[Samba] Samba 3.4.1 BDC fails
Hi! We are using 2 Samba 3.4.1 on CentOS 5.3. The PDC is working without bigger problems, but I can't get the BDC to work. We have a replica of the ldap on the BDC and I tried the connect with an linux smbclient and with the standard mount -t cifs both not sucessfull: smbclient: Receiving SMB: Server stopped responding session setup failed: Call timed out: server did not respond after 2 milliseconds mount: mount: Resource temporarily unavailable You can find my conf and a log (level 3) on the bottom - I discared the various push_conn_ctx set_sec_ctx messages - Can somebody give me a hint please? - CONF --- [global] netbios name = XDATEN server string =BDC workgroup = XX interfaces = 10.0.0.2 socket address = 10.0.255.255 wins server = 10.0.0.101 bind interfaces only = yes os level = 64 domain master = no domain logons = yes preferred master = no local master = no security = user encrypt passwords = yes admin users = @Domain Admins,admin,Admin ldap admin dn=uid=Admin,ou=Users,dc=xxx,dc= passdb backend = ldapsam ldap delete dn = no ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap machine suffix = ou=Clients ldap suffix = dc=xxx,dc= ldap passwd sync = yes wins support = no dns proxy = no log file = /var/log/samba/samba.log log level=3 [netlogon] comment = Network Logon Service path = /samba/netlogon writable = no locking = no - CONF --- - LOG --- Initialising global parameters [2009/09/17 14:39:23, 3] ../lib/util/params.c:550(pm_process) params.c:pm_process() - Processing configuration file /etc/samba/smb.conf [2009/09/17 14:39:23, 3] param/loadparm.c:7698(do_section) Processing section [global] [2009/09/17 14:39:23, 2] param/loadparm.c:7715(do_section) Processing section [netlogon] [2009/09/17 14:39:23, 3] param/loadparm.c:6169(lp_add_ipc) adding IPC service [2009/09/17 14:39:23, 3] printing/pcap.c:136(pcap_cache_reload) reloading printcap cache [2009/09/17 14:39:23, 2] printing/print_cups.c:545(cups_async_callback) cups_async_callback: failed to read a new printer list [2009/09/17 14:39:23, 3] printing/pcap.c:243(pcap_cache_reload) reload status: error [2009/09/17 14:39:23, 3] printing/pcap.c:136(pcap_cache_reload) reloading printcap cache [2009/09/17 14:39:23, 2] printing/print_cups.c:545(cups_async_callback) cups_async_callback: failed to read a new printer list [2009/09/17 14:39:23, 3] printing/pcap.c:243(pcap_cache_reload) reload status: error [2009/09/17 14:39:23, 2] lib/interface.c:340(add_interface) added interface eth0 ip=10.0.0.2 bcast=10.0.255.255 netmask=255.255.0.0 [2009/09/17 14:39:23, 3] smbd/server.c:1107(main) loaded services [2009/09/17 14:39:23, 0] smbd/server.c:(main) standard input is not a socket, assuming -D option [2009/09/17 14:39:23, 3] smbd/server.c:1122(main) Becoming a daemon. [2009/09/17 14:39:23, 2] lib/smbldap_util.c:277(smbldap_search_domain_info) smbldap_search_domain_info: Searching for:[((objectClass=sambaDomain)(sambaDomainName=FH_STP))] [2009/09/17 14:39:23, 3] lib/smbldap.c:660(smb_ldap_start_tls) StartTLS issued: using a TLS connection [2009/09/17 14:39:23, 2] lib/smbldap.c:856(smbldap_open_connection) smbldap_open_connection: connection opened [2009/09/17 14:39:23, 3] lib/smbldap.c:1067(smbldap_connect_system) ldap_connect_system: successful connection to the LDAP server [2009/09/17 14:40:43, 3] auth/auth.c:222(check_ntlm_password) check_ntlm_password: Checking password for unmapped user []\[n...@[10.222.0.240] with the new password interface [2009/09/17 14:40:43, 3] auth/auth.c:225(check_ntlm_password) check_ntlm_password: mapped user is: [xx]\[n...@[10.222.0.240] [2009/09/17 14:40:43, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: nsc [2009/09/17 14:40:43, 2] passdb/pdb_ldap.c:2353(init_group_from_ldap) init_group_from_ldap: Entry found for group: 999 [2009/09/17 14:40:43, 2] passdb/pdb_ldap.c:2353(init_group_from_ldap) [2009/09/17 14:40:45, 2] auth/auth.c:310(check_ntlm_password) check_ntlm_password: authentication for user [nsc] - [nsc] - [nsc] succeeded -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba/ldap BDC slowness
Hi list To the point:. I have a Samba/LDAP PDC that is working fine. Now I added a Samba/LDAP BDC on a WAN. I followed tips from wiki.samba regarding LDAP replication and samba configurations. It's working but I have noticed that when I try to access shares on BDC is really slow. I can notice this slowness using smbclient directly on BDC accessing shares on BDC itself. If I try to access shares on PDC using smbclient on BDC it's fast! So I suspect is something related to authentication on BDC. Anyone has any hints regarding this? PDC: Debian Etch, Samba 3.0.24, smbldap-tools 0.9.2-3, slapd 2.3.30 BDC: Debian Lenny, Samba 3.2.5, smbldap-tools 0.9.4, slapd 2.4.11 Also: pdbedit -Lvu on PDC is fast, on BDC is slow. getent passwd is fast on both Anyone has any hints regarding this issue? Thanks in advance -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba pdc/bdc and trust relationship
Hi all, My environment consists of 2 locations. the first has a windows NT4 PDC (for domain EGVLE) and another SLES10 PDC server (for VLE domain).with a bi-directional trust relationship between them. the second location will have SLES10 server that will work as a BDC for the samba VLE domain. I want to know how the bdc server will take the trust relationship from the PDC server? and what is the optimum solution to do that? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba as bdc
hi andrew, but this statement is in contrast to JHT on Re: [Samba] BDC, documentation, Machine Accounts Keep Expiring ??? greez Andrew Bartlett schrieb: On Wed, 2006-01-25 at 13:35 +0100, Andreas Fladischer wrote: [EMAIL PROTECTED] i have a samba server with ldap as pdc. everything works fine and now i'm testing samba as bdc. i copied the smb.conf from the pdc to the bdc and changed the domain master = yes to no! then i stopped the smb service on the pdc and tried to login on an winxp machine and this also worked (the log file show me that the login is on the bdc)! is it possible that the users can change their passwords when the pdc isn't available or must the pdc be online?how can i do this? The client's won't attempt to change passwords to a BDC. Andrew Bartlett -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba as bdc
On Tue, 2006-01-31 at 21:05 +0100, Michael Gasch wrote: hi andrew, but this statement is in contrast to JHT on Re: [Samba] BDC, documentation, Machine Accounts Keep Expiring The client's won't attempt to change passwords to a BDC. Clarification: the client won't attempt to change user passwords against a BDC. Machine accounts are a different (messier...) kettle of fish. If asked, a Samba BDC will actually change the password, if it can write to it's backing LDAP server, but that's irrelevant if the client doesn't ask. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba as bdc
hi, if the BDC can write into the backend (ldap master), then everything should be fine. otherwise it will give back an error, e.g. if you want to change your password. please also note this thread RE: [Samba] Samba + LDAP over the WAN from Bruno Guerreiro and this one [Samba] BDC, documentation, Machine Accounts Keep Expiring greez Andreas Fladischer wrote: [EMAIL PROTECTED] i have a samba server with ldap as pdc. everything works fine and now i'm testing samba as bdc. i copied the smb.conf from the pdc to the bdc and changed the domain master = yes to no! then i stopped the smb service on the pdc and tried to login on an winxp machine and this also worked (the log file show me that the login is on the bdc)! is it possible that the users can change their passwords when the pdc isn't available or must the pdc be online?how can i do this? with best regards and thanks in advance for your answers -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution (IT) Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba as bdc
[EMAIL PROTECTED] i have a samba server with ldap as pdc. everything works fine and now i'm testing samba as bdc. i copied the smb.conf from the pdc to the bdc and changed the domain master = yes to no! then i stopped the smb service on the pdc and tried to login on an winxp machine and this also worked (the log file show me that the login is on the bdc)! is it possible that the users can change their passwords when the pdc isn't available or must the pdc be online?how can i do this? with best regards and thanks in advance for your answers -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba as bdc
Hi Andreas I too have the same issue, but i think, if we using slave ldap server in BDC, i hope it's possible, the slave LDAP server has updateref entry in slapd.conf, which points to master LDAP server, so any changes is referred back to PDC, but i am not sure, what happen's when the link between PDC and BDC is down, and if any changes are done, how is to propogated when the link is up again. Regards Niranjan On 1/25/06, Andreas Fladischer [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] i have a samba server with ldap as pdc. everything works fine and now i'm testing samba as bdc. i copied the smb.conf from the pdc to the bdc and changed the domain master = yes to no! then i stopped the smb service on the pdc and tried to login on an winxp machine and this also worked (the log file show me that the login is on the bdc)! is it possible that the users can change their passwords when the pdc isn't available or must the pdc be online?how can i do this? with best regards and thanks in advance for your answers -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba PDC - BDC | Cluster Filesystem beetwen two buildings
Hi guys, I'm new to this list. My implementation need a share point on the PDC replicated on the BDC and viceversa. This is a clustered filesystem over a slow (~1Mb) ethernet choice. I know this is not a really Samba related, but I wish someone else on this mailing have had my same needs.. Thanks Michele Castigliego -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba as BDC and getting this error NT_STATUS_NO_SUCH_USER
hey, I am getting this error after configuring samba.I have configure samba as BDC to a Win 2003 Domain Controller.I have created the same users as they are on Windows 2003 on my samba server ,now whenever any user clicks on the samba server it sees its home directories and other folders.There is no user who is getting problem,but I am not able to understand why I am getting this error. domain_client_validate: unable to validate password for user Owner in domain SUNUPDELHI to Domain controller \\SERVER1. Error was NT_STATUS_NO_SUCH_USER Thanks Regards Ankush Grover -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba As BDC???
Hi All I just wants to ask that if samba server can act as BDC for the windows 2000 PDC. Thanks for help. Regards Vishal -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba As BDC???
Hi All I just wants to ask that if samba server can act as BDC for the windows 2000 PDC. Thanks for help. Regards Vishal -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba As BDC???
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Vishal Dalsania wrote: | Hi All | | I just wants to ask that if samba server can act as BDC for the | windows 2000 PDC. Not currently. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCCf5uIR7qMdg1EfYRAjs0AJ4/0pIU4bZgZeo9xVvze6CYcv5CogCg6mAS jPzX8syf5KkWfz/2JcPFZYc= =5qRu -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba as BDC to AD Server
(Written as standalone message and not reply this time!!) Hi all This one has been puzzling me for quite a while now. I have been able to set up Samba 3 as an NT4 DC replacement, using the passdb backend. For other applications, I have run Samba and Winbind alongside a Windows Server 2003 Domain Controller and used distributed authentication across the two platforms. What I would like to do now is to use Samba in what is effectively a BDC-type role. I have read a few resources, in particular the Samba Howto Collection, which mention that this is not possible. However, I'm not giving up hope yet. If I am running Winbind successfully, I can set a Windows domain user/group as the owner of a file. If I add POSIX ACL support, then I also gain the ability to extend permissions in a Windows-ish manner. What's missing, then, is an authentication medium. In short, the Samba passdb backend is the hurdle. Am I correct in this assumption? If so, then why can we not run Samba in backend-less mode? As the user database is already distributed across onto the Samba server (by correct setup of winbind) I don't see why we need another backend at all. Sure, grab the username and password from the clients, but PAM-ify the authentication medium so we use the database already in existence. Is it possible to run Samba in this mode? Hoping someone can help. I may be totally ambitious too, I realise :) Cheers Richard -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.4 BDC LDAP Slave Problem
This is my setup, is something still wrong. Samba PDC machine with LDAP IP: ldap.master nss mapped to local ldap server(ldap.master) samba ldapsam:ldaps://ldap.server Samba BDC machine with LDAP, has openldap running locally for a backup ldap server IP: ldap.slave nss mapped to local ldap server(ldap.slave) samba ldapsam:ldaps://ldap.master ldaps://ldap.slave This setup doesn't work for me. But if I only use the local LDAP servers on each machine it does, but that does seem like its a backup server. Am I just thinking about this in the wrong way? Thanks for your help. Jason Beast wrote: Jason C. Waters wrote: passdb backend = ldapsam:ldaps://ldap.masterserver.com ldaps://ldap.slaveserver.com - this does not work This is the correct one. Make sure no other service depends on master ldap when you're bring down the master (ie nss_ldap). Also plse check the log. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.4 BDC LDAP Slave Problem
Jason C. Waters wrote: This is my setup, is something still wrong. Samba PDC machine with LDAP IP: ldap.master nss mapped to local ldap server(ldap.master) samba ldapsam:ldaps://ldap.server Samba BDC machine with LDAP, has openldap running locally for a backup ldap server IP: ldap.slave nss mapped to local ldap server(ldap.slave) samba ldapsam:ldaps://ldap.master ldaps://ldap.slave This setup doesn't work for me. But if I only use the local LDAP servers on each machine it does, but that does seem like its a backup server. Am I just thinking about this in the wrong way? Thanks for your help. Maybe ACL prevent samba to bind? try using ldapsearch -h ip_of_slave/master from samba server. Also check the LOG file, they must give you some clue. good luck. -- --beast -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.4 BDC LDAP Slave Problem
Its not an acl problem, because I can ldapsearch to both the master and the slave(local ldap server) from the BDC. The logs I'm looking at is /var/log/debug and the log.smbd. Thanks for your help! Jason Beast wrote: Jason C. Waters wrote: This is my setup, is something still wrong. Samba PDC machine with LDAP IP: ldap.master nss mapped to local ldap server(ldap.master) samba ldapsam:ldaps://ldap.server Samba BDC machine with LDAP, has openldap running locally for a backup ldap server IP: ldap.slave nss mapped to local ldap server(ldap.slave) samba ldapsam:ldaps://ldap.master ldaps://ldap.slave This setup doesn't work for me. But if I only use the local LDAP servers on each machine it does, but that does seem like its a backup server. Am I just thinking about this in the wrong way? Thanks for your help. Maybe ACL prevent samba to bind? try using ldapsearch -h ip_of_slave/master from samba server. Also check the LOG file, they must give you some clue. good luck. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.4 BDC LDAP Slave Problem
Jason C. Waters wrote: passdb backend = ldapsam:ldaps://ldap.masterserver.com ldaps://ldap.slaveserver.com - this does not work This is the correct one. Make sure no other service depends on master ldap when you're bring down the master (ie nss_ldap). Also plse check the log. -- --beast -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.4 BDC LDAP Slave Problem
I've got nss_ldap setup to look at the local ldap directory, but when I have two servers on the passwd backend line, it can't bind. It get to where it trys to bind, and then it just freezes. Any other ideas? I'm sure I had this working before. Thanks for your help Beast wrote: Jason C. Waters wrote: passdb backend = ldapsam:ldaps://ldap.masterserver.com ldaps://ldap.slaveserver.com - this does not work This is the correct one. Make sure no other service depends on master ldap when you're bring down the master (ie nss_ldap). Also plse check the log. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.4 BDC LDAP Slave Problem
I've configured samba 3.0.4 with LDAP as the backend. I've configured samba to use the ldap directory, which works fine, my problem is when I add two two servers into the smb.conf file it sees the first(master) ldap server, but if I bring that server down it takes forever for it to switch to the slave ldap server. If I place just a single ldap server, master or slave, into the smb.conf it works fine. I read somewhere about a patch? Is this the case? These are the values that I've entered into the smb.conf passdb backend = ldapsam:ldaps://ldap.masterserver.com - this works passdb backend = ldapsam:ldaps://ldap.slaveserver.com - this works passdb backend = ldapsam:ldaps://ldap.masterserver.com ldaps://ldap.slaveserver.com - this does not work passdb backend = ldapsam:ldaps://ldap.masterserver.com ldaps://ldap.slaveserver.com - this does not work passdb backend = ldapsam:ldaps://ldap.masterserver.com ldapsam:ldaps://ldap.slaveserver.com - this does not work If anyone has gotten this to work with 3.0.4, I would love a peek at your smb.conf. Thanks for any help! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC / BDC with ldapsam
On Mon, 2004-02-23 at 12:35, Cybr0t McWhulf wrote: OS / Software: PDC / Master LDAP store: - Redhat 9 - OpenLDAP 2.1.25 - Samba 3.0.0 BDC / Slave LDAP store: - Redat 9 - OpenLDAP 2.0.27-8 - Samba 3.0.2 From the Samba HOWTO Collection on www.samba.org: (Backup Domain Control) Can I Do This All with LDAP? The simple answer is yes. Samba's pdb_ldap code supports binding to a replica LDAP server, and will also follow referrals and re-bind to the master if it ever needs to make a modification to the database. (Normally BDCs are read only, so this will not occur often). That's a little vague and misleading.. as referrals are merely pointers to subtrees in an ldap directory that are stored on different ldap servers, whereas the updateref directive in slapd.conf for a slave ldap server tells connecting clients to connect to the master to make updates. Whatever. Feel free to provide a better paragraph, but I've always heard it referred to as generating a referral. (Watch out that the average admin doesn't know nor care about the semantic difference, and we should not baffle them in the quest for perfect correctness). Recently I set up a BDC on a slave ldap server on a remote network connected to the local network via wan. Authentication works great, however, in testing I tried to change my password on a remote windows client, and got a return error of Unable to change password: MYDOMAINNAME Domain is unavailable, or something to that degree. The windows client is trying to find the PDC (in netbios) Upon reviewing the slave ldap logs, I saw samba searching for objectClass=referral, then objectClass=*, before returning the failure error to the client. I think this is just the ldap libs, and unrelated. For password changes, the BDC is not contacted. Now, admittedly, I have the BDC configured as a BDC, when due to the wan, it is unable to find the PDC. (I have read a couple methods of making this possible without fully allowing netbios to broadcast through network segments, but have yet to test or impliment). You should configure your remote server as a netbios PDC. However, I would think that if it were trying to contact the PDC, it would not be searching it's local backend for referrals. I think this is unrelated. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba PDC BDC
OK - I'm actually functioning but I'm afraid and I want to fill in a knowledge gap - perhaps a slight gap in the How-To Book or my ability to soak in its' wisdom. LDAP up and working on two machines, master slave and changes made in master can be found by ldapsearch on slave faster than two up arrows and a return (gosh, it only took me 10 days but the light bulb has definitely lit). Two Linux systems PDC - Linux2 - also is LDAP master BDC - Linux1 - also is LDAP slave smbpasswd -w PASSWORD puts binddn password into secrets.tdb Machine is added to domain, no problem right, because PDC fields this whereas BDC handles most of logon chores. What if PDC/LDAP is offline? Doesn't Machine Add then get added to slave LDAP? How about if user changes his password? Do I really want the secrets.tdb to have rootdn PASSWORD? Shouldn't this be a non-rootdn in the BDC's smb.conf with only sufficient access to see sambaNTPassword sambaLMPassword with read only and no write privileges to anything? I.E. PDC down, no password changes, no new machine accounts. Craig -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] samba PDC BDC
-Original Message- snip Machine is added to domain, no problem right, because PDC fields this whereas BDC handles most of logon chores. What if PDC/LDAP is offline? Doesn't Machine Add then get added to slave LDAP? How about if user changes his password? Do I really want the secrets.tdb to have rootdn PASSWORD? Shouldn't this be a non-rootdn in the BDC's smb.conf with only sufficient access to see sambaNTPassword sambaLMPassword with read only and no write privileges to anything? I.E. PDC down, no password changes, no new machine accounts. Craig Craig, Usually, it's recommended you set the binddn to something other than root, but with priviledges that can modify anything needed (even on the PDC). In a BDC situation, that user canNOT have access to modify anything (and will be required to be set as the updatedn in the slapd.conf anyways, if it's a replication slave). Cheers, Clint -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba for bdc
can i set samba to be BDC for Winnt PDC and what kind manual i must read, and second how to set join use authentick with samba . thank's -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba as BDC in NT domain
On Fri, 2002-11-22 at 09:45, Robert Adkins wrote: Chris, I believe the issue is relating more to the SID (Security IDs) that are also transferred for both user and computers. I don't believe that dumping the NT SAM into a smbpasswd file would really do the trick as it wouldn't include the SID information. (Unless I am seriously mistaken.) Correct, you cannot correctly represent this information in smbpasswd. However, ldapsam and tdbsam both allow you, in Samba 3.0, to store an arbitrary RID per user. The new command 'net rpc vampire' is designed for exactly this purpose, and functions correctly for NT4 domains. It does not currently correctly extract passwords for some Win2k domains. We do not currently support the 'incremental' mode for replication, only 'one shot', which makes it less suitable for BDC use. What you are suggesting sounds like it would work simply for creating a Samba server within a Windows NT Domain that uses the domain controller to pull its list of users and accounts. You would still need to create all of the groups in the *NIX/Linux/*BSD groups file and set all the permissions on the drives. I am unfamiliar with being able to dump the NT group information into a text file. You need all the 'add user script' and 'add group script' stuff setup in your smb.conf before you run the command, and this should correctly populate the group mapping tdb. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part
RE: [Samba] Samba as BDC in NT domain
I have only read that Samba is able to act as a BDC for another Samba PDC system. It is unable to act as a BDC for a Windows PDC due to the secreted method that Microsoft uses to transfer the SAM data to other Domain Controllers. Regards, Robert Adkins II IT Manager/Buyer Impel Industries, Inc. Ph. 586-254-5800 Fx. 586-254-5804 -Original Message- From: Pasi Holmström [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 20, 2002 3:14 PM To: [EMAIL PROTECTED]; Robert Adkins Subject: [Samba] Samba as BDC in NT domain I have this problem: there is a subnet 192.168.6.0/24 and the gateway is 192.168.6.1 which has also another nic 172.21.13.123 which belongs to subnet 172.21.13.0 where the PDC of NT-domain is. GW does NAT and it causes that computers/users in subnet 192.168.6.0 cant logon to NT-domain. Is it possible to put Samba in GW machine so that it can be a backup domain controller in NT-domain and it uses username:passwd combinations from PDC and login becames possible? If so, how can it be done? pasi h -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba as BDC in NT domain
I am trying to work out a work around for this...I have used PWDUMP to extract the NT SAM into a smbpasswd file. Theoretically..one could write a script that would then parse that file and run useradd -u RID to create the local accountsI have done it manually and it works very well (there is some issue with the groups, but I guess that is a secondary battle) what I would like to do is just circumvemt the need for the local users and pull the password from the smbpasswd...but as I write this I think the reason samba needs a local account for local authentication is the groups.. -Original Message- From: Robert Adkins [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 21, 2002 2:55 PM To: Pasi Holmström; [EMAIL PROTECTED] Subject: RE: [Samba] Samba as BDC in NT domain I have only read that Samba is able to act as a BDC for another Samba PDC system. It is unable to act as a BDC for a Windows PDC due to the secreted method that Microsoft uses to transfer the SAM data to other Domain Controllers. Regards, Robert Adkins II IT Manager/Buyer Impel Industries, Inc. Ph. 586-254-5800 Fx. 586-254-5804 -Original Message- From: Pasi Holmström [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 20, 2002 3:14 PM To: [EMAIL PROTECTED]; Robert Adkins Subject: [Samba] Samba as BDC in NT domain I have this problem: there is a subnet 192.168.6.0/24 and the gateway is 192.168.6.1 which has also another nic 172.21.13.123 which belongs to subnet 172.21.13.0 where the PDC of NT-domain is. GW does NAT and it causes that computers/users in subnet 192.168.6.0 cant logon to NT-domain. Is it possible to put Samba in GW machine so that it can be a backup domain controller in NT-domain and it uses username:passwd combinations from PDC and login becames possible? If so, how can it be done? pasi h -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba as BDC in NT domain
Chris, I believe the issue is relating more to the SID (Security IDs) that are also transferred for both user and computers. I don't believe that dumping the NT SAM into a smbpasswd file would really do the trick as it wouldn't include the SID information. (Unless I am seriously mistaken.) What you are suggesting sounds like it would work simply for creating a Samba server within a Windows NT Domain that uses the domain controller to pull its list of users and accounts. You would still need to create all of the groups in the *NIX/Linux/*BSD groups file and set all the permissions on the drives. I am unfamiliar with being able to dump the NT group information into a text file. Regards, Robert Adkins II IT Manager/Buyer Impel Industries, Inc. Ph. 586-254-5800 Fx. 586-254-5804 -Original Message- From: Chris McKeever [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 21, 2002 4:18 PM To: Robert Adkins; Pasi Holmström; [EMAIL PROTECTED] Subject: RE: [Samba] Samba as BDC in NT domain I am trying to work out a work around for this...I have used PWDUMP to extract the NT SAM into a smbpasswd file. Theoretically..one could write a script that would then parse that file and run useradd -u RID to create the local accountsI have done it manually and it works very well (there is some issue with the groups, but I guess that is a secondary battle) what I would like to do is just circumvemt the need for the local users and pull the password from the smbpasswd...but as I write this I think the reason samba needs a local account for local authentication is the groups.. -Original Message- From: Robert Adkins [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 21, 2002 2:55 PM To: Pasi Holmström; [EMAIL PROTECTED] Subject: RE: [Samba] Samba as BDC in NT domain I have only read that Samba is able to act as a BDC for another Samba PDC system. It is unable to act as a BDC for a Windows PDC due to the secreted method that Microsoft uses to transfer the SAM data to other Domain Controllers. Regards, Robert Adkins II IT Manager/Buyer Impel Industries, Inc. Ph. 586-254-5800 Fx. 586-254-5804 -Original Message- From: Pasi Holmström [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 20, 2002 3:14 PM To: [EMAIL PROTECTED]; Robert Adkins Subject: [Samba] Samba as BDC in NT domain I have this problem: there is a subnet 192.168.6.0/24 and the gateway is 192.168.6.1 which has also another nic 172.21.13.123 which belongs to subnet 172.21.13.0 where the PDC of NT-domain is. GW does NAT and it causes that computers/users in subnet 192.168.6.0 cant logon to NT-domain. Is it possible to put Samba in GW machine so that it can be a backup domain controller in NT-domain and it uses username:passwd combinations from PDC and login becames possible? If so, how can it be done? pasi h -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba as BDC in NT domain
I have this problem: there is a subnet 192.168.6.0/24 and the gateway is 192.168.6.1 which has also another nic 172.21.13.123 which belongs to subnet 172.21.13.0 where the PDC of NT-domain is. GW does NAT and it causes that computers/users in subnet 192.168.6.0 cant logon to NT-domain. Is it possible to put Samba in GW machine so that it can be a backup domain controller in NT-domain and it uses username:passwd combinations from PDC and login becames possible? If so, how can it be done? pasi h -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba as BDC in windows domain?
I've been reading about setting up Samba as a PDC with LDAP storage. However if I am to do this it needs to co-exist with the exisitng windows NT domain using windows NT PDC's. Everything I've read so far says you can't have a Samba BDC unless it's in a Samba PDC controlled domain. Is this correct? Is there *any_possible_way* of having a Samba BDC get SAM updates from a windows NT PDC ? If not, is there any other way to sync an OpenLDAP server against a NT PDC ? Paul -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba as BDC
On Fri, 19 Apr 2002, Kristyan Osborne wrote: Hi, Is it possible to make samba act as a BDC yet?? In a purely Samba controlled domain, yes. In a Windows domain (interacting with Windows DC's), no. There's information abotu this in the Samba-HOWTO-Collection.pdf file. jerry - Hewlett-Packard http://www.hp.com SAMBA Team http://www.samba.org --http://www.plainjoe.org Sam's Teach Yourself Samba in 24 Hours 2ed. ISBN 0-672-32269-2 --I never saved anything for the swim back. Ethan Hawk in Gattaca-- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba as BDC
Hi, Is it possible to make samba act as a BDC yet?? Cheers - Kristyan Osborne IT Assistant Manager Longhill High School -- Computers are like airconditioners: They stop working properly if you open windows. Win95: A 32-bit patch for a 16-bit GUI shell running on top of an 8-bit operating system written for a 4-bit processor by a 2-bit company who cannot stand 1 bit of competition. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba