Re: [Samba] difficulty setting up Samba PDC.. please help... out of ideas
On Dec 21, 2007 2:13 PM, J [EMAIL PROTECTED] wrote: Eventually, that was the plan. However... I was trying to get one thing working at a time, and got stuck at that point. Thanks for the suggestion, though. ( You make it sound easy =P ) Once everything is migrated the openldap administration is pretty easy. We are using one main ldap server and several other read only replicas using syncprov. I am not sure about the migration part though as a coworker did that part. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Simple Samba PDC - tdbsam limitations?
On Fri, 2007-12-21 at 13:48 -0500, Ryan Novosielski wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Charles Marcus wrote: Charles Marcus, on 12/21/2007 8:06 AM, said the following: What are the limitations of the tdbsam backend, with respect to performance and the number of workstations/users it can reasonably be expected to support? Never mind - of course this is well documented in the most excellent 'The Official SAMBA-3 HOWTO and Reference Guide'... For anyone curious - it is not generally recommended to use the tdbsam backend for sites with 250+ users, but this is only because these sites likely will be spread out and require BDCs and multiple servers... They specifically mention one site using the tdbsam backend with 4,500+ users with no performance problems whatsoever... Sorry for the noise. This is extremely timely for me, since I was looking into this subject just this morning. I have about 11,500 users on an smbpasswd file! :-o This does not work very well, and we recently reached a breaking point. I looked into tdbsam, figuring that that might be the easy way to go (I do not need replication, as this backend is running a computer lab, not 11,500 concurrent users). The fact that my setup is two orders of magnitude larger than the recommendation for tdbsam gives me pause. Can anyone comment on this? I'm sorta in an emergency situation, not a design situation... I'm almost looking at MySQL because that is something that I could reasonably deploy in the next 48 hours. LDAP would require at least some substantial reading for me, I'd think. Maybe not. If you do not need to replicate user information elsewhere tdbsam is the fastest backend you can get. The recommendation about 250+ users has more to do with network topologies usually implemented when you get around these numbers, and has nothing to do with the scalability of the backend itself. Simo. -- Simo Sorce Samba Team GPL Compliance Officer [EMAIL PROTECTED] Senior Software Engineer at Red Hat Inc. [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Simple Samba PDC - tdbsam limitations?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Charles Marcus wrote: Charles Marcus, on 12/21/2007 8:06 AM, said the following: What are the limitations of the tdbsam backend, with respect to performance and the number of workstations/users it can reasonably be expected to support? Never mind - of course this is well documented in the most excellent 'The Official SAMBA-3 HOWTO and Reference Guide'... For anyone curious - it is not generally recommended to use the tdbsam backend for sites with 250+ users, but this is only because these sites likely will be spread out and require BDCs and multiple servers... They specifically mention one site using the tdbsam backend with 4,500+ users with no performance problems whatsoever... Sorry for the noise. This is extremely timely for me, since I was looking into this subject just this morning. I have about 11,500 users on an smbpasswd file! :-o This does not work very well, and we recently reached a breaking point. I looked into tdbsam, figuring that that might be the easy way to go (I do not need replication, as this backend is running a computer lab, not 11,500 concurrent users). The fact that my setup is two orders of magnitude larger than the recommendation for tdbsam gives me pause. Can anyone comment on this? I'm sorta in an emergency situation, not a design situation... I'm almost looking at MySQL because that is something that I could reasonably deploy in the next 48 hours. LDAP would require at least some substantial reading for me, I'd think. Maybe not. =R - -- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Systems Programmer II |$| |__| | | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHbAp0mb+gadEcsb4RAvpjAKChomcxXbQYo1CoFlxTlc2idTBNBACdE/VD QyN68wBsW23xU+AKBVoPj7g= =Lbkx -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Simple Samba PDC - tdbsam limitations?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 simo wrote: On Fri, 2007-12-21 at 13:48 -0500, Ryan Novosielski wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Charles Marcus wrote: Charles Marcus, on 12/21/2007 8:06 AM, said the following: What are the limitations of the tdbsam backend, with respect to performance and the number of workstations/users it can reasonably be expected to support? Never mind - of course this is well documented in the most excellent 'The Official SAMBA-3 HOWTO and Reference Guide'... For anyone curious - it is not generally recommended to use the tdbsam backend for sites with 250+ users, but this is only because these sites likely will be spread out and require BDCs and multiple servers... They specifically mention one site using the tdbsam backend with 4,500+ users with no performance problems whatsoever... Sorry for the noise. This is extremely timely for me, since I was looking into this subject just this morning. I have about 11,500 users on an smbpasswd file! :-o This does not work very well, and we recently reached a breaking point. I looked into tdbsam, figuring that that might be the easy way to go (I do not need replication, as this backend is running a computer lab, not 11,500 concurrent users). The fact that my setup is two orders of magnitude larger than the recommendation for tdbsam gives me pause. Can anyone comment on this? I'm sorta in an emergency situation, not a design situation... I'm almost looking at MySQL because that is something that I could reasonably deploy in the next 48 hours. LDAP would require at least some substantial reading for me, I'd think. Maybe not. If you do not need to replicate user information elsewhere tdbsam is the fastest backend you can get. The recommendation about 250+ users has more to do with network topologies usually implemented when you get around these numbers, and has nothing to do with the scalability of the backend itself. The unfortunate thing is that I'm running CIFS/9000 (HP's version of Samba). Their support is very good, but they're willing to let me run smbpasswd (which has finally melted down), but they say that tdbsam is not recommended for over 250 users. Something tells me the Samba team should actually change their tune on this and say what the backend should support, not at what point I'd want replication. There are easily situations where a place could have very few concurrent users and very many users in their password file, meaning that smbpasswd is a terrible idea, but replication is not actually necessary. I would say that tdbsam is definitely FAR more scalable than smbpasswd, is that right? - -- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Systems Programmer II |$| |__| | | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHbLowmb+gadEcsb4RAg/FAJ0YDzsTgEjWRM9tdt9lCg+PC+inawCguNGn aPs1dTtPL7yccYyZoY22sSs= =rFl0 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Simple Samba PDC - tdbsam limitations?
On Sat, Dec 22, 2007 at 02:18:09AM -0500, Ryan Novosielski wrote: I would say that tdbsam is definitely FAR more scalable than smbpasswd, is that right? Yes, definately. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] difficulty setting up Samba PDC.. please help... out of ideas
I am trying to test a Samba PDC on our network that currently shares files as a workgroup (with a different name, of course). Microsoft states that this can be done, with no issues (so long as the workgroup and the domain have different names). The permanent home for the shares is on //receptionist. ( The temporary home for the Samba PDC is on //haze. ) Once the PDC has been set up successfully and tested, //receptionist will be switched to work as the PDC, and not a file share. The Windows client I'm testing on is a virtual machine, virtualx-ray, on the network. Please, does anyone have any ideas??: I have successfully joined the domain, and I can log into the domain with the first user I set up on //haze. (jae) jae is able to log in, successfully loads the custom profile (changing the network neighborhood to use a customized list of network resources), but does not currently update the profile. (one thing at a time) bryan, on the other hand, gets the following messages (and does not log in): Windows cannot locate the server copy of your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you logoff. Possible causes of this error include network problems or insufficient security rights. If this problem persists, contact your network administrator. DETAIL - Logon failure: unknown user name or bad password. bryan is a valid user name (see the passwd file settings below) , and I'm using the correct password. I have restarted both Samba servers every time I made a change in the smb.conf files. There is nothing in the logs (on //haze) that another user is trying to log on, other than jae. Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator. DETAIL - The system cannot find the path specified. bryan does NOT exist as a local account on the Windows client. Jae did exist, at one time on the Windows client. ( The login name was later changed to jnorm. Logging in as Jae with the valid password on the local client does not work, as it shouldn't. ) I have tinkered with the settings for weeks now, so they are more open than they started out. Here are the (appropriate) settings: (//receptionist): [receptionist 133] server.files smbclient --version Version 3.0.23c-2.el5.2.0.2 [ls -l]: /home/win-profiles: drwxr-xr-x 22 root root 4096 Dec 8 11:37 home drwxrwxrwx 4 jaeusers4096 Dec 17 13:18 win-profiles /misc2/shares/netlogon: drwxr-sr-x 12 root ppsi-employees 4096 Dec 8 07:31 shares dr--r-xrwx 2 root users 4096 Dec 7 17:12 netlogon [/etc/passwd]: jae:x:500:500:J:/home/jae:/bin/bash bryan:x:501:501::/home/bryan:/bin/bash [/etc/group]: users:x:100:bryan,jae jae:x:500: bryan:x:501: ntadmins:x:550: [/etc/samba/smb.conf]: [global] workgroup = platinum server string = Receptionist security = user hosts allow = 192.168.1. 192.168.0. 127. ;load printers = yes ;printing = cups cups options = raw log level = 2 log file = /var/log/samba/%m.log max log size = 50 interfaces = lo eth0 os level = 33 ;preferred master = yes wins support = yes dns proxy = no username map = /etc/samba/smbusers veto files = /lost+found encrypt passwords = yes ;guest ok = no ;guest account = nobody [homes] comment = Home Directories browseable = no writeable = yes [netlogon] comment = Network Logon Service path = /misc2/shares/netlogon guest ok = yes browseable = No [network-resources] path = /misc2/shares/network-resources guest ok = no browseable = yes writeable = yes writelist = jae [printers] comment = All Printers path = /usr/spool/samba printable = yes guest ok = yes [win-profiles] path = /home/win-profiles browseable = yes writeable = yes #create mask = 0666 #directory mask = 0777 csc policy = disable [SharePPSI] path = /misc2/shares/share.ppsi writeable = yes force create mode = 0660 force directory mode = 2771 # More directory shares, omitted for sake of brevity; # No shares directly off of /home, except for win-profiles. (//haze): [EMAIL PROTECTED] server.files]$ smbclient --version Version 3.0.24-11.fc6 [ls -l]: /home/shares/: ( This is an NFS to //receptionist ) dr--r-xrwx 2 root users 4096 Dec 7 17:12 netlogon drwxrws--- 3 jaeppsi-employees 4096 Dec 10 12:25 network-resources [/etc/passwd]: jae:x:500:500:J:/home/jae:/bin/bash virtualx-ray$:x:503:526:Machine:/dev/null:/bin/false bryan:x:501:501:bryan:/home/bryan:/bin/bash [/etc/group]: users:x:100:jae,games,bryan jae:x:500: machines:x:526: ntadmins:x:550:jae bryan:x:501: [/etc/samba/smb.conf]: [global] workgroup = ppsi-austin netbios name = fdesk server string
Re: [Samba] difficulty setting up Samba PDC.. please help... out of ideas
Incidentally, this is being written (at log level 2), when I attempt to log bryan in: [2007/12/20 15:52:16, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: authentication for user [bryan] - [bryan] - [bryan] succeeded If authentication is succeeding, why am I getting the message that the user doesn't exist in Windows? J wrote: I am trying to test a Samba PDC on our network that currently shares files as a workgroup (with a different name, of course). Microsoft states that this can be done, with no issues (so long as the workgroup and the domain have different names). The permanent home for the shares is on //receptionist. ( The temporary home for the Samba PDC is on //haze. ) Once the PDC has been set up successfully and tested, //receptionist will be switched to work as the PDC, and not a file share. The Windows client I'm testing on is a virtual machine, virtualx-ray, on the network. Please, does anyone have any ideas??: I have successfully joined the domain, and I can log into the domain with the first user I set up on //haze. (jae) jae is able to log in, successfully loads the custom profile (changing the network neighborhood to use a customized list of network resources), but does not currently update the profile. (one thing at a time) bryan, on the other hand, gets the following messages (and does not log in): Windows cannot locate the server copy of your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you logoff. Possible causes of this error include network problems or insufficient security rights. If this problem persists, contact your network administrator. DETAIL - Logon failure: unknown user name or bad password. bryan is a valid user name (see the passwd file settings below) , and I'm using the correct password. I have restarted both Samba servers every time I made a change in the smb.conf files. There is nothing in the logs (on //haze) that another user is trying to log on, other than jae. Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator. DETAIL - The system cannot find the path specified. bryan does NOT exist as a local account on the Windows client. Jae did exist, at one time on the Windows client. ( The login name was later changed to jnorm. Logging in as Jae with the valid password on the local client does not work, as it shouldn't. ) I have tinkered with the settings for weeks now, so they are more open than they started out. Here are the (appropriate) settings: (//receptionist): [receptionist 133] server.files smbclient --version Version 3.0.23c-2.el5.2.0.2 [ls -l]: /home/win-profiles: drwxr-xr-x 22 root root 4096 Dec 8 11:37 home drwxrwxrwx 4 jaeusers4096 Dec 17 13:18 win-profiles /misc2/shares/netlogon: drwxr-sr-x 12 root ppsi-employees 4096 Dec 8 07:31 shares dr--r-xrwx 2 root users 4096 Dec 7 17:12 netlogon [/etc/passwd]: jae:x:500:500:J:/home/jae:/bin/bash bryan:x:501:501::/home/bryan:/bin/bash [/etc/group]: users:x:100:bryan,jae jae:x:500: bryan:x:501: ntadmins:x:550: [/etc/samba/smb.conf]: [global] workgroup = platinum server string = Receptionist security = user hosts allow = 192.168.1. 192.168.0. 127. ;load printers = yes ;printing = cups cups options = raw log level = 2 log file = /var/log/samba/%m.log max log size = 50 interfaces = lo eth0 os level = 33 ;preferred master = yes wins support = yes dns proxy = no username map = /etc/samba/smbusers veto files = /lost+found encrypt passwords = yes ;guest ok = no ;guest account = nobody [homes] comment = Home Directories browseable = no writeable = yes [netlogon] comment = Network Logon Service path = /misc2/shares/netlogon guest ok = yes browseable = No [network-resources] path = /misc2/shares/network-resources guest ok = no browseable = yes writeable = yes writelist = jae [printers] comment = All Printers path = /usr/spool/samba printable = yes guest ok = yes [win-profiles] path = /home/win-profiles browseable = yes writeable = yes #create mask = 0666 #directory mask = 0777 csc policy = disable [SharePPSI] path = /misc2/shares/share.ppsi writeable = yes force create mode = 0660 force directory mode = 2771 # More directory shares, omitted for sake of brevity; # No shares directly off of /home, except for win-profiles. (//haze): [EMAIL PROTECTED] server.files]$ smbclient --version Version 3.0.24-11.fc6 [ls -l]: /home/shares/: ( This is an NFS to //receptionist ) dr--r-xrwx 2 root users 4096 Dec 7 17:12 netlogon drwxrws--- 3 jaeppsi-employees 4096 Dec 10 12:25 network-resources
Fwd: [Samba] difficulty setting up Samba PDC.. please help... out of ideas
On Dec 20, 2007 4:58 PM, J [EMAIL PROTECTED] wrote: Incidentally, this is being written (at log level 2), when I attempt to log bryan in: [2007/12/20 15:52:16, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: authentication for user [bryan] - [bryan] - [bryan] succeeded If authentication is succeeding, why am I getting the message that the user doesn't exist in Windows? Try adding profile acls = yes to your smb.conf John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: Fwd: [Samba] difficulty setting up Samba PDC.. please help... out of ideas
I wasn't aware that I was using acls (at all). Are they set up by default, with these versions of Samba? John Drescher wrote: On Dec 20, 2007 4:58 PM, J [EMAIL PROTECTED] wrote: Incidentally, this is being written (at log level 2), when I attempt to log bryan in: [2007/12/20 15:52:16, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: authentication for user [bryan] - [bryan] - [bryan] succeeded If authentication is succeeding, why am I getting the message that the user doesn't exist in Windows? Try adding profile acls = yes to your smb.conf John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: Fwd: [Samba] difficulty setting up Samba PDC.. please help... out of ideas
On Dec 20, 2007 5:53 PM, J [EMAIL PROTECTED] wrote: I wasn't aware that I was using acls (at all). Are they set up by default, with these versions of Samba? The problem is XP tries to verify that the user of the profile is the same as the user who has full permissions on the profile. This switch (or a registry setting) will fix that problem (if this is indeed the problem you have). Previous versions of samba and previous XP security packs did not have need this and it may not happen for all users. I saw this problem about 6 months ago when I upgraded to samba-3.0.23. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: Fwd: [Samba] difficulty setting up Samba PDC.. please help... out of ideas
ah -- that's a switch similar to the registry settings I've been using, then?: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netlogon\parameters RequireSignOrSeal=dword: Registry setting is giving me inconsistent results (when applied, obviously) -- I'll try the acl profiles switch. Thanks. John Drescher wrote: On Dec 20, 2007 5:53 PM, J [EMAIL PROTECTED] wrote: I wasn't aware that I was using acls (at all). Are they set up by default, with these versions of Samba? The problem is XP tries to verify that the user of the profile is the same as the user who has full permissions on the profile. This switch (or a registry setting) will fix that problem (if this is indeed the problem you have). Previous versions of samba and previous XP security packs did not have need this and it may not happen for all users. I saw this problem about 6 months ago when I upgraded to samba-3.0.23. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] difficulty setting up Samba PDC.. please help... out of ideas
The answer, to my biggest problem, was that the user needed the same smbpasswd on both Samba servers. (d'oh!) The PDC would handle the authentication, and then attempt to access shares on the file server, but since the smbpasswd was different on the file server, access would not be granted... I still have strange behaviors to figure out (like why I'm not getting consistent results from different machines), but the hurdle that took me two weeks to figure out is conquered... J wrote: Incidentally, this is being written (at log level 2), when I attempt to log bryan in: [2007/12/20 15:52:16, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: authentication for user [bryan] - [bryan] - [bryan] succeeded If authentication is succeeding, why am I getting the message that the user doesn't exist in Windows? J wrote: I am trying to test a Samba PDC on our network that currently shares files as a workgroup (with a different name, of course). Microsoft states that this can be done, with no issues (so long as the workgroup and the domain have different names). The permanent home for the shares is on //receptionist. ( The temporary home for the Samba PDC is on //haze. ) Once the PDC has been set up successfully and tested, //receptionist will be switched to work as the PDC, and not a file share. The Windows client I'm testing on is a virtual machine, virtualx-ray, on the network. Please, does anyone have any ideas??: I have successfully joined the domain, and I can log into the domain with the first user I set up on //haze. (jae) jae is able to log in, successfully loads the custom profile (changing the network neighborhood to use a customized list of network resources), but does not currently update the profile. (one thing at a time) bryan, on the other hand, gets the following messages (and does not log in): Windows cannot locate the server copy of your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you logoff. Possible causes of this error include network problems or insufficient security rights. If this problem persists, contact your network administrator. DETAIL - Logon failure: unknown user name or bad password. bryan is a valid user name (see the passwd file settings below) , and I'm using the correct password. I have restarted both Samba servers every time I made a change in the smb.conf files. There is nothing in the logs (on //haze) that another user is trying to log on, other than jae. Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator. DETAIL - The system cannot find the path specified. bryan does NOT exist as a local account on the Windows client. Jae did exist, at one time on the Windows client. ( The login name was later changed to jnorm. Logging in as Jae with the valid password on the local client does not work, as it shouldn't. ) I have tinkered with the settings for weeks now, so they are more open than they started out. Here are the (appropriate) settings: (//receptionist): [receptionist 133] server.files smbclient --version Version 3.0.23c-2.el5.2.0.2 [ls -l]: /home/win-profiles: drwxr-xr-x 22 root root 4096 Dec 8 11:37 home drwxrwxrwx 4 jaeusers4096 Dec 17 13:18 win-profiles /misc2/shares/netlogon: drwxr-sr-x 12 root ppsi-employees 4096 Dec 8 07:31 shares dr--r-xrwx 2 root users 4096 Dec 7 17:12 netlogon [/etc/passwd]: jae:x:500:500:J:/home/jae:/bin/bash bryan:x:501:501::/home/bryan:/bin/bash [/etc/group]: users:x:100:bryan,jae jae:x:500: bryan:x:501: ntadmins:x:550: [/etc/samba/smb.conf]: [global] workgroup = platinum server string = Receptionist security = user hosts allow = 192.168.1. 192.168.0. 127. ;load printers = yes ;printing = cups cups options = raw log level = 2 log file = /var/log/samba/%m.log max log size = 50 interfaces = lo eth0 os level = 33 ;preferred master = yes wins support = yes dns proxy = no username map = /etc/samba/smbusers veto files = /lost+found encrypt passwords = yes ;guest ok = no ;guest account = nobody [homes] comment = Home Directories browseable = no writeable = yes [netlogon] comment = Network Logon Service path = /misc2/shares/netlogon guest ok = yes browseable = No [network-resources] path = /misc2/shares/network-resources guest ok = no browseable = yes writeable = yes writelist = jae [printers] comment = All Printers path = /usr/spool/samba printable = yes guest ok = yes [win-profiles] path = /home/win-profiles browseable = yes writeable = yes #create mask = 0666 #directory mask = 0777 csc policy = disable [SharePPSI] path = /misc2
Re: [Samba] difficulty setting up Samba PDC.. please help... out of ideas
On Dec 20, 2007 10:32 PM, John Drescher [EMAIL PROTECTED] wrote: On Dec 20, 2007 7:56 PM, J [EMAIL PROTECTED] wrote: The answer, to my biggest problem, was that the user needed the same smbpasswd on both Samba servers. (d'oh!) Take a look at using ldap. That way you can have a central password server and not have that problem. John -- John M. Drescher -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problems adding a NTSp6a machine to a SAMBA PDC Domain + LDAP: sambaPrimaryGroupSID
Hello everybody I have configure a Samba PDC machine, using LDAP as password backend. The scripts smbldap-tools are used to create the accounts in the LDAP. I can add Windows XP machines to the domain without problems. But today, I tried to add a Windows NT Server SP6a machine to the domain, and there is the next error: smbldap_get_single_attribute: [sambaLogonHours] = [does not exist] [2007/12/19 14:38:03, 10] lib/smbldap.c:smbldap_make_mod(528) smbldap_make_mod: adding attribute |sambaLogonHours| value | FF| [2007/12/19 14:38:03, 10] lib/smbldap.c:smbldap_make_mod(519) smbldap_make_mod: deleting attribute |sambaAcctFlags| values | [DW ]| [2007/12/19 14:38:03, 10] lib/smbldap.c:smbldap_make_mod(528) smbldap_make_mod: adding attribute |sambaAcctFlags| value | [W ]| [2007/12/19 14:38:03, 5] lib/smbldap.c:smbldap_modify(1377) smbldap_modify: dn = [uid=windowsntldap $,ou=machines,ou=samba,dc=itdeusto,dc=local] [2007/12/19 14:38:03, 10] lib/smbldap.c:smbldap_modify(1397) Failed to modify dn: uid=windowsntldap $,ou=machines,ou=samba,dc=x,dc=local, error: 20 (Type or value exists) (modify/add: sambaPrimaryGroupSID: value #0 already exists) [2007/12/19 14:38:03, 5] rpc_parse/parse_prs.c:prs_debug(84) 00 samr_io_r_set_userinfo The smbd proccess have a problem trying to modify the LDAP entry that have been created I have been using the Samba version that came with CentOS 5.1 (samba-3.0.25b) I also have a tcpdump file from the Samba - LDAP comunication and I can see the same error: attributeOrValueExists (modify/add: sambaPrimaryGroupSID: value #0 already exists) I don't know what is the problem. Can someone help me?. Thank you very much Greetings Carlos -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] (UPDATE) Problems adding a NTSp6a machine to a SAMBA PDC Domain + LDAP: sambaPrimaryGroupSID
I have the problem also with 3.0.28. I have attach the relevant log file section El 19/12/2007, a las 15:23, Carlos Terrón escribió: Hello everybody I have configure a Samba PDC machine, using LDAP as password backend. The scripts smbldap-tools are used to create the accounts in the LDAP. I can add Windows XP machines to the domain without problems. But today, I tried to add a Windows NT Server SP6a machine to the domain, and there is the next error: smbldap_get_single_attribute: [sambaLogonHours] = [does not exist] [2007/12/19 14:38:03, 10] lib/smbldap.c:smbldap_make_mod(528) smbldap_make_mod: adding attribute |sambaLogonHours| value | FF| [2007/12/19 14:38:03, 10] lib/smbldap.c:smbldap_make_mod(519) smbldap_make_mod: deleting attribute |sambaAcctFlags| values | [DW ]| [2007/12/19 14:38:03, 10] lib/smbldap.c:smbldap_make_mod(528) smbldap_make_mod: adding attribute |sambaAcctFlags| value | [W ]| [2007/12/19 14:38:03, 5] lib/smbldap.c:smbldap_modify(1377) smbldap_modify: dn = [uid=windowsntldap $,ou=machines,ou=samba,dc=itdeusto,dc=local] [2007/12/19 14:38:03, 10] lib/smbldap.c:smbldap_modify(1397) Failed to modify dn: uid=windowsntldap $,ou=machines,ou=samba,dc=x,dc=local, error: 20 (Type or value exists) (modify/add: sambaPrimaryGroupSID: value #0 already exists) [2007/12/19 14:38:03, 5] rpc_parse/parse_prs.c:prs_debug(84) 00 samr_io_r_set_userinfo The smbd proccess have a problem trying to modify the LDAP entry that have been created I have been using the Samba version that came with CentOS 5.1 (samba-3.0.25b) I also have a tcpdump file from the Samba - LDAP comunication and I can see the same error: attributeOrValueExists (modify/add: sambaPrimaryGroupSID: value #0 already exists) I don't know what is the problem. Can someone help me?. Thank you very much Greetings Carlos -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba PDC with Terminal services
Stuart Gall wrote: Now if I add a user to the local remote desktop group, enable remote admin, and then logon (from another machine) using the ip address I can get a remote desktop session. However the browse for machine facility does not work, it says there is no terminal server in the domain. This may be relevant... http://support.microsoft.com/default.aspx?scid=kb;en-us;281307 I am just a Samba noob, and don't have a strong handle on browsing, but it seems like the first step would be for the XP clients to be announcing themselves as Terminal Servers. Evidently they don't show up in the list browse list of the RDP client otherwise. Regards, Kevin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba PDC with Terminal services
Hello, I have a network using samba as the PDC. There are a number of XP clients but no windows servers. We want to setup remote desktops between some of the clients. Now if I add a user to the local remote desktop group, enable remote admin, and then logon (from another machine) using the ip address I can get a remote desktop session. However the browse for machine facility does not work, it says there is no terminal server in the domain. I have spent alot of time searching I gave found many ways of doing terminal service type things with samba, but not my specific problem. All I want the samba PDC to do is some how produce the browse list of terminal service enabled clients, and then allow domain logons to those clients. This is just between the windows XP client machines. Is this possible ? TIA Stuart Gall -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Is Samba PDC + NT4 DOM Trust using NTLMv2 possible?
I haven't found a solution yet. I think I may post a bug to the bugtrack database. -- Aaron Hans-Wilhelm Heisinger wrote: Did you come across a solution to this problem? I have the same issue. Mit freundlichen Grüßen / With kind regards Hans Aaron J. Zirbes wrote: My Question: Is it possible to get 2-way Interdomain Trust relationships working between a Samba domain and an NT4 SP6a domain, while restricting all password hashes to NTLMv2 only? Everything works except the inter-domain trust I'm able to get the NT4 domain to trust the Samba domain, but not the other way around. My System: -- I have a perfectly running Samba domain w/ ~60 client WinXP workstations, and Win 2003 member servers. All machines are set to use NTLMv2 only. My Config: -- I'm running Samba Version 3.0.27a, compiled with --with-ldap --with-winbind --with-utmp --with-acl-support LDAP backend with the new: ldapsam:trusted=yes ldapsam:editposix=yes Key NTLMv2 security settings are: ntlm auth = no lanman auth = no client plaintext auth = no client lanman auth = no client ntlmv2 auth = yes client schannel = yes server schannel = yes client signing = auto server signing = auto I added an idmap config section for the trusted domain I created the Machine account entry in LDAP for the trusted domain. I setup the domain trust using the net command, I added access to one of my shares by adding TESTDOM\azirbes to the valid users parameter as I usually do, but the trusted domain still prompts for a user name and password, and the samba log dumps the following: [2007/11/09 12:55:09, 2] smbd/sesssetup.c:setup_new_vc_session(1200) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2007/11/09 12:55:09, 5] auth/auth_util.c:make_user_info_map(161) make_user_info_map: Mapping user [TESTDOM]\[azirbes] from workstation [nt4test] [2007/11/09 12:55:09, 5] auth/auth_util.c:is_trusted_domain(2198) is_trusted_domain: Checking for domain trust with [TESTDOM] [2007/11/09 12:55:09, 5] auth/auth_util.c:make_user_info(75) attempting to make a user_info for azirbes (azirbes) [2007/11/09 12:55:09, 5] auth/auth_util.c:make_user_info(85) making strings for azirbes's user_info struct [2007/11/09 12:55:09, 5] auth/auth_util.c:make_user_info(117) making blobs for azirbes's user_info struct [2007/11/09 12:55:09, 3] auth/auth.c:check_ntlm_password(221) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2007/11/09 12:55:09, 3] auth/auth.c:check_ntlm_password(224) check_ntlm_password: mapped user is: [EMAIL PROTECTED] [2007/11/09 12:55:09, 6] auth/auth_sam.c:check_samstrict_security(421) check_samstrict_security: TESTDOM is not one of my local names or domain name (DC) [2007/11/09 12:55:09, 5] auth/auth.c:check_ntlm_password(273) check_ntlm_password: winbind authentication for user [azirbes] FAILED with error NT_STATUS_ACCESS_DENIED [2007/11/09 12:55:09, 2] auth/auth.c:check_ntlm_password(319) check_ntlm_password: Authentication for user [azirbes] - [azirbes] FAILED with error NT_STATUS_ACCESS_DENIED [2007/11/09 12:55:09, 5] auth/auth_util.c:free_user_info(2045) attempting to free (and zero) a user_info structure -- Aaron -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Is Samba PDC + NT4 DOM Trust using NTLMv2 possible?
My Question: Is it possible to get 2-way Interdomain Trust relationships working between a Samba domain and an NT4 SP6a domain, while restricting all password hashes to NTLMv2 only? Everything works except the inter-domain trust I'm able to get the NT4 domain to trust the Samba domain, but not the other way around. My System: -- I have a perfectly running Samba domain w/ ~60 client WinXP workstations, and Win 2003 member servers. All machines are set to use NTLMv2 only. My Config: -- I'm running Samba Version 3.0.27a, compiled with --with-ldap --with-winbind --with-utmp --with-acl-support LDAP backend with the new: ldapsam:trusted=yes ldapsam:editposix=yes Key NTLMv2 security settings are: ntlm auth = no lanman auth = no client plaintext auth = no client lanman auth = no client ntlmv2 auth = yes client schannel = yes server schannel = yes client signing = auto server signing = auto I added an idmap config section for the trusted domain I created the Machine account entry in LDAP for the trusted domain. I setup the domain trust using the net command, I added access to one of my shares by adding TESTDOM\azirbes to the valid users parameter as I usually do, but the trusted domain still prompts for a user name and password, and the samba log dumps the following: [2007/11/09 12:55:09, 2] smbd/sesssetup.c:setup_new_vc_session(1200) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2007/11/09 12:55:09, 5] auth/auth_util.c:make_user_info_map(161) make_user_info_map: Mapping user [TESTDOM]\[azirbes] from workstation [nt4test] [2007/11/09 12:55:09, 5] auth/auth_util.c:is_trusted_domain(2198) is_trusted_domain: Checking for domain trust with [TESTDOM] [2007/11/09 12:55:09, 5] auth/auth_util.c:make_user_info(75) attempting to make a user_info for azirbes (azirbes) [2007/11/09 12:55:09, 5] auth/auth_util.c:make_user_info(85) making strings for azirbes's user_info struct [2007/11/09 12:55:09, 5] auth/auth_util.c:make_user_info(117) making blobs for azirbes's user_info struct [2007/11/09 12:55:09, 3] auth/auth.c:check_ntlm_password(221) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2007/11/09 12:55:09, 3] auth/auth.c:check_ntlm_password(224) check_ntlm_password: mapped user is: [EMAIL PROTECTED] [2007/11/09 12:55:09, 6] auth/auth_sam.c:check_samstrict_security(421) check_samstrict_security: TESTDOM is not one of my local names or domain name (DC) [2007/11/09 12:55:09, 5] auth/auth.c:check_ntlm_password(273) check_ntlm_password: winbind authentication for user [azirbes] FAILED with error NT_STATUS_ACCESS_DENIED [2007/11/09 12:55:09, 2] auth/auth.c:check_ntlm_password(319) check_ntlm_password: Authentication for user [azirbes] - [azirbes] FAILED with error NT_STATUS_ACCESS_DENIED [2007/11/09 12:55:09, 5] auth/auth_util.c:free_user_info(2045) attempting to free (and zero) a user_info structure -- Aaron -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] PDC Ldap adding computers to domain
I have a problem setting up samba using ldap as a domain server. When I try to configure a windows 2000 machine to join the domain I first get an authentication request where I enter root and roots password. The dialog disapears for a while (20-30 seconds) and then displays an error dialog with something like The user name could not be found (but in swedish). The computer name shows up in the ldap database after this. I'm using: Debian etch samba 3.0.24-6etch5 smbldap-tools 0.9.2-3 OpenLDAP (slapd) 2.3.30-5 I set the debugging to level 2 and get this for each attempt at configuring the computer in /var/log/samba/log.troll [2007/11/30 01:45:51, 0] lib/util_sock.c:write_data(562) write_data: write failure in writing to client 10.0.0.203. Error Connection reset by peer [2007/11/30 01:45:51, 0] lib/util_sock.c:send_smb(769) Error writing 4 bytes to client. -1. (Connection reset by peer) [2007/11/30 01:45:51, 2] lib/smbldap.c:smbldap_open_connection(788) smbldap_open_connection: connection opened [2007/11/30 01:45:51, 2] passdb/pdb_ldap.c:init_sam_from_ldap(541) init_sam_from_ldap: Entry found for user: root [2007/11/30 01:45:51, 2] passdb/pdb_ldap.c:init_group_from_ldap(2140) init_group_from_ldap: Entry found for group: 513 [2007/11/30 01:45:51, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: authentication for user [root] - [root] - [root] succeeded [2007/11/30 01:45:51, 2] smbd/reply.c:reply_tcon_and_X(711) Serving IPC$ as a Dfs root [2007/11/30 01:45:52, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2797) Returning domain sid for domain CHAMPIS - S-1-5-21-3235403273-773503436-3870180080 my smb.conf [global] workgroup = CHAMPIS server string = %h server passdb backend = ldapsam:ldap://localhost:389 passwd program = /sbin/smbldap-passwd %u passwd chat = *New*password* %n\n *Retype*new*password %n\n *all*authentication*tokens*updated* log level = 2 syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 name resolve order = lmhosts host wins bcast add user script = /usr/sbin/smbldap-useradd -m %u add group script = /usr/sbin/smbldap-groupadd -p %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u add machine script = /usr/sbin/smbldap-useradd -w %u logon path = \\%N\profiles\%U logon drive = H: domain logons = Yes os level = 42 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes ldap admin dn = cn=admin,dc=proxxi,dc=org ldap delete dn = Yes ldap group suffix = ou=Groups ldap idmap suffix = ou=Users ldap machine suffix = ou=Computers ldap passwd sync = Yes ldap replication sleep = 5000 ldap suffix = dc=proxxi,dc=org ldap user suffix = ou=Users panic action = /usr/share/samba/panic-action %d [homes] comment = Home Directories valid users = %U create mask = 0700 directory mask = 0700 browseable = No [netlogon] comment = Network Logon Service path = /home/samba/netlogon guest ok = Yes share modes = No [profiles] comment = Users profiles path = /home/samba/profiles create mask = 0600 directory mask = 0700 browseable = No -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
AW: [Samba] [samba pdc] serverbased profiles doesnt load at winxp login
luckily I solved the problem! i configured the absolute path, here: logon path = \\%L\home\samba\profiles\%U but, thats of course wrong, wanted is the network permission, that is similar to the section in the smb.conf: logon path = \\%L\profiles\%U -Ursprüngliche Nachricht- Von: John Drescher [mailto:[EMAIL PROTECTED] Gesendet: Montag, 26. November 2007 22:05 An: Christian Cc: samba@lists.samba.org Betreff: Re: [Samba] [samba pdc] serverbased profiles doesnt load at winxp login You did not mention what the exact problem is. My guess is you need profile acls = yes in your profiles share. Sorry that is at the end of your email. Possibly this is a nmbd problem. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] [samba pdc] serverbased profiles doesnt load at winxp login
ive installed samba 3 on a debian 4, the samba server should act like a pdc. at the moment it work that user can login on my clients (all windows xp pro sp2), the homedrive is mapped corretly, the only thing that doesn't work, is that the serverbased profile is saved automatically on the server, so that the user can downlad the profile at login. here is my smb.conf: [global] workgroup = lecture server string = %h server netbios name = samba_pdc interfaces = 127.0.0.1, 192.168.10.0/24 hosts allow = 127.0.0.1, 192.168.10.0/24 hosts deny = all map to guest = Bad User passwd program = /usr/bin/passwd %u passwd chat = *password* %n\n *password* %n\n *changed* passwd chat debug = yes #username map = /etc/samba/smbusers unix password sync = yes log level = 2 passdb backend = smbpasswd encrypt passwords = yes log file = /var/log.%m #Samba als PDC domain logons = yes preferred master = Yes domain master = Yes os level = 65 #netbios name = samba_pdc logon path = \\%L\home\samba\profiles\%U logon drive = Z: logon script = logon.bat wins support = yes name resolve order = wins lmhosts host bcast admin users = root security = user #guest ok = no encrypt passwords = yes null passwords = no [homes] comment = Home Directories valid users = %S read only = no inherit acls = yes browseable = no [profiles] comment = Network Profiles Service path = /home/samba/profiles read only = no create mask = 0600 directory mask = 0700 store dos attributes = yes browsable = no guest ok = no printable = no #hide files = /desktop.ini/outlook*.Ink/*Briefcase*/ [public] comment = Public path = /home/samba/public browseable = yes create mask = 0777 directory mask = 0777 guest ok = yes writeable = yes share modes = yes [netlogon] comment = Network Logon Service path = /home/samba/netlogon writeable = no browseable = no i created the directories of the profiles manually, and give the rights 0777 (for testing). i assigned the profiles to their owners. here is the log (with an error!): [2007/11/13 15:52:15, 2] lib/access.c:check_access(323) Allowed connection from (192.168.10.2) [2007/11/13 15:52:15, 2] smbd/reply.c:reply_tcon_and_X(711) Serving IPC$ as a Dfs root [2007/11/13 15:52:15, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2797) Returning domain sid for domain LECTURE - S-1-5-21-1599594011-1679142555-2671711842 [2007/11/13 15:52:18, 2] lib/access.c:check_access(323) Allowed connection from (192.168.10.2) [2007/11/13 15:52:18, 2] smbd/reply.c:reply_tcon_and_X(711) Serving IPC$ as a Dfs root [2007/11/13 15:52:18, 2] lib/access.c:check_access(323) Allowed connection from (192.168.10.2) [2007/11/13 15:52:18, 2] smbd/reply.c:reply_tcon_and_X(711) Serving IPC$ as a Dfs root [2007/11/13 15:52:18, 0] smbd/service.c:make_connection() x20 (192.168.10.2) couldn't find service home [2007/11/13 15:52:18, 2] lib/access.c:check_access(323) Allowed connection from (192.168.10.2) [2007/11/13 15:52:18, 2] smbd/reply.c:reply_tcon_and_X(711) Serving IPC$ as a Dfs root (x20 is the netbios name of a client) The Server is pingable from the clients with ip and the netbios name! for tests i also set the smb-server as wins and dns on the clients - with the same error on login. when a user logs in onto a client the user profile doesnt load, and a error message pop up, for about 30 seconds, with the circa message: the networkname cant be found. the profiles are set to serverbased on the clients (its the standard). i dont know if its important, but: the clients login through vpn (the vpn server is the same machine as the samba server), vpn seems to work correctly. sorry for my bad english. hope someone can help. chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [samba pdc] serverbased profiles doesnt load at winxp login
You did not mention what the exact problem is. My guess is you need profile acls = yes in your profiles share. Sorry that is at the end of your email. Possibly this is a nmbd problem. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [samba pdc] serverbased profiles doesnt load at winxp login
at the moment it work that user can login on my clients (all windows xp pro sp2), the homedrive is mapped corretly, the only thing that doesn't work, is that the serverbased profile is saved automatically on the server, so that the user can downlad the profile at login. You did not mention what the exact problem is. My guess is you need profile acls = yes in your profiles share. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba PDC windows XP logon scripts
Server: Debian etch (kernel 2.6.18-4-686) Samba 3.0.24 (PDC) Workstations: Windows XP Pro SP2 fully updated I want to have my windows xp users to login locally to their machine, but still have them automaticly check the netlogon share or something like that to apply network mappings and policies per group or user. I have this working when the user logs onto the domain. He gets a profile (which i keep local through gpedit.msc). I also know of a way to apply all those things locally to every machine, but obviously i want to have this another way. Domain login could be ok if it's a new user, but i'm talking about +- 50 workstations with local profiles already in use. And it would be the best to manage them centrally via the server. Anyway to apply this some way? I've been searching a lot, and it seems to me at the moment i have to change everything to every workstations (policy and network drive mapping) without having to do a lot of jiggling locally with their profiles. I rather don't. I guess i'm not the only one who encountered this problem. Any suggestions would be very welcome. Thx for reading, Koen Linders -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC windows XP logon scripts
Koen Linders schrieb: Server:Debian etch (kernel 2.6.18-4-686) Samba 3.0.24 (PDC) Workstations: Windows XP Pro SP2 fully updated I want to have my windows xp users to login locally to their machine, but still have them automaticly check the netlogon share or something like that to apply network mappings and policies per group or user. I have this working when the user logs onto the domain. He gets a profile (which i keep local through gpedit.msc). I also know of a way to apply all those things locally to every machine, but obviously i want to have this another way. Domain login could be ok if it's a new user, but i'm talking about +- 50 workstations with local profiles already in use. And it would be the best to manage them centrally via the server. Anyway to apply this some way? I've been searching a lot, and it seems to me at the moment i have to change everything to every workstations (policy and network drive mapping) without having to do a lot of jiggling locally with their profiles. I rather don't. I guess i'm not the only one who encountered this problem. Any suggestions would be very welcome. Thx for reading, Koen Linders Hi, Logon-scripts are one of the features of domain-logons. you can not get them easily from windows without logging into the domain. This is a windows-function, not a samba-thing. perhaps you would be able to emulate it with a script on every workstation that knows the domaincontroler, the share where the logonscripts are stored, and the user actualy logged in, and which is run for everyone logging localy on to the workstation. You'll have to write this script, distribute it to every wonrstation by hand and make shure it gets run. It is much less trouble to move the actualy used profiles into the domain, there are many howto's on this topic in the net, and ,afaik, even in the docs on samba.org Christoph -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC windows XP logon scripts
I would really suggest using a domain, it greatly reduces management overheads and just generally makes life easier. It isn't too difficult to deal with swapping profiles and the like around. Last time I had to migrate about 80 machines I wrote a vb script to rename the machine, join it to the domain and migrate the local user profile to the domain user. I don't have a copy of it at the moment, but the basic parts of it are fairly well documented. Good luck. *Michael Heydon - IT Administrator * [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Koen Linders wrote: Server:Debian etch (kernel 2.6.18-4-686) Samba 3.0.24 (PDC) Workstations: Windows XP Pro SP2 fully updated I want to have my windows xp users to login locally to their machine, but still have them automaticly check the netlogon share or something like that to apply network mappings and policies per group or user. I have this working when the user logs onto the domain. He gets a profile (which i keep local through gpedit.msc). I also know of a way to apply all those things locally to every machine, but obviously i want to have this another way. Domain login could be ok if it's a new user, but i'm talking about +- 50 workstations with local profiles already in use. And it would be the best to manage them centrally via the server. Anyway to apply this some way? I've been searching a lot, and it seems to me at the moment i have to change everything to every workstations (policy and network drive mapping) without having to do a lot of jiggling locally with their profiles. I rather don't. I guess i'm not the only one who encountered this problem. Any suggestions would be very welcome. Thx for reading, Koen Linders -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC Profile problem
Hello I think, that the second user have the same sambaSID number (you are using LDAP as backend for samba?). Windows distinguishes between users only on sambaSID attribute. For windows is user A and user B with same sambaSID attribute the _same_ user. If first user A logs in system and windows creates for him new profile with his privileges (based on user SID attribute), and then logs on this machine second user, this second user will have the same profile (and different profile name). And that might be your problem. Camilo Echeverry wrote / napísal(a): Hi all . I'm configuring samba as PDC and I am having some problems .. when a first user logs in in a new computer (recently added to the domain) .. it creates a local directory for that profile .. but when a second user logs in on that computer .. the profile directory is not created and the first user´s directory (on the local machine) is used .. some clue .. ? Thank You -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC Profile problem
On Nov 19, 2007 10:56 AM, Camilo Echeverry [EMAIL PROTECTED] wrote: Hi all . I'm configuring samba as PDC and I am having some problems .. when a first user logs in in a new computer (recently added to the domain) .. it creates a local directory for that profile .. but when a second user logs in on that computer .. the profile directory is not created and the first user´s directory (on the local machine) is used .. some clue .. ? Do you have profile acls = yes in your samba config? I found this is necessary with recent versions of samba. Also does the user have rights on the unix filesystem to create a folder where there profile is supposed to be written? I generally pre-create profile folders as well as the user's public and private folders and assign permissions when I create the account. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] PDC Profile problem
Hi all . I'm configuring samba as PDC and I am having some problems .. when a first user logs in in a new computer (recently added to the domain) .. it creates a local directory for that profile .. but when a second user logs in on that computer .. the profile directory is not created and the first user´s directory (on the local machine) is used .. some clue .. ? Thank You -- Camilo Echeverry Your life would be very empty if you had nothing to regret. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba PDC issue
Hi List, As i m new to this list. i have some issue with my Samba PDC. Main problem is user's roaming profile is not working. NTUSER.DAT --- DENY_WRITE. this is coming . can not load you profile . loading default profile... Please guide me is there any changes has to made. Here is my smb.conf file. Version 2.2 OS Redhat 9 [global] workgroup = LK netbios name = HOBBES server string = Domain Controller encrypt passwords = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* unix password sync = Yes log file = /var/log/samba-log.%m max log size = 0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = cups domain admin group = @admin add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u domain logons = Yes os level = 64 preferred master = Yes domain master = Yes dns proxy = No lock dir = /var/lock/samba printing = cups [homes] comment = Home Directories read only = No [netlogon] comment = Network Logon Service path = /usr/local/samba/lib/netlogon guest ok = Yes browseable = No share modes = No [Profiles] # path = /usr/local/samba/profiles path = /home write list = @smbusers @root read only = No create mask = 0600 directory mask = 0700 preserve case = No short preserve case = No hide files = /desktop.ini/ntuser.ini/NTUSER.*/ browseable = No [pdfprinter] comment = Print to PDF path = /tmp create mask = 0700 printable = Yes postscript = Yes print command = /usr/local/bin/print2pdf %s %m %U queuepause command = /bin/true queueresume command = /bin/true printer driver = HP Color LaserJet PS [Softwares] comment = Software path = /var/softwares write list = @admin create mask = 0765 guest ok = Yes [HR_DESK] comment = Human Resource path = /home1/hr write list = seeja read only = No guest ok = Yes [QA_Repository] path = /var/QA_Repo valid users = padma rabindra kiran thomas akula bhargavi anoel nathan shreesha amit noor read only = No [printers] comment = All Printers path = /var/spool/samba create mask = 0700 guest ok = Yes printable = Yes browseable = No -- Thanks Warm Regards, _ Tarak Ranjan Mukherjee IS-Team Liqwid Krystal India Pvt Ltd T#: 91 80 2509 1790 Ext. 107 E@: [EMAIL PROTECTED] IM: [EMAIL PROTECTED] Online Learning|Certifications|Learning Solutions : www.liqwidkrystal.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC issue
Bruno Pirajá Moyle wrote: Tarak Ranjan escreveu: Hi List, As i m new to this list. i have some issue with my Samba PDC. Main problem is user's roaming profile is not working. NTUSER.DAT --- DENY_WRITE. this is coming . can not load you profile . loading default profile... Please guide me is there any changes has to made. Here is my smb.conf file. Version 2.2 OS Redhat 9 [global] workgroup = LK netbios name = HOBBES server string = Domain Controller encrypt passwords = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* unix password sync = Yes log file = /var/log/samba-log.%m max log size = 0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = cups domain admin group = @admin add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u domain logons = Yes os level = 64 preferred master = Yes domain master = Yes dns proxy = No lock dir = /var/lock/samba printing = cups [homes] comment = Home Directories read only = No [netlogon] comment = Network Logon Service path = /usr/local/samba/lib/netlogon guest ok = Yes browseable = No share modes = No [Profiles] #path = /usr/local/samba/profiles path = /home write list = @smbusers @root read only = No create mask = 0600 directory mask = 0700 preserve case = No short preserve case = No hide files = /desktop.ini/ntuser.ini/NTUSER.*/ browseable = No [pdfprinter] comment = Print to PDF path = /tmp create mask = 0700 printable = Yes postscript = Yes print command = /usr/local/bin/print2pdf %s %m %U queuepause command = /bin/true queueresume command = /bin/true printer driver = HP Color LaserJet PS [Softwares] comment = Software path = /var/softwares write list = @admin create mask = 0765 guest ok = Yes [HR_DESK] comment = Human Resource path = /home1/hr write list = seeja read only = No guest ok = Yes [QA_Repository] path = /var/QA_Repo valid users = padma rabindra kiran thomas akula bhargavi anoel nathan shreesha amit noor read only = No [printers] comment = All Printers path = /var/spool/samba create mask = 0700 guest ok = Yes printable = Yes browseable = No Add the logon home option to the global sections: [global] ... ... logon home = \\%L\Profiles\%U ... Explaining: 1. The %L resolves to the server netbios name; 2. Profiles is the name of the profiles share 3. %U will resolve to the user name that is trying to access the share, for example if the user john is trying to log on, %U will resolve to john You are using the home directory, so you don't need to add any permissions. This should work Hi, As my user's profile store in /home/user/profile if i use logon home = \\%L\home\%U\profile that will fine or not -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba PDC issue
On 11/16/2007, Tarak Ranjan ([EMAIL PROTECTED]) wrote: Hi, As my user's profile store in /home/user/profile if i use logon home = \\%L\home\%U\profile that will fine or not As I learned recently, this is not advised. User profiles should always be stored in an entirely separate share, ie: homes in: \server\home\user and profiles in: \server\profiles$\user I use the $ at the end of the profiles share to hide it... -- Best regards, Charles -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Samba PDC issue
Charles Marcus wrote: On 11/16/2007, Tarak Ranjan ([EMAIL PROTECTED]) wrote: Hi, As my user's profile store in /home/user/profile if i use logon home = \\%L\home\%U\profile that will fine or not As I learned recently, this is not advised. User profiles should always be stored in an entirely separate share, ie: homes in: \server\home\user and profiles in: \server\profiles$\user I use the $ at the end of the profiles share to hide it... If i want to upgrade from 2.2 to 3.0.26a, and if i have to stores the user's profile into separate location as you mentioned ... so what are the things have to do, -- Thanks Warm Regards, _ Tarak Ranjan Mukherjee E@: [EMAIL PROTECTED] IM: [EMAIL PROTECTED] Online Learning|Certifications|Learning Solutions : www.liqwidkrystal.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba PDC, Win XP, and audit logging?
I have several Windows XP machines that are domain members of a Samba PDC running under RedHat Enterprise 5 Server, installed with just out-of-box RedHat media. Detailed audit logging is enabled on the Windows machines. My question is this - if I find an entry in the Windows XP Event Viewer Security log, does that reflect anywhere on the linux audit logs? I found one entry in the XP logs I wanted to investigate further. I visited the audit logs on the linux box and filtered with ausearch, but there was no corresponding date/time stamp entry. The Windows XP machines have been patched for the change in Daylight Savings Time. So do only the Windows machines make note of the login/logout security audits, or do I need to look somewhere else on the linux audits for corresponding login/logout entries from domain logins? Thanks. Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] PDC promotion and getlocalsid errror
I relatively recently implemented Samba 3.026a (Solaris PDC)I then moved the PDC role to another machine. On the new pdc I 1st grabbed the domain SID newpdc# net rpc getsid -S oldpdc Storing SID --for Domain MYDOMAIN in secrets.tdb newpdc# and then updated the smb.conf file on each machine to convert the PDC to member server and vice versa. If I ran the net getlocalsid command on the old PDC prior to the migration, it would return the SID for the domain. oldpdc # net getlocalsid MYDOMAIN SID for domain MYDOMAIN is: S-1--99 oldpdc# If I run get getlocalsid on the new PDC I get newpdc# net getlocalsid [2007/11/01 14:52:55, 0] utils/net.c:net_getlocalsid(622) Can't fetch domain SID for name: NEWPDC newpdc # However explicity specifying the domain name seems OK newpdc# net getlocalsid MYDOMAIN SID for domain MYDOMAIN is: S-1--99 As far as I can tell everything is working OK. But did I mis a step in the change over? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Migrating a Samba PDC
Hi. I have to migrate a Samba PDC frome one server to another new server. The two servers have the same distribution (Debian stable) and the same Samba version (3.0.24). I wish to make the migration completely transparent for the client, mantaining all the users, all the groups, all the Windows/Linux groups mapping and all other things. What I have to do other than copying the /etc/samba and /var/lib/samba directories? Thank you very much for your help! Bye. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba PDC without encryption
I setup a working PDC, with exception of one major issue: These are the two relevant lines: encrypt passwords = no obey pam restrictions = yes If I set encrypt passwords = yes I can join the domain and login and everything works perfectly from windows xp sp2. However; pam doesn't work with encrypt passwords, so I can't use encrypt passwords in authenticating users. The end goal is to authenticate windows machines to the same auth servers we have in the linux/mac/solaris realm, which is an ldap server (or NIS for solaris), that uses kerberos for password authentication. I've heard it's possible to get windows to authenticate to the kerberos server through samba, but windows expects the kerberos server to have an NT hash to authenticate to, which would break the rest of the network, so I went down the pam path, and got that working fine in pam for accessing shares, but kept getting a this user is unauthorized to login to this machine error when I tried to join the domain as root (which will authenticate through pam files just fine for accessing shares). I also have root with the same password encrypted, via smbpasswd, and when I set encypt passwords = yes, the domain works like a charm, for root and my other user I manually created accounts for. Has anyone attempted to do something like this? I know it's kinda stretching the limits of samba (or more likely the flexibility of windows), but if I could make this work, everyone in the department would only have one password to worry about, and to allow someone to login to windows machines, all I'd have to do is add them to the winusers group. Our current setup is a windows 2000 server that is completely disconnected from the rest of the network that I'm trying to retire. If it comes down to it, I could keep this new server as a separate entity on the network as well, but I'd much rather get this to work. Sam -- Sam Leathers Penn State University Astronomy Astrophysics Department 520 Davey Lab (814)863-9347 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC without encryption
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I can tell you that you MUST use encrypted passwords on a PDC. Any information about this and more is in the docs. Sam Leathers wrote: I setup a working PDC, with exception of one major issue: These are the two relevant lines: encrypt passwords = no obey pam restrictions = yes If I set encrypt passwords = yes I can join the domain and login and everything works perfectly from windows xp sp2. However; pam doesn't work with encrypt passwords, so I can't use encrypt passwords in authenticating users. The end goal is to authenticate windows machines to the same auth servers we have in the linux/mac/solaris realm, which is an ldap server (or NIS for solaris), that uses kerberos for password authentication. I've heard it's possible to get windows to authenticate to the kerberos server through samba, but windows expects the kerberos server to have an NT hash to authenticate to, which would break the rest of the network, so I went down the pam path, and got that working fine in pam for accessing shares, but kept getting a this user is unauthorized to login to this machine error when I tried to join the domain as root (which will authenticate through pam files just fine for accessing shares). I also have root with the same password encrypted, via smbpasswd, and when I set encypt passwords = yes, the domain works like a charm, for root and my other user I manually created accounts for. Has anyone attempted to do something like this? I know it's kinda stretching the limits of samba (or more likely the flexibility of windows), but if I could make this work, everyone in the department would only have one password to worry about, and to allow someone to login to windows machines, all I'd have to do is add them to the winusers group. Our current setup is a windows 2000 server that is completely disconnected from the rest of the network that I'm trying to retire. If it comes down to it, I could keep this new server as a separate entity on the network as well, but I'd much rather get this to work. Sam - -- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Systems Programmer II |$| |__| | | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHIOQTmb+gadEcsb4RAhHCAKDcR2qSIrUei38dAssn38lLSUgMzACgzw/a nZUtTngLQ7eeALSUJ0TcOnI= =Bx3N -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba PDC - NT Usermanager no groups dispayed.
Hi everyone, i'm running debian etch ( upgraded from sarge ) comform my debian big samba howto ( http://lists.samba.org/archive/samba/2005-December/114817.html ) After the upgrade from debian sarge to etch im missing my domain groups in the nt usermanager. i cant figure out whats wrong. The groups are in the ldap and are working. I deplay printer based on groups and this is still working. But it would be nice to have my groups back. atm im working to move my pdc to a new server. When finished ill make a new howto. This howto will contain multi ldap setup and pdc/bdc support. ( no slurp for ldap but replsync ) Thanx in advance, Louis -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba PDC and lan printer
satish patel wrote: I have configured samba with print services and my printer is LAN printer Ethernet jack and my PDC on another subnet so is it possible share printer from other subnet ?? What sort of issues with that configuration are you anticipating? MS Domain Browsing issues maybe? I use CUPS with all Samba implementations I have done. CUPS just needs to know the hostname of the printer to send the print jobs to. Once CUPS is configured properly, it is a simple task to get Samba to share the print queue. I make a few pointers in my presentation: Samba 3 PDC for Windows Clients and Samba 3 Book Review http://www.lueckdatasystems.com/pub/presentations/iccm2007.pdf Sincerely, -- Michael Lueck Lueck Data Systems http://www.lueckdatasystems.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba PDC and lan printer
Dear all I have configured samba with print services and my printer is LAN printer Ethernet jack and my PDC on another subnet so is it possible share printer from other subnet ?? Regards satish patel $ cat ~/satish/url.txt http://www.linuxbug.org _ - Travelling to a new city? Search for ATMs in that city. Click here. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] PDC changed name, problems with login
Greets, I currently deal with a request of a customer, who has migrated from an old to a new server. It runs a Samba PDC with tdbsam backend, and he unfortunately renamed the new server to the name of the old (and offline) server. Now he faces the problem that it isn't possible to log in to offline domain-member-machines (notebooks on the road who were successfully joined to the domain before) anymore. The profiles get copied ok, everything looks good except this one issue. Could anyone point me into the right direction on this? I will provide configs and details if needed, maybe it is already clear to you right now anyway Thanks, Stefan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC changed name, problems with login
Found this one in the meantime http://xania.org/article.php/samba_cached_credentials pointed the customer at it as he told me about users in Domain DOMAIN and others in Domain PDC ... We'll see. stefan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] PDC. Windows unable to save profile
Hi there, I have Samba 3.0.24. I'm trying to setup it as PDC. All works fine, but there is one problem. Windows saves profile only once after reboot. Changing username doesn't help. The only way to save profile again is to reboot Windows. Here is my smb.conf: [global] add user script = /usr/sbin/useradd -m '%u' delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/usermod -G '%g' '%u' add machine script = /usr/sbin/useradd -s /bin/false -d /tmp '%u' shutdown script = /var/lib/samba/scripts/shutdown.sh abort shutdown script = /sbin/shutdown -c netbios name = server workgroup = school preferred master = auto domain master = yes local master = yes security = user domain logons = yes logon path = \\server\profiles\%U logon drive = H: logon home = \\server\%U logon script = logon.cmd [homes] comment = Home Directories valid users = %S read only = No browseable = No [netlogon] path = /var/lib/samba/netlogon read only = yes [profiles] comment = Network Profiles Share path = /var/lib/samba/profiles read only = No store dos attributes = Yes create mask = 0600 directory mask = 0700 browseable = no guest ok = no printable = no hide files = /desktop.ini/outlook*.lnk/*Briefcase*/ uname -a: Linux server.school.local 2.6.17-13mdv #1 SMP Fri Mar 23 19:03:31 UTC 2007 i686 AMD Duron(tm) processor GNU/Linux Please, help Best regards, Anton Dmitrievsky -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC. Windows unable to save profile
Add profile acls = yes to your smb.conf file. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Adding a Windows 2003 Server to a Samba PDC Domain
I have joined Windows 2003 to samba domains with no problem. I wasn't ever able to join them to a Sun PC Netlink domain (which did support XP) so it does do something a little differently- I just couldn't figure out what was different. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Drescher Sent: Thursday, September 20, 2007 3:19 PM To: Server Gremlin Cc: samba@lists.samba.org Subject: Re: [Samba] Adding a Windows 2003 Server to a Samba PDC Domain I want to add a brand-new Windows 2003 Server machine to a Domain controlled by a Samba 3.0 PDC. I DON'T want the Windows 2003 Server to be a BDC, a PDC, a WINS server, or anything else; I just want it to be a member of the domain for domain logons. Basically I want it to act more or less as if it were a Windows XP Pro machine. It won't try to do anything stupid like become a PDC or BDC, enable Active Directory, or anything like that by default, will it? Will adding this to the domain be as simple as adding an XP Pro machine? Its no different then adding an XP Pro machine. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC - How to disable system locking on Windows XP
On 9/21/07, Adam Tauno Williams [EMAIL PROTECTED] wrote: I have tried many approaches and am out of idea. I would like my Windows XP to stop locking the screen when I leave for 10 minutes or so. I know this is an XP question, but I feel it is related to Samba PDC since all suggestions that I have found indicate I should not be seeing this. This is purely a Windows question and has nothing at all to do with Samba. Unless you have domain policies (via an Samba server in NT4 PDC mode) that define screen saver preferences this is entirely a workstation configuration or user profile issue. What what what, Samba can do policies -- Frank Van Damme A: Because it destroys the flow of the conversation Q: Why is it bad? A: No, it's bad. Q: Should I top post in replies to mails or on usenet? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC - How to disable system locking on Windows XP
I have tried many approaches and am out of idea. I would like my Windows XP to stop locking the screen when I leave for 10 minutes or so. I know this is an XP question, but I feel it is related to Samba PDC since all suggestions that I have found indicate I should not be seeing this This is purely a Windows question and has nothing at all to do with Samba Unless you have domain policies (via an Samba server in NT4 PDC mode) that define screen saver preferences this is entirely a workstation configuration or user profile issue. What what what, Samba can do policies NT4 domain policies, yes. NT4 domain policies are entirely passive and are really just a shared file. Samba cannot do AD policies / GPO policies. This is well documented in the official Samba Guide and HOWTO. Although this is really entirely a Windows issue as Samba doesn't really 'do anything' when using NT4 policies. -- Adam Tauno Williams, Network Systems Administrator Consultant - http://www.whitemiceconsulting.com Developer - http://www.opengroupware.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC - How to disable system locking on Windows XP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Adam Tauno Williams wrote, On 21-09-2007 09:20: I have tried many approaches and am out of idea. I would like my Windows XP to stop locking the screen when I leave for 10 minutes or so. I know this is an XP question, but I feel it is related to Samba PDC since all suggestions that I have found indicate I should not be seeing this This is purely a Windows question and has nothing at all to do with Samba Unless you have domain policies (via an Samba server in NT4 PDC mode) that define screen saver preferences this is entirely a workstation configuration or user profile issue. What what what, Samba can do policies NT4 domain policies, yes. NT4 domain policies are entirely passive and are really just a shared file. Samba cannot do AD policies / GPO policies. This is well documented in the official Samba Guide and HOWTO. Although this is really entirely a Windows issue as Samba doesn't really 'do anything' when using NT4 policies. Hmmm, using LDAP (at least) you can do a few Domain Policies (I really don't know how to call it) to define number of logon tries before lock, Password History, minimum password size. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG8+fNCj65ZxU4gPQRCJgtAKC9hatcLIY7LKACETf4lalM7aLfQwCbBBRs sA3trhPdao+rEPFAoTjtzks= =rXH1 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Adding a Windows 2003 Server to a Samba PDC Domain
Hey, I want to add a brand-new Windows 2003 Server machine to a Domain controlled by a Samba 3.0 PDC. I DON'T want the Windows 2003 Server to be a BDC, a PDC, a WINS server, or anything else; I just want it to be a member of the domain for domain logons. Basically I want it to act more or less as if it were a Windows XP Pro machine. It won't try to do anything stupid like become a PDC or BDC, enable Active Directory, or anything like that by default, will it? Will adding this to the domain be as simple as adding an XP Pro machine? Thanks! - SG -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Adding a Windows 2003 Server to a Samba PDC Domain
I want to add a brand-new Windows 2003 Server machine to a Domain controlled by a Samba 3.0 PDC. I DON'T want the Windows 2003 Server to be a BDC, a PDC, a WINS server, or anything else; I just want it to be a member of the domain for domain logons. Basically I want it to act more or less as if it were a Windows XP Pro machine. It won't try to do anything stupid like become a PDC or BDC, enable Active Directory, or anything like that by default, will it? Will adding this to the domain be as simple as adding an XP Pro machine? Its no different then adding an XP Pro machine. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba PDC - How to disable system locking on Windows XP
I have tried many approaches and am out of idea. I would like my Windows XP to stop locking the screen when I leave for 10 minutes or so. I know this is an XP question, but I feel it is related to Samba PDC since all suggestions that I have found indicate I should not be seeing this. I have disabled the screen saver. I have search the group policy editor. I have used groupmap to map the logged in user to Domain Admins. I have added Domain Admins to the local XP machines Administrator list (this appears fine since I can do anything an Admin can do on this PC). I have checked power settings and set everything to 2 hours or more and disable any locking checkbox. I have modified the registry to disable the XP system lock button. Any ideas as to what is going on? Thanks, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC - How to disable system locking on Windows XP
I have tried many approaches and am out of idea. I would like my Windows XP to stop locking the screen when I leave for 10 minutes or so. I know this is an XP question, but I feel it is related to Samba PDC since all suggestions that I have found indicate I should not be seeing this. This is purely a Windows question and has nothing at all to do with Samba. Unless you have domain policies (via an Samba server in NT4 PDC mode) that define screen saver preferences this is entirely a workstation configuration or user profile issue. The default ADM files for use with NT4 POLEDIT do not set a screen locking policy for XP, so unless you or someone at your side extended the ADM files and defined such a policy in the NTCONFIG.POL file it is very unlikely that you have such a policy. I have disabled the screen saver. I have search the group policy editor. I have used groupmap to map the logged in user to Domain Admins. I have added Domain Admins to the local XP machines Administrator list (this appears fine since I can do anything an Admin can do on this PC). I have checked power settings and set everything to 2 hours or more and disable any locking checkbox. I have modified the registry to disable the XP system lock button. Any ideas as to what is going on? Check local policies again, if you can't find the issue then reinstall and delete your roaming profile before logging back onto the domain. Or live with it since locking on idle is a good security practice. -- Adam Tauno Williams, Network Systems Administrator Consultant - http://www.whitemiceconsulting.com Developer - http://www.opengroupware.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC - How to disable system locking on Windows XP
Adam, Many thanks for the prompt reply. In short, this helps me confirm it has nothing to do with the policies. I never set up any policies when I setup Samba PDC and the clients. I will bang on the XP experts to see what it may be. Thanks again, Steve Adam Tauno Williams wrote: I have tried many approaches and am out of idea. I would like my Windows XP to stop locking the screen when I leave for 10 minutes or so. I know this is an XP question, but I feel it is related to Samba PDC since all suggestions that I have found indicate I should not be seeing this. This is purely a Windows question and has nothing at all to do with Samba. Unless you have domain policies (via an Samba server in NT4 PDC mode) that define screen saver preferences this is entirely a workstation configuration or user profile issue. The default ADM files for use with NT4 POLEDIT do not set a screen locking policy for XP, so unless you or someone at your side extended the ADM files and defined such a policy in the NTCONFIG.POL file it is very unlikely that you have such a policy. I have disabled the screen saver. I have search the group policy editor. I have used groupmap to map the logged in user to Domain Admins. I have added Domain Admins to the local XP machines Administrator list (this appears fine since I can do anything an Admin can do on this PC). I have checked power settings and set everything to 2 hours or more and disable any locking checkbox. I have modified the registry to disable the XP system lock button. Any ideas as to what is going on? Check local policies again, if you can't find the issue then reinstall and delete your roaming profile before logging back onto the domain. Or live with it since locking on idle is a good security practice. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Windows Vista Logging into SAMBA PDC
Hey guys i have a Samba PDC setup with LDAP and i've got windows XP clients logging into it fine. I originally had version 3.0.24etch for debian installed but i upgraded my samba version to 3.0.26 to see if it'd iron out but that didn't work. I can JOIN the samba domain but i can't LOGIN to the domain with a user. I get an RPC failure on the login screen for vista I login fine from windows xp clients. Any suggestions for me? Thanks in advance -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba pdc ldap vs mysql
Petre Bandac schrieb: hallo I have a task to reorganize the network resources of a medium company (~150 computers, 80% windows) which in the current state is very chaotic I was thinking of a system where the users are stored in a single place, from where applications like mail (postfix), squid and even a domain controller can retrieve information from your past experience, which does a better job - ldap or users stored in a mysql database ? I would appreciate your feedback or some links (I already have googled around and found several sources from where I am reading right now) I would like to have the same user/password for at least mail domain logon I would say MySQL is not an officially recommended way of storing Samba users. -- Tomasz Chmielewski http://blog.wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba pdc ldap vs mysql
hallo I have a task to reorganize the network resources of a medium company (~150 computers, 80% windows) which in the current state is very chaotic I was thinking of a system where the users are stored in a single place, from where applications like mail (postfix), squid and even a domain controller can retrieve information from your past experience, which does a better job - ldap or users stored in a mysql database ? I would appreciate your feedback or some links (I already have googled around and found several sources from where I am reading right now) I would like to have the same user/password for at least mail domain logon thank you for your time, petre -- Petre Bandac Network Scientist - [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba pdc ldap vs mysql
I'm a ldap fan. LDAP could be used to centralize all kind of app and system you could need, even intranet accounts, samba, a replace for nis, postfix, qmail, and so on. On 9/15/07, Petre Bandac [EMAIL PROTECTED] wrote: hallo I have a task to reorganize the network resources of a medium company (~150 computers, 80% windows) which in the current state is very chaotic I was thinking of a system where the users are stored in a single place, from where applications like mail (postfix), squid and even a domain controller can retrieve information from your past experience, which does a better job - ldap or users stored in a mysql database ? I would appreciate your feedback or some links (I already have googled around and found several sources from where I am reading right now) I would like to have the same user/password for at least mail domain logon thank you for your time, petre -- Petre Bandac Network Scientist - [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba pdc ldap vs mysql
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Petre Bandac wrote: hallo I have a task to reorganize the network resources of a medium company (~150 computers, 80% windows) which in the current state is very chaotic I was thinking of a system where the users are stored in a single place, from where applications like mail (postfix), squid and even a domain controller can retrieve information from your past experience, which does a better job - ldap or users stored in a mysql database ? I would appreciate your feedback or some links (I already have googled around and found several sources from where I am reading right now) I would like to have the same user/password for at least mail domain logon thank you for your time, petre At least as far as Samba goes, I could have sworn MySQL received less attention as a backend (possibly even having been removed). There are probably ways to sync MySQL with LDAP that are fairly painless, but this really seems like something that one would do with LDAP anyhow. - -- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Systems Programmer II |$| |__| | | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG6/+zmb+gadEcsb4RAhDHAKCL7MQgjIIzzk1N+NLfARQvrFAU4QCfWbkb xemH/wkdJLTzITxi2CVTvK4= =KHS2 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba pdc ldap vs mysql
Hallo, mups.cp, Du (mups.cp) meintest am 15.09.07: I'm a ldap fan. LDAP could be used to centralize all kind of app and system you could need, even intranet accounts, samba, a replace for nis, postfix, qmail, and so on. Don't put all your eggs into one basket ... Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba pdc ldap vs mysql
mups.cp wrote: I understand your point of view, but most of time people prefer have only an username and password instead one for each application and system they use. that is exactly what I want to do; so, using ldap, I can have the same user/pass for both domain and mailbox based on your experience, which would fit better with postfix/courier and samba ? thanks, petre There are other options, but I prefer LDAP for account management and centralization. Others will prefer MySQL. On 15 Sep 2007 17:42:00 +0200, Helmut Hullen [EMAIL PROTECTED] wrote: Hallo, mups.cp, Du (mups.cp) meintest am 15.09.07: I'm a ldap fan. LDAP could be used to centralize all kind of app and system you could need, even intranet accounts, samba, a replace for nis, postfix, qmail, and so on. Don't put all your eggs into one basket ... Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- Petre Bandac Network Scientist - [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba pdc ldap vs mysql
Since I know any good MTA supports LDAP. Choose one that better fits your needs and you are accustomed to. On 9/15/07, Petre Bandac [EMAIL PROTECTED] wrote: mups.cp wrote: I understand your point of view, but most of time people prefer have only an username and password instead one for each application and system they use. that is exactly what I want to do; so, using ldap, I can have the same user/pass for both domain and mailbox based on your experience, which would fit better with postfix/courier and samba ? thanks, petre There are other options, but I prefer LDAP for account management and centralization. Others will prefer MySQL. On 15 Sep 2007 17:42:00 +0200, Helmut Hullen [EMAIL PROTECTED] wrote: Hallo, mups.cp, Du (mups.cp) meintest am 15.09.07: I'm a ldap fan. LDAP could be used to centralize all kind of app and system you could need, even intranet accounts, samba, a replace for nis, postfix, qmail, and so on. Don't put all your eggs into one basket ... Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- Petre Bandac Network Scientist - [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba pdc ldap vs mysql
I understand your point of view, but most of time people prefer have only an username and password instead one for each application and system they use. that is exactly what I want to do; so, using ldap, I can have the same user/pass for both domain and mailbox based on your experience, which would fit better with postfix/courier and samba ? Using LDAP is standard for most applications and well supported; information on LDAP integration is plentiful; Postfix has supported LDAP for a long time and a standard SASL build supports LDAP. Using something like MySQL for auth/ident is hackish and very non-standard; you'd be creating a site specific solution. It is important to think about what happens if someone needs to come in and work in your environment. LDAP is common and well understood, people expect LDAP in anything but the smallest networks. There are other options, but I prefer LDAP for account management and centralization. Others will prefer MySQL. I'm a ldap fan. LDAP could be used to centralize all kind of app and system you could need, even intranet accounts, samba, a replace for nis, postfix, qmail, and so on. Don't put all your eggs into one basket ... Yes, do. One basket is EXACTLY what you want. We use LDAP for ident (NSS SAMBA) authentication (mainly via PAM, SASL, Samba), DHCP, DNS, mail routing, IM groups, user preferences, and lots of other things. It is a major labor savings to have ONE store for all this information that can all be managed by a very well supported and standard protocol (LDAP). Whether you want to use Perl, Python, C#, Java, PHP, etc... you can access your data - no mucking about with is-it-compiled-to-support... or drivers, etc... -- Adam Tauno Williams, Network Systems Administrator Consultant - http://www.whitemiceconsulting.com Developer - http://www.opengroupware.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Integrating Win2k3 into Samba PDC (on OSX 10.4.10)
I have a problem related to what I thought would be a fairly simple procedure. We have a working OSX Server 10.4.10 Open Directory system, with Windows Services enabled via Samba as a PDC. We have joined approximately 20 WinXP workstations to the Samba domain, and OD users can log into these systems as expected (i.e. authentication works). I have a Win2K3 server that was recently purchased and running the File Server role. We have it joined as a member server to the OD PDC. I want to set up the Windows Home and Profile directories so that they are located on the Win2K3 server. File sharing is set up on the Win2k3 server and share points are valid for local server users (verified via Windows Explorer). When I log in to the XP workstation (using an account that has its home dir and profile pointed to the Win2k3 shares) I am told that the user's profile can't be found. Trying to manually navigate to the share points via the Win Explorer or via DOS prompt fails, with an error message about a failed RPC call and a possible permissions issue. The share points both are exported for Everyone with read/write access. Is it even possible to mount a Win2k3 share using a Samba domain user account? I did test this over the summer and everything appeared to work. Of course now that I want to put this into production it's failing... Confused Any help or insight would be much appreciated. Thanks, jg -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC (can't fetch domain SID)
After running this command... I figured out what the problem was. The daemon was not reading the correct smb.conf file. I thought the file was being read form /usr/local/samba/lib/smb.conf, but apparently it was being read from /etc/samba/smb.conf. Is this OK? Which is the correct location, if any? Thanks for everyone's help. # net getlocalsid LEANDRO -d 10 [2007/09/10 09:17:02, 5] lib/debug.c:debug_dump_status(391) INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 acls: False/0 locking: False/0 msdfs: False/0 dmapi: False/0 [2007/09/10 09:17:02, 3] param/loadparm.c:lp_load(4953) lp_load: refreshing parameters [2007/09/10 09:17:02, 3] param/loadparm.c:init_globals(1418) Initialising global parameters [2007/09/10 09:17:02, 3] param/params.c:pm_process(572) params.c:pm_process() - Processing configuration file /etc/samba/smb.conf [2007/09/10 09:17:02, 3] param/loadparm.c:do_section(3695) Processing section [global] doing parameter workgroup = AAC.local doing parameter server string = %h server doing parameter dns proxy = no doing parameter log file = /var/log/samba/log.%m doing parameter max log size = 1000 doing parameter syslog = 0 doing parameter panic action = /usr/share/samba/panic-action %d doing parameter encrypt passwords = true doing parameter passdb backend = tdbsam doing parameter obey pam restrictions = yes doing parameter invalid users = root doing parameter passwd program = /usr/bin/passwd %u doing parameter passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* . doing parameter socket options = TCP_NODELAY [2007/09/10 09:17:02, 4] param/loadparm.c:lp_load(4984) pm_process() returned Yes [2007/09/10 09:17:02, 7] param/loadparm.c:lp_servicenumber(5120) lp_servicenumber: couldn't find homes [2007/09/10 09:17:02, 10] param/loadparm.c:set_server_role(4229) set_server_role: role = ROLE_STANDALONE [2007/09/10 09:17:02, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UCS-2LE [2007/09/10 09:17:02, 5] lib/iconv.c:smb_register_charset(113) Registered charset UCS-2LE [2007/09/10 09:17:02, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UTF-16LE [2007/09/10 09:17:02, 5] lib/iconv.c:smb_register_charset(113) Registered charset UTF-16LE [2007/09/10 09:17:02, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UCS-2BE [2007/09/10 09:17:02, 5] lib/iconv.c:smb_register_charset(113) Registered charset UCS-2BE [2007/09/10 09:17:02, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UTF-16BE [2007/09/10 09:17:02, 5] lib/iconv.c:smb_register_charset(113) Registered charset UTF-16BE [2007/09/10 09:17:02, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UTF8 [2007/09/10 09:17:02, 5] lib/iconv.c:smb_register_charset(113) Registered charset UTF8 [2007/09/10 09:17:02, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UTF-8 [2007/09/10 09:17:02, 5] lib/iconv.c:smb_register_charset(113) Registered charset UTF-8 [2007/09/10 09:17:02, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset ASCII [2007/09/10 09:17:02, 5] lib/iconv.c:smb_register_charset(113) Registered charset ASCII [2007/09/10 09:17:02, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset 646 [2007/09/10 09:17:02, 5] lib/iconv.c:smb_register_charset(113) Registered charset 646 [2007/09/10 09:17:02, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset ISO-8859-1 [2007/09/10 09:17:02, 5] lib/iconv.c:smb_register_charset(113) Registered charset ISO-8859-1 [2007/09/10 09:17:02, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UCS2-HEX [2007/09/10 09:17:02, 5] lib/iconv.c:smb_register_charset(113) Registered charset UCS2-HEX [2007/09/10 09:17:02, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2007/09/10 09:17:02, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2007/09/10 09:17:02, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2007/09/10 09:17:02, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2007/09/10 09:17:02, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2007/09/10 09:17:02, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2007/09/10 09:17:02, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2007/09/10 09:17:02, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for
Re: [Samba] PDC (can't fetch domain SID)
Leandro Tracchia escreveu: After running this command... I figured out what the problem was. The daemon was not reading the correct smb.conf file. I thought the file was being read form /usr/local/samba/lib/smb.conf, but apparently it was being read from /etc/samba/smb.conf. Is this OK? Which is the correct location, if any? Thanks for everyone's help. (...) Different distros can use different build options, what is better or right is a question of taste/convention. Debian puts configuration files in /etc as all packages must comply with the Debian Policy [1] (see section 10.7.2). It has its own conventions and has its own reasons to do that, tracking configuration files and preserving its contents even if you upgrade the package. You can see in Debian where a specific file is (or will be placed) and in which package, using apt-file. Or list the contents of a package with dpkg -L packagename As in any distro, you can see how your samba was built running smbd -b, it will show you build options and paths being used. 1. http://www.debian.org/doc/debian-policy/ch-files.html Regards. Edmundo Valle Neto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC (can't fetch domain SID)
On 9/7/07, Leandro Tracchia [EMAIL PROTECTED] wrote: os: debian etch 4.0 samba: 3.025c i am reading through the how-to (using samba 3rd ed), freely available btw at http://book.opensourceproject.org.cn/sysadmin/samba/sambao3rd/ i am interested in setting up a samba pdc for a good dozen windows xp pro clients. (i somehow could not wake up from the windows 2003 sbs nightmare). i have been able to join my debian box to the local windows domain and share files back and forth between the debian box and a windows xp pro laptop. this procedure was fairly straight forward and i had no problems. samba was flawless in this regard. chapter 9 of the how-to explains how to set up samba as a pdc. i have done everything step by step and everything has worked fine, but now i am finally officially stumped at section 9.2.1.1. here is my output. # net getlocalsid SID for domain AACLINUX is: S-1-5-21-1918599669-337121707-3998352069 (AACLINUX is the hostname of the debian box) #net getlocalsid LEANDRO Can't fetch domain SID for name: LEANDRO What does this command say. (replace server name with your server name) smbclient -L servername What does this tell you? testparm And finally. Is LENADRO your server name? If aaclinux is the server name try net getlocalsid LEANDRO net getlocalsid aaclinux Lucas -- http://lucasmanual.com/mywiki/SambaDomainController (LEANDRO is my new domain name set in: smb.conf) smb.conf: [global] netbios name = aaclinux workgroup = LEANDRO security = user encrypt passwords = yes enable privileges = yes ## enable PDC functionality domain master = yes domain logons = yes os level = 33 preferred master = yes local master = yes [public] path = /usr/local/samba/public read only = no [netlogon] comment = Net Logon service path = /usr/local/samba/netlogon read only = yes write list = +ntadmin i have other forum posts with similar problems but none have produced real results. perhaps this one will be different. here are some of the other forum posts i have looked at and attempted to apply their solutions with no success.. http://lists.samba.org/archive/samba/2005-September/110749.html http://lists.samba.org/archive/samba/2003-November/001157.html http://sysadminforum.com/t109897.html http://groups.google.com/group/linux.samba/browse_thread/thread/59a253f3f02f9ef7/d05ea8d3ab317f7e%23d05ea8d3ab317f7e http://groups.google.com/group/linux.samba/browse_thread/thread/4b61b34c769570e2/e9c6469f64ea2877?lnk=gstq=can%27t+fetch+sidrnum=1#e9c6469f64ea2877 if anyone needs more information from me please tell me. i will post everything i can. thank you, LRT -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC (can't fetch domain SID)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 (copied back on list) Leandro, Gerald Jerry Carter wrote: Have you actually started smbd at least once before running this command? Yes. I have started both smb and nmb with: #smbd -D #nmbd -D Makes no sense then. Run 'net getlocalsid LEANDRO -d 10' and see if that gives a hint as to why the command fails. I just check the code in the SAMBA_3_0_25 svn tree and it hasn't changed. You're running the command as rot and are using an smbpasswd backend right? What Samba version is this? cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG4vihIR7qMdg1EfYRAipdAKC6X1JBVjAyWvXxuU5xe//fBEQ/YgCfdgzW WvyP1zTmC1cMmj7f0lMQM9Q= =sWQw -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] PDC (can't fetch domain SID)
os: debian etch 4.0 samba: 3.025c i am reading through the how-to (using samba 3rd ed), freely available btw at http://book.opensourceproject.org.cn/sysadmin/samba/sambao3rd/ i am interested in setting up a samba pdc for a good dozen windows xp pro clients. (i somehow could not wake up from the windows 2003 sbs nightmare). i have been able to join my debian box to the local windows domain and share files back and forth between the debian box and a windows xp pro laptop. this procedure was fairly straight forward and i had no problems. samba was flawless in this regard. chapter 9 of the how-to explains how to set up samba as a pdc. i have done everything step by step and everything has worked fine, but now i am finally officially stumped at section 9.2.1.1. here is my output. # net getlocalsid SID for domain AACLINUX is: S-1-5-21-1918599669-337121707-3998352069 (AACLINUX is the hostname of the debian box) #net getlocalsid LEANDRO Can't fetch domain SID for name: LEANDRO (LEANDRO is my new domain name set in: smb.conf) smb.conf: [global] netbios name = aaclinux workgroup = LEANDRO security = user encrypt passwords = yes enable privileges = yes ## enable PDC functionality domain master = yes domain logons = yes os level = 33 preferred master = yes local master = yes [public] path = /usr/local/samba/public read only = no [netlogon] comment = Net Logon service path = /usr/local/samba/netlogon read only = yes write list = +ntadmin i have other forum posts with similar problems but none have produced real results. perhaps this one will be different. here are some of the other forum posts i have looked at and attempted to apply their solutions with no success.. http://lists.samba.org/archive/samba/2005-September/110749.html http://lists.samba.org/archive/samba/2003-November/001157.html http://sysadminforum.com/t109897.html http://groups.google.com/group/linux.samba/browse_thread/thread/59a253f3f02f9ef7/d05ea8d3ab317f7e%23d05ea8d3ab317f7e http://groups.google.com/group/linux.samba/browse_thread/thread/4b61b34c769570e2/e9c6469f64ea2877?lnk=gstq=can%27t+fetch+sidrnum=1#e9c6469f64ea2877 if anyone needs more information from me please tell me. i will post everything i can. thank you, LRT -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC (can't fetch domain SID)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Leandro Tracchia wrote: os: debian etch 4.0 samba: 3.025c i am reading through the how-to (using samba 3rd ed), freely available btw at http://book.opensourceproject.org.cn/sysadmin/samba/sambao3rd/ And will be included in the Samba 3.2.0 release as well. # net getlocalsid SID for domain AACLINUX is: S-1-5-21-1918599669-337121707-3998352069 (AACLINUX is the hostname of the debian box) #net getlocalsid LEANDRO Can't fetch domain SID for name: LEANDRO (LEANDRO is my new domain name set in: smb.conf) Have you actually started smbd at least once before running this command? cheers. jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG4cHtIR7qMdg1EfYRAppmAJ9hXOFquWtATylXDaNQSB5zhEDwcQCg0fkj szwMgOBoFlfs54qCxh+HUhM= =bwYe -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Secondary Group Access on another Samba PDC
I have 2 Samba PDC's, one on DomA, the other on DomB. My pc is connected to DomA and i can access DomA's shares all fine. When I access DomB's shares it connects me as the user with the same name (diff UIDs) in the passwd file. The user it connects me as on DomB is a secondary user of GroupB. When I try to create a new file in a folder on DomB that has GroupB permissions. It says Access Denied... it works in DomA, and the share seems to be setup the same... any ideas?!?! Jason. -- Jason Coo Computer Engineer, P.Eng. The Fluid Life Corporation 1-877-962-2400 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] No icon desktop on XP to Samba PDC?
Now that I've been able to get Win XP added to a Samba PDC and users log in, Windows results in a no-icon solid-color background as the default. I can switch to Windows Classic desktop and get the icons back. What change can I make to Samba to permit Windows to present either Windows new or Classic desktop mode? Thanks. Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Automatically running a script on Samba PDC when Windows user changes his password
Hello, I've installed a Samba 3 PDC using LDAP authentication, along with the smbldap tools, on Ubuntu GNU/Linux. Everything works fine and (XP Pro) Windows clients can join my domain. I would like Samba to automatically run a (home made) script on the PDC server when the user changes his password on his machine in order to update it on other servers (for instance our mail server uses another LDAP for authentication, but there are still many accounts of this kind), so that the user has to remember only one password for all these applications. I've already had a look at the passwd program line in my smb.conf file. By default it was commented like this: #passwd program = /usr/sbin/smbldap-passwd ?u %u and ldap passwd sync is set to Yes (which seems quite sensible since I use LDAP authentication). The matter is that I was unable to use this line to automatically run a script as explained above. As an example I've tried to create a file (in a directory with 777 permissions) with the touch command (passwd program = touch mydirectory/myfile), but it has no effect. I may not have correctly understood this feature, or maybe it cannot be used with LDAP authentication. Do you know whether this kind of trick is possible, and if so how to achieve it ? Thanks in advance, Felip. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Automatically running a script on Samba PDC when Windows user changes his password
You could create a bash/perl script and put your logic inside this file. Change the 'passwd program' to refer to this script. I've tried one time define the bash code on a long line but due to errors I prefer put the code in a file. On 8/23/07, Felip Manyé [EMAIL PROTECTED] wrote: Hello, I've installed a Samba 3 PDC using LDAP authentication, along with the smbldap tools, on Ubuntu GNU/Linux. Everything works fine and (XP Pro) Windows clients can join my domain. I would like Samba to automatically run a (home made) script on the PDC server when the user changes his password on his machine in order to update it on other servers (for instance our mail server uses another LDAP for authentication, but there are still many accounts of this kind), so that the user has to remember only one password for all these applications. I've already had a look at the passwd program line in my smb.conf file. By default it was commented like this: #passwd program = /usr/sbin/smbldap-passwd ?u %u and ldap passwd sync is set to Yes (which seems quite sensible since I use LDAP authentication). The matter is that I was unable to use this line to automatically run a script as explained above. As an example I've tried to create a file (in a directory with 777 permissions) with the touch command (passwd program = touch mydirectory/myfile), but it has no effect. I may not have correctly understood this feature, or maybe it cannot be used with LDAP authentication. Do you know whether this kind of trick is possible, and if so how to achieve it ? Thanks in advance, Felip. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Automatically running a script on Samba PDC when Windows user changes his password
On 23/08/07, Felip Manyé [EMAIL PROTECTED] wrote: Hello, I've installed a Samba 3 PDC using LDAP authentication, along with the smbldap tools, on Ubuntu GNU/Linux. Everything works fine and (XP Pro) Windows clients can join my domain. I would like Samba to automatically run a (home made) script on the PDC server when the user changes his password on his machine in order to update it on other servers (for instance our mail server uses another LDAP for authentication, but there are still many accounts of this kind), so that the user has to remember only one password for all these applications. Maybe you should be tackling this on the Directory server side. -- http://www.suretecsystems.com/services/openldap/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Automatically running a script on Samba PDC when Windows user changes his password
Felip Manyé escreveu: Hello, Hello. I've installed a Samba 3 PDC using LDAP authentication, along with the smbldap tools, on Ubuntu GNU/Linux. Everything works fine and (XP Pro) Windows clients can join my domain. I would like Samba to automatically run a (home made) script on the PDC server when the user changes his password on his machine in order to update it on other servers (for instance our mail server uses another LDAP for authentication, but there are still many accounts of this kind), so that the user has to remember only one password for all these applications. I've already had a look at the passwd program line in my smb.conf file. By default it was commented like this: #passwd program = /usr/sbin/smbldap-passwd ?u %u Its -u not ?u. and ldap passwd sync is set to Yes (which seems quite sensible since I use LDAP authentication). These options serve to similar purposes. ldap passwd sync works alone. unix password sync works executing passwd program with passwd chat to sync the unix password. With LDAP just setting ldap password sync is enough and when unix password sync is set to no, the other options aren't used. So, you can set unix password sync and put another script (it wasn't made for that purpose, but works). Or turn off ldap password sync and use unix password sync with a changed smbldap-tools script, that does what it already does plus what you want it to do. The matter is that I was unable to use this line to automatically run a script as explained above. As an example I've tried to create a file (in a directory with 777 permissions) with the touch command (passwd program = touch mydirectory/myfile), but it has no effect. This script is executed by root, doesn't make much difference the permissions assigned to others. The script cannot be executed as a normal user. I may not have correctly understood this feature, or maybe it cannot be used with LDAP authentication. If you didnt had unix password sync = yes it will not execute, I just don't know what would be the behavior of samba if the command or script that you put in there begins to write things to stdout or stderr. Do you know whether this kind of trick is possible, and if so how to achieve it ? Thanks in advance, Felip. Take a look at the man page of smb.conf, theres some details to make a passwd program work, it should honor the password chat too and will ever be executed as root. I use something like that (changing the smbldap-tools script) to sync digest hashes for authentication trough squid digest ldap helper. Regards. Edmundo Valle Neto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Automatically running a script on Samba PDC when Windows user changes his password
Felip Manyé escreveu: Hello, Hello. I've installed a Samba 3 PDC using LDAP authentication, along with the smbldap tools, on Ubuntu GNU/Linux. Everything works fine and (XP Pro) Windows clients can join my domain. I would like Samba to automatically run a (home made) script on the PDC server when the user changes his password on his machine in order to update it on other servers (for instance our mail server uses another LDAP for authentication, but there are still many accounts of this kind), so that the user has to remember only one password for all these applications. I've already had a look at the passwd program line in my smb.conf file. By default it was commented like this: #passwd program = /usr/sbin/smbldap-passwd ?u %u Its -u not ?u. and ldap passwd sync is set to Yes (which seems quite sensible since I use LDAP authentication). These options serve to similar purposes. ldap passwd sync works alone. unix password sync works executing passwd program with passwd chat to sync the unix password. With LDAP just setting ldap password sync is enough and when unix password sync is set to no, the other options aren't used. So, you can set unix password sync and put another script (it wasn't made for that purpose, but works). Or turn off ldap password sync and use unix password sync with a changed smbldap-tools script, that does what it already does plus what you want it to do. The matter is that I was unable to use this line to automatically run a script as explained above. As an example I've tried to create a file (in a directory with 777 permissions) with the touch command (passwd program = touch mydirectory/myfile), but it has no effect. This script is executed by root, doesn't make much difference the permissions assigned to others. The script cannot be executed as a normal user. I may not have correctly understood this feature, or maybe it cannot be used with LDAP authentication. If you didnt had unix password sync = yes it will not execute, I just don't know what would be the behavior of samba if the command or script that you put in there begins to write things to stdout or stderr. Do you know whether this kind of trick is possible, and if so how to achieve it ? Thanks in advance, Felip. Take a look at the man page of smb.conf, theres some details to make a passwd program work, it should honor the password chat too and will ever be executed as root. I use something like that (changing the smbldap-tools script) to sync digest hashes for authentication trough squid digest ldap helper. Regards. Edmundo Valle Neto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: samba pdc/bdc and trust relationship
On 8/2/07, Mohammad Zohny [EMAIL PROTECTED] wrote: kindly try to help me in this problem, I need the solution urgently! On 7/31/07, Mohammad Zohny [EMAIL PROTECTED] wrote: Hi all, My environment consists of 2 locations. the first has a windows NT4 PDC (for domain EGVLE) and another SLES10 PDC server (for VLE domain).with a bi-directional trust relationship between them. the second location will have SLES10 server that will work as a BDC for the samba VLE domain. I want to know how the bdc server will take the trust relationship from the PDC server? and what is the optimum solution to do that? Domain trusts are explained in the Samba HOWTO Collection (http://samba.org/samba/docs/man/Samba-HOWTO-Collection/) and may also be covered in Samba By Example (http://samba.org/samba/docs/man/Samba-Guide/). Do you have specific questions not addressed in the docs? Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba pdc/bdc and trust relationship
Hi all, My environment consists of 2 locations. the first has a windows NT4 PDC (for domain EGVLE) and another SLES10 PDC server (for VLE domain).with a bi-directional trust relationship between them. the second location will have SLES10 server that will work as a BDC for the samba VLE domain. I want to know how the bdc server will take the trust relationship from the PDC server? and what is the optimum solution to do that? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] PDC: Windows xp sp2 reboots when login onto domain
Dear all, I have installed Debian Etch (Samba 3.0.24) in PDC role, with 2 Windows XP SP2 clients. When I try to join the domain in any of the clients, the machine suddenly reboots (both). Both are fresh Windows installs. This is my smb.conf file. Any ideas? # Begin smb.conf # # /etc/samba/smb.conf # Samba configuration file # last updated: 25072007 by mendi [global] ### Basic Server Settings ### netbios name = BF server string = BlueFactory Samba Server workgroup = BLUEFACTORY ### PDC and master browsing settings ### security = user encrypt passwords = true domain logons = yes os level = 64 local master = yes preferred master = yes domain master = yes browse list = yes wins support = yes ### Security and performance ### syslog = 0 log file = /var/log/samba/bluefactory.log log level = 2 max log size = 5 # In Kilobytes hosts allow = 127.0.0.1 192.168.0.0/24 socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 client schannel = yes server schannel = yes client signing = yes server signing = yes ### Pass backend ### passdb backend = tdbsam username map = /etc/samba/smbusers ### User Profiles and Home directories ### logon script = netlogon.cmd logon drive = Z:# Drive letter for home directory logon home = \\%L\%U\.profile # Profile location for 95/98. Only used by these. logon path = \\%L\profiles\%U # Profile location for NT/2000/XP ### Automatic machine account creation ### add machine script = /etc/samba/scripts/smb-addMachine %u ### UNIX and Windows account syncing ### add user script = /etc/samba/scripts/smb-addUser %u delete user script = /etc/samba/scripts/smb-rmUser %u add group script = /etc/samba/scripts/smb-addGroup %g delete group script = /etc/samba/scripts/smb-rmGroup %g add user to group script = /etc/samba/scripts/smb-addUserToGroup %u %g delete user from group script = /etc/samba/scripts/smb-rmUserFromGroup %u %g ### UNIX and Windows password syncing ### pam password change = yes # Los compartidos homes y netlogon son necesarios para el domino # [homes] comment = Home Directories browseable = no writable = yes create mask = 0700 directory mask = 0700 hide dot files = Yes # Manda un mensaje de bienvenida a los usuarios preexec = /etc/samba/scripts/smb-userLogin %u %m %S %I postexec = /etc/samba/scripts/smb-userLogout %u %m %S %I [netlogon] comment = Network Logon Service path = /mnt/raid/netlogon browseable = no writable = no preexec = /etc/samba/scripts/smb-userLogin %u %m %S %I postexec = /etc/samba/scripts/smb-userLogout %u %m %S %I [profiles] comment = Roaming Profile Share path = /mnt/raid/profiles browseable = yes guest ok = yes writable = yes read only = no # This stands for client-side caching policy, and specifies how # clients capable of offline caching will cache the files in the # share. The valid values are: manual, documents, programs, disable. # For example, shares containing roaming profiles can have offline # caching disabled using csc policy = disable. csc policy = disable # Esto es importante para versiones nuevas de Windows XP y 2000 profile acls = yes create mask = 0600 directory mask = 0700 preexec = /etc/samba/scripts/smb-userLogin %u %m %S %I postexec = /etc/samba/scripts/smb-userLogout %u %m %S %I [data] comment = Datos privados de BlueFactory path = /mnt/raid/pool browseable = no valid users = @bluefactory, @invitados read only = yes write list = @bluefactory force group = bluefactory create mask = 0664 directory mask = 2775 preexec = /etc/samba/scripts/smb-userLogin %u %m %S %I postexec = /etc/samba/scripts/smb-userLogout %u %m %S %I # End smb.conf # Cheers, Mendi signature.asc Description: This is a digitally signed message part. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC, v3.0.25b, tdbsam: winbindd seems to be broken...
On Wed, 11 Jul 2007 John Drescher (John Drescher [EMAIL PROTECTED]) wrote I had the same issue going to 3.0.25a but I do not remember the solution. I do remember though I had to make changes in my smb.conf file. It seems I had made a mistake... I had been running winbind on my PDC, which one is not supposed to do ? [I guess winbindd is a client, not a server ?] Stopping winbind didn't solve the problem, however. I struggle for some time trying to see what was actually going wrong -- winding up logging, doing things and then trawling logs for plausible looking error messages. All to no avail. So... I resorted to Voodoo and deleted samba from my PDC and started again from scratch. It took a couple of attempts to recreate both the machine and domain SID (on PDC these seem to be set to be the same thing, by default). net setlocalsid will set the machine SID in secrets.tdb, but not the domain SID... The tick appears to be to delete secrets.tdb, do a net setlocalsid and then do the net groupmap things you need, which puts the domain SID into secrets.tdb as a side effect. I struggled and failed to get pdbedit to recreate a new passdb.tdb with the same SIDs as per previous installation. The -U parameter seems to be ignored with -a or at least -am. Can use -r and -U together, but that fails to update the key that maps RID to User Name -- leaving the passdb broken. Solution for that was to export the passdb.tdb to sbmpaswwd form and then import it again ! After the complete reinstall and reconfigure exercise, things are working again. I only wish I could see why !! One thing I noted, however: I have root (UID 0) as one of the Domain Administrators (RID 512); I had a group (GID 200) mapped to Domain Administrators; root is a member of Groups GID 0 and GID 200; pdbedit kept whinging that the primary group for user root was a local group not a domain group; I have now mapped group GID 0 to Domain Administrators; pdbedit has stopped whinging. However, I have no idea if this is the reason that things are now working. I note that in smb.conf valid users and other such settings have changed in 3.0.23b. The release notes give the example: valid users = +DOMAIN\Linux Admins +srvadmin I assume the first is an NT Group name ? Since this is implicitly a group, does it need the '+'. Does it make any difference if one uses '@' ? I tried various combinations when I was trying to make things work, without success... [I'm reluctant now to touch a working config ! Which uses @DOMAIN\Domain Admins etc.] I assume the second is a UNIX Group name ? Now, I have groups mapped as follows: net groupmap add ntgroup=Domain Users rid=513 unixgroup=SMB_USER \ type=d My guess was that: valid users = +DOMAIN\Domain Users and: valid users = +SMB_USER would mean the same thing... but I'm not convinced that it does. FWIW it would really make things clearer if the documentation was careful to point out when a name is an NT name or a UNIX name. Examples showing a UNIX Group with the name Domain Admins seems to me to be muddying the waters ! Finally, I'm still puzzling about the machine SID and the domain SID on my PDC... it really seems to me that these should be different ? Chris On 7/11/07, Chris Hall [EMAIL PROTECTED] wrote: Help... I'm running Samba v3.0.25b, recently upgraded from v3.0.23a. I use tdbsam, winbindd etc. Winbind appears to be broken. When I do: * getent passwd none of the DOMAIN\ users are listed * getent group the BUILTIN\administrators and BUILTIN\users groups are listed, but none of the DOMAIN\ groups * wbinfo -u gives an enigmatic Error looking up domain users * wbinfo -g gives just the BUILTIN\administrators and BUILTIN\users groups I have wound up the logging, but have not been able to see anything obviously related to the above... ...where do I start looking, please ?? Thanks, Chris -- Chris Hall @ Home +44 (0)7970 277 383 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- Chris Hall @ Home +44 (0)7970 277 383 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC, v3.0.25b, tdbsam: should Server have its own SID etc ?
On Wed, 11 Jul 2007 Chris Hall (Chris Hall [EMAIL PROTECTED]) wrote Help... I'm running Samba v3.0.25b, recently upgraded. I use tdbsam, winbindd etc. The Samba machine is a PDC. If the machine is FRED and the domain is HOME, should I set up a machine account for FRED and join that to the HOME domain ? Should the machine FRED have its own domain SID ? Or... is are the machine FRED and the domain HOME one and the same ? I note that if I discard all configuration and start with an empty secrets.tdb, then FRED and HOME are set up with the same SID. I found that to restore the original SID what I had to do was: * delete secrets.tdb * net setlocalsid S-x--xxx this put the SID for FRED into the secrets.tdb. * net groupmap add ntgroup=Domain Admins rid=512 unixgroup=DAMN type=d which puts the SID for HOME into the secrets.tdb I cannot help feeling that the Domain and the PDC machine should have distinct SIDs after all, a BDC will have its own machine SID, and if promoted to PDC must retain that machine SID ?? Chris -- Chris Hall @ Home +44 (0)7970 277 383 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba PDC, v3.0.25b, tdbsam: winbindd seems to be broken...
Help... I'm running Samba v3.0.25b, recently upgraded from v3.0.23a. I use tdbsam, winbindd etc. Winbind appears to be broken. When I do: * getent passwd none of the DOMAIN\ users are listed * getent group the BUILTIN\administrators and BUILTIN\users groups are listed, but none of the DOMAIN\ groups * wbinfo -u gives an enigmatic Error looking up domain users * wbinfo -g gives just the BUILTIN\administrators and BUILTIN\users groups I have wound up the logging, but have not been able to see anything obviously related to the above... ...where do I start looking, please ?? Thanks, Chris -- Chris Hall @ Home +44 (0)7970 277 383 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba PDC, v3.0.25b, tdbsam: should Server have its own SID etc ?
Help... I'm running Samba v3.0.25b, recently upgraded. I use tdbsam, winbindd etc. The Samba machine is a PDC. If the machine is FRED and the domain is HOME, should I set up a machine account for FRED and join that to the HOME domain ? Should the machine FRED have its own domain SID ? Or... is are the machine FRED and the domain HOME one and the same ? Thanks, Chris -- Chris Hall @ Home +44 (0)7970 277 383 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC, v3.0.25b, tdbsam: winbindd seems to be broken...
I had the same issue going to 3.0.25a but I do not remember the solution. I do remember though I had to make changes in my smb.conf file. John On 7/11/07, Chris Hall [EMAIL PROTECTED] wrote: Help... I'm running Samba v3.0.25b, recently upgraded from v3.0.23a. I use tdbsam, winbindd etc. Winbind appears to be broken. When I do: * getent passwd none of the DOMAIN\ users are listed * getent group the BUILTIN\administrators and BUILTIN\users groups are listed, but none of the DOMAIN\ groups * wbinfo -u gives an enigmatic Error looking up domain users * wbinfo -g gives just the BUILTIN\administrators and BUILTIN\users groups I have wound up the logging, but have not been able to see anything obviously related to the above... ...where do I start looking, please ?? Thanks, Chris -- Chris Hall @ Home +44 (0)7970 277 383 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- John M. Drescher -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC LDAP HowTo 4 U
Chris Smart wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all, I've written a HowTo for 'Samba domain with LDAP back end' and am looking for people to test it and tell me the stupid things I did. I also wanted to put the HowTo out there in case others wanted to do something similar and because I know you've got nothing better to do on your weekend than play with Linux ;) I'm by no means a Samba expert so please let me know if you have any suggestions or improvements :) It's wikified online at : http://wiki.makethemove.net/index.php?title=LDAP-Samba; Am still reading it... :) However, I wanted to take a moment to mention the smbldap-installer at http://majen.net/smbldap/ It rocks! I am glad to see you covering some areas not covered in many howto's. Questions that may come up in setting up a pdc may be... Folder redirection using policy files, etc. How to copy existing profiles to the roaming profiles. Giving a user permission to join the domain. (so folks aren't running around with the root password) net rpc rights grant Domain Admins SeMachineAccountPrivilege and possibly these as well.. SeMachineAccountPrivilege \ SeTakeOwnershipPrivilege \ SeBackupPrivilege \ SeRestorePrivilege \ SeRemoteShutdownPrivilege \ SePrintOperatorPrivilege \ SeAddUsersPrivilege \ -- This message has been scanned for viruses and dangerous content by RCRnet, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC LDAP HowTo 4 U
Hi Chris! Although ubutu-ish, the how to seems to reunite plenty of information, specially an 'ldap primer'. I MUST ask you about the output of wbinfo -g and wbinfo -u. I just wonder if it is ever possible to get Samba as a PDC(without and windows AD as master) to report groups and users via wbinfo, thus making life with squid easier. I guess you'll need to run/setup winbindd for this task. Could you try it and report please? Thanks! Mauricio Chris Smart wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all, I've written a HowTo for 'Samba domain with LDAP back end' and am looking for people to test it and tell me the stupid things I did. I also wanted to put the HowTo out there in case others wanted to do something similar and because I know you've got nothing better to do on your weekend than play with Linux ;) I'm by no means a Samba expert so please let me know if you have any suggestions or improvements :) It's wikified online at : http://wiki.makethemove.net/index.php?title=LDAP-Samba; Cheers, Chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGhZEUhZNk0P/rW0sRAh8BAJ95eeVcCxBYFFwzfWMdkbEjug54RwCfcjK9 ikf7ESxzLQw2NKriYXlSK9Q= =SvcM -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba PDC LDAP HowTo 4 U
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all, I've written a HowTo for 'Samba domain with LDAP back end' and am looking for people to test it and tell me the stupid things I did. I also wanted to put the HowTo out there in case others wanted to do something similar and because I know you've got nothing better to do on your weekend than play with Linux ;) I'm by no means a Samba expert so please let me know if you have any suggestions or improvements :) It's wikified online at : http://wiki.makethemove.net/index.php?title=LDAP-Samba; Cheers, Chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGhZEUhZNk0P/rW0sRAh8BAJ95eeVcCxBYFFwzfWMdkbEjug54RwCfcjK9 ikf7ESxzLQw2NKriYXlSK9Q= =SvcM -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: [clug] Samba PDC LDAP HowTo 4 U
Chris Smart wrote: I've written a HowTo for 'Samba domain with LDAP back end' and am looking for people to test it and tell me the stupid things I did. Thanks for posting the URL. I just did a presentation which I do not cover LDAP back ends in, and I had a question about just such a configuration, so I will pass this along to him. For reference, my presentation can be found at this URL. Samba 3 PDC for Windows Clients and Samba 3 Book Review http://www.lueckdatasystems.com/pub/presentations/iccm2007.pdf http://www.lueckdatasystems.com/pub/presentations/iccm2007.zip I did not get all of the dust knocked out before the presentation... but after I think two years since I had last given the presentation I definitely got my work out getting the presentation polished up as much as I did. (Scripts and config files are in the zip file.) -- Michael Lueck Lueck Data Systems http://www.lueckdatasystems.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] PDC-BDC fallback no netlogon
I have a Samba 3.025a PDC and BDC with LDAP running. If I simulate a BDC crash the Client connects the PDC, but the netlogon share is not accessed. This happens only at the first login at the PDC. The second login is ok. It seems that the client does not even try to access the netlogon share. Log (level 2) for the first login on the PDC: [2007/06/26 11:11:49, 2] lib/smbldap.c:smbldap_open_connection(785) smbldap_open_connection: connection opened [2007/06/26 11:11:51, 2] passdb/pdb_ldap.c:init_sam_from_ldap(545) init_sam_from_ldap: Entry found for user: pes [2007/06/26 11:11:51, 2] passdb/pdb_ldap.c:init_group_from_ldap(2158) init_group_from_ldap: Entry found for group: 1060 [2007/06/26 11:11:51, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: authentication for user [pes] - [pes] - [pes] succeeded [2007/06/26 11:11:51, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2916) Returning domain sid for domain HS - S-1-5-21-247265-2382055081-4215993616 [2007/06/26 11:11:51, 2] passdb/pdb_ldap.c:init_sam_from_ldap(545) init_sam_from_ldap: Entry found for user: pes [2007/06/26 11:11:51, 2] passdb/pdb_ldap.c:init_group_from_ldap(2158) init_group_from_ldap: Entry found for group: 1060 [2007/06/26 11:11:51, 2] passdb/pdb_ldap.c:init_group_from_ldap(2158) init_group_from_ldap: Entry found for group: 1060 Log for the second login: [2007/06/26 11:14:22, 2] passdb/pdb_ldap.c:init_sam_from_ldap(545) init_sam_from_ldap: Entry found for user: pes [2007/06/26 11:14:22, 2] passdb/pdb_ldap.c:init_group_from_ldap(2158) init_group_from_ldap: Entry found for group: 1060 [2007/06/26 11:14:22, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: authentication for user [pes] - [pes] - [pes] succeeded [2007/06/26 11:14:22, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2916) Returning domain sid for domain HS - S-1-5-21-247265-2382055081-4215993616 [2007/06/26 11:14:22, 2] passdb/pdb_ldap.c:init_sam_from_ldap(545) init_sam_from_ldap: Entry found for user: pes [2007/06/26 11:14:22, 2] passdb/pdb_ldap.c:init_group_from_ldap(2158) init_group_from_ldap: Entry found for group: 1060 [2007/06/26 11:14:22, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: authentication for user [pes] - [pes] - [pes] succeeded [2007/06/26 11:14:22, 2] passdb/pdb_ldap.c:init_sam_from_ldap(545) init_sam_from_ldap: Entry found for user: pes [2007/06/26 11:14:22, 2] passdb/pdb_ldap.c:init_group_from_ldap(2158) init_group_from_ldap: Entry found for group: 1060 [2007/06/26 11:14:22, 1] smbd/service.c:make_connection_snum(1033) tdn-n07 (172.17.17.65) connect to service netlogon initially as user pes (uid=1290, gid=1060) (pid 11984) [2007/06/26 11:14:22, 2] passdb/pdb_ldap.c:init_group_from_ldap(2158) init_group_from_ldap: Entry found for group: 1060 [2007/06/26 11:14:24, 2] smbd/open.c:open_file(391) pes opened file pes.vbs read=Yes write=No (numopen=1) [2007/06/26 11:14:24, 2] smbd/open.c:open_file(391) pes opened file pes.vbs read=Yes write=No (numopen=2) [2007/06/26 11:14:24, 2] smbd/close.c:close_normal_file(399) pes closed file pes.vbs (numopen=1) NT_STATUS_OK [2007/06/26 11:14:24, 2] smbd/close.c:close_normal_file(399) pes closed file pes.vbs (numopen=0) NT_STATUS_OK [2007/06/26 11:14:34, 1] smbd/service.c:close_cnum(1230) tdn-n07 (172.17.17.65) closed connection to service netlogon The Domain controllers are on different networks, both run as wins server. The client has 2 wins server entries. Client is Windows XP. Also the environment variable LOGONSERVER is on the old (BDC) value. Seems that XP does some caching? Any hints welcome... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] changing DOMAIN name on samba PDC
For historic reasons we have a DOMAIN name of 'WORKGROUP' on our one server only samba PDC. Now that we have upgradced to 3.0.25 We would like to change this to something more sensible, but are concerned what the consequences will be for the Win XP Pro workstations that are currently joined to this domain. which of the following scenarios will we likely face after the change? scenario #1 (wishful thinking) we only change the domain name on the one pdc of the domain and on next login of a win xp pro workstation it will automagically learn that the sid of it's domain now 'translates' to a new name and will show this new domain name in places where it used to say the old name 'WORKGROUP' in the past. scenario #2 the right sequence of getlocalsid and setlocalsid before and after the domain change on the samba pdc, can allow us to 'cheat' and the workstations can be 'tricked' into preserving the domain trust relationships and won't need to leave the domain and be re-joined after the renaming of the domain? scenario #3 all workstations have to leave the old DOMAIN (does this have to be done before the rename?). and after the renaming of the main PDC we'll have to rejoin all windows xp pro workstations to the newly named domain? scenario #4 any other suggestions or hints on how to best do this, with the least impact and downtime and admin work coming our way? Many thanks in advance for any help or pointers on this. -- Urs Rau -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] pdc under virtualbox
Running a pdc under virtualbox would be obviously insanely easy to backup the pdc to another box etc... However, is it a bad idea for a 50 user implementation with: 4200 athlon 4 gigs ram? -- This message has been scanned for viruses and dangerous content by RCRnet, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: changing DOMAIN name on samba PDC
scenario #3 all workstations have to leave the old DOMAIN (does this have to be done before the rename?). and after the renaming of the main PDC we'll have to rejoin all windows xp pro workstations to the newly named domain? scenario #4 any other suggestions or hints on how to best do this, with the least impact and downtime and admin work coming our way? Many thanks in advance for any help or pointers on this. Hi Urs, I can't say for sure what would happen, but my guess is that scenario #3 is your best option. However, since it is possible that things could work out in your favor, I would recommend setting up a quick test. Set up a Samba server as a PDC of a different domain, join a workstation to it and then rename the domain on the PDC and see what happens then if anything goes bad, you can always wipe the test machines out. Hopefully that helps, Matt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Join Linux client to Samba PDC domain
Matt wrote: Now I want the same thing in a different environment CentOS Samba PDC in domain mode and LDAP Windows XP and Vista clients joined to the Samba domain Linux File Server (which I don't know how to configure) So I want all the Windows clients to be able to access the shares on my LInux File Server but I want my CentOS Samba PDC to handle the authentication with Singel-Sign-On style. How would I configure my Linux Files server? security = domain, server, or? Thanks, Henrik Hi Henrik, I just did a similar thing setting up an AIX file server with a Linux-based Samba PDC. I'm pretty sure you want to set the Linux file server up as a domain member server: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html You're right on with security=domain. Then you just have to add the LDAP admin stuff to the samba config and secrets database (i.e. smbpasswd -w [LDAP admin passwd goes here], net rpc getsid [domain name here], net rpc join -Uroot%[password goes here]) and a few other config steps outlined in the link I put above... Hopefully that gets you started int he right direction. -Matt Hiya, You need this document: http://samba.org/samba/docs/man/Samba-Guide/unixclients.html#wdcsdm There's also additional info in the samba docs at samba.org. Particularly useful are Samba 3 by example and the Samba 3 Howto. Cheers, jools -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Join Linux client to Samba PDC domain
7 jun 2007 kl. 21:19 skrev Matt: Now I want the same thing in a different environment CentOS Samba PDC in domain mode and LDAP Windows XP and Vista clients joined to the Samba domain Linux File Server (which I don't know how to configure) So I want all the Windows clients to be able to access the shares on my LInux File Server but I want my CentOS Samba PDC to handle the authentication with Singel-Sign-On style. How would I configure my Linux Files server? security = domain, server, or? Thanks, Henrik Hi Henrik, I just did a similar thing setting up an AIX file server with a Linux-based Samba PDC. I'm pretty sure you want to set the Linux file server up as a domain member server: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain- member.html You're right on with security=domain. Then you just have to add the LDAP admin stuff to the samba config and secrets database (i.e. smbpasswd -w [LDAP admin passwd goes here], net rpc getsid [domain name here], net rpc join -Uroot%[password goes here]) and a few other config steps outlined in the link I put above... Hopefully that gets you started int he right direction. -Matt Hi Matt, Thanks for that input. Exactly what I was looking for. Darn I though I skimmed through the docs but I guess I didn't know to look for Member server configuration. And it looks like I can use winbind too! Cool :). Thought that winbind was only meant to work in an MS ADS environment but I guess I can use it in an Samba domain also. Thanks again. Cheers, henrik -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Join Linux client to Samba PDC domain
8 jun 2007 kl. 09:56 skrev Julian Pilfold-Bagwell: Matt wrote: Now I want the same thing in a different environment CentOS Samba PDC in domain mode and LDAP Windows XP and Vista clients joined to the Samba domain Linux File Server (which I don't know how to configure) So I want all the Windows clients to be able to access the shares on my LInux File Server but I want my CentOS Samba PDC to handle the authentication with Singel-Sign-On style. How would I configure my Linux Files server? security = domain, server, or? Thanks, Henrik Hi Henrik, I just did a similar thing setting up an AIX file server with a Linux-based Samba PDC. I'm pretty sure you want to set the Linux file server up as a domain member server: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain- member.html You're right on with security=domain. Then you just have to add the LDAP admin stuff to the samba config and secrets database (i.e. smbpasswd -w [LDAP admin passwd goes here], net rpc getsid [domain name here], net rpc join -Uroot%[password goes here]) and a few other config steps outlined in the link I put above... Hopefully that gets you started int he right direction. -Matt Hiya, You need this document: http://samba.org/samba/docs/man/Samba-Guide/unixclients.html#wdcsdm There's also additional info in the samba docs at samba.org. Particularly useful are Samba 3 by example and the Samba 3 Howto. Ahh spot on! Thanks! Cheers, jools -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Join Linux client to Samba PDC domain
Hi list, I know this is maybe an awkward question but I wonder if tis possible to join linux clients to a samba domain and if so how would I set up their smb.conf? I want to accomplish the same thing in a Samba PDC domain as in an Windows ADS domain. Today I have in one environment Windows 2003 PDC Windows XP clients Linux File Server which is joined to the domain, utilizing winbind, kerberos etc. So all clients can connect to the shares in my Linux File Server and all authentication is handled my winbind - Windows PDC Singel-Sign- On style. Now I want the same thing in a different environment CentOS Samba PDC in domain mode and LDAP Windows XP and Vista clients joined to the Samba domain Linux File Server (which I don't know how to configure) So I want all the Windows clients to be able to access the shares on my LInux File Server but I want my CentOS Samba PDC to handle the authentication with Singel-Sign-On style. How would I configure my Linux Files server? security = domain, server, or? Thanks, Henrik -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] urgent: winbind doesn't see groups from samba pdc+ldap
Hallo! after migrating the pdc from nt to samba+ldap my member fileserver doesn't see the groups anymore. I set it up with nss as shown in: http://samba.org/samba/docs/man/Samba-Guide/unixclients.html#ch9-sdmnss getent passwd + group show all user and groups correctly wbinfo -u shows all users correctly, but wbinfo -g show only 2 builtin accounts. I tried without nss only with winbind before in the hope I had not to reset all permissions but it was exacty the same. Machine is debian/etch samba 3.0.24 Please let me know if I should send more infos. I'm very greateful for any hints. thanks angela here my smb.conf [global] # Server Definition server string = %h (%v) domain logons = no domain master = no local master = no preferred master = no timeserver = no # Domaenen Zugehoerigkeit workgroup = AAG security = domain password server = 192.168.100.72 # Namensaufloesung name resolve order = host wins bcast # Erlaubte Authentifizierungsprotokolle map archive = yes map hidden = no map readonly = yes map system = no map to guest = never delete readonly = yes preserve case = yes # Nach 15 Min. Inaktivität trennenlog file = /var/log/samba/%m.log log level = 10 syslog = 1 panic action = /usr/share/samba/panic-action %d # Wann werden DAten auf die Platten geschrieben? strict sync = yes sync always = yes use sendfile = yes # Auf mdbs keine Oplocks setzen veto oplock files = /*.mdb/ # OpenOffice hat Problem beim Speichern, es liegt aber nicht an den Oplocks! oplocks = yes level2 oplocks = yes # Winbind - fÃr Authentifizierung Ãber einen anderen Server #winbind cache time = 300 #winbind enum groups = yes #winbind enum users = yes #winbind uid = 1-2 #winbind gid = 1-2 ldap admin dn = cn=admin,dc=aag ldap suffix = dc=aag ldap group suffix = ou=groups ldap user suffix = ou=users ldap machine suffix = ou=computers ldap idmap suffix = ou=idmap idmap backend = ldap:ldap://erde.aag idmap uid = 1-2 idmap gid = 1-2 winbind trusted domains only = yes deadtime = 15 keepalive = 0 ... shares /etc/ldap/ldap.conf BASEdc=aag URI ldap://erde.aag:389 ldap://mond.aag:389 nss_base_passwd ou=users,dc=aag?one nss_base_passwd ou=computers,dc=aag?one nss_base_shadow ou=users,dc=aag?one nss_base_group ou=groups,dc=aag?one TLS_CACERT /etc/ldap/certs/cacert.pem TLS_CERT/etc/ldap/certs/memberserver_cert.pem TLS_KEY /etc/ldap/certs/memberserver_key.pem TLS_CHECKPEER yes SSL start_tls TLS_REQCERT allow It make no difference if I activate TLS or not. ** /etc/nsswitch.conf ** passwd: files ldap winbind group: files ldap winbind shadow: files ldap winbind hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc:db files netgroup: nis -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Join Linux client to Samba PDC domain
Now I want the same thing in a different environment CentOS Samba PDC in domain mode and LDAP Windows XP and Vista clients joined to the Samba domain Linux File Server (which I don't know how to configure) So I want all the Windows clients to be able to access the shares on my LInux File Server but I want my CentOS Samba PDC to handle the authentication with Singel-Sign-On style. How would I configure my Linux Files server? security = domain, server, or? Thanks, Henrik Hi Henrik, I just did a similar thing setting up an AIX file server with a Linux-based Samba PDC. I'm pretty sure you want to set the Linux file server up as a domain member server: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html You're right on with security=domain. Then you just have to add the LDAP admin stuff to the samba config and secrets database (i.e. smbpasswd -w [LDAP admin passwd goes here], net rpc getsid [domain name here], net rpc join -Uroot%[password goes here]) and a few other config steps outlined in the link I put above... Hopefully that gets you started int he right direction. -Matt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba