Re: [Samba] migrated from samba tdbsam to ldapsam and now some strange errors.
ok, i found a solution... cp your profile to user.bak, delete the contents of user smbldap-userdel user smbldap-useradd -a -P user logon again, copy over your desktop files thats working for me. thanks anyeay. have a nice day juergen. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] migrated from samba tdbsam to ldapsam and now some strange errors.
Hi, i finally made it working to logon via ldap and roaming profiles... but a new problem is in front of me. i logged in as user already in db, all data is loaded from the roaming profile. but windows complains about securtiy settings (they are risky) in internet explorer, also i have u.s keyboard layout i dont' need. there are also error messages regarding mapping via net use. the saved connectioned could not be restored, the stored state wasn't touched. could you tell me what i have to fix now? domain SID is the same as the old tbsam domain SID, thats what i checked now. germany keyboard layout is changeable via system settings, but the internet explorer security settings are not resetable as it seems. i read about that ntuser.dat may cause this. i also renamed it to ntuser.bak, but i doesnt get created after a user logs out. thanks for your advice juergen. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] migrated from samba tdbsam to ldapsam and now some strange errors.
Am 08.08.2011 16:14, schrieb J. Echter: Hi, i finally made it working to logon via ldap and roaming profiles... but a new problem is in front of me. i logged in as user already in db, all data is loaded from the roaming profile. but windows complains about securtiy settings (they are risky) in internet explorer, also i have u.s keyboard layout i dont' need. there are also error messages regarding mapping via net use. the saved connectioned could not be restored, the stored state wasn't touched. could you tell me what i have to fix now? domain SID is the same as the old tbsam domain SID, thats what i checked now. germany keyboard layout is changeable via system settings, but the internet explorer security settings are not resetable as it seems. i read about that ntuser.dat may cause this. i also renamed it to ntuser.bak, but i doesnt get created after a user logs out. thanks for your advice juergen. another thing i think could cause this, userid's seem to have changed. i have had added some usere to remote users group, but those are not found anymore, sid was the same but user id has changed. so i had to readd them. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] migrated from samba tdbsam to ldapsam and now some strange errors.
Am 08.08.2011 16:14, schrieb J. Echter: germany keyboard layout is changeable via system settings, but the internet explorer security settings are not resetable as it seems. i have experienced that if i change the keyboard layout, it isn't saved, beacause on next login, all is as it was before. i could cry :) cheers. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] tdbsam.
On Sat, Jul 25, 2009 at 12:10 PM, Volker Lendecke volker.lende...@sernet.de wrote: On Sat, Jul 25, 2009 at 09:49:55AM -0400, Charles Marcus wrote: On 7/24/2009, John H Terpstra - Samba Team (j...@samba.org) wrote: As an FYI, I am using Samba-3.2.4, idmap_rid with tdbsam as backend for about 3 years with 2000 users on member server configuration authenticating AD 2003. Occasionally I had db corrupt issues, but restarting winbind resolved most of the times. No argument with that statement - agreed. Is it common to have occasional db corruption? And is simply restarting winbind the proper way to fix it? What if it doesn't? What kind of db corruption do you have? This is certainly not common, and restarting winbind is a very unusual way to fix that. Volker -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkprLnUACgkQbsgDfmnSbrZYXQCgh8uuAA5O4T3BzTwyxgD9dQlg Tt4AniqNeA0StVxwaloxyVv/CCt4584Z =mv0E -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba I dont know about other distros, but it certainly happens on Redhat Enterprise and their KB says its a known problem. So I far I am able to live up with occasional winbind restarts, but eventually I wanted to move to ldap backend. When I implemenetd samba years back(3.0.x), ldap backend would not support id mapping for trusted domains. http://kbase.redhat.com/faq/docs/DOC-4842 TDB file corruption is a known problem with Samba, which is difficult or impossible to prevent from occuring. When winbind's TDB files become corrupted, it is often necessary to stop the winbind service, delete winbind-specific TDB files in /var/cache/samba, and start the winbind service back up to re-generate a new idmap. Let me know what you think. ~LA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] tdbsam.
On Tue, Jul 28, 2009 at 10:18:43AM -0400, Linux Addict wrote: I dont know about other distros, but it certainly happens on Redhat Enterprise and their KB says its a known problem. With the next version Samba 99% of these problems should go away. At least the idmap cache problems are fixed, see for example Samba bug 5105, the idmap cache moved to gencache.tdb, and this is now protected by transactions. If you need it, contact RedHat to port the relevant patches back to a version supported by them. What I still don't get though is how a winbind restart would help with a corrupt passdb.tdb. Volker signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] tdbsam.
On 7/25/2009 12:10 PM, Volker Lendecke wrote: As an FYI, I am using Samba-3.2.4, idmap_rid with tdbsam as backend for about 3 years with 2000 users on member server configuration authenticating AD 2003. Occasionally I had db corrupt issues, but restarting winbind resolved most of the times. No argument with that statement - agreed. Is it common to have occasional db corruption? And is simply restarting winbind the proper way to fix it? What if it doesn't? What kind of db corruption do you have? This is certainly not common, and restarting winbind is a very unusual way to fix that. I'm not... I was responding to Johns response to the OP about having occasional corrupt db issues - Johns said 'No argument - agreed'... -- Best regards, Charles -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] tdbsam.
On 7/24/2009, John H Terpstra - Samba Team (j...@samba.org) wrote: As an FYI, I am using Samba-3.2.4, idmap_rid with tdbsam as backend for about 3 years with 2000 users on member server configuration authenticating AD 2003. Occasionally I had db corrupt issues, but restarting winbind resolved most of the times. No argument with that statement - agreed. Is it common to have occasional db corruption? And is simply restarting winbind the proper way to fix it? What if it doesn't? The reason I'm asking is I am planning on replacing an older Win2K DC with a Samba server for a small network... but I want the simplest and most reliable setup, so would prefer to avoid LDAP... -- Best regards, Charles -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] tdbsam.
On Sat, Jul 25, 2009 at 09:49:55AM -0400, Charles Marcus wrote: On 7/24/2009, John H Terpstra - Samba Team (j...@samba.org) wrote: As an FYI, I am using Samba-3.2.4, idmap_rid with tdbsam as backend for about 3 years with 2000 users on member server configuration authenticating AD 2003. Occasionally I had db corrupt issues, but restarting winbind resolved most of the times. No argument with that statement - agreed. Is it common to have occasional db corruption? And is simply restarting winbind the proper way to fix it? What if it doesn't? What kind of db corruption do you have? This is certainly not common, and restarting winbind is a very unusual way to fix that. Volker signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] tdbsam.
The documentation says As a general guide, the Samba Team does not recommend using the tdbsam backend for sites that have 250 or more users. Since we moved default passbd backend to tdbsam, does that statements still holds true. As an FYI, I am using Samba-3.2.4, idmap_rid with tdbsam as backend for about 3 years with 2000 users on member server configuration authenticating AD 2003. Occasionally I had db corrupt issues, but restarting winbind resolved most of the times. I am planning an upgrade to 4. Please someone confirm me on if tdbsam is improved to hold huge no. of objects. ~LA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] tdbsam.
On 07/24/2009 03:03 PM, Linux Addict wrote: The documentation says As a general guide, the Samba Team does not recommend using the tdbsam backend for sites that have 250 or more users. Since we moved default passbd backend to tdbsam, does that statements still holds true. I have to claim responsibility for that statement! Mea Culpa. The statement ins the HOWTO was never intended to reflect on the technical ability, or otherwise, of the tdbsam but rather a fact that there are not many locations that have more than 250 users in a single network location. If your network users are spread across multiple physical location it is mostly desirable to have more than just a single PDC. It is a simple fact that the tdbsam passdb backend is not able to support a PDC and BDCs - for that it is necessary to use ldapsam. Many sites have installed thousands of users with a tdbsam without any problem. The tdbsam passdb backend is full up to the task. It just can not be conveniently used with BDCs. As an FYI, I am using Samba-3.2.4, idmap_rid with tdbsam as backend for about 3 years with 2000 users on member server configuration authenticating AD 2003. Occasionally I had db corrupt issues, but restarting winbind resolved most of the times. No argument with that statement - agreed. I am planning an upgrade to 4. Please someone confirm me on if tdbsam is improved to hold huge no. of objects. ~LA - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] tdbsam.
Hallo, John, Du meintest am 24.07.09: The statement ins the HOWTO was never intended to reflect on the technical ability, or otherwise, of the tdbsam but rather a fact that there are not many locations that have more than 250 users in a single network location. Sorry - there are. In many schools there is running a schoolserver, at least in germany most times a linux server. It has often much more than 500 users (and more than 200 clients). tdbsam can manage those installations. Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] tdbsam allow users to change password without notice!!!
I use tdbsam . I use pdbedit -P password hisotry -C 3 pdbedit -P min password length -C 5 -P maximum password age -C 7776000 (90 days) -P minimum password age -C 6912000 (80 days) -P user must logon to change password -C 2 (on) So my passwords need to be changed every 90 days and user can change it after 80 days . I use this policies 6months and everything was ok. Windows xp users after logon was informed that they must chang password for xx days and they can change it after 80 days. But after changing time from winter to summer pdbedit work very strange!! Today I have discover terrible thing. pdbedit -Lv show me that every user changed password but windows doesn't show any notice about password change !!! The worst think is that password history doesn't worked and allow all users to write down the same password!! Nobody even know that change his own password because windows doesnt' show any notice, any window !!! They normally login as everyday do but pdbedit changed password last set entry to today date !!! Pdbedit -Lv shows that password was set eg today and next time they can change passord for 80 days But password is the same !!! PLEASE HELP!!! What should I do to force samba and pdbedit to change passwords correct and force to admonish password history !!!?? Unix username:fujitsu NT username: Account Flags:[U ] User SID: S-1-5-21-2794518228-724393910-221713885-2114 Primary Group SID:S-1-5-21-2794518228-724393910-221713885-513 Logon time: 0 Logoff time: never Kickoff time: 0 Password last set:Śr, 02 IV 2008 12:52:38 CEST Password can change: So, 21 VI 2008 12:52:38 CEST Password must change: Wt, 01 VII 2008 12:52:38 CEST Last bad password : 0 Bad password count : 0 Logon hours : 00807F00807F00807F00807F00807F My smb.conf [global] workgroup = geodezja server string = Samba Server %v interfaces = eth2 lo 10.10.10.1 bind interfaces only = Yes ; encrypt passwords = Yes update encrypted = Yes ; client plaintext auth = Yes log level = 2 vfs:3 auth:2 passdb:3 log file = /var/log/samba/%U.%m.log ; max log size = 5000 socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 # DRUKOWANIE printer admin = root,@domadm load printers = yes printing = cups cups options = raw logon script = %G.CMD logon path = logon home = domain logons = yes os level = 128 preferred master = yes domain master = yes ; local master = yes remote browse sync = none remote announce = none dns proxy = No wins support = yes name resolve order = wins bcast host lmhosts hosts allow = 10.10.10.1/255.255.255.0 ; unix password sync = no security = user ; password level = 0 ; null passwords = no ; deadtime = 0 ; map to guest = never create mask = 0777 nt acl support = no time server = yes ; enable privileges = yes passdb backend = tdbsam username map = /etc/samba/smbusers Cracow Screen Festival (CSF) Kraków, 2-4 maja 2008 Koncerty oraz sztuka videografii w przestrzeni miejskiej! Bryan Ferry, Underworld, The Raveonettes, Mattafix http://klik.wp.pl/?adr=http%3A%2F%2Fcorto.www.wp.pl%2Fas%2Fkrakow_festiwal.htmlsid=296 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] tdbsam info
As I understood it he should be authenticating the logon using the windows server (active directory) and not storing users and passwords locally (on the linux box). I didn't recognize the tdbsam entry in the config file though. If what I have said is true, do I still need to enable the account? If so, how? Thanx! -Original Message- From: Gary Dale [mailto:[EMAIL PROTECTED] Sent: Monday, December 18, 2006 4:58 PM To: Tim Gessner; [EMAIL PROTECTED] Subject: Re: [Samba] tdbsam info As a new user, did you enable his account? My usual advice is to use SWAT for this. :) Tim Gessner wrote: I am trying to support our network while the 'IT' guy is on vacation. I have set up samba before, but it has been a few years so I'm very rusty. The problem is a logon failure for a new user. The smb.conf file has workgroup = DELTA server string = File Server security = DOMAIN obey pam restrictions = Yes password server = delta.deltacompsys.com passdb backend = tdbsam passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* . I am not familiar with tdbsam. Can anyone point me to some documentation or give me the 5 second overview? Where do I go to debug this problem? The logon works fine for Windows, just fails with samba. This is running on a debian distro. Thanx! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] tdbsam info
I believe that the Windows server validates the username/password combination. However, the SWAT help file has this to say about security = domain: /Note/ that a valid UNIX user must still exist as well as the account on the Domain Controller to allow Samba to have a valid UNIX account to map file access to. // I believe this would imply that the account needs to be enabled on your Samba server. To do this through SWAT, just click on the PASSWORD icon, enter the user name and click on Enable User (assuming you have added the user). The tdbsam is the default Samba database for mapping Windows to Unix accounts. The user has be in the database and enabled. Tim Gessner wrote: As I understood it he should be authenticating the logon using the windows server (active directory) and not storing users and passwords locally (on the linux box). I didn't recognize the tdbsam entry in the config file though. If what I have said is true, do I still need to enable the account? If so, how? Thanx! -Original Message- From: Gary Dale [mailto:[EMAIL PROTECTED] Sent: Monday, December 18, 2006 4:58 PM To: Tim Gessner; [EMAIL PROTECTED] Subject: Re: [Samba] tdbsam info As a new user, did you enable his account? My usual advice is to use SWAT for this. :) Tim Gessner wrote: I am trying to support our network while the 'IT' guy is on vacation. I have set up samba before, but it has been a few years so I'm very rusty. The problem is a logon failure for a new user. The smb.conf file has workgroup = DELTA server string = File Server security = DOMAIN obey pam restrictions = Yes password server = delta.deltacompsys.com passdb backend = tdbsam passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* . I am not familiar with tdbsam. Can anyone point me to some documentation or give me the 5 second overview? Where do I go to debug this problem? The logon works fine for Windows, just fails with samba. This is running on a debian distro. Thanx! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] tdbsam info
I am trying to support our network while the 'IT' guy is on vacation. I have set up samba before, but it has been a few years so I'm very rusty. The problem is a logon failure for a new user. The smb.conf file has workgroup = DELTA server string = File Server security = DOMAIN obey pam restrictions = Yes password server = delta.deltacompsys.com passdb backend = tdbsam passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* . I am not familiar with tdbsam. Can anyone point me to some documentation or give me the 5 second overview? Where do I go to debug this problem? The logon works fine for Windows, just fails with samba. This is running on a debian distro. Thanx! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] tdbsam info
As a new user, did you enable his account? My usual advice is to use SWAT for this. :) Tim Gessner wrote: I am trying to support our network while the 'IT' guy is on vacation. I have set up samba before, but it has been a few years so I'm very rusty. The problem is a logon failure for a new user. The smb.conf file has workgroup = DELTA server string = File Server security = DOMAIN obey pam restrictions = Yes password server = delta.deltacompsys.com passdb backend = tdbsam passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* . I am not familiar with tdbsam. Can anyone point me to some documentation or give me the 5 second overview? Where do I go to debug this problem? The logon works fine for Windows, just fails with samba. This is running on a debian distro. Thanx! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] tdbsam +Windows 2k/XP Change Password
El Lunes, 28 de Agosto de 2006 16:59, [EMAIL PROTECTED] escribió: unix password sync = Yes unix password sync = no at the moment to my I work myself -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] tdbsam +Windows 2k/XP Change Password
Hi there guys. I've been able to set up a samba domain as a PDC using tdbsam profiles seems to work fine, users can login to the domain and so on. The problem that I found is that I do not know how to set it up to allow users to change their password from the Windows Boxes. The get, you have not permission to change you password. Allow me to post my configurtation and some loggin.. With pam password change = yes check_ntlm_password: authentication for user [decoder] - [decoder] - [decoder] succeeded [2006/08/21 19:48:09, 0] lib/username.c:map_username(128) can't open username map /etc/samba/smbusers. Error No such file or directory [2006/08/21 19:48:09, 0] auth/pampass.c:smb_pam_chauthtok(692) PAM: UNKNOWN PAM ERROR (19) for User: decoder [2006/08/21 19:48:09, 2] auth/pampass.c:smb_pam_error_handler(73) smb_pam_error_handler: PAM: Password Change Failed : Conversation error [2006/08/21 19:48:09, 0] auth/pampass.c:smb_pam_passchange(848) smb_pam_passchange: PAM: Password Change Failed for user decoder! [2006/08/21 19:48:09, 0] lib/username.c:map_username(128) can't open username map /etc/samba/smbusers. Error No such file or directory [2006/08/21 19:48:09, 0] auth/pampass.c:smb_pam_chauthtok(692) PAM: UNKNOWN PAM ERROR (19) for User: decoder [2006/08/21 19:48:09, 2] auth/pampass.c:smb_pam_error_handler(73) smb_pam_error_handler: PAM: Password Change Failed : Conversation error [2006/08/21 19:48:09, 0] auth/pampass.c:smb_pam_passchange(848) smb_pam_passchange: PAM: Password Change Failed for user decoder! [2006/08/21 19:48:09, 0] lib/username.c:map_username(128) can't open username map /etc/samba/smbusers. Error No such file or directory [2006/08/21 19:48:09, 0] auth/pampass.c:smb_pam_chauthtok(692) PAM: UNKNOWN PAM ERROR (19) for User: decoder [2006/08/21 19:48:09, 2] auth/pampass.c:smb_pam_error_handler(73) smb_pam_error_handler: PAM: Password Change Failed : Conversation error [2006/08/21 19:48:09, 0] auth/pampass.c:smb_pam_passchange(848) smb_pam_passchange: PAM: Password Change Failed for user decoder! [2006/08/21 19:48:09, 0] lib/username.c:map_username(128) can't open username map /etc/samba/smbusers. Error No such file or directory [2006/08/21 19:48:09, 0] auth/pampass.c:smb_pam_chauthtok(692) PAM: UNKNOWN PAM ERROR (19) for User: decoder [2006/08/21 19:48:09, 2] auth/pampass.c:smb_pam_error_handler(73) smb_pam_error_handler: PAM: Password Change Failed : Conversation error [2006/08/21 19:48:09, 0] auth/pampass.c:smb_pam_passchange(848) smb_pam_passchange: PAM: Password Change Failed for user decoder! [2006/08/21 19:49:10, 0] printing/print_cups.c:cups_cache_reload(85) Without pam password change = yes check_ntlm_password: authentication for user [decoder] - [decoder] - [decoder] succeeded [2006/08/21 19:50:19, 0] lib/username.c:map_username(128) can't open username map /etc/samba/smbusers. Error No such file or directory [2006/08/21 19:50:21, 2] smbd/chgpasswd.c:expect(281) expect: Success [2006/08/21 19:50:21, 0] lib/username.c:map_username(128) can't open username map /etc/samba/smbusers. Error No such file or directory [2006/08/21 19:50:24, 2] smbd/chgpasswd.c:expect(281) expect: Success [2006/08/21 19:50:24, 0] lib/username.c:map_username(128) can't open username map /etc/samba/smbusers. Error No such file or directory [2006/08/21 19:50:26, 2] smbd/chgpasswd.c:expect(281) expect: Success [2006/08/21 19:50:26, 0] lib/username.c:map_username(128) can't open username map /etc/samba/smbusers. Error No such file or directory [2006/08/21 19:50:28, 2] smbd/chgpasswd.c:expect(281) expect: Success under /etc/pam.d/ the file samba contains: @include common-auth @include common-account @include common-session common-auth authrequiredpam_unix.so nullok_secure common-session session requiredpam_unix.so common-account account requiredpam_unix.so [global] # Nombre del servidor. workgroup = NETWARRIOR # Nombre de la maquina. netbios name = SUSE10-SLESX64 server string = MIEM PDC Server smb ports = 139 printing = cups printcap name = cups printcap cache time = 750 cups options = raw printer admin = @ntadmin, root, administrator username map = /etc/samba/smbusers map to guest = Never logon path = \\%L\profiles\%U logon home = \\%L\%U logon drive = P: logon script = netlogon\logon.bat interfaces = eth0, lo # Si tiene mas de una interfase y una esta conectada a internet # le decimos que escuche y acepte peticiones solo en esta interfases. bind interfaces only = Yes passdb backend = tdbsam pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Ingrese*Nueva*Clave* %n\n *Re-Ingrese*Nueva*Clave*%n\n*Clave*Modificada* ;username map = /etc/samba/smbusers unix password sync = Yes log file = /var/log/samba/%m log level = 2 syslog = 0
[Samba] tdbsam to LDAP
Hi All, I've found a script for migrating posix accounts to LDAP but does anyone know of a script for migrating tdbsam to LDAP? Cheers, Julian -- J. Pilfold-Bagwell Borden Grammar School Avenue of Remembrance Sittingbourne Kent ME10 4DB (+44) 1795 424192 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] tdbsam to LDAP
I think you'll find the answer in either the howto collection or Samba by example (both at www.samba.org). Sorry, but I don't have time to look it up. :) J. Pilfold-Bagwell wrote: Hi All, I've found a script for migrating posix accounts to LDAP but does anyone know of a script for migrating tdbsam to LDAP? Cheers, Julian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] tdbsam to LDAP
Hi All, I've found a script for migrating posix accounts to LDAP but does anyone know of a script for migrating tdbsam to LDAP? Cheers, Julian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] tdbsam to LDAP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 J. Pilfold-Bagwell wrote: Hi All, I've found a script for migrating posix accounts to LDAP but does anyone know of a script for migrating tdbsam to LDAP? See pdbedit -i ... -e cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFEopiWIR7qMdg1EfYRAvfpAJ9kjpm6pUwmTgX0zFz4WE/BYLdI7gCeIKiL GD1GfOko3sNDrC7DEUOByVk= =7zNP -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] tdbsam Question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Eric Hines wrote: Dumb question time; I can't find the answer in the Samba-3 or HOWTO docs: how do you add users to the passdb.tdb (tdbsam's db)? Is pdbedit the only way? I ask because the Chapt 3 Samba-3 example has passdb = tdbsam in the samba config file, but the instructions for adding users are to use useradd and smbpasswd, which leave passdb.tdb empty (except for root--I have no idea how that got in there). Both smbpasswd -a and pdbedit -a will work with tdbsam. cheer,s jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org Centeris --- http://www.centeris.com There's an anonymous coward in all of us. --anonymous -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDu/i2IR7qMdg1EfYRApiWAJ9o/1UkIUEslFCVoRSfoMe2JMSNNQCg2HiB YbZoVqVAvO6LTPszKgi32yg= =U0n7 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] tdbsam Question
Dumb question time; I can't find the answer in the Samba-3 or HOWTO docs: how do you add users to the passdb.tdb (tdbsam's db)? Is pdbedit the only way? I ask because the Chapt 3 Samba-3 example has passdb = tdbsam in the samba config file, but the instructions for adding users are to use useradd and smbpasswd, which leave passdb.tdb empty (except for root--I have no idea how that got in there). Thanks Eric Hines There is no nonsense so errant that it cannot be made the creed of the vast majority by adequate governmental action. --Bertrand Russell -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] tdbsam - can't connect if the password is 16 characters long
Hello I've set up a Samba server as a PDC using a tdbsam backend. I first tried to access the shares with the usernames/passwords of the domain users I created, everything was OK (well almost, I'll post another one on this). Then I tried to join the domain with a PC and had errors account not found, or something like that. This was on Windows XP SP2. I tried to mount a access a share as root but it wouldn't connect, as if the password wasn't good. I tried this on Windows XP SP2, Windows 2000 SP4, and Windows NT4 SP6. Then I did a pdbedit -Lw to see what the password hashes looked like and noticed than root had 32 X characters in the LANMAN hash, meaning account disabled according to man. I tried smbpasswd -e root with no effect. Then I tried to change the password from 16 characters long to 8 characters long and it worked. I've for now just moved two PC to the new domain, if I do a pdbedit -Lw I see 32 X in their LANMAN hashes and no problem so far. Is there a limitation in the length of the password ? Where does this problem comes from ? Thanks in advance -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] tdbsam - can't connect if the password is 16 characters long
Some precisions: - the 32 X appear for a 15 and above password length - I'm using Debian Sarge and the 3.0.20b .deb found on samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] tdbsam
Does anyone know if the tdbsam database gets updated when a user changes her password through the passwd script? In the old smbpasswd file in samba 2.x there was a pam module pam_smbpasswd.so doing this job. Thanks in advance Dimitrios Karapiperis -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] tdbsam (local) to ldap (tdbldap) backend migration causes pam restrictions not to work anymore?
Hi, I am using samba 3.0.10 on Debian and have had my users in tdbsam backend untill now. They have had the ability to change their unix password along with samba password and besides that I was able to apply some PAM restrictions to the users password strength via pam_cracklib.so library. I have now moved the users into ldap and auth works ok, but I cannot change users password and still have the password restrictions set (or can I)? My previous setup was like this: smb.conf: encrypt passwords = yes obey pam restrictions = yes passwd chat debug = yes smb passwd file = /etc/samba/smbpasswd unix password sync = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* /etc/pam.d/samba: auth requiredpam_unix.so nullok accountrequiredpam_unix.so sessionrequiredpam_unix.so password required pam_cracklib.so minlen=20 ocredit=5 ucredit=3 dcredit=3 lcredit=1 password requiredpam_unix.so Now I have changed the part in smb.conf to be like this: passwd program = /usr/bin/ldappasswd -D cn=root,dc=neonatus,dc=net -x -w 'password_for_root_user' -S uid=%u,ou=People,dc=neonatus,dc=net passwd chat = *New*password*%n\n*new*password*%n\n I can however use the ldap password sync = yes and users can change passwords than, but again no pam restriction is applied (no restriction but password length). What I would need to have is: - remember 5 last passwords - have the ability to force use of letters and numbers in passwords - force minimal length. I can do the last, but don't know how to force the other . I would appreciate any help. Regards, Bostjan -- buhdej evridej -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] tdbsam (local) to ldap (tdbldap) backend migration causespam restrictions not to work anymore?
What I would need to have is: - remember 5 last passwords - have the ability to force use of letters and numbers in passwords - force minimal length. Read the man pages for pdbedit. You will be able to do 2 of the 3 using pdbedit. The force use of strong passwords isn't implemented yet although I believe(don't quote me) they will be adding that feature in later releases. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] tdbsam and variables
This is a known problem. At this time there is no way to do what you are trying to do. Thank you very much for the clarification. I really appreciate this. Can we work around this known problems with login scripts/ preexec scripts? Are the variables supported in these scripts? Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] tdbsam and variables
Not quite! The smb.conf setting is used in creating the user account entry in tdbsam. Yes, I forgot this one. But when adding a user I end up with entries like the following: Profile Path: \\myserver\myuser\.profile.UNKNOWN\profile.pds This is not really useful, is it? And when I correct it to be Profile Path: \\myserver\myuser\.profile.%a\profile.pds .profile.%a folders are created. Not very useful either. I've just the feeling that with tdbsam (and ldapsam?) we have lost all the dynamic features (%H, %u, %L, etc.). Can anybody confirm this or am I wrong? And why isn't there a fall back to the settings in smb.conf when something is not defined in tdbsam? This would be really helpful. Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] tdbsam and variables
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Marc Petitmermet wrote: | Dear List Members | | We are trying to setup samba PDC with tdbsam backend. | | First question: When Home Directory is not set in tdbsam | does samba just use the setting of logon home in smb.conf? | And when it's set does it ignore the smb.conf setting? You actually can't exlude these settings from the tdbsam records IIRC. I'd have to go back and look again to be sure. So the home directory path in the tdb record would always take precedence over the smb.conf settings. But like I say, I would have to double check this in the code. cheer,s jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBvf0+IR7qMdg1EfYRAhzGAJ4/F/mhmm6UaSOXqPJSiN7Ok8avEwCg0Kyj EB1+aeUz9ILzrPBakWHxEVU= =pl5O -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] tdbsam and variables
| First question: When Home Directory is not set in tdbsam | does samba just use the setting of logon home in smb.conf? | And when it's set does it ignore the smb.conf setting? You actually can't exlude these settings from the tdbsam records IIRC. I'd have to go back and look again to be sure. So the home directory path in the tdb record would always take precedence over the smb.conf settings. But like I say, I would have to double check this in the code. I would be really glad if you could check this. If what you say is true than the example Big 500 Users Example makes just no sense to me. The example only uses a tdbsam backend and then the setting for logon home and logon path could just be removed because it's the tdbsam which counts. And when we cannot use variables in tdbsam I begin to wonder what the advantages of a tdbsam backend against a smbpasswd file should be. Is this somewhere documented which backend supports variables and which backend supports the settings in smb.conf and since which version of samba? Thanks, Jerry. Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] tdbsam and variables
On Monday 13 December 2004 15:31, Marc Petitmermet wrote: | First question: When Home Directory is not set in tdbsam | does samba just use the setting of logon home in smb.conf? | And when it's set does it ignore the smb.conf setting? You actually can't exlude these settings from the tdbsam records IIRC. I'd have to go back and look again to be sure. So the home directory path in the tdb record would always take precedence over the smb.conf settings. But like I say, I would have to double check this in the code. I would be really glad if you could check this. If what you say is true than the example Big 500 Users Example makes just no sense to me. The Not quite! The smb.conf setting is used in creating the user account entry in tdbsam. example only uses a tdbsam backend and then the setting for logon home and logon path could just be removed because it's the tdbsam which counts. And when we cannot use variables in tdbsam I begin to wonder what the advantages of a tdbsam backend against a smbpasswd file should be. Is this somewhere documented which backend supports variables and which backend supports the settings in smb.conf and since which version of samba? Thanks, Jerry. - John T. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] tdbsam and variables
Dear List Members We are trying to setup samba PDC with tdbsam backend. First question: When Home Directory is not set in tdbsam does samba just use the setting of logon home in smb.conf? And when it's set does it ignore the smb.conf setting? Second question: Does tdbsam allow the inclusion of variables such as %a, %u, %H, etc.? We were looking at the Big 500 Users Example [1] but had some difficulties. When we were using the tdbsam backand, samba ignored the settings which was set in smb.conf and we had to hard-code the varibles. E.g.: Profile Path: \\myserver\myuser\.profile.WinXP\profile.pds As we still have some computers running NT and 2k we tried to use %a: Profile Path: \\myserver\myuser\.profile.%a\profile.pds But this resulted in the generation of a folder .profile.%a and %a was not interpreted at all. We also wanted to use %L and %u in the profile path but then the profile wasn't found at all. When we left the Profile Path in tdbsam empty the setting in smb.conf was ignored and the profile not found. When using smbpasswd as backand everything works as expected with all variables. Therefore, my answer to my own question would be: all parameters have to be statically set in tdbsam because the settings in smb.conf are ignored and the inclusion of variables does not work. But when I look at the Big 500 Users Example [1] this answer does not make sense at all. If it were true why are the logon path and logon home set in the example configuration? My guess is that I have something wrong in my setup but I just cannot figure out what it is (I've added smb.con at the end of this message). BTW, this is samba-3.0.7-1.3E.1 on RedHat EL 3. Thanks for any hints to resolve this problem. Kind regards, Marc [1] http://us1.samba.org/samba/docs/man/Samba-Guide/Big500users.html /etc/samba/smb.conf #=== Global Settings = [global] workgroup = mydomain #netbios name = %L domain logons = yes server string = SMB-Server 6/6 %v hosts allow = xx.xxx.xx. log file = /var/log/samba/%m.log max log size = 50 security = user debug level = 0 # password server = %L password level = 8 username level = 8 encrypt passwords = yes passdb backend = tdbsam:/etc/samba/private/passdb.tdb unix password sync = no socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = yes os level = 33 domain master = yes preferred master = yes logon path = \\%L\profiles\.profile%a\profile.pds name resolve order = wins hosts wins support = no wins server = xx.xx.xx.xx dns proxy = no nis homedir = true homedir map = auto.home preserve case = yes short preserve case = yes default case = lower case sensitive = no logon drive = P: # Share Definitions == [homes] comment = %U's Data on %L Group %G path = %H browseable = no writable = yes create mask = 0700 directory mask = 0700 follow symlinks = yes [profiles] path = /home/%u browseable = no writable = yes create mask = 0700 directory mask = 0700 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] TDBsam PDC and BDC
On Wed, 2004-04-28 at 15:12, Lancsár Roland wrote: Hi all, It is possible? How can I do Samba3 PDC and BDC with TDBsam autentication? Not possible, due to lack of replication (and rsync doesn't count, due to the need for BDC-PDC replication of machine accounts). Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] TDBsam PDC and BDC
Hi all, It is possible? How can I do Samba3 PDC and BDC with TDBsam autentication? regards, Roland -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] tdbsam how to?
Hello, Everything seems hopeless.. At this moment, I still run Samba 3.0-alpha21 with ldapsam backend. In the past I have been following the development of Samba closely. I have been working on migrating my samba 3.0-alpha21 to Samba 3.0.2a. It just doesn't work, I tried to follow the explanations about the new samba.schema and other related stuff but I think there have become to much bits and pieces of how it all fits together and I lost complete track of it. Desperate as I am, I thought of giving it a try using the plain, simple tdbsam backend. But it doesn't work either. So, here I am now with nothing working so far except my good old Samba 3.0-alpha21. Can somebody please give me a detailed description how to setup a samba PDC using tdbsam? And please don't tell me to take a look at the several docs that I can find a million places, I just want a clear, straightforward description from A to Z please. Can't be that hard since you all got it working, right? My thanks in advance. Eddie. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] tdbsam to ldapsam
System: Sid ; Samba 3.0.0 ; using tdbsam ; no problems Goal: Would like to move password, group, and user data to ldap backend. Problem: I've read Samba-HOWTO-Collection.pdf and don't see exactly how to do this as the Howto addresses primarily the password backend. What I've done so far: 1) Created the openldap bdb and the dc=domain,dc=com base and the admin with password. 2) Run the command, smbpasswd -w password QUESTION: What user is this going use and how to set? 3) Created the openldap ou=domainUsers, ou=domainGroups, and ou=domainComputers QUESTION: How do I export my data to and ldif file or directly to the dbd and how will know what my dbd tree structure is? 4) I have run the command, pdbedit -i ldapsam:ldap://domain.com but and get credential error (relates to 2 above). QUESTION: In order to use group data in backend, do I need nis_ldap, pam_ldap? Any help appreciated, Thanks, Craig Jackson -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] tdbsam to ldapsam
1) Good 2) No users here, this is just the secret that samba needs to know in order to complete its tasks, it already has the DN in smb.conf 3) You can use pdbedit as mentionned in this HOWTO : http://www.5of5.com/howto/howto-nt42samba3ldapmigration.html OR you can use the smbldaptools package from www.idealx.org, they included a script named smbldap-migrateusers.pl and smbldap-migrategroups.pl which does exactly what you want to do ;) 4) Check the DN of the root user or the manager as you entered it in slapd.conf, check if it's the same in smb.conf in the ldap admin dn parameter. 5) I have the same question, can anybody complete ? Have fun Charles Hamel On 03-12-07, at 22:44, Craig Jackson wrote: System: Sid ; Samba 3.0.0 ; using tdbsam ; no problems Goal: Would like to move password, group, and user data to ldap backend. Problem: I've read Samba-HOWTO-Collection.pdf and don't see exactly how to do this as the Howto addresses primarily the password backend. What I've done so far: 1) Created the openldap bdb and the dc=domain,dc=com base and the admin with password. 2) Run the command, smbpasswd -w password QUESTION: What user is this going use and how to set? 3) Created the openldap ou=domainUsers, ou=domainGroups, and ou=domainComputers QUESTION: How do I export my data to and ldif file or directly to the dbd and how will know what my dbd tree structure is? 4) I have run the command, pdbedit -i ldapsam:ldap://domain.com but and get credential error (relates to 2 above). QUESTION: In order to use group data in backend, do I need nis_ldap, pam_ldap? Any help appreciated, Thanks, Craig Jackson -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] tdbsam backend
I just compiled some RPMS for Mandrake 9.0. I would like to try the TDB bAckend before I do the LDAP stuff. (It took me awhile to get that set up in 2.2) Everything installed ok but it seems that the pbedit3 tool can't find a library. The error message I get is: [EMAIL PROTECTED] root]# pdbedit3 idmap uid range missing or invalid idmap will be unable to map foreign SIDs idmap gid range missing or invalid idmap will be unable to map foreign SIDs Error loading module '/usr/lib/samba3/pdb/tdbsam_nua.so': /usr/lib/samba3/pdb/tdbsam_nua.so: cannot open shared object file: No such file or directory No builtin nor plugin backend for tdbsam_nua found Loading tdbsam_nua failed! Error loading module '/usr/lib/samba3/pdb/tdbsam_nua.so': /usr/lib/samba3/pdb/tdbsam_nua.so: cannot open shared object file: No such file or directory No builtin nor plugin backend for tdbsam_nua found Loading tdbsam_nua failed! Can't initialize passdb backend. Sure enough, that library is not there... Should I have compiled with different options? I'm about to hit the docs but I thought I would ask here first. Jim -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] tdbsam backend
On Thu, 12 Jun 2003, Jim Wharton wrote: I just compiled some RPMS for Mandrake 9.0. I would like to try the TDB bAckend before I do the LDAP stuff. (It took me awhile to get that set up in 2.2) Everything installed ok but it seems that the pbedit3 tool can't find a library. The error message I get is: [EMAIL PROTECTED] root]# pdbedit3 idmap uid range missing or invalid In smb.conf [globals] add: idmap uid = 1-15000 idmap gid = 1-15000 passdb backend = tdbsam, guest That should get the gasses roaring. idmap will be unable to map foreign SIDs idmap gid range missing or invalid idmap will be unable to map foreign SIDs Fixed above. Error loading module '/usr/lib/samba3/pdb/tdbsam_nua.so': /usr/lib/samba3/pdb/tdbsam_nua.so: cannot open shared object file: No such file or directory No builtin nor plugin backend for tdbsam_nua found Loading tdbsam_nua failed! Error loading module '/usr/lib/samba3/pdb/tdbsam_nua.so': /usr/lib/samba3/pdb/tdbsam_nua.so: cannot open shared object file: No such file or directory No builtin nor plugin backend for tdbsam_nua found Loading tdbsam_nua failed! Can't initialize passdb backend. Yep! the NUA stuff got dropped, unless you run ldapsam. In the case of ldapsam the meaning of NUA is a little warped! :) Better ask an IDMAP guru what is warped! :) Sure enough, that library is not there... Should I have compiled with different options? I'm about to hit the docs but I thought I would ask here first. Just try the above. IF it works let me know where to send the invoice - price today is a smile. If not paid on time, the price goes up to two smiles. :-)) - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] tdbsam
Hi! If I compile my samba with --ldapsam --tdbsam --acl-support ... The dial in properties can be used into tdbsam ? --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] tdbsam
On Thu, 3 Apr 2003 [EMAIL PROTECTED] wrote: Hi! If I compile my samba with --ldapsam --tdbsam --acl-support ... The dial in properties can be used into tdbsam ? No. Not yet. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba