Re: [Samba] Help troubleshooting find_domain_master_name_query_fail on SMB v4?

[Dale Schroeder]

Several things you could try.

1. Set in [global] domain master = yes
2. Use either wins support or wins server, but not both. Based on 
what you have in interfaces, if this system is to be the wins server, 
then use wins support = yes and eliminate the wins server parameter.

3. Check for firewall / selinux / apparmor issues.

Also it is no longer recommended to use the socket options directive.
For a standalone server, you do not need any of the idmap or logon 
parameters.  There are probably other you could eliminate, but these are 
the most obvious.


Dale


On 09/07/2013 6:35 PM, d...@sent.com wrote:

I'm running

smbd -V
Version 4.1.0rc2-3.1-3075-SUSE-oS12.3-x86_64

This is a standalone server, and the only SMB/CIFS instance on my LAN.

On launch, I see the following find_domain_master_name_query_fail
error in logs.

I can't track down what I've managed to do wrong; pointers appreciated.

== log.nmbd ==
[2013/09/07 16:21:41,  2]
../source3/nmbd/nmbd_elections.c:42(send_election_dgram)
  send_election_dgram: Sending election packet for
  workgroup WORKGROUP on subnet 192.168.1.202
[2013/09/07 16:21:41,  2]
../source3/nmbd/nmbd_elections.c:205(run_elections)
  run_elections:  Won election for workgroup
  WORKGROUP on subnet 192.168.1.202 
[2013/09/07 16:21:41,  2]

../source3/nmbd/nmbd_become_lmb.c:538(become_local_master_browser)
  become_local_master_browser: Starting to become a
  master browser for workgroup WORKGROUP on subnet
  192.168.1.202
[2013/09/07 16:21:49,  0]

../source3/nmbd/nmbd_become_lmb.c:397(become_local_master_stage2)
  *

  Samba name server test is now a local master browser
  for workgroup WORKGROUP on subnet 192.168.1.202

  *
[2013/09/07 16:21:49,  0]

../source3/nmbd/nmbd_browsesync.c:354(find_domain_master_name_query_fail)
  find_domain_master_name_query_fail:
  Unable to find the Domain Master Browser name
  WORKGROUP1b for the workgroup WORKGROUP.
  Unable to sync browse lists in this workgroup.


Checking

smbclient -N -L test
Domain=[WORKGROUP] OS=[Unix] Server=[Samba
4.1.0rc2-3.1-3075-SUSE-oS12.3-x86_64]

Sharename   Type  Comment
-     ---
testSHARE   Disk
IPC$IPC   IPC Service (Samba
4.1.0rc2-3.1-3075-SUSE-oS12.3-x86_64)
Domain=[WORKGROUP] OS=[Unix] Server=[Samba
4.1.0rc2-3.1-3075-SUSE-oS12.3-x86_64]

Server   Comment
----
test  Samba
4.1.0rc2-3.1-3075-SUSE-oS12.3-x86_64

WorkgroupMaster
----
WORKGROUP  test


My smb conf is

cat /etc/samba/smb.conf

[global]
interfaces = 192.168.1.202/255.255.252.0
smb ports = 137 138 139 445
bind interfaces only = yes
hosts allow = 192.168.1. 127.0.0.1 localhost
hosts deny = all

max connections = 5
max xmit = 32767
strict sync = no
sync always = no
strict locking = no
keepalive = 300
wide links = yes
getwd cache = yes
use sendfile = true

netbios name = test
workgroup = WORKGROUP
*wins support = yes
wins server = 192.168.1.202*
local master = yes
preferred master = yes
os level = 65
name resolve order = wins bcast

security = user
encrypt passwords = yes
passdb backend = tdbsam
map to guest = Bad User
username map = /etc/samba/username_map.conf

*idmap config * : backend = tdb2
idmap config * : range = 100-200

logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
logon drive = P:*
usershare allow guests = no

load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
printcap cache time = 0

log file = 

Re: [Samba] Help Samba license

[Andrew Bartlett]

On Wed, 2013-07-10 at 11:30 +0800, blue_sky886 wrote:
  Hi,
 
 I want to use library of samba that license is GPLv2 in my program that is 
 proprietary.
 
 The source code version of samba is 3.0.6.
 
 Is it possible to modify the license to LGPL?
 
 Thanks.

No, it is not possible.  We can only suggest you licence your program
under GPL compatible terms.

Additionally, all supported Samba versions are now licensed under GPLv3
or later, with only some specific support libraries under other less
protective licences. 

I hope this clarifies things,

Andrew Bartlett

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help Samba license

[Jeremy Allison]

On Wed, Jul 10, 2013 at 11:30:35AM +0800, blue_sky886 wrote:
  Hi,
 
 I want to use library of samba that license is GPLv2 in my program that is 
 proprietary.
 
 The source code version of samba is 3.0.6.
 
 Is it possible to modify the license to LGPL?

I'm afraid not. Your only options are to
release your own code under a GPLv2 compatible
license or to cease using the Samba library
with your proprietary code.

Regards,

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help pls. -- Samba permission question

[Gary Dale]

If you want the CIFS permissions to be set correctly, use the Samba/CIFS 
tools to set them (ie. set them from the client. Don't set them using 
Unix permissions on the server).


Your example shows you setting the group to managegroup but your 
smb.conf forces the group to management. Which is it?


The last line in your server commands I believe should be chmod, not chowm.


On 12/12/12 12:21 PM, J Gao wrote:

Hi, All,

I'm having a problem with my samba server(v3.6.9) setup. I have a 
share on the server:


#cd /
#mkdir managment
#chown -R root:managegroup management
#chowm -R 2770 management

When I test this I found out:
the managegroup member can create new file/dir with the correct 
permission: -rwxrws--- or drwxrws---


BUT, when the client copy a file or dir to the share from his local 
drive, then some file/dir will have different the permission when it 
coiped to the Samba share. (for example, drwxrwxr-x)


We have both Windows and Ubuntu client. Ubuntu client use cifs.mount 
to access the Samba share.


Here is my smb.conf file. Please help me. All I want is when and file 
and/or dir end up on the samba share, it should have 770 permission.


Thanks.

Gao


my smb.conf:

[global]
workgroup = WORKGROUP
server string = My File Server
interfaces = lo bond0 192.168.1.2/24
hosts allow = 127. 192.168.1.
log file = /var/log/samba/log.%m
max log size = 1000
security = user
passdb backend = tdbsam
guest account = nobody
map to guest = Bad User
wins support = yes
dns proxy = no
map acl inherit = yes
nt acl support = yes
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
create mask = 0770
force security mode = 0770
force create mode = 0770
directory mask = 0770
force directory mode = 0770

[Management]
comment =
path = /management
browsable = yes
public = no
writable = yes
read only = no
force group = management
valid users = @management





--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help pls. -- Samba permission question

[J Gao]

Thank you Gary  for the help.


On 12-12-12 09:45 AM, Gary Dale wrote:

If you want the CIFS permissions to be set correctly, use the Samba/CIFS
tools to set them (ie. set them from the client. Don't set them using
Unix permissions on the server).


I don't know if I'm doing it correct. I'm using a bash script to help 
user mount the CIFS share like this:


sudo mount.cifs //fileserver/management/ ${HOME}/fileserver/management 
-o user=${USER},password=$userPass,uid=$UID,rw,mand


Could you give me an example on using Samba/CIFS tools?





Your example shows you setting the group to managegroup but your
smb.conf forces the group to management. Which is it?


my typo. I want make clear so I change the group name to managegroup. 
The actual group name it the same managment which I think may cause 
confusion when I post my question. Sorry.


Bets Regards.

Gao




The last line in your server commands I believe should be chmod, not chowm.


On 12/12/12 12:21 PM, J Gao wrote:

Hi, All,

I'm having a problem with my samba server(v3.6.9) setup. I have a
share on the server:

#cd /
#mkdir managment
#chown -R root:managegroup management
#chowm -R 2770 management

When I test this I found out:
the managegroup member can create new file/dir with the correct
permission: -rwxrws--- or drwxrws---

BUT, when the client copy a file or dir to the share from his local
drive, then some file/dir will have different the permission when it
coiped to the Samba share. (for example, drwxrwxr-x)

We have both Windows and Ubuntu client. Ubuntu client use cifs.mount
to access the Samba share.

Here is my smb.conf file. Please help me. All I want is when and file
and/or dir end up on the samba share, it should have 770 permission.

Thanks.

Gao


my smb.conf:

[global]
workgroup = WORKGROUP
server string = My File Server
interfaces = lo bond0 192.168.1.2/24
hosts allow = 127. 192.168.1.
log file = /var/log/samba/log.%m
max log size = 1000
security = user
passdb backend = tdbsam
guest account = nobody
map to guest = Bad User
wins support = yes
dns proxy = no
map acl inherit = yes
nt acl support = yes
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
create mask = 0770
force security mode = 0770
force create mode = 0770
directory mask = 0770
force directory mode = 0770

[Management]
comment =
path = /management
browsable = yes
public = no
writable = yes
read only = no
force group = management
valid users = @management








--

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help pls. -- Samba permission question

[Gary Dale]

On 12/12/12 02:07 PM, J Gao wrote:

Thank you Gary  for the help.


On 12-12-12 09:45 AM, Gary Dale wrote:

If you want the CIFS permissions to be set correctly, use the Samba/CIFS
tools to set them (ie. set them from the client. Don't set them using
Unix permissions on the server).


I don't know if I'm doing it correct. I'm using a bash script to help 
user mount the CIFS share like this:


sudo mount.cifs //fileserver/management/ ${HOME}/fileserver/management 
-o user=${USER},password=$userPass,uid=$UID,rw,mand


Could you give me an example on using Samba/CIFS tools?
That line mounts the share using the credentials you gave it but that 
doesn't set the permissions. If you right-click on the share's folder, 
you should be able to set the CIFS permissions.









Your example shows you setting the group to managegroup but your
smb.conf forces the group to management. Which is it?


my typo. I want make clear so I change the group name to managegroup. 
The actual group name it the same managment which I think may cause 
confusion when I post my question. Sorry.


Bets Regards.

Gao
So is your user a member of management? Rather than forcing the group to 
management, you could just add members to the group.


Also, when you set the Unix ownership and permissions too tightly, you 
may prevent Samba from accessing the share properly. Since the share 
directories and files are to be accessed only through CIFS/Samba, the 
Unix permissions can and should be very loose. My shares all have Unix 
permissions with everyone having rwx access.








The last line in your server commands I believe should be chmod, not 
chowm.



On 12/12/12 12:21 PM, J Gao wrote:

Hi, All,

I'm having a problem with my samba server(v3.6.9) setup. I have a
share on the server:

#cd /
#mkdir managment
#chown -R root:managegroup management
#chowm -R 2770 management

When I test this I found out:
the managegroup member can create new file/dir with the correct
permission: -rwxrws--- or drwxrws---

BUT, when the client copy a file or dir to the share from his local
drive, then some file/dir will have different the permission when it
coiped to the Samba share. (for example, drwxrwxr-x)

We have both Windows and Ubuntu client. Ubuntu client use cifs.mount
to access the Samba share.

Here is my smb.conf file. Please help me. All I want is when and file
and/or dir end up on the samba share, it should have 770 permission.

Thanks.

Gao


my smb.conf:

[global]
workgroup = WORKGROUP
server string = My File Server
interfaces = lo bond0 192.168.1.2/24
hosts allow = 127. 192.168.1.
log file = /var/log/samba/log.%m
max log size = 1000
security = user
passdb backend = tdbsam
guest account = nobody
map to guest = Bad User
wins support = yes
dns proxy = no
map acl inherit = yes
nt acl support = yes
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
create mask = 0770
force security mode = 0770
force create mode = 0770
directory mask = 0770
force directory mode = 0770

[Management]
comment =
path = /management
browsable = yes
public = no
writable = yes
read only = no
force group = management
valid users = @management










--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help pls. -- Samba permission question

[J Gao]

On 12-12-12 12:52 PM, Gary Dale wrote:

On 12/12/12 02:07 PM, J Gao wrote:

Thank you Gary  for the help.


On 12-12-12 09:45 AM, Gary Dale wrote:

If you want the CIFS permissions to be set correctly, use the Samba/CIFS
tools to set them (ie. set them from the client. Don't set them using
Unix permissions on the server).


I don't know if I'm doing it correct. I'm using a bash script to help
user mount the CIFS share like this:

sudo mount.cifs //fileserver/management/ ${HOME}/fileserver/management
-o user=${USER},password=$userPass,uid=$UID,rw,mand

Could you give me an example on using Samba/CIFS tools?

That line mounts the share using the credentials you gave it but that
doesn't set the permissions. If you right-click on the share's folder,
you should be able to set the CIFS permissions.




OK, right-click in natilus works. But how can I set this up by default. 
I mean once the share mounted, it will set the correct permission to 770 
if the user copy files on the share?


I read man page for the cifs.mount but I couldn't figure it out myself.

Here are more info:
1. The management group has gid=1018 on the server.
2. Once the share mounted on the Ubuntu client, the share's group ID set 
to numeric 1018. (there isn't a local gid 1018)

3. When copy a file, for example:
-rwxr--r--  1 gao gao14429 Nov 20 09:56 test
to the mounted share, the permission appears to be:
-rwxrwxr--  1 gao 1018  14429 Nov 20 09:56 test
And I check it on the Samba server:
-rwxrwxr--  1 gao management  14429 Nov 20 09:56 test
So the permission changed to 774, not 770. I think somehow it combined 
the permission here.
Just like you said, I can change it to 770 from the right-click. But I 
prefer to do it automatically.


Please help.

Thanks a lot.

Gao







Your example shows you setting the group to managegroup but your
smb.conf forces the group to management. Which is it?


my typo. I want make clear so I change the group name to managegroup.
The actual group name it the same managment which I think may cause
confusion when I post my question. Sorry.

Bets Regards.

Gao

So is your user a member of management? Rather than forcing the group to
management, you could just add members to the group.

Also, when you set the Unix ownership and permissions too tightly, you
may prevent Samba from accessing the share properly. Since the share
directories and files are to be accessed only through CIFS/Samba, the
Unix permissions can and should be very loose. My shares all have Unix
permissions with everyone having rwx access.







The last line in your server commands I believe should be chmod, not
chowm.


On 12/12/12 12:21 PM, J Gao wrote:

Hi, All,

I'm having a problem with my samba server(v3.6.9) setup. I have a
share on the server:

#cd /
#mkdir managment
#chown -R root:managegroup management
#chowm -R 2770 management

When I test this I found out:
the managegroup member can create new file/dir with the correct
permission: -rwxrws--- or drwxrws---

BUT, when the client copy a file or dir to the share from his local
drive, then some file/dir will have different the permission when it
coiped to the Samba share. (for example, drwxrwxr-x)

We have both Windows and Ubuntu client. Ubuntu client use cifs.mount
to access the Samba share.

Here is my smb.conf file. Please help me. All I want is when and file
and/or dir end up on the samba share, it should have 770 permission.

Thanks.

Gao


my smb.conf:

[global]
workgroup = WORKGROUP
server string = My File Server
interfaces = lo bond0 192.168.1.2/24
hosts allow = 127. 192.168.1.
log file = /var/log/samba/log.%m
max log size = 1000
security = user
passdb backend = tdbsam
guest account = nobody
map to guest = Bad User
wins support = yes
dns proxy = no
map acl inherit = yes
nt acl support = yes
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
create mask = 0770
force security mode = 0770
force create mode = 0770
directory mask = 0770
force directory mode = 0770

[Management]
comment =
path = /management
browsable = yes
public = no
writable = yes
read only = no
force group = management
valid users = @management













--

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help pls. -- Samba permission question

[Gary Dale]

On 12/12/12 05:18 PM, J Gao wrote:

On 12-12-12 12:52 PM, Gary Dale wrote:

On 12/12/12 02:07 PM, J Gao wrote:

Thank you Gary  for the help.


On 12-12-12 09:45 AM, Gary Dale wrote:
If you want the CIFS permissions to be set correctly, use the 
Samba/CIFS

tools to set them (ie. set them from the client. Don't set them using
Unix permissions on the server).


I don't know if I'm doing it correct. I'm using a bash script to help
user mount the CIFS share like this:

sudo mount.cifs //fileserver/management/ ${HOME}/fileserver/management
-o user=${USER},password=$userPass,uid=$UID,rw,mand

Could you give me an example on using Samba/CIFS tools?

That line mounts the share using the credentials you gave it but that
doesn't set the permissions. If you right-click on the share's folder,
you should be able to set the CIFS permissions.




OK, right-click in natilus works. But how can I set this up by 
default. I mean once the share mounted, it will set the correct 
permission to 770 if the user copy files on the share?


I read man page for the cifs.mount but I couldn't figure it out myself.

Here are more info:
1. The management group has gid=1018 on the server.
2. Once the share mounted on the Ubuntu client, the share's group ID 
set to numeric 1018. (there isn't a local gid 1018)

3. When copy a file, for example:
-rwxr--r--  1 gao gao14429 Nov 20 09:56 test
to the mounted share, the permission appears to be:
-rwxrwxr--  1 gao 1018  14429 Nov 20 09:56 test
And I check it on the Samba server:
-rwxrwxr--  1 gao management  14429 Nov 20 09:56 test
So the permission changed to 774, not 770. I think somehow it combined 
the permission here.
Just like you said, I can change it to 770 from the right-click. But I 
prefer to do it automatically.


Please help.

Thanks a lot.

Gao


If you have the domain created correctly, the Samba database keeps the 
CIFS permissions. The Unix permissions aren't needed. Keep in mind that 
the two sets of permissions are distinct. If you set the CIFS 
permissions they are remembered. Checking the Unix permissions to see 
what the CIFS permissions are doesn't work.


Having a Unix group called management isn't helpful unless it maps to a 
CIFS group. For example, most Samba users map the CIFS Domain Users to 
the Unix users. This is in the Samba documentation. The 1018 simply 
shows that there is no CIFS group recognized for 1018 (don't forget, you 
are forcing the group - probably not what you really want to do).


You really want to set up a CIFS group called management and add CIFS 
users to it.


Samba maps CIFS users to Unix users if the name is the same.

Have you tried using SWAT to manage your users and shares? It makes 
things easier if you don't have a Windows client to work from.











Your example shows you setting the group to managegroup but your
smb.conf forces the group to management. Which is it?


my typo. I want make clear so I change the group name to managegroup.
The actual group name it the same managment which I think may cause
confusion when I post my question. Sorry.

Bets Regards.

Gao

So is your user a member of management? Rather than forcing the group to
management, you could just add members to the group.

Also, when you set the Unix ownership and permissions too tightly, you
may prevent Samba from accessing the share properly. Since the share
directories and files are to be accessed only through CIFS/Samba, the
Unix permissions can and should be very loose. My shares all have Unix
permissions with everyone having rwx access.







The last line in your server commands I believe should be chmod, not
chowm.


On 12/12/12 12:21 PM, J Gao wrote:

Hi, All,

I'm having a problem with my samba server(v3.6.9) setup. I have a
share on the server:

#cd /
#mkdir managment
#chown -R root:managegroup management
#chowm -R 2770 management

When I test this I found out:
the managegroup member can create new file/dir with the correct
permission: -rwxrws--- or drwxrws---

BUT, when the client copy a file or dir to the share from his local
drive, then some file/dir will have different the permission when it
coiped to the Samba share. (for example, drwxrwxr-x)

We have both Windows and Ubuntu client. Ubuntu client use cifs.mount
to access the Samba share.

Here is my smb.conf file. Please help me. All I want is when and file
and/or dir end up on the samba share, it should have 770 permission.

Thanks.

Gao


my smb.conf:

[global]
workgroup = WORKGROUP
server string = My File Server
interfaces = lo bond0 192.168.1.2/24
hosts allow = 127. 192.168.1.
log file = /var/log/samba/log.%m
max log size = 1000
security = user
passdb backend = tdbsam
guest account = nobody
map to guest = Bad User
wins support = yes
dns proxy = no
map acl inherit = yes
nt acl support = yes
load printers = no

Re: [Samba] Help pls. -- Samba permission question

[J Gao]

On 12-12-12 03:02 PM, Gary Dale wrote:

On 12/12/12 05:18 PM, J Gao wrote:

On 12-12-12 12:52 PM, Gary Dale wrote:

On 12/12/12 02:07 PM, J Gao wrote:

Thank you Gary  for the help.


On 12-12-12 09:45 AM, Gary Dale wrote:

If you want the CIFS permissions to be set correctly, use the
Samba/CIFS
tools to set them (ie. set them from the client. Don't set them using
Unix permissions on the server).


I don't know if I'm doing it correct. I'm using a bash script to help
user mount the CIFS share like this:

sudo mount.cifs //fileserver/management/ ${HOME}/fileserver/management
-o user=${USER},password=$userPass,uid=$UID,rw,mand

Could you give me an example on using Samba/CIFS tools?

That line mounts the share using the credentials you gave it but that
doesn't set the permissions. If you right-click on the share's folder,
you should be able to set the CIFS permissions.




OK, right-click in natilus works. But how can I set this up by
default. I mean once the share mounted, it will set the correct
permission to 770 if the user copy files on the share?

I read man page for the cifs.mount but I couldn't figure it out myself.

Here are more info:
1. The management group has gid=1018 on the server.
2. Once the share mounted on the Ubuntu client, the share's group ID
set to numeric 1018. (there isn't a local gid 1018)
3. When copy a file, for example:
-rwxr--r--  1 gao gao14429 Nov 20 09:56 test
to the mounted share, the permission appears to be:
-rwxrwxr--  1 gao 1018  14429 Nov 20 09:56 test
And I check it on the Samba server:
-rwxrwxr--  1 gao management  14429 Nov 20 09:56 test
So the permission changed to 774, not 770. I think somehow it combined
the permission here.
Just like you said, I can change it to 770 from the right-click. But I
prefer to do it automatically.

Please help.

Thanks a lot.

Gao


If you have the domain created correctly, the Samba database keeps the
CIFS permissions. The Unix permissions aren't needed. Keep in mind that
the two sets of permissions are distinct. If you set the CIFS
permissions they are remembered. Checking the Unix permissions to see
what the CIFS permissions are doesn't work.

Having a Unix group called management isn't helpful unless it maps to a
CIFS group. For example, most Samba users map the CIFS Domain Users to
the Unix users. This is in the Samba documentation. The 1018 simply
shows that there is no CIFS group recognized for 1018 (don't forget, you
are forcing the group - probably not what you really want to do).

You really want to set up a CIFS group called management and add CIFS
users to it.

Samba maps CIFS users to Unix users if the name is the same.

Have you tried using SWAT to manage your users and shares? It makes
things easier if you don't have a Windows client to work from.




Looks like I need more reading. I googled for CIFS group and got lots 
oracle/silaris but not much for linux. WHen you say CIFS group, do you 
mean a local group on the client PC?


Also I quickly installed SWAT and I can't find anywhere about CIFS group.

Gao









Your example shows you setting the group to managegroup but your
smb.conf forces the group to management. Which is it?


my typo. I want make clear so I change the group name to managegroup.
The actual group name it the same managment which I think may cause
confusion when I post my question. Sorry.

Bets Regards.

Gao

So is your user a member of management? Rather than forcing the group to
management, you could just add members to the group.

Also, when you set the Unix ownership and permissions too tightly, you
may prevent Samba from accessing the share properly. Since the share
directories and files are to be accessed only through CIFS/Samba, the
Unix permissions can and should be very loose. My shares all have Unix
permissions with everyone having rwx access.







The last line in your server commands I believe should be chmod, not
chowm.


On 12/12/12 12:21 PM, J Gao wrote:

Hi, All,

I'm having a problem with my samba server(v3.6.9) setup. I have a
share on the server:

#cd /
#mkdir managment
#chown -R root:managegroup management
#chowm -R 2770 management

When I test this I found out:
the managegroup member can create new file/dir with the correct
permission: -rwxrws--- or drwxrws---

BUT, when the client copy a file or dir to the share from his local
drive, then some file/dir will have different the permission when it
coiped to the Samba share. (for example, drwxrwxr-x)

We have both Windows and Ubuntu client. Ubuntu client use cifs.mount
to access the Samba share.

Here is my smb.conf file. Please help me. All I want is when and file
and/or dir end up on the samba share, it should have 770 permission.

Thanks.

Gao


my smb.conf:

[global]
workgroup = WORKGROUP
server string = My File Server
interfaces = lo bond0 192.168.1.2/24
hosts allow = 127. 192.168.1.
log file = /var/log/samba/log.%m
max 

Re: [Samba] Help pls. -- Samba permission question

[Gary Dale]

On 12/12/12 08:01 PM, J Gao wrote:

On 12-12-12 03:02 PM, Gary Dale wrote:

On 12/12/12 05:18 PM, J Gao wrote:

On 12-12-12 12:52 PM, Gary Dale wrote:

On 12/12/12 02:07 PM, J Gao wrote:

Thank you Gary  for the help.


On 12-12-12 09:45 AM, Gary Dale wrote:

If you want the CIFS permissions to be set correctly, use the
Samba/CIFS
tools to set them (ie. set them from the client. Don't set them 
using

Unix permissions on the server).


I don't know if I'm doing it correct. I'm using a bash script to help
user mount the CIFS share like this:

sudo mount.cifs //fileserver/management/ 
${HOME}/fileserver/management

-o user=${USER},password=$userPass,uid=$UID,rw,mand

Could you give me an example on using Samba/CIFS tools?

That line mounts the share using the credentials you gave it but that
doesn't set the permissions. If you right-click on the share's folder,
you should be able to set the CIFS permissions.




OK, right-click in natilus works. But how can I set this up by
default. I mean once the share mounted, it will set the correct
permission to 770 if the user copy files on the share?

I read man page for the cifs.mount but I couldn't figure it out myself.

Here are more info:
1. The management group has gid=1018 on the server.
2. Once the share mounted on the Ubuntu client, the share's group ID
set to numeric 1018. (there isn't a local gid 1018)
3. When copy a file, for example:
-rwxr--r--  1 gao gao14429 Nov 20 09:56 test
to the mounted share, the permission appears to be:
-rwxrwxr--  1 gao 1018  14429 Nov 20 09:56 test
And I check it on the Samba server:
-rwxrwxr--  1 gao management  14429 Nov 20 09:56 test
So the permission changed to 774, not 770. I think somehow it combined
the permission here.
Just like you said, I can change it to 770 from the right-click. But I
prefer to do it automatically.

Please help.

Thanks a lot.

Gao


If you have the domain created correctly, the Samba database keeps the
CIFS permissions. The Unix permissions aren't needed. Keep in mind that
the two sets of permissions are distinct. If you set the CIFS
permissions they are remembered. Checking the Unix permissions to see
what the CIFS permissions are doesn't work.

Having a Unix group called management isn't helpful unless it maps to a
CIFS group. For example, most Samba users map the CIFS Domain Users to
the Unix users. This is in the Samba documentation. The 1018 simply
shows that there is no CIFS group recognized for 1018 (don't forget, you
are forcing the group - probably not what you really want to do).

You really want to set up a CIFS group called management and add CIFS
users to it.

Samba maps CIFS users to Unix users if the name is the same.

Have you tried using SWAT to manage your users and shares? It makes
things easier if you don't have a Windows client to work from.




Looks like I need more reading. I googled for CIFS group and got 
lots oracle/silaris but not much for linux. WHen you say CIFS group, 
do you mean a local group on the client PC?


Also I quickly installed SWAT and I can't find anywhere about CIFS group.

Gao


That's a Windows Domain group in M$ parlance. The group is recognized on 
the member server because it comes from the Domain. That's why I used 
the example of Domain Users as a CIFS group, as distinct from the Unix 
group users.


Windows provides graphical tools for managing groups and users on the 
Domain Controller, but you can also do it from the command line in 
Linux. Something like net rpc group ADD groupname should work.


Once the group is created, you can populate it with users.

The essential point is that the Windows Domain model is different from 
the Unix security model. When you are using Samba, use Samba and the 
Windows way of handling things. Don't try to use Unix tools. You're not 
in Unix-land anymore.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] help

[Gaiseric Vandal]

Is this samba 3.x

Samba 3.x  domains and domain controllers function like Windows NT4 
domains.  They are not like Windows 200x Active Directory servers and 
domains.


The domain name has to be a simple netbios compatible name.  A single 
name not fqdn.   I do not believe that . are a valid character.  I 
think the domain name can not exceed 15 or 15 characters.




On 11/15/12 14:38, Hanganu Sergiu wrote:

hello
i m not speaking very well english

i m trying to configure samba .i m using debian as O.S.
my problem is :

i want to configure a local domain as PDC

this is a part of a little example
/|workgroup = MIDEARTH|/
/|domain logons = Yes|/
/|domain master = Yes|/
/|security = User
|/



/|workgroup = MIDEARTH.MILANO|/
/|domain logons = Yes|/
/|domain master = Yes|/
/|security = User|/


my domain will be MIDEARTH

This is working, but if i will change in MIDEARH.MILANO ...is not 
working when i m trying to connect a xp pro client
with the domain name MIDEARTH is working but if i change in 
MIDEARTH.MILANO like fqnd is not working and

i don t understand why..
i m trying to find on google same example but i can t find anything 
like this..




PLEASE HELP ME
THANK YOU



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help infomation to build the system as Microsoft Active Directory !

[Gaiseric Vandal]

Many of your questions should be answered on www.samba.org and
wiki.samba.org


Samba4 provides Active Directory functionality.   It is free -  you
don't have to pay for it, but there is the cost of your time.   





On 07/24/12 08:08, Ha Minh Ai wrote:
 Dear Mr/Madam,
 We have wanted to build the system for centralizal management: User
 account, printer, policy, deploy softwares to client, manage update OS,
 Single Sign On, 
 I know there have a same system as Micrsoft Active Directory, but we
 haven't a lot dollars.
 Please help me to answer some questions as the below:
  - How is the solution (*OpenLDAP + Samba*) on Ubuntu, RHEL/CentOS or SUSE
 server ?
  - How many user can the system support maximum ?
  - Could i build the system include Primary Domain Controller Server and
 Additional Domain Controller ?
  - Does Samba/OpenLDAP has cost-edition for enterprise ? If yes, what is it
 different from free-edition ?
 I'm looking forward to supporting from you. Thanks so much

 Best regards,
 Aihm


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help with migration

[Andrew Bartlett]

On Mon, 2012-05-07 at 09:25 -0400, Gaiseric Vandal wrote:
 You may want to set up a test environment.
 
 
 I have not been able to get NTLMv2 working properly.   I believe
 enabling NTLMv2 should still systems to negotiate ver 2 but that didn't
 happen-  at least I was unable to login from a Windows 2003 client with
 a samba PDC.   NTLMv2 uses better encryption for authenticating the
 users than NTLM v1 but I am not sure if the actual password itself gets
 store differently in LDAP.I think the same hash mechanism is used to
 store the password. 

Correct, the same NT hash is used.  Also Samba 3.0, while out of
security support, does support NTLMv2.

It is up to clients to choose to use NTLMv2 - the server has always
supported it. 

Upgrading from Samba 3.0 should be painless, but of course testing is
advised.

Andrew Bartlett
-- 
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help with migration

[Denis Fateyev]

Hello Alejandro,

Probably to check all the details you need to create a build environment,
at first. It's the general advice. As for your question, I had samba-3.5
server (upgraded from 3.0.28) which was able to authenticate all windows:
from win98 to win7 (domain members). So I think it's possible to do.
Actually I cannot recall any problems I had during the upgrade process,
except very little ones. I used 'SerNet' samba builds (btw, many thanks to
them!)

---
wbr, Denis.


On Fri, May 4, 2012 at 8:17 PM, Alejandro Iacobelli 
aiacobe...@khutech.com.ar wrote:

 Hello to all, my name is Alejandro and I have a little question to anyone
 of this list.

  I´ve created ,6 years ago, an ldap+smb proyect for a big company. Back
 then, samba (Lenny server)  only worked with NT hashes but now (Squeeze
 server) they want to authenticate with Win7 (ntlm2 protocols) And
 configurating windows7 to accept old NT hashes is not an exit. I want to
 update ONLY the smb package from samba (2:3.2.5-4lenny15) to samba
 (2:3.5.6~dfsg-3squeeze8).
 PD: I'm using an OLD and modified by myself openldap version so i cant
 touch it.

  My question is this:


  Have someone of you did this kind of migration any time? can you give me
 advices?

  i need to know if something could go wrong in the relation with openldap.
 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  https://lists.samba.org/mailman/options/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help with migration

[Gaiseric Vandal]

You may want to set up a test environment.


I have not been able to get NTLMv2 working properly.   I believe
enabling NTLMv2 should still systems to negotiate ver 2 but that didn't
happen-  at least I was unable to login from a Windows 2003 client with
a samba PDC.   NTLMv2 uses better encryption for authenticating the
users than NTLM v1 but I am not sure if the actual password itself gets
store differently in LDAP.I think the same hash mechanism is used to
store the password. 


I upgrade from samba 3.0.x to samba 3.4.x.  (both with LDAP backend.) 
   I believe some of the issues I found were
  -  the nobody user and nobody group need to be explicitly mapped
  - some functionality with domain trusts were fixed, others broken
  -  I may have needed to explicitly grant privilegedes to the Domain
Administrators group.  (But that may have been because I initially mixed
up the group mapping for some groups.)


At some point joining machines to the domain got a little trickier.I
need to make sure that some samba attributes were precreated

type:  sambaPrimaryGroupSID  
value:S-1-5-21-XXX-XXX-XXX-515

type:  sambaAccountFlags
value: [W ]


I am not sure if this issue happened with samba 3.4.x or would have
happened in 3.1.x, 3.2x or 3.3.x.  It may also be a schema checking
hiccup on the LDAP server.




On 05/07/12 05:54, Denis Fateyev wrote:
 Hello Alejandro,

 Probably to check all the details you need to create a build environment,
 at first. It's the general advice. As for your question, I had samba-3.5
 server (upgraded from 3.0.28) which was able to authenticate all windows:
 from win98 to win7 (domain members). So I think it's possible to do.
 Actually I cannot recall any problems I had during the upgrade process,
 except very little ones. I used 'SerNet' samba builds (btw, many thanks to
 them!)

 ---
 wbr, Denis.


 On Fri, May 4, 2012 at 8:17 PM, Alejandro Iacobelli 
 aiacobe...@khutech.com.ar wrote:

 Hello to all, my name is Alejandro and I have a little question to anyone
 of this list.

  I´ve created ,6 years ago, an ldap+smb proyect for a big company. Back
 then, samba (Lenny server)  only worked with NT hashes but now (Squeeze
 server) they want to authenticate with Win7 (ntlm2 protocols) And
 configurating windows7 to accept old NT hashes is not an exit. I want to
 update ONLY the smb package from samba (2:3.2.5-4lenny15) to samba
 (2:3.5.6~dfsg-3squeeze8).
 PD: I'm using an OLD and modified by myself openldap version so i cant
 touch it.

  My question is this:


  Have someone of you did this kind of migration any time? can you give me
 advices?

  i need to know if something could go wrong in the relation with openldap.
 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help Required

[vaibhav srivastava]

On Fri, May 4, 2012 at 6:50 PM, vaibhav srivastava
vaibhavcs...@gmail.comwrote:


 Hi all,
 Since I want to run Samba without modifying my existing kernel. Please
 tell me what are the requirements for the same.
 What are the package list required in kernel before installing samba.
 thanks in advance.
 --
 Thanks and Regards,
 Vaibhav Srivastava
 Email-id: vaibhavcs...@gmail.com








-- 
Thanks and Regards,
Vaibhav Srivastava
Email-id: vaibhavcs...@gmail.com
Mobile no.: 9552543029
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help Required

[Gaiseric Vandal]

Have you looked at any of the samba documentation?

What OS ?   Most linux distros (as well as solaris unix) have a
precompiled samba version bundled or available.Normally you don't
have to worry about the kernel.





On 05/04/12 09:24, vaibhav srivastava wrote:
 On Fri, May 4, 2012 at 6:50 PM, vaibhav srivastava
 vaibhavcs...@gmail.comwrote:

 Hi all,
 Since I want to run Samba without modifying my existing kernel. Please
 tell me what are the requirements for the same.
 What are the package list required in kernel before installing samba.
 thanks in advance.
 --
 Thanks and Regards,
 Vaibhav Srivastava
 Email-id: vaibhavcs...@gmail.com








-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] help to install samba

[Davegu1]

Ensure you got the right version and compiler, also, if using a script to 
install it use the set -x  in the script so you can see where it is 
failing.


Suerte,

David

-Original Message- 
From: Rocio de los Angeles Ortíz Barrera

Sent: Thursday, April 05, 2012 2:09 PM
To: sa...@samba.org
Cc: samba-techni...@samba.org
Subject: help to install samba






Hi this is Rocio Ortiz from CONACyT ( Consejo Nacional de Ciencia y 
Tecnología)


My system is HP-UX 11.11

I would to install samba for this system and i just have


HP-UX 11.11 (B8725AA_A.02.04.05_HP-UX_B.11.11_32_64.depot) and

HP-UX 11.11 (B8725AA_A.02.03.06_HP-UX_B.11.11_32_64.depot)

I tried to install thet but after install them, I have error about 
dependences. somethig like that:





* Software selections:
B8725AA,r=A.02.04a,a=HP-UX_B.11.11_32/64,v=HP
CIFS-Development.CIFS-PRG,r=A.02.04a,a=HP-UX_B.11.11_32/64,v=HP,fr=A.02.04a,fa=HP-UX_B.11.11_32/64
CIFS-Server.CIFS-ADMIN,r=A.02.04a,a=HP-UX_B.11.11_32/64,v=HP,fr=A.02.04a,fa=HP-UX_B.11.11_32/64
CIFS-Server.CIFS-DOC,r=A.02.04a,a=HP-UX_B.11.11_32/64,v=HP,fr=A.02.04a,fa=HP-UX_B.11.11_32/64
CIFS-Server.CIFS-LIB,r=A.02.04a,a=HP-UX_B.11.11_32/64,v=HP,fr=A.02.04a,fa=HP-UX_B.11.11_32/64
CIFS-Server.CIFS-MAN,r=A.02.04a,a=HP-UX_B.11.11_32/64,v=HP,fr=A.02.04a,fa=HP-UX_B.11.11_32/64
CIFS-Server.CIFS-RUN,r=A.02.04a,a=HP-UX_B.11.11_32/64,v=HP,fr=A.02.04a,fa=HP-UX_B.11.11_32/64
CIFS-Server.CIFS-UTIL,r=A.02.04a,a=HP-UX_B.11.11_32/64,v=HP,fr=A.02.04a,fa=HP-UX_B.11.11_32/64
* Beginning Analysis
* appsp3:/: 1 check scripts had warnings.
* appsp3:/: The software dependencies for 6 products or
filesets cannot be resolved.





and I dont now why?

can you help me??

thanks



Regards







Rocio Ortiz Barrera
Of.Seguridad jr
Dirección de Sistemas, Informatica y Telecomunicaciones
Consejo Nacional de Ciencia y Tecnología
52 53227700 ext 4005



--


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help with smbpasswd file

[Gaiseric Vandal]

The testparm -v will let you see which smb.conf  file is being used 
and what the settings are.  If the default settings for passwd file and 
private directory are not to your liking you can specify the in the 
smb.conf file



e.g.

# testparm -v | grep -i priv
Load smb config files from /etc/samba/smb.conf

smb passwd file = /var/lib/samba/private/smbpasswd
private dir = /var/lib/samba/private







On 03/20/12 14:18, Beau Gauthreaux wrote:

Is there a procedure for copying the smbpasswd from an old machine to a new
machine (fresh samba build), and have the new machine recognize the old
smbpasswd file?   Both machines are aix 6.1 and Samba version 3.5.12.   I
copied all of the .tdb files but that didn't seem to work.   The new
machine does not seem to know what is in
/usr/local/samba/private/smbpasswd.  Below is my smb.conf

Thanks,

bash-4.2# cat smb.conf
[global]
 workgroup = privateworkgroup
 netbios name = someserver
 server string = Some Samba Server %v
 security = user
 encrypt passwords = yes
 passdb backend = smbpasswd

 log file = /LOGS/log.smbd

 max log size = 20
 log level = 2
   delete readonly = yes
 invalid users = root daemon bin sys adm uucp nuucp lpd imnadm ipsec
lp snapp inv  scout
 guest account = nobody
 host msdfs = no
   max xmit = 65535
   socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192
 strict locking = no
 allocation roundup size = 2097152
 use sendfile = true

 comment = Samba Share
 path = /export/shares
 writeable = yes
 create mask = 0775
 directory mask = 0775
 security mask = 0770
 force security mode = 770
 directory security mask = 0770
 force directory security mode = 770
 force create mode = 0775
 force directory mode = 0775
 inherit acls = yes

[Tshare]
#Windows no Unix yes (Execute bit)
 map archive = no
 map system = no
 map hidden = no


[Tshares-unix]
#Windows no Unix yes (Execute bit)
 map archive = yes
 map system = yes
 map hidden = yes




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help!!!! Gettting samba core dumps

[Michael Wood]

On 16 February 2012 07:53, Rich rhd...@gmail.com wrote:
 I transferred a Xen vm that was running on centos 5.7 with samba 3.6.3 to
  a centos 6.2 bare metal server with one E5502 and 16gig of memory. I have
 been running Centos for 6 years on different servers for 6 years on several
 different  upgrades.
 This new server has a dual network card in it. I have samba 3.6.3 on it and
 here is the smb.conf below:

 [global]
[...]
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
[...]

Remove the socket options.  It won't fix your crashes, though.

 I am getting the below dumps in my messages log.  I have cheked and
 rechecked my dns. This is the only win server on the network.  Anyone has
 any ideas whatsoever. PLEASE!!!

If there's a samba package with debug symbols, installing that might
make more sense of the backtrace.  Or if you compiled from source, try
compiling with debug symbols enabled.

-- 
Michael Wood esiot...@gmail.com
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help!!!! Gettting samba core dumps

[Volker Lendecke]

On Thu, Feb 16, 2012 at 08:17:31AM +0200, Michael Wood wrote:
 On 16 February 2012 07:53, Rich rhd...@gmail.com wrote:
  I transferred a Xen vm that was running on centos 5.7 with samba 3.6.3 to
   a centos 6.2 bare metal server with one E5502 and 16gig of memory. I have
  been running Centos for 6 years on different servers for 6 years on several
  different  upgrades.
  This new server has a dual network card in it. I have samba 3.6.3 on it and
  here is the smb.conf below:
 
  [global]
 [...]
         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
 [...]
 
 Remove the socket options.  It won't fix your crashes, though.
 
  I am getting the below dumps in my messages log.  I have cheked and
  rechecked my dns. This is the only win server on the network.  Anyone has
  any ideas whatsoever. PLEASE!!!
 
 If there's a samba package with debug symbols, installing that might
 make more sense of the backtrace.  Or if you compiled from source, try
 compiling with debug symbols enabled.

Also, a debug level 10 log leading to that crash would be
very helpful.

With best regards,

Volker Lendecke

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kont...@sernet.de
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help - Mounting a Windows computer with two IP addresses

[tms3]

Hi all,

I need to mount a Windows share locally on my laptop. However, I 
cannot

do this via

sudo mount -t smbfs //host_name/share_name /local_mount

because the host_name has two IP addresses with it as shown by 
nmblookup

//host_name.


In Windows network adapter settings, disable  netbios over tcp/ip for 
the address you don't want. If you have a WINS server delete the entry 
for that IP after disabling it.




(That is, I try mounting and I'm given this error:
mount error(115): Operation now in progress
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) )

One IP address is a static one which the Windows computer uses to
connect to another machine. The other IP address is a DHCP-given IP 
and

is the one I need to connect to. I can mount the share if I use

sudo mount -t smbfs //dhcp_ip/share_name /local_mount

however, this is problematic for obvious reasons since I need the 
mount

to be permanent (eventually going in fstab).

My question is: Is there a way to ignore the static IP address when
mounting?

Further info: I can connect to the Windows machine using smbclient
//host_name/share_name and browse just fine. Also, nautilus can browse
the remote file system as well.

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help needed to debug Samba problem

[Jeremy Allison]

On Thu, Sep 29, 2011 at 11:59:41AM -0700, Carl G. Riches wrote:
 
 I have a Samba domain that is having problems.  We have a new NetApp
 file server (FAS2040 running NetApp Release 7.3.4) that keeps
 dropping its connection to the Samba server.  We didn't have this
 problem with an older NetApp box (FAS250 running NetApp Release
 6.5.1R1).
 
 I can run tcpdump on the Samba server and see traffic going back and
 forth between the FAS2040 and the Samba server when the filer tries
 to connect, but don't know enough about the protocol to decipher the
 traffic.
 
 One thought I had was to move the Samba domain to a newer version of
 Samba (on a newer server) but I don't know if that will really help.
 
 The above means that I have two questions:  how to decipher the
 tcpdump info, and how to migrate existing Samba tdb databases to a
 new server?
 
 Thanks in advance for any pointers!

What does your setup look like ? How are you trying to export
files from what to what ?
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help! permission denied when accessing folder

[Dale Schroeder]

Group ownership shows to be studemp, but you are giving share 
permissions to studempl.

Is that a typo, or is that the source of your problem?

Dale


On 07/11/2011 11:15 AM, Daulton_Theodore wrote:

Hi all,

Running samba 3.5.5 in a Solaris non-global zone. I have created a folder 
(StudentJobApplications) on a share  which I want to make accessible only to 
members of a Unix group (studempl). I have added myself to the group but when I 
or other group members try to access the folder via Windows Explorer I get the 
following:

I:\StudentJobApplications is not accessible
Access is denied

Here are some of the particulars:

The folder:
# ls -ld /departments/common/StudentJobApplications
drwxrwx---   2 root studemp2 Jul 11 08:34 
/departments/common/StudentJobApplications

The group (etc/group):
studempl::2018:mylogin,otheruserlogin.

The share definition in smb.conf:

# --
# shared directory for ALL staff
# --
[libshare]
comment = Library staff shared directory
path= /path
browseable  = yes
writeable   = yes
create mask = 0777
force create mode = 0777
directory mask = 0777
valid users = +group1 +group2 +group3 +group4 +group 5 +group6 +group7 
+group8+group17 +studempl
invalid users = +circdesk

Note: I am a member of one of the groups defined in valid users above.

I have not restarted the samba server but I don't think that would be necessary.

Actually I would like to set the permissions on the folder to be -rwxrws--- but 
just being able to access it would be a start. I would appreciate ang comments 
or suggestions.

Thank you.


Daulton Theodore
Carleton University
Library, Systems Department
Vmail: (613) 520-2600, ext. 8352


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help! permission denied when accessing folder

[Gaiseric Vandal]

I would guess this is ZFS?

I think the problem occurs when samba+zfs interprets unix no rights 
granted to the world (other) as deny everyone in windows.


For example, if you have a with unix perms of 770 -  this means on the 
unix level that the user and group have full permissions, no rights are 
assigned to other, and therefore if you are the user (owner) or group 
you have rights,  otherwise you don't.  The permissions are additive and 
omitting any permissions for other is not explicitly an access entry.


In Samba, this gets interpreted as everyone is denied-  and even 
though windows permissions are generally additive, denies trump 
allows.The owner of the file can usually go into the advanced 
windows permissions and clear the deny entries.


Root can also reset permissions as follows:


chmod -R A- thedirectory
chmod -R A=owner@:rwxpdDaARWcCos:allow ?thedirectory
chmod -R A+group@:rwxpdDaARWcCos:allow ?thedirectory
chmod -R A+someothergroup@:rwxpdDaARWcCos:allow ?thedirectory


If you have autofs involved you may want to fix the top level of an 
autofs directory to allow root to still access it (require for mounting)


chmod A+user:nobody:aRc:allow  thedirectory



ZFS is really great BUT Samba played nicer with UFS.Somewhat 
ironically, I believe Samba with ZFS tries to more precisely map unix to 
windows permissions than it did with UFS to Samba.  With UFS, some of 
problem permissions were just ignored in samba.


On 07/11/2011 12:15 PM, Daulton_Theodore wrote:

Hi all,

Running samba 3.5.5 in a Solaris non-global zone. I have created a folder 
(StudentJobApplications) on a share  which I want to make accessible only to 
members of a Unix group (studempl). I have added myself to the group but when I 
or other group members try to access the folder via Windows Explorer I get the 
following:

I:\StudentJobApplications is not accessible
Access is denied

Here are some of the particulars:

The folder:
# ls -ld /departments/common/StudentJobApplications
drwxrwx---   2 root studemp2 Jul 11 08:34 
/departments/common/StudentJobApplications

The group (etc/group):
studempl::2018:mylogin,otheruserlogin.

The share definition in smb.conf:

# --
# shared directory for ALL staff
# --
[libshare]
comment = Library staff shared directory
path= /path
browseable  = yes
writeable   = yes
create mask = 0777
force create mode = 0777
directory mask = 0777
valid users = +group1 +group2 +group3 +group4 +group 5 +group6 +group7 
+group8+group17 +studempl
invalid users = +circdesk

Note: I am a member of one of the groups defined in valid users above.

I have not restarted the samba server but I don't think that would be necessary.

Actually I would like to set the permissions on the folder to be -rwxrws--- but 
just being able to access it would be a start. I would appreciate ang comments 
or suggestions.

Thank you.


Daulton Theodore
Carleton University
Library, Systems Department
Vmail: (613) 520-2600, ext. 8352



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] help - user password expiration in loop

[Fabio Pardi]

Hi Dermot,

thanks for your reply.
here below you have the output, nothing strange to my eyes, but
maybe(hopefully) you know more:

pdbedit -P bad lockout attempt 
smbldap_search_domain_info: Searching
for:[((objectClass=sambaDomain)(sambaDomainName=XXX))]
smbldap_open_connection: connection opened
account policy bad lockout attempt description: Lockout users after
bad logon attempts (default: 0 = off)
account policy bad lockout attempt value is: 0

---
pdbedit -P maximum password age 
smbldap_search_domain_info: Searching
for:[((objectClass=sambaDomain)(sambaDomainName=XXX))]
smbldap_open_connection: connection opened
account policy maximum password age description: Maximum password age,
in seconds (default: -1 = never expire passwords)
account policy maximum password age value is: 4294967295

---
 pdbedit -P min password length 
smbldap_search_domain_info: Searching
for:[((objectClass=sambaDomain)(sambaDomainName=XXX))]
smbldap_open_connection: connection opened
account policy min password length description: Minimal password
length (default: 5)
account policy min password length value is: 5

---
 pdbedit -P lockout duration 
smbldap_search_domain_info: Searching
for:[((objectClass=sambaDomain)(sambaDomainName=XXX))]
smbldap_open_connection: connection opened
account policy lockout duration description: Lockout duration in
minutes (default: 30, -1 = forever)
account policy lockout duration value is: 30

---
 pdbedit -P password history 
smbldap_search_domain_info: Searching
for:[((objectClass=sambaDomain)(sambaDomainName=XXX))]
smbldap_open_connection: connection opened
account policy password history description: Length of Password
History Entries (default: 0 = off)
account policy password history value is: 0


pdbedit -P user must logon to change password 
smbldap_search_domain_info: Searching
for:[((objectClass=sambaDomain)(sambaDomainName=XXX))]
smbldap_open_connection: connection opened
account policy user must logon to change password description: Force
Users to logon for password change (default: 0 = off, 2 = on)
account policy user must logon to change password value is: 0

-
pdbedit -P disconnect time 
smbldap_search_domain_info: Searching
for:[((objectClass=sambaDomain)(sambaDomainName=XXX))]
smbldap_open_connection: connection opened
account policy disconnect time description: Disconnect Users outside
logon hours (default: -1 = off, 0 = on)
account policy disconnect time value is: 4294967295

---
pdbedit -P bad lockout attempt 
smbldap_search_domain_info: Searching
for:[((objectClass=sambaDomain)(sambaDomainName=XXX))]
smbldap_open_connection: connection opened
account policy bad lockout attempt description: Lockout users after
bad logon attempts (default: 0 = off)
account policy bad lockout attempt value is: 0
--
pdbedit -P minimum password age 
smbldap_search_domain_info: Searching
for:[((objectClass=sambaDomain)(sambaDomainName=XXX))]
smbldap_open_connection: connection opened
account policy minimum password age description: Minimal password age,
in seconds (default: 0 = allow immediate password change)
account policy minimum password age value is: 0
---
pdbedit -P reset count minutes 
smbldap_search_domain_info: Searching
for:[((objectClass=sambaDomain)(sambaDomainName=XXX))]
smbldap_open_connection: connection opened
account policy reset count minutes description: Reset time after
lockout in minutes (default: 30)
account policy reset count minutes value is: 30
---


then i tried: 

word age value is: 4294967295
15:38 root@pdc-portavita:~# pdbedit -P maximum password age  -C -1
smbldap_search_domain_info: Searching
for:[((objectClass=sambaDomain)())]
smbldap_open_connection: connection opened
account policy maximum password age description: Maximum password age,
in seconds (default: -1 = never expire passwords)
account policy maximum password age value was: 4294967295
account policy maximum password age value is now: 4294967295
(4294967295 seconds that means 131 years and some days)
--




On Mon, 2011-07-04 at 21:21 +0100, Dermot wrote:

 On 4 July 2011 16:37, Fabio Pardi f.pa...@portavita.eu wrote:
 
  nobody to help?
 
 I just throwing out ideas here. What is the output from pdbedit -P for
 all these policies: minimum password age, reset count minutes,
 disconnect time, user must logon to change password, password history,
 lockout duration, min password length, maximum password age and bad
 lockout attempt.
 
 Perhaps there are clues there.
 Dp.


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] help - user password expiration in loop

[Fabio Pardi]

nobody to help?


On Fri, 2011-06-24 at 16:56 +0200, Fabio Pardi wrote:

 Dears,
 
 Unfortunately it happened again.
 Now i see the user has the flags UX, but the system keeps asking for a
 password change in loop.
 
 details about pdbedit -L -v
 
 ---
 Unix username:myuser
 NT username:  myuser
 Account Flags:[UX ]
 User SID: S-1-5-21-222803232-3192872370-2452721687-1015
 Primary Group SID:S-1-5-21-222803232-3192872370-2452721687-513
 Full Name:hers name
 Home Directory:   
 HomeDir Drive:
 Logon Script: users/login.bat
 Profile Path: 
 Domain:   mydomain
 Account desc: Software Developer
 Workstations: 
 Munged dial:  
 Logon time:   0
 Logoff time:  never
 Kickoff time: 0
 Password last set:Fri, 24 Jun 2011 16:48:34 CEST
 Password can change:  Fri, 24 Jun 2011 16:48:34 CEST
 Password must change: never
 Last bad password   : 0
 Bad password count  : 0
 Logon hours : FF
 -
 
 
 
 
 On Fri, 2011-06-17 at 16:32 +0200, Fabio Pardi wrote:
 
  Thanks a lot Christ, 
  
  a managed using pdbedit. In facts, many accounts were carrying only the
  [U], no X (but i clearly remember I changed every user's setting with
  password never expires from the srvtool graphical tool :s )
  
  Now the only thing i have to do is waiting
  
  Thanks a lot for your time, hoping this will permanently do the job.
  
  Best Regards
  
  Fabio
  
  On Thu, 2011-06-16 at 06:52 -0700, Christ Schlacta wrote:
  
   use pdbedit or your web-based ldap manager to update the account flags 
   to [UX].  document the previous value before changing the flags.  Use 
   smbldap tools to update the expire time.  if none of this fixes it, post 
   an ldif if an affected user account, as well as all the info from 
   smbldap-tools about said user.
   On 6/16/2011 06:39, Fabio Pardi wrote:
Hi everybody,
   
I think i need a samba guru to solve this issue, because googling for
months did not help and the problem is becoming pressing.
I'm facing an annoying problem with samba. In detail, there is something
wrong with the password handling. It happens from windows, mac or linux
clients.
Randomly (probably after $num days), the system asks to the user to
change the password. After the user did it, the system keeps asking the
same, in a sort of loop.
The only option to change it is to manually go on the console and issue
the command smbldap-passwd username.
   
My system:
   
ubuntu lucid 32 bit
   
smb.conf
   
cut---
[global]
 idmap uid = 1000-15000
 idmap gid = 1000-15000
   
   
 workgroup = PORTAVITA
   
 netbios name = PSAMBA
   
 domain logons = Yes
 domain master = Yes
 wins support = true
 obey pam restrictions = Yes
 dns proxy = No
   
 log level = 2
 os level = 35
 log file = /var/log/samba/log.%m
 max log size = 1000
 syslog = 0
panic action = /usr/share/samba/panic-action %d
 pam password change = Yes
 # Allows users on WinXP PCs to change their password when they
press Ctrl-Alt-Del
 unix password sync = no
 ldap passwd sync = yes
   
 passdb backend = ldapsam:ldap://localhost
   
 ldap suffix = dc=pdc
   
 ldap admin dn = cn=admin,dc=pdc
   
 ldap machine suffix = ou=Computers
 ldap user suffix = ou=Users
 ldap group suffix = ou=Groups
 ldap idmap suffix = ou=Idmap
   
 ldap ssl = no
   
 add user script = /usr/sbin/smbldap-useradd -m '%u'
 delete user script = /usr/sbin/smbldap-userdel %u
   
   
#those scripts are modified so we can create groups also on the system
 add group script = /usr/sbin/addgroupldap-system '%g'
 delete group script = /usr/sbin/delgroupldap-system '%g'
 add user to group script
= /usr/sbin/add-user-to-group-ldap-system '%u' '%g'
add user to group script = /usr/sbin/add-user-to-group-ldap-system '%u'
'%g'
 delete user from group script
= /usr/sbin/del-user-to-group-ldap-system -x '%u' '%g'
   
   
   
 set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%
u'
 add machine script = /usr/sbin/smbldap-useradd -w '%u'
 logon drive =
 logon home =
 logon path =
 logon script = users/login.bat
   server signing = auto
 server schannel = Auto
 nt acl support = yes
[homes]
 comment = Home Directories
 valid users = %S
 read only = No
 browseable = No
   
 

Re: [Samba] help - user password expiration in loop

[Dermot]

On 4 July 2011 16:37, Fabio Pardi f.pa...@portavita.eu wrote:

 nobody to help?

I just throwing out ideas here. What is the output from pdbedit -P for
all these policies: minimum password age, reset count minutes,
disconnect time, user must logon to change password, password history,
lockout duration, min password length, maximum password age and bad
lockout attempt.

Perhaps there are clues there.
Dp.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] help - user password expiration in loop

[Fabio Pardi]

Dears,

Unfortunately it happened again.
Now i see the user has the flags UX, but the system keeps asking for a
password change in loop.

details about pdbedit -L -v

---
Unix username:myuser
NT username:  myuser
Account Flags:[UX ]
User SID: S-1-5-21-222803232-3192872370-2452721687-1015
Primary Group SID:S-1-5-21-222803232-3192872370-2452721687-513
Full Name:hers name
Home Directory:   
HomeDir Drive:
Logon Script: users/login.bat
Profile Path: 
Domain:   mydomain
Account desc: Software Developer
Workstations: 
Munged dial:  
Logon time:   0
Logoff time:  never
Kickoff time: 0
Password last set:Fri, 24 Jun 2011 16:48:34 CEST
Password can change:  Fri, 24 Jun 2011 16:48:34 CEST
Password must change: never
Last bad password   : 0
Bad password count  : 0
Logon hours : FF
-




On Fri, 2011-06-17 at 16:32 +0200, Fabio Pardi wrote:

 Thanks a lot Christ, 
 
 a managed using pdbedit. In facts, many accounts were carrying only the
 [U], no X (but i clearly remember I changed every user's setting with
 password never expires from the srvtool graphical tool :s )
 
 Now the only thing i have to do is waiting
 
 Thanks a lot for your time, hoping this will permanently do the job.
 
 Best Regards
 
 Fabio
 
 On Thu, 2011-06-16 at 06:52 -0700, Christ Schlacta wrote:
 
  use pdbedit or your web-based ldap manager to update the account flags 
  to [UX].  document the previous value before changing the flags.  Use 
  smbldap tools to update the expire time.  if none of this fixes it, post 
  an ldif if an affected user account, as well as all the info from 
  smbldap-tools about said user.
  On 6/16/2011 06:39, Fabio Pardi wrote:
   Hi everybody,
  
   I think i need a samba guru to solve this issue, because googling for
   months did not help and the problem is becoming pressing.
   I'm facing an annoying problem with samba. In detail, there is something
   wrong with the password handling. It happens from windows, mac or linux
   clients.
   Randomly (probably after $num days), the system asks to the user to
   change the password. After the user did it, the system keeps asking the
   same, in a sort of loop.
   The only option to change it is to manually go on the console and issue
   the command smbldap-passwd username.
  
   My system:
  
   ubuntu lucid 32 bit
  
   smb.conf
  
   cut---
   [global]
idmap uid = 1000-15000
idmap gid = 1000-15000
  
  
workgroup = PORTAVITA
  
netbios name = PSAMBA
  
domain logons = Yes
domain master = Yes
wins support = true
obey pam restrictions = Yes
dns proxy = No
  
log level = 2
os level = 35
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
   panic action = /usr/share/samba/panic-action %d
pam password change = Yes
# Allows users on WinXP PCs to change their password when they
   press Ctrl-Alt-Del
unix password sync = no
ldap passwd sync = yes
  
passdb backend = ldapsam:ldap://localhost
  
ldap suffix = dc=pdc
  
ldap admin dn = cn=admin,dc=pdc
  
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
  
ldap ssl = no
  
add user script = /usr/sbin/smbldap-useradd -m '%u'
delete user script = /usr/sbin/smbldap-userdel %u
  
  
   #those scripts are modified so we can create groups also on the system
add group script = /usr/sbin/addgroupldap-system '%g'
delete group script = /usr/sbin/delgroupldap-system '%g'
add user to group script
   = /usr/sbin/add-user-to-group-ldap-system '%u' '%g'
   add user to group script = /usr/sbin/add-user-to-group-ldap-system '%u'
   '%g'
delete user from group script
   = /usr/sbin/del-user-to-group-ldap-system -x '%u' '%g'
  
  
  
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%
   u'
add machine script = /usr/sbin/smbldap-useradd -w '%u'
logon drive =
logon home =
logon path =
logon script = users/login.bat
  server signing = auto
server schannel = Auto
nt acl support = yes
   [homes]
comment = Home Directories
valid users = %S
read only = No
browseable = No
  
   [netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
admin users = root
guest ok = Yes
browseable = No
   logon script = login.bat
  
 

Re: [Samba] help - user password expiration in loop

[Fabio Pardi]

Thanks a lot Christ, 

a managed using pdbedit. In facts, many accounts were carrying only the
[U], no X (but i clearly remember I changed every user's setting with
password never expires from the srvtool graphical tool :s )

Now the only thing i have to do is waiting

Thanks a lot for your time, hoping this will permanently do the job.

Best Regards

Fabio

On Thu, 2011-06-16 at 06:52 -0700, Christ Schlacta wrote:

 use pdbedit or your web-based ldap manager to update the account flags 
 to [UX].  document the previous value before changing the flags.  Use 
 smbldap tools to update the expire time.  if none of this fixes it, post 
 an ldif if an affected user account, as well as all the info from 
 smbldap-tools about said user.
 On 6/16/2011 06:39, Fabio Pardi wrote:
  Hi everybody,
 
  I think i need a samba guru to solve this issue, because googling for
  months did not help and the problem is becoming pressing.
  I'm facing an annoying problem with samba. In detail, there is something
  wrong with the password handling. It happens from windows, mac or linux
  clients.
  Randomly (probably after $num days), the system asks to the user to
  change the password. After the user did it, the system keeps asking the
  same, in a sort of loop.
  The only option to change it is to manually go on the console and issue
  the command smbldap-passwd username.
 
  My system:
 
  ubuntu lucid 32 bit
 
  smb.conf
 
  cut---
  [global]
   idmap uid = 1000-15000
   idmap gid = 1000-15000
 
 
   workgroup = PORTAVITA
 
   netbios name = PSAMBA
 
   domain logons = Yes
   domain master = Yes
   wins support = true
   obey pam restrictions = Yes
   dns proxy = No
 
   log level = 2
   os level = 35
   log file = /var/log/samba/log.%m
   max log size = 1000
   syslog = 0
  panic action = /usr/share/samba/panic-action %d
   pam password change = Yes
   # Allows users on WinXP PCs to change their password when they
  press Ctrl-Alt-Del
   unix password sync = no
   ldap passwd sync = yes
 
   passdb backend = ldapsam:ldap://localhost
 
   ldap suffix = dc=pdc
 
   ldap admin dn = cn=admin,dc=pdc
 
   ldap machine suffix = ou=Computers
   ldap user suffix = ou=Users
   ldap group suffix = ou=Groups
   ldap idmap suffix = ou=Idmap
 
   ldap ssl = no
 
   add user script = /usr/sbin/smbldap-useradd -m '%u'
   delete user script = /usr/sbin/smbldap-userdel %u
 
 
  #those scripts are modified so we can create groups also on the system
   add group script = /usr/sbin/addgroupldap-system '%g'
   delete group script = /usr/sbin/delgroupldap-system '%g'
   add user to group script
  = /usr/sbin/add-user-to-group-ldap-system '%u' '%g'
  add user to group script = /usr/sbin/add-user-to-group-ldap-system '%u'
  '%g'
   delete user from group script
  = /usr/sbin/del-user-to-group-ldap-system -x '%u' '%g'
 
 
 
   set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%
  u'
   add machine script = /usr/sbin/smbldap-useradd -w '%u'
   logon drive =
   logon home =
   logon path =
   logon script = users/login.bat
 server signing = auto
   server schannel = Auto
   nt acl support = yes
  [homes]
   comment = Home Directories
   valid users = %S
   read only = No
   browseable = No
 
  [netlogon]
   comment = Network Logon Service
   path = /var/lib/samba/netlogon
   admin users = root
   guest ok = Yes
   browseable = No
  logon script = login.bat
 
  [Software]
   comment = Software Folder
   path = /share/software
   create mask = 0777
   directory mask = 0777
   read only = no
   writable = yes
   browsable = yes
   invalid users =guest123
 
  [progr]
   comment = Prog Folder
   path = /share/prog
   create mask = 0777
   directory mask = 0777
   read only = no
   writable = yes
   browsable = yes
   invalid users =guest123
 
  cut
 
  samba version from package is 3.4.7
  ldapadd -V
  ldapadd: @(#) $OpenLDAP: ldapmodify 2.4.21 (Aug 10 2010 17:07:36) $
  buildd@rothera:/build/buildd/openldap-2.4.21/debian/build/clients/tools
  (LDAP library: OpenLDAP 20421)
  SASL/DIGEST-MD5 authentication started
 
 
 
  Any help or suggestion is strongly appreciated.
 
  Regards,
 
  Fabio
 
 
 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] help - user password expiration in loop

[Christ Schlacta]

use pdbedit or your web-based ldap manager to update the account flags 
to [UX].  document the previous value before changing the flags.  Use 
smbldap tools to update the expire time.  if none of this fixes it, post 
an ldif if an affected user account, as well as all the info from 
smbldap-tools about said user.

On 6/16/2011 06:39, Fabio Pardi wrote:

Hi everybody,

I think i need a samba guru to solve this issue, because googling for
months did not help and the problem is becoming pressing.
I'm facing an annoying problem with samba. In detail, there is something
wrong with the password handling. It happens from windows, mac or linux
clients.
Randomly (probably after $num days), the system asks to the user to
change the password. After the user did it, the system keeps asking the
same, in a sort of loop.
The only option to change it is to manually go on the console and issue
the command smbldap-passwd username.

My system:

ubuntu lucid 32 bit

smb.conf

cut---
[global]
 idmap uid = 1000-15000
 idmap gid = 1000-15000


 workgroup = PORTAVITA

 netbios name = PSAMBA

 domain logons = Yes
 domain master = Yes
 wins support = true
 obey pam restrictions = Yes
 dns proxy = No

 log level = 2
 os level = 35
 log file = /var/log/samba/log.%m
 max log size = 1000
 syslog = 0
panic action = /usr/share/samba/panic-action %d
 pam password change = Yes
 # Allows users on WinXP PCs to change their password when they
press Ctrl-Alt-Del
 unix password sync = no
 ldap passwd sync = yes

 passdb backend = ldapsam:ldap://localhost

 ldap suffix = dc=pdc

 ldap admin dn = cn=admin,dc=pdc

 ldap machine suffix = ou=Computers
 ldap user suffix = ou=Users
 ldap group suffix = ou=Groups
 ldap idmap suffix = ou=Idmap

 ldap ssl = no

 add user script = /usr/sbin/smbldap-useradd -m '%u'
 delete user script = /usr/sbin/smbldap-userdel %u


#those scripts are modified so we can create groups also on the system
 add group script = /usr/sbin/addgroupldap-system '%g'
 delete group script = /usr/sbin/delgroupldap-system '%g'
 add user to group script
= /usr/sbin/add-user-to-group-ldap-system '%u' '%g'
add user to group script = /usr/sbin/add-user-to-group-ldap-system '%u'
'%g'
 delete user from group script
= /usr/sbin/del-user-to-group-ldap-system -x '%u' '%g'



 set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%
u'
 add machine script = /usr/sbin/smbldap-useradd -w '%u'
 logon drive =
 logon home =
 logon path =
 logon script = users/login.bat
   server signing = auto
 server schannel = Auto
 nt acl support = yes
[homes]
 comment = Home Directories
 valid users = %S
 read only = No
 browseable = No

[netlogon]
 comment = Network Logon Service
 path = /var/lib/samba/netlogon
 admin users = root
 guest ok = Yes
 browseable = No
logon script = login.bat

[Software]
 comment = Software Folder
 path = /share/software
 create mask = 0777
 directory mask = 0777
 read only = no
 writable = yes
 browsable = yes
 invalid users =guest123

[progr]
 comment = Prog Folder
 path = /share/prog
 create mask = 0777
 directory mask = 0777
 read only = no
 writable = yes
 browsable = yes
 invalid users =guest123

cut

samba version from package is 3.4.7
ldapadd -V
ldapadd: @(#) $OpenLDAP: ldapmodify 2.4.21 (Aug 10 2010 17:07:36) $
buildd@rothera:/build/buildd/openldap-2.4.21/debian/build/clients/tools
(LDAP library: OpenLDAP 20421)
SASL/DIGEST-MD5 authentication started



Any help or suggestion is strongly appreciated.

Regards,

Fabio




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help: issues about hostname nameserver

[L . P . H . van Belle]

Hi, 
?
if you do :? 
hostname -f?? = hostname in FQDN
hostname -d = only domainname.
hostname = the hostname itselve. 
?
if the command hostname gives the FQDN hostname then set the hostname again 
with hostname -F /etc/hostname
in /etc/hostname there should be the FQDN hostname in like hostname.domain.tld 
it and reboot your server.
?
in this example: host.name.domain.tld? the hostname = host 
name.domain.tld = subdomain.domain.tld
?
thats why i say dot in hostname is not RFC compliant.
?
you could set the correct domain search first.?? ( adjust to your own domain 
name. ) 
/etc/resolv.conf
domain subdomain.domain.tld
search subdomain.domain.tld? domain.tld
## if running use own?dns first
nameserver 127.0.0.1
## internet DNS servers
nameserver iphere
nameserver iphere
?
if this file changes every reboot, or if you use dhcp client?for your server. 
look for /etc/dhcp3/dhclient.conf? ( i use debian for you info, so 
dhclient.conf can be in other directory ) 
change it like this.
supersede domain-name subdomain.domain.tld;
supersede domain-search subdomain.domain.tld? domain.tld;
prepend domain-name-servers 127.0.0.1;
request subnet-mask, broadcast-address, time-offset, routers,
??? domain-name, domain-name-servers, domain-search, host-name,
??? netbios-name-servers, netbios-scope, interface-mtu,
??? rfc3442-classless-static-routes;

this correctes the search order in /etc/resolv.conf
?
now resolv.conf should be always correct. 
?
if this is checks, next part. 
in samba's smb.conf check if these line exists
?
name resolve order = wins host lmhosts bcast
dns proxy = yes

if you use dns, which i think you do, and also? dhcpserver on your server which 
i guess also.
the you should setup dynamic dns. ( its not that hard to set this up.) 
?
i guess you problem is the dhcpserver/dns setup. 
?
check all of the above and report back.
?
Best regards, 
?
Louis
?
?


Van: tubocurarine [mailto:tubocurar...@163.com] 
Verzonden: 2011-04-28 03:04
Aan: L.P.H. van Belle
Onderwerp: Re:Re: [Samba] Help: issues about hostname  nameserver



Thanks for your reply.

But both the wikipeida (http://en.wikipedia.org/wiki/Hostname) and documents 
provided by CentOS 
(http://www.centos.org/docs/5/html/5.2/Deployment_Guide/s2-sysconfig-network.html)
 point out that they should be? Fully Qualified Domain Name (FQDN), such as 
hostname.expample.com.

And also, that does not make sense for the 2nd case in the previous mail.

What's more, I'm interested in how Samba treat the server's hostname. But I 
failed to search it through the code.

Help, please.

Thanks.
Tubo.




At?2011-04-27?18:41:22 L.P.H.?van?Belle?be...@bazuin.nl?wrote: 
A?dot?in?hostname?is?not?RFC?compliant, so?change?the?servers?hostname.?  
Louis   -Oorspronkelijk?bericht- Van:?tubocurar...@163.com? 
[mailto:samba-boun...@lists.samba.org]?Namens?tubocurarine 
Verzonden:?2011-04-27?12:03 Aan:?samba@lists.samba.org 
Onderwerp:?[Samba]?Help:?issues?about?hostname??nameserver  
Dear?developers:  
I'm?using?Samba-3.5.8?on?Linux?(Gentoo,?amd64)?as?a?file? 
server,?and?using?some?Windows?based?OSes?as?clinet.?And? 
something?strange?happened?to?me.  Things?went?as?follows:  
1.?If?there?was?no?dot?(.)?in?the?hostname?of?server,?then? 
no?matter?whether?the?DNS?server?(in?/etc/resolv.conf)?was?set? 
correctly?or?not,?everything?went?fine.?Client?can?access? 
shares?(provided?server)?normally.  
2.?If?there?was?dot?in?hostname?of?server,?and?if?the?DNS? 
Server?was?set?correctly?(or?just?left?as?blank),?server? worked?normally. 
 
 3.?If?there?was?dot?in?hostname?of?server,?and?the?DNS?Server? 
was?set?incorrectly,?all?client?could?not?connect?to?the? 
server,?with?a?message?indicated?that?the?address?of?server? 
could?not?be?accessed.  
My?friend?and?I?payed?some?time?on?it.?We?found?that?in?the? 
last?situation,?the?Samba?server?may?spend?a?long?time?to?look? 
up?the?computer?name?(name?of?server?or?client).?But?before? 
the?look?up?ends,?the?client?would?treat?this?as?a?timeout.  
I?don't?know?whether?we?are?right?about?this.?And?if?we?were,? 
why?everything?goes?fine?in?the?2nd?case?  
Any?information?will?be?appreciated.  Best?regards.  Tubo  
2011-04-27  --? 
To?unsubscribe?from?this?list?go?to?the?following?URL?and?read?the 
instructions:??https://lists.samba.org/mailman/options/samba 


2G 3 ! 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help: issues about hostname nameserver

[tubocurarine]

Hi,

Thanks a lot for your detailed and excellent explanation. 

Everything goes well now.

Best regards.
Tubo.

At 2011-04-28 14:31:46，L.P.H. van Belle be...@bazuin.nl wrote:

Hi,
 
if you do : 
hostname -f   = hostname in FQDN
hostname -d = only domainname.
hostname = the hostname itselve.
 
if the command hostname gives the FQDN hostname then set the hostname again 
with hostname -F /etc/hostname
in /etc/hostname there should be the FQDN hostname inlike hostname.domain.tldit 
and reboot your server.
 
in this example: host.name.domain.tld  the hostname = host
name.domain.tld = subdomain.domain.tld
 
thats why i say dot in hostname is not RFC compliant.
 
you could set the correct domain search first.   ( adjust to your own domain 
name. )
/etc/resolv.conf
domain subdomain.domain.tld
search subdomain.domain.tld  domain.tld
## if running use own dns first
nameserver 127.0.0.1
## internet DNS servers
nameserver iphere
nameserver iphere
 
if this file changes every reboot, or if you use dhcp client for your server.
look for /etc/dhcp3/dhclient.conf  ( i use debian for you info, so 
dhclient.conf can be in other directory )
change it like this.
supersede domain-name subdomain.domain.tld;
supersede domain-search subdomain.domain.tld  domain.tld;
prepend domain-name-servers 127.0.0.1;
request subnet-mask, broadcast-address, time-offset, routers,
domain-name, domain-name-servers, domain-search, host-name,
netbios-name-servers, netbios-scope, interface-mtu,
rfc3442-classless-static-routes;

this correctes the search order in /etc/resolv.conf
 
now resolv.conf should be always correct.
 
if this is checks, next part.
in samba's smb.conf check if these line exists
 
name resolve order = wins host lmhosts bcast
dns proxy = yes

if you use dns, which i think you do, and also  dhcpserver on your server which 
i guess also.
the you should setup dynamic dns. ( its not that hard to set this up.)
 
i guess you problem is the dhcpserver/dns setup.
 
check all of the above and report back.
 
Best regards,
 
Louis
 
 


Van: tubocurarine [mailto:tubocurar...@163.com]
Verzonden: 2011-04-28 03:04
Aan: L.P.H. van Belle
Onderwerp: Re:Re: [Samba] Help: issues about hostname  nameserver


Thanks for your reply.

But both the wikipeida (http://en.wikipedia.org/wiki/Hostname) and documents 
provided by CentOS 
(http://www.centos.org/docs/5/html/5.2/Deployment_Guide/s2-sysconfig-network.html)
 point out that they should be Fully Qualified Domain Name (FQDN), such 
ashostname.expample.com.

And also, that does not make sense for the 2nd case in the previous mail.

What's more, I'm interested in how Samba treat the server's hostname. But I 
failed to search it through the code.

Help, please.

Thanks.
Tubo.




At 2011-04-27 18:41:22，L.P.H. van Belle be...@bazuin.nl wrote:

A dot in hostname is not RFC compliant,
so change the servers hostname. 

Louis


-Oorspronkelijk bericht-
Van: tubocurar...@163.com 
[mailto:samba-boun...@lists.samba.org] Namens tubocurarine
Verzonden: 2011-04-27 12:03
Aan: samba@lists.samba.org
Onderwerp: [Samba] Help: issues about hostname  nameserver

Dear developers:

I'm using Samba-3.5.8 on Linux (Gentoo, amd64) as a file 
server, and using some Windows based OSes as clinet. And 
something strange happened to me.

Things went as follows:

1. If there was no dot (.) in the hostname of server, then 
no matter whether the DNS server (in /etc/resolv.conf) was set 
correctly or not, everything went fine. Client can access 
shares (provided server) normally.

2. If there was dot in hostname of server, and if the DNS 
Server was set correctly (or just left as blank), server 
worked normally.

3. If there was dot in hostname of server, and the DNS Server 
was set incorrectly, all client could not connect to the 
server, with a message indicated that the address of server 
could not be accessed.

My friend and I payed some time on it. We found that in the 
last situation, the Samba server may spend a long time to look 
up the computer name (name of server or client). But before 
the look up ends, the client would treat this as a timeout.

I don't know whether we are right about this. And if we were, 
why everything goes fine in the 2nd case?

Any information will be appreciated.

Best regards.

Tubo

2011-04-27

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba








体验网易邮箱2G超大附件，轻松发优质大电影、大照片，提速3倍!
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help: issues about hostname nameserver

[L . P . H . van Belle]

A dot in hostname is not RFC compliant,
so change the servers hostname. 

Louis


-Oorspronkelijk bericht-
Van: tubocurar...@163.com 
[mailto:samba-boun...@lists.samba.org] Namens tubocurarine
Verzonden: 2011-04-27 12:03
Aan: samba@lists.samba.org
Onderwerp: [Samba] Help: issues about hostname  nameserver

Dear developers:

I'm using Samba-3.5.8 on Linux (Gentoo, amd64) as a file 
server, and using some Windows based OSes as clinet. And 
something strange happened to me.

Things went as follows:

1. If there was no dot (.) in the hostname of server, then 
no matter whether the DNS server (in /etc/resolv.conf) was set 
correctly or not, everything went fine. Client can access 
shares (provided server) normally.

2. If there was dot in hostname of server, and if the DNS 
Server was set correctly (or just left as blank), server 
worked normally.

3. If there was dot in hostname of server, and the DNS Server 
was set incorrectly, all client could not connect to the 
server, with a message indicated that the address of server 
could not be accessed.

My friend and I payed some time on it. We found that in the 
last situation, the Samba server may spend a long time to look 
up the computer name (name of server or client). But before 
the look up ends, the client would treat this as a timeout.

I don't know whether we are right about this. And if we were, 
why everything goes fine in the 2nd case?

Any information will be appreciated.

Best regards.

Tubo

2011-04-27

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help: issues about hostname nameserver

[tubocurarine]

Thanks for your reply.

But both the wikipeida (http://en.wikipedia.org/wiki/Hostname) and documents 
provided by CentOS 
(http://www.centos.org/docs/5/html/5.2/Deployment_Guide/s2-sysconfig-network.html)
 point out that they should be Fully Qualified Domain Name (FQDN), such 
ashostname.expample.com.

And also, that does not make sense for the 2nd case in the previous mail.

What's more, I'm interested in how Samba treat the server's hostname. But I 
failed to search it through the code.

Help, please.

Thanks.
Tubo.




At 2011-04-27 18:41:22，L.P.H. van Belle be...@bazuin.nl wrote:

A dot in hostname is not RFC compliant,
so change the servers hostname. 

Louis


-Oorspronkelijk bericht-
Van: tubocurar...@163.com 
[mailto:samba-boun...@lists.samba.org] Namens tubocurarine
Verzonden: 2011-04-27 12:03
Aan: samba@lists.samba.org
Onderwerp: [Samba] Help: issues about hostname  nameserver

Dear developers:

I'm using Samba-3.5.8 on Linux (Gentoo, amd64) as a file 
server, and using some Windows based OSes as clinet. And 
something strange happened to me.

Things went as follows:

1. If there was no dot (.) in the hostname of server, then 
no matter whether the DNS server (in /etc/resolv.conf) was set 
correctly or not, everything went fine. Client can access 
shares (provided server) normally.

2. If there was dot in hostname of server, and if the DNS 
Server was set correctly (or just left as blank), server 
worked normally.

3. If there was dot in hostname of server, and the DNS Server 
was set incorrectly, all client could not connect to the 
server, with a message indicated that the address of server 
could not be accessed.

My friend and I payed some time on it. We found that in the 
last situation, the Samba server may spend a long time to look 
up the computer name (name of server or client). But before 
the look up ends, the client would treat this as a timeout.

I don't know whether we are right about this. And if we were, 
why everything goes fine in the 2nd case?

Any information will be appreciated.

Best regards.

Tubo

2011-04-27

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help: issues about hostname nameserver

[tubocurarine]

Another interest thing: if we use a Linux client to access the shares from 
server, it connects successfully in all cases.

Don't know why.

Thanks again.


At 2011-04-28 09:06:59，tubocurarine tubocurar...@163.com wrote:
Thanks for your reply.

But both the wikipeida (http://en.wikipedia.org/wiki/Hostname) and documents 
provided by CentOS 
(http://www.centos.org/docs/5/html/5.2/Deployment_Guide/s2-sysconfig-network.html)
 point out that they should be Fully Qualified Domain Name (FQDN), such 
ashostname.expample.com.

And also, that does not make sense for the 2nd case in the previous mail.

What's more, I'm interested in how Samba treat the server's hostname. But I 
failed to search it through the code.

Help, please.

Thanks.
Tubo.




At 2011-04-27 18:41:22，L.P.H. van Belle be...@bazuin.nl wrote:

A dot in hostname is not RFC compliant,
so change the servers hostname. 

Louis


-Oorspronkelijk bericht-
Van: tubocurar...@163.com 
[mailto:samba-boun...@lists.samba.org] Namens tubocurarine
Verzonden: 2011-04-27 12:03
Aan: samba@lists.samba.org
Onderwerp: [Samba] Help: issues about hostname  nameserver

Dear developers:

I'm using Samba-3.5.8 on Linux (Gentoo, amd64) as a file 
server, and using some Windows based OSes as clinet. And 
something strange happened to me.

Things went as follows:

1. If there was no dot (.) in the hostname of server, then 
no matter whether the DNS server (in /etc/resolv.conf) was set 
correctly or not, everything went fine. Client can access 
shares (provided server) normally.

2. If there was dot in hostname of server, and if the DNS 
Server was set correctly (or just left as blank), server 
worked normally.

3. If there was dot in hostname of server, and the DNS Server 
was set incorrectly, all client could not connect to the 
server, with a message indicated that the address of server 
could not be accessed.

My friend and I payed some time on it. We found that in the 
last situation, the Samba server may spend a long time to look 
up the computer name (name of server or client). But before 
the look up ends, the client would treat this as a timeout.

I don't know whether we are right about this. And if we were, 
why everything goes fine in the 2nd case?

Any information will be appreciated.

Best regards.

Tubo

2011-04-27

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba








体验网易邮箱2G超大附件，轻松发优质大电影、大照片，提速3倍!
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help with ADS authentication and Samba

[Brian O'Mahony]

So can anyone help me find where this cache is stored?

I can log in from any machine with a username that previously worked, and is 
therefore cached somewhere on the samba server. However every other account 
does not work. 

Thanks

B

-Original Message-
From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On 
Behalf Of Brian O'Mahony
Sent: Friday, March 11, 2011 5:26 PM
To: samba
Subject: Re: [Samba] Help with ADS authentication and Samba

After a bit more investigation it seems my issue on the working server is a bit 
more complex. If I use any of the three usernames that had previously worked, 
they work in the login prompt.

However if I use any other user, it fails to log in. There is obviously a cache 
of users somewhere, but I cannot find it. 

Has anyone an idea where this cache is?

Regards

B

-Original Message-
From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On 
Behalf Of Brian O'Mahony
Sent: Friday, March 11, 2011 5:05 PM
To: 'Geoff Winkless'; samba
Subject: Re: [Samba] Help with ADS authentication and Samba

Geoff, did you do the steps below? Was there anything else required?

B

-Original Message-
From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On 
Behalf Of Geoff Winkless
Sent: Friday, March 11, 2011 4:59 PM
To: samba
Subject: Re: [Samba] Help with ADS authentication and Samba

Well I changed the server name and it resolved my problem, so I'm guessing 
something was left over from the old install. No idea where though, anyone any 
clue?

On 11 March 2011 16:47, Brian O'Mahony brian.omah...@curamsoftware.com wrote:
 I only installed this server with Base RHEL5.5 last week, got samba working 
 on Monday with ADS.
 By today (probably yesterday or wed) it was now popping up the login box.

 When you change the name, what is entailed?
 Change the name in RHEL.
 Change the name in DNS (windows server) Rejoin the ads network using 
 net ads join -U

Sounds about it. I ran net ads leave first, then changed samba and /etc/hosts 
and reran kinit too before rejoining, I dunno if that's required.

 Thanks for the help so far.

Not sure how much help I'm being, it's nice to know I'm not the only one.

Did you try the testparm thing?

Geoff
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else is 
unauthorized. If you are not the intended recipient, any disclosure, copying, 
distribution or any action taken or omitted to be taken in reliance on it, is 
prohibited and may be unlawful. If you are not the intended addressee please 
contact the sender and dispose of this e-mail. Thank you.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else is 
unauthorized. If you are not the intended recipient, any disclosure, copying, 
distribution or any action taken or omitted to be taken in reliance on it, is 
prohibited and may be unlawful. If you are not the intended addressee please 
contact the sender and dispose of this e-mail. Thank you.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized. If you are not the intended recipient, any disclosure,
copying, distribution or any action taken or omitted to be taken in reliance
on it, is prohibited and may be unlawful. If you are not the intended
addressee please contact the sender and dispose of this e-mail. Thank you.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help with ADS authentication and Samba

[Geoff Winkless]

2011/3/11 Brian O'Mahony brian.omah...@curamsoftware.com:
 Hi there, just recently joined this list as I seem to be having a little 
 trouble that I am hoping someone can help with.

 I recently installed a RHEL5.5 server and updated samba to 
 samba3-3.4.11-42.el5.x86_64.rpm. I had never set up samba to authenticate 
 with ADS so I read a little bit and dove right in. The server now works fine, 
 so when I browse to \\machinenamefile:///\\machinename no login box pops 
 up, and I see the shares, and every user in the domain can write to them.

 So far so good. I then try to replicate this on another server and then the 
 problems started. Here is the procedure I followed:

 I copied smb.conf, krb5.conf over to the new server from the working copy. 
 Edited nsswitch.conf to add winbind to the end of passwd, group and shadow.

 I then ran kinit admin. This worked. I than ran kdestroy to destroy the 
 token.

 [root@rhel5u5live ~]# net ads join -U ictadmin
 Enter ictadmin's password:
 Using short domain name -- XXX
 Joined 'RHEL5U5LIVE' to realm 'xxx.com'
 [root@rhel5u5live ~]# net ads testjoin
 Join is OK
 [root@rhel5u5live ~]# wbinfo -u | grep brian.om
 XXX/brian.omahony


 So it seems to be able to look up users etc on the Domain controller. How 
 ever when I browse to \\machinenamefile:///\\machinename a login box pops 
 up. I *know* I must have forgotten something, but cant figure out what.

Welcome to my world. I have exactly the same issue - one server works
fine, the other doesn't, even though all the wb tests seem to be fine.

Is it an XP client, by any chance?

I've narrowed it down to a kerberos issue, I believe. If you run

net use \\servername\share /user:XXX/brian.omahony

does it work correctly without asking for a password? This seems to be
NTLM vs Kerberos auth, but I can't get any further than that.

One thing to check, make sure that you have FQDN entries in the
server's /etc/hosts (or as reverse entries in DNS) for your dc and the
server itself. ie when you do

  dig -x 192.168.6.10

(the ip address of the server, obviously) from the server, do you get
the full domain name or just the hostname? Various pages suggest that
might be the cause of the problem, although it doesn't help me.

Geoff
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help with ADS authentication and Samba

[Brian O'Mahony]

It is XP.

When I ran net use \\rhel5u5\tmp /USER:DOMAIN\brian.omahony I get:

The password or user name is invalid for \\rhel5u5live\tmp.

Enter the password for 'ITDESIGN2\brian.omahony' to connect to 'rhel5u5live':
System error 1326 has occurred.

Logon failure: unknown user name or bad password.

Obviously I entered my windows password when I was prompted.

The working server does NOT have entries in the hosts file, and this server 
DOES. However both can dig the DC successfully.

Here is the machine log:

[root@rhel5u5live samba]# cat log.soundwave 
[2011/03/11 13:25:31,  6] param/loadparm.c:7028(lp_file_list_changed)
  lp_file_list_changed()
  file /etc/samba/smb.conf - /etc/samba/smb.conf  last mod_time: Fri Mar 11 
13:21:32 2011
  
[2011/03/11 13:25:31,  5] smbd/reply.c:503(reply_special)
  init msg_type=0x81 msg_flags=0x0
[2011/03/11 13:25:31,  5] lib/util_sock.c:528(read_fd_with_timeout)
  read_fd_with_timeout: blocking read. EOF from client.
[2011/03/11 13:25:31,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2011/03/11 13:25:31,  5] auth/token_util.c:522(debug_nt_user_token)
  NT user token: (NULL)
[2011/03/11 13:25:31,  5] auth/token_util.c:548(debug_unix_user_token)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2011/03/11 13:25:31,  5] smbd/uid.c:368(change_to_root_user)
  change_to_root_user: now uid=(0,0) gid=(0,0)
[2011/03/11 13:25:31,  3] smbd/connection.c:31(yield_connection)
  Yielding connection to 
[2011/03/11 13:25:31,  3] smbd/connection.c:42(yield_connection)
  deleting connection record returned NT_STATUS_NOT_FOUND
[2011/03/11 13:25:31,  3] smbd/server.c:845(exit_server_common)
  Server exit (failed to receive smb request)


-Original Message-
From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On 
Behalf Of Geoff Winkless
Sent: Friday, March 11, 2011 11:49 AM
To: samba
Subject: Re: [Samba] Help with ADS authentication and Samba

2011/3/11 Brian O'Mahony brian.omah...@curamsoftware.com:
 Hi there, just recently joined this list as I seem to be having a little 
 trouble that I am hoping someone can help with.

 I recently installed a RHEL5.5 server and updated samba to 
 samba3-3.4.11-42.el5.x86_64.rpm. I had never set up samba to authenticate 
 with ADS so I read a little bit and dove right in. The server now works fine, 
 so when I browse to \\machinenamefile:///\\machinename no login box pops 
 up, and I see the shares, and every user in the domain can write to them.

 So far so good. I then try to replicate this on another server and then the 
 problems started. Here is the procedure I followed:

 I copied smb.conf, krb5.conf over to the new server from the working copy. 
 Edited nsswitch.conf to add winbind to the end of passwd, group and shadow.

 I then ran kinit admin. This worked. I than ran kdestroy to destroy the 
 token.

 [root@rhel5u5live ~]# net ads join -U ictadmin Enter ictadmin's 
 password:
 Using short domain name -- XXX
 Joined 'RHEL5U5LIVE' to realm 'xxx.com'
 [root@rhel5u5live ~]# net ads testjoin Join is OK [root@rhel5u5live 
 ~]# wbinfo -u | grep brian.om XXX/brian.omahony


 So it seems to be able to look up users etc on the Domain controller. How 
 ever when I browse to \\machinenamefile:///\\machinename a login box pops 
 up. I *know* I must have forgotten something, but cant figure out what.

Welcome to my world. I have exactly the same issue - one server works
fine, the other doesn't, even though all the wb tests seem to be fine.

Is it an XP client, by any chance?

I've narrowed it down to a kerberos issue, I believe. If you run

net use \\servername\share /user:XXX/brian.omahony

does it work correctly without asking for a password? This seems to be
NTLM vs Kerberos auth, but I can't get any further than that.

One thing to check, make sure that you have FQDN entries in the
server's /etc/hosts (or as reverse entries in DNS) for your dc and the
server itself. ie when you do

  dig -x 192.168.6.10

(the ip address of the server, obviously) from the server, do you get
the full domain name or just the hostname? Various pages suggest that
might be the cause of the problem, although it doesn't help me.

Geoff
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized. If you are not the intended recipient, any disclosure,
copying, distribution or any action taken or omitted to be taken in reliance
on it, is prohibited and may be unlawful. If you are not the intended
addressee please contact the sender and dispose of this e-mail. Thank you.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help with ADS authentication and Samba

[Geoff Winkless]

On 11 March 2011 13:27, Brian O'Mahony brian.omah...@curamsoftware.com wrote:
 When I ran net use \\rhel5u5\tmp /USER:DOMAIN\brian.omahony I get:
 The password or user name is invalid for \\rhel5u5live\tmp.

Not the same problem I have then. Shame. I can force the domain and it works.

 The working server does NOT have entries in the hosts file, and this server 
 DOES. However both can dig the DC successfully.

Apologies, I meant dig -x rhel5u5's IP, not that of the DC. dig should
return the FQDN, not just rhel5u5.

Geoff
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help with ADS authentication and Samba

[Brian O'Mahony]

When I dig the RHEL server, it actually returns the DC:

160.16.172.in-addr.arpa. 3600   IN  SOA animal.XXX.com. 
hostmaster.XXX.com. 77337 900 600 86400 3600

The system that is working returns its correct name (ccdubrep.XXX.com)

I added the server to the windows DNS table, and the dig now shows correctly.

However it is still popping up a login box.


-Original Message-
From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On 
Behalf Of Geoff Winkless
Sent: Friday, March 11, 2011 3:34 PM
To: samba
Subject: Re: [Samba] Help with ADS authentication and Samba

On 11 March 2011 13:27, Brian O'Mahony brian.omah...@curamsoftware.com wrote:
 When I ran net use \\rhel5u5\tmp /USER:DOMAIN\brian.omahony I get:
 The password or user name is invalid for \\rhel5u5live\tmp.

Not the same problem I have then. Shame. I can force the domain and it works.

 The working server does NOT have entries in the hosts file, and this server 
 DOES. However both can dig the DC successfully.

Apologies, I meant dig -x rhel5u5's IP, not that of the DC. dig should return 
the FQDN, not just rhel5u5.

Geoff
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized. If you are not the intended recipient, any disclosure,
copying, distribution or any action taken or omitted to be taken in reliance
on it, is prohibited and may be unlawful. If you are not the intended
addressee please contact the sender and dispose of this e-mail. Thank you.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help with ADS authentication and Samba

[Brian O'Mahony]

Turns out something else has gone wrong on me.

The system that previously worked without a login box, now requires it. I 
didn't notice this as my machine obviously is cahed. If I put my credentials in 
(DOMAIN\user and password), it logs in. Still need to fix that

The system that has the same confirguration, pops the login box, but I cannot 
log in using the same credentials.

This is starting to boggle me. I don't know why all of a sudden, the first 
machine is throwing up a login box, and secondly why the second one wont 
authenticate.

B

-Original Message-
From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On 
Behalf Of Brian O'Mahony
Sent: Friday, March 11, 2011 4:02 PM
To: samba
Subject: Re: [Samba] Help with ADS authentication and Samba

When I dig the RHEL server, it actually returns the DC:

160.16.172.in-addr.arpa. 3600   IN  SOA animal.XXX.com. 
hostmaster.XXX.com. 77337 900 600 86400 3600

The system that is working returns its correct name (ccdubrep.XXX.com)

I added the server to the windows DNS table, and the dig now shows correctly.

However it is still popping up a login box.


-Original Message-
From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On 
Behalf Of Geoff Winkless
Sent: Friday, March 11, 2011 3:34 PM
To: samba
Subject: Re: [Samba] Help with ADS authentication and Samba

On 11 March 2011 13:27, Brian O'Mahony brian.omah...@curamsoftware.com wrote:
 When I ran net use \\rhel5u5\tmp /USER:DOMAIN\brian.omahony I get:
 The password or user name is invalid for \\rhel5u5live\tmp.

Not the same problem I have then. Shame. I can force the domain and it works.

 The working server does NOT have entries in the hosts file, and this server 
 DOES. However both can dig the DC successfully.

Apologies, I meant dig -x rhel5u5's IP, not that of the DC. dig should return 
the FQDN, not just rhel5u5.

Geoff
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else is 
unauthorized. If you are not the intended recipient, any disclosure, copying, 
distribution or any action taken or omitted to be taken in reliance on it, is 
prohibited and may be unlawful. If you are not the intended addressee please 
contact the sender and dispose of this e-mail. Thank you.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized. If you are not the intended recipient, any disclosure,
copying, distribution or any action taken or omitted to be taken in reliance
on it, is prohibited and may be unlawful. If you are not the intended
addressee please contact the sender and dispose of this e-mail. Thank you.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help with ADS authentication and Samba

[Geoff Winkless]

On 11 March 2011 16:02, Brian O'Mahony brian.omah...@curamsoftware.com wrote:
 When I dig the RHEL server, it actually returns the DC:

 160.16.172.in-addr.arpa. 3600   IN      SOA     animal.XXX.com. 
 hostmaster.XXX.com. 77337 900 600 86400 3600

 The system that is working returns its correct name (ccdubrep.XXX.com)

 I added the server to the windows DNS table, and the dig now shows correctly.

 However it is still popping up a login box.

Even after restarting both smb and winbind?

Then I dunno. I'm beginning to feel like the ADS stuff is a bit like a
black art - did you remember to sacrifice a goat and turn three times
widdershins before you started?

Geoff
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help with ADS authentication and Samba

[Brian O'Mahony]

Restarted services. Restarted servers. Recopied smb and krb5 conf files to the 
server that is not working.

I have increased log level to 9 to see what is going on.

Black are is right. The fact that one system was working without the login 
prompt and now doesn't is starting to fry my brains. Especially on a Friday

B

-Original Message-
From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On 
Behalf Of Geoff Winkless
Sent: Friday, March 11, 2011 4:22 PM
To: samba
Subject: Re: [Samba] Help with ADS authentication and Samba

On 11 March 2011 16:02, Brian O'Mahony brian.omah...@curamsoftware.com wrote:
 When I dig the RHEL server, it actually returns the DC:

 160.16.172.in-addr.arpa. 3600   IN      SOA     animal.XXX.com. 
 hostmaster.XXX.com. 77337 900 600 86400 3600

 The system that is working returns its correct name (ccdubrep.XXX.com)

 I added the server to the windows DNS table, and the dig now shows correctly.

 However it is still popping up a login box.

Even after restarting both smb and winbind?

Then I dunno. I'm beginning to feel like the ADS stuff is a bit like a black 
art - did you remember to sacrifice a goat and turn three times widdershins 
before you started?

Geoff
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized. If you are not the intended recipient, any disclosure,
copying, distribution or any action taken or omitted to be taken in reliance
on it, is prohibited and may be unlawful. If you are not the intended
addressee please contact the sender and dispose of this e-mail. Thank you.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help with ADS authentication and Samba

[Geoff Winkless]

On 11 March 2011 16:06, Brian O'Mahony brian.omah...@curamsoftware.com wrote:
 Turns out something else has gone wrong on me.

 The system that previously worked without a login box, now requires it. I 
 didn't notice this as my machine obviously is cahed. If I put my credentials 
 in (DOMAIN\user and password), it logs in. Still need to fix that

That sounds more like my problem. If you do the net use command
specifying the domain\user does it still ask for password or does it
go with it from there?

 The system that has the same confirguration, pops the login box, but I cannot 
 log in using the same credentials.

Are they running the same samba version? Have you run a diff on the
output from testparm -v on both boxes?

What does wbinfo -k DOMAIN\\brian.omahoney return?

(or DOMAIN+brian.omahoney if you're using + as a winbind separator)

G
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help with ADS authentication and Samba

[Brian O'Mahony]

Yep that works. Looks like I have the same issue as you on one server, and the 
other is just hosed.

Did yours ever work? Mine worked on Wednesday before I tried to figure out why 
the second one didn't work, and broke the original in the process.

Arg.

B

-Original Message-
From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On 
Behalf Of Geoff Winkless
Sent: Friday, March 11, 2011 4:28 PM
To: samba
Subject: Re: [Samba] Help with ADS authentication and Samba

On 11 March 2011 16:06, Brian O'Mahony brian.omah...@curamsoftware.com wrote:
 Turns out something else has gone wrong on me.

 The system that previously worked without a login box, now requires 
 it. I didn't notice this as my machine obviously is cahed. If I put my 
 credentials in (DOMAIN\user and password), it logs in. Still need to 
 fix that

That sounds more like my problem. If you do the net use command specifying the 
domain\user does it still ask for password or does it go with it from there?

 The system that has the same confirguration, pops the login box, but I cannot 
 log in using the same credentials.

Are they running the same samba version? Have you run a diff on the output from 
testparm -v on both boxes?

What does wbinfo -k DOMAIN\\brian.omahoney return?

(or DOMAIN+brian.omahoney if you're using + as a winbind separator)

G
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized. If you are not the intended recipient, any disclosure,
copying, distribution or any action taken or omitted to be taken in reliance
on it, is prohibited and may be unlawful. If you are not the intended
addressee please contact the sender and dispose of this e-mail. Thank you.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help with ADS authentication and Samba

[Geoff Winkless]

On 11 March 2011 16:33, Brian O'Mahony brian.omah...@curamsoftware.com wrote:
 Yep that works. Looks like I have the same issue as you on one server, and 
 the other is just hosed.

 Did yours ever work? Mine worked on Wednesday before I tried to figure out 
 why the second one didn't work, and broke the original in the process.

Mine used to work with identical config before I upgraded it from
Redhat 9. I have a feeling it's related to that - perhaps there's a
cache of some sort somewhere that remembers the IP/domain name and
doesn't like the fact that something about the server (the SID?) has
changed. I reset the netbios cache on the XP client but it made no
difference. I might try changing the server name and see if it helps.

I have no idea where to start looking, unfortunately, so it makes it a
bit like looking for a needle in a haystack at midnight.

Geoff
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help with ADS authentication and Samba

[Brian O'Mahony]

I only installed this server with Base RHEL5.5 last week, got samba working on 
Monday with ADS. By today (probably yesterday or wed) it was now popping up the 
login box.

When you change the name, what is entailed?
Change the name in RHEL.
Change the name in DNS (windows server)
Rejoin the ads network using net ads join -U

Anything else?

Thanks for the help so far.

B



-Original Message-
From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On 
Behalf Of Geoff Winkless
Sent: Friday, March 11, 2011 4:40 PM
To: samba
Subject: Re: [Samba] Help with ADS authentication and Samba

On 11 March 2011 16:33, Brian O'Mahony brian.omah...@curamsoftware.com wrote:
 Yep that works. Looks like I have the same issue as you on one server, and 
 the other is just hosed.

 Did yours ever work? Mine worked on Wednesday before I tried to figure out 
 why the second one didn't work, and broke the original in the process.

Mine used to work with identical config before I upgraded it from Redhat 9. I 
have a feeling it's related to that - perhaps there's a cache of some sort 
somewhere that remembers the IP/domain name and doesn't like the fact that 
something about the server (the SID?) has changed. I reset the netbios cache on 
the XP client but it made no difference. I might try changing the server name 
and see if it helps.

I have no idea where to start looking, unfortunately, so it makes it a bit like 
looking for a needle in a haystack at midnight.

Geoff
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized. If you are not the intended recipient, any disclosure,
copying, distribution or any action taken or omitted to be taken in reliance
on it, is prohibited and may be unlawful. If you are not the intended
addressee please contact the sender and dispose of this e-mail. Thank you.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help with ADS authentication and Samba

[Geoff Winkless]

Well I changed the server name and it resolved my problem, so I'm
guessing something was left over from the old install. No idea where
though, anyone any clue?

On 11 March 2011 16:47, Brian O'Mahony brian.omah...@curamsoftware.com wrote:
 I only installed this server with Base RHEL5.5 last week, got samba working 
 on Monday with ADS.
 By today (probably yesterday or wed) it was now popping up the login box.

 When you change the name, what is entailed?
 Change the name in RHEL.
 Change the name in DNS (windows server)
 Rejoin the ads network using net ads join -U

Sounds about it. I ran net ads leave first, then changed samba and
/etc/hosts and reran kinit too before rejoining, I dunno if that's
required.

 Thanks for the help so far.

Not sure how much help I'm being, it's nice to know I'm not the only one.

Did you try the testparm thing?

Geoff
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help with ADS authentication and Samba

[Brian O'Mahony]

Geoff, did you do the steps below? Was there anything else required?

B

-Original Message-
From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On 
Behalf Of Geoff Winkless
Sent: Friday, March 11, 2011 4:59 PM
To: samba
Subject: Re: [Samba] Help with ADS authentication and Samba

Well I changed the server name and it resolved my problem, so I'm guessing 
something was left over from the old install. No idea where though, anyone any 
clue?

On 11 March 2011 16:47, Brian O'Mahony brian.omah...@curamsoftware.com wrote:
 I only installed this server with Base RHEL5.5 last week, got samba working 
 on Monday with ADS.
 By today (probably yesterday or wed) it was now popping up the login box.

 When you change the name, what is entailed?
 Change the name in RHEL.
 Change the name in DNS (windows server) Rejoin the ads network using 
 net ads join -U

Sounds about it. I ran net ads leave first, then changed samba and /etc/hosts 
and reran kinit too before rejoining, I dunno if that's required.

 Thanks for the help so far.

Not sure how much help I'm being, it's nice to know I'm not the only one.

Did you try the testparm thing?

Geoff
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized. If you are not the intended recipient, any disclosure,
copying, distribution or any action taken or omitted to be taken in reliance
on it, is prohibited and may be unlawful. If you are not the intended
addressee please contact the sender and dispose of this e-mail. Thank you.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help with ADS authentication and Samba

[Brian O'Mahony]

After a bit more investigation it seems my issue on the working server is a bit 
more complex. If I use any of the three usernames that had previously worked, 
they work in the login prompt.

However if I use any other user, it fails to log in. There is obviously a cache 
of users somewhere, but I cannot find it. 

Has anyone an idea where this cache is?

Regards

B

-Original Message-
From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On 
Behalf Of Brian O'Mahony
Sent: Friday, March 11, 2011 5:05 PM
To: 'Geoff Winkless'; samba
Subject: Re: [Samba] Help with ADS authentication and Samba

Geoff, did you do the steps below? Was there anything else required?

B

-Original Message-
From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On 
Behalf Of Geoff Winkless
Sent: Friday, March 11, 2011 4:59 PM
To: samba
Subject: Re: [Samba] Help with ADS authentication and Samba

Well I changed the server name and it resolved my problem, so I'm guessing 
something was left over from the old install. No idea where though, anyone any 
clue?

On 11 March 2011 16:47, Brian O'Mahony brian.omah...@curamsoftware.com wrote:
 I only installed this server with Base RHEL5.5 last week, got samba working 
 on Monday with ADS.
 By today (probably yesterday or wed) it was now popping up the login box.

 When you change the name, what is entailed?
 Change the name in RHEL.
 Change the name in DNS (windows server) Rejoin the ads network using 
 net ads join -U

Sounds about it. I ran net ads leave first, then changed samba and /etc/hosts 
and reran kinit too before rejoining, I dunno if that's required.

 Thanks for the help so far.

Not sure how much help I'm being, it's nice to know I'm not the only one.

Did you try the testparm thing?

Geoff
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else is 
unauthorized. If you are not the intended recipient, any disclosure, copying, 
distribution or any action taken or omitted to be taken in reliance on it, is 
prohibited and may be unlawful. If you are not the intended addressee please 
contact the sender and dispose of this e-mail. Thank you.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized. If you are not the intended recipient, any disclosure,
copying, distribution or any action taken or omitted to be taken in reliance
on it, is prohibited and may be unlawful. If you are not the intended
addressee please contact the sender and dispose of this e-mail. Thank you.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help / Suggestions on how to migrate to AD from smbpasswd

[Volker Lendecke]

On Fri, Mar 04, 2011 at 07:11:22PM -0800, David Broome wrote:
 I have an older standalone Samba 3.0.14 system (security = user) with
 local users and local home directories and shares. This uses another
 'legacy' system for adding linux users accounts.  I then use the pam
 plug-in pam_smbpass pam_smbpass.so migrate to create a smbpasswd
 entry for users.
 
 The UID's up to 8765 are currently in use ie:
 
 etc/passwd: noni:x:8765:4251::/home/noni:/bin/bash
 etc/samba/smbpasswd: noni:8765:bla:bla:[U  ]:LCT-4D2B7B16:
 
 I hope to have the new system Samba 3.5.4 that I am migrating to use
 AD (security = ads) for samba and ssh via PAM.
 
 Will I be able to do this?

Look at net idmap dump / net idmap restore.

Volker

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help needed with Windows7 roaming files.

[Daniel Müller]

With outlook working you need to redirect your users pst and you need to set
up a prf-file for each user.
Ex:
;Automatically generated PRF file from the Microsoft Office Customization
and Installation Wizard

; **
; Section 1 - Profile Defaults
; **

[General]
Custom=1
ProfileName=test
DefaultProfile=Yes
OverwriteProfile=Yes
ModifyDefaultProfileIfPresent=FALSE
;DefaultStore=Service1

; **
; Section 2 - Services in Profile
; **

[Service List]
Service1=Personal Folders
Service2=Outlook Address Book
Service3=Personal Address Book

;***
; Section 3 - List of internet accounts
;***

[Internet Account List]
Account1=IMAP_I_Mail

;***
; Section 4 - Default values for each service.
;***
[Service1]
UniqueService=No
Name=Mein persönlicher Ordner
PathToPersonalFolders=\\tuepropdc\%USERNAME%\outlook\%USERNAME%.pst
--the psts
EncryptionType=0x8000


[Service2]

[Service3]
NameOfPAB=Persönliches Adress Buch
Path=\\tuepropdc\%USERNAME%\outlook\%USERNAME%.pab
ShowNamesBy=0
..

But you are running exchange. Why do you need another imap and smtp?

---
EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: muel...@tropenklinik.de
Internet: www.tropenklinik.de
---
-Ursprüngliche Nachricht-
Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im
Auftrag von Dennis M
Gesendet: Montag, 21. Februar 2011 05:45
An: samba@lists.samba.org
Betreff: Re: [Samba] Help needed with Windows7 roaming files.

Hi Guys,

I've had a check again, looks like roaming profile is already running (sorry
about being misleading),  strange though
no local profile is created (this can be found out when i log in as local
admin and go to the User Profile tab in computer
properties),  and outlook still complains about the data file cannot be
accessed and not sending email  (we have two
email accounts in outlook,  the exchange one is fine, only imap/smtp account
is not sending. )  on Windows XP before
the upgrade everything was fine,  just wondering if there's anyone managed
to get outlook working with windows7 roaming profile.

.profile.V2 looks fine on the server.  it was auto-generated by windows7.

Thanks again.



On Mon, Feb 21, 2011 at 12:30 AM, mr...@freemail.hu
mr...@freemail.huwrote:

 Hi Dennis!

 Windows 7 uses the same share for roaming profiles as Windows XP, but
 a different directory. (so, you don't need the profiles.v2 share)
 The profile directories for Win7 ends with .v2. Try to create a
 directory with the following name: \\server1\user1\.profile.v2.
 Perhaps it helps, If doesn't, then here is my config which worked for
 me:

 smb.conf:

 [global]
 ...
 logon path = \\smbserver\profiles\%U
 ...
 [profiles]
path = /opt/samba/profiles
writeable = yes
browseable = yes
read only = no
hide unreadable = yes
directory mask = 0770
force directory mode = 2770
create mask = 0660

 In the profiles share I made two directories for the two profiles:
 john
 john.v2

 Best regards,
 mredd


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help needed with Windows7 roaming files.

[Dennis M]

Thanks Daniel,

The legacy  IMap (postfix and courier) server exists for historic reasons,
we have plans to merge it with the Exchange server sometime this year. until
then we will still need to live with it.

Can you give more details as in how to activate the prf file for each user?
if i understand correctly,  this will place the .prf file in the network
share,
i heard it's not supported by MS prone to errors.

Thanks heaps for the great help!



On Mon, Feb 21, 2011 at 6:35 PM, Daniel Müller muel...@tropenklinik.dewrote:

 With outlook working you need to redirect your users pst and you need to
 set
 up a prf-file for each user.
 Ex:
 ;Automatically generated PRF file from the Microsoft Office Customization
 and Installation Wizard

 ; **
 ; Section 1 - Profile Defaults
 ; **

 [General]
 Custom=1
 ProfileName=test
 DefaultProfile=Yes
 OverwriteProfile=Yes
 ModifyDefaultProfileIfPresent=FALSE
 ;DefaultStore=Service1

 ; **
 ; Section 2 - Services in Profile
 ; **

 [Service List]
 Service1=Personal Folders
 Service2=Outlook Address Book
 Service3=Personal Address Book

 ;***
 ; Section 3 - List of internet accounts
 ;***

 [Internet Account List]
 Account1=IMAP_I_Mail

 ;***
 ; Section 4 - Default values for each service.
 ;***
 [Service1]
 UniqueService=No
 Name=Mein persönlicher Ordner
 PathToPersonalFolders=\\tuepropdc\%USERNAME%\outlook\%USERNAME%.pst
 --the psts
 EncryptionType=0x8000


 [Service2]

 [Service3]
 NameOfPAB=Persönliches Adress Buch
 Path=\\tuepropdc\%USERNAME%\outlook\%USERNAME%.pab
 ShowNamesBy=0
 ..

 But you are running exchange. Why do you need another imap and smtp?

 ---
 EDV Daniel Müller

 Leitung EDV
 Tropenklinik Paul-Lechler-Krankenhaus
 Paul-Lechler-Str. 24
 72076 Tübingen

 Tel.: 07071/206-463, Fax: 07071/206-499
 eMail: muel...@tropenklinik.de
 Internet: www.tropenklinik.de
 ---
 -Ursprüngliche Nachricht-
 Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org]
 Im
 Auftrag von Dennis M
 Gesendet: Montag, 21. Februar 2011 05:45
 An: samba@lists.samba.org
 Betreff: Re: [Samba] Help needed with Windows7 roaming files.

 Hi Guys,

 I've had a check again, looks like roaming profile is already running
 (sorry
 about being misleading),  strange though
 no local profile is created (this can be found out when i log in as local
 admin and go to the User Profile tab in computer
 properties),  and outlook still complains about the data file cannot be
 accessed and not sending email  (we have two
 email accounts in outlook,  the exchange one is fine, only imap/smtp
 account
 is not sending. )  on Windows XP before
 the upgrade everything was fine,  just wondering if there's anyone managed
 to get outlook working with windows7 roaming profile.

 .profile.V2 looks fine on the server.  it was auto-generated by windows7.

 Thanks again.



 On Mon, Feb 21, 2011 at 12:30 AM, mr...@freemail.hu
 mr...@freemail.huwrote:

  Hi Dennis!
 
  Windows 7 uses the same share for roaming profiles as Windows XP, but
  a different directory. (so, you don't need the profiles.v2 share)
  The profile directories for Win7 ends with .v2. Try to create a
  directory with the following name: \\server1\user1\.profile.v2.
  Perhaps it helps, If doesn't, then here is my config which worked for
  me:
 
  smb.conf:
 
  [global]
  ...
  logon path = \\smbserver\profiles\%U
  ...
  [profiles]
 path = /opt/samba/profiles
 writeable = yes
 browseable = yes
 read only = no
 hide unreadable = yes
 directory mask = 0770
 force directory mode = 2770
 create mask = 0660
 
  In the profiles share I made two directories for the two profiles:
  john
  john.v2
 
  Best regards,
  mredd
 
 
 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  https://lists.samba.org/mailman/options/samba


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help needed with Windows7 roaming files.

[Dennis M]

Hi Guys,

I've had a check again, looks like roaming profile is already running (sorry
about being misleading),  strange though
no local profile is created (this can be found out when i log in as local
admin and go to the User Profile tab in computer
properties),  and outlook still complains about the data file cannot be
accessed and not sending email  (we have two
email accounts in outlook,  the exchange one is fine, only imap/smtp account
is not sending. )  on Windows XP before
the upgrade everything was fine,  just wondering if there's anyone managed
to get outlook working with windows7 roaming profile.

.profile.V2 looks fine on the server.  it was auto-generated by windows7.

Thanks again.



On Mon, Feb 21, 2011 at 12:30 AM, mr...@freemail.hu mr...@freemail.huwrote:

 Hi Dennis!

 Windows 7 uses the same share for roaming profiles as Windows XP, but
 a different directory. (so, you don't need the profiles.v2 share)
 The profile directories for Win7 ends with .v2. Try to create a
 directory with the following name: \\server1\user1\.profile.v2.
 Perhaps it helps, If doesn't, then here is my config which worked for
 me:

 smb.conf:

 [global]
 ...
 logon path = \\smbserver\profiles\%U
 ...
 [profiles]
path = /opt/samba/profiles
writeable = yes
browseable = yes
read only = no
hide unreadable = yes
directory mask = 0770
force directory mode = 2770
create mask = 0660

 In the profiles share I made two directories for the two profiles:
 john
 john.v2

 Best regards,
 mredd


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help needed with Windows7 roaming files.

[Gary Dale]

Are you sure it's not a permissions problem? Have the Windows 7 machines 
been properly added to the domain? Are the user accounts enabled?


Sorry, I have no Windows 7 clients to test things on. However, whenever 
I've had similar problems, it's been an account setup problem, not a 
Samba configuration issue.



On 17/02/11 11:00 PM, Dennis M wrote:

Hi all,

We've been trying to setup/upgrade a samba PDC (version 3.56) with OpenLDAP
as backend and roaming profiles for Windows7 (32bit) Clients. windows7 has
no problem
with login after applying the reg patches,  however, it seems to always load
a temporary profile as opposed to roaming one for users,  no local profile
is created.
this has caused Outlook 2010 to function improperly (complains about outlook
data cannot be accessed and fail to send any email),  if i force profile
type
to local only in registry then outlook works perfectly,  local profile is
not an option for us though as a lot of our users change sites/pcs quite
often.

I've enclosed some related info below;  the same config works perfectly with
windowsXP clients.

Ldap entries (samba related)

objectClass: sambaSamAccount
sambaSID: S-1-5-21-1209579028-1696229136-1764916649-15754
sambaHomePath: \\server1\user1
sambaProfilePath: \\server1\user1\.profile
sambaLogonScript: logon.bat
sambaAcctFlags: [UX ]
sambaPrimaryGroupSID: S-1-5-21-1209579028-1696229136-1764916649-513


smb.conf

[global]

logon drive = H:
logon home = \\%s\%U

[profiles]
   path = /home
   browseable = no
   read only = no
   profile acls = yes
   csc policy = disable
   hide files=/Desktop.ini/Thumbs.db/lost+found
   store dos attributes = Yes
   create mask = 0600
   directory mask = 0700

[profiles.v2]
  copy = profiles


Any ideas?   thanks heaps.


Dennis




  has anybody managed to get Windows 7 (final) to use roaming profiles?
Windows
   

7 is joined to my Samba 3.4.1 domain and always logs me in with a
 

temporary
   

profile. Windows XP works without problems.
 


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help needed with Windows7 roaming files.

[tms3]

Hi all,

We've been trying to setup/upgrade a samba PDC (version 3.56) with 
OpenLDAP
as backend and roaming profiles for Windows7 (32bit) Clients. windows7 
has

no problem
with login after applying the reg patches,  however, it seems to 
always load
a temporary profile as opposed to roaming one for users,  no local 
profile

is created.
this has caused Outlook 2010 to function improperly (complains about 
outlook
data cannot be accessed and fail to send any email),  if i force 
profile

type
to local only in registry then outlook works perfectly,  local profile 
is
not an option for us though as a lot of our users change sites/pcs 
quite

often.

I've enclosed some related info below;  the same config works 
perfectly with

windowsXP clients.

Ldap entries (samba related)

objectClass: sambaSamAccount
sambaSID: S-1-5-21-1209579028-1696229136-1764916649-15754
sambaHomePath: \\server1\user1
sambaProfilePath: \\server1\user1\.profile
sambaLogonScript: logon.bat
sambaAcctFlags: [UX ]
sambaPrimaryGroupSID: S-1-5-21-1209579028-1696229136-1764916649-513


sambaProfilePath: \\oakland\profiles\pcuser
description: System User
homeDirectory: /home/pcuser
sn: pcuser
sambaHomePath: \\oakland\open

Works fine with XP, Vista and Win7

smb.conf

SNIP

[Profiles]
 path=/usr/home/sambashit/Profiles
 public = yes
  only guest = no
  browseable = yes
  writeable = yes
  printable = no
  create mask = 0770
  force create mode = 0770
  force directory mode = 0770
  directory security mask = 0770
  level2 oplocks = Yes

Security fine grained control using acls set from Administrator 
account on Windows workstation.





smb.conf

[global]
.
logon drive = H:
logon home = \\%s\%U

[profiles]
   path = /home
   browseable = no
   read only = no
   profile acls = yes
   csc policy = disable
   hide files=/Desktop.ini/Thumbs.db/lost+found
   store dos attributes = Yes
   create mask = 0600
   directory mask = 0700

[profiles.v2]
copy = profiles


Any ideas?   thanks heaps.


Dennis




has anybody managed to get Windows 7 (final) to use roaming profiles?
Windows


7 is joined to my Samba 3.4.1 domain and always logs me in with a

temporary


profile. Windows XP works without problems.
--

To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] help migrating from file server to NAS w/ Active Directory

[Jim Dory]

 Extra info:
 smbd --version
Version 3.0.33-0.19.el4_8.3

Win Server 2003-r2

thx,  JD

On 2/16/2011 10:49 AM, Jim Dory wrote:

 hello,

I'm having a problem I hope will be easy for someone to explain to me 
how to fix. I need to migrate from an old server to a new Cisco Smart 
Storage NAS, which runs some flavor of linux and is Active Directory 
aware. Using something like Robocopy from the AD server, or rsync or 
tar from the file server does not preserve user/group identities or 
directory date stamps (maybe rsync tar preserves the directory date 
stamps but robocopy doesn't). The owner defaults to the NAS admin and 
admin group.


There also seems to be a problem with the windows security permissions 
on the directories/files - under Windows Explorer the permissions are 
listed as special and the admins can't change them.


I set up a file server years ago on CentOs using Samba to serve files 
to Windows clients. Since then we integrated Active Directory and I 
had a windows whiz fix up my Samba config to use AD authentication. So 
the server doesn't really have linux users/groups anymore per se. To 
add a new user I add them via the AD server then map them in the 
smb.conf file - create manually a home directory for them and chown it 
to their username. (not sure how that works since there is no linux 
user by those usernames). Here is an example:

[jimd]
path = /home/CN/jimd
valid users = CN+jimd
writeable = Yes
create mask = 0777
directory mask = 0777
browseable = no 


So the AD user is CN+jimd. One the file server though, the username 
that shows up on any file created by CN+jimd is actually owned by jimd 
(no CN+). On the NAS, any file I create with that user is owned by 
CN+jimd. Not sure if that is part of my problem or not.


Groups are similar.

[Engineering]
writeable = Yes
path = /home/data/engineering
force group = CN+sengineer
;   guest ok = Yes
browseable = Yes
create mask = 0770
directory mask = 0770
valid users = @CN+sengineer 


So the thought was to somehow map files/shares on the AD server and 
move them over in that environment, but having troubles mentioned 
above - preserving directory time stamps and owner IDs.  Seems like 
I'm missing something really simple. The NAS does have samba and 
automatically writes a smb.conf file, but I don't believe there is a 
way to manually edit it other than GUI.


Let me know if you need more info to help.. appreciate the read!
cheers, JD



--
Jim Dory
Engineering
City of Nome
PO Box 281
102 Division St.
Nome, AK 99762
907.443.6604

http://www.nomealaska.org

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] help migrating from file server to NAS w/ Active Directory

[Jim Dory]

 To boil this down a bit, maybe my problem is that my domain users on 
the old server are for instance jimd, and on the new NAS they show up as 
Domain+jimd. Or in this example, CN+jimd. So if I try to move files to 
the NAS, it doesn't recognize those users (without the prefix CN+) as 
users. The getent command on the old server has users uids in the 10,000 
range. On the NAS, they are in the 30,000 range, even though it got the 
users from the AD server. So perhaps I need a way to get things to match up?


thx, Jim



On 2/16/2011 10:49 AM, Jim Dory wrote:

 hello,

I'm having a problem I hope will be easy for someone to explain to me 
how to fix. I need to migrate from an old server to a new Cisco Smart 
Storage NAS, which runs some flavor of linux and is Active Directory 
aware. Using something like Robocopy from the AD server, or rsync or 
tar from the file server does not preserve user/group identities or 
directory date stamps (maybe rsync tar preserves the directory date 
stamps but robocopy doesn't). The owner defaults to the NAS admin and 
admin group.


There also seems to be a problem with the windows security permissions 
on the directories/files - under Windows Explorer the permissions are 
listed as special and the admins can't change them.


I set up a file server years ago on CentOs using Samba to serve files 
to Windows clients. Since then we integrated Active Directory and I 
had a windows whiz fix up my Samba config to use AD authentication. So 
the server doesn't really have linux users/groups anymore per se. To 
add a new user I add them via the AD server then map them in the 
smb.conf file - create manually a home directory for them and chown it 
to their username. (not sure how that works since there is no linux 
user by those usernames). Here is an example:

[jimd]
path = /home/CN/jimd
valid users = CN+jimd
writeable = Yes
create mask = 0777
directory mask = 0777
browseable = no 


So the AD user is CN+jimd. One the file server though, the username 
that shows up on any file created by CN+jimd is actually owned by jimd 
(no CN+). On the NAS, any file I create with that user is owned by 
CN+jimd. Not sure if that is part of my problem or not.


Groups are similar.

[Engineering]
writeable = Yes
path = /home/data/engineering
force group = CN+sengineer
;   guest ok = Yes
browseable = Yes
create mask = 0770
directory mask = 0770
valid users = @CN+sengineer 


So the thought was to somehow map files/shares on the AD server and 
move them over in that environment, but having troubles mentioned 
above - preserving directory time stamps and owner IDs.  Seems like 
I'm missing something really simple. The NAS does have samba and 
automatically writes a smb.conf file, but I don't believe there is a 
way to manually edit it other than GUI.


Let me know if you need more info to help.. appreciate the read!
cheers, JD



--
Jim Dory
Engineering
City of Nome
PO Box 281
102 Division St.
Nome, AK 99762
907.443.6604

http://www.nomealaska.org

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] help with configuring PAM

[Dale Schroeder]

Brandon,

I used this as my template in Debian:
http://www.enterprisenetworkingplanet.com/netos/article.php/10951_3502441_2

From my limited experience with Ubuntu, I seem to remember that they 
put most of their directives in the common-* files,

so you may have to adjust locations.

Dale


On 01/13/2011 11:10 AM, Brandon Coale wrote:

Hello,

My company has a Windows file server that I attempting to setup a
Samba server as an Active Directory domain member to replace. I have
migrated one of the shares to the Samba server but am having some
problems. I installed Ubuntu Server 10.04.1 LTS on a new server for
the sole purpose of replacing the Windows file server. Our domain
controller is running Windows Server 2003 SP2. I have set up smb.conf,
the client side of Kerberos, Winbind, name service switch, and PAM
according to some documentation I read.

I believe the problems may be due to an improper PAM configuration,
because one of the issues I have is getting prompted to enter my
password more than once when I sudo or sign into the console. Another
issue is if I do a useradd command to add a strictly local linux user,
then run the passwd command to set a password for the local user, I
get prompted to enter a current kerberos password.

Would anyone that has replaced a Windows file server in an Active
Directory environment be willing to share how they did their PAM
configuration?

Thanks,
Brandon

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] HELP: Samba flat file Visual FoxPRO BDD :(

[Intel Man]

Hi, I have samba 3.5.4 in debian lenny, and visual foxpro 8.0 with dbf's (200+) 
and 20 workstations and not problem with dbf's, I have oplocks off

kernel oplocks = No
oplocks = No
level2 oplocks = No
strict locking = No


Cheers




 From: jourt_flo...@hotmail.com

 Subject: [Samba] HELP: Samba  flat file Visual FoxPRO BDD :(
 
 Hello, and Happy News Year from France J
 
  
 
 Since 4 month I'm trying to configure Samba 3 on an Ubuntu server 10 to
 replace a W2k server.
 
  
 
 The client software is used over Windows XP vista and seven.
 This software use smb for a flat file (.dbf) share for 9 users the new
 server is more powerful the old one
 but I think that the Oplocks options are causing high latencies in the
 request.
 
  
 
 Ex when I use oplocks high latencies
 When oplocks are off the file loose data
 
  
 
 Is it possible that W2k smb is more powerful that samba???
 
  
 
 I need your help, 
 
  
 
 Kind regards,
 
 Floris
 
  
 
 -- 
 To unsubscribe from this list go to the following URL and read the
 instructions:  https://lists.samba.org/mailman/options/samba
  
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help with Samba4 running logon script

[Daniel Müller]

use the ads tool from microsoft to do this stuff.
You need more information I made a thread:
HOWTO samba4 centos5.5 named dnsupdate drbd simple failover


On Wed, 01 Dec 2010 16:41:19 -0500, Mark Sheppard m...@ams.org wrote:
 Hi!
 
 I am currently testing a Samba4 Alpha13 server with Windows Vista SPK2 
 and I am not able
 to run logon scripts. I am able to use both profiles and map Home 
 folders without any
 problems. I do not see any DOS window opening with the script running 
 and I have tested
 running this as both a user and administrator by hand by just clicking 
 on the script .bat file
 which runs just fine. Therefore, there appears to be no permissions 
 problem when you run it.
 I did also try inserting a net use command in the .bat just in case it 
 was really working but
 I don't see any mapped drive either. Maybe this is a problem with Vista 
 and I need to change
 a setting there? If you have any suggestions on what to check I would 
 greatly appreciate it. Thanks.
 
 Mark Sheppard
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help with Samba4 running logon script

[Daniel Müller]

You do in /usr/local/samba/etc/smb.conf


[netlogon]
path = /usr/local/samba/var/locks/sysvol/yourdomain/scripts
read only = no

Add a user with the ads tool.
You write for each user with the ads tool the logon.bat or whatever would
be your logon script. See there:
http://technet.microsoft.com/en-us/library/cc779490(WS.10).aspx
As admin copy the script to this location in the path of your samba
netlogon. Thats it. It should work on the fly.

On Thu, 02 Dec 2010 15:48:41 -0500, Mark Sheppard m...@ams.org wrote:
 Daniel:
 
 Thanks for the note! I am currently using the Microsoft ADS tools for 
 trying to set
 the login script. I can set the parameters in the Samba4 LDAP server but

 nothing
 happens with it, profiles and home directories work just fine. I am 
 going to check
 your web thread and see if I missed something. Anyways, thanks for all 
 the support!!
 
 Mark Sheppard
 --
 On 12/2/2010 2:36 PM, Daniel Müller wrote:
 use the ads tool from microsoft to do this stuff.
 You need more information I made a thread:
 HOWTO samba4 centos5.5 named dnsupdate drbd simple failover

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] HELP Documentation for Installation of SAMBA

[John Doe]

From: Sameer Chawnekar sameer.chawne...@archpharmalabs.com

  Can you please provide a step by step guide on installing  and configuring
 SAMBA on AIX 6.1 server.

http://tinyurl.com/2egmh99

JD


  
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] help with AD integration

[Gaiseric Vandal]

According to your page

getent passwd is showing the domain users.


If you try to ssh into your linux machine as ben, with the way 
nsswitch.conf is configured, it will try to authenticated you as the 
ben in /etc/passwd not the one in the AD domain.


I suggest you try the following
comment out ben from /etc/passwd and /etc/shadow.

Make sure that the /export/Home/ben directory is owned by the SRE+ben 
user.   See if you can ssh into linux as ben.  (I think you can 
specify ben and not SRE+ben for the ssh user.)  Keep an eye on the 
log files e.g in /var/samba/log or /var/log/samba.


You have still not clarified why nsswitch.conf has entries for ldap.




On 10/04/2010 05:17 AM, Ben George wrote:


please check this link

http://bentgeorge.com/samba/
all are mentioned here


Thanks
Ben.T.George



On Thu, Sep 30, 2010 at 10:16 PM, Gaiseric Vandal 
gaiseric.van...@gmail.com mailto:gaiseric.van...@gmail.com wrote:


Hi

Please clarify the following
 -  Did you run truss getent passwd command and look for lines
with nss_winbind-  just in case it is looking for a file with a
different version.
 - Why does nsswitch.conf have ldap references-  are you using ldap?


You should also look through the samba logs-  it may provide some
information.



On 09/30/2010 12:14 PM, Ben George wrote:




yes client has Solaris and a windows xp machine under the AD domain

yes i exported the paths to the newly installed /usr/local/samba/lib

me using the new packahes and disabled the default packages


On Thu, Sep 30, 2010 at 6:16 PM, Gaiseric Vandal
gaiseric.van...@gmail.com mailto:gaiseric.van...@gmail.com wrote:

So to clarify the customer has a Sun Solaris 10 UNIX machine
and a Linux workstation?

FOR SOLARIS

I had problems with getting nsswitch+winbind working with the
samba from sunfreeware-  I had to recompile from scratch
(major headache.)   In hindsight this may not have been
necessary for winbind-  although I had to recompile anyway
for ZFS support.

On solaris, you should have a file called
/usr/lib/nss_winbind.so.1 -  which is the nsswitcher winbind
library provided by the samba that sun bundles with solaris
10 (but this is samba 3.0.x and too old to be much use.)

In /usr/local/samba/lib -  do you see an nss_winbind.so.1
file?How is your PATH and LD_LIBRARY_PATH set-  you want
to make sure you are using the /usr/local/samba/bin and
/usr/local/samba/lib first.

If you run truss getent passwd | tee log1.txt  you should
see it looking for nss_winbind.so.1 -  ideally it will look
in /usr/local/samba/lib before /usr/lib.  If it uses
/usr/lib/nss_winbind.so.1 that will probably NOT work.  You
may want to rename that file just to make sure.






On 09/30/2010 10:57 AM, Ben George wrote:


Sun Solaris 10 (under SPARC)

local users in /etc/passwd

samba 3.4.2 from sunfreeware.com http://sunfreeware.com


getent passwd

*/ramana:x:100:1::/export/home/ramana:/bin/sh
teju:x:101:1::/export/home/teju:/bin/sh
user1:x:102:1::/export/home/user1:/bin/sh
ben:x:103:1::/home/ben:/bin/sh

/*like this*/

/*/
/Thanks
Ben.T.George*/
/*




On Thu, Sep 30, 2010 at 5:45 PM, Gaiseric Vandal
gaiseric.van...@gmail.com
mailto:gaiseric.van...@gmail.com wrote:

Then it sounds like you need the AD integration.  If the
user's also login to the linux workstation directly  (or
via ssh) then you will need to configure winbind and
nsswitch to support unix logins.

Why does nsswitch.conf include ldap?  Is this the only
linux/unix machine?  Are local users in ldap or
/etc/passwd?

What version of samba?   What version of linux?

Ideally getent passwd woudl show something like



ben:*:10001:10001:Ben George:/export/Home/SRE/ben/:bin/tcsh

or

SRE+ben:*:10001:10001:Ben
George:/export/Home/SRE/ben:/bin/bash



I don't think you need a huge amount of AD experience to
make this work but I think you have to have general
understanding of what WIndows domains are about.

You should also review the smb.conf man page for the
section on idmap_ad.





On 09/30/2010 09:24 AM, Ben George wrote:



Thanks for your replay..

yes my client told me like this that's Y..and the
manager gave that work to newly joined me.. :(

i don't have any AD and core unix experience..i have
only experience in linux.not much

may this project will affect my job..  :(

my nsswitch.conf

*/passwd:   

Re: [Samba] help with AD integration

[Ben George]

i tried to telnet to sun1(unix) machine..but login failed.

i tried benvin user on AD..not ben

/var/samba/log


[2010/10/04 15:24:06, 6] nsswitch/winbindd.c:(641)
  accepted socket 23
[2010/10/04 15:24:06, 10] nsswitch/winbindd.c:(326)
  process_request: request fn INTERFACE_VERSION
[2010/10/04 15:24:06, 3] nsswitch/winbindd_misc.c:(491)
  [ 5806]: request interface version
[2010/10/04 15:24:06, 10] nsswitch/winbindd.c:(326)
  process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2010/10/04 15:24:06, 3] nsswitch/winbindd_misc.c:(524)
  [ 5806]: request location of privileged pipe
[2010/10/04 15:24:06, 6] nsswitch/winbindd.c:(641)
  accepted socket 31
[2010/10/04 15:24:06, 10] nsswitch/winbindd.c:(326)
  process_request: request fn GETGROUPS
[2010/10/04 15:24:06, 3] nsswitch/winbindd_group.c:(1273)
  [ 5806]: getgroups root
[2010/10/04 15:24:06, 5] nsswitch/winbindd_group.c:(1292)
  Could not parse domain user: root
[2010/10/04 15:24:06, 10] lib/events.c:(131)
  Added timed event async_request_timeout: 2f11e0
[2010/10/04 15:24:06, 10] lib/events.c:(299)
  timed_events_timeout: 299/06
[2010/10/04 15:24:06, 10] lib/events.c:(66)
  Destroying timed event 2f11e0 async_request_timeout
[2010/10/04 15:24:06, 10] nsswitch/winbindd_cache.c:(2307)
  Retrieving response for pid 4252
[2010/10/04 15:24:06, 5] nsswitch/winbindd_async.c:(1303)
  Could not find domain from SID S-1-22-1-0
--
[2010/10/04 15:24:37, 6] nsswitch/winbindd.c:(641)
  accepted socket 23
[2010/10/04 15:24:37, 10] nsswitch/winbindd.c:(326)
  process_request: request fn INTERFACE_VERSION
[2010/10/04 15:24:37, 3] nsswitch/winbindd_misc.c:(491)
  [ 5809]: request interface version
[2010/10/04 15:24:37, 10] nsswitch/winbindd.c:(326)
  process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2010/10/04 15:24:37, 3] nsswitch/winbindd_misc.c:(524)
  [ 5809]: request location of privileged pipe
[2010/10/04 15:24:37, 6] nsswitch/winbindd.c:(641)
  accepted socket 31
[2010/10/04 15:24:37, 10] nsswitch/winbindd.c:(326)
  process_request: request fn GETPWNAM
[2010/10/04 15:24:37, 3] nsswitch/winbindd_user.c:(346)
  [ 5809]: getpwnam benvin
[2010/10/04 15:24:37, 5] nsswitch/winbindd_user.c:(353)
  Could not parse domain user: benvin
[2010/10/04 15:24:37, 10] nsswitch/winbindd.c:(326)
  process_request: request fn GETPWNAM
[2010/10/04 15:24:37, 3] nsswitch/winbindd_user.c:(346)
  [ 5809]: getpwnam benvin
[2010/10/04 15:24:37, 5] nsswitch/winbindd_user.c:(353)
  Could not parse domain user: benvin
[2010/10/04 15:24:37, 10] nsswitch/winbindd.c:(326)
  process_request: request fn GETPWNAM
[2010/10/04 15:24:37, 3] nsswitch/winbindd_user.c:(346)
  [ 5809]: getpwnam benvin
[2010/10/04 15:24:37, 5] nsswitch/winbindd_user.c:(353)
  Could not parse domain user: benvin



i didn't understand anything from this log



On Mon, Oct 4, 2010 at 4:11 PM, Gaiseric Vandal
gaiseric.van...@gmail.comwrote:

 According to your page

getent passwd is showing the domain users.


 If you try to ssh into your linux machine as ben, with the way
 nsswitch.conf is configured, it will try to authenticated you as the ben
 in /etc/passwd not the one in the AD domain.

 I suggest you try the following
comment out ben from /etc/passwd and /etc/shadow.

 Make sure that the /export/Home/ben directory is owned by the SRE+ben user.
   See if you can ssh into linux as ben.  (I think you can specify ben
 and not SRE+ben for the ssh user.)  Keep an eye on the log files e.g in
 /var/samba/log or /var/log/samba.

 You have still not clarified why nsswitch.conf has entries for ldap.



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] help with samba AD integration

[Ben George]

Support contract..? how much for that

the thing i am doing this is to fix my job..because this this my 1st
project.

i didn't get salery to..anyway can u please give your rate for this..

:(



On Mon, Oct 4, 2010 at 1:08 PM, d...@penguinfactory.co.uk wrote:

 On Mon, Oct 04, 2010 at 12:24:50PM +0300, Ben George wrote:

  Content preview:  Hi please check tis link..
 http://bentgeorge.com/samba/ [...]

 Yes, I have read this page and understand what you wish to achieve.
 There are several ways to do it depending on the requirements of your
 network. Home directories can be autogenerated under different
 circumstances, from user creation to first connection.

 Can you please be clear: do you wish to purchase a support contract?

 If not, I recommend you continue asking on the public Samba forums,
 where a lot of people do get help.

 Regards,

 --
 Dan Shearer
 d...@penguinfactory.co.uk

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] help with AD integration

[Max León]

You need to ensure that pam is allowing ssh or telnet access, not sure 
in Solaris but in RedHat based sistems is inside /etc/pam.d


You will have to allow access through pam only enabled accounts since 
usually the access is restricted to shadow by default.


On 10/4/10 7:11 AM, Gaiseric Vandal wrote:

According to your page

getent passwd is showing the domain users.


If you try to ssh into your linux machine as ben, with the way 
nsswitch.conf is configured, it will try to authenticated you as the 
ben in /etc/passwd not the one in the AD domain.


I suggest you try the following
comment out ben from /etc/passwd and /etc/shadow.

Make sure that the /export/Home/ben directory is owned by the SRE+ben 
user.   See if you can ssh into linux as ben.  (I think you can 
specify ben and not SRE+ben for the ssh user.)  Keep an eye on the 
log files e.g in /var/samba/log or /var/log/samba.


You have still not clarified why nsswitch.conf has entries for ldap.




On 10/04/2010 05:17 AM, Ben George wrote:


please check this link

http://bentgeorge.com/samba/
all are mentioned here


Thanks
Ben.T.George



On Thu, Sep 30, 2010 at 10:16 PM, Gaiseric Vandal 
gaiseric.van...@gmail.com mailto:gaiseric.van...@gmail.com wrote:


Hi

Please clarify the following
 -  Did you run truss getent passwd command and look for lines
with nss_winbind-  just in case it is looking for a file with a
different version.
 - Why does nsswitch.conf have ldap references-  are you using ldap?


You should also look through the samba logs-  it may provide some
information.



On 09/30/2010 12:14 PM, Ben George wrote:




yes client has Solaris and a windows xp machine under the AD domain

yes i exported the paths to the newly installed 
/usr/local/samba/lib


me using the new packahes and disabled the default packages


On Thu, Sep 30, 2010 at 6:16 PM, Gaiseric Vandal
gaiseric.van...@gmail.com mailto:gaiseric.van...@gmail.com wrote:

So to clarify the customer has a Sun Solaris 10 UNIX machine
and a Linux workstation?

FOR SOLARIS

I had problems with getting nsswitch+winbind working with the
samba from sunfreeware-  I had to recompile from scratch
(major headache.)   In hindsight this may not have been
necessary for winbind-  although I had to recompile anyway
for ZFS support.

On solaris, you should have a file called
/usr/lib/nss_winbind.so.1 -  which is the nsswitcher winbind
library provided by the samba that sun bundles with solaris
10 (but this is samba 3.0.x and too old to be much use.)

In /usr/local/samba/lib -  do you see an nss_winbind.so.1
file?How is your PATH and LD_LIBRARY_PATH set-  you want
to make sure you are using the /usr/local/samba/bin and
/usr/local/samba/lib first.

If you run truss getent passwd | tee log1.txt  you should
see it looking for nss_winbind.so.1 -  ideally it will look
in /usr/local/samba/lib before /usr/lib.  If it uses
/usr/lib/nss_winbind.so.1 that will probably NOT work.  You
may want to rename that file just to make sure.






On 09/30/2010 10:57 AM, Ben George wrote:


Sun Solaris 10 (under SPARC)

local users in /etc/passwd

samba 3.4.2 from sunfreeware.com http://sunfreeware.com


getent passwd

*/ramana:x:100:1::/export/home/ramana:/bin/sh
teju:x:101:1::/export/home/teju:/bin/sh
user1:x:102:1::/export/home/user1:/bin/sh
ben:x:103:1::/home/ben:/bin/sh

/*like this*/

/*/
/Thanks
Ben.T.George*/
/*




On Thu, Sep 30, 2010 at 5:45 PM, Gaiseric Vandal
gaiseric.van...@gmail.com
mailto:gaiseric.van...@gmail.com wrote:

Then it sounds like you need the AD integration.  If the
user's also login to the linux workstation directly  (or
via ssh) then you will need to configure winbind and
nsswitch to support unix logins.

Why does nsswitch.conf include ldap?  Is this the only
linux/unix machine?  Are local users in ldap or
/etc/passwd?

What version of samba?   What version of linux?

Ideally getent passwd woudl show something like



ben:*:10001:10001:Ben 
George:/export/Home/SRE/ben/:bin/tcsh


or

SRE+ben:*:10001:10001:Ben
George:/export/Home/SRE/ben:/bin/bash



I don't think you need a huge amount of AD experience to
make this work but I think you have to have general
understanding of what WIndows domains are about.

You should also review the smb.conf man page for the
section on idmap_ad.





On 09/30/2010 09:24 AM, Ben George wrote:



Thanks for your replay..

yes my client told me like this that's 

Re: [Samba] help with AD integration

[Gaiseric Vandal]

Presumably Ben is able to ssh / telnet in for NON-Samba accounts


FYI-  I did need to update my /etc/pam.conf on Solaris 10 clients when I 
moved to LDAP backend for unix accounts.  I had to add an entry to allow 
ldap authentication.(I don't think I had to do this for Solaris 9.)  
I don't use samba for ssh login authentication.  But it make sense-  
since root can access shadow info in /etc files (or NIS) but not in 
LDAP.



At some point I had tried out allowing ssh logins using samba 
credentials-  but I think this was on Solaris 9.   At least with ldap 
logins, Solaris 10 requires more configuration that Solaris 9.




My  /etc/pam.conf includes the following 

# login service (explicit because of pam_dial_auth)

#

login   auth requisitepam_authtok_get.so.1
login   auth required pam_dhkeys.so.1
login   auth required pam_unix_cred.so.1
login   auth required pam_dial_auth.so.1
login   auth binding  pam_unix_auth.so.1 server_policy
login   auth required pam_ldap.so.1



...
passwd  auth binding  pam_passwd_auth.so.1 server_policy
passwd  auth required pam_ldap.so.1




I would guess a similar entry with pam_smb (?) might do the trick.


I think that even if pam.conf is not configure correctly you can still 
try the following -

ssh in as a local user (e.g. ben)
su to the samba user (e.g. su - benvin or su benvin) - it 
should prompt you for a password but ssh and telnet are not involved.  
If this works then you know that the problem is probably a pam+ssh or 
pam+telnet issue.





PS-  You shouldn't use telnet anyway.  It sends passwords in the clear.



...





On 10/04/2010 12:35 PM, Max León wrote:
You need to ensure that pam is allowing ssh or telnet access, not sure 
in Solaris but in RedHat based sistems is inside /etc/pam.d


You will have to allow access through pam only enabled accounts since 
usually the access is restricted to shadow by default.


On 10/4/10 7:11 AM, Gaiseric Vandal wrote:

According to your page

getent passwd is showing the domain users.


If you try to ssh into your linux machine as ben, with the way 
nsswitch.conf is configured, it will try to authenticated you as the 
ben in /etc/passwd not the one in the AD domain.


I suggest you try the following
comment out ben from /etc/passwd and /etc/shadow.

Make sure that the /export/Home/ben directory is owned by the SRE+ben 
user.   See if you can ssh into linux as ben.  (I think you can 
specify ben and not SRE+ben for the ssh user.)  Keep an eye on 
the log files e.g in /var/samba/log or /var/log/samba.


You have still not clarified why nsswitch.conf has entries for ldap.




On 10/04/2010 05:17 AM, Ben George wrote:


please check this link

http://bentgeorge.com/samba/
all are mentioned here


Thanks
Ben.T.George



On Thu, Sep 30, 2010 at 10:16 PM, Gaiseric Vandal 
gaiseric.van...@gmail.com mailto:gaiseric.van...@gmail.com wrote:


Hi

Please clarify the following
 -  Did you run truss getent passwd command and look for lines
with nss_winbind-  just in case it is looking for a file with a
different version.
 - Why does nsswitch.conf have ldap references-  are you using 
ldap?



You should also look through the samba logs-  it may provide some
information.



On 09/30/2010 12:14 PM, Ben George wrote:




yes client has Solaris and a windows xp machine under the AD 
domain


yes i exported the paths to the newly installed 
/usr/local/samba/lib


me using the new packahes and disabled the default packages


On Thu, Sep 30, 2010 at 6:16 PM, Gaiseric Vandal
gaiseric.van...@gmail.com mailto:gaiseric.van...@gmail.com wrote:

So to clarify the customer has a Sun Solaris 10 UNIX machine
and a Linux workstation?

FOR SOLARIS

I had problems with getting nsswitch+winbind working with the
samba from sunfreeware-  I had to recompile from scratch
(major headache.)   In hindsight this may not have been
necessary for winbind-  although I had to recompile anyway
for ZFS support.

On solaris, you should have a file called
/usr/lib/nss_winbind.so.1 -  which is the nsswitcher winbind
library provided by the samba that sun bundles with solaris
10 (but this is samba 3.0.x and too old to be much use.)

In /usr/local/samba/lib -  do you see an nss_winbind.so.1
file?How is your PATH and LD_LIBRARY_PATH set-  you want
to make sure you are using the /usr/local/samba/bin and
/usr/local/samba/lib first.

If you run truss getent passwd | tee log1.txt  you should
see it looking for nss_winbind.so.1 -  ideally it will look
in 

Re: [Samba] help with user permissions

[Philippe LeCavalier]

On Tue, 2010-09-28 at 21:07 +0300, Ben George wrote:

 Thanks for your reply..
 
 yea i also want that same thing..give permission to that listed users only..
 
 but when i checked that 3 folders in windows pc.,,only one folder can
 accable without password
 
 and when i try to access the other 2 folder's,,it says that network not
 reachable..u don't have permission to access this network...like that...

Windows XP will not allow you to access shares using different
credentials within the same session. You have one chance at entering
different credentials than the ones you entered when you first logged
in. After that Windows sends those without asking for different ones.

Phil

 
 
 
 
 On Tue, Sep 28, 2010 at 8:58 PM, Dale Schroeder 
 d...@briannassaladdressing.com wrote:
 
   Ben,
 
  If I understand you correctly, you are describing expected behavior.  Using
  valid users means only
  the users listed can access that share.  If you want all the users to have
  access, don't use valid users.
 
  Dale
 
  valid users (S)
 
  This is a list of users that should be allowed to login to this service.
  Names starting with '@', '+' and '' are interpreted using the same rules as
  described in the *invalid users* parameter.
 
  If this is empty (the default) then any user can login. If a username is in
  both this list and the *invalid users* list then access is denied for that
  user.
 
  The current servicename is substituted for *%S*. This is useful in the
  [homes] section.
 
  Default: *valid users = # No valid users list (anyone can login) *
 
  Example: *valid users = greg, @pcusers *
 
 
  On 09/28/2010 10:22 AM, Ben George wrote:
 
  Hi
 
  My Name is Ben.T.George
 
  i successfully installed samba and other all dependencies on my Solaris 10
  (SPARC) machine.
 
  i stopped the default samba and swat and enabled these 2 from the installed
  location (/usr/local/samba/sbin)
 
  then i edited the smb.conf using swat.after that i got a smb.conf like this\
 
 
  # Samba config file created using SWAT
  # from UNKNOWN (ÿ¿û )
  # Date: 2010/09/28 16:30:12
 
  [global]
  workgroup = GROUP
  hosts allow = 192.168.1.
 
  [user1]
  path = /export/home/user1
  valid users = user1
 
  [ramana]
  path = /export/home/ramana
  valid users = ramana
 
  [teju]
  path = /export/home/teju
  valid users = teju
  [user1]
  path = /export/home/user1
  valid users = user1
 
  after that i created these 3 user's and set password (smbpassword and normal
  password)
 
  then i added one windows xp machine to this same GROUP,i can view these
  shared folders there
 
  then my problem is when i access that particular shared folders,every time
  one folder opens,when i try to access other 2 ,it says not accessible
 
  after that i tried to create these same users on windows,i logged another
  user and tried,,then the folder permission changed
  still i can access another folder and other 2 are not accessible..
 
  every time these changed according to the user.
 
  please help me to solve thesewithout giving valid users it works
  perfect for me
 
  please
 
 
  Thanks
  Ben.T.George
 
 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] help with AD integration

[Gaiseric Vandal]

disclaimer: I don't use Samba as an ADS member server.  I use samba as 
PDC with trusts to an ADS domain.  So my observations may not be valuid.


Did you try updating nsswitch.conf


passwd: files winbind
group:files winbind


If you are using a Windows domain and have a user defined in the domain, 
you generally don't want to add the user as a local user.   Since the 
underlying unix OS needs to know about the domain users you need to 
either use nsswitch+winbind (which I do) or the smb pam module (which I 
don't use, and not sure if it really is the correct approach.)


If you use nsswitch.conf+winbind you can then also OPTIONALLY allow 
windows users unix access like ssh.My samba server is a PDC-  I 
have a domain trust with windows domains BUT  the default shell is 
/bin/false.(It is still a little flaky...)


Does getent passwd show the windows users?   It should show something like

ben:*:10001:10001:Ben George:/home/SRE/ben/bin/false

or

SRE+ben:*:10001:10001:Ben George:/home/SRE/ben/bin/false



It looks like = you already have a unix ben and a ADS ben defined?

wbinfo -s and wbinfo -n are also useful for making sure that the 
name-to-sid and sid-to-name mappings are correct for domain users.





On 09/30/2010 08:17 AM, Ben George wrote:

HI

My name is Ben.T.George.

i followed http://www.edsiohio.com/images/advanced-AD-2009-05-18.pdf this
tutorial


my current status is .i successfully joined to the AD


*bash-3.00# ./net ads join -U administrator
Enter administrator's password:
Using short domain name -- SRE
Joined 'SUN1' to realm 'sre.com'*

and Wbinfo shows the users and groups from the AD

*bash-3.00# ./wbinfo -u
SUN1+ramana
SUN1+user1
SUN1+ben
administrator
guest
support_388945a0
krbtgt
teju
ben
ramana*

*bash-3.00# ./wbinfo -g
helpservicesgroup
telnetclients
domain computers
domain controllers
schema admins
enterprise admins
cert publishers
domain admins
domain users
domain guests
group policy creator owners
ras and ias servers
dnsadmins
dnsupdateproxy*

then i checked the AD,the Sun1 is listed under the computer tab.

That means my connection side is success na..?

this is my smb.conf file

*# Samba config file created using SWAT
# from UNKNOWN (ÿ¿û^H)
# Date: 2010/09/29 17:37:34

[global]
 workgroup = SRE
 realm = SRE.COMhttp://sre.com/
 security = ADS
 idmap uid = 1-2
 idmap gid = 1-2
 winbind separator = +
 winbind use default domain = Yes

[user1]
 path = /export/home/user1
 valid users = user1, ramana, teju

[ramana]
 path = /export/home/ramana
 valid users = ramana, teju

[teju]
 path = /export/home/teju
 valid users = teju

[ben]
 path = /export/home/ben
 valid users = ben
[user1]
 path = /export/home/user1
 valid users = ben, user1, ramana, teju*


And Kerberos file: krb5.conf


*[libdefaults]
 dns_lookup_realm = false
 default_realm = SRE.COMhttp://sre.com/
 ticket_lifetime = 600
 kdc_req_checksum_type = 2
 checksum_type = 2
 ccache_type = 1

#[kdc]
#profile = /krb5/var/krb5kdc/kdc.conf


[logging]
 default = FILE:/usr/local/var/log/kdc.log
 kdc = FILE:/usr/local/var/log/kdc.log
 admin_server = FILE:/usr/local/var/log/adm.log

[realms]
 SRE.COMhttp://sre.com/  = {
 kdc = srec.sre.com:88
 admin_server = srec.sre.com:749
#default_domain = SRE.COMhttp://sre.com/
 }

[domain_realm]
 .sre.com = SRE.COMhttp://sre.com/
 sre.com = SRE.COMhttp://sre.com/

[login]
 krb4_convert = 0*


my need is,suppose ben is a user common to unix and windows..
when i login as ben through a windows machine,want to access the shared
folder for ben in Unix.(without giving password for ben)

another thing is when we change the password or username in Active
Directory,it also affect the same user in the unix

that means suppose i changes the user ben to ben1,and password...the changes
must be written in the /etc/passwd and shadow file..

is there any way to do this..i a beginner to this.so please give me good
advice


Thanks
Ben.T.George
   


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] help with AD integration

[Ben George]

Thanks for your replay..

yes my client told me like this that's Y..and the manager gave that work to
newly joined me.. :(

i don't have any AD and core unix experience..i have only experience in
linux.not much

may this project will affect my job..  :(

my nsswitch.conf

*passwd: files ldap winbind
group:  files ldap winbind
hosts:  dns files
ipnodes:dns files*


*nsswitch+winbind (which I do) or the smb pam module*..? :(

 i don't know..my client's need is he has a linux machine..also a ADS..from
the unix machine, he want to share secure folder's to the AD user's..so eash
user can only access that particular shared folder..when the password of
user changed in AD, that will affect to the smbpassword...means without
changing that particular user's smb password in the unix machine..

for this need which method is useful..from your experience

*Does getent passwd show the windows users?*

please check the output ..i think getent password only shows unix system
password

*bash-3.00# getent passwd
root:x:0:0:Super-User:/:/sbin/sh
daemon:x:1:1::/:
bin:x:2:2::/usr/bin:
sys:x:3:3::/:
adm:x:4:4:Admin:/var/adm:
lp:x:71:8:Line Printer Admin:/usr/spool/lp:
uucp:x:5:5:uucp Admin:/usr/lib/uucp:
nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico
smmsp:x:25:25:SendMail Message Submission Program:/:
listen:x:37:4:Network Admin:/usr/net/nls:
gdm:x:50:50:GDM Reserved UID:/:
webservd:x:80:80:WebServer Reserved UID:/:
postgres:x:90:90:PostgreSQL Reserved UID:/:/usr/bin/pfksh
svctag:x:95:12:Service Tag UID:/:
nobody:x:60001:60001:NFS Anonymous Access User:/:
noaccess:x:60002:60002:No Access User:/:
nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/:
ramana:x:100:1::/export/home/ramana:/bin/sh
teju:x:101:1::/export/home/teju:/bin/sh
user1:x:102:1::/export/home/user1:/bin/sh
ben:x:103:1::/home/ben:/bin/sh*


you already have a unix ben and a ADS ben defined?

Yes i defined the ben user in Unix and ADS...bcoz i don't have much
knowledge about that sorry

Hope u will help me
Thanks
Ben.T.George


On Thu, Sep 30, 2010 at 3:59 PM, Gaiseric Vandal
gaiseric.van...@gmail.comwrote:


 disclaimer: I don't use Samba as an ADS member server.  I use samba as PDC
 with trusts to an ADS domain.  So my observations may not be valuid.

 Did you try updating nsswitch.conf


passwd: files winbind
group:files winbind


 If you are using a Windows domain and have a user defined in the domain,
 you generally don't want to add the user as a local user.   Since the
 underlying unix OS needs to know about the domain users you need to either
 use nsswitch+winbind (which I do) or the smb pam module (which I don't use,
 and not sure if it really is the correct approach.)

 If you use nsswitch.conf+winbind you can then also OPTIONALLY allow
 windows users unix access like ssh.My samba server is a PDC-  I have
 a domain trust with windows domains BUT  the default shell is /bin/false.
(It is still a little flaky...)

 Does getent passwd show the windows users?   It should show something
 like

 ben:*:10001:10001:Ben George:/home/SRE/ben/bin/false

 or

 SRE+ben:*:10001:10001:Ben George:/home/SRE/ben/bin/false



 It looks like = you already have a unix ben and a ADS ben defined?

 wbinfo -s and wbinfo -n are also useful for making sure that the
 name-to-sid and sid-to-name mappings are correct for domain users.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] help with AD integration

[Gaiseric Vandal]

Then it sounds like you need the AD integration.  If the user's also 
login to the linux workstation directly  (or via ssh) then you will need 
to configure winbind and nsswitch to support unix logins.


Why does nsswitch.conf include ldap?  Is this the only linux/unix 
machine?  Are local users in ldap or /etc/passwd?


What version of samba?   What version of linux?

Ideally getent passwd woudl show something like



ben:*:10001:10001:Ben George:/export/Home/SRE/ben/:bin/tcsh

or

SRE+ben:*:10001:10001:Ben George:/export/Home/SRE/ben:/bin/bash



I don't think you need a huge amount of AD experience to make this work 
but I think you have to have general understanding of what WIndows 
domains are about.


You should also review the smb.conf man page for the section on idmap_ad.





On 09/30/2010 09:24 AM, Ben George wrote:



Thanks for your replay..

yes my client told me like this that's Y..and the manager gave that 
work to newly joined me.. :(


i don't have any AD and core unix experience..i have only experience 
in linux.not much


may this project will affect my job..  :(

my nsswitch.conf

*/passwd: files ldap winbind
group:  files ldap winbind
hosts:  dns files
ipnodes:dns files/*


*nsswitch+winbind (which I do) or the smb pam module*..? :(

 i don't know..my client's need is he has a linux machine..also a 
ADS..from the unix machine, he want to share secure folder's to the AD 
user's..so eash user can only access that particular shared 
folder..when the password of user changed in AD, that will affect to 
the smbpassword...means without changing that particular user's smb 
password in the unix machine..


for this need which method is useful..from your experience

*Does getent passwd show the windows users?*

please check the output ..i think getent password only shows unix 
system password


*/bash-3.00# getent passwd
root:x:0:0:Super-User:/:/sbin/sh
daemon:x:1:1::/:
bin:x:2:2::/usr/bin:
sys:x:3:3::/:
adm:x:4:4:Admin:/var/adm:
lp:x:71:8:Line Printer Admin:/usr/spool/lp:
uucp:x:5:5:uucp Admin:/usr/lib/uucp:
nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico
smmsp:x:25:25:SendMail Message Submission Program:/:
listen:x:37:4:Network Admin:/usr/net/nls:
gdm:x:50:50:GDM Reserved UID:/:
webservd:x:80:80:WebServer Reserved UID:/:
postgres:x:90:90:PostgreSQL Reserved UID:/:/usr/bin/pfksh
svctag:x:95:12:Service Tag UID:/:
nobody:x:60001:60001:NFS Anonymous Access User:/:
noaccess:x:60002:60002:No Access User:/:
nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/:
ramana:x:100:1::/export/home/ramana:/bin/sh
teju:x:101:1::/export/home/teju:/bin/sh
user1:x:102:1::/export/home/user1:/bin/sh
ben:x:103:1::/home/ben:/bin/sh/*


you already have a unix ben and a ADS ben defined?

Yes i defined the ben user in Unix and ADS...bcoz i don't have much 
knowledge about that sorry


Hope u will help me
Thanks
Ben.T.George


On Thu, Sep 30, 2010 at 3:59 PM, Gaiseric Vandal 
gaiseric.van...@gmail.com mailto:gaiseric.van...@gmail.com wrote:



disclaimer: I don't use Samba as an ADS member server.  I use
samba as PDC with trusts to an ADS domain.  So my observations may
not be valuid.

Did you try updating nsswitch.conf


   passwd: files winbind
   group:files winbind


If you are using a Windows domain and have a user defined in the
domain, you generally don't want to add the user as a local user.
  Since the underlying unix OS needs to know about the domain
users you need to either use nsswitch+winbind (which I do) or the
smb pam module (which I don't use, and not sure if it really is
the correct approach.)

If you use nsswitch.conf+winbind you can then also OPTIONALLY
allow windows users unix access like ssh.My samba server
is a PDC-  I have a domain trust with windows domains BUT  the
default shell is /bin/false.(It is still a little flaky...)

Does getent passwd show the windows users?   It should show
something like

ben:*:10001:10001:Ben George:/home/SRE/ben/bin/false

or

SRE+ben:*:10001:10001:Ben George:/home/SRE/ben/bin/false



It looks like = you already have a unix ben and a ADS ben defined?

wbinfo -s and wbinfo -n are also useful for making sure that
the name-to-sid and sid-to-name mappings are correct for domain users.



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] help with AD integration

[Ben George]

Sun Solaris 10 (under SPARC)

local users in /etc/passwd

samba 3.4.2 from sunfreeware.com


getent passwd

*ramana:x:100:1::/export/home/ramana:/bin/sh
teju:x:101:1::/export/home/teju:/bin/sh
user1:x:102:1::/export/home/user1:/bin/sh
ben:x:103:1::/home/ben:/bin/sh

*like this*

**
*Thanks
Ben.T.George*
*




On Thu, Sep 30, 2010 at 5:45 PM, Gaiseric Vandal
gaiseric.van...@gmail.comwrote:

  Then it sounds like you need the AD integration.  If the user's also login
 to the linux workstation directly  (or via ssh) then you will need to
 configure winbind and nsswitch to support unix logins.

 Why does nsswitch.conf include ldap?  Is this the only linux/unix machine?
 Are local users in ldap or /etc/passwd?

 What version of samba?   What version of linux?

 Ideally getent passwd woudl show something like



 ben:*:10001:10001:Ben George:/export/Home/SRE/ben/:bin/tcsh

 or

 SRE+ben:*:10001:10001:Ben George:/export/Home/SRE/ben:/bin/bash



 I don't think you need a huge amount of AD experience to make this work but
 I think you have to have general understanding of what WIndows domains are
 about.

 You should also review the smb.conf man page for the section on idmap_ad.





 On 09/30/2010 09:24 AM, Ben George wrote:



 Thanks for your replay..

 yes my client told me like this that's Y..and the manager gave that work to
 newly joined me.. :(

 i don't have any AD and core unix experience..i have only experience in
 linux.not much

 may this project will affect my job..  :(

 my nsswitch.conf

 *passwd: files ldap winbind
 group:  files ldap winbind
 hosts:  dns files
 ipnodes:dns files*


 *nsswitch+winbind (which I do) or the smb pam module*..? :(

  i don't know..my client's need is he has a linux machine..also a ADS..from
 the unix machine, he want to share secure folder's to the AD user's..so eash
 user can only access that particular shared folder..when the password of
 user changed in AD, that will affect to the smbpassword...means without
 changing that particular user's smb password in the unix machine..

 for this need which method is useful..from your experience

 *Does getent passwd show the windows users?*

 please check the output ..i think getent password only shows unix system
 password

 *bash-3.00# getent passwd
 root:x:0:0:Super-User:/:/sbin/sh
 daemon:x:1:1::/:
 bin:x:2:2::/usr/bin:
 sys:x:3:3::/:
 adm:x:4:4:Admin:/var/adm:
 lp:x:71:8:Line Printer Admin:/usr/spool/lp:
 uucp:x:5:5:uucp Admin:/usr/lib/uucp:
 nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico
 smmsp:x:25:25:SendMail Message Submission Program:/:
 listen:x:37:4:Network Admin:/usr/net/nls:
 gdm:x:50:50:GDM Reserved UID:/:
 webservd:x:80:80:WebServer Reserved UID:/:
 postgres:x:90:90:PostgreSQL Reserved UID:/:/usr/bin/pfksh
 svctag:x:95:12:Service Tag UID:/:
 nobody:x:60001:60001:NFS Anonymous Access User:/:
 noaccess:x:60002:60002:No Access User:/:
 nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/:
 ramana:x:100:1::/export/home/ramana:/bin/sh
 teju:x:101:1::/export/home/teju:/bin/sh
 user1:x:102:1::/export/home/user1:/bin/sh
 ben:x:103:1::/home/ben:/bin/sh*


 you already have a unix ben and a ADS ben defined?

 Yes i defined the ben user in Unix and ADS...bcoz i don't have much
 knowledge about that sorry

 Hope u will help me
 Thanks
 Ben.T.George


 On Thu, Sep 30, 2010 at 3:59 PM, Gaiseric Vandal 
 gaiseric.van...@gmail.com wrote:


 disclaimer: I don't use Samba as an ADS member server.  I use samba as PDC
 with trusts to an ADS domain.  So my observations may not be valuid.

 Did you try updating nsswitch.conf


passwd: files winbind
group:files winbind


 If you are using a Windows domain and have a user defined in the domain,
 you generally don't want to add the user as a local user.   Since the
 underlying unix OS needs to know about the domain users you need to either
 use nsswitch+winbind (which I do) or the smb pam module (which I don't use,
 and not sure if it really is the correct approach.)

 If you use nsswitch.conf+winbind you can then also OPTIONALLY allow
 windows users unix access like ssh.My samba server is a PDC-  I have
 a domain trust with windows domains BUT  the default shell is /bin/false.
(It is still a little flaky...)

 Does getent passwd show the windows users?   It should show something
 like

 ben:*:10001:10001:Ben George:/home/SRE/ben/bin/false

 or

 SRE+ben:*:10001:10001:Ben George:/home/SRE/ben/bin/false



 It looks like = you already have a unix ben and a ADS ben defined?

 wbinfo -s and wbinfo -n are also useful for making sure that the
 name-to-sid and sid-to-name mappings are correct for domain users.



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] help with AD integration

[Gaiseric Vandal]

So to clarify the customer has a Sun Solaris 10 UNIX machine and a Linux 
workstation?


FOR SOLARIS

I had problems with getting nsswitch+winbind working with the samba from 
sunfreeware-  I had to recompile from scratch (major headache.)   In 
hindsight this may not have been necessary for winbind-  although I had 
to recompile anyway for ZFS support.


On solaris, you should have a file called /usr/lib/nss_winbind.so.1 -  
which is the nsswitcher winbind library provided by the samba that sun 
bundles with solaris 10 (but this is samba 3.0.x and too old to be much 
use.)


In /usr/local/samba/lib -  do you see an nss_winbind.so.1 file?How 
is your PATH and LD_LIBRARY_PATH set-  you want to make sure you are 
using the /usr/local/samba/bin and /usr/local/samba/lib first.


If you run truss getent passwd | tee log1.txt  you should see it 
looking for nss_winbind.so.1 -  ideally it will look in 
/usr/local/samba/lib before /usr/lib.  If it uses 
/usr/lib/nss_winbind.so.1 that will probably NOT work.  You may want to 
rename that file just to make sure.







On 09/30/2010 10:57 AM, Ben George wrote:


Sun Solaris 10 (under SPARC)

local users in /etc/passwd

samba 3.4.2 from sunfreeware.com http://sunfreeware.com


getent passwd

*/ramana:x:100:1::/export/home/ramana:/bin/sh
teju:x:101:1::/export/home/teju:/bin/sh
user1:x:102:1::/export/home/user1:/bin/sh
ben:x:103:1::/home/ben:/bin/sh

/*like this*/

/*/
/Thanks
Ben.T.George*/
/*




On Thu, Sep 30, 2010 at 5:45 PM, Gaiseric Vandal 
gaiseric.van...@gmail.com mailto:gaiseric.van...@gmail.com wrote:


Then it sounds like you need the AD integration.  If the user's
also login to the linux workstation directly  (or via ssh) then
you will need to configure winbind and nsswitch to support unix
logins.

Why does nsswitch.conf include ldap?  Is this the only linux/unix
machine?  Are local users in ldap or /etc/passwd?

What version of samba?   What version of linux?

Ideally getent passwd woudl show something like



ben:*:10001:10001:Ben George:/export/Home/SRE/ben/:bin/tcsh

or

SRE+ben:*:10001:10001:Ben George:/export/Home/SRE/ben:/bin/bash



I don't think you need a huge amount of AD experience to make this
work but I think you have to have general understanding of what
WIndows domains are about.

You should also review the smb.conf man page for the section on
idmap_ad.





On 09/30/2010 09:24 AM, Ben George wrote:



Thanks for your replay..

yes my client told me like this that's Y..and the manager gave
that work to newly joined me.. :(

i don't have any AD and core unix experience..i have only
experience in linux.not much

may this project will affect my job..  :(

my nsswitch.conf

*/passwd: files ldap winbind
group:  files ldap winbind
hosts:  dns files
ipnodes:dns files/*


*nsswitch+winbind (which I do) or the smb pam module*..? :(

 i don't know..my client's need is he has a linux machine..also a
ADS..from the unix machine, he want to share secure folder's to
the AD user's..so eash user can only access that particular
shared folder..when the password of user changed in AD, that will
affect to the smbpassword...means without changing that
particular user's smb password in the unix machine..

for this need which method is useful..from your experience

*Does getent passwd show the windows users?*

please check the output ..i think getent password only shows unix
system password

*/bash-3.00# getent passwd
root:x:0:0:Super-User:/:/sbin/sh
daemon:x:1:1::/:
bin:x:2:2::/usr/bin:
sys:x:3:3::/:
adm:x:4:4:Admin:/var/adm:
lp:x:71:8:Line Printer Admin:/usr/spool/lp:
uucp:x:5:5:uucp Admin:/usr/lib/uucp:
nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico
smmsp:x:25:25:SendMail Message Submission Program:/:
listen:x:37:4:Network Admin:/usr/net/nls:
gdm:x:50:50:GDM Reserved UID:/:
webservd:x:80:80:WebServer Reserved UID:/:
postgres:x:90:90:PostgreSQL Reserved UID:/:/usr/bin/pfksh
svctag:x:95:12:Service Tag UID:/:
nobody:x:60001:60001:NFS Anonymous Access User:/:
noaccess:x:60002:60002:No Access User:/:
nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/:
ramana:x:100:1::/export/home/ramana:/bin/sh
teju:x:101:1::/export/home/teju:/bin/sh
user1:x:102:1::/export/home/user1:/bin/sh
ben:x:103:1::/home/ben:/bin/sh/*


you already have a unix ben and a ADS ben defined?

Yes i defined the ben user in Unix and ADS...bcoz i don't have
much knowledge about that sorry

Hope u will help me
Thanks
Ben.T.George


On Thu, Sep 30, 2010 at 3:59 PM, Gaiseric Vandal
gaiseric.van...@gmail.com mailto:gaiseric.van...@gmail.com wrote:


disclaimer: I don't use Samba as an ADS member server.  I use
samba as PDC with trusts to an ADS domain.  So my

Re: [Samba] help with AD integration

[Ben George]

yes client has Solaris and a windows xp machine under the AD domain

yes i exported the paths to the newly installed /usr/local/samba/lib

me using the new packahes and disabled the default packages


On Thu, Sep 30, 2010 at 6:16 PM, Gaiseric Vandal
gaiseric.van...@gmail.comwrote:

  So to clarify the customer has a Sun Solaris 10 UNIX machine and a Linux
 workstation?

 FOR SOLARIS

 I had problems with getting nsswitch+winbind working with the samba from
 sunfreeware-  I had to recompile from scratch (major headache.)   In
 hindsight this may not have been necessary for winbind-  although I had to
 recompile anyway for ZFS support.

 On solaris, you should have a file called /usr/lib/nss_winbind.so.1 -
 which is the nsswitcher winbind library provided by the samba that sun
 bundles with solaris 10 (but this is samba 3.0.x and too old to be much
 use.)

 In /usr/local/samba/lib -  do you see an nss_winbind.so.1 file?How is
 your PATH and LD_LIBRARY_PATH set-  you want to make sure you are using the
 /usr/local/samba/bin and /usr/local/samba/lib first.

 If you run truss getent passwd | tee log1.txt  you should see it looking
 for nss_winbind.so.1 -  ideally it will look in /usr/local/samba/lib before
 /usr/lib.  If it uses /usr/lib/nss_winbind.so.1 that will probably NOT
 work.  You may want to rename that file just to make sure.






 On 09/30/2010 10:57 AM, Ben George wrote:


 Sun Solaris 10 (under SPARC)

 local users in /etc/passwd

 samba 3.4.2 from sunfreeware.com


 getent passwd

 *ramana:x:100:1::/export/home/ramana:/bin/sh
 teju:x:101:1::/export/home/teju:/bin/sh
 user1:x:102:1::/export/home/user1:/bin/sh
 ben:x:103:1::/home/ben:/bin/sh

 *like this*

 **
 *Thanks
 Ben.T.George*
 *




 On Thu, Sep 30, 2010 at 5:45 PM, Gaiseric Vandal 
 gaiseric.van...@gmail.com wrote:

 Then it sounds like you need the AD integration.  If the user's also login
 to the linux workstation directly  (or via ssh) then you will need to
 configure winbind and nsswitch to support unix logins.

 Why does nsswitch.conf include ldap?  Is this the only linux/unix
 machine?  Are local users in ldap or /etc/passwd?

 What version of samba?   What version of linux?

 Ideally getent passwd woudl show something like



 ben:*:10001:10001:Ben George:/export/Home/SRE/ben/:bin/tcsh

 or

 SRE+ben:*:10001:10001:Ben George:/export/Home/SRE/ben:/bin/bash



 I don't think you need a huge amount of AD experience to make this work
 but I think you have to have general understanding of what WIndows domains
 are about.

 You should also review the smb.conf man page for the section on idmap_ad.






 On 09/30/2010 09:24 AM, Ben George wrote:



 Thanks for your replay..

 yes my client told me like this that's Y..and the manager gave that work
 to newly joined me.. :(

 i don't have any AD and core unix experience..i have only experience in
 linux.not much

 may this project will affect my job..  :(

 my nsswitch.conf

 *passwd: files ldap winbind
 group:  files ldap winbind
 hosts:  dns files
 ipnodes:dns files*


 *nsswitch+winbind (which I do) or the smb pam module*..? :(

  i don't know..my client's need is he has a linux machine..also a
 ADS..from the unix machine, he want to share secure folder's to the AD
 user's..so eash user can only access that particular shared folder..when the
 password of user changed in AD, that will affect to the smbpassword...means
 without changing that particular user's smb password in the unix machine..

 for this need which method is useful..from your experience

 *Does getent passwd show the windows users?*

 please check the output ..i think getent password only shows unix system
 password

 *bash-3.00# getent passwd
 root:x:0:0:Super-User:/:/sbin/sh
 daemon:x:1:1::/:
 bin:x:2:2::/usr/bin:
 sys:x:3:3::/:
 adm:x:4:4:Admin:/var/adm:
 lp:x:71:8:Line Printer Admin:/usr/spool/lp:
 uucp:x:5:5:uucp Admin:/usr/lib/uucp:
 nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico
 smmsp:x:25:25:SendMail Message Submission Program:/:
 listen:x:37:4:Network Admin:/usr/net/nls:
 gdm:x:50:50:GDM Reserved UID:/:
 webservd:x:80:80:WebServer Reserved UID:/:
 postgres:x:90:90:PostgreSQL Reserved UID:/:/usr/bin/pfksh
 svctag:x:95:12:Service Tag UID:/:
 nobody:x:60001:60001:NFS Anonymous Access User:/:
 noaccess:x:60002:60002:No Access User:/:
 nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/:
 ramana:x:100:1::/export/home/ramana:/bin/sh
 teju:x:101:1::/export/home/teju:/bin/sh
 user1:x:102:1::/export/home/user1:/bin/sh
 ben:x:103:1::/home/ben:/bin/sh*


 you already have a unix ben and a ADS ben defined?

 Yes i defined the ben user in Unix and ADS...bcoz i don't have much
 knowledge about that sorry

 Hope u will help me
 Thanks
 Ben.T.George


 On Thu, Sep 30, 2010 at 3:59 PM, Gaiseric Vandal 
 gaiseric.van...@gmail.com wrote:


 disclaimer: I don't use Samba as an ADS member server.  I use samba as
 PDC with trusts to an ADS domain.  So my observations may not be valuid.

 

Re: [Samba] help with AD integration

[Gaiseric Vandal]

Hi

Please clarify the following
 -  Did you run truss getent passwd command and look for lines with 
nss_winbind-  just in case it is looking for a file with a different 
version.

 - Why does nsswitch.conf have ldap references-  are you using ldap?


You should also look through the samba logs-  it may provide some 
information.



On 09/30/2010 12:14 PM, Ben George wrote:




yes client has Solaris and a windows xp machine under the AD domain

yes i exported the paths to the newly installed /usr/local/samba/lib

me using the new packahes and disabled the default packages


On Thu, Sep 30, 2010 at 6:16 PM, Gaiseric Vandal 
gaiseric.van...@gmail.com mailto:gaiseric.van...@gmail.com wrote:


So to clarify the customer has a Sun Solaris 10 UNIX machine and a
Linux workstation?

FOR SOLARIS

I had problems with getting nsswitch+winbind working with the
samba from sunfreeware-  I had to recompile from scratch (major
headache.)   In hindsight this may not have been necessary for
winbind-  although I had to recompile anyway for ZFS support.

On solaris, you should have a file called
/usr/lib/nss_winbind.so.1 -  which is the nsswitcher winbind
library provided by the samba that sun bundles with solaris 10
(but this is samba 3.0.x and too old to be much use.)

In /usr/local/samba/lib -  do you see an nss_winbind.so.1 file?   
How is your PATH and LD_LIBRARY_PATH set-  you want to make sure

you are using the /usr/local/samba/bin and /usr/local/samba/lib
first.

If you run truss getent passwd | tee log1.txt  you should see it
looking for nss_winbind.so.1 -  ideally it will look in
/usr/local/samba/lib before /usr/lib.  If it uses
/usr/lib/nss_winbind.so.1 that will probably NOT work.  You may
want to rename that file just to make sure.






On 09/30/2010 10:57 AM, Ben George wrote:


Sun Solaris 10 (under SPARC)

local users in /etc/passwd

samba 3.4.2 from sunfreeware.com http://sunfreeware.com


getent passwd

*/ramana:x:100:1::/export/home/ramana:/bin/sh
teju:x:101:1::/export/home/teju:/bin/sh
user1:x:102:1::/export/home/user1:/bin/sh
ben:x:103:1::/home/ben:/bin/sh

/*like this*/

/*/
/Thanks
Ben.T.George*/
/*




On Thu, Sep 30, 2010 at 5:45 PM, Gaiseric Vandal
gaiseric.van...@gmail.com mailto:gaiseric.van...@gmail.com wrote:

Then it sounds like you need the AD integration.  If the
user's also login to the linux workstation directly  (or via
ssh) then you will need to configure winbind and nsswitch to
support unix logins.

Why does nsswitch.conf include ldap?  Is this the only
linux/unix machine?  Are local users in ldap or /etc/passwd?

What version of samba?   What version of linux?

Ideally getent passwd woudl show something like



ben:*:10001:10001:Ben George:/export/Home/SRE/ben/:bin/tcsh

or

SRE+ben:*:10001:10001:Ben George:/export/Home/SRE/ben:/bin/bash



I don't think you need a huge amount of AD experience to make
this work but I think you have to have general understanding
of what WIndows domains are about.

You should also review the smb.conf man page for the section
on idmap_ad.





On 09/30/2010 09:24 AM, Ben George wrote:



Thanks for your replay..

yes my client told me like this that's Y..and the manager
gave that work to newly joined me.. :(

i don't have any AD and core unix experience..i have only
experience in linux.not much

may this project will affect my job..  :(

my nsswitch.conf

*/passwd: files ldap winbind
group:  files ldap winbind
hosts:  dns files
ipnodes:dns files/*


*nsswitch+winbind (which I do) or the smb pam module*..? :(

 i don't know..my client's need is he has a linux
machine..also a ADS..from the unix machine, he want to share
secure folder's to the AD user's..so eash user can only
access that particular shared folder..when the password of
user changed in AD, that will affect to the
smbpassword...means without changing that particular user's
smb password in the unix machine..

for this need which method is useful..from your experience

*Does getent passwd show the windows users?*

please check the output ..i think getent password only shows
unix system password

*/bash-3.00# getent passwd
root:x:0:0:Super-User:/:/sbin/sh
daemon:x:1:1::/:
bin:x:2:2::/usr/bin:
sys:x:3:3::/:
adm:x:4:4:Admin:/var/adm:
lp:x:71:8:Line Printer Admin:/usr/spool/lp:
uucp:x:5:5:uucp Admin:/usr/lib/uucp:
nuucp:x:9:9:uucp
Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico
smmsp:x:25:25:SendMail Message Submission Program:/:

Re: [Samba] help with AD integration

[Gaiseric Vandal]

I suspect Oracle won't be much help with 3rd party s/w.I had opened 
a ticket with Sun last year (?) when I had with domain trusts with the 
samba version they provided (the trusts worked BUT the cache would 
expire and not repopulate.)   They had a cookie cutter setup for joining 
Samba to an AD domain (which wasn't relevant to me.)  They were 
supposedly going to release a build for samba 3.4.x BUT they seemed to 
have killed any more work with Samba.


If Ben switches back to samba 3.0.x from Sun he may be able to get some 
help.Altho I suspect if you did through the release notes you wilL 
NOT find Win 2008 support for Samba 3.0.x.






On 09/29/2010 11:52 AM, Rob LaRose wrote:

Hi Ben,

Which version of AD are you using?  We had no luck integrating Solaris Samba w/ 
AD 2008 last year, and were forced to use a third-party authentication product 
called Centrify DirectControl to facilitate.

This may have changed by now — have you opened a support case with Oracle?

--Rob


Rob LaRose  systems administrator
imaginary forces | 530 west 25th st | new york city | p 646.486.6868 | f 
646.486.4700 | www.imaginaryforces.com


From: Ben Georgebentech4...@gmail.commailto:bentech4...@gmail.com
Date: Wed, 29 Sep 2010 03:07:15 -0400
To: 
samba@lists.samba.orgmailto:samba@lists.samba.orgsamba@lists.samba.orgmailto:samba@lists.samba.org
Subject: [Samba] help with AD integration

HI

my name ins Ben.T.George

i am new to samba and active directory integration

my machine ins Sun Slaris SPARC (solaris 10).

the unix side samba and all deps are installed...from this link
http://www.sunfreeware.com/programlistsparc10.html#samba

now i want to sync samba with active directory..

so please help to for this..

please provide me the step by step for this..

now i am stuck with kerberos configuration.

also please provide me the kerberos step by step configuration

thanks
Ben.T.George
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba



This e-mail is intended only for the named person or entity to which it is addressed 
and contains valuable business information that is proprietary, privileged, 
confidential and/or otherwise protected from disclosure. If you received this e-mail 
in error, any review, use, dissemination, distribution or copying of this e-mail is 
strictly prohibited. Please notify us immediately of the error via e-mail 
toifpostmaster  postmas...@imaginaryforces.com and please delete the e-mail 
from your system, retaining no copies in any media. We appreciate your cooperation.

...imaginaryforces.com...

   


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] help with AD integration

[Rob LaRose]

Hi Ben,

Which version of AD are you using?  We had no luck integrating Solaris Samba w/ 
AD 2008 last year, and were forced to use a third-party authentication product 
called Centrify DirectControl to facilitate.

This may have changed by now — have you opened a support case with Oracle?

--Rob


Rob LaRose  systems administrator
imaginary forces | 530 west 25th st | new york city | p 646.486.6868 | f 
646.486.4700 | www.imaginaryforces.com


From: Ben George bentech4...@gmail.commailto:bentech4...@gmail.com
Date: Wed, 29 Sep 2010 03:07:15 -0400
To: samba@lists.samba.orgmailto:samba@lists.samba.org 
samba@lists.samba.orgmailto:samba@lists.samba.org
Subject: [Samba] help with AD integration

HI

my name ins Ben.T.George

i am new to samba and active directory integration

my machine ins Sun Slaris SPARC (solaris 10).

the unix side samba and all deps are installed...from this link
http://www.sunfreeware.com/programlistsparc10.html#samba

now i want to sync samba with active directory..

so please help to for this..

please provide me the step by step for this..

now i am stuck with kerberos configuration.

also please provide me the kerberos step by step configuration

thanks
Ben.T.George
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba



This e-mail is intended only for the named person or entity to which it is 
addressed and contains valuable business information that is proprietary, 
privileged, confidential and/or otherwise protected from disclosure. If you 
received this e-mail in error, any review, use, dissemination, distribution or 
copying of this e-mail is strictly prohibited. Please notify us immediately of 
the error via e-mail to ifpostmaster postmas...@imaginaryforces.com and 
please delete the e-mail from your system, retaining no copies in any media. We 
appreciate your cooperation.

...imaginaryforces.com...

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] help with AD integration

[Ben George]

HI
Thanks for your reply..me using.2003 server..

when i give the command in unix wbinfo -u   ,it shows all the users in AD
and wbinfo -g shows the group..

after that?

bcoz i am beginner with this.actually i am working in linux,and i got job on
sun..so my manager gave this work to me

only for me..:(

so i don't know the correct procedures about the samba-AD synchronization..

so please help me with these,for further steps.

also give me the gud tutorial for Centrify DirectControl


Again thanks for your reply
Ben.T.George








On Wed, Sep 29, 2010 at 6:52 PM, Rob LaRose r...@imaginaryforces.comwrote:


  Hi Ben,

  Which version of AD are you using?  We had no luck integrating Solaris
 Samba w/ AD 2008 last year, and were forced to use a third-party
 authentication product called Centrify DirectControl to facilitate.

  This may have changed by now — have you opened a support case with
 Oracle?

  --Rob
  *
 *
 *
 *
 *Rob LaRose  systems administrator
 imaginary forces | 530 west 25th st | new york city | p 646.486.6868 | f
 646.486.4700 | www.imaginaryforces.com
 *
  *
 *

   From: Ben George bentech4...@gmail.com
 Date: Wed, 29 Sep 2010 03:07:15 -0400
 To: samba@lists.samba.org samba@lists.samba.org
 Subject: [Samba] help with AD integration

   HI

  my name ins Ben.T.George

  i am new to samba and active directory integration

  my machine ins Sun Slaris SPARC (solaris 10).

  the unix side samba and all deps are installed...from this link
 http://www.sunfreeware.com/programlistsparc10.html#samba

  now i want to sync samba with active directory..

  so please help to for this..

  please provide me the step by step for this..

  now i am stuck with kerberos configuration.

  also please provide me the kerberos step by step configuration

  thanks
 Ben.T.George
 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  https://lists.samba.org/mailman/options/samba


 --
 This e-mail is intended only for the named person or entity to which it is
 addressed and contains valuable business information that is proprietary,
 privileged, confidential and/or otherwise protected from disclosure. If you
 received this e-mail in error, any review, use, dissemination, distribution
 or copying of this e-mail is strictly prohibited. Please notify us
 immediately of the error via e-mail to ifpostmaster
 postmas...@imaginaryforces.com and please delete the e-mail from your
 system, retaining no copies in any media. We appreciate your cooperation.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] help with user permissions

[Dale Schroeder]

 Ben,

If I understand you correctly, you are describing expected behavior.  
Using valid users means only
the users listed can access that share.  If you want all the users to 
have access, don't use valid users.


Dale


 valid users (S)

   This is a list of users that should be allowed to login to this
   service. Names starting with '@', '+' and '' are interpreted using
   the same rules as described in the /|invalid users|/ parameter.

   If this is empty (the default) then any user can login. If a
   username is in both this list and the /|invalid users|/ list then
   access is denied for that user.

   The current servicename is substituted for /|%S|/. This is useful in
   the [homes] section.

   Default: //|valid users|/ = | # No valid users list (anyone can
   login) | /

   Example: //|valid users|/ = |greg, @pcusers| /



On 09/28/2010 10:22 AM, Ben George wrote:

Hi

My Name is Ben.T.George

i successfully installed samba and other all dependencies on my Solaris 10
(SPARC) machine.

i stopped the default samba and swat and enabled these 2 from the installed
location (/usr/local/samba/sbin)

then i edited the smb.conf using swat.after that i got a smb.conf like this\


# Samba config file created using SWAT
# from UNKNOWN (ÿ¿û )
# Date: 2010/09/28 16:30:12

[global]
 workgroup = GROUP
 hosts allow = 192.168.1.

[user1]
 path = /export/home/user1
 valid users = user1

[ramana]
 path = /export/home/ramana
 valid users = ramana

[teju]
 path = /export/home/teju
 valid users = teju
[user1]
 path = /export/home/user1
 valid users = user1

after that i created these 3 user's and set password (smbpassword and normal
password)

then i added one windows xp machine to this same GROUP,i can view these
shared folders there

then my problem is when i access that particular shared folders,every time
one folder opens,when i try to access other 2 ,it says not accessible

after that i tried to create these same users on windows,i logged another
user and tried,,then the folder permission changed
still i can access another folder and other 2 are not accessible..

every time these changed according to the user.

please help me to solve thesewithout giving valid users it works
perfect for me

please


Thanks
Ben.T.George

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] help with user permissions

[Ben George]

Thanks for your reply..

yea i also want that same thing..give permission to that listed users only..

but when i checked that 3 folders in windows pc.,,only one folder can
accable without password

and when i try to access the other 2 folder's,,it says that network not
reachable..u don't have permission to access this network...like that...




On Tue, Sep 28, 2010 at 8:58 PM, Dale Schroeder 
d...@briannassaladdressing.com wrote:

  Ben,

 If I understand you correctly, you are describing expected behavior.  Using
 valid users means only
 the users listed can access that share.  If you want all the users to have
 access, don't use valid users.

 Dale

 valid users (S)

 This is a list of users that should be allowed to login to this service.
 Names starting with '@', '+' and '' are interpreted using the same rules as
 described in the *invalid users* parameter.

 If this is empty (the default) then any user can login. If a username is in
 both this list and the *invalid users* list then access is denied for that
 user.

 The current servicename is substituted for *%S*. This is useful in the
 [homes] section.

 Default: *valid users = # No valid users list (anyone can login) *

 Example: *valid users = greg, @pcusers *


 On 09/28/2010 10:22 AM, Ben George wrote:

 Hi

 My Name is Ben.T.George

 i successfully installed samba and other all dependencies on my Solaris 10
 (SPARC) machine.

 i stopped the default samba and swat and enabled these 2 from the installed
 location (/usr/local/samba/sbin)

 then i edited the smb.conf using swat.after that i got a smb.conf like this\


 # Samba config file created using SWAT
 # from UNKNOWN (ÿ¿û )
 # Date: 2010/09/28 16:30:12

 [global]
 workgroup = GROUP
 hosts allow = 192.168.1.

 [user1]
 path = /export/home/user1
 valid users = user1

 [ramana]
 path = /export/home/ramana
 valid users = ramana

 [teju]
 path = /export/home/teju
 valid users = teju
 [user1]
 path = /export/home/user1
 valid users = user1

 after that i created these 3 user's and set password (smbpassword and normal
 password)

 then i added one windows xp machine to this same GROUP,i can view these
 shared folders there

 then my problem is when i access that particular shared folders,every time
 one folder opens,when i try to access other 2 ,it says not accessible

 after that i tried to create these same users on windows,i logged another
 user and tried,,then the folder permission changed
 still i can access another folder and other 2 are not accessible..

 every time these changed according to the user.

 please help me to solve thesewithout giving valid users it works
 perfect for me

 please


 Thanks
 Ben.T.George


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] help making fileserver

[Christopher Springer]

 I have a file server that I authenticate against LDAP/Samba.  The 
smb.conf looks something like this...(which of course does not include 
the shares section of the config...)  This configuration assumes using 
nss_ldap (for getting user accounts) and POSIX ACL's for permissions 
using getfacl and setfacl.


[global]
log file = /var/log/samba/%m.log
passdb backend = ldapsam:ldap://ip address
ldap suffix = ldap suffix
ldap machine suffix = ou=Machine
ldap user suffix = ou=People
ldap group suffix = ou=Group
ldap idmap suffix = ou=IdMap
ldap admin dn = ldap dn to connect as
show add printer wizard = No
dns proxy = No
cups options = raw
server string = File Server
password server = SERVER1 SERVER2
domain logons = no
domain master = no
workgroup = CORPDOM
printcap name = cups
security = DOMAIN
preferred master = No
max log size = 50
disable spoolss = Yes


On 08/18/2010 09:37 PM, Hernan Caffera wrote:

Hi, folks !
Perhaps somebody can help me with a litle isuue.
I´ve got a PDC with Ubuntu+Samba 3.5 +LDAP  working fine in my network.
But now I’m trying to implement a fileserver that autenticate  against my domain
server.
If someone have any idea about how to do it and can give me a link or some clue
about it, I really will apreciate it!
Thank you very much for your time.





--
Christopher Springer
IS/IT Systems Administrator
BRC Rubber  Plastics, Inc
260-693-2171 x389
csprin...@brcrp.com

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] help making fileserver

[Gaiseric Vandal]

On 08/18/2010 09:37 PM, Hernan Caffera wrote:

Hi, folks !
Perhaps somebody can help me with a litle isuue.
I´ve got a PDC with Ubuntu+Samba 3.5 +LDAP  working fine in my network.
But now I’m trying to implement a fileserver that autenticate  against my domain
server.
If someone have any idea about how to do it and can give me a link or some clue
about it, I really will apreciate it!
Thank you very much for your time.


   
Is the new server also a samba server?   You should be able to configure 
it as a workgroup server or domain BDC.


My experience is that if already have an LDAP backend, and if you are 
already using LDAP for unix level account management, that  the BDC is 
the better approach  since it helps keep all your Windows and Unix id's 
consistent on both machines.



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help on Samba 4

[Daniel Müller]

Look at my howto : [Samba] HOWTO centOS 5.5 samba4 dns dynamic update of
today in this list

---
EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: muel...@tropenklinik.de
Internet: www.tropenklinik.de
---

-Ursprüngliche Nachricht-
Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im
Auftrag von Amitava Chakraborty
Gesendet: Montag, 26. Juli 2010 10:45
An: samba@lists.samba.org
Betreff: [Samba] Help on Samba 4

We are trying to install Samba 4 on a RHEL4 update 4 machine and are facing
problems. We have downloaded the samba4 tar ball from 
 
http://repo.or.cz/w/Samba.git/snapshot/master.tar.gz
 
After untarring it we have done
 
cd source4
./autogen.sh
./configure
 
But at this stage itself we are getting the following error:
 
/root/Samba/source4/wscript: error: Traceback (most recent call last):
  File
/root/Samba/buildtools/bin/.waf-1.5.17-164170d221747ffbb50f4a8b9ccc2b2a/waf
admin/Utils.py, line 198, in load_module
exec(compile(code,file_path,'exec'),module.__dict__)
  File /root/Samba/source4/wscript, line 11, in ?
import wafsamba, Options, samba_dist, Scripting
  File ../buildtools/wafsamba/wafsamba.py, line 53
@conf
^
SyntaxError: invalid syntax
 
Can anybody kindly help us?
 
 
Regards
Amitava CAhkraborty
 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help to buy a SAN server

[Dave Wynne]

Another option is
http://www.openfiler.com/
open source etc.




Best regards,

Dave Wynne
Senior Engineer
Artimech Pty. Ltd.
MiniFab
1 Dalmore Drive
Scoresby, Vic 3179 Australia
Tel: (03) 9753 3700
Fax: (03) 9753 3711

Email:d...@artimech.com.au  
Please Visit Our Website  www.artimech.com.au  
Information Contained Within This Communication Is Private and In Confidence

 -Original Message-
From:   samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org]  
On Behalf Of Gaiseric Vandal
Sent:   Thursday, 17 June 2010 11:28
To: samba@lists.samba.org
Subject:Re: [Samba] Help to buy a SAN server

NetGear and Buffalo make lower cost workgroup NAS server.   But this isn't
really a samba question.   You want to decide SAN vs NAS. There is a big
range of stuff out there -  you may want to talk to a reseller if your
company uses one.  NetApp is a higher end vendor. EMC and Sun are the big
$$$ products.


I bought a cheap 1 disk user size NAS appliance from netgear.  I had to
return it.  It was using linux with a version of samba that was not
compatible with the version of samba running on my PDC.  I was unable to
join it to the Samba domain which meant I could not apply user permissions
to the files on the NAS.  I could not rebuild samba myself and there were no
patches from the vendor.  

NAS can be nice if you want your end user PC's to be able to access files
directly from the appliance.And you can use it for backups if you want
to rsync data from your servers to it.

If you want to add more disk space to a server, SAN is they want to go.
The server will see the space on the SAN as a block-type disk device, not
a network share.  SAN is really most useful when you want to share a disk
storage appliance between multiple servers-  e.g. 70 % might be to add disk
space to one server and 30 % might be for another server.  SAN is also
useful if you are into fail over and virtualization.   Beyond the scope of
this discussion.   



-Original Message-
From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org]
On Behalf Of Yannick Bergeron
Sent: Wednesday, June 16, 2010 7:36 PM
To: nasrin...@yahoo.com; samba@lists.samba.org
Subject: Re: [Samba] Help to buy a SAN server


I'm moderating the samba-technical mailing list. 
This post is more 
appropriate on samba@lists.samba.org
So I'll just answer on this one 
and discard the post on samba-technical

 Hi,
 I have to linux server and using samba beetwen all win xp and win7
clients.
 I need to have som SAN box that working az raid 5 and backup.
 What I find is just supporting windows OS not Linux.
 Do you have any sugastion?
 Thanks a lot,
 Best regards,
 Nasrin Khatami,
 nasr...@skarpnack.fhsk.se

Don't mix up SAN and NAS, both are 2 different things ;)
You are probably talking about a NAS than a SAN
What do you mean about just supporting windows and not Linux?
If they support SMB/CIFS or any protocol such as FTP, SSH, etc., you'll be
able to use them from your Linux
  
_
Learn more ways to connect with your buddies now
http://go.microsoft.com/?linkid=9734388
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help to buy a SAN server

[Dave Wynne]

Another option is
http://www.openfiler.com/

or

http://freenas.org/


open source etc.





Best regards,

Dave Wynne
Senior Engineer
Artimech Pty. Ltd.
MiniFab
1 Dalmore Drive
Scoresby, Vic 3179 Australia
Tel: (03) 9753 3700
Fax: (03) 9753 3711

Email:d...@artimech.com.au  
Please Visit Our Website  www.artimech.com.au  
Information Contained Within This Communication Is Private and In Confidence

 -Original Message-
From:   samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org]  
On Behalf Of Gaiseric Vandal
Sent:   Thursday, 17 June 2010 11:28
To: samba@lists.samba.org
Subject:Re: [Samba] Help to buy a SAN server

NetGear and Buffalo make lower cost workgroup NAS server.   But this isn't
really a samba question.   You want to decide SAN vs NAS. There is a big
range of stuff out there -  you may want to talk to a reseller if your
company uses one.  NetApp is a higher end vendor. EMC and Sun are the big
$$$ products.


I bought a cheap 1 disk user size NAS appliance from netgear.  I had to
return it.  It was using linux with a version of samba that was not
compatible with the version of samba running on my PDC.  I was unable to
join it to the Samba domain which meant I could not apply user permissions
to the files on the NAS.  I could not rebuild samba myself and there were no
patches from the vendor.  

NAS can be nice if you want your end user PC's to be able to access files
directly from the appliance.And you can use it for backups if you want
to rsync data from your servers to it.

If you want to add more disk space to a server, SAN is they want to go.
The server will see the space on the SAN as a block-type disk device, not
a network share.  SAN is really most useful when you want to share a disk
storage appliance between multiple servers-  e.g. 70 % might be to add disk
space to one server and 30 % might be for another server.  SAN is also
useful if you are into fail over and virtualization.   Beyond the scope of
this discussion.   



-Original Message-
From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org]
On Behalf Of Yannick Bergeron
Sent: Wednesday, June 16, 2010 7:36 PM
To: nasrin...@yahoo.com; samba@lists.samba.org
Subject: Re: [Samba] Help to buy a SAN server


I'm moderating the samba-technical mailing list. 
This post is more 
appropriate on samba@lists.samba.org
So I'll just answer on this one 
and discard the post on samba-technical

 Hi,
 I have to linux server and using samba beetwen all win xp and win7
clients.
 I need to have som SAN box that working az raid 5 and backup.
 What I find is just supporting windows OS not Linux.
 Do you have any sugastion?
 Thanks a lot,
 Best regards,
 Nasrin Khatami,
 nasr...@skarpnack.fhsk.se

Don't mix up SAN and NAS, both are 2 different things ;)
You are probably talking about a NAS than a SAN
What do you mean about just supporting windows and not Linux?
If they support SMB/CIFS or any protocol such as FTP, SSH, etc., you'll be
able to use them from your Linux
  
_
Learn more ways to connect with your buddies now
http://go.microsoft.com/?linkid=9734388
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help to buy a SAN server

[Yannick Bergeron]

I'm moderating the samba-technical mailing list. 
This post is more 
appropriate on samba@lists.samba.org
So I'll just answer on this one 
and discard the post on samba-technical

 Hi,
 I have to linux server and using samba beetwen all win xp and win7 clients.
 I need to have som SAN box that working az raid 5 and backup.
 What I find is just supporting windows OS not Linux.
 Do you have any sugastion?
 Thanks a lot,
 Best regards,
 Nasrin Khatami,
 nasr...@skarpnack.fhsk.se

Don't mix up SAN and NAS, both are 2 different things ;)
You are probably talking about a NAS than a SAN
What do you mean about just supporting windows and not Linux?
If they support SMB/CIFS or any protocol such as FTP, SSH, etc., you'll be able 
to use them from your Linux
  
_
Learn more ways to connect with your buddies now
http://go.microsoft.com/?linkid=9734388
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help to buy a SAN server

[Gaiseric Vandal]

NetGear and Buffalo make lower cost workgroup NAS server.   But this isn't
really a samba question.   You want to decide SAN vs NAS. There is a big
range of stuff out there -  you may want to talk to a reseller if your
company uses one.  NetApp is a higher end vendor. EMC and Sun are the big
$$$ products.


I bought a cheap 1 disk user size NAS appliance from netgear.  I had to
return it.  It was using linux with a version of samba that was not
compatible with the version of samba running on my PDC.  I was unable to
join it to the Samba domain which meant I could not apply user permissions
to the files on the NAS.  I could not rebuild samba myself and there were no
patches from the vendor.  

NAS can be nice if you want your end user PC's to be able to access files
directly from the appliance.And you can use it for backups if you want
to rsync data from your servers to it.

If you want to add more disk space to a server, SAN is they want to go.
The server will see the space on the SAN as a block-type disk device, not
a network share.  SAN is really most useful when you want to share a disk
storage appliance between multiple servers-  e.g. 70 % might be to add disk
space to one server and 30 % might be for another server.  SAN is also
useful if you are into fail over and virtualization.   Beyond the scope of
this discussion.   



-Original Message-
From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org]
On Behalf Of Yannick Bergeron
Sent: Wednesday, June 16, 2010 7:36 PM
To: nasrin...@yahoo.com; samba@lists.samba.org
Subject: Re: [Samba] Help to buy a SAN server


I'm moderating the samba-technical mailing list. 
This post is more 
appropriate on samba@lists.samba.org
So I'll just answer on this one 
and discard the post on samba-technical

 Hi,
 I have to linux server and using samba beetwen all win xp and win7
clients.
 I need to have som SAN box that working az raid 5 and backup.
 What I find is just supporting windows OS not Linux.
 Do you have any sugastion?
 Thanks a lot,
 Best regards,
 Nasrin Khatami,
 nasr...@skarpnack.fhsk.se

Don't mix up SAN and NAS, both are 2 different things ;)
You are probably talking about a NAS than a SAN
What do you mean about just supporting windows and not Linux?
If they support SMB/CIFS or any protocol such as FTP, SSH, etc., you'll be
able to use them from your Linux
  
_
Learn more ways to connect with your buddies now
http://go.microsoft.com/?linkid=9734388
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help to buy a SAN server

[Gaiseric Vandal]

NetGear and Buffalo make lower cost workgroup NAS server.   But this isn't
really a samba question.   You want to decide SAN vs NAS. There is a big
range of stuff out there -  you may want to talk to a reseller if your
company uses one.  NetApp is a higher end vendor. EMC and Sun are the big
$$$ products.


I bought a cheap 1 disk user size NAS appliance from netgear.  I had to
return it.  It was using linux with a version of samba that was not
compatible with the version of samba running on my PDC.  I was unable to
join it to the Samba domain which meant I could not apply user permissions
to the files on the NAS.  I could not rebuild samba myself and there were no
patches from the vendor.  

NAS can be nice if you want your end user PC's to be able to access files
directly from the appliance.And you can use it for backups if you want
to rsync data from your servers to it.

If you want to add more disk space to a server, SAN is they want to go.
The server will see the space on the SAN as a block-type disk device, not
a network share.  SAN is really most useful when you want to share a disk
storage appliance between multiple servers-  e.g. 70 % might be to add disk
space to one server and 30 % might be for another server.  SAN is also
useful if you are into fail over and virtualization.   Beyond the scope of
this discussion.   



-Original Message-
From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org]
On Behalf Of Yannick Bergeron
Sent: Wednesday, June 16, 2010 7:36 PM
To: nasrin...@yahoo.com; samba@lists.samba.org
Subject: Re: [Samba] Help to buy a SAN server


I'm moderating the samba-technical mailing list. 
This post is more 
appropriate on samba@lists.samba.org
So I'll just answer on this one 
and discard the post on samba-technical

 Hi,
 I have to linux server and using samba beetwen all win xp and win7
clients.
 I need to have som SAN box that working az raid 5 and backup.
 What I find is just supporting windows OS not Linux.
 Do you have any sugastion?
 Thanks a lot,
 Best regards,
 Nasrin Khatami,
 nasr...@skarpnack.fhsk.se

Don't mix up SAN and NAS, both are 2 different things ;)
You are probably talking about a NAS than a SAN
What do you mean about just supporting windows and not Linux?
If they support SMB/CIFS or any protocol such as FTP, SSH, etc., you'll be
able to use them from your Linux
  
_
Learn more ways to connect with your buddies now
http://go.microsoft.com/?linkid=9734388
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] help installing samba 3.0.37 on solairs 9 server

[Michael Wood]

On 30 March 2010 23:24,  gregory.jo...@exeloncorp.com wrote:
 I am getting these errors running:
 sh makepkg.sh

 can anyone help?

 ===
 root#  sh makepkg.sh
 Distribution base:  /var/tmp/samba-3.0.37
 Temp install dir:   /tmp/samba-3.0.37-build
 Install directory:  /opt/samba
 mkdir: Failed to make directory /tmp/samba-3.0.37-build; File exists

Try: mv /tmp/samba-3.0.37-build{,.old}

before running sh makepkg.sh again.

Not sure if that will fix the other issues, but the first thing it's
complaining about is that it can't create the directory because
there's already a file/directory called that.

 make: Fatal error: Don't know how to make target `install'
 makepkg.sh: bin/smbd: not found
 .
 .
 . (truncated for easy reading)
 cp: cannot access nsswitch/libnss_wins.so
 cp: cannot access nsswitch/libnss_winbind.so
 makepkg.sh: /tmp/samba-3.0.37-build//smbd: not found
 makepkg.sh: man: does not exist
 ## Building pkgmap from package prototype file.
 ERROR in prototype:
    no object for sbin/smbd found in root directory
    no object for sbin/nmbd found in root directory
 .
 .
 . (truncated)
 .
 .
 WARNING: parametric paths may ignore BASEDIR
 pkgmk: ERROR: unable to build pkgmap from prototype file
 ## Packaging was not successful.
 The samba package is in /tmp

-- 
Michael Wood esiot...@gmail.com
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help with Samba 2.28 configuration

[Volker Lendecke]

On Wed, Mar 10, 2010 at 02:10:14PM -0800, Purnell, Alton J wrote:
 I'm not sure if anyone will get this note.
 If you are willing to help me, page me @ 800.247.0493 .
 I  have Samba 2.28 installed and working on 2 Windows Server 2003.
 I am having trouble getting users authenticated on Samba via the windows 
 server.
 I have solaris8 on the unix server. I  have tried many, many methods.
 Currently, I trying to configure Samba with a domain setup... still no success

Samba 2.2.8 is ancient. Isn't there a way to get something
newer?

Volker


signature.asc
Description: Digital signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help with Samba 2.28 configuration

[Gaiseric Vandal]

On 03/11/2010 10:38 AM, Volker Lendecke wrote:

On Wed, Mar 10, 2010 at 02:10:14PM -0800, Purnell, Alton J wrote:
   

I'm not sure if anyone will get this note.
If you are willing to help me, page me @ 800.247.0493 .
I  have Samba 2.28 installed and working on 2 Windows Server 2003.
I am having trouble getting users authenticated on Samba via the windows server.
I have solaris8 on the unix server. I  have tried many, many methods.
Currently, I trying to configure Samba with a domain setup... still no success
 

Samba 2.2.8 is ancient. Isn't there a way to get something
newer?

Volker
   
Is one of the Windows servers the PDC?  Is it in mixed mode (i.e. will 
support NT4 servers.)  If the domain mode is native 2000/2003 it 
probably is not going to work.


Or are you trying to configure Samba as the PDC?


On the samba server, do you see the users with wbinfo -u command?
Do you see the users with the getent passwd command?

If you see the users with wbinfo -u but not getent passwd verify 
that /etc/nsswitch.conf has entries for

passwd: winbind 
group: winbind 




Can you update your machine to Solaris 10?   That has a bundled Samba 
3.0.x.   (But Solaris 10 has some pretty big changes as well that you 
may want to avoid for now.)   Solaris 8 is  no longer a supported 
platform by Sun.


You can also download precompiled samba packages from 
www.sunfreeware.com BUT I don't think it includes the necessary nss 
winbind files so you may want to recompile anyway.  (I would still use 
GCC from sunfreeware for this.)   If samba is the PDC and the only samba 
server and you aren't setting up domain trusts  then you don't need the 
winbind stuff working anyway.


Solaris 10 is available for both sparc and x86-  you can use a spare PC 
as a test machine even if your final platform will be on sparc.
Solaris 9 should also be available for download for both platforms-  
Solaris 9 is pretty similar from the command line to Solaris 8.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help with Samba 2.28 configuration

[Volker Lendecke]

On Thu, Mar 11, 2010 at 11:05:15AM -0500, Gaiseric Vandal wrote:
 On 03/11/2010 10:38 AM, Volker Lendecke wrote:
 On Wed, Mar 10, 2010 at 02:10:14PM -0800, Purnell, Alton J wrote:

 I'm not sure if anyone will get this note.
 If you are willing to help me, page me @ 800.247.0493 .
 I  have Samba 2.28 installed and working on 2 Windows Server 2003.
 I am having trouble getting users authenticated on Samba via the windows 
 server.
 I have solaris8 on the unix server. I  have tried many, many methods.
 Currently, I trying to configure Samba with a domain setup... still no 
 success
  
 Samba 2.2.8 is ancient. Isn't there a way to get something
 newer?

 Volker

 Is one of the Windows servers the PDC?  Is it in mixed mode (i.e. will  
 support NT4 servers.)  If the domain mode is native 2000/2003 it  
 probably is not going to work.

That's a myth. The only thing native mode prohibits is a NT4
Backup Domain Controller. Samba members work in all Windows
domain modes, although for example 2.2 won't talk to a
default w2k3 dc due to missing SMB signing in 2.2.

Volker


signature.asc
Description: Digital signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help with Samba 2.28 configuration

[Gaiseric Vandal]

On 03/11/2010 11:31 AM, Volker Lendecke wrote:

On Thu, Mar 11, 2010 at 11:05:15AM -0500, Gaiseric Vandal wrote:
   

On 03/11/2010 10:38 AM, Volker Lendecke wrote:
 

On Wed, Mar 10, 2010 at 02:10:14PM -0800, Purnell, Alton J wrote:

   

I'm not sure if anyone will get this note.
If you are willing to help me, page me @ 800.247.0493 .
I  have Samba 2.28 installed and working on 2 Windows Server 2003.
I am having trouble getting users authenticated on Samba via the windows server.
I have solaris8 on the unix server. I  have tried many, many methods.
Currently, I trying to configure Samba with a domain setup... still no success

 

Samba 2.2.8 is ancient. Isn't there a way to get something
newer?

Volker

   

Is one of the Windows servers the PDC?  Is it in mixed mode (i.e. will
support NT4 servers.)  If the domain mode is native 2000/2003 it
probably is not going to work.
 

That's a myth. The only thing native mode prohibits is a NT4
Backup Domain Controller. Samba members work in all Windows
domain modes, although for example 2.2 won't talk to a
default w2k3 dc due to missing SMB signing in 2.2.

Volker
   


I stand corrected-  I have not tried setting up Samba as an Active 
Directory client and had forgotten about this.However I think  would 
require kerberos configuration on the samba machine- which may open up a 
whole new set of challenges.(I could never get kerberos to play nice 
between Solaris and Linux machines, let alone trying to have Samba use it.)



Can you set up domain trusts between a Samba Domain (samba PDC) and a 
Windows domain with a Win 2003 PDC in Native mode?My understanding 
had been that this was an NT4 domain trust mechanism.


I did try setting up a domain trust trust with a Windows 2008 PDC in 
native 2003 mode -  which was did not work.   (this may have just been 
a discrepancy between NTLM versions or other security settings rather 
than a fundamental incompatibility.)   The domain trust between Samba 
and a Win 2003 PDC in mixed mode did work.







--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help to fix the remaining problems when migration from windows to a linux print server

[Salatiel Filho]

Ok, i will answer a few of my own questions cause maybe someone still
have those problems, but i would appreciate if someone could lead me
to answer the others .


On Sat, Jan 23, 2010 at 14:29, Salatiel Filho salatiel.fi...@gmail.com wrote:
 Hi, i am trying to migrate my print servers from windows to linux ,
 everything is getting really nice but i still face a few problems ,
 and since i don't know if i need help from cups or samba guys i will
 post to both lists, so maybe someone can give me some help.

 Well, i have now cups and samba working just fine, i can authenticate
 my users in cups from Active Directory using winbind and they can
 print just fine. The remaining problems/doubts are:

 1) Is there a way to run cupsaddsmb when security = ads in smb.conf ?
No idea yet.
 I always have to set security = user before running cupsaddsmb or it
 will fail.
 2) Even though my cups printers are configured to DefaultPage = A4,
 after a cupsaddsmb all windows clients still default to LETTER. What
 am i doing wrong? Is there a way to mass set all printer queues in
 windows to use A4 ? Some rpcclient parameter to change this ? I have
 over 1k queues, so manually change each one in windows GUI is kinda
 very time consuming.
You can use the setprinter command from windows resource kit to mass
set all printers to a4.
 3) Why do i always get count page = 1 when printing from windows ? I
 thought since i was using the right PPD for  each printer  and adobe
 postscripts + cups drivers exported from cupsaddsmb , page accounting
 would work, but apparently not.
I had cups option = raw in smb.conf , so all jobs would go directly to
the printer. This was also impacting printing in my non-postscript
printers cause the printer was printing the PS source. Remove that
line from smb.conf will fix the page count and printing in non-ps
printers.
 4) now the critical problem , sometimes when im trying to print a big
 job, over 400 hundred pages with lots of pictures to a cups class from
 Word for example , word starts spooling to the samba spool but after
 it finishes printing the only thing really printed in cups is the
 BANNER page, the job itself never gets there.
Still the same proble, for now i am using the queue in raw mode and
using the windows driver.


 Thanks in advance.

 --
 []'s
 Salatiel

 O maior prazer do inteligente é bancar o  idiota
   diante de um  idiota que banca o inteligente.




-- 
[]'s
Salatiel

O maior prazer do inteligente é bancar o  idiota
   diante de um  idiota que banca o inteligente.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help with samba implementation

[Andrew Masterson]

If you are doing anything samba related on AIX, I highly suggest that
you look at the pware site.

http://pware.hvcc.edu/

there are some docs on setting up Bill's pWare compile of samba on AIX
here:

http://pware.hvcc.edu/documentation.html

And you can join the pWare mailing list here:

http://lists.hvcc.edu/mailman/listinfo/pware

Bill is usually very helpful in getting people's difficulties ironed
out, and has the most current, stable versions of samba compiled and
working for 6.1.

-=Andrew
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help with samba implementation

[Adam Tauno Williams]

On Thu, 2010-01-21 at 11:20 -0500, roxane.b.el...@census.gov wrote:
 I am writing from the US Census Bureau in Washington, DC.  There is an 
 immediate need for samba to be implemented on 3 AIX lpars. 
 Attached is the smb.conf file and testparm for dadsp003.
 Here is the scenario:
 3 AIX, 6.1 lpars, dadsp001, dadsp002 and dadsp003.  Installed samba 3.0.24 
 from aix6 cd.  Currently installed on dadsp002 and dadsp003.  Configured 
 only on dadsp003.

That is a *seriously* antique version of Samba,  you may have some
compatibility issues with newer client OSs.  pWare provides much more
current versions of Samba for AIX http://pware.hvcc.edu/

Otherwise these is nothing different about setting up Samba on AIX vs.
other operating systems.

 The local networks on all 3 lpars are 192.168.0 and 192.168.1
 I have 2 shares configured. The daemons (smdb and nmdb) are running and 
 users can connect to the shares on dadsp003.
 How do I add/configure the other 2 lpars (dadsp001 and dadsp002) so a user 
 can login to dadsp001 or dadsp002 and have the shares available.  We do 
 not use ldap on the AIX servers.  I am using smbpasswd to configure users 
 as you will see in the smb.conf.dadsp003 file.

You will need to add identical entries to all three smbpasswd (given
that you have no network backend for authentication / identification).

 We have the net use command for dadsp003 working via ssh login from AIX 
 to windows.  In addition to any configuration, my guess would be that the 
 same net use command can be changed to point from the correct server.
 I have no idea if I am asking the right question(s), 

I'm not sure what from AIX to windows means.

 but I have to start 
 somewhere.  The developers/testers are way behind in their work waiting on 
 the samba configuration.  HELP ASAP please.  I have read and googled to 
 the point of confusion.

Google is not your friend.  Avoid all documentation except
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ and
http://www.samba.org/samba/docs/man/Samba-Guide/ which really do lay
it out step-by-step, especially the Guide.  Start with
http://www.samba.org/samba/docs/man/Samba-Guide/simple.html.

 A phone call would be great, but if email is the only way, then I will 
 take what I can get.

Do you have the smbd  nmbd services running?  Do Windows clients see
the Samba servers?

-- 
OpenGroupware developer: awill...@whitemice.org
http://whitemiceconsulting.blogspot.com/
OpenGroupare  Cyrus IMAPd documenation @
http://docs.opengroupware.org/Members/whitemice/wmogag/file_view

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] [HELP] SAMBA as PDC for windows.

[Robert Freeman-Day]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Thu, 21 Jan 2010, Chris_90 wrote:


Date: Thu, 21 Jan 2010 05:45:12 -0800 (PST)
From: Chris_90 chrischris...@hotmail.com
To: samba@lists.samba.org
Subject: [Samba]  [HELP] SAMBA as PDC for windows.


Hi guys, well, reason I'm here is because im stuck, I've tried everything but
have come up empty handed every single time, and I really need this
security, and fast. I'm not going to pay a few thousand for windows server
... because this can be done with SAMBA. Here goes. I tried to setup samba
with defaults, went to (on windows) Control Panel - System - (TAB)
Computer Name - Change ... Change domain name to my domain name I setup on
samba  and I get this error :
[code]
A domain controler for domain X could not be located.
Ensure the domain name is typed correctly.
[/code]
After that I went to a website and got some other configs and I used them :
[code]
[global]
workgroup = mydomain
wins support = yes
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
map to guest = Bad User
include = /etc/samba/dhcp.conf
logon path = \%L\profiles\.msprofile
logon home = \%L\%U\.9xprofile
logon drive = P:
domain logons = Yes
os level = 65
usershare allow guests = No
add machine script = /usr/sbin/useradd  -c Machine -d /var/lib/nobody -s
/bin/false %m$
domain logons = Yes
domain master = Yes
local master = Yes
os level = 64
preferred master = Yes
security = user
netbios name = mycomp
passdb backend = smbpasswd
[/code]

But still I get exactly the same error, now I don't know if I need some
other things setup with this for it to work, I need some help urgently ...
please help ... N.B. On this comp no DHCP or DNS server is setup, for the
sole reason that I have no idea how to do it. I would appreciate the help
... and please be very specific as I have about 2 weeks linux experience
 I use SUSE 11.1.

Thanx in advance.
Chris.
--
View this message in context: 
http://old.nabble.com/-HELP--SAMBA-as-PDC-for-windows.-tp27257909p27257909.html
Sent from the Samba - General mailing list archive at Nabble.com.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

You may want to read over some of the docs from samba and others.  Also, 
you need DNS or at least DNS records for your domain controller.  Read 
over the docs below before replying with further questions.  Setting up a 
Domain Controller is not a trivial or quick task.


http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-pdc.html

http://www.enterprisenetworkingplanet.com/nethub/article.php/10950_1144701_1

- ---Robert Freeman-Day
- ---
I would really like you to be on my side,
but the side you show me isn't what I had in mind.

- -Judybats
GPG Public Key:
http:keyserver.ubuntu.com:11371/pks/lookup?op=getsearch=0xBA9DF9ED3E4C7D36

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAktYyqUACgkQup357T5MfTaDgwCgqUmKHIRzAIX8qhVFj9zc3gaJ
skoAnicqDDcKzoM/Ql8SaYFsulAT1Erc
=C+O+
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help - Cannot join Windows 7 client to Samba PDC

[nf-vale]

Make sure that this settings are as follows:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon\Parameters]
“RequireSignOrSeal”=dword:0001
“RequireStrongKey”=dword:0001

It helped solve a problem like the one you're having.

On Thursday 14 January 2010 09:27:08 Richard Basch wrote:
 I have been going through all the Wikis and various Google searches to try
 to solve my problem, all to no avail.
 
 I can mount a Samba share, but whenever I try to login using a domain
 account, I receive an error about The trust relationship between this
 workstation and the primary domain failed.
 
 What I have done so far, all to no avail.
 - Upgraded from Samba 3.4.2 to Samba 3.4.4 (under OpenSUSE 11.2)
 - Edited the registry settings on my Windows 7 client
   HKLM\System\CCS\Services\LanmanWorkstation\Parameters
   DWORD DomainCompatibilityMode = 1
   DWORD DNSNameResolutionRequired = 0
 (I also tried reducing the security requirements for signing  encryption,
 but have read this is not required with current versions of Samba.)
 
 (And, I am running Windows 7 Professional on my client.)
 
 testparm -v indicates my smb.conf is valid, and I am able to mount
  shares, which is a positive indication the OpenLDAP integration is
  working.  I am running OpenLDAP 2.4.15 or higher on all my LDAP servers (I
  think they are all 2.4.19 - 2.4.21).
 
 DNS is static, with none of the normal ADS entries.  Only the DHCP server
  is allowed to modify DNS (and only the forward map allows updates, since
  DHCP updates of the reverse in-addr.arpa maps were problematic).  To
  assist with finding the domain controller, I added the following to
 C:\Windows\System32\Drivers\etc\lmhosts:
   192.168.15.2tardis  #PRE #DOM:N2HA
 (Thus my attempts to join the domain appear successful, with the documented
 warnings about the domain suffix.  Unfortunately, appearances are deceiving
 when I actually try to login using a domain account.)
 
 Attached are entries from my smbd.log and C:\Windows\debug\NetSetup.log and
 smb.conf.
 
 Any assistance or guidance would be greatly appreciated.
 
 log.smbd
 
 [2010/01/14 03:31:38,  0]
 rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3)
   _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting
 auth request from client BAST machine account BAST$
 [2010/01/14 03:31:38,  0]
 rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3)
   _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting
 auth request from client BAST machine account BAST$
 [2010/01/14 03:31:48,  0] lib/util_sock.c:539(read_fd_with_timeout)
 [2010/01/14 03:31:48,  0] lib/util_sock.c:1491(get_peer_addr_internal)
   getpeername failed. Error was Transport endpoint is not connected
   read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by
 peer.
 [2010/01/14 03:33:17,  0]
 rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3)
   _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting
 auth request from client BAST machine account BAST$
 [2010/01/14 03:33:17,  0]
 rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3)
   _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting
 auth request from client BAST machine account BAST$
 [2010/01/14 03:33:30,  0] lib/util_sock.c:539(read_fd_with_timeout)
 [2010/01/14 03:33:30,  0] lib/util_sock.c:1491(get_peer_addr_internal)
   getpeername failed. Error was Transport endpoint is not connected
   read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by
 peer.
 [2010/01/14 03:34:18,  0] lib/util_sock.c:539(read_fd_with_timeout)
 [2010/01/14 03:34:18,  0] lib/util_sock.c:1491(get_peer_addr_internal)
   getpeername failed. Error was Transport endpoint is not connected
   read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by
 peer.
 
 
 C:\Windows\debug\NetSetup.log
 =
 01/13/2010 23:36:18:337 NetpJoinDomain: status of connecting to dc
 '\\TARDIS': 0x0
 01/13/2010 23:36:18:337 NetpProvisionComputerAccount:
 01/13/2010 23:36:18:337   lpDomain: N2HA
 01/13/2010 23:36:18:337   lpMachineName: BAST
 01/13/2010 23:36:18:337   lpMachineAccountOU: (NULL)
 01/13/2010 23:36:18:337   lpDcName: TARDIS
 01/13/2010 23:36:18:337   lpDnsHostName: (NULL)
 01/13/2010 23:36:18:337   lpMachinePassword: (null)
 01/13/2010 23:36:18:337   lpAccount: N2HA\ntadmin
 01/13/2010 23:36:18:337   lpPassword: (non-null)
 01/13/2010 23:36:18:337   dwJoinOptions: 0x25
 01/13/2010 23:36:18:337   dwOptions: 0x4003
 01/13/2010 23:36:18:352 NetpLdapBind: ldap_bind failed on TARDIS: 49:
 Invalid Credentials
 01/13/2010 23:36:18:426 NetpGetLsaPrimaryDomain: DNS Domain policy not
 supported, falling back to Primary Domain
 01/13/2010 23:36:18:430 NetpGetLsaPrimaryDomain: status: 0x0
 01/13/2010 23:36:18:432 NetpCreateComputerObjectInDs: DC passed '\\TARDIS'
 doesn't have writable DS 0x101
 01/13/2010