db/ wins support = no log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 log level = 12 panic action = /usr/share/samba/panic-action %d use sendfile = yes Where is your profile path? on /files/samba -- symlinked to /home/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba PDC / Windows 7 client Default User.v2 not loaded + SOLUTION
Hello, I have been fighting with this particular problem for almost week. I didnot find any solution till today! I would like to share this one with you to help. The network: 1. Samba PDC server (OpenSuse 11.2 - samba 3.4.3-3.6.1) 2. Windows 7 Pro 64bit clients 3. A lot of Windows XP Pro clients The past: 1. Few years of perfect Windows XP networking with full roaming profile support and folder redirection. (250 students + 30 stuff) The problem now: *** New Windows 7 Pro 64bit clients A. Aplied those two registry patches as shown on Wiki. B. I have successfully joined Domain. C. I have successfully logged in with any user in schooll. D. Logon script from NETLOGON share are working fine... BUT Default User.v2\ntuser.dat is not loaded to Win7 client!!! (all permissions are ok) The SOLUTION (suprising!) * Do not let the machine account to be created on-the-fly! When I do manually: useradd -c Workstation (machine$) -d /nohome -s /bin/false machine$ smbpasswd -a -m machine$ THEN the Default User.v2\ntuser.dat is loaded by Win7 client FINE! Why??? I dont know! The old add machine script in smb.conf is working fine for WinXP machines, why not for Windows 7??? Eg. add machine script = /usr/sbin/useradd -c Workstation (%u) -d /nohome -s /bin/false %u Logs In samba log, there is getpwnam() error stating that MACHINE$ is in passwd but getpwnam() fails to get password... Jan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC Exchange 2000 Server
On Sat, 2011-02-05 at 07:18 -0500, Gaiseric Vandal wrote: exchange 2000 requires Active Directory. I would guess MAYBE you could use Samba 4. BUt I don't know if Samba 4 supports all the account attributes that Exchange would require. I would guess not. Yes, Samba4 intends to support Exchange. Any issues with the exchange install failing are bugs we want to fix. Certainly we have reports of exchange-supporting AD environments being imported into Samba4, but I don't know if folks have used Exchange itself directly against Samba4. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Cisco Inc. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba PDC Exchange 2000 Server
I presently have a 2 server system a Sambe PDC and a mail server running Bynari Insight Server and we use Bynari connector to connect our Outlook 2000 clients to the Insight Server. It works well enough. BUT Bynari are stopping support for Outlook 2000. For us the upgrade all our copies of Outlook is expensive and we have all the functionality we need. So, we have MS Server 2000 and Exchange 2000 which we used to use, but had all sorts hacking issues etc when we used it for our Domain and Mail. I've been thinking that we could continue with our Samba PDC and use something like postfix, with amavis and spamassasin to act as a SMTP relay agent to an Exchange 2000 stand alone server which is fully isolated behind our firewall on a protected subnet and use port forwarding to enable Webmail and OpenVPN server to access the mail from outside. Does anyone know how to connect Exchange to Samba Openldap and also what would I have to do to set up postfix, amavis and spamassasin to act as a relay? Any thoughts I'm sure someone has wanted to do this before. I'm loathed to move away from a linux mail server but costs make it attractive. Best regards, Dave Wynne Senior Engineer Artimech Pty. Ltd. MiniFab 1 Dalmore Drive Scoresby, Vic 3179 Australia Tel: (03) 9753 3700 Email:d...@artimech.com.au Please Visit Our Website www.artimech.com.au Information Contained Within This Communication Is Private and In Confidence -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC Exchange 2000 Server
exchange 2000 requires Active Directory. I would guess MAYBE you could use Samba 4. BUt I don't know if Samba 4 supports all the account attributes that Exchange would require. I would guess not. postfile/amavis/spamassasin/mail relaying would be topics for forums. Windows 2000 is no longer supported my Microsoft. -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Dave Wynne Sent: Saturday, February 05, 2011 6:12 AM To: 'samba@lists.samba.org' Subject: [Samba] Samba PDC Exchange 2000 Server I presently have a 2 server system a Sambe PDC and a mail server running Bynari Insight Server and we use Bynari connector to connect our Outlook 2000 clients to the Insight Server. It works well enough. BUT Bynari are stopping support for Outlook 2000. For us the upgrade all our copies of Outlook is expensive and we have all the functionality we need. So, we have MS Server 2000 and Exchange 2000 which we used to use, but had all sorts hacking issues etc when we used it for our Domain and Mail. I've been thinking that we could continue with our Samba PDC and use something like postfix, with amavis and spamassasin to act as a SMTP relay agent to an Exchange 2000 stand alone server which is fully isolated behind our firewall on a protected subnet and use port forwarding to enable Webmail and OpenVPN server to access the mail from outside. Does anyone know how to connect Exchange to Samba Openldap and also what would I have to do to set up postfix, amavis and spamassasin to act as a relay? Any thoughts I'm sure someone has wanted to do this before. I'm loathed to move away from a linux mail server but costs make it attractive. Best regards, Dave Wynne Senior Engineer Artimech Pty. Ltd. MiniFab 1 Dalmore Drive Scoresby, Vic 3179 Australia Tel: (03) 9753 3700 Email:d...@artimech.com.au Please Visit Our Website www.artimech.com.au Information Contained Within This Communication Is Private and In Confidence -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC
2011/1/14 Daniel Müller muel...@tropenklinik.de: For some reasons and tried it many times. I did not have any problems joining windows 7 with samba 3.2.15 and up with: Once I examined, joining Windows 7 with Samba 3.2 series failed. So I believe Windows 7 cannot join to Samba 3.2 series domain. Looking at your post, I examined again. And as you said, Samba 3.2.15 looks good with Windows 7. As I examined yesterday, Windows 7 cannot join to Samba 3.2.11, can join to Samba 3.2.12 and Samba 3.2.15. In the registry, modified these 2 entiries only: DomainCompatibilityMode=dword:0001 DNSNameResolutionRequired=dword: smb.conf is: - [global] workgroup = SAMBADOM domain logons = yes add machine script = useradd %u [homes] writeable = yes browseable = no - --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC
Am 2011-01-14 07:55, schrieb Daniel Müller: For some reasons and tried it many times. I did not have any problems joining windows 7 with samba 3.2.15 and up with: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Para meters] DomainCompatibilityMode=dword:0001 DNSNameResolutionRequired=dword: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\] “LmCompatibilityLevel”=dword: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon\Parameters] Update=no DisablePasswordChange=dword: MaximumPasswordAge=dword:001e RequireSignOrSeal=dword:0001 RequireStrongKey=dword:0001 SealSecureChannel=dword:0001 SignSecureChannel=dword:0001 Hi Daniel! Can you tell me what update=no does? regards Martin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC
On 1/13/2011 12:04 PM, TAKAHASHI Motonobu wrote: You must not set these 2 entries below: - DWORD RequireSignOrSeal = 0 DWORD RequireStrongKey = 0 - Thanks, I completely overlooked this and that was the trick. All issues resolved now and have joined my Win7, Win2003 server and Ubuntu Linux boxes all to my new Samba PDC :) This Samba PDC seems more robust than any NT4 network I remember, browsing is flawless, works great, nice work to the team and contributors ;) -- Robert -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC
Read at: http://wiki.samba.org/index.php/Windows7 And remember Samba 3 PDC is compatible with Windows NT Server, not with Active Directory. Thanks, I was able to join the domain, but when trying to logon, I get another error... the trust relationship between this workstation and the primary domain failed What can cause this? I have the computer name in LDAP, it was created when I joined the domain. Actually the error message shows that joining the domain is failed, though joining itself was succeeded. If your Samba's version is under 3.3.1, then you cannot avoid this error message, upgrading Samba is needed. If your Samba's version is 3.3.2 - 3.3.4, then the additional settings below are needed: HKLM\System\CCS\Services\Netlogon\Parameters DWORD RequireSignOrSeal = 0 DWORD RequireStrongKey = 0 If your Samba's version is 3.3.5 - and the registries above are set, remove them and try again. --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC
On 1/13/2011 6:42 AM, TAKAHASHI Motonobu wrote: Read at: http://wiki.samba.org/index.php/Windows7 And remember Samba 3 PDC is compatible with Windows NT Server, not with Active Directory. Thanks, I was able to join the domain, but when trying to logon, I get another error... the trust relationship between this workstation and the primary domain failed What can cause this? I have the computer name in LDAP, it was created when I joined the domain. Actually the error message shows that joining the domain is failed, though joining itself was succeeded. If your Samba's version is under 3.3.1, then you cannot avoid this error message, upgrading Samba is needed. If your Samba's version is 3.3.2 - 3.3.4, then the additional settings below are needed: HKLM\System\CCS\Services\Netlogon\Parameters DWORD RequireSignOrSeal = 0 DWORD RequireStrongKey = 0 I am using Samba 3.5.6 and the registry entries above are as you show currently. I removed the computer and smbldap-userdel the computer name from LDAP, restarted the workstation and tried again. This is what I see in the workstation log... [2011/01/13 09:24:48.031223, 0] rpc_server/srv_netlog_nt.c:714(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client COLUMBUS-LAPTOP machine account COLUMBUS-LAPTOP$ [2011/01/13 09:24:48.048892, 0] rpc_server/srv_netlog_nt.c:714(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client COLUMBUS-LAPTOP machine account COLUMBUS-LAPTOP$ [2011/01/13 09:24:58.405131, 0] lib/util_sock.c:474(read_fd_with_timeout) [2011/01/13 09:24:58.405404, 0] lib/util_sock.c:1432(get_peer_addr_internal) getpeername failed. Error was Socket is not connected read_fd_with_timeout: client 0.0.0.0 read error = Socket is not connected. I also get the following in the IP address log, but this may be shortly before re-joining... [2011/01/13 09:24:38.228048, 0] lib/util_sock.c:1626(get_peer_name) Matchname failed on COLUMBUS-LAPTOP.WEBTENT 192.168.1.72 Can you help me understand these errors or what else I should check? Thanks again, Robert -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC
2011/1/13 Robert Fitzpatrick li...@webtent.net: If your Samba's version is 3.3.2 - 3.3.4, then the additional settings below are needed: HKLM\System\CCS\Services\Netlogon\Parameters DWORD RequireSignOrSeal = 0 DWORD RequireStrongKey = 0 I am using Samba 3.5.6 and the registry entries above are as you show currently. As I mentioned, - If your Samba's version is 3.3.5 - and the registries above are set, remove them and try again. - You must set these 2 entries below: - HKLM\System\CCS\Services\LanmanWorkstation\Parameters DWORD DomainCompatibilityMode = 1 DWORD DNSNameResolutionRequired = 0 - You must not set these 2 entries below: - DWORD RequireSignOrSeal = 0 DWORD RequireStrongKey = 0 - In my knowledge, your error messages: [2011/01/13 09:24:48.031223, 0] rpc_server/srv_netlog_nt.c:714(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client COLUMBUS-LAPTOP machine account COLUMBUS-LAPTOP$ occurs if you do not correctly set these 4 entries. If you still have problem, I recommend to examine with simple settings (not to use LDAP) like: - [global] workgroup = WEBTENT domain logons = yes add machine script = useradd %u [homes] writeable = yes browseable = no - If your Windows 7 can join to Samba domain with the settings above, at least you could know that Windows 7 registries are correctly set. --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC
2011/1/14 TAKAHASHI Motonobu mo...@monyo.com: 2011/1/13 Robert Fitzpatrick li...@webtent.net: If your Samba's version is 3.3.2 - 3.3.4, then the additional settings below are needed: HKLM\System\CCS\Services\Netlogon\Parameters DWORD RequireSignOrSeal = 0 DWORD RequireStrongKey = 0 I am using Samba 3.5.6 and the registry entries above are as you show currently. As I mentioned, - If your Samba's version is 3.3.5 - and the registries above are set, remove them and try again. - You must set these 2 entries below: - HKLM\System\CCS\Services\LanmanWorkstation\Parameters DWORD DomainCompatibilityMode = 1 DWORD DNSNameResolutionRequired = 0 - You must not set these 2 entries below: - DWORD RequireSignOrSeal = 0 DWORD RequireStrongKey = 0 - In my knowledge, your error messages: [2011/01/13 09:24:48.031223, 0] rpc_server/srv_netlog_nt.c:714(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client COLUMBUS-LAPTOP machine account COLUMBUS-LAPTOP$ occurs if you do not correctly set these 4 entries. If you still have problem, I recommend to examine with simple settings (not to use LDAP) like: - [global] workgroup = WEBTENT domain logons = yes add machine script = useradd %u [homes] writeable = yes browseable = no - If your Windows 7 can join to Samba domain with the settings above, at least you could know that Windows 7 registries are correctly set. Sorry, under FreeBSD, use - add machine script = /usr/sbin/pw useradd %u - instead of - add machine script = useradd %u - --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC
2011/1/14 TAKAHASHI Motonobu mo...@monyo.com: 2011/1/13 Robert Fitzpatrick li...@webtent.net: If your Samba's version is 3.3.2 - 3.3.4, then the additional settings below are needed: HKLM\System\CCS\Services\Netlogon\Parameters DWORD RequireSignOrSeal = 0 DWORD RequireStrongKey = 0 I am using Samba 3.5.6 and the registry entries above are as you show currently. As I mentioned, - If your Samba's version is 3.3.5 - and the registries above are set, remove them and try again. - You must set these 2 entries below: - HKLM\System\CCS\Services\LanmanWorkstation\Parameters DWORD DomainCompatibilityMode = 1 DWORD DNSNameResolutionRequired = 0 - You must not set these 2 entries below: - DWORD RequireSignOrSeal = 0 DWORD RequireStrongKey = 0 - In my knowledge, your error messages: [2011/01/13 09:24:48.031223, 0] rpc_server/srv_netlog_nt.c:714(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client COLUMBUS-LAPTOP machine account COLUMBUS-LAPTOP$ occurs if you do not correctly set these 4 entries. If you still have problem, I recommend to examine with simple settings (not to use LDAP) like: - [global] workgroup = WEBTENT domain logons = yes add machine script = useradd %u [homes] writeable = yes browseable = no - If your Windows 7 can join to Samba domain with the settings above, at least you could know that Windows 7 registries are correctly set. Sorry, under FreeBSD, use - add machine script = /usr/sbin/pw useradd %u For smbldap-tools add machine script = /usr/local/sbin/smbldap-useradd -W '%u' - instead of - add machine script = useradd %u - --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC
For some reasons and tried it many times. I did not have any problems joining windows 7 with samba 3.2.15 and up with: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Para meters] DomainCompatibilityMode=dword:0001 DNSNameResolutionRequired=dword: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\] LmCompatibilityLevel=dword: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon\Parameters] Update=no DisablePasswordChange=dword: MaximumPasswordAge=dword:001e RequireSignOrSeal=dword:0001 RequireStrongKey=dword:0001 SealSecureChannel=dword:0001 SignSecureChannel=dword:0001 --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von t...@tms3.com Gesendet: Donnerstag, 13. Januar 2011 18:37 An: TAKAHASHI Motonobu Cc: Samba; Robert Fitzpatrick Betreff: Re: [Samba] Samba PDC 2011/1/14 TAKAHASHI Motonobu mo...@monyo.com: 2011/1/13 Robert Fitzpatrick li...@webtent.net: If your Samba's version is 3.3.2 - 3.3.4, then the additional settings below are needed: HKLM\System\CCS\Services\Netlogon\Parameters DWORD RequireSignOrSeal = 0 DWORD RequireStrongKey = 0 I am using Samba 3.5.6 and the registry entries above are as you show currently. As I mentioned, - If your Samba's version is 3.3.5 - and the registries above are set, remove them and try again. - You must set these 2 entries below: - HKLM\System\CCS\Services\LanmanWorkstation\Parameters DWORD DomainCompatibilityMode = 1 DWORD DNSNameResolutionRequired = 0 - You must not set these 2 entries below: - DWORD RequireSignOrSeal = 0 DWORD RequireStrongKey = 0 - In my knowledge, your error messages: [2011/01/13 09:24:48.031223, 0] rpc_server/srv_netlog_nt.c:714(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client COLUMBUS-LAPTOP machine account COLUMBUS-LAPTOP$ occurs if you do not correctly set these 4 entries. If you still have problem, I recommend to examine with simple settings (not to use LDAP) like: - [global] workgroup = WEBTENT domain logons = yes add machine script = useradd %u [homes] writeable = yes browseable = no - If your Windows 7 can join to Samba domain with the settings above, at least you could know that Windows 7 registries are correctly set. Sorry, under FreeBSD, use - add machine script = /usr/sbin/pw useradd %u For smbldap-tools add machine script = /usr/local/sbin/smbldap-useradd -W '%u' - instead of - add machine script = useradd %u - --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba PDC
OK, I am trying to setup my first Samba PDC on a FreeBSD 8.1 host. When I try to become a member of 'webtent.org' on my Windows 7 Ultimate to the PDC, I get the following error... DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain webtent.org: The query was for the SRV record for _ldap._tcp.dc._msdcs.webtent.org The following domain controllers were identified by the query: mail.webtent.org However no domain controllers could be contacted. Common causes of this error include: - Host (A) or () records that map the names of the domain controllers to their IP addresses are missing or contain incorrect addresses. - Domain controllers registered in DNS are not connected to the network or are not running. I have Samba working well in the network and have setup the server as a PDC... mail# net domain Enter root's password: Enumerating domains: Domain name Server name of Browse Master - WEBTENT MAIL I have DNS setup as I believe correct as well as my Samba config... mail# dig mail.webtent.org ; DiG 9.4-ESV-R2 mail.webtent.org ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 20308 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;mail.webtent.org. IN A ;; ANSWER SECTION: mail.webtent.org. 38400 IN A 192.168.1.21 mail# dig -x 192.168.1.21 ; DiG 9.4-ESV-R2 -x 192.168.1.21 ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 32497 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;21.1.168.192.in-addr.arpa. IN PTR ;; ANSWER SECTION: 21.1.168.192.in-addr.arpa. 38400 IN PTR mail.webtent.org. mail# cat /var/named/etc/namedb/dynamic/webtent.org.hosts $ttl 38400 webtent.org.IN SOA mx1.webtent.org. admin.webtent.org. ( 1281254209 10800 3600 604800 38400 ) webtent.org.IN NS mx1.webtent.org. mail.webtent.org. IN A 192.168.1.21 snip unrelated A records $ORIGIN webtent.org. _kerberos TXT WEBTENT $ORIGIN _tcp.webtent.org. _kerberos SRV 1 0 88 mail.webtent.org. _kerberos-adm SRV 1 0 749 mail.webtent.org. $ORIGIN _udp.webtent.org. _kerberos SRV 1 0 88 mail.webtent.org. _kpasswdSRV 1 0 464 mail.webtent.org. kerberosCNAME mail. localhost A 127.0.0.1 mail A 192.168.1.21 _ldap._tcp.webtent.org. SRV 0 0 389 mail.webtent.org. _kerberos._tcp.webtent.org. SRV 0 0 88 mail.webtent.org. _ldap._tcp.dc._msdcs.webtent.org. IN SRV 0 0 389 mail.webtent.org. _kerberos._tcp.dc._msdcs.webtent.org. IN SRV 0 0 88 mail.webtent.org. mail# cat smb.conf # Global parameters [global] workgroup = WEBTENT server string = Samba Server netbios name = mail hosts allow = 192.168.1. 127. # interfaces = bge0, lo # bind interfaces only = Yes # passwd backend encrypt passwords = yes passdb backend = ldapsam:ldap://mail.webtent.org/ enable privileges = yes pam password change= Yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %nn *ReType*new*UNIX*password* %nn * passwd:*all*authentication*tokens*updated*successfully* unix password sync = Yes # Log options log level = 1 log file = /var/log/samba/%m max log size = 50 syslog = 0 # Name resolution name resolve order = wins bcast host # misc timeserver = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 use sendfile = yes veto files = /*.eml/*.nws/*.{*}/ veto oplock files = /*.doc/*.xls/*.mdb/ deadtime = 120 # Dos-Attribute map hidden = No map system = No map archive = No map read only = No store dos attributes = Yes dos charset = 850 # printers - configured to use CUPS and automatically load them load printers = Yes printcap name = CUPS printing = cups cups options = Raw show add printer wizard = No # scripts invoked by samba add user script = /usr/local/sbin/smbldap-useradd -m %u delete user script= /usr/local/sbin/smbldap-userdel %u add group script = /usr/local/sbin/smbldap-groupadd -p %g delete group script = /usr/local/sbin/smbldap-groupdel %g add user to group script = /usr/local/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/local/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/local/sbin/smbldap-usermod -g %g %u add machine script=
Re: [Samba] Samba PDC
2011/1/13 Robert Fitzpatrick li...@webtent.net: OK, I am trying to setup my first Samba PDC on a FreeBSD 8.1 host. When I try to become a member of 'webtent.org' on my Windows 7 Ultimate to the PDC, I get the following error... DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain webtent.org: (snip) Anyone know what I am or could be doing wrong? Thanks for any help! Read at: http://wiki.samba.org/index.php/Windows7 And remember Samba 3 PDC is compatible with Windows NT Server, not with Active Directory. --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC
On 1/12/2011 11:18 AM, TAKAHASHI Motonobu wrote: 2011/1/13 Robert Fitzpatrickli...@webtent.net: OK, I am trying to setup my first Samba PDC on a FreeBSD 8.1 host. When I try to become a member of 'webtent.org' on my Windows 7 Ultimate to the PDC, I get the following error... DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain webtent.org: (snip) Anyone know what I am or could be doing wrong? Thanks for any help! Read at: http://wiki.samba.org/index.php/Windows7 And remember Samba 3 PDC is compatible with Windows NT Server, not with Active Directory. Thanks, I was able to join the domain, but when trying to logon, I get another error... the trust relationship between this workstation and the primary domain failed What can cause this? I have the computer name in LDAP, it was created when I joined the domain. --Robert -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC
On 1/12/2011 11:18 AM, TAKAHASHI Motonobu wrote: 2011/1/13 Robert Fitzpatrickli...@webtent.net: OK, I am trying to setup my first Samba PDC on a FreeBSD 8.1 host. When I try to become a member of 'webtent.org' on my Windows 7 Ultimate to the PDC, I get the following error... DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain webtent.org: (snip) Anyone know what I am or could be doing wrong? Thanks for any help! Read at: http://wiki.samba.org/index.php/Windows7 And remember Samba 3 PDC is compatible with Windows NT Server, not with Active Directory. Thanks, I was able to join the domain, but when trying to logon, I get another error... the trust relationship between this workstation and the primary domain failed What can cause this? I have the computer name in LDAP, it was created when I joined the domain. I found that a properly configured WINS server solved many of these problems for me with Samba3.x/LDAP and Win7. --Robert -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba pdc for samba clients - job
Hi All, this is a samba related job request. Sorry if this is not the correct mailing list, feel free to point me toward a better place. I'm looking for an how-to style documentation to configure Debian 5 (Lenny) as a PDC and file server for Debian 5 (Lenny) clients. Would prefer to use Samba (and Kerberos if needed) as the PDC and file server and would prefer to avoid ldap integration. The documentation must describe how to configure the server to provide the authentication facility (PDC), and how to configure the client to authenticate (would prefer with GDM (gnome display manager) and mount the file share accordingly. No printer handling is needed. The clients are using the desktop manager xfce4. I am a linux sysadmin myself so you will not be alone. Please bid only if you have experience with this setup because this is urgent (2-3 days). Budget is negotiable but I'm looking to spend around 100 USD. Thanks for your attention, have a nice day. Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC and big files
Pedro Rafael Alves Simoes wrote: I'm trying to setup a PDC with Samba, but I have the known problem of the roaming profiles: big files. Could someone give me some lights in how I can circumvent this problem? Would quota's help? Limit their space in their profiles and they'll manage the problem ? Folder redirection, as someone else mentioned -- put their desktop in drive H:\share. Might be able to CSC (ClientSideCaching) to speed up access to their desktop and such... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba PDC and big files
Hello, I'm trying to setup a PDC with Samba, but I have the known problem of the roaming profiles: big files. I think it's difficult to guarantee that a inexperienced user will copy is downloaded files, documents, or whatever, to a H:\ share instead of is handy desktop. Other problem is the files of Outlook or Thunderbird that can get big. The goal is to avoid email configuration each time the user changes to another workstation, so I can't configure the email client to store the files locally on the workstation. Could someone give me some lights in how I can circumvent this problem? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC and big files
--- Original message --- Subject: [Samba] Samba PDC and big files From: Pedro Rafael Alves Simoes pedro.a.sim...@gmail.com To: samba@lists.samba.org Date: Thursday, 24/06/2010 5:03 AM Hello, I'm trying to setup a PDC with Samba, but I have the known problem of the roaming profiles: big files. I think it's difficult to guarantee that a inexperienced user will copy is downloaded files, documents, or whatever, to a H:\ share instead of is handy desktop. Other problem is the files of Outlook or Thunderbird that can get big. The goal is to avoid email configuration each time the user changes to another workstation, so I can't configure the email client to store the files locally on the workstation. Could someone give me some lights in how I can circumvent this problem? BOFH's Guide to Electrified Keyboards: 101 Tips and tricks to train your users. Cheers, TMS III P.S. for email imap is a good idea. Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC and big files
On 06/24/2010 07:04 AM, Pedro Rafael Alves Simoes wrote: Hello, I'm trying to setup a PDC with Samba, but I have the known problem of the roaming profiles: big files. I think it's difficult to guarantee that a inexperienced user will copy is downloaded files, documents, or whatever, to a H:\ share instead of is handy desktop. Other problem is the files of Outlook or Thunderbird that can get big. The goal is to avoid email configuration each time the user changes to another workstation, so I can't configure the email client to store the files locally on the workstation. Could someone give me some lights in how I can circumvent this problem? Thanks. You need folder redirection. Read chapter 5 of my book Samba3-ByExample http://www.samba.org/samba/docs/Samba3-ByExample.pdf - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC and big files
Roaming profiles with folder redirection... Regards Carl t...@tms3.com wrote: --- Original message --- Subject: [Samba] Samba PDC and big files From: Pedro Rafael Alves Simoes pedro.a.sim...@gmail.com To: samba@lists.samba.org Date: Thursday, 24/06/2010 5:03 AM Hello, I'm trying to setup a PDC with Samba, but I have the known problem of the roaming profiles: big files. I think it's difficult to guarantee that a inexperienced user will copy is downloaded files, documents, or whatever, to a H:\ share instead of is handy desktop. Other problem is the files of Outlook or Thunderbird that can get big. The goal is to avoid email configuration each time the user changes to another workstation, so I can't configure the email client to store the files locally on the workstation. Could someone give me some lights in how I can circumvent this problem? BOFH's Guide to Electrified Keyboards: 101 Tips and tricks to train your users. Cheers, TMS III P.S. for email imap is a good idea. Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC and big files
On Thu, Jun 24, 2010 at 2:04 PM, Pedro Rafael Alves Simoes pedro.a.sim...@gmail.com wrote: Hello, I'm trying to setup a PDC with Samba, but I have the known problem of the roaming profiles: big files. I think it's difficult to guarantee that a inexperienced user will copy is downloaded files, documents, or whatever, to a H:\ share instead of is handy desktop. Other problem is the files of Outlook or Thunderbird that can get big. The goal is to avoid email configuration each time the user changes to another workstation, so I can't configure the email client to store the files locally on the workstation. 1. Do not store mail locally, you will lose mail if you do. Use a central imap server for instance, it's also much easier for backups; 2. I set the user's desktop to readonly with cacls in the logon scripts, problem solved (get yourself management's approval before you try this, explain why it is necessary). If they do not want to listen to you then ... 3. use folder redirection. This is harder to do in a pure samba 3 environment than in AD, but it is certainly doable. Soon, with samba 4 we will have all the group policy goodies :-) -- natxo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] SAMBA PDC LOGIN - UPN (u...@realm) to DOM\USER
I have looked and looked but have not been able to find out how to allow UPN authentication to be processed by a Samba PDC? Is it possible to strip the @domain from the user before authentication at samba or map the UPN user to a dom\username for authentication? Thanks, Andrew LOGS /var/log/samba/log.user: SAM Logon (Interactive). Domain:[domain]. User:[u...@domain@XENDESKTOP1] Requested Domain:[domain] /var/log/samba/log.user: check_ntlm_password: Checking password for unmapped user [domain]\[u...@domain]@[XENDESKTOP1] with the new password interface /var/log/samba/log.user: check_ntlm_password: mapped user is: [domain]\[u...@domain]@[XENDESKTOP1] /var/log/samba/log.user: check_sam_security: Couldn't find user 'u...@domain' in passdb. /var/log/samba/log.user: check_ntlm_password: Authentication for user [u...@domain] - [u...@domain] FAILED with error NT_STATUS_NO_SUCH_USER -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] SAMBA PDC LOGIN - UPN (u...@realm) to DOM\USER
--- Original message --- Subject: [Samba] SAMBA PDC LOGIN - UPN (u...@realm) to DOM\USER From: Andrew Grimmett agrimm...@lssidata.com To: samba@lists.samba.org Date: Tuesday, 15/06/2010 7:01 AM I have looked and looked but have not been able to find out how to allow UPN authentication to be processed by a Samba PDC? Is it possible to strip the @domain from the user before authentication at samba or map the UPN user to a dom\username for authentication? Are you certain Xen's NTLM Auth is not adding this? Thanks, Andrew LOGS /var/log/samba/log.user: SAM Logon (Interactive). Domain:[domain]. User:[u...@domain@XENDESKTOP1] Requested Domain:[domain] /var/log/samba/log.user: check_ntlm_password: Checking password for unmapped user [domain]\[u...@domain]@[XENDESKTOP1] with the new password interface /var/log/samba/log.user: check_ntlm_password: mapped user is: [domain]\[u...@domain]@[XENDESKTOP1] /var/log/samba/log.user: check_sam_security: Couldn't find user 'u...@domain' in passdb. /var/log/samba/log.user: check_ntlm_password: Authentication for user [u...@domain] - [u...@domain] FAILED with error NT_STATUS_NO_SUCH_USER -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba PDC [3.5.3], Windows 7 Pro 64 bit, Temporary local profile for a specific user
L.S., I searched the internet and though there were lots of problems with profile, I haven't found a solution to my specific problem. - Samba server running on OpenSuse 11.1 with a ldap backend acting as PDC. - I have a new Windows 7 pro 64 bit client that has been added succesfully to the domain (with the required registry patches) I do not want to use roaming profiles, so logon path is empty in smb.conf. I can login to the win7 machine using an ordinary Domain User account, and a Domain Admin account and a local profile is created, like expected. However if I want to login using MY account, which is a Domain admin account, I get a local temporary profile!! I don NOT get an error on the Windows 7 machine. (Not on screen, not in the event log). I went as far as reinstalling the Win7 machine, making sure that no reference to the user name of my account is made, so there is NO local user with my login name. Still this happens. I still am convinced that it has to do something with the settings of my ACCOUNT on the server, but I can't find out how or where. I made sure that the sambaHomePath, sambaHomeDir and sambaProfilePath in my LDAP account is empty. I compared my LDAP settings with the DomainAdmin account that is working, but to no avail. Does anyone have any idea how to debug this? Thanks! Regards, Tom -- -- Tom Reijnders TOR Informatica Chopinlaan 27 5242HM Rosmalen Tel: 073 5226191 Fax: 073 5226196 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC and OpenLdap Debian Lenny, Change IP, Clean cache?
Thanks Olafrv the log is solve. 2010/5/11 ola...@gmail.com: Try rm -rf /var/lib/samba/* ? But make a backup tar.gz before... You don't know where your shadow will fall, Somebody.- Olaf Reitmaier Veracierta (BB) ola...@gmail.com http://olafrv.googlepages.com -Original Message- From: Jose j.se...@gmail.com Date: Tue, 11 May 2010 10:48:11 To: Foro Sambasamba@lists.samba.org Subject: [Samba] Samba PDC and OpenLdap Debian Lenny, Change IP, Clean cache? Hello Sorry for my english I have a PDC with Samba and OpenLdap in Debian 5 lenny. I am testing group, users,policy, net join workstation bla bla bla. results very good. Today change ip static the pdc 192.168.56.101 for new ip address: 192.168.56.102 static. error log in /var/lib/samba/log.nmbd nx-1:/var/lib/samba# /etc/init.d/samba restart Stopping Samba daemons: nmbd[2010/05/10 05:33:50, 0] nmbd/nmbd.c:terminate(68) Got SIGTERM: going down... smbd. Starting Samba daemons: nmbd smbd. lnx-1:/var/lib/samba# [2010/05/10 05:33:53, 0] nmbd/nmbd.c:main(849) nmbd version 3.2.5 started. Copyright Andrew Tridgell and the Samba Team 1992-2008 [2010/05/10 05:33:53, 0] nmbd/asyncdns.c:start_async_dns(155) started asyncdns process 2921 [2010/05/10 05:33:53, 0] nmbd/nmbd_logonnames.c:add_logon_names(160) add_domain_logon_names: Attempting to become logon server for workgroup DOMINIO.INT on subnet 192.168.56.102 [2010/05/10 05:33:53, 0] nmbd/nmbd_logonnames.c:add_logon_names(160) add_domain_logon_names: Attempting to become logon server for workgroup DOMINIO.INT on subnet UNICAST_SUBNET [2010/05/10 05:33:53, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(336) become_domain_master_browser_wins: Attempting to become domain master browser on workgroup DOMINIO.INT, subnet UNICAST_SUBNET. [2010/05/10 05:33:53, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(350) become_domain_master_browser_wins: querying WINS server from IP 127.0.0.1 for domain master browser name DOMINIO.INT1b on workgroup DOMINIO.INT [2010/05/10 05:33:53, 0] nmbd/nmbd_logonnames.c:become_logon_server_success(121) become_logon_server_success: Samba is now a logon server for workgroup DOMINIO.INT on subnet UNICAST_SUBNET [2010/05/10 05:33:53, 0] nmbd/nmbd_become_dmb.c:become_domain_master_query_success(234) become_domain_master_query_success: There is already a domain master browser at IP 192.168.56.101 for workgroup DOMINIO.INT registered on subnet UNICAST_SUBNET. [2010/05/10 05:33:57, 0] nmbd/nmbd_logonnames.c:become_logon_server_success(121) become_logon_server_success: Samba is now a logon server for workgroup DOMINIO.INT on subnet 192.168.56.102 [2010/05/10 05:34:16, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(395) * Samba name server LNX-1 is now a local master browser for workgroup DOMINIO.INT on subnet 192.168.56.102 * lnx-1:/var/lib/samba# [2010/05/10 05:34:37, 0] nmbd/nmbd_browsesync.c:domain_master_node_status_fail(247) domain_master_node_status_fail: Doing a node status request to the domain master browser for workgroup DOMINIO.INT at IP 192.168.56.101 failed. Cannot sync browser lists. [2010/05/10 05:39:07, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(336) become_domain_master_browser_wins: Attempting to become domain master browser on workgroup DOMINIO.INT, subnet UNICAST_SUBNET. [2010/05/10 05:39:07, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(350) become_domain_master_browser_wins: querying WINS server from IP 127.0.0.1 for domain master browser name DOMINIO.INT1b on workgroup DOMINIO.INT [2010/05/10 05:39:08, 0] nmbd/nmbd_become_dmb.c:become_domain_master_query_success(234) become_domain_master_query_success: There is already a domain master browser at IP 192.168.56.101 for workgroup DOMINIO.INT registered on subnet UNICAST_SUBNET. [2010/05/10 06:13:33, 0] nmbd/nmbd_browsesync.c:domain_master_node_status_fail(247) domain_master_node_status_fail: Doing a node status request to the domain master browser for workgroup DOMINIO.INT at IP 192.168.56.101 failed. Cannot sync browser lists. Old ip 192.168.56.101 new ip 192.168.56.102 How clean cache ip wins in the server pdc? Thanks. -- # # Sistema Operativo: Debian # # Caracas, Venezuela # # -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- # # Sistema Operativo: Debian # #Caracas, Venezuela # # -- To unsubscribe from this list go to the following URL and read
[Samba] Samba PDC and OpenLdap Debian Lenny, Change IP, Clean cache?
Hello Sorry for my english I have a PDC with Samba and OpenLdap in Debian 5 lenny. I am testing group, users,policy, net join workstation bla bla bla. results very good. Today change ip static the pdc 192.168.56.101 for new ip address: 192.168.56.102 static. error log in /var/lib/samba/log.nmbd nx-1:/var/lib/samba# /etc/init.d/samba restart Stopping Samba daemons: nmbd[2010/05/10 05:33:50, 0] nmbd/nmbd.c:terminate(68) Got SIGTERM: going down... smbd. Starting Samba daemons: nmbd smbd. lnx-1:/var/lib/samba# [2010/05/10 05:33:53, 0] nmbd/nmbd.c:main(849) nmbd version 3.2.5 started. Copyright Andrew Tridgell and the Samba Team 1992-2008 [2010/05/10 05:33:53, 0] nmbd/asyncdns.c:start_async_dns(155) started asyncdns process 2921 [2010/05/10 05:33:53, 0] nmbd/nmbd_logonnames.c:add_logon_names(160) add_domain_logon_names: Attempting to become logon server for workgroup DOMINIO.INT on subnet 192.168.56.102 [2010/05/10 05:33:53, 0] nmbd/nmbd_logonnames.c:add_logon_names(160) add_domain_logon_names: Attempting to become logon server for workgroup DOMINIO.INT on subnet UNICAST_SUBNET [2010/05/10 05:33:53, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(336) become_domain_master_browser_wins: Attempting to become domain master browser on workgroup DOMINIO.INT, subnet UNICAST_SUBNET. [2010/05/10 05:33:53, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(350) become_domain_master_browser_wins: querying WINS server from IP 127.0.0.1 for domain master browser name DOMINIO.INT1b on workgroup DOMINIO.INT [2010/05/10 05:33:53, 0] nmbd/nmbd_logonnames.c:become_logon_server_success(121) become_logon_server_success: Samba is now a logon server for workgroup DOMINIO.INT on subnet UNICAST_SUBNET [2010/05/10 05:33:53, 0] nmbd/nmbd_become_dmb.c:become_domain_master_query_success(234) become_domain_master_query_success: There is already a domain master browser at IP 192.168.56.101 for workgroup DOMINIO.INT registered on subnet UNICAST_SUBNET. [2010/05/10 05:33:57, 0] nmbd/nmbd_logonnames.c:become_logon_server_success(121) become_logon_server_success: Samba is now a logon server for workgroup DOMINIO.INT on subnet 192.168.56.102 [2010/05/10 05:34:16, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(395) * Samba name server LNX-1 is now a local master browser for workgroup DOMINIO.INT on subnet 192.168.56.102 * lnx-1:/var/lib/samba# [2010/05/10 05:34:37, 0] nmbd/nmbd_browsesync.c:domain_master_node_status_fail(247) domain_master_node_status_fail: Doing a node status request to the domain master browser for workgroup DOMINIO.INT at IP 192.168.56.101 failed. Cannot sync browser lists. [2010/05/10 05:39:07, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(336) become_domain_master_browser_wins: Attempting to become domain master browser on workgroup DOMINIO.INT, subnet UNICAST_SUBNET. [2010/05/10 05:39:07, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(350) become_domain_master_browser_wins: querying WINS server from IP 127.0.0.1 for domain master browser name DOMINIO.INT1b on workgroup DOMINIO.INT [2010/05/10 05:39:08, 0] nmbd/nmbd_become_dmb.c:become_domain_master_query_success(234) become_domain_master_query_success: There is already a domain master browser at IP 192.168.56.101 for workgroup DOMINIO.INT registered on subnet UNICAST_SUBNET. [2010/05/10 06:13:33, 0] nmbd/nmbd_browsesync.c:domain_master_node_status_fail(247) domain_master_node_status_fail: Doing a node status request to the domain master browser for workgroup DOMINIO.INT at IP 192.168.56.101 failed. Cannot sync browser lists. Old ip 192.168.56.101 new ip 192.168.56.102 How clean cache ip wins in the server pdc? Thanks. -- # # Sistema Operativo: Debian # #Caracas, Venezuela # # -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC: Only one User can't log in
Hi Daniel, When the user attempts to login what message does he get? have you checked the account flags? http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/passdb.html#accountflags On Thu, Apr 8, 2010 at 1:12 AM, Daniel Spannbauer d...@marco.de wrote: Hello, I have a working Samba-PDC with ldap-Backaend. It works fine for all our user, except one user. He can't log in. I can't find an error in ldap (compared his entry with mine) nor in the logfile. Can anybody help me to figure out the cause of this? Here is my smb.conf: [global] workgroup = test netbios aliases = homedirs server string = apollo passdb backend = ldapsam:ldap://10.3.1.3; username map = /etc/samba/smb-user-map log level = 15 log file = /var/log/samba/%m.log debug uid = Yes smb ports = 139 name resolve order = wins host bcast deadtime = 300 printcap name = cups add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$ logon script = logon.bat logon path = \\%L\%U\.ntprofile logon drive = H: logon home = \\%L\%U domain logons = Yes preferred master = Yes local master = No domain master = Yes wins server = gate kernel oplocks = No ldap admin dn = cn=Administrator,dc=test,dc=de ldap group suffix = ou=group ldap machine suffix = ou=Computers ldap suffix = dc=test,dc=de ldap ssl = no ldap user suffix = ou=people create mask = 0775 directory mask = 0775 hide files = /Desktop.ini/desktop.ini/ntuser.ini/NTUSER.*/tmp/RECYCLER/ strict locking = No share modes = No delete readonly = Yes Please find attached the logfile-snipplet. Sorry, but its to big for pastebin. Regards Daniel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- REGARDS, Andy Z -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba