Re: [Samba] Help troubleshooting find_domain_master_name_query_fail on SMB v4?
Several things you could try. 1. Set in [global] domain master = yes 2. Use either wins support or wins server, but not both. Based on what you have in interfaces, if this system is to be the wins server, then use wins support = yes and eliminate the wins server parameter. 3. Check for firewall / selinux / apparmor issues. Also it is no longer recommended to use the socket options directive. For a standalone server, you do not need any of the idmap or logon parameters. There are probably other you could eliminate, but these are the most obvious. Dale On 09/07/2013 6:35 PM, d...@sent.com wrote: I'm running smbd -V Version 4.1.0rc2-3.1-3075-SUSE-oS12.3-x86_64 This is a standalone server, and the only SMB/CIFS instance on my LAN. On launch, I see the following find_domain_master_name_query_fail error in logs. I can't track down what I've managed to do wrong; pointers appreciated. == log.nmbd == [2013/09/07 16:21:41, 2] ../source3/nmbd/nmbd_elections.c:42(send_election_dgram) send_election_dgram: Sending election packet for workgroup WORKGROUP on subnet 192.168.1.202 [2013/09/07 16:21:41, 2] ../source3/nmbd/nmbd_elections.c:205(run_elections) run_elections: Won election for workgroup WORKGROUP on subnet 192.168.1.202 [2013/09/07 16:21:41, 2] ../source3/nmbd/nmbd_become_lmb.c:538(become_local_master_browser) become_local_master_browser: Starting to become a master browser for workgroup WORKGROUP on subnet 192.168.1.202 [2013/09/07 16:21:49, 0] ../source3/nmbd/nmbd_become_lmb.c:397(become_local_master_stage2) * Samba name server test is now a local master browser for workgroup WORKGROUP on subnet 192.168.1.202 * [2013/09/07 16:21:49, 0] ../source3/nmbd/nmbd_browsesync.c:354(find_domain_master_name_query_fail) find_domain_master_name_query_fail: Unable to find the Domain Master Browser name WORKGROUP1b for the workgroup WORKGROUP. Unable to sync browse lists in this workgroup. Checking smbclient -N -L test Domain=[WORKGROUP] OS=[Unix] Server=[Samba 4.1.0rc2-3.1-3075-SUSE-oS12.3-x86_64] Sharename Type Comment - --- testSHARE Disk IPC$IPC IPC Service (Samba 4.1.0rc2-3.1-3075-SUSE-oS12.3-x86_64) Domain=[WORKGROUP] OS=[Unix] Server=[Samba 4.1.0rc2-3.1-3075-SUSE-oS12.3-x86_64] Server Comment ---- test Samba 4.1.0rc2-3.1-3075-SUSE-oS12.3-x86_64 WorkgroupMaster ---- WORKGROUP test My smb conf is cat /etc/samba/smb.conf [global] interfaces = 192.168.1.202/255.255.252.0 smb ports = 137 138 139 445 bind interfaces only = yes hosts allow = 192.168.1. 127.0.0.1 localhost hosts deny = all max connections = 5 max xmit = 32767 strict sync = no sync always = no strict locking = no keepalive = 300 wide links = yes getwd cache = yes use sendfile = true netbios name = test workgroup = WORKGROUP *wins support = yes wins server = 192.168.1.202* local master = yes preferred master = yes os level = 65 name resolve order = wins bcast security = user encrypt passwords = yes passdb backend = tdbsam map to guest = Bad User username map = /etc/samba/username_map.conf *idmap config * : backend = tdb2 idmap config * : range = 100-200 logon path = \\%L\profiles\.msprofile logon home = \\%L\%U\.9xprofile logon drive = P:* usershare allow guests = no load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes printcap cache time = 0 log file =
Re: [Samba] Help Samba license
On Wed, 2013-07-10 at 11:30 +0800, blue_sky886 wrote: Hi, I want to use library of samba that license is GPLv2 in my program that is proprietary. The source code version of samba is 3.0.6. Is it possible to modify the license to LGPL? Thanks. No, it is not possible. We can only suggest you licence your program under GPL compatible terms. Additionally, all supported Samba versions are now licensed under GPLv3 or later, with only some specific support libraries under other less protective licences. I hope this clarifies things, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help Samba license
On Wed, Jul 10, 2013 at 11:30:35AM +0800, blue_sky886 wrote: Hi, I want to use library of samba that license is GPLv2 in my program that is proprietary. The source code version of samba is 3.0.6. Is it possible to modify the license to LGPL? I'm afraid not. Your only options are to release your own code under a GPLv2 compatible license or to cease using the Samba library with your proprietary code. Regards, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help pls. -- Samba permission question
If you want the CIFS permissions to be set correctly, use the Samba/CIFS tools to set them (ie. set them from the client. Don't set them using Unix permissions on the server). Your example shows you setting the group to managegroup but your smb.conf forces the group to management. Which is it? The last line in your server commands I believe should be chmod, not chowm. On 12/12/12 12:21 PM, J Gao wrote: Hi, All, I'm having a problem with my samba server(v3.6.9) setup. I have a share on the server: #cd / #mkdir managment #chown -R root:managegroup management #chowm -R 2770 management When I test this I found out: the managegroup member can create new file/dir with the correct permission: -rwxrws--- or drwxrws--- BUT, when the client copy a file or dir to the share from his local drive, then some file/dir will have different the permission when it coiped to the Samba share. (for example, drwxrwxr-x) We have both Windows and Ubuntu client. Ubuntu client use cifs.mount to access the Samba share. Here is my smb.conf file. Please help me. All I want is when and file and/or dir end up on the samba share, it should have 770 permission. Thanks. Gao my smb.conf: [global] workgroup = WORKGROUP server string = My File Server interfaces = lo bond0 192.168.1.2/24 hosts allow = 127. 192.168.1. log file = /var/log/samba/log.%m max log size = 1000 security = user passdb backend = tdbsam guest account = nobody map to guest = Bad User wins support = yes dns proxy = no map acl inherit = yes nt acl support = yes load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes create mask = 0770 force security mode = 0770 force create mode = 0770 directory mask = 0770 force directory mode = 0770 [Management] comment = path = /management browsable = yes public = no writable = yes read only = no force group = management valid users = @management -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help pls. -- Samba permission question
Thank you Gary for the help. On 12-12-12 09:45 AM, Gary Dale wrote: If you want the CIFS permissions to be set correctly, use the Samba/CIFS tools to set them (ie. set them from the client. Don't set them using Unix permissions on the server). I don't know if I'm doing it correct. I'm using a bash script to help user mount the CIFS share like this: sudo mount.cifs //fileserver/management/ ${HOME}/fileserver/management -o user=${USER},password=$userPass,uid=$UID,rw,mand Could you give me an example on using Samba/CIFS tools? Your example shows you setting the group to managegroup but your smb.conf forces the group to management. Which is it? my typo. I want make clear so I change the group name to managegroup. The actual group name it the same managment which I think may cause confusion when I post my question. Sorry. Bets Regards. Gao The last line in your server commands I believe should be chmod, not chowm. On 12/12/12 12:21 PM, J Gao wrote: Hi, All, I'm having a problem with my samba server(v3.6.9) setup. I have a share on the server: #cd / #mkdir managment #chown -R root:managegroup management #chowm -R 2770 management When I test this I found out: the managegroup member can create new file/dir with the correct permission: -rwxrws--- or drwxrws--- BUT, when the client copy a file or dir to the share from his local drive, then some file/dir will have different the permission when it coiped to the Samba share. (for example, drwxrwxr-x) We have both Windows and Ubuntu client. Ubuntu client use cifs.mount to access the Samba share. Here is my smb.conf file. Please help me. All I want is when and file and/or dir end up on the samba share, it should have 770 permission. Thanks. Gao my smb.conf: [global] workgroup = WORKGROUP server string = My File Server interfaces = lo bond0 192.168.1.2/24 hosts allow = 127. 192.168.1. log file = /var/log/samba/log.%m max log size = 1000 security = user passdb backend = tdbsam guest account = nobody map to guest = Bad User wins support = yes dns proxy = no map acl inherit = yes nt acl support = yes load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes create mask = 0770 force security mode = 0770 force create mode = 0770 directory mask = 0770 force directory mode = 0770 [Management] comment = path = /management browsable = yes public = no writable = yes read only = no force group = management valid users = @management -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help pls. -- Samba permission question
On 12/12/12 02:07 PM, J Gao wrote: Thank you Gary for the help. On 12-12-12 09:45 AM, Gary Dale wrote: If you want the CIFS permissions to be set correctly, use the Samba/CIFS tools to set them (ie. set them from the client. Don't set them using Unix permissions on the server). I don't know if I'm doing it correct. I'm using a bash script to help user mount the CIFS share like this: sudo mount.cifs //fileserver/management/ ${HOME}/fileserver/management -o user=${USER},password=$userPass,uid=$UID,rw,mand Could you give me an example on using Samba/CIFS tools? That line mounts the share using the credentials you gave it but that doesn't set the permissions. If you right-click on the share's folder, you should be able to set the CIFS permissions. Your example shows you setting the group to managegroup but your smb.conf forces the group to management. Which is it? my typo. I want make clear so I change the group name to managegroup. The actual group name it the same managment which I think may cause confusion when I post my question. Sorry. Bets Regards. Gao So is your user a member of management? Rather than forcing the group to management, you could just add members to the group. Also, when you set the Unix ownership and permissions too tightly, you may prevent Samba from accessing the share properly. Since the share directories and files are to be accessed only through CIFS/Samba, the Unix permissions can and should be very loose. My shares all have Unix permissions with everyone having rwx access. The last line in your server commands I believe should be chmod, not chowm. On 12/12/12 12:21 PM, J Gao wrote: Hi, All, I'm having a problem with my samba server(v3.6.9) setup. I have a share on the server: #cd / #mkdir managment #chown -R root:managegroup management #chowm -R 2770 management When I test this I found out: the managegroup member can create new file/dir with the correct permission: -rwxrws--- or drwxrws--- BUT, when the client copy a file or dir to the share from his local drive, then some file/dir will have different the permission when it coiped to the Samba share. (for example, drwxrwxr-x) We have both Windows and Ubuntu client. Ubuntu client use cifs.mount to access the Samba share. Here is my smb.conf file. Please help me. All I want is when and file and/or dir end up on the samba share, it should have 770 permission. Thanks. Gao my smb.conf: [global] workgroup = WORKGROUP server string = My File Server interfaces = lo bond0 192.168.1.2/24 hosts allow = 127. 192.168.1. log file = /var/log/samba/log.%m max log size = 1000 security = user passdb backend = tdbsam guest account = nobody map to guest = Bad User wins support = yes dns proxy = no map acl inherit = yes nt acl support = yes load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes create mask = 0770 force security mode = 0770 force create mode = 0770 directory mask = 0770 force directory mode = 0770 [Management] comment = path = /management browsable = yes public = no writable = yes read only = no force group = management valid users = @management -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help pls. -- Samba permission question
On 12-12-12 12:52 PM, Gary Dale wrote: On 12/12/12 02:07 PM, J Gao wrote: Thank you Gary for the help. On 12-12-12 09:45 AM, Gary Dale wrote: If you want the CIFS permissions to be set correctly, use the Samba/CIFS tools to set them (ie. set them from the client. Don't set them using Unix permissions on the server). I don't know if I'm doing it correct. I'm using a bash script to help user mount the CIFS share like this: sudo mount.cifs //fileserver/management/ ${HOME}/fileserver/management -o user=${USER},password=$userPass,uid=$UID,rw,mand Could you give me an example on using Samba/CIFS tools? That line mounts the share using the credentials you gave it but that doesn't set the permissions. If you right-click on the share's folder, you should be able to set the CIFS permissions. OK, right-click in natilus works. But how can I set this up by default. I mean once the share mounted, it will set the correct permission to 770 if the user copy files on the share? I read man page for the cifs.mount but I couldn't figure it out myself. Here are more info: 1. The management group has gid=1018 on the server. 2. Once the share mounted on the Ubuntu client, the share's group ID set to numeric 1018. (there isn't a local gid 1018) 3. When copy a file, for example: -rwxr--r-- 1 gao gao14429 Nov 20 09:56 test to the mounted share, the permission appears to be: -rwxrwxr-- 1 gao 1018 14429 Nov 20 09:56 test And I check it on the Samba server: -rwxrwxr-- 1 gao management 14429 Nov 20 09:56 test So the permission changed to 774, not 770. I think somehow it combined the permission here. Just like you said, I can change it to 770 from the right-click. But I prefer to do it automatically. Please help. Thanks a lot. Gao Your example shows you setting the group to managegroup but your smb.conf forces the group to management. Which is it? my typo. I want make clear so I change the group name to managegroup. The actual group name it the same managment which I think may cause confusion when I post my question. Sorry. Bets Regards. Gao So is your user a member of management? Rather than forcing the group to management, you could just add members to the group. Also, when you set the Unix ownership and permissions too tightly, you may prevent Samba from accessing the share properly. Since the share directories and files are to be accessed only through CIFS/Samba, the Unix permissions can and should be very loose. My shares all have Unix permissions with everyone having rwx access. The last line in your server commands I believe should be chmod, not chowm. On 12/12/12 12:21 PM, J Gao wrote: Hi, All, I'm having a problem with my samba server(v3.6.9) setup. I have a share on the server: #cd / #mkdir managment #chown -R root:managegroup management #chowm -R 2770 management When I test this I found out: the managegroup member can create new file/dir with the correct permission: -rwxrws--- or drwxrws--- BUT, when the client copy a file or dir to the share from his local drive, then some file/dir will have different the permission when it coiped to the Samba share. (for example, drwxrwxr-x) We have both Windows and Ubuntu client. Ubuntu client use cifs.mount to access the Samba share. Here is my smb.conf file. Please help me. All I want is when and file and/or dir end up on the samba share, it should have 770 permission. Thanks. Gao my smb.conf: [global] workgroup = WORKGROUP server string = My File Server interfaces = lo bond0 192.168.1.2/24 hosts allow = 127. 192.168.1. log file = /var/log/samba/log.%m max log size = 1000 security = user passdb backend = tdbsam guest account = nobody map to guest = Bad User wins support = yes dns proxy = no map acl inherit = yes nt acl support = yes load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes create mask = 0770 force security mode = 0770 force create mode = 0770 directory mask = 0770 force directory mode = 0770 [Management] comment = path = /management browsable = yes public = no writable = yes read only = no force group = management valid users = @management -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help pls. -- Samba permission question
On 12/12/12 05:18 PM, J Gao wrote: On 12-12-12 12:52 PM, Gary Dale wrote: On 12/12/12 02:07 PM, J Gao wrote: Thank you Gary for the help. On 12-12-12 09:45 AM, Gary Dale wrote: If you want the CIFS permissions to be set correctly, use the Samba/CIFS tools to set them (ie. set them from the client. Don't set them using Unix permissions on the server). I don't know if I'm doing it correct. I'm using a bash script to help user mount the CIFS share like this: sudo mount.cifs //fileserver/management/ ${HOME}/fileserver/management -o user=${USER},password=$userPass,uid=$UID,rw,mand Could you give me an example on using Samba/CIFS tools? That line mounts the share using the credentials you gave it but that doesn't set the permissions. If you right-click on the share's folder, you should be able to set the CIFS permissions. OK, right-click in natilus works. But how can I set this up by default. I mean once the share mounted, it will set the correct permission to 770 if the user copy files on the share? I read man page for the cifs.mount but I couldn't figure it out myself. Here are more info: 1. The management group has gid=1018 on the server. 2. Once the share mounted on the Ubuntu client, the share's group ID set to numeric 1018. (there isn't a local gid 1018) 3. When copy a file, for example: -rwxr--r-- 1 gao gao14429 Nov 20 09:56 test to the mounted share, the permission appears to be: -rwxrwxr-- 1 gao 1018 14429 Nov 20 09:56 test And I check it on the Samba server: -rwxrwxr-- 1 gao management 14429 Nov 20 09:56 test So the permission changed to 774, not 770. I think somehow it combined the permission here. Just like you said, I can change it to 770 from the right-click. But I prefer to do it automatically. Please help. Thanks a lot. Gao If you have the domain created correctly, the Samba database keeps the CIFS permissions. The Unix permissions aren't needed. Keep in mind that the two sets of permissions are distinct. If you set the CIFS permissions they are remembered. Checking the Unix permissions to see what the CIFS permissions are doesn't work. Having a Unix group called management isn't helpful unless it maps to a CIFS group. For example, most Samba users map the CIFS Domain Users to the Unix users. This is in the Samba documentation. The 1018 simply shows that there is no CIFS group recognized for 1018 (don't forget, you are forcing the group - probably not what you really want to do). You really want to set up a CIFS group called management and add CIFS users to it. Samba maps CIFS users to Unix users if the name is the same. Have you tried using SWAT to manage your users and shares? It makes things easier if you don't have a Windows client to work from. Your example shows you setting the group to managegroup but your smb.conf forces the group to management. Which is it? my typo. I want make clear so I change the group name to managegroup. The actual group name it the same managment which I think may cause confusion when I post my question. Sorry. Bets Regards. Gao So is your user a member of management? Rather than forcing the group to management, you could just add members to the group. Also, when you set the Unix ownership and permissions too tightly, you may prevent Samba from accessing the share properly. Since the share directories and files are to be accessed only through CIFS/Samba, the Unix permissions can and should be very loose. My shares all have Unix permissions with everyone having rwx access. The last line in your server commands I believe should be chmod, not chowm. On 12/12/12 12:21 PM, J Gao wrote: Hi, All, I'm having a problem with my samba server(v3.6.9) setup. I have a share on the server: #cd / #mkdir managment #chown -R root:managegroup management #chowm -R 2770 management When I test this I found out: the managegroup member can create new file/dir with the correct permission: -rwxrws--- or drwxrws--- BUT, when the client copy a file or dir to the share from his local drive, then some file/dir will have different the permission when it coiped to the Samba share. (for example, drwxrwxr-x) We have both Windows and Ubuntu client. Ubuntu client use cifs.mount to access the Samba share. Here is my smb.conf file. Please help me. All I want is when and file and/or dir end up on the samba share, it should have 770 permission. Thanks. Gao my smb.conf: [global] workgroup = WORKGROUP server string = My File Server interfaces = lo bond0 192.168.1.2/24 hosts allow = 127. 192.168.1. log file = /var/log/samba/log.%m max log size = 1000 security = user passdb backend = tdbsam guest account = nobody map to guest = Bad User wins support = yes dns proxy = no map acl inherit = yes nt acl support = yes load printers = no
Re: [Samba] Help pls. -- Samba permission question
On 12-12-12 03:02 PM, Gary Dale wrote: On 12/12/12 05:18 PM, J Gao wrote: On 12-12-12 12:52 PM, Gary Dale wrote: On 12/12/12 02:07 PM, J Gao wrote: Thank you Gary for the help. On 12-12-12 09:45 AM, Gary Dale wrote: If you want the CIFS permissions to be set correctly, use the Samba/CIFS tools to set them (ie. set them from the client. Don't set them using Unix permissions on the server). I don't know if I'm doing it correct. I'm using a bash script to help user mount the CIFS share like this: sudo mount.cifs //fileserver/management/ ${HOME}/fileserver/management -o user=${USER},password=$userPass,uid=$UID,rw,mand Could you give me an example on using Samba/CIFS tools? That line mounts the share using the credentials you gave it but that doesn't set the permissions. If you right-click on the share's folder, you should be able to set the CIFS permissions. OK, right-click in natilus works. But how can I set this up by default. I mean once the share mounted, it will set the correct permission to 770 if the user copy files on the share? I read man page for the cifs.mount but I couldn't figure it out myself. Here are more info: 1. The management group has gid=1018 on the server. 2. Once the share mounted on the Ubuntu client, the share's group ID set to numeric 1018. (there isn't a local gid 1018) 3. When copy a file, for example: -rwxr--r-- 1 gao gao14429 Nov 20 09:56 test to the mounted share, the permission appears to be: -rwxrwxr-- 1 gao 1018 14429 Nov 20 09:56 test And I check it on the Samba server: -rwxrwxr-- 1 gao management 14429 Nov 20 09:56 test So the permission changed to 774, not 770. I think somehow it combined the permission here. Just like you said, I can change it to 770 from the right-click. But I prefer to do it automatically. Please help. Thanks a lot. Gao If you have the domain created correctly, the Samba database keeps the CIFS permissions. The Unix permissions aren't needed. Keep in mind that the two sets of permissions are distinct. If you set the CIFS permissions they are remembered. Checking the Unix permissions to see what the CIFS permissions are doesn't work. Having a Unix group called management isn't helpful unless it maps to a CIFS group. For example, most Samba users map the CIFS Domain Users to the Unix users. This is in the Samba documentation. The 1018 simply shows that there is no CIFS group recognized for 1018 (don't forget, you are forcing the group - probably not what you really want to do). You really want to set up a CIFS group called management and add CIFS users to it. Samba maps CIFS users to Unix users if the name is the same. Have you tried using SWAT to manage your users and shares? It makes things easier if you don't have a Windows client to work from. Looks like I need more reading. I googled for CIFS group and got lots oracle/silaris but not much for linux. WHen you say CIFS group, do you mean a local group on the client PC? Also I quickly installed SWAT and I can't find anywhere about CIFS group. Gao Your example shows you setting the group to managegroup but your smb.conf forces the group to management. Which is it? my typo. I want make clear so I change the group name to managegroup. The actual group name it the same managment which I think may cause confusion when I post my question. Sorry. Bets Regards. Gao So is your user a member of management? Rather than forcing the group to management, you could just add members to the group. Also, when you set the Unix ownership and permissions too tightly, you may prevent Samba from accessing the share properly. Since the share directories and files are to be accessed only through CIFS/Samba, the Unix permissions can and should be very loose. My shares all have Unix permissions with everyone having rwx access. The last line in your server commands I believe should be chmod, not chowm. On 12/12/12 12:21 PM, J Gao wrote: Hi, All, I'm having a problem with my samba server(v3.6.9) setup. I have a share on the server: #cd / #mkdir managment #chown -R root:managegroup management #chowm -R 2770 management When I test this I found out: the managegroup member can create new file/dir with the correct permission: -rwxrws--- or drwxrws--- BUT, when the client copy a file or dir to the share from his local drive, then some file/dir will have different the permission when it coiped to the Samba share. (for example, drwxrwxr-x) We have both Windows and Ubuntu client. Ubuntu client use cifs.mount to access the Samba share. Here is my smb.conf file. Please help me. All I want is when and file and/or dir end up on the samba share, it should have 770 permission. Thanks. Gao my smb.conf: [global] workgroup = WORKGROUP server string = My File Server interfaces = lo bond0 192.168.1.2/24 hosts allow = 127. 192.168.1. log file = /var/log/samba/log.%m max
Re: [Samba] Help pls. -- Samba permission question
On 12/12/12 08:01 PM, J Gao wrote: On 12-12-12 03:02 PM, Gary Dale wrote: On 12/12/12 05:18 PM, J Gao wrote: On 12-12-12 12:52 PM, Gary Dale wrote: On 12/12/12 02:07 PM, J Gao wrote: Thank you Gary for the help. On 12-12-12 09:45 AM, Gary Dale wrote: If you want the CIFS permissions to be set correctly, use the Samba/CIFS tools to set them (ie. set them from the client. Don't set them using Unix permissions on the server). I don't know if I'm doing it correct. I'm using a bash script to help user mount the CIFS share like this: sudo mount.cifs //fileserver/management/ ${HOME}/fileserver/management -o user=${USER},password=$userPass,uid=$UID,rw,mand Could you give me an example on using Samba/CIFS tools? That line mounts the share using the credentials you gave it but that doesn't set the permissions. If you right-click on the share's folder, you should be able to set the CIFS permissions. OK, right-click in natilus works. But how can I set this up by default. I mean once the share mounted, it will set the correct permission to 770 if the user copy files on the share? I read man page for the cifs.mount but I couldn't figure it out myself. Here are more info: 1. The management group has gid=1018 on the server. 2. Once the share mounted on the Ubuntu client, the share's group ID set to numeric 1018. (there isn't a local gid 1018) 3. When copy a file, for example: -rwxr--r-- 1 gao gao14429 Nov 20 09:56 test to the mounted share, the permission appears to be: -rwxrwxr-- 1 gao 1018 14429 Nov 20 09:56 test And I check it on the Samba server: -rwxrwxr-- 1 gao management 14429 Nov 20 09:56 test So the permission changed to 774, not 770. I think somehow it combined the permission here. Just like you said, I can change it to 770 from the right-click. But I prefer to do it automatically. Please help. Thanks a lot. Gao If you have the domain created correctly, the Samba database keeps the CIFS permissions. The Unix permissions aren't needed. Keep in mind that the two sets of permissions are distinct. If you set the CIFS permissions they are remembered. Checking the Unix permissions to see what the CIFS permissions are doesn't work. Having a Unix group called management isn't helpful unless it maps to a CIFS group. For example, most Samba users map the CIFS Domain Users to the Unix users. This is in the Samba documentation. The 1018 simply shows that there is no CIFS group recognized for 1018 (don't forget, you are forcing the group - probably not what you really want to do). You really want to set up a CIFS group called management and add CIFS users to it. Samba maps CIFS users to Unix users if the name is the same. Have you tried using SWAT to manage your users and shares? It makes things easier if you don't have a Windows client to work from. Looks like I need more reading. I googled for CIFS group and got lots oracle/silaris but not much for linux. WHen you say CIFS group, do you mean a local group on the client PC? Also I quickly installed SWAT and I can't find anywhere about CIFS group. Gao That's a Windows Domain group in M$ parlance. The group is recognized on the member server because it comes from the Domain. That's why I used the example of Domain Users as a CIFS group, as distinct from the Unix group users. Windows provides graphical tools for managing groups and users on the Domain Controller, but you can also do it from the command line in Linux. Something like net rpc group ADD groupname should work. Once the group is created, you can populate it with users. The essential point is that the Windows Domain model is different from the Unix security model. When you are using Samba, use Samba and the Windows way of handling things. Don't try to use Unix tools. You're not in Unix-land anymore. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] help
Is this samba 3.x Samba 3.x domains and domain controllers function like Windows NT4 domains. They are not like Windows 200x Active Directory servers and domains. The domain name has to be a simple netbios compatible name. A single name not fqdn. I do not believe that . are a valid character. I think the domain name can not exceed 15 or 15 characters. On 11/15/12 14:38, Hanganu Sergiu wrote: hello i m not speaking very well english i m trying to configure samba .i m using debian as O.S. my problem is : i want to configure a local domain as PDC this is a part of a little example /|workgroup = MIDEARTH|/ /|domain logons = Yes|/ /|domain master = Yes|/ /|security = User |/ /|workgroup = MIDEARTH.MILANO|/ /|domain logons = Yes|/ /|domain master = Yes|/ /|security = User|/ my domain will be MIDEARTH This is working, but if i will change in MIDEARH.MILANO ...is not working when i m trying to connect a xp pro client with the domain name MIDEARTH is working but if i change in MIDEARTH.MILANO like fqnd is not working and i don t understand why.. i m trying to find on google same example but i can t find anything like this.. PLEASE HELP ME THANK YOU -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help infomation to build the system as Microsoft Active Directory !
Many of your questions should be answered on www.samba.org and wiki.samba.org Samba4 provides Active Directory functionality. It is free - you don't have to pay for it, but there is the cost of your time. On 07/24/12 08:08, Ha Minh Ai wrote: Dear Mr/Madam, We have wanted to build the system for centralizal management: User account, printer, policy, deploy softwares to client, manage update OS, Single Sign On, I know there have a same system as Micrsoft Active Directory, but we haven't a lot dollars. Please help me to answer some questions as the below: - How is the solution (*OpenLDAP + Samba*) on Ubuntu, RHEL/CentOS or SUSE server ? - How many user can the system support maximum ? - Could i build the system include Primary Domain Controller Server and Additional Domain Controller ? - Does Samba/OpenLDAP has cost-edition for enterprise ? If yes, what is it different from free-edition ? I'm looking forward to supporting from you. Thanks so much Best regards, Aihm -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help with migration
On Mon, 2012-05-07 at 09:25 -0400, Gaiseric Vandal wrote: You may want to set up a test environment. I have not been able to get NTLMv2 working properly. I believe enabling NTLMv2 should still systems to negotiate ver 2 but that didn't happen- at least I was unable to login from a Windows 2003 client with a samba PDC. NTLMv2 uses better encryption for authenticating the users than NTLM v1 but I am not sure if the actual password itself gets store differently in LDAP.I think the same hash mechanism is used to store the password. Correct, the same NT hash is used. Also Samba 3.0, while out of security support, does support NTLMv2. It is up to clients to choose to use NTLMv2 - the server has always supported it. Upgrading from Samba 3.0 should be painless, but of course testing is advised. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help with migration
Hello Alejandro, Probably to check all the details you need to create a build environment, at first. It's the general advice. As for your question, I had samba-3.5 server (upgraded from 3.0.28) which was able to authenticate all windows: from win98 to win7 (domain members). So I think it's possible to do. Actually I cannot recall any problems I had during the upgrade process, except very little ones. I used 'SerNet' samba builds (btw, many thanks to them!) --- wbr, Denis. On Fri, May 4, 2012 at 8:17 PM, Alejandro Iacobelli aiacobe...@khutech.com.ar wrote: Hello to all, my name is Alejandro and I have a little question to anyone of this list. I´ve created ,6 years ago, an ldap+smb proyect for a big company. Back then, samba (Lenny server) only worked with NT hashes but now (Squeeze server) they want to authenticate with Win7 (ntlm2 protocols) And configurating windows7 to accept old NT hashes is not an exit. I want to update ONLY the smb package from samba (2:3.2.5-4lenny15) to samba (2:3.5.6~dfsg-3squeeze8). PD: I'm using an OLD and modified by myself openldap version so i cant touch it. My question is this: Have someone of you did this kind of migration any time? can you give me advices? i need to know if something could go wrong in the relation with openldap. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help with migration
You may want to set up a test environment. I have not been able to get NTLMv2 working properly. I believe enabling NTLMv2 should still systems to negotiate ver 2 but that didn't happen- at least I was unable to login from a Windows 2003 client with a samba PDC. NTLMv2 uses better encryption for authenticating the users than NTLM v1 but I am not sure if the actual password itself gets store differently in LDAP.I think the same hash mechanism is used to store the password. I upgrade from samba 3.0.x to samba 3.4.x. (both with LDAP backend.) I believe some of the issues I found were - the nobody user and nobody group need to be explicitly mapped - some functionality with domain trusts were fixed, others broken - I may have needed to explicitly grant privilegedes to the Domain Administrators group. (But that may have been because I initially mixed up the group mapping for some groups.) At some point joining machines to the domain got a little trickier.I need to make sure that some samba attributes were precreated type: sambaPrimaryGroupSID value:S-1-5-21-XXX-XXX-XXX-515 type: sambaAccountFlags value: [W ] I am not sure if this issue happened with samba 3.4.x or would have happened in 3.1.x, 3.2x or 3.3.x. It may also be a schema checking hiccup on the LDAP server. On 05/07/12 05:54, Denis Fateyev wrote: Hello Alejandro, Probably to check all the details you need to create a build environment, at first. It's the general advice. As for your question, I had samba-3.5 server (upgraded from 3.0.28) which was able to authenticate all windows: from win98 to win7 (domain members). So I think it's possible to do. Actually I cannot recall any problems I had during the upgrade process, except very little ones. I used 'SerNet' samba builds (btw, many thanks to them!) --- wbr, Denis. On Fri, May 4, 2012 at 8:17 PM, Alejandro Iacobelli aiacobe...@khutech.com.ar wrote: Hello to all, my name is Alejandro and I have a little question to anyone of this list. I´ve created ,6 years ago, an ldap+smb proyect for a big company. Back then, samba (Lenny server) only worked with NT hashes but now (Squeeze server) they want to authenticate with Win7 (ntlm2 protocols) And configurating windows7 to accept old NT hashes is not an exit. I want to update ONLY the smb package from samba (2:3.2.5-4lenny15) to samba (2:3.5.6~dfsg-3squeeze8). PD: I'm using an OLD and modified by myself openldap version so i cant touch it. My question is this: Have someone of you did this kind of migration any time? can you give me advices? i need to know if something could go wrong in the relation with openldap. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help Required
On Fri, May 4, 2012 at 6:50 PM, vaibhav srivastava vaibhavcs...@gmail.comwrote: Hi all, Since I want to run Samba without modifying my existing kernel. Please tell me what are the requirements for the same. What are the package list required in kernel before installing samba. thanks in advance. -- Thanks and Regards, Vaibhav Srivastava Email-id: vaibhavcs...@gmail.com -- Thanks and Regards, Vaibhav Srivastava Email-id: vaibhavcs...@gmail.com Mobile no.: 9552543029 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help Required
Have you looked at any of the samba documentation? What OS ? Most linux distros (as well as solaris unix) have a precompiled samba version bundled or available.Normally you don't have to worry about the kernel. On 05/04/12 09:24, vaibhav srivastava wrote: On Fri, May 4, 2012 at 6:50 PM, vaibhav srivastava vaibhavcs...@gmail.comwrote: Hi all, Since I want to run Samba without modifying my existing kernel. Please tell me what are the requirements for the same. What are the package list required in kernel before installing samba. thanks in advance. -- Thanks and Regards, Vaibhav Srivastava Email-id: vaibhavcs...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] help to install samba
Ensure you got the right version and compiler, also, if using a script to install it use the set -x in the script so you can see where it is failing. Suerte, David -Original Message- From: Rocio de los Angeles Ortíz Barrera Sent: Thursday, April 05, 2012 2:09 PM To: sa...@samba.org Cc: samba-techni...@samba.org Subject: help to install samba Hi this is Rocio Ortiz from CONACyT ( Consejo Nacional de Ciencia y Tecnología) My system is HP-UX 11.11 I would to install samba for this system and i just have HP-UX 11.11 (B8725AA_A.02.04.05_HP-UX_B.11.11_32_64.depot) and HP-UX 11.11 (B8725AA_A.02.03.06_HP-UX_B.11.11_32_64.depot) I tried to install thet but after install them, I have error about dependences. somethig like that: * Software selections: B8725AA,r=A.02.04a,a=HP-UX_B.11.11_32/64,v=HP CIFS-Development.CIFS-PRG,r=A.02.04a,a=HP-UX_B.11.11_32/64,v=HP,fr=A.02.04a,fa=HP-UX_B.11.11_32/64 CIFS-Server.CIFS-ADMIN,r=A.02.04a,a=HP-UX_B.11.11_32/64,v=HP,fr=A.02.04a,fa=HP-UX_B.11.11_32/64 CIFS-Server.CIFS-DOC,r=A.02.04a,a=HP-UX_B.11.11_32/64,v=HP,fr=A.02.04a,fa=HP-UX_B.11.11_32/64 CIFS-Server.CIFS-LIB,r=A.02.04a,a=HP-UX_B.11.11_32/64,v=HP,fr=A.02.04a,fa=HP-UX_B.11.11_32/64 CIFS-Server.CIFS-MAN,r=A.02.04a,a=HP-UX_B.11.11_32/64,v=HP,fr=A.02.04a,fa=HP-UX_B.11.11_32/64 CIFS-Server.CIFS-RUN,r=A.02.04a,a=HP-UX_B.11.11_32/64,v=HP,fr=A.02.04a,fa=HP-UX_B.11.11_32/64 CIFS-Server.CIFS-UTIL,r=A.02.04a,a=HP-UX_B.11.11_32/64,v=HP,fr=A.02.04a,fa=HP-UX_B.11.11_32/64 * Beginning Analysis * appsp3:/: 1 check scripts had warnings. * appsp3:/: The software dependencies for 6 products or filesets cannot be resolved. and I dont now why? can you help me?? thanks Regards Rocio Ortiz Barrera Of.Seguridad jr Dirección de Sistemas, Informatica y Telecomunicaciones Consejo Nacional de Ciencia y Tecnología 52 53227700 ext 4005 -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help with smbpasswd file
The testparm -v will let you see which smb.conf file is being used and what the settings are. If the default settings for passwd file and private directory are not to your liking you can specify the in the smb.conf file e.g. # testparm -v | grep -i priv Load smb config files from /etc/samba/smb.conf smb passwd file = /var/lib/samba/private/smbpasswd private dir = /var/lib/samba/private On 03/20/12 14:18, Beau Gauthreaux wrote: Is there a procedure for copying the smbpasswd from an old machine to a new machine (fresh samba build), and have the new machine recognize the old smbpasswd file? Both machines are aix 6.1 and Samba version 3.5.12. I copied all of the .tdb files but that didn't seem to work. The new machine does not seem to know what is in /usr/local/samba/private/smbpasswd. Below is my smb.conf Thanks, bash-4.2# cat smb.conf [global] workgroup = privateworkgroup netbios name = someserver server string = Some Samba Server %v security = user encrypt passwords = yes passdb backend = smbpasswd log file = /LOGS/log.smbd max log size = 20 log level = 2 delete readonly = yes invalid users = root daemon bin sys adm uucp nuucp lpd imnadm ipsec lp snapp inv scout guest account = nobody host msdfs = no max xmit = 65535 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 strict locking = no allocation roundup size = 2097152 use sendfile = true comment = Samba Share path = /export/shares writeable = yes create mask = 0775 directory mask = 0775 security mask = 0770 force security mode = 770 directory security mask = 0770 force directory security mode = 770 force create mode = 0775 force directory mode = 0775 inherit acls = yes [Tshare] #Windows no Unix yes (Execute bit) map archive = no map system = no map hidden = no [Tshares-unix] #Windows no Unix yes (Execute bit) map archive = yes map system = yes map hidden = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help!!!! Gettting samba core dumps
On 16 February 2012 07:53, Rich rhd...@gmail.com wrote: I transferred a Xen vm that was running on centos 5.7 with samba 3.6.3 to a centos 6.2 bare metal server with one E5502 and 16gig of memory. I have been running Centos for 6 years on different servers for 6 years on several different upgrades. This new server has a dual network card in it. I have samba 3.6.3 on it and here is the smb.conf below: [global] [...] socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 [...] Remove the socket options. It won't fix your crashes, though. I am getting the below dumps in my messages log. I have cheked and rechecked my dns. This is the only win server on the network. Anyone has any ideas whatsoever. PLEASE!!! If there's a samba package with debug symbols, installing that might make more sense of the backtrace. Or if you compiled from source, try compiling with debug symbols enabled. -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help!!!! Gettting samba core dumps
On Thu, Feb 16, 2012 at 08:17:31AM +0200, Michael Wood wrote: On 16 February 2012 07:53, Rich rhd...@gmail.com wrote: I transferred a Xen vm that was running on centos 5.7 with samba 3.6.3 to a centos 6.2 bare metal server with one E5502 and 16gig of memory. I have been running Centos for 6 years on different servers for 6 years on several different upgrades. This new server has a dual network card in it. I have samba 3.6.3 on it and here is the smb.conf below: [global] [...] socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 [...] Remove the socket options. It won't fix your crashes, though. I am getting the below dumps in my messages log. I have cheked and rechecked my dns. This is the only win server on the network. Anyone has any ideas whatsoever. PLEASE!!! If there's a samba package with debug symbols, installing that might make more sense of the backtrace. Or if you compiled from source, try compiling with debug symbols enabled. Also, a debug level 10 log leading to that crash would be very helpful. With best regards, Volker Lendecke -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.sernet.de, mailto:kont...@sernet.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help - Mounting a Windows computer with two IP addresses
Hi all, I need to mount a Windows share locally on my laptop. However, I cannot do this via sudo mount -t smbfs //host_name/share_name /local_mount because the host_name has two IP addresses with it as shown by nmblookup //host_name. In Windows network adapter settings, disable netbios over tcp/ip for the address you don't want. If you have a WINS server delete the entry for that IP after disabling it. (That is, I try mounting and I'm given this error: mount error(115): Operation now in progress Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) ) One IP address is a static one which the Windows computer uses to connect to another machine. The other IP address is a DHCP-given IP and is the one I need to connect to. I can mount the share if I use sudo mount -t smbfs //dhcp_ip/share_name /local_mount however, this is problematic for obvious reasons since I need the mount to be permanent (eventually going in fstab). My question is: Is there a way to ignore the static IP address when mounting? Further info: I can connect to the Windows machine using smbclient //host_name/share_name and browse just fine. Also, nautilus can browse the remote file system as well. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help needed to debug Samba problem
On Thu, Sep 29, 2011 at 11:59:41AM -0700, Carl G. Riches wrote: I have a Samba domain that is having problems. We have a new NetApp file server (FAS2040 running NetApp Release 7.3.4) that keeps dropping its connection to the Samba server. We didn't have this problem with an older NetApp box (FAS250 running NetApp Release 6.5.1R1). I can run tcpdump on the Samba server and see traffic going back and forth between the FAS2040 and the Samba server when the filer tries to connect, but don't know enough about the protocol to decipher the traffic. One thought I had was to move the Samba domain to a newer version of Samba (on a newer server) but I don't know if that will really help. The above means that I have two questions: how to decipher the tcpdump info, and how to migrate existing Samba tdb databases to a new server? Thanks in advance for any pointers! What does your setup look like ? How are you trying to export files from what to what ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help! permission denied when accessing folder
Group ownership shows to be studemp, but you are giving share permissions to studempl. Is that a typo, or is that the source of your problem? Dale On 07/11/2011 11:15 AM, Daulton_Theodore wrote: Hi all, Running samba 3.5.5 in a Solaris non-global zone. I have created a folder (StudentJobApplications) on a share which I want to make accessible only to members of a Unix group (studempl). I have added myself to the group but when I or other group members try to access the folder via Windows Explorer I get the following: I:\StudentJobApplications is not accessible Access is denied Here are some of the particulars: The folder: # ls -ld /departments/common/StudentJobApplications drwxrwx--- 2 root studemp2 Jul 11 08:34 /departments/common/StudentJobApplications The group (etc/group): studempl::2018:mylogin,otheruserlogin. The share definition in smb.conf: # -- # shared directory for ALL staff # -- [libshare] comment = Library staff shared directory path= /path browseable = yes writeable = yes create mask = 0777 force create mode = 0777 directory mask = 0777 valid users = +group1 +group2 +group3 +group4 +group 5 +group6 +group7 +group8+group17 +studempl invalid users = +circdesk Note: I am a member of one of the groups defined in valid users above. I have not restarted the samba server but I don't think that would be necessary. Actually I would like to set the permissions on the folder to be -rwxrws--- but just being able to access it would be a start. I would appreciate ang comments or suggestions. Thank you. Daulton Theodore Carleton University Library, Systems Department Vmail: (613) 520-2600, ext. 8352 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help! permission denied when accessing folder
I would guess this is ZFS? I think the problem occurs when samba+zfs interprets unix no rights granted to the world (other) as deny everyone in windows. For example, if you have a with unix perms of 770 - this means on the unix level that the user and group have full permissions, no rights are assigned to other, and therefore if you are the user (owner) or group you have rights, otherwise you don't. The permissions are additive and omitting any permissions for other is not explicitly an access entry. In Samba, this gets interpreted as everyone is denied- and even though windows permissions are generally additive, denies trump allows.The owner of the file can usually go into the advanced windows permissions and clear the deny entries. Root can also reset permissions as follows: chmod -R A- thedirectory chmod -R A=owner@:rwxpdDaARWcCos:allow ?thedirectory chmod -R A+group@:rwxpdDaARWcCos:allow ?thedirectory chmod -R A+someothergroup@:rwxpdDaARWcCos:allow ?thedirectory If you have autofs involved you may want to fix the top level of an autofs directory to allow root to still access it (require for mounting) chmod A+user:nobody:aRc:allow thedirectory ZFS is really great BUT Samba played nicer with UFS.Somewhat ironically, I believe Samba with ZFS tries to more precisely map unix to windows permissions than it did with UFS to Samba. With UFS, some of problem permissions were just ignored in samba. On 07/11/2011 12:15 PM, Daulton_Theodore wrote: Hi all, Running samba 3.5.5 in a Solaris non-global zone. I have created a folder (StudentJobApplications) on a share which I want to make accessible only to members of a Unix group (studempl). I have added myself to the group but when I or other group members try to access the folder via Windows Explorer I get the following: I:\StudentJobApplications is not accessible Access is denied Here are some of the particulars: The folder: # ls -ld /departments/common/StudentJobApplications drwxrwx--- 2 root studemp2 Jul 11 08:34 /departments/common/StudentJobApplications The group (etc/group): studempl::2018:mylogin,otheruserlogin. The share definition in smb.conf: # -- # shared directory for ALL staff # -- [libshare] comment = Library staff shared directory path= /path browseable = yes writeable = yes create mask = 0777 force create mode = 0777 directory mask = 0777 valid users = +group1 +group2 +group3 +group4 +group 5 +group6 +group7 +group8+group17 +studempl invalid users = +circdesk Note: I am a member of one of the groups defined in valid users above. I have not restarted the samba server but I don't think that would be necessary. Actually I would like to set the permissions on the folder to be -rwxrws--- but just being able to access it would be a start. I would appreciate ang comments or suggestions. Thank you. Daulton Theodore Carleton University Library, Systems Department Vmail: (613) 520-2600, ext. 8352 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] help - user password expiration in loop
Hi Dermot, thanks for your reply. here below you have the output, nothing strange to my eyes, but maybe(hopefully) you know more: pdbedit -P bad lockout attempt smbldap_search_domain_info: Searching for:[((objectClass=sambaDomain)(sambaDomainName=XXX))] smbldap_open_connection: connection opened account policy bad lockout attempt description: Lockout users after bad logon attempts (default: 0 = off) account policy bad lockout attempt value is: 0 --- pdbedit -P maximum password age smbldap_search_domain_info: Searching for:[((objectClass=sambaDomain)(sambaDomainName=XXX))] smbldap_open_connection: connection opened account policy maximum password age description: Maximum password age, in seconds (default: -1 = never expire passwords) account policy maximum password age value is: 4294967295 --- pdbedit -P min password length smbldap_search_domain_info: Searching for:[((objectClass=sambaDomain)(sambaDomainName=XXX))] smbldap_open_connection: connection opened account policy min password length description: Minimal password length (default: 5) account policy min password length value is: 5 --- pdbedit -P lockout duration smbldap_search_domain_info: Searching for:[((objectClass=sambaDomain)(sambaDomainName=XXX))] smbldap_open_connection: connection opened account policy lockout duration description: Lockout duration in minutes (default: 30, -1 = forever) account policy lockout duration value is: 30 --- pdbedit -P password history smbldap_search_domain_info: Searching for:[((objectClass=sambaDomain)(sambaDomainName=XXX))] smbldap_open_connection: connection opened account policy password history description: Length of Password History Entries (default: 0 = off) account policy password history value is: 0 pdbedit -P user must logon to change password smbldap_search_domain_info: Searching for:[((objectClass=sambaDomain)(sambaDomainName=XXX))] smbldap_open_connection: connection opened account policy user must logon to change password description: Force Users to logon for password change (default: 0 = off, 2 = on) account policy user must logon to change password value is: 0 - pdbedit -P disconnect time smbldap_search_domain_info: Searching for:[((objectClass=sambaDomain)(sambaDomainName=XXX))] smbldap_open_connection: connection opened account policy disconnect time description: Disconnect Users outside logon hours (default: -1 = off, 0 = on) account policy disconnect time value is: 4294967295 --- pdbedit -P bad lockout attempt smbldap_search_domain_info: Searching for:[((objectClass=sambaDomain)(sambaDomainName=XXX))] smbldap_open_connection: connection opened account policy bad lockout attempt description: Lockout users after bad logon attempts (default: 0 = off) account policy bad lockout attempt value is: 0 -- pdbedit -P minimum password age smbldap_search_domain_info: Searching for:[((objectClass=sambaDomain)(sambaDomainName=XXX))] smbldap_open_connection: connection opened account policy minimum password age description: Minimal password age, in seconds (default: 0 = allow immediate password change) account policy minimum password age value is: 0 --- pdbedit -P reset count minutes smbldap_search_domain_info: Searching for:[((objectClass=sambaDomain)(sambaDomainName=XXX))] smbldap_open_connection: connection opened account policy reset count minutes description: Reset time after lockout in minutes (default: 30) account policy reset count minutes value is: 30 --- then i tried: word age value is: 4294967295 15:38 root@pdc-portavita:~# pdbedit -P maximum password age -C -1 smbldap_search_domain_info: Searching for:[((objectClass=sambaDomain)())] smbldap_open_connection: connection opened account policy maximum password age description: Maximum password age, in seconds (default: -1 = never expire passwords) account policy maximum password age value was: 4294967295 account policy maximum password age value is now: 4294967295 (4294967295 seconds that means 131 years and some days) -- On Mon, 2011-07-04 at 21:21 +0100, Dermot wrote: On 4 July 2011 16:37, Fabio Pardi f.pa...@portavita.eu wrote: nobody to help? I just throwing out ideas here. What is the output from pdbedit -P for all these policies: minimum password age, reset count minutes, disconnect time, user must logon to change password, password history, lockout duration, min password length, maximum password age and bad lockout attempt. Perhaps there are clues there. Dp. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] help - user password expiration in loop
nobody to help? On Fri, 2011-06-24 at 16:56 +0200, Fabio Pardi wrote: Dears, Unfortunately it happened again. Now i see the user has the flags UX, but the system keeps asking for a password change in loop. details about pdbedit -L -v --- Unix username:myuser NT username: myuser Account Flags:[UX ] User SID: S-1-5-21-222803232-3192872370-2452721687-1015 Primary Group SID:S-1-5-21-222803232-3192872370-2452721687-513 Full Name:hers name Home Directory: HomeDir Drive: Logon Script: users/login.bat Profile Path: Domain: mydomain Account desc: Software Developer Workstations: Munged dial: Logon time: 0 Logoff time: never Kickoff time: 0 Password last set:Fri, 24 Jun 2011 16:48:34 CEST Password can change: Fri, 24 Jun 2011 16:48:34 CEST Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FF - On Fri, 2011-06-17 at 16:32 +0200, Fabio Pardi wrote: Thanks a lot Christ, a managed using pdbedit. In facts, many accounts were carrying only the [U], no X (but i clearly remember I changed every user's setting with password never expires from the srvtool graphical tool :s ) Now the only thing i have to do is waiting Thanks a lot for your time, hoping this will permanently do the job. Best Regards Fabio On Thu, 2011-06-16 at 06:52 -0700, Christ Schlacta wrote: use pdbedit or your web-based ldap manager to update the account flags to [UX]. document the previous value before changing the flags. Use smbldap tools to update the expire time. if none of this fixes it, post an ldif if an affected user account, as well as all the info from smbldap-tools about said user. On 6/16/2011 06:39, Fabio Pardi wrote: Hi everybody, I think i need a samba guru to solve this issue, because googling for months did not help and the problem is becoming pressing. I'm facing an annoying problem with samba. In detail, there is something wrong with the password handling. It happens from windows, mac or linux clients. Randomly (probably after $num days), the system asks to the user to change the password. After the user did it, the system keeps asking the same, in a sort of loop. The only option to change it is to manually go on the console and issue the command smbldap-passwd username. My system: ubuntu lucid 32 bit smb.conf cut--- [global] idmap uid = 1000-15000 idmap gid = 1000-15000 workgroup = PORTAVITA netbios name = PSAMBA domain logons = Yes domain master = Yes wins support = true obey pam restrictions = Yes dns proxy = No log level = 2 os level = 35 log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d pam password change = Yes # Allows users on WinXP PCs to change their password when they press Ctrl-Alt-Del unix password sync = no ldap passwd sync = yes passdb backend = ldapsam:ldap://localhost ldap suffix = dc=pdc ldap admin dn = cn=admin,dc=pdc ldap machine suffix = ou=Computers ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap ssl = no add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel %u #those scripts are modified so we can create groups also on the system add group script = /usr/sbin/addgroupldap-system '%g' delete group script = /usr/sbin/delgroupldap-system '%g' add user to group script = /usr/sbin/add-user-to-group-ldap-system '%u' '%g' add user to group script = /usr/sbin/add-user-to-group-ldap-system '%u' '%g' delete user from group script = /usr/sbin/del-user-to-group-ldap-system -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '% u' add machine script = /usr/sbin/smbldap-useradd -w '%u' logon drive = logon home = logon path = logon script = users/login.bat server signing = auto server schannel = Auto nt acl support = yes [homes] comment = Home Directories valid users = %S read only = No browseable = No
Re: [Samba] help - user password expiration in loop
On 4 July 2011 16:37, Fabio Pardi f.pa...@portavita.eu wrote: nobody to help? I just throwing out ideas here. What is the output from pdbedit -P for all these policies: minimum password age, reset count minutes, disconnect time, user must logon to change password, password history, lockout duration, min password length, maximum password age and bad lockout attempt. Perhaps there are clues there. Dp. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] help - user password expiration in loop
Dears, Unfortunately it happened again. Now i see the user has the flags UX, but the system keeps asking for a password change in loop. details about pdbedit -L -v --- Unix username:myuser NT username: myuser Account Flags:[UX ] User SID: S-1-5-21-222803232-3192872370-2452721687-1015 Primary Group SID:S-1-5-21-222803232-3192872370-2452721687-513 Full Name:hers name Home Directory: HomeDir Drive: Logon Script: users/login.bat Profile Path: Domain: mydomain Account desc: Software Developer Workstations: Munged dial: Logon time: 0 Logoff time: never Kickoff time: 0 Password last set:Fri, 24 Jun 2011 16:48:34 CEST Password can change: Fri, 24 Jun 2011 16:48:34 CEST Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FF - On Fri, 2011-06-17 at 16:32 +0200, Fabio Pardi wrote: Thanks a lot Christ, a managed using pdbedit. In facts, many accounts were carrying only the [U], no X (but i clearly remember I changed every user's setting with password never expires from the srvtool graphical tool :s ) Now the only thing i have to do is waiting Thanks a lot for your time, hoping this will permanently do the job. Best Regards Fabio On Thu, 2011-06-16 at 06:52 -0700, Christ Schlacta wrote: use pdbedit or your web-based ldap manager to update the account flags to [UX]. document the previous value before changing the flags. Use smbldap tools to update the expire time. if none of this fixes it, post an ldif if an affected user account, as well as all the info from smbldap-tools about said user. On 6/16/2011 06:39, Fabio Pardi wrote: Hi everybody, I think i need a samba guru to solve this issue, because googling for months did not help and the problem is becoming pressing. I'm facing an annoying problem with samba. In detail, there is something wrong with the password handling. It happens from windows, mac or linux clients. Randomly (probably after $num days), the system asks to the user to change the password. After the user did it, the system keeps asking the same, in a sort of loop. The only option to change it is to manually go on the console and issue the command smbldap-passwd username. My system: ubuntu lucid 32 bit smb.conf cut--- [global] idmap uid = 1000-15000 idmap gid = 1000-15000 workgroup = PORTAVITA netbios name = PSAMBA domain logons = Yes domain master = Yes wins support = true obey pam restrictions = Yes dns proxy = No log level = 2 os level = 35 log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d pam password change = Yes # Allows users on WinXP PCs to change their password when they press Ctrl-Alt-Del unix password sync = no ldap passwd sync = yes passdb backend = ldapsam:ldap://localhost ldap suffix = dc=pdc ldap admin dn = cn=admin,dc=pdc ldap machine suffix = ou=Computers ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap ssl = no add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel %u #those scripts are modified so we can create groups also on the system add group script = /usr/sbin/addgroupldap-system '%g' delete group script = /usr/sbin/delgroupldap-system '%g' add user to group script = /usr/sbin/add-user-to-group-ldap-system '%u' '%g' add user to group script = /usr/sbin/add-user-to-group-ldap-system '%u' '%g' delete user from group script = /usr/sbin/del-user-to-group-ldap-system -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '% u' add machine script = /usr/sbin/smbldap-useradd -w '%u' logon drive = logon home = logon path = logon script = users/login.bat server signing = auto server schannel = Auto nt acl support = yes [homes] comment = Home Directories valid users = %S read only = No browseable = No [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon admin users = root guest ok = Yes browseable = No logon script = login.bat
Re: [Samba] help - user password expiration in loop
Thanks a lot Christ, a managed using pdbedit. In facts, many accounts were carrying only the [U], no X (but i clearly remember I changed every user's setting with password never expires from the srvtool graphical tool :s ) Now the only thing i have to do is waiting Thanks a lot for your time, hoping this will permanently do the job. Best Regards Fabio On Thu, 2011-06-16 at 06:52 -0700, Christ Schlacta wrote: use pdbedit or your web-based ldap manager to update the account flags to [UX]. document the previous value before changing the flags. Use smbldap tools to update the expire time. if none of this fixes it, post an ldif if an affected user account, as well as all the info from smbldap-tools about said user. On 6/16/2011 06:39, Fabio Pardi wrote: Hi everybody, I think i need a samba guru to solve this issue, because googling for months did not help and the problem is becoming pressing. I'm facing an annoying problem with samba. In detail, there is something wrong with the password handling. It happens from windows, mac or linux clients. Randomly (probably after $num days), the system asks to the user to change the password. After the user did it, the system keeps asking the same, in a sort of loop. The only option to change it is to manually go on the console and issue the command smbldap-passwd username. My system: ubuntu lucid 32 bit smb.conf cut--- [global] idmap uid = 1000-15000 idmap gid = 1000-15000 workgroup = PORTAVITA netbios name = PSAMBA domain logons = Yes domain master = Yes wins support = true obey pam restrictions = Yes dns proxy = No log level = 2 os level = 35 log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d pam password change = Yes # Allows users on WinXP PCs to change their password when they press Ctrl-Alt-Del unix password sync = no ldap passwd sync = yes passdb backend = ldapsam:ldap://localhost ldap suffix = dc=pdc ldap admin dn = cn=admin,dc=pdc ldap machine suffix = ou=Computers ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap ssl = no add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel %u #those scripts are modified so we can create groups also on the system add group script = /usr/sbin/addgroupldap-system '%g' delete group script = /usr/sbin/delgroupldap-system '%g' add user to group script = /usr/sbin/add-user-to-group-ldap-system '%u' '%g' add user to group script = /usr/sbin/add-user-to-group-ldap-system '%u' '%g' delete user from group script = /usr/sbin/del-user-to-group-ldap-system -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '% u' add machine script = /usr/sbin/smbldap-useradd -w '%u' logon drive = logon home = logon path = logon script = users/login.bat server signing = auto server schannel = Auto nt acl support = yes [homes] comment = Home Directories valid users = %S read only = No browseable = No [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon admin users = root guest ok = Yes browseable = No logon script = login.bat [Software] comment = Software Folder path = /share/software create mask = 0777 directory mask = 0777 read only = no writable = yes browsable = yes invalid users =guest123 [progr] comment = Prog Folder path = /share/prog create mask = 0777 directory mask = 0777 read only = no writable = yes browsable = yes invalid users =guest123 cut samba version from package is 3.4.7 ldapadd -V ldapadd: @(#) $OpenLDAP: ldapmodify 2.4.21 (Aug 10 2010 17:07:36) $ buildd@rothera:/build/buildd/openldap-2.4.21/debian/build/clients/tools (LDAP library: OpenLDAP 20421) SASL/DIGEST-MD5 authentication started Any help or suggestion is strongly appreciated. Regards, Fabio -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] help - user password expiration in loop
use pdbedit or your web-based ldap manager to update the account flags to [UX]. document the previous value before changing the flags. Use smbldap tools to update the expire time. if none of this fixes it, post an ldif if an affected user account, as well as all the info from smbldap-tools about said user. On 6/16/2011 06:39, Fabio Pardi wrote: Hi everybody, I think i need a samba guru to solve this issue, because googling for months did not help and the problem is becoming pressing. I'm facing an annoying problem with samba. In detail, there is something wrong with the password handling. It happens from windows, mac or linux clients. Randomly (probably after $num days), the system asks to the user to change the password. After the user did it, the system keeps asking the same, in a sort of loop. The only option to change it is to manually go on the console and issue the command smbldap-passwd username. My system: ubuntu lucid 32 bit smb.conf cut--- [global] idmap uid = 1000-15000 idmap gid = 1000-15000 workgroup = PORTAVITA netbios name = PSAMBA domain logons = Yes domain master = Yes wins support = true obey pam restrictions = Yes dns proxy = No log level = 2 os level = 35 log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d pam password change = Yes # Allows users on WinXP PCs to change their password when they press Ctrl-Alt-Del unix password sync = no ldap passwd sync = yes passdb backend = ldapsam:ldap://localhost ldap suffix = dc=pdc ldap admin dn = cn=admin,dc=pdc ldap machine suffix = ou=Computers ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap ssl = no add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel %u #those scripts are modified so we can create groups also on the system add group script = /usr/sbin/addgroupldap-system '%g' delete group script = /usr/sbin/delgroupldap-system '%g' add user to group script = /usr/sbin/add-user-to-group-ldap-system '%u' '%g' add user to group script = /usr/sbin/add-user-to-group-ldap-system '%u' '%g' delete user from group script = /usr/sbin/del-user-to-group-ldap-system -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '% u' add machine script = /usr/sbin/smbldap-useradd -w '%u' logon drive = logon home = logon path = logon script = users/login.bat server signing = auto server schannel = Auto nt acl support = yes [homes] comment = Home Directories valid users = %S read only = No browseable = No [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon admin users = root guest ok = Yes browseable = No logon script = login.bat [Software] comment = Software Folder path = /share/software create mask = 0777 directory mask = 0777 read only = no writable = yes browsable = yes invalid users =guest123 [progr] comment = Prog Folder path = /share/prog create mask = 0777 directory mask = 0777 read only = no writable = yes browsable = yes invalid users =guest123 cut samba version from package is 3.4.7 ldapadd -V ldapadd: @(#) $OpenLDAP: ldapmodify 2.4.21 (Aug 10 2010 17:07:36) $ buildd@rothera:/build/buildd/openldap-2.4.21/debian/build/clients/tools (LDAP library: OpenLDAP 20421) SASL/DIGEST-MD5 authentication started Any help or suggestion is strongly appreciated. Regards, Fabio -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help: issues about hostname nameserver
Hi, ? if you do :? hostname -f?? = hostname in FQDN hostname -d = only domainname. hostname = the hostname itselve. ? if the command hostname gives the FQDN hostname then set the hostname again with hostname -F /etc/hostname in /etc/hostname there should be the FQDN hostname in like hostname.domain.tld it and reboot your server. ? in this example: host.name.domain.tld? the hostname = host name.domain.tld = subdomain.domain.tld ? thats why i say dot in hostname is not RFC compliant. ? you could set the correct domain search first.?? ( adjust to your own domain name. ) /etc/resolv.conf domain subdomain.domain.tld search subdomain.domain.tld? domain.tld ## if running use own?dns first nameserver 127.0.0.1 ## internet DNS servers nameserver iphere nameserver iphere ? if this file changes every reboot, or if you use dhcp client?for your server. look for /etc/dhcp3/dhclient.conf? ( i use debian for you info, so dhclient.conf can be in other directory ) change it like this. supersede domain-name subdomain.domain.tld; supersede domain-search subdomain.domain.tld? domain.tld; prepend domain-name-servers 127.0.0.1; request subnet-mask, broadcast-address, time-offset, routers, ??? domain-name, domain-name-servers, domain-search, host-name, ??? netbios-name-servers, netbios-scope, interface-mtu, ??? rfc3442-classless-static-routes; this correctes the search order in /etc/resolv.conf ? now resolv.conf should be always correct. ? if this is checks, next part. in samba's smb.conf check if these line exists ? name resolve order = wins host lmhosts bcast dns proxy = yes if you use dns, which i think you do, and also? dhcpserver on your server which i guess also. the you should setup dynamic dns. ( its not that hard to set this up.) ? i guess you problem is the dhcpserver/dns setup. ? check all of the above and report back. ? Best regards, ? Louis ? ? Van: tubocurarine [mailto:tubocurar...@163.com] Verzonden: 2011-04-28 03:04 Aan: L.P.H. van Belle Onderwerp: Re:Re: [Samba] Help: issues about hostname nameserver Thanks for your reply. But both the wikipeida (http://en.wikipedia.org/wiki/Hostname) and documents provided by CentOS (http://www.centos.org/docs/5/html/5.2/Deployment_Guide/s2-sysconfig-network.html) point out that they should be? Fully Qualified Domain Name (FQDN), such as hostname.expample.com. And also, that does not make sense for the 2nd case in the previous mail. What's more, I'm interested in how Samba treat the server's hostname. But I failed to search it through the code. Help, please. Thanks. Tubo. At?2011-04-27?18:41:22 L.P.H.?van?Belle?be...@bazuin.nl?wrote: A?dot?in?hostname?is?not?RFC?compliant, so?change?the?servers?hostname.? Louis -Oorspronkelijk?bericht- Van:?tubocurar...@163.com? [mailto:samba-boun...@lists.samba.org]?Namens?tubocurarine Verzonden:?2011-04-27?12:03 Aan:?samba@lists.samba.org Onderwerp:?[Samba]?Help:?issues?about?hostname??nameserver Dear?developers: I'm?using?Samba-3.5.8?on?Linux?(Gentoo,?amd64)?as?a?file? server,?and?using?some?Windows?based?OSes?as?clinet.?And? something?strange?happened?to?me. Things?went?as?follows: 1.?If?there?was?no?dot?(.)?in?the?hostname?of?server,?then? no?matter?whether?the?DNS?server?(in?/etc/resolv.conf)?was?set? correctly?or?not,?everything?went?fine.?Client?can?access? shares?(provided?server)?normally. 2.?If?there?was?dot?in?hostname?of?server,?and?if?the?DNS? Server?was?set?correctly?(or?just?left?as?blank),?server? worked?normally. 3.?If?there?was?dot?in?hostname?of?server,?and?the?DNS?Server? was?set?incorrectly,?all?client?could?not?connect?to?the? server,?with?a?message?indicated?that?the?address?of?server? could?not?be?accessed. My?friend?and?I?payed?some?time?on?it.?We?found?that?in?the? last?situation,?the?Samba?server?may?spend?a?long?time?to?look? up?the?computer?name?(name?of?server?or?client).?But?before? the?look?up?ends,?the?client?would?treat?this?as?a?timeout. I?don't?know?whether?we?are?right?about?this.?And?if?we?were,? why?everything?goes?fine?in?the?2nd?case? Any?information?will?be?appreciated. Best?regards. Tubo 2011-04-27 --? To?unsubscribe?from?this?list?go?to?the?following?URL?and?read?the instructions:??https://lists.samba.org/mailman/options/samba 2G 3 ! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help: issues about hostname nameserver
Hi, Thanks a lot for your detailed and excellent explanation. Everything goes well now. Best regards. Tubo. At 2011-04-28 14:31:46,L.P.H. van Belle be...@bazuin.nl wrote: Hi, if you do : hostname -f = hostname in FQDN hostname -d = only domainname. hostname = the hostname itselve. if the command hostname gives the FQDN hostname then set the hostname again with hostname -F /etc/hostname in /etc/hostname there should be the FQDN hostname inlike hostname.domain.tldit and reboot your server. in this example: host.name.domain.tld the hostname = host name.domain.tld = subdomain.domain.tld thats why i say dot in hostname is not RFC compliant. you could set the correct domain search first. ( adjust to your own domain name. ) /etc/resolv.conf domain subdomain.domain.tld search subdomain.domain.tld domain.tld ## if running use own dns first nameserver 127.0.0.1 ## internet DNS servers nameserver iphere nameserver iphere if this file changes every reboot, or if you use dhcp client for your server. look for /etc/dhcp3/dhclient.conf ( i use debian for you info, so dhclient.conf can be in other directory ) change it like this. supersede domain-name subdomain.domain.tld; supersede domain-search subdomain.domain.tld domain.tld; prepend domain-name-servers 127.0.0.1; request subnet-mask, broadcast-address, time-offset, routers, domain-name, domain-name-servers, domain-search, host-name, netbios-name-servers, netbios-scope, interface-mtu, rfc3442-classless-static-routes; this correctes the search order in /etc/resolv.conf now resolv.conf should be always correct. if this is checks, next part. in samba's smb.conf check if these line exists name resolve order = wins host lmhosts bcast dns proxy = yes if you use dns, which i think you do, and also dhcpserver on your server which i guess also. the you should setup dynamic dns. ( its not that hard to set this up.) i guess you problem is the dhcpserver/dns setup. check all of the above and report back. Best regards, Louis Van: tubocurarine [mailto:tubocurar...@163.com] Verzonden: 2011-04-28 03:04 Aan: L.P.H. van Belle Onderwerp: Re:Re: [Samba] Help: issues about hostname nameserver Thanks for your reply. But both the wikipeida (http://en.wikipedia.org/wiki/Hostname) and documents provided by CentOS (http://www.centos.org/docs/5/html/5.2/Deployment_Guide/s2-sysconfig-network.html) point out that they should be Fully Qualified Domain Name (FQDN), such ashostname.expample.com. And also, that does not make sense for the 2nd case in the previous mail. What's more, I'm interested in how Samba treat the server's hostname. But I failed to search it through the code. Help, please. Thanks. Tubo. At 2011-04-27 18:41:22,L.P.H. van Belle be...@bazuin.nl wrote: A dot in hostname is not RFC compliant, so change the servers hostname. Louis -Oorspronkelijk bericht- Van: tubocurar...@163.com [mailto:samba-boun...@lists.samba.org] Namens tubocurarine Verzonden: 2011-04-27 12:03 Aan: samba@lists.samba.org Onderwerp: [Samba] Help: issues about hostname nameserver Dear developers: I'm using Samba-3.5.8 on Linux (Gentoo, amd64) as a file server, and using some Windows based OSes as clinet. And something strange happened to me. Things went as follows: 1. If there was no dot (.) in the hostname of server, then no matter whether the DNS server (in /etc/resolv.conf) was set correctly or not, everything went fine. Client can access shares (provided server) normally. 2. If there was dot in hostname of server, and if the DNS Server was set correctly (or just left as blank), server worked normally. 3. If there was dot in hostname of server, and the DNS Server was set incorrectly, all client could not connect to the server, with a message indicated that the address of server could not be accessed. My friend and I payed some time on it. We found that in the last situation, the Samba server may spend a long time to look up the computer name (name of server or client). But before the look up ends, the client would treat this as a timeout. I don't know whether we are right about this. And if we were, why everything goes fine in the 2nd case? Any information will be appreciated. Best regards. Tubo 2011-04-27 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba 体验网易邮箱2G超大附件,轻松发优质大电影、大照片,提速3倍! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help: issues about hostname nameserver
A dot in hostname is not RFC compliant, so change the servers hostname. Louis -Oorspronkelijk bericht- Van: tubocurar...@163.com [mailto:samba-boun...@lists.samba.org] Namens tubocurarine Verzonden: 2011-04-27 12:03 Aan: samba@lists.samba.org Onderwerp: [Samba] Help: issues about hostname nameserver Dear developers: I'm using Samba-3.5.8 on Linux (Gentoo, amd64) as a file server, and using some Windows based OSes as clinet. And something strange happened to me. Things went as follows: 1. If there was no dot (.) in the hostname of server, then no matter whether the DNS server (in /etc/resolv.conf) was set correctly or not, everything went fine. Client can access shares (provided server) normally. 2. If there was dot in hostname of server, and if the DNS Server was set correctly (or just left as blank), server worked normally. 3. If there was dot in hostname of server, and the DNS Server was set incorrectly, all client could not connect to the server, with a message indicated that the address of server could not be accessed. My friend and I payed some time on it. We found that in the last situation, the Samba server may spend a long time to look up the computer name (name of server or client). But before the look up ends, the client would treat this as a timeout. I don't know whether we are right about this. And if we were, why everything goes fine in the 2nd case? Any information will be appreciated. Best regards. Tubo 2011-04-27 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help: issues about hostname nameserver
Thanks for your reply. But both the wikipeida (http://en.wikipedia.org/wiki/Hostname) and documents provided by CentOS (http://www.centos.org/docs/5/html/5.2/Deployment_Guide/s2-sysconfig-network.html) point out that they should be Fully Qualified Domain Name (FQDN), such ashostname.expample.com. And also, that does not make sense for the 2nd case in the previous mail. What's more, I'm interested in how Samba treat the server's hostname. But I failed to search it through the code. Help, please. Thanks. Tubo. At 2011-04-27 18:41:22,L.P.H. van Belle be...@bazuin.nl wrote: A dot in hostname is not RFC compliant, so change the servers hostname. Louis -Oorspronkelijk bericht- Van: tubocurar...@163.com [mailto:samba-boun...@lists.samba.org] Namens tubocurarine Verzonden: 2011-04-27 12:03 Aan: samba@lists.samba.org Onderwerp: [Samba] Help: issues about hostname nameserver Dear developers: I'm using Samba-3.5.8 on Linux (Gentoo, amd64) as a file server, and using some Windows based OSes as clinet. And something strange happened to me. Things went as follows: 1. If there was no dot (.) in the hostname of server, then no matter whether the DNS server (in /etc/resolv.conf) was set correctly or not, everything went fine. Client can access shares (provided server) normally. 2. If there was dot in hostname of server, and if the DNS Server was set correctly (or just left as blank), server worked normally. 3. If there was dot in hostname of server, and the DNS Server was set incorrectly, all client could not connect to the server, with a message indicated that the address of server could not be accessed. My friend and I payed some time on it. We found that in the last situation, the Samba server may spend a long time to look up the computer name (name of server or client). But before the look up ends, the client would treat this as a timeout. I don't know whether we are right about this. And if we were, why everything goes fine in the 2nd case? Any information will be appreciated. Best regards. Tubo 2011-04-27 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help: issues about hostname nameserver
Another interest thing: if we use a Linux client to access the shares from server, it connects successfully in all cases. Don't know why. Thanks again. At 2011-04-28 09:06:59,tubocurarine tubocurar...@163.com wrote: Thanks for your reply. But both the wikipeida (http://en.wikipedia.org/wiki/Hostname) and documents provided by CentOS (http://www.centos.org/docs/5/html/5.2/Deployment_Guide/s2-sysconfig-network.html) point out that they should be Fully Qualified Domain Name (FQDN), such ashostname.expample.com. And also, that does not make sense for the 2nd case in the previous mail. What's more, I'm interested in how Samba treat the server's hostname. But I failed to search it through the code. Help, please. Thanks. Tubo. At 2011-04-27 18:41:22,L.P.H. van Belle be...@bazuin.nl wrote: A dot in hostname is not RFC compliant, so change the servers hostname. Louis -Oorspronkelijk bericht- Van: tubocurar...@163.com [mailto:samba-boun...@lists.samba.org] Namens tubocurarine Verzonden: 2011-04-27 12:03 Aan: samba@lists.samba.org Onderwerp: [Samba] Help: issues about hostname nameserver Dear developers: I'm using Samba-3.5.8 on Linux (Gentoo, amd64) as a file server, and using some Windows based OSes as clinet. And something strange happened to me. Things went as follows: 1. If there was no dot (.) in the hostname of server, then no matter whether the DNS server (in /etc/resolv.conf) was set correctly or not, everything went fine. Client can access shares (provided server) normally. 2. If there was dot in hostname of server, and if the DNS Server was set correctly (or just left as blank), server worked normally. 3. If there was dot in hostname of server, and the DNS Server was set incorrectly, all client could not connect to the server, with a message indicated that the address of server could not be accessed. My friend and I payed some time on it. We found that in the last situation, the Samba server may spend a long time to look up the computer name (name of server or client). But before the look up ends, the client would treat this as a timeout. I don't know whether we are right about this. And if we were, why everything goes fine in the 2nd case? Any information will be appreciated. Best regards. Tubo 2011-04-27 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba 体验网易邮箱2G超大附件,轻松发优质大电影、大照片,提速3倍! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help with ADS authentication and Samba
So can anyone help me find where this cache is stored? I can log in from any machine with a username that previously worked, and is therefore cached somewhere on the samba server. However every other account does not work. Thanks B -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Brian O'Mahony Sent: Friday, March 11, 2011 5:26 PM To: samba Subject: Re: [Samba] Help with ADS authentication and Samba After a bit more investigation it seems my issue on the working server is a bit more complex. If I use any of the three usernames that had previously worked, they work in the login prompt. However if I use any other user, it fails to log in. There is obviously a cache of users somewhere, but I cannot find it. Has anyone an idea where this cache is? Regards B -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Brian O'Mahony Sent: Friday, March 11, 2011 5:05 PM To: 'Geoff Winkless'; samba Subject: Re: [Samba] Help with ADS authentication and Samba Geoff, did you do the steps below? Was there anything else required? B -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Geoff Winkless Sent: Friday, March 11, 2011 4:59 PM To: samba Subject: Re: [Samba] Help with ADS authentication and Samba Well I changed the server name and it resolved my problem, so I'm guessing something was left over from the old install. No idea where though, anyone any clue? On 11 March 2011 16:47, Brian O'Mahony brian.omah...@curamsoftware.com wrote: I only installed this server with Base RHEL5.5 last week, got samba working on Monday with ADS. By today (probably yesterday or wed) it was now popping up the login box. When you change the name, what is entailed? Change the name in RHEL. Change the name in DNS (windows server) Rejoin the ads network using net ads join -U Sounds about it. I ran net ads leave first, then changed samba and /etc/hosts and reran kinit too before rejoining, I dunno if that's required. Thanks for the help so far. Not sure how much help I'm being, it's nice to know I'm not the only one. Did you try the testparm thing? Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. If you are not the intended addressee please contact the sender and dispose of this e-mail. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. If you are not the intended addressee please contact the sender and dispose of this e-mail. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. If you are not the intended addressee please contact the sender and dispose of this e-mail. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help with ADS authentication and Samba
2011/3/11 Brian O'Mahony brian.omah...@curamsoftware.com: Hi there, just recently joined this list as I seem to be having a little trouble that I am hoping someone can help with. I recently installed a RHEL5.5 server and updated samba to samba3-3.4.11-42.el5.x86_64.rpm. I had never set up samba to authenticate with ADS so I read a little bit and dove right in. The server now works fine, so when I browse to \\machinenamefile:///\\machinename no login box pops up, and I see the shares, and every user in the domain can write to them. So far so good. I then try to replicate this on another server and then the problems started. Here is the procedure I followed: I copied smb.conf, krb5.conf over to the new server from the working copy. Edited nsswitch.conf to add winbind to the end of passwd, group and shadow. I then ran kinit admin. This worked. I than ran kdestroy to destroy the token. [root@rhel5u5live ~]# net ads join -U ictadmin Enter ictadmin's password: Using short domain name -- XXX Joined 'RHEL5U5LIVE' to realm 'xxx.com' [root@rhel5u5live ~]# net ads testjoin Join is OK [root@rhel5u5live ~]# wbinfo -u | grep brian.om XXX/brian.omahony So it seems to be able to look up users etc on the Domain controller. How ever when I browse to \\machinenamefile:///\\machinename a login box pops up. I *know* I must have forgotten something, but cant figure out what. Welcome to my world. I have exactly the same issue - one server works fine, the other doesn't, even though all the wb tests seem to be fine. Is it an XP client, by any chance? I've narrowed it down to a kerberos issue, I believe. If you run net use \\servername\share /user:XXX/brian.omahony does it work correctly without asking for a password? This seems to be NTLM vs Kerberos auth, but I can't get any further than that. One thing to check, make sure that you have FQDN entries in the server's /etc/hosts (or as reverse entries in DNS) for your dc and the server itself. ie when you do dig -x 192.168.6.10 (the ip address of the server, obviously) from the server, do you get the full domain name or just the hostname? Various pages suggest that might be the cause of the problem, although it doesn't help me. Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help with ADS authentication and Samba
It is XP. When I ran net use \\rhel5u5\tmp /USER:DOMAIN\brian.omahony I get: The password or user name is invalid for \\rhel5u5live\tmp. Enter the password for 'ITDESIGN2\brian.omahony' to connect to 'rhel5u5live': System error 1326 has occurred. Logon failure: unknown user name or bad password. Obviously I entered my windows password when I was prompted. The working server does NOT have entries in the hosts file, and this server DOES. However both can dig the DC successfully. Here is the machine log: [root@rhel5u5live samba]# cat log.soundwave [2011/03/11 13:25:31, 6] param/loadparm.c:7028(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf - /etc/samba/smb.conf last mod_time: Fri Mar 11 13:21:32 2011 [2011/03/11 13:25:31, 5] smbd/reply.c:503(reply_special) init msg_type=0x81 msg_flags=0x0 [2011/03/11 13:25:31, 5] lib/util_sock.c:528(read_fd_with_timeout) read_fd_with_timeout: blocking read. EOF from client. [2011/03/11 13:25:31, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/03/11 13:25:31, 5] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2011/03/11 13:25:31, 5] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/03/11 13:25:31, 5] smbd/uid.c:368(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2011/03/11 13:25:31, 3] smbd/connection.c:31(yield_connection) Yielding connection to [2011/03/11 13:25:31, 3] smbd/connection.c:42(yield_connection) deleting connection record returned NT_STATUS_NOT_FOUND [2011/03/11 13:25:31, 3] smbd/server.c:845(exit_server_common) Server exit (failed to receive smb request) -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Geoff Winkless Sent: Friday, March 11, 2011 11:49 AM To: samba Subject: Re: [Samba] Help with ADS authentication and Samba 2011/3/11 Brian O'Mahony brian.omah...@curamsoftware.com: Hi there, just recently joined this list as I seem to be having a little trouble that I am hoping someone can help with. I recently installed a RHEL5.5 server and updated samba to samba3-3.4.11-42.el5.x86_64.rpm. I had never set up samba to authenticate with ADS so I read a little bit and dove right in. The server now works fine, so when I browse to \\machinenamefile:///\\machinename no login box pops up, and I see the shares, and every user in the domain can write to them. So far so good. I then try to replicate this on another server and then the problems started. Here is the procedure I followed: I copied smb.conf, krb5.conf over to the new server from the working copy. Edited nsswitch.conf to add winbind to the end of passwd, group and shadow. I then ran kinit admin. This worked. I than ran kdestroy to destroy the token. [root@rhel5u5live ~]# net ads join -U ictadmin Enter ictadmin's password: Using short domain name -- XXX Joined 'RHEL5U5LIVE' to realm 'xxx.com' [root@rhel5u5live ~]# net ads testjoin Join is OK [root@rhel5u5live ~]# wbinfo -u | grep brian.om XXX/brian.omahony So it seems to be able to look up users etc on the Domain controller. How ever when I browse to \\machinenamefile:///\\machinename a login box pops up. I *know* I must have forgotten something, but cant figure out what. Welcome to my world. I have exactly the same issue - one server works fine, the other doesn't, even though all the wb tests seem to be fine. Is it an XP client, by any chance? I've narrowed it down to a kerberos issue, I believe. If you run net use \\servername\share /user:XXX/brian.omahony does it work correctly without asking for a password? This seems to be NTLM vs Kerberos auth, but I can't get any further than that. One thing to check, make sure that you have FQDN entries in the server's /etc/hosts (or as reverse entries in DNS) for your dc and the server itself. ie when you do dig -x 192.168.6.10 (the ip address of the server, obviously) from the server, do you get the full domain name or just the hostname? Various pages suggest that might be the cause of the problem, although it doesn't help me. Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. If you are not the intended addressee please contact the sender and dispose of this e-mail. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help with ADS authentication and Samba
On 11 March 2011 13:27, Brian O'Mahony brian.omah...@curamsoftware.com wrote: When I ran net use \\rhel5u5\tmp /USER:DOMAIN\brian.omahony I get: The password or user name is invalid for \\rhel5u5live\tmp. Not the same problem I have then. Shame. I can force the domain and it works. The working server does NOT have entries in the hosts file, and this server DOES. However both can dig the DC successfully. Apologies, I meant dig -x rhel5u5's IP, not that of the DC. dig should return the FQDN, not just rhel5u5. Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help with ADS authentication and Samba
When I dig the RHEL server, it actually returns the DC: 160.16.172.in-addr.arpa. 3600 IN SOA animal.XXX.com. hostmaster.XXX.com. 77337 900 600 86400 3600 The system that is working returns its correct name (ccdubrep.XXX.com) I added the server to the windows DNS table, and the dig now shows correctly. However it is still popping up a login box. -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Geoff Winkless Sent: Friday, March 11, 2011 3:34 PM To: samba Subject: Re: [Samba] Help with ADS authentication and Samba On 11 March 2011 13:27, Brian O'Mahony brian.omah...@curamsoftware.com wrote: When I ran net use \\rhel5u5\tmp /USER:DOMAIN\brian.omahony I get: The password or user name is invalid for \\rhel5u5live\tmp. Not the same problem I have then. Shame. I can force the domain and it works. The working server does NOT have entries in the hosts file, and this server DOES. However both can dig the DC successfully. Apologies, I meant dig -x rhel5u5's IP, not that of the DC. dig should return the FQDN, not just rhel5u5. Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. If you are not the intended addressee please contact the sender and dispose of this e-mail. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help with ADS authentication and Samba
Turns out something else has gone wrong on me. The system that previously worked without a login box, now requires it. I didn't notice this as my machine obviously is cahed. If I put my credentials in (DOMAIN\user and password), it logs in. Still need to fix that The system that has the same confirguration, pops the login box, but I cannot log in using the same credentials. This is starting to boggle me. I don't know why all of a sudden, the first machine is throwing up a login box, and secondly why the second one wont authenticate. B -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Brian O'Mahony Sent: Friday, March 11, 2011 4:02 PM To: samba Subject: Re: [Samba] Help with ADS authentication and Samba When I dig the RHEL server, it actually returns the DC: 160.16.172.in-addr.arpa. 3600 IN SOA animal.XXX.com. hostmaster.XXX.com. 77337 900 600 86400 3600 The system that is working returns its correct name (ccdubrep.XXX.com) I added the server to the windows DNS table, and the dig now shows correctly. However it is still popping up a login box. -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Geoff Winkless Sent: Friday, March 11, 2011 3:34 PM To: samba Subject: Re: [Samba] Help with ADS authentication and Samba On 11 March 2011 13:27, Brian O'Mahony brian.omah...@curamsoftware.com wrote: When I ran net use \\rhel5u5\tmp /USER:DOMAIN\brian.omahony I get: The password or user name is invalid for \\rhel5u5live\tmp. Not the same problem I have then. Shame. I can force the domain and it works. The working server does NOT have entries in the hosts file, and this server DOES. However both can dig the DC successfully. Apologies, I meant dig -x rhel5u5's IP, not that of the DC. dig should return the FQDN, not just rhel5u5. Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. If you are not the intended addressee please contact the sender and dispose of this e-mail. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. If you are not the intended addressee please contact the sender and dispose of this e-mail. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help with ADS authentication and Samba
On 11 March 2011 16:02, Brian O'Mahony brian.omah...@curamsoftware.com wrote: When I dig the RHEL server, it actually returns the DC: 160.16.172.in-addr.arpa. 3600 IN SOA animal.XXX.com. hostmaster.XXX.com. 77337 900 600 86400 3600 The system that is working returns its correct name (ccdubrep.XXX.com) I added the server to the windows DNS table, and the dig now shows correctly. However it is still popping up a login box. Even after restarting both smb and winbind? Then I dunno. I'm beginning to feel like the ADS stuff is a bit like a black art - did you remember to sacrifice a goat and turn three times widdershins before you started? Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help with ADS authentication and Samba
Restarted services. Restarted servers. Recopied smb and krb5 conf files to the server that is not working. I have increased log level to 9 to see what is going on. Black are is right. The fact that one system was working without the login prompt and now doesn't is starting to fry my brains. Especially on a Friday B -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Geoff Winkless Sent: Friday, March 11, 2011 4:22 PM To: samba Subject: Re: [Samba] Help with ADS authentication and Samba On 11 March 2011 16:02, Brian O'Mahony brian.omah...@curamsoftware.com wrote: When I dig the RHEL server, it actually returns the DC: 160.16.172.in-addr.arpa. 3600 IN SOA animal.XXX.com. hostmaster.XXX.com. 77337 900 600 86400 3600 The system that is working returns its correct name (ccdubrep.XXX.com) I added the server to the windows DNS table, and the dig now shows correctly. However it is still popping up a login box. Even after restarting both smb and winbind? Then I dunno. I'm beginning to feel like the ADS stuff is a bit like a black art - did you remember to sacrifice a goat and turn three times widdershins before you started? Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. If you are not the intended addressee please contact the sender and dispose of this e-mail. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help with ADS authentication and Samba
On 11 March 2011 16:06, Brian O'Mahony brian.omah...@curamsoftware.com wrote: Turns out something else has gone wrong on me. The system that previously worked without a login box, now requires it. I didn't notice this as my machine obviously is cahed. If I put my credentials in (DOMAIN\user and password), it logs in. Still need to fix that That sounds more like my problem. If you do the net use command specifying the domain\user does it still ask for password or does it go with it from there? The system that has the same confirguration, pops the login box, but I cannot log in using the same credentials. Are they running the same samba version? Have you run a diff on the output from testparm -v on both boxes? What does wbinfo -k DOMAIN\\brian.omahoney return? (or DOMAIN+brian.omahoney if you're using + as a winbind separator) G -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help with ADS authentication and Samba
Yep that works. Looks like I have the same issue as you on one server, and the other is just hosed. Did yours ever work? Mine worked on Wednesday before I tried to figure out why the second one didn't work, and broke the original in the process. Arg. B -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Geoff Winkless Sent: Friday, March 11, 2011 4:28 PM To: samba Subject: Re: [Samba] Help with ADS authentication and Samba On 11 March 2011 16:06, Brian O'Mahony brian.omah...@curamsoftware.com wrote: Turns out something else has gone wrong on me. The system that previously worked without a login box, now requires it. I didn't notice this as my machine obviously is cahed. If I put my credentials in (DOMAIN\user and password), it logs in. Still need to fix that That sounds more like my problem. If you do the net use command specifying the domain\user does it still ask for password or does it go with it from there? The system that has the same confirguration, pops the login box, but I cannot log in using the same credentials. Are they running the same samba version? Have you run a diff on the output from testparm -v on both boxes? What does wbinfo -k DOMAIN\\brian.omahoney return? (or DOMAIN+brian.omahoney if you're using + as a winbind separator) G -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. If you are not the intended addressee please contact the sender and dispose of this e-mail. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help with ADS authentication and Samba
On 11 March 2011 16:33, Brian O'Mahony brian.omah...@curamsoftware.com wrote: Yep that works. Looks like I have the same issue as you on one server, and the other is just hosed. Did yours ever work? Mine worked on Wednesday before I tried to figure out why the second one didn't work, and broke the original in the process. Mine used to work with identical config before I upgraded it from Redhat 9. I have a feeling it's related to that - perhaps there's a cache of some sort somewhere that remembers the IP/domain name and doesn't like the fact that something about the server (the SID?) has changed. I reset the netbios cache on the XP client but it made no difference. I might try changing the server name and see if it helps. I have no idea where to start looking, unfortunately, so it makes it a bit like looking for a needle in a haystack at midnight. Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help with ADS authentication and Samba
I only installed this server with Base RHEL5.5 last week, got samba working on Monday with ADS. By today (probably yesterday or wed) it was now popping up the login box. When you change the name, what is entailed? Change the name in RHEL. Change the name in DNS (windows server) Rejoin the ads network using net ads join -U Anything else? Thanks for the help so far. B -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Geoff Winkless Sent: Friday, March 11, 2011 4:40 PM To: samba Subject: Re: [Samba] Help with ADS authentication and Samba On 11 March 2011 16:33, Brian O'Mahony brian.omah...@curamsoftware.com wrote: Yep that works. Looks like I have the same issue as you on one server, and the other is just hosed. Did yours ever work? Mine worked on Wednesday before I tried to figure out why the second one didn't work, and broke the original in the process. Mine used to work with identical config before I upgraded it from Redhat 9. I have a feeling it's related to that - perhaps there's a cache of some sort somewhere that remembers the IP/domain name and doesn't like the fact that something about the server (the SID?) has changed. I reset the netbios cache on the XP client but it made no difference. I might try changing the server name and see if it helps. I have no idea where to start looking, unfortunately, so it makes it a bit like looking for a needle in a haystack at midnight. Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. If you are not the intended addressee please contact the sender and dispose of this e-mail. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help with ADS authentication and Samba
Well I changed the server name and it resolved my problem, so I'm guessing something was left over from the old install. No idea where though, anyone any clue? On 11 March 2011 16:47, Brian O'Mahony brian.omah...@curamsoftware.com wrote: I only installed this server with Base RHEL5.5 last week, got samba working on Monday with ADS. By today (probably yesterday or wed) it was now popping up the login box. When you change the name, what is entailed? Change the name in RHEL. Change the name in DNS (windows server) Rejoin the ads network using net ads join -U Sounds about it. I ran net ads leave first, then changed samba and /etc/hosts and reran kinit too before rejoining, I dunno if that's required. Thanks for the help so far. Not sure how much help I'm being, it's nice to know I'm not the only one. Did you try the testparm thing? Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help with ADS authentication and Samba
Geoff, did you do the steps below? Was there anything else required? B -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Geoff Winkless Sent: Friday, March 11, 2011 4:59 PM To: samba Subject: Re: [Samba] Help with ADS authentication and Samba Well I changed the server name and it resolved my problem, so I'm guessing something was left over from the old install. No idea where though, anyone any clue? On 11 March 2011 16:47, Brian O'Mahony brian.omah...@curamsoftware.com wrote: I only installed this server with Base RHEL5.5 last week, got samba working on Monday with ADS. By today (probably yesterday or wed) it was now popping up the login box. When you change the name, what is entailed? Change the name in RHEL. Change the name in DNS (windows server) Rejoin the ads network using net ads join -U Sounds about it. I ran net ads leave first, then changed samba and /etc/hosts and reran kinit too before rejoining, I dunno if that's required. Thanks for the help so far. Not sure how much help I'm being, it's nice to know I'm not the only one. Did you try the testparm thing? Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. If you are not the intended addressee please contact the sender and dispose of this e-mail. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help with ADS authentication and Samba
After a bit more investigation it seems my issue on the working server is a bit more complex. If I use any of the three usernames that had previously worked, they work in the login prompt. However if I use any other user, it fails to log in. There is obviously a cache of users somewhere, but I cannot find it. Has anyone an idea where this cache is? Regards B -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Brian O'Mahony Sent: Friday, March 11, 2011 5:05 PM To: 'Geoff Winkless'; samba Subject: Re: [Samba] Help with ADS authentication and Samba Geoff, did you do the steps below? Was there anything else required? B -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Geoff Winkless Sent: Friday, March 11, 2011 4:59 PM To: samba Subject: Re: [Samba] Help with ADS authentication and Samba Well I changed the server name and it resolved my problem, so I'm guessing something was left over from the old install. No idea where though, anyone any clue? On 11 March 2011 16:47, Brian O'Mahony brian.omah...@curamsoftware.com wrote: I only installed this server with Base RHEL5.5 last week, got samba working on Monday with ADS. By today (probably yesterday or wed) it was now popping up the login box. When you change the name, what is entailed? Change the name in RHEL. Change the name in DNS (windows server) Rejoin the ads network using net ads join -U Sounds about it. I ran net ads leave first, then changed samba and /etc/hosts and reran kinit too before rejoining, I dunno if that's required. Thanks for the help so far. Not sure how much help I'm being, it's nice to know I'm not the only one. Did you try the testparm thing? Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. If you are not the intended addressee please contact the sender and dispose of this e-mail. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. If you are not the intended addressee please contact the sender and dispose of this e-mail. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help / Suggestions on how to migrate to AD from smbpasswd
On Fri, Mar 04, 2011 at 07:11:22PM -0800, David Broome wrote: I have an older standalone Samba 3.0.14 system (security = user) with local users and local home directories and shares. This uses another 'legacy' system for adding linux users accounts. I then use the pam plug-in pam_smbpass pam_smbpass.so migrate to create a smbpasswd entry for users. The UID's up to 8765 are currently in use ie: etc/passwd: noni:x:8765:4251::/home/noni:/bin/bash etc/samba/smbpasswd: noni:8765:bla:bla:[U ]:LCT-4D2B7B16: I hope to have the new system Samba 3.5.4 that I am migrating to use AD (security = ads) for samba and ssh via PAM. Will I be able to do this? Look at net idmap dump / net idmap restore. Volker -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help needed with Windows7 roaming files.
With outlook working you need to redirect your users pst and you need to set up a prf-file for each user. Ex: ;Automatically generated PRF file from the Microsoft Office Customization and Installation Wizard ; ** ; Section 1 - Profile Defaults ; ** [General] Custom=1 ProfileName=test DefaultProfile=Yes OverwriteProfile=Yes ModifyDefaultProfileIfPresent=FALSE ;DefaultStore=Service1 ; ** ; Section 2 - Services in Profile ; ** [Service List] Service1=Personal Folders Service2=Outlook Address Book Service3=Personal Address Book ;*** ; Section 3 - List of internet accounts ;*** [Internet Account List] Account1=IMAP_I_Mail ;*** ; Section 4 - Default values for each service. ;*** [Service1] UniqueService=No Name=Mein persönlicher Ordner PathToPersonalFolders=\\tuepropdc\%USERNAME%\outlook\%USERNAME%.pst --the psts EncryptionType=0x8000 [Service2] [Service3] NameOfPAB=Persönliches Adress Buch Path=\\tuepropdc\%USERNAME%\outlook\%USERNAME%.pab ShowNamesBy=0 .. But you are running exchange. Why do you need another imap and smtp? --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Dennis M Gesendet: Montag, 21. Februar 2011 05:45 An: samba@lists.samba.org Betreff: Re: [Samba] Help needed with Windows7 roaming files. Hi Guys, I've had a check again, looks like roaming profile is already running (sorry about being misleading), strange though no local profile is created (this can be found out when i log in as local admin and go to the User Profile tab in computer properties), and outlook still complains about the data file cannot be accessed and not sending email (we have two email accounts in outlook, the exchange one is fine, only imap/smtp account is not sending. ) on Windows XP before the upgrade everything was fine, just wondering if there's anyone managed to get outlook working with windows7 roaming profile. .profile.V2 looks fine on the server. it was auto-generated by windows7. Thanks again. On Mon, Feb 21, 2011 at 12:30 AM, mr...@freemail.hu mr...@freemail.huwrote: Hi Dennis! Windows 7 uses the same share for roaming profiles as Windows XP, but a different directory. (so, you don't need the profiles.v2 share) The profile directories for Win7 ends with .v2. Try to create a directory with the following name: \\server1\user1\.profile.v2. Perhaps it helps, If doesn't, then here is my config which worked for me: smb.conf: [global] ... logon path = \\smbserver\profiles\%U ... [profiles] path = /opt/samba/profiles writeable = yes browseable = yes read only = no hide unreadable = yes directory mask = 0770 force directory mode = 2770 create mask = 0660 In the profiles share I made two directories for the two profiles: john john.v2 Best regards, mredd -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help needed with Windows7 roaming files.
Thanks Daniel, The legacy IMap (postfix and courier) server exists for historic reasons, we have plans to merge it with the Exchange server sometime this year. until then we will still need to live with it. Can you give more details as in how to activate the prf file for each user? if i understand correctly, this will place the .prf file in the network share, i heard it's not supported by MS prone to errors. Thanks heaps for the great help! On Mon, Feb 21, 2011 at 6:35 PM, Daniel Müller muel...@tropenklinik.dewrote: With outlook working you need to redirect your users pst and you need to set up a prf-file for each user. Ex: ;Automatically generated PRF file from the Microsoft Office Customization and Installation Wizard ; ** ; Section 1 - Profile Defaults ; ** [General] Custom=1 ProfileName=test DefaultProfile=Yes OverwriteProfile=Yes ModifyDefaultProfileIfPresent=FALSE ;DefaultStore=Service1 ; ** ; Section 2 - Services in Profile ; ** [Service List] Service1=Personal Folders Service2=Outlook Address Book Service3=Personal Address Book ;*** ; Section 3 - List of internet accounts ;*** [Internet Account List] Account1=IMAP_I_Mail ;*** ; Section 4 - Default values for each service. ;*** [Service1] UniqueService=No Name=Mein persönlicher Ordner PathToPersonalFolders=\\tuepropdc\%USERNAME%\outlook\%USERNAME%.pst --the psts EncryptionType=0x8000 [Service2] [Service3] NameOfPAB=Persönliches Adress Buch Path=\\tuepropdc\%USERNAME%\outlook\%USERNAME%.pab ShowNamesBy=0 .. But you are running exchange. Why do you need another imap and smtp? --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Dennis M Gesendet: Montag, 21. Februar 2011 05:45 An: samba@lists.samba.org Betreff: Re: [Samba] Help needed with Windows7 roaming files. Hi Guys, I've had a check again, looks like roaming profile is already running (sorry about being misleading), strange though no local profile is created (this can be found out when i log in as local admin and go to the User Profile tab in computer properties), and outlook still complains about the data file cannot be accessed and not sending email (we have two email accounts in outlook, the exchange one is fine, only imap/smtp account is not sending. ) on Windows XP before the upgrade everything was fine, just wondering if there's anyone managed to get outlook working with windows7 roaming profile. .profile.V2 looks fine on the server. it was auto-generated by windows7. Thanks again. On Mon, Feb 21, 2011 at 12:30 AM, mr...@freemail.hu mr...@freemail.huwrote: Hi Dennis! Windows 7 uses the same share for roaming profiles as Windows XP, but a different directory. (so, you don't need the profiles.v2 share) The profile directories for Win7 ends with .v2. Try to create a directory with the following name: \\server1\user1\.profile.v2. Perhaps it helps, If doesn't, then here is my config which worked for me: smb.conf: [global] ... logon path = \\smbserver\profiles\%U ... [profiles] path = /opt/samba/profiles writeable = yes browseable = yes read only = no hide unreadable = yes directory mask = 0770 force directory mode = 2770 create mask = 0660 In the profiles share I made two directories for the two profiles: john john.v2 Best regards, mredd -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help needed with Windows7 roaming files.
Hi Guys, I've had a check again, looks like roaming profile is already running (sorry about being misleading), strange though no local profile is created (this can be found out when i log in as local admin and go to the User Profile tab in computer properties), and outlook still complains about the data file cannot be accessed and not sending email (we have two email accounts in outlook, the exchange one is fine, only imap/smtp account is not sending. ) on Windows XP before the upgrade everything was fine, just wondering if there's anyone managed to get outlook working with windows7 roaming profile. .profile.V2 looks fine on the server. it was auto-generated by windows7. Thanks again. On Mon, Feb 21, 2011 at 12:30 AM, mr...@freemail.hu mr...@freemail.huwrote: Hi Dennis! Windows 7 uses the same share for roaming profiles as Windows XP, but a different directory. (so, you don't need the profiles.v2 share) The profile directories for Win7 ends with .v2. Try to create a directory with the following name: \\server1\user1\.profile.v2. Perhaps it helps, If doesn't, then here is my config which worked for me: smb.conf: [global] ... logon path = \\smbserver\profiles\%U ... [profiles] path = /opt/samba/profiles writeable = yes browseable = yes read only = no hide unreadable = yes directory mask = 0770 force directory mode = 2770 create mask = 0660 In the profiles share I made two directories for the two profiles: john john.v2 Best regards, mredd -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help needed with Windows7 roaming files.
Are you sure it's not a permissions problem? Have the Windows 7 machines been properly added to the domain? Are the user accounts enabled? Sorry, I have no Windows 7 clients to test things on. However, whenever I've had similar problems, it's been an account setup problem, not a Samba configuration issue. On 17/02/11 11:00 PM, Dennis M wrote: Hi all, We've been trying to setup/upgrade a samba PDC (version 3.56) with OpenLDAP as backend and roaming profiles for Windows7 (32bit) Clients. windows7 has no problem with login after applying the reg patches, however, it seems to always load a temporary profile as opposed to roaming one for users, no local profile is created. this has caused Outlook 2010 to function improperly (complains about outlook data cannot be accessed and fail to send any email), if i force profile type to local only in registry then outlook works perfectly, local profile is not an option for us though as a lot of our users change sites/pcs quite often. I've enclosed some related info below; the same config works perfectly with windowsXP clients. Ldap entries (samba related) objectClass: sambaSamAccount sambaSID: S-1-5-21-1209579028-1696229136-1764916649-15754 sambaHomePath: \\server1\user1 sambaProfilePath: \\server1\user1\.profile sambaLogonScript: logon.bat sambaAcctFlags: [UX ] sambaPrimaryGroupSID: S-1-5-21-1209579028-1696229136-1764916649-513 smb.conf [global] logon drive = H: logon home = \\%s\%U [profiles] path = /home browseable = no read only = no profile acls = yes csc policy = disable hide files=/Desktop.ini/Thumbs.db/lost+found store dos attributes = Yes create mask = 0600 directory mask = 0700 [profiles.v2] copy = profiles Any ideas? thanks heaps. Dennis has anybody managed to get Windows 7 (final) to use roaming profiles? Windows 7 is joined to my Samba 3.4.1 domain and always logs me in with a temporary profile. Windows XP works without problems. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help needed with Windows7 roaming files.
Hi all, We've been trying to setup/upgrade a samba PDC (version 3.56) with OpenLDAP as backend and roaming profiles for Windows7 (32bit) Clients. windows7 has no problem with login after applying the reg patches, however, it seems to always load a temporary profile as opposed to roaming one for users, no local profile is created. this has caused Outlook 2010 to function improperly (complains about outlook data cannot be accessed and fail to send any email), if i force profile type to local only in registry then outlook works perfectly, local profile is not an option for us though as a lot of our users change sites/pcs quite often. I've enclosed some related info below; the same config works perfectly with windowsXP clients. Ldap entries (samba related) objectClass: sambaSamAccount sambaSID: S-1-5-21-1209579028-1696229136-1764916649-15754 sambaHomePath: \\server1\user1 sambaProfilePath: \\server1\user1\.profile sambaLogonScript: logon.bat sambaAcctFlags: [UX ] sambaPrimaryGroupSID: S-1-5-21-1209579028-1696229136-1764916649-513 sambaProfilePath: \\oakland\profiles\pcuser description: System User homeDirectory: /home/pcuser sn: pcuser sambaHomePath: \\oakland\open Works fine with XP, Vista and Win7 smb.conf SNIP [Profiles] path=/usr/home/sambashit/Profiles public = yes only guest = no browseable = yes writeable = yes printable = no create mask = 0770 force create mode = 0770 force directory mode = 0770 directory security mask = 0770 level2 oplocks = Yes Security fine grained control using acls set from Administrator account on Windows workstation. smb.conf [global] . logon drive = H: logon home = \\%s\%U [profiles] path = /home browseable = no read only = no profile acls = yes csc policy = disable hide files=/Desktop.ini/Thumbs.db/lost+found store dos attributes = Yes create mask = 0600 directory mask = 0700 [profiles.v2] copy = profiles Any ideas? thanks heaps. Dennis has anybody managed to get Windows 7 (final) to use roaming profiles? Windows 7 is joined to my Samba 3.4.1 domain and always logs me in with a temporary profile. Windows XP works without problems. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] help migrating from file server to NAS w/ Active Directory
Extra info: smbd --version Version 3.0.33-0.19.el4_8.3 Win Server 2003-r2 thx, JD On 2/16/2011 10:49 AM, Jim Dory wrote: hello, I'm having a problem I hope will be easy for someone to explain to me how to fix. I need to migrate from an old server to a new Cisco Smart Storage NAS, which runs some flavor of linux and is Active Directory aware. Using something like Robocopy from the AD server, or rsync or tar from the file server does not preserve user/group identities or directory date stamps (maybe rsync tar preserves the directory date stamps but robocopy doesn't). The owner defaults to the NAS admin and admin group. There also seems to be a problem with the windows security permissions on the directories/files - under Windows Explorer the permissions are listed as special and the admins can't change them. I set up a file server years ago on CentOs using Samba to serve files to Windows clients. Since then we integrated Active Directory and I had a windows whiz fix up my Samba config to use AD authentication. So the server doesn't really have linux users/groups anymore per se. To add a new user I add them via the AD server then map them in the smb.conf file - create manually a home directory for them and chown it to their username. (not sure how that works since there is no linux user by those usernames). Here is an example: [jimd] path = /home/CN/jimd valid users = CN+jimd writeable = Yes create mask = 0777 directory mask = 0777 browseable = no So the AD user is CN+jimd. One the file server though, the username that shows up on any file created by CN+jimd is actually owned by jimd (no CN+). On the NAS, any file I create with that user is owned by CN+jimd. Not sure if that is part of my problem or not. Groups are similar. [Engineering] writeable = Yes path = /home/data/engineering force group = CN+sengineer ; guest ok = Yes browseable = Yes create mask = 0770 directory mask = 0770 valid users = @CN+sengineer So the thought was to somehow map files/shares on the AD server and move them over in that environment, but having troubles mentioned above - preserving directory time stamps and owner IDs. Seems like I'm missing something really simple. The NAS does have samba and automatically writes a smb.conf file, but I don't believe there is a way to manually edit it other than GUI. Let me know if you need more info to help.. appreciate the read! cheers, JD -- Jim Dory Engineering City of Nome PO Box 281 102 Division St. Nome, AK 99762 907.443.6604 http://www.nomealaska.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] help migrating from file server to NAS w/ Active Directory
To boil this down a bit, maybe my problem is that my domain users on the old server are for instance jimd, and on the new NAS they show up as Domain+jimd. Or in this example, CN+jimd. So if I try to move files to the NAS, it doesn't recognize those users (without the prefix CN+) as users. The getent command on the old server has users uids in the 10,000 range. On the NAS, they are in the 30,000 range, even though it got the users from the AD server. So perhaps I need a way to get things to match up? thx, Jim On 2/16/2011 10:49 AM, Jim Dory wrote: hello, I'm having a problem I hope will be easy for someone to explain to me how to fix. I need to migrate from an old server to a new Cisco Smart Storage NAS, which runs some flavor of linux and is Active Directory aware. Using something like Robocopy from the AD server, or rsync or tar from the file server does not preserve user/group identities or directory date stamps (maybe rsync tar preserves the directory date stamps but robocopy doesn't). The owner defaults to the NAS admin and admin group. There also seems to be a problem with the windows security permissions on the directories/files - under Windows Explorer the permissions are listed as special and the admins can't change them. I set up a file server years ago on CentOs using Samba to serve files to Windows clients. Since then we integrated Active Directory and I had a windows whiz fix up my Samba config to use AD authentication. So the server doesn't really have linux users/groups anymore per se. To add a new user I add them via the AD server then map them in the smb.conf file - create manually a home directory for them and chown it to their username. (not sure how that works since there is no linux user by those usernames). Here is an example: [jimd] path = /home/CN/jimd valid users = CN+jimd writeable = Yes create mask = 0777 directory mask = 0777 browseable = no So the AD user is CN+jimd. One the file server though, the username that shows up on any file created by CN+jimd is actually owned by jimd (no CN+). On the NAS, any file I create with that user is owned by CN+jimd. Not sure if that is part of my problem or not. Groups are similar. [Engineering] writeable = Yes path = /home/data/engineering force group = CN+sengineer ; guest ok = Yes browseable = Yes create mask = 0770 directory mask = 0770 valid users = @CN+sengineer So the thought was to somehow map files/shares on the AD server and move them over in that environment, but having troubles mentioned above - preserving directory time stamps and owner IDs. Seems like I'm missing something really simple. The NAS does have samba and automatically writes a smb.conf file, but I don't believe there is a way to manually edit it other than GUI. Let me know if you need more info to help.. appreciate the read! cheers, JD -- Jim Dory Engineering City of Nome PO Box 281 102 Division St. Nome, AK 99762 907.443.6604 http://www.nomealaska.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] help with configuring PAM
Brandon, I used this as my template in Debian: http://www.enterprisenetworkingplanet.com/netos/article.php/10951_3502441_2 From my limited experience with Ubuntu, I seem to remember that they put most of their directives in the common-* files, so you may have to adjust locations. Dale On 01/13/2011 11:10 AM, Brandon Coale wrote: Hello, My company has a Windows file server that I attempting to setup a Samba server as an Active Directory domain member to replace. I have migrated one of the shares to the Samba server but am having some problems. I installed Ubuntu Server 10.04.1 LTS on a new server for the sole purpose of replacing the Windows file server. Our domain controller is running Windows Server 2003 SP2. I have set up smb.conf, the client side of Kerberos, Winbind, name service switch, and PAM according to some documentation I read. I believe the problems may be due to an improper PAM configuration, because one of the issues I have is getting prompted to enter my password more than once when I sudo or sign into the console. Another issue is if I do a useradd command to add a strictly local linux user, then run the passwd command to set a password for the local user, I get prompted to enter a current kerberos password. Would anyone that has replaced a Windows file server in an Active Directory environment be willing to share how they did their PAM configuration? Thanks, Brandon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] HELP: Samba flat file Visual FoxPRO BDD :(
Hi, I have samba 3.5.4 in debian lenny, and visual foxpro 8.0 with dbf's (200+) and 20 workstations and not problem with dbf's, I have oplocks off kernel oplocks = No oplocks = No level2 oplocks = No strict locking = No Cheers From: jourt_flo...@hotmail.com Subject: [Samba] HELP: Samba flat file Visual FoxPRO BDD :( Hello, and Happy News Year from France J Since 4 month I'm trying to configure Samba 3 on an Ubuntu server 10 to replace a W2k server. The client software is used over Windows XP vista and seven. This software use smb for a flat file (.dbf) share for 9 users the new server is more powerful the old one but I think that the Oplocks options are causing high latencies in the request. Ex when I use oplocks high latencies When oplocks are off the file loose data Is it possible that W2k smb is more powerful that samba??? I need your help, Kind regards, Floris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help with Samba4 running logon script
use the ads tool from microsoft to do this stuff. You need more information I made a thread: HOWTO samba4 centos5.5 named dnsupdate drbd simple failover On Wed, 01 Dec 2010 16:41:19 -0500, Mark Sheppard m...@ams.org wrote: Hi! I am currently testing a Samba4 Alpha13 server with Windows Vista SPK2 and I am not able to run logon scripts. I am able to use both profiles and map Home folders without any problems. I do not see any DOS window opening with the script running and I have tested running this as both a user and administrator by hand by just clicking on the script .bat file which runs just fine. Therefore, there appears to be no permissions problem when you run it. I did also try inserting a net use command in the .bat just in case it was really working but I don't see any mapped drive either. Maybe this is a problem with Vista and I need to change a setting there? If you have any suggestions on what to check I would greatly appreciate it. Thanks. Mark Sheppard -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help with Samba4 running logon script
You do in /usr/local/samba/etc/smb.conf [netlogon] path = /usr/local/samba/var/locks/sysvol/yourdomain/scripts read only = no Add a user with the ads tool. You write for each user with the ads tool the logon.bat or whatever would be your logon script. See there: http://technet.microsoft.com/en-us/library/cc779490(WS.10).aspx As admin copy the script to this location in the path of your samba netlogon. Thats it. It should work on the fly. On Thu, 02 Dec 2010 15:48:41 -0500, Mark Sheppard m...@ams.org wrote: Daniel: Thanks for the note! I am currently using the Microsoft ADS tools for trying to set the login script. I can set the parameters in the Samba4 LDAP server but nothing happens with it, profiles and home directories work just fine. I am going to check your web thread and see if I missed something. Anyways, thanks for all the support!! Mark Sheppard -- On 12/2/2010 2:36 PM, Daniel Müller wrote: use the ads tool from microsoft to do this stuff. You need more information I made a thread: HOWTO samba4 centos5.5 named dnsupdate drbd simple failover -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] HELP Documentation for Installation of SAMBA
From: Sameer Chawnekar sameer.chawne...@archpharmalabs.com Can you please provide a step by step guide on installing and configuring SAMBA on AIX 6.1 server. http://tinyurl.com/2egmh99 JD -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] help with AD integration
According to your page getent passwd is showing the domain users. If you try to ssh into your linux machine as ben, with the way nsswitch.conf is configured, it will try to authenticated you as the ben in /etc/passwd not the one in the AD domain. I suggest you try the following comment out ben from /etc/passwd and /etc/shadow. Make sure that the /export/Home/ben directory is owned by the SRE+ben user. See if you can ssh into linux as ben. (I think you can specify ben and not SRE+ben for the ssh user.) Keep an eye on the log files e.g in /var/samba/log or /var/log/samba. You have still not clarified why nsswitch.conf has entries for ldap. On 10/04/2010 05:17 AM, Ben George wrote: please check this link http://bentgeorge.com/samba/ all are mentioned here Thanks Ben.T.George On Thu, Sep 30, 2010 at 10:16 PM, Gaiseric Vandal gaiseric.van...@gmail.com mailto:gaiseric.van...@gmail.com wrote: Hi Please clarify the following - Did you run truss getent passwd command and look for lines with nss_winbind- just in case it is looking for a file with a different version. - Why does nsswitch.conf have ldap references- are you using ldap? You should also look through the samba logs- it may provide some information. On 09/30/2010 12:14 PM, Ben George wrote: yes client has Solaris and a windows xp machine under the AD domain yes i exported the paths to the newly installed /usr/local/samba/lib me using the new packahes and disabled the default packages On Thu, Sep 30, 2010 at 6:16 PM, Gaiseric Vandal gaiseric.van...@gmail.com mailto:gaiseric.van...@gmail.com wrote: So to clarify the customer has a Sun Solaris 10 UNIX machine and a Linux workstation? FOR SOLARIS I had problems with getting nsswitch+winbind working with the samba from sunfreeware- I had to recompile from scratch (major headache.) In hindsight this may not have been necessary for winbind- although I had to recompile anyway for ZFS support. On solaris, you should have a file called /usr/lib/nss_winbind.so.1 - which is the nsswitcher winbind library provided by the samba that sun bundles with solaris 10 (but this is samba 3.0.x and too old to be much use.) In /usr/local/samba/lib - do you see an nss_winbind.so.1 file?How is your PATH and LD_LIBRARY_PATH set- you want to make sure you are using the /usr/local/samba/bin and /usr/local/samba/lib first. If you run truss getent passwd | tee log1.txt you should see it looking for nss_winbind.so.1 - ideally it will look in /usr/local/samba/lib before /usr/lib. If it uses /usr/lib/nss_winbind.so.1 that will probably NOT work. You may want to rename that file just to make sure. On 09/30/2010 10:57 AM, Ben George wrote: Sun Solaris 10 (under SPARC) local users in /etc/passwd samba 3.4.2 from sunfreeware.com http://sunfreeware.com getent passwd */ramana:x:100:1::/export/home/ramana:/bin/sh teju:x:101:1::/export/home/teju:/bin/sh user1:x:102:1::/export/home/user1:/bin/sh ben:x:103:1::/home/ben:/bin/sh /*like this*/ /*/ /Thanks Ben.T.George*/ /* On Thu, Sep 30, 2010 at 5:45 PM, Gaiseric Vandal gaiseric.van...@gmail.com mailto:gaiseric.van...@gmail.com wrote: Then it sounds like you need the AD integration. If the user's also login to the linux workstation directly (or via ssh) then you will need to configure winbind and nsswitch to support unix logins. Why does nsswitch.conf include ldap? Is this the only linux/unix machine? Are local users in ldap or /etc/passwd? What version of samba? What version of linux? Ideally getent passwd woudl show something like ben:*:10001:10001:Ben George:/export/Home/SRE/ben/:bin/tcsh or SRE+ben:*:10001:10001:Ben George:/export/Home/SRE/ben:/bin/bash I don't think you need a huge amount of AD experience to make this work but I think you have to have general understanding of what WIndows domains are about. You should also review the smb.conf man page for the section on idmap_ad. On 09/30/2010 09:24 AM, Ben George wrote: Thanks for your replay.. yes my client told me like this that's Y..and the manager gave that work to newly joined me.. :( i don't have any AD and core unix experience..i have only experience in linux.not much may this project will affect my job.. :( my nsswitch.conf */passwd:
Re: [Samba] help with AD integration
i tried to telnet to sun1(unix) machine..but login failed. i tried benvin user on AD..not ben /var/samba/log [2010/10/04 15:24:06, 6] nsswitch/winbindd.c:(641) accepted socket 23 [2010/10/04 15:24:06, 10] nsswitch/winbindd.c:(326) process_request: request fn INTERFACE_VERSION [2010/10/04 15:24:06, 3] nsswitch/winbindd_misc.c:(491) [ 5806]: request interface version [2010/10/04 15:24:06, 10] nsswitch/winbindd.c:(326) process_request: request fn WINBINDD_PRIV_PIPE_DIR [2010/10/04 15:24:06, 3] nsswitch/winbindd_misc.c:(524) [ 5806]: request location of privileged pipe [2010/10/04 15:24:06, 6] nsswitch/winbindd.c:(641) accepted socket 31 [2010/10/04 15:24:06, 10] nsswitch/winbindd.c:(326) process_request: request fn GETGROUPS [2010/10/04 15:24:06, 3] nsswitch/winbindd_group.c:(1273) [ 5806]: getgroups root [2010/10/04 15:24:06, 5] nsswitch/winbindd_group.c:(1292) Could not parse domain user: root [2010/10/04 15:24:06, 10] lib/events.c:(131) Added timed event async_request_timeout: 2f11e0 [2010/10/04 15:24:06, 10] lib/events.c:(299) timed_events_timeout: 299/06 [2010/10/04 15:24:06, 10] lib/events.c:(66) Destroying timed event 2f11e0 async_request_timeout [2010/10/04 15:24:06, 10] nsswitch/winbindd_cache.c:(2307) Retrieving response for pid 4252 [2010/10/04 15:24:06, 5] nsswitch/winbindd_async.c:(1303) Could not find domain from SID S-1-22-1-0 -- [2010/10/04 15:24:37, 6] nsswitch/winbindd.c:(641) accepted socket 23 [2010/10/04 15:24:37, 10] nsswitch/winbindd.c:(326) process_request: request fn INTERFACE_VERSION [2010/10/04 15:24:37, 3] nsswitch/winbindd_misc.c:(491) [ 5809]: request interface version [2010/10/04 15:24:37, 10] nsswitch/winbindd.c:(326) process_request: request fn WINBINDD_PRIV_PIPE_DIR [2010/10/04 15:24:37, 3] nsswitch/winbindd_misc.c:(524) [ 5809]: request location of privileged pipe [2010/10/04 15:24:37, 6] nsswitch/winbindd.c:(641) accepted socket 31 [2010/10/04 15:24:37, 10] nsswitch/winbindd.c:(326) process_request: request fn GETPWNAM [2010/10/04 15:24:37, 3] nsswitch/winbindd_user.c:(346) [ 5809]: getpwnam benvin [2010/10/04 15:24:37, 5] nsswitch/winbindd_user.c:(353) Could not parse domain user: benvin [2010/10/04 15:24:37, 10] nsswitch/winbindd.c:(326) process_request: request fn GETPWNAM [2010/10/04 15:24:37, 3] nsswitch/winbindd_user.c:(346) [ 5809]: getpwnam benvin [2010/10/04 15:24:37, 5] nsswitch/winbindd_user.c:(353) Could not parse domain user: benvin [2010/10/04 15:24:37, 10] nsswitch/winbindd.c:(326) process_request: request fn GETPWNAM [2010/10/04 15:24:37, 3] nsswitch/winbindd_user.c:(346) [ 5809]: getpwnam benvin [2010/10/04 15:24:37, 5] nsswitch/winbindd_user.c:(353) Could not parse domain user: benvin i didn't understand anything from this log On Mon, Oct 4, 2010 at 4:11 PM, Gaiseric Vandal gaiseric.van...@gmail.comwrote: According to your page getent passwd is showing the domain users. If you try to ssh into your linux machine as ben, with the way nsswitch.conf is configured, it will try to authenticated you as the ben in /etc/passwd not the one in the AD domain. I suggest you try the following comment out ben from /etc/passwd and /etc/shadow. Make sure that the /export/Home/ben directory is owned by the SRE+ben user. See if you can ssh into linux as ben. (I think you can specify ben and not SRE+ben for the ssh user.) Keep an eye on the log files e.g in /var/samba/log or /var/log/samba. You have still not clarified why nsswitch.conf has entries for ldap. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] help with samba AD integration
Support contract..? how much for that the thing i am doing this is to fix my job..because this this my 1st project. i didn't get salery to..anyway can u please give your rate for this.. :( On Mon, Oct 4, 2010 at 1:08 PM, d...@penguinfactory.co.uk wrote: On Mon, Oct 04, 2010 at 12:24:50PM +0300, Ben George wrote: Content preview: Hi please check tis link.. http://bentgeorge.com/samba/ [...] Yes, I have read this page and understand what you wish to achieve. There are several ways to do it depending on the requirements of your network. Home directories can be autogenerated under different circumstances, from user creation to first connection. Can you please be clear: do you wish to purchase a support contract? If not, I recommend you continue asking on the public Samba forums, where a lot of people do get help. Regards, -- Dan Shearer d...@penguinfactory.co.uk -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] help with AD integration
You need to ensure that pam is allowing ssh or telnet access, not sure in Solaris but in RedHat based sistems is inside /etc/pam.d You will have to allow access through pam only enabled accounts since usually the access is restricted to shadow by default. On 10/4/10 7:11 AM, Gaiseric Vandal wrote: According to your page getent passwd is showing the domain users. If you try to ssh into your linux machine as ben, with the way nsswitch.conf is configured, it will try to authenticated you as the ben in /etc/passwd not the one in the AD domain. I suggest you try the following comment out ben from /etc/passwd and /etc/shadow. Make sure that the /export/Home/ben directory is owned by the SRE+ben user. See if you can ssh into linux as ben. (I think you can specify ben and not SRE+ben for the ssh user.) Keep an eye on the log files e.g in /var/samba/log or /var/log/samba. You have still not clarified why nsswitch.conf has entries for ldap. On 10/04/2010 05:17 AM, Ben George wrote: please check this link http://bentgeorge.com/samba/ all are mentioned here Thanks Ben.T.George On Thu, Sep 30, 2010 at 10:16 PM, Gaiseric Vandal gaiseric.van...@gmail.com mailto:gaiseric.van...@gmail.com wrote: Hi Please clarify the following - Did you run truss getent passwd command and look for lines with nss_winbind- just in case it is looking for a file with a different version. - Why does nsswitch.conf have ldap references- are you using ldap? You should also look through the samba logs- it may provide some information. On 09/30/2010 12:14 PM, Ben George wrote: yes client has Solaris and a windows xp machine under the AD domain yes i exported the paths to the newly installed /usr/local/samba/lib me using the new packahes and disabled the default packages On Thu, Sep 30, 2010 at 6:16 PM, Gaiseric Vandal gaiseric.van...@gmail.com mailto:gaiseric.van...@gmail.com wrote: So to clarify the customer has a Sun Solaris 10 UNIX machine and a Linux workstation? FOR SOLARIS I had problems with getting nsswitch+winbind working with the samba from sunfreeware- I had to recompile from scratch (major headache.) In hindsight this may not have been necessary for winbind- although I had to recompile anyway for ZFS support. On solaris, you should have a file called /usr/lib/nss_winbind.so.1 - which is the nsswitcher winbind library provided by the samba that sun bundles with solaris 10 (but this is samba 3.0.x and too old to be much use.) In /usr/local/samba/lib - do you see an nss_winbind.so.1 file?How is your PATH and LD_LIBRARY_PATH set- you want to make sure you are using the /usr/local/samba/bin and /usr/local/samba/lib first. If you run truss getent passwd | tee log1.txt you should see it looking for nss_winbind.so.1 - ideally it will look in /usr/local/samba/lib before /usr/lib. If it uses /usr/lib/nss_winbind.so.1 that will probably NOT work. You may want to rename that file just to make sure. On 09/30/2010 10:57 AM, Ben George wrote: Sun Solaris 10 (under SPARC) local users in /etc/passwd samba 3.4.2 from sunfreeware.com http://sunfreeware.com getent passwd */ramana:x:100:1::/export/home/ramana:/bin/sh teju:x:101:1::/export/home/teju:/bin/sh user1:x:102:1::/export/home/user1:/bin/sh ben:x:103:1::/home/ben:/bin/sh /*like this*/ /*/ /Thanks Ben.T.George*/ /* On Thu, Sep 30, 2010 at 5:45 PM, Gaiseric Vandal gaiseric.van...@gmail.com mailto:gaiseric.van...@gmail.com wrote: Then it sounds like you need the AD integration. If the user's also login to the linux workstation directly (or via ssh) then you will need to configure winbind and nsswitch to support unix logins. Why does nsswitch.conf include ldap? Is this the only linux/unix machine? Are local users in ldap or /etc/passwd? What version of samba? What version of linux? Ideally getent passwd woudl show something like ben:*:10001:10001:Ben George:/export/Home/SRE/ben/:bin/tcsh or SRE+ben:*:10001:10001:Ben George:/export/Home/SRE/ben:/bin/bash I don't think you need a huge amount of AD experience to make this work but I think you have to have general understanding of what WIndows domains are about. You should also review the smb.conf man page for the section on idmap_ad. On 09/30/2010 09:24 AM, Ben George wrote: Thanks for your replay.. yes my client told me like this that's
Re: [Samba] help with AD integration
Presumably Ben is able to ssh / telnet in for NON-Samba accounts FYI- I did need to update my /etc/pam.conf on Solaris 10 clients when I moved to LDAP backend for unix accounts. I had to add an entry to allow ldap authentication.(I don't think I had to do this for Solaris 9.) I don't use samba for ssh login authentication. But it make sense- since root can access shadow info in /etc files (or NIS) but not in LDAP. At some point I had tried out allowing ssh logins using samba credentials- but I think this was on Solaris 9. At least with ldap logins, Solaris 10 requires more configuration that Solaris 9. My /etc/pam.conf includes the following # login service (explicit because of pam_dial_auth) # login auth requisitepam_authtok_get.so.1 login auth required pam_dhkeys.so.1 login auth required pam_unix_cred.so.1 login auth required pam_dial_auth.so.1 login auth binding pam_unix_auth.so.1 server_policy login auth required pam_ldap.so.1 ... passwd auth binding pam_passwd_auth.so.1 server_policy passwd auth required pam_ldap.so.1 I would guess a similar entry with pam_smb (?) might do the trick. I think that even if pam.conf is not configure correctly you can still try the following - ssh in as a local user (e.g. ben) su to the samba user (e.g. su - benvin or su benvin) - it should prompt you for a password but ssh and telnet are not involved. If this works then you know that the problem is probably a pam+ssh or pam+telnet issue. PS- You shouldn't use telnet anyway. It sends passwords in the clear. ... On 10/04/2010 12:35 PM, Max León wrote: You need to ensure that pam is allowing ssh or telnet access, not sure in Solaris but in RedHat based sistems is inside /etc/pam.d You will have to allow access through pam only enabled accounts since usually the access is restricted to shadow by default. On 10/4/10 7:11 AM, Gaiseric Vandal wrote: According to your page getent passwd is showing the domain users. If you try to ssh into your linux machine as ben, with the way nsswitch.conf is configured, it will try to authenticated you as the ben in /etc/passwd not the one in the AD domain. I suggest you try the following comment out ben from /etc/passwd and /etc/shadow. Make sure that the /export/Home/ben directory is owned by the SRE+ben user. See if you can ssh into linux as ben. (I think you can specify ben and not SRE+ben for the ssh user.) Keep an eye on the log files e.g in /var/samba/log or /var/log/samba. You have still not clarified why nsswitch.conf has entries for ldap. On 10/04/2010 05:17 AM, Ben George wrote: please check this link http://bentgeorge.com/samba/ all are mentioned here Thanks Ben.T.George On Thu, Sep 30, 2010 at 10:16 PM, Gaiseric Vandal gaiseric.van...@gmail.com mailto:gaiseric.van...@gmail.com wrote: Hi Please clarify the following - Did you run truss getent passwd command and look for lines with nss_winbind- just in case it is looking for a file with a different version. - Why does nsswitch.conf have ldap references- are you using ldap? You should also look through the samba logs- it may provide some information. On 09/30/2010 12:14 PM, Ben George wrote: yes client has Solaris and a windows xp machine under the AD domain yes i exported the paths to the newly installed /usr/local/samba/lib me using the new packahes and disabled the default packages On Thu, Sep 30, 2010 at 6:16 PM, Gaiseric Vandal gaiseric.van...@gmail.com mailto:gaiseric.van...@gmail.com wrote: So to clarify the customer has a Sun Solaris 10 UNIX machine and a Linux workstation? FOR SOLARIS I had problems with getting nsswitch+winbind working with the samba from sunfreeware- I had to recompile from scratch (major headache.) In hindsight this may not have been necessary for winbind- although I had to recompile anyway for ZFS support. On solaris, you should have a file called /usr/lib/nss_winbind.so.1 - which is the nsswitcher winbind library provided by the samba that sun bundles with solaris 10 (but this is samba 3.0.x and too old to be much use.) In /usr/local/samba/lib - do you see an nss_winbind.so.1 file?How is your PATH and LD_LIBRARY_PATH set- you want to make sure you are using the /usr/local/samba/bin and /usr/local/samba/lib first. If you run truss getent passwd | tee log1.txt you should see it looking for nss_winbind.so.1 - ideally it will look in
Re: [Samba] help with user permissions
On Tue, 2010-09-28 at 21:07 +0300, Ben George wrote: Thanks for your reply.. yea i also want that same thing..give permission to that listed users only.. but when i checked that 3 folders in windows pc.,,only one folder can accable without password and when i try to access the other 2 folder's,,it says that network not reachable..u don't have permission to access this network...like that... Windows XP will not allow you to access shares using different credentials within the same session. You have one chance at entering different credentials than the ones you entered when you first logged in. After that Windows sends those without asking for different ones. Phil On Tue, Sep 28, 2010 at 8:58 PM, Dale Schroeder d...@briannassaladdressing.com wrote: Ben, If I understand you correctly, you are describing expected behavior. Using valid users means only the users listed can access that share. If you want all the users to have access, don't use valid users. Dale valid users (S) This is a list of users that should be allowed to login to this service. Names starting with '@', '+' and '' are interpreted using the same rules as described in the *invalid users* parameter. If this is empty (the default) then any user can login. If a username is in both this list and the *invalid users* list then access is denied for that user. The current servicename is substituted for *%S*. This is useful in the [homes] section. Default: *valid users = # No valid users list (anyone can login) * Example: *valid users = greg, @pcusers * On 09/28/2010 10:22 AM, Ben George wrote: Hi My Name is Ben.T.George i successfully installed samba and other all dependencies on my Solaris 10 (SPARC) machine. i stopped the default samba and swat and enabled these 2 from the installed location (/usr/local/samba/sbin) then i edited the smb.conf using swat.after that i got a smb.conf like this\ # Samba config file created using SWAT # from UNKNOWN (ÿ¿û ) # Date: 2010/09/28 16:30:12 [global] workgroup = GROUP hosts allow = 192.168.1. [user1] path = /export/home/user1 valid users = user1 [ramana] path = /export/home/ramana valid users = ramana [teju] path = /export/home/teju valid users = teju [user1] path = /export/home/user1 valid users = user1 after that i created these 3 user's and set password (smbpassword and normal password) then i added one windows xp machine to this same GROUP,i can view these shared folders there then my problem is when i access that particular shared folders,every time one folder opens,when i try to access other 2 ,it says not accessible after that i tried to create these same users on windows,i logged another user and tried,,then the folder permission changed still i can access another folder and other 2 are not accessible.. every time these changed according to the user. please help me to solve thesewithout giving valid users it works perfect for me please Thanks Ben.T.George -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] help with AD integration
disclaimer: I don't use Samba as an ADS member server. I use samba as PDC with trusts to an ADS domain. So my observations may not be valuid. Did you try updating nsswitch.conf passwd: files winbind group:files winbind If you are using a Windows domain and have a user defined in the domain, you generally don't want to add the user as a local user. Since the underlying unix OS needs to know about the domain users you need to either use nsswitch+winbind (which I do) or the smb pam module (which I don't use, and not sure if it really is the correct approach.) If you use nsswitch.conf+winbind you can then also OPTIONALLY allow windows users unix access like ssh.My samba server is a PDC- I have a domain trust with windows domains BUT the default shell is /bin/false.(It is still a little flaky...) Does getent passwd show the windows users? It should show something like ben:*:10001:10001:Ben George:/home/SRE/ben/bin/false or SRE+ben:*:10001:10001:Ben George:/home/SRE/ben/bin/false It looks like = you already have a unix ben and a ADS ben defined? wbinfo -s and wbinfo -n are also useful for making sure that the name-to-sid and sid-to-name mappings are correct for domain users. On 09/30/2010 08:17 AM, Ben George wrote: HI My name is Ben.T.George. i followed http://www.edsiohio.com/images/advanced-AD-2009-05-18.pdf this tutorial my current status is .i successfully joined to the AD *bash-3.00# ./net ads join -U administrator Enter administrator's password: Using short domain name -- SRE Joined 'SUN1' to realm 'sre.com'* and Wbinfo shows the users and groups from the AD *bash-3.00# ./wbinfo -u SUN1+ramana SUN1+user1 SUN1+ben administrator guest support_388945a0 krbtgt teju ben ramana* *bash-3.00# ./wbinfo -g helpservicesgroup telnetclients domain computers domain controllers schema admins enterprise admins cert publishers domain admins domain users domain guests group policy creator owners ras and ias servers dnsadmins dnsupdateproxy* then i checked the AD,the Sun1 is listed under the computer tab. That means my connection side is success na..? this is my smb.conf file *# Samba config file created using SWAT # from UNKNOWN (ÿ¿û^H) # Date: 2010/09/29 17:37:34 [global] workgroup = SRE realm = SRE.COMhttp://sre.com/ security = ADS idmap uid = 1-2 idmap gid = 1-2 winbind separator = + winbind use default domain = Yes [user1] path = /export/home/user1 valid users = user1, ramana, teju [ramana] path = /export/home/ramana valid users = ramana, teju [teju] path = /export/home/teju valid users = teju [ben] path = /export/home/ben valid users = ben [user1] path = /export/home/user1 valid users = ben, user1, ramana, teju* And Kerberos file: krb5.conf *[libdefaults] dns_lookup_realm = false default_realm = SRE.COMhttp://sre.com/ ticket_lifetime = 600 kdc_req_checksum_type = 2 checksum_type = 2 ccache_type = 1 #[kdc] #profile = /krb5/var/krb5kdc/kdc.conf [logging] default = FILE:/usr/local/var/log/kdc.log kdc = FILE:/usr/local/var/log/kdc.log admin_server = FILE:/usr/local/var/log/adm.log [realms] SRE.COMhttp://sre.com/ = { kdc = srec.sre.com:88 admin_server = srec.sre.com:749 #default_domain = SRE.COMhttp://sre.com/ } [domain_realm] .sre.com = SRE.COMhttp://sre.com/ sre.com = SRE.COMhttp://sre.com/ [login] krb4_convert = 0* my need is,suppose ben is a user common to unix and windows.. when i login as ben through a windows machine,want to access the shared folder for ben in Unix.(without giving password for ben) another thing is when we change the password or username in Active Directory,it also affect the same user in the unix that means suppose i changes the user ben to ben1,and password...the changes must be written in the /etc/passwd and shadow file.. is there any way to do this..i a beginner to this.so please give me good advice Thanks Ben.T.George -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] help with AD integration
Thanks for your replay.. yes my client told me like this that's Y..and the manager gave that work to newly joined me.. :( i don't have any AD and core unix experience..i have only experience in linux.not much may this project will affect my job.. :( my nsswitch.conf *passwd: files ldap winbind group: files ldap winbind hosts: dns files ipnodes:dns files* *nsswitch+winbind (which I do) or the smb pam module*..? :( i don't know..my client's need is he has a linux machine..also a ADS..from the unix machine, he want to share secure folder's to the AD user's..so eash user can only access that particular shared folder..when the password of user changed in AD, that will affect to the smbpassword...means without changing that particular user's smb password in the unix machine.. for this need which method is useful..from your experience *Does getent passwd show the windows users?* please check the output ..i think getent password only shows unix system password *bash-3.00# getent passwd root:x:0:0:Super-User:/:/sbin/sh daemon:x:1:1::/: bin:x:2:2::/usr/bin: sys:x:3:3::/: adm:x:4:4:Admin:/var/adm: lp:x:71:8:Line Printer Admin:/usr/spool/lp: uucp:x:5:5:uucp Admin:/usr/lib/uucp: nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico smmsp:x:25:25:SendMail Message Submission Program:/: listen:x:37:4:Network Admin:/usr/net/nls: gdm:x:50:50:GDM Reserved UID:/: webservd:x:80:80:WebServer Reserved UID:/: postgres:x:90:90:PostgreSQL Reserved UID:/:/usr/bin/pfksh svctag:x:95:12:Service Tag UID:/: nobody:x:60001:60001:NFS Anonymous Access User:/: noaccess:x:60002:60002:No Access User:/: nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/: ramana:x:100:1::/export/home/ramana:/bin/sh teju:x:101:1::/export/home/teju:/bin/sh user1:x:102:1::/export/home/user1:/bin/sh ben:x:103:1::/home/ben:/bin/sh* you already have a unix ben and a ADS ben defined? Yes i defined the ben user in Unix and ADS...bcoz i don't have much knowledge about that sorry Hope u will help me Thanks Ben.T.George On Thu, Sep 30, 2010 at 3:59 PM, Gaiseric Vandal gaiseric.van...@gmail.comwrote: disclaimer: I don't use Samba as an ADS member server. I use samba as PDC with trusts to an ADS domain. So my observations may not be valuid. Did you try updating nsswitch.conf passwd: files winbind group:files winbind If you are using a Windows domain and have a user defined in the domain, you generally don't want to add the user as a local user. Since the underlying unix OS needs to know about the domain users you need to either use nsswitch+winbind (which I do) or the smb pam module (which I don't use, and not sure if it really is the correct approach.) If you use nsswitch.conf+winbind you can then also OPTIONALLY allow windows users unix access like ssh.My samba server is a PDC- I have a domain trust with windows domains BUT the default shell is /bin/false. (It is still a little flaky...) Does getent passwd show the windows users? It should show something like ben:*:10001:10001:Ben George:/home/SRE/ben/bin/false or SRE+ben:*:10001:10001:Ben George:/home/SRE/ben/bin/false It looks like = you already have a unix ben and a ADS ben defined? wbinfo -s and wbinfo -n are also useful for making sure that the name-to-sid and sid-to-name mappings are correct for domain users. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] help with AD integration
Then it sounds like you need the AD integration. If the user's also login to the linux workstation directly (or via ssh) then you will need to configure winbind and nsswitch to support unix logins. Why does nsswitch.conf include ldap? Is this the only linux/unix machine? Are local users in ldap or /etc/passwd? What version of samba? What version of linux? Ideally getent passwd woudl show something like ben:*:10001:10001:Ben George:/export/Home/SRE/ben/:bin/tcsh or SRE+ben:*:10001:10001:Ben George:/export/Home/SRE/ben:/bin/bash I don't think you need a huge amount of AD experience to make this work but I think you have to have general understanding of what WIndows domains are about. You should also review the smb.conf man page for the section on idmap_ad. On 09/30/2010 09:24 AM, Ben George wrote: Thanks for your replay.. yes my client told me like this that's Y..and the manager gave that work to newly joined me.. :( i don't have any AD and core unix experience..i have only experience in linux.not much may this project will affect my job.. :( my nsswitch.conf */passwd: files ldap winbind group: files ldap winbind hosts: dns files ipnodes:dns files/* *nsswitch+winbind (which I do) or the smb pam module*..? :( i don't know..my client's need is he has a linux machine..also a ADS..from the unix machine, he want to share secure folder's to the AD user's..so eash user can only access that particular shared folder..when the password of user changed in AD, that will affect to the smbpassword...means without changing that particular user's smb password in the unix machine.. for this need which method is useful..from your experience *Does getent passwd show the windows users?* please check the output ..i think getent password only shows unix system password */bash-3.00# getent passwd root:x:0:0:Super-User:/:/sbin/sh daemon:x:1:1::/: bin:x:2:2::/usr/bin: sys:x:3:3::/: adm:x:4:4:Admin:/var/adm: lp:x:71:8:Line Printer Admin:/usr/spool/lp: uucp:x:5:5:uucp Admin:/usr/lib/uucp: nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico smmsp:x:25:25:SendMail Message Submission Program:/: listen:x:37:4:Network Admin:/usr/net/nls: gdm:x:50:50:GDM Reserved UID:/: webservd:x:80:80:WebServer Reserved UID:/: postgres:x:90:90:PostgreSQL Reserved UID:/:/usr/bin/pfksh svctag:x:95:12:Service Tag UID:/: nobody:x:60001:60001:NFS Anonymous Access User:/: noaccess:x:60002:60002:No Access User:/: nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/: ramana:x:100:1::/export/home/ramana:/bin/sh teju:x:101:1::/export/home/teju:/bin/sh user1:x:102:1::/export/home/user1:/bin/sh ben:x:103:1::/home/ben:/bin/sh/* you already have a unix ben and a ADS ben defined? Yes i defined the ben user in Unix and ADS...bcoz i don't have much knowledge about that sorry Hope u will help me Thanks Ben.T.George On Thu, Sep 30, 2010 at 3:59 PM, Gaiseric Vandal gaiseric.van...@gmail.com mailto:gaiseric.van...@gmail.com wrote: disclaimer: I don't use Samba as an ADS member server. I use samba as PDC with trusts to an ADS domain. So my observations may not be valuid. Did you try updating nsswitch.conf passwd: files winbind group:files winbind If you are using a Windows domain and have a user defined in the domain, you generally don't want to add the user as a local user. Since the underlying unix OS needs to know about the domain users you need to either use nsswitch+winbind (which I do) or the smb pam module (which I don't use, and not sure if it really is the correct approach.) If you use nsswitch.conf+winbind you can then also OPTIONALLY allow windows users unix access like ssh.My samba server is a PDC- I have a domain trust with windows domains BUT the default shell is /bin/false.(It is still a little flaky...) Does getent passwd show the windows users? It should show something like ben:*:10001:10001:Ben George:/home/SRE/ben/bin/false or SRE+ben:*:10001:10001:Ben George:/home/SRE/ben/bin/false It looks like = you already have a unix ben and a ADS ben defined? wbinfo -s and wbinfo -n are also useful for making sure that the name-to-sid and sid-to-name mappings are correct for domain users. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] help with AD integration
Sun Solaris 10 (under SPARC) local users in /etc/passwd samba 3.4.2 from sunfreeware.com getent passwd *ramana:x:100:1::/export/home/ramana:/bin/sh teju:x:101:1::/export/home/teju:/bin/sh user1:x:102:1::/export/home/user1:/bin/sh ben:x:103:1::/home/ben:/bin/sh *like this* ** *Thanks Ben.T.George* * On Thu, Sep 30, 2010 at 5:45 PM, Gaiseric Vandal gaiseric.van...@gmail.comwrote: Then it sounds like you need the AD integration. If the user's also login to the linux workstation directly (or via ssh) then you will need to configure winbind and nsswitch to support unix logins. Why does nsswitch.conf include ldap? Is this the only linux/unix machine? Are local users in ldap or /etc/passwd? What version of samba? What version of linux? Ideally getent passwd woudl show something like ben:*:10001:10001:Ben George:/export/Home/SRE/ben/:bin/tcsh or SRE+ben:*:10001:10001:Ben George:/export/Home/SRE/ben:/bin/bash I don't think you need a huge amount of AD experience to make this work but I think you have to have general understanding of what WIndows domains are about. You should also review the smb.conf man page for the section on idmap_ad. On 09/30/2010 09:24 AM, Ben George wrote: Thanks for your replay.. yes my client told me like this that's Y..and the manager gave that work to newly joined me.. :( i don't have any AD and core unix experience..i have only experience in linux.not much may this project will affect my job.. :( my nsswitch.conf *passwd: files ldap winbind group: files ldap winbind hosts: dns files ipnodes:dns files* *nsswitch+winbind (which I do) or the smb pam module*..? :( i don't know..my client's need is he has a linux machine..also a ADS..from the unix machine, he want to share secure folder's to the AD user's..so eash user can only access that particular shared folder..when the password of user changed in AD, that will affect to the smbpassword...means without changing that particular user's smb password in the unix machine.. for this need which method is useful..from your experience *Does getent passwd show the windows users?* please check the output ..i think getent password only shows unix system password *bash-3.00# getent passwd root:x:0:0:Super-User:/:/sbin/sh daemon:x:1:1::/: bin:x:2:2::/usr/bin: sys:x:3:3::/: adm:x:4:4:Admin:/var/adm: lp:x:71:8:Line Printer Admin:/usr/spool/lp: uucp:x:5:5:uucp Admin:/usr/lib/uucp: nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico smmsp:x:25:25:SendMail Message Submission Program:/: listen:x:37:4:Network Admin:/usr/net/nls: gdm:x:50:50:GDM Reserved UID:/: webservd:x:80:80:WebServer Reserved UID:/: postgres:x:90:90:PostgreSQL Reserved UID:/:/usr/bin/pfksh svctag:x:95:12:Service Tag UID:/: nobody:x:60001:60001:NFS Anonymous Access User:/: noaccess:x:60002:60002:No Access User:/: nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/: ramana:x:100:1::/export/home/ramana:/bin/sh teju:x:101:1::/export/home/teju:/bin/sh user1:x:102:1::/export/home/user1:/bin/sh ben:x:103:1::/home/ben:/bin/sh* you already have a unix ben and a ADS ben defined? Yes i defined the ben user in Unix and ADS...bcoz i don't have much knowledge about that sorry Hope u will help me Thanks Ben.T.George On Thu, Sep 30, 2010 at 3:59 PM, Gaiseric Vandal gaiseric.van...@gmail.com wrote: disclaimer: I don't use Samba as an ADS member server. I use samba as PDC with trusts to an ADS domain. So my observations may not be valuid. Did you try updating nsswitch.conf passwd: files winbind group:files winbind If you are using a Windows domain and have a user defined in the domain, you generally don't want to add the user as a local user. Since the underlying unix OS needs to know about the domain users you need to either use nsswitch+winbind (which I do) or the smb pam module (which I don't use, and not sure if it really is the correct approach.) If you use nsswitch.conf+winbind you can then also OPTIONALLY allow windows users unix access like ssh.My samba server is a PDC- I have a domain trust with windows domains BUT the default shell is /bin/false. (It is still a little flaky...) Does getent passwd show the windows users? It should show something like ben:*:10001:10001:Ben George:/home/SRE/ben/bin/false or SRE+ben:*:10001:10001:Ben George:/home/SRE/ben/bin/false It looks like = you already have a unix ben and a ADS ben defined? wbinfo -s and wbinfo -n are also useful for making sure that the name-to-sid and sid-to-name mappings are correct for domain users. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] help with AD integration
So to clarify the customer has a Sun Solaris 10 UNIX machine and a Linux workstation? FOR SOLARIS I had problems with getting nsswitch+winbind working with the samba from sunfreeware- I had to recompile from scratch (major headache.) In hindsight this may not have been necessary for winbind- although I had to recompile anyway for ZFS support. On solaris, you should have a file called /usr/lib/nss_winbind.so.1 - which is the nsswitcher winbind library provided by the samba that sun bundles with solaris 10 (but this is samba 3.0.x and too old to be much use.) In /usr/local/samba/lib - do you see an nss_winbind.so.1 file?How is your PATH and LD_LIBRARY_PATH set- you want to make sure you are using the /usr/local/samba/bin and /usr/local/samba/lib first. If you run truss getent passwd | tee log1.txt you should see it looking for nss_winbind.so.1 - ideally it will look in /usr/local/samba/lib before /usr/lib. If it uses /usr/lib/nss_winbind.so.1 that will probably NOT work. You may want to rename that file just to make sure. On 09/30/2010 10:57 AM, Ben George wrote: Sun Solaris 10 (under SPARC) local users in /etc/passwd samba 3.4.2 from sunfreeware.com http://sunfreeware.com getent passwd */ramana:x:100:1::/export/home/ramana:/bin/sh teju:x:101:1::/export/home/teju:/bin/sh user1:x:102:1::/export/home/user1:/bin/sh ben:x:103:1::/home/ben:/bin/sh /*like this*/ /*/ /Thanks Ben.T.George*/ /* On Thu, Sep 30, 2010 at 5:45 PM, Gaiseric Vandal gaiseric.van...@gmail.com mailto:gaiseric.van...@gmail.com wrote: Then it sounds like you need the AD integration. If the user's also login to the linux workstation directly (or via ssh) then you will need to configure winbind and nsswitch to support unix logins. Why does nsswitch.conf include ldap? Is this the only linux/unix machine? Are local users in ldap or /etc/passwd? What version of samba? What version of linux? Ideally getent passwd woudl show something like ben:*:10001:10001:Ben George:/export/Home/SRE/ben/:bin/tcsh or SRE+ben:*:10001:10001:Ben George:/export/Home/SRE/ben:/bin/bash I don't think you need a huge amount of AD experience to make this work but I think you have to have general understanding of what WIndows domains are about. You should also review the smb.conf man page for the section on idmap_ad. On 09/30/2010 09:24 AM, Ben George wrote: Thanks for your replay.. yes my client told me like this that's Y..and the manager gave that work to newly joined me.. :( i don't have any AD and core unix experience..i have only experience in linux.not much may this project will affect my job.. :( my nsswitch.conf */passwd: files ldap winbind group: files ldap winbind hosts: dns files ipnodes:dns files/* *nsswitch+winbind (which I do) or the smb pam module*..? :( i don't know..my client's need is he has a linux machine..also a ADS..from the unix machine, he want to share secure folder's to the AD user's..so eash user can only access that particular shared folder..when the password of user changed in AD, that will affect to the smbpassword...means without changing that particular user's smb password in the unix machine.. for this need which method is useful..from your experience *Does getent passwd show the windows users?* please check the output ..i think getent password only shows unix system password */bash-3.00# getent passwd root:x:0:0:Super-User:/:/sbin/sh daemon:x:1:1::/: bin:x:2:2::/usr/bin: sys:x:3:3::/: adm:x:4:4:Admin:/var/adm: lp:x:71:8:Line Printer Admin:/usr/spool/lp: uucp:x:5:5:uucp Admin:/usr/lib/uucp: nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico smmsp:x:25:25:SendMail Message Submission Program:/: listen:x:37:4:Network Admin:/usr/net/nls: gdm:x:50:50:GDM Reserved UID:/: webservd:x:80:80:WebServer Reserved UID:/: postgres:x:90:90:PostgreSQL Reserved UID:/:/usr/bin/pfksh svctag:x:95:12:Service Tag UID:/: nobody:x:60001:60001:NFS Anonymous Access User:/: noaccess:x:60002:60002:No Access User:/: nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/: ramana:x:100:1::/export/home/ramana:/bin/sh teju:x:101:1::/export/home/teju:/bin/sh user1:x:102:1::/export/home/user1:/bin/sh ben:x:103:1::/home/ben:/bin/sh/* you already have a unix ben and a ADS ben defined? Yes i defined the ben user in Unix and ADS...bcoz i don't have much knowledge about that sorry Hope u will help me Thanks Ben.T.George On Thu, Sep 30, 2010 at 3:59 PM, Gaiseric Vandal gaiseric.van...@gmail.com mailto:gaiseric.van...@gmail.com wrote: disclaimer: I don't use Samba as an ADS member server. I use samba as PDC with trusts to an ADS domain. So my
Re: [Samba] help with AD integration
yes client has Solaris and a windows xp machine under the AD domain yes i exported the paths to the newly installed /usr/local/samba/lib me using the new packahes and disabled the default packages On Thu, Sep 30, 2010 at 6:16 PM, Gaiseric Vandal gaiseric.van...@gmail.comwrote: So to clarify the customer has a Sun Solaris 10 UNIX machine and a Linux workstation? FOR SOLARIS I had problems with getting nsswitch+winbind working with the samba from sunfreeware- I had to recompile from scratch (major headache.) In hindsight this may not have been necessary for winbind- although I had to recompile anyway for ZFS support. On solaris, you should have a file called /usr/lib/nss_winbind.so.1 - which is the nsswitcher winbind library provided by the samba that sun bundles with solaris 10 (but this is samba 3.0.x and too old to be much use.) In /usr/local/samba/lib - do you see an nss_winbind.so.1 file?How is your PATH and LD_LIBRARY_PATH set- you want to make sure you are using the /usr/local/samba/bin and /usr/local/samba/lib first. If you run truss getent passwd | tee log1.txt you should see it looking for nss_winbind.so.1 - ideally it will look in /usr/local/samba/lib before /usr/lib. If it uses /usr/lib/nss_winbind.so.1 that will probably NOT work. You may want to rename that file just to make sure. On 09/30/2010 10:57 AM, Ben George wrote: Sun Solaris 10 (under SPARC) local users in /etc/passwd samba 3.4.2 from sunfreeware.com getent passwd *ramana:x:100:1::/export/home/ramana:/bin/sh teju:x:101:1::/export/home/teju:/bin/sh user1:x:102:1::/export/home/user1:/bin/sh ben:x:103:1::/home/ben:/bin/sh *like this* ** *Thanks Ben.T.George* * On Thu, Sep 30, 2010 at 5:45 PM, Gaiseric Vandal gaiseric.van...@gmail.com wrote: Then it sounds like you need the AD integration. If the user's also login to the linux workstation directly (or via ssh) then you will need to configure winbind and nsswitch to support unix logins. Why does nsswitch.conf include ldap? Is this the only linux/unix machine? Are local users in ldap or /etc/passwd? What version of samba? What version of linux? Ideally getent passwd woudl show something like ben:*:10001:10001:Ben George:/export/Home/SRE/ben/:bin/tcsh or SRE+ben:*:10001:10001:Ben George:/export/Home/SRE/ben:/bin/bash I don't think you need a huge amount of AD experience to make this work but I think you have to have general understanding of what WIndows domains are about. You should also review the smb.conf man page for the section on idmap_ad. On 09/30/2010 09:24 AM, Ben George wrote: Thanks for your replay.. yes my client told me like this that's Y..and the manager gave that work to newly joined me.. :( i don't have any AD and core unix experience..i have only experience in linux.not much may this project will affect my job.. :( my nsswitch.conf *passwd: files ldap winbind group: files ldap winbind hosts: dns files ipnodes:dns files* *nsswitch+winbind (which I do) or the smb pam module*..? :( i don't know..my client's need is he has a linux machine..also a ADS..from the unix machine, he want to share secure folder's to the AD user's..so eash user can only access that particular shared folder..when the password of user changed in AD, that will affect to the smbpassword...means without changing that particular user's smb password in the unix machine.. for this need which method is useful..from your experience *Does getent passwd show the windows users?* please check the output ..i think getent password only shows unix system password *bash-3.00# getent passwd root:x:0:0:Super-User:/:/sbin/sh daemon:x:1:1::/: bin:x:2:2::/usr/bin: sys:x:3:3::/: adm:x:4:4:Admin:/var/adm: lp:x:71:8:Line Printer Admin:/usr/spool/lp: uucp:x:5:5:uucp Admin:/usr/lib/uucp: nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico smmsp:x:25:25:SendMail Message Submission Program:/: listen:x:37:4:Network Admin:/usr/net/nls: gdm:x:50:50:GDM Reserved UID:/: webservd:x:80:80:WebServer Reserved UID:/: postgres:x:90:90:PostgreSQL Reserved UID:/:/usr/bin/pfksh svctag:x:95:12:Service Tag UID:/: nobody:x:60001:60001:NFS Anonymous Access User:/: noaccess:x:60002:60002:No Access User:/: nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/: ramana:x:100:1::/export/home/ramana:/bin/sh teju:x:101:1::/export/home/teju:/bin/sh user1:x:102:1::/export/home/user1:/bin/sh ben:x:103:1::/home/ben:/bin/sh* you already have a unix ben and a ADS ben defined? Yes i defined the ben user in Unix and ADS...bcoz i don't have much knowledge about that sorry Hope u will help me Thanks Ben.T.George On Thu, Sep 30, 2010 at 3:59 PM, Gaiseric Vandal gaiseric.van...@gmail.com wrote: disclaimer: I don't use Samba as an ADS member server. I use samba as PDC with trusts to an ADS domain. So my observations may not be valuid.
Re: [Samba] help with AD integration
Hi Please clarify the following - Did you run truss getent passwd command and look for lines with nss_winbind- just in case it is looking for a file with a different version. - Why does nsswitch.conf have ldap references- are you using ldap? You should also look through the samba logs- it may provide some information. On 09/30/2010 12:14 PM, Ben George wrote: yes client has Solaris and a windows xp machine under the AD domain yes i exported the paths to the newly installed /usr/local/samba/lib me using the new packahes and disabled the default packages On Thu, Sep 30, 2010 at 6:16 PM, Gaiseric Vandal gaiseric.van...@gmail.com mailto:gaiseric.van...@gmail.com wrote: So to clarify the customer has a Sun Solaris 10 UNIX machine and a Linux workstation? FOR SOLARIS I had problems with getting nsswitch+winbind working with the samba from sunfreeware- I had to recompile from scratch (major headache.) In hindsight this may not have been necessary for winbind- although I had to recompile anyway for ZFS support. On solaris, you should have a file called /usr/lib/nss_winbind.so.1 - which is the nsswitcher winbind library provided by the samba that sun bundles with solaris 10 (but this is samba 3.0.x and too old to be much use.) In /usr/local/samba/lib - do you see an nss_winbind.so.1 file? How is your PATH and LD_LIBRARY_PATH set- you want to make sure you are using the /usr/local/samba/bin and /usr/local/samba/lib first. If you run truss getent passwd | tee log1.txt you should see it looking for nss_winbind.so.1 - ideally it will look in /usr/local/samba/lib before /usr/lib. If it uses /usr/lib/nss_winbind.so.1 that will probably NOT work. You may want to rename that file just to make sure. On 09/30/2010 10:57 AM, Ben George wrote: Sun Solaris 10 (under SPARC) local users in /etc/passwd samba 3.4.2 from sunfreeware.com http://sunfreeware.com getent passwd */ramana:x:100:1::/export/home/ramana:/bin/sh teju:x:101:1::/export/home/teju:/bin/sh user1:x:102:1::/export/home/user1:/bin/sh ben:x:103:1::/home/ben:/bin/sh /*like this*/ /*/ /Thanks Ben.T.George*/ /* On Thu, Sep 30, 2010 at 5:45 PM, Gaiseric Vandal gaiseric.van...@gmail.com mailto:gaiseric.van...@gmail.com wrote: Then it sounds like you need the AD integration. If the user's also login to the linux workstation directly (or via ssh) then you will need to configure winbind and nsswitch to support unix logins. Why does nsswitch.conf include ldap? Is this the only linux/unix machine? Are local users in ldap or /etc/passwd? What version of samba? What version of linux? Ideally getent passwd woudl show something like ben:*:10001:10001:Ben George:/export/Home/SRE/ben/:bin/tcsh or SRE+ben:*:10001:10001:Ben George:/export/Home/SRE/ben:/bin/bash I don't think you need a huge amount of AD experience to make this work but I think you have to have general understanding of what WIndows domains are about. You should also review the smb.conf man page for the section on idmap_ad. On 09/30/2010 09:24 AM, Ben George wrote: Thanks for your replay.. yes my client told me like this that's Y..and the manager gave that work to newly joined me.. :( i don't have any AD and core unix experience..i have only experience in linux.not much may this project will affect my job.. :( my nsswitch.conf */passwd: files ldap winbind group: files ldap winbind hosts: dns files ipnodes:dns files/* *nsswitch+winbind (which I do) or the smb pam module*..? :( i don't know..my client's need is he has a linux machine..also a ADS..from the unix machine, he want to share secure folder's to the AD user's..so eash user can only access that particular shared folder..when the password of user changed in AD, that will affect to the smbpassword...means without changing that particular user's smb password in the unix machine.. for this need which method is useful..from your experience *Does getent passwd show the windows users?* please check the output ..i think getent password only shows unix system password */bash-3.00# getent passwd root:x:0:0:Super-User:/:/sbin/sh daemon:x:1:1::/: bin:x:2:2::/usr/bin: sys:x:3:3::/: adm:x:4:4:Admin:/var/adm: lp:x:71:8:Line Printer Admin:/usr/spool/lp: uucp:x:5:5:uucp Admin:/usr/lib/uucp: nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico smmsp:x:25:25:SendMail Message Submission Program:/:
Re: [Samba] help with AD integration
I suspect Oracle won't be much help with 3rd party s/w.I had opened a ticket with Sun last year (?) when I had with domain trusts with the samba version they provided (the trusts worked BUT the cache would expire and not repopulate.) They had a cookie cutter setup for joining Samba to an AD domain (which wasn't relevant to me.) They were supposedly going to release a build for samba 3.4.x BUT they seemed to have killed any more work with Samba. If Ben switches back to samba 3.0.x from Sun he may be able to get some help.Altho I suspect if you did through the release notes you wilL NOT find Win 2008 support for Samba 3.0.x. On 09/29/2010 11:52 AM, Rob LaRose wrote: Hi Ben, Which version of AD are you using? We had no luck integrating Solaris Samba w/ AD 2008 last year, and were forced to use a third-party authentication product called Centrify DirectControl to facilitate. This may have changed by now — have you opened a support case with Oracle? --Rob Rob LaRose systems administrator imaginary forces | 530 west 25th st | new york city | p 646.486.6868 | f 646.486.4700 | www.imaginaryforces.com From: Ben Georgebentech4...@gmail.commailto:bentech4...@gmail.com Date: Wed, 29 Sep 2010 03:07:15 -0400 To: samba@lists.samba.orgmailto:samba@lists.samba.orgsamba@lists.samba.orgmailto:samba@lists.samba.org Subject: [Samba] help with AD integration HI my name ins Ben.T.George i am new to samba and active directory integration my machine ins Sun Slaris SPARC (solaris 10). the unix side samba and all deps are installed...from this link http://www.sunfreeware.com/programlistsparc10.html#samba now i want to sync samba with active directory.. so please help to for this.. please provide me the step by step for this.. now i am stuck with kerberos configuration. also please provide me the kerberos step by step configuration thanks Ben.T.George -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba This e-mail is intended only for the named person or entity to which it is addressed and contains valuable business information that is proprietary, privileged, confidential and/or otherwise protected from disclosure. If you received this e-mail in error, any review, use, dissemination, distribution or copying of this e-mail is strictly prohibited. Please notify us immediately of the error via e-mail toifpostmaster postmas...@imaginaryforces.com and please delete the e-mail from your system, retaining no copies in any media. We appreciate your cooperation. ...imaginaryforces.com... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] help with AD integration
Hi Ben, Which version of AD are you using? We had no luck integrating Solaris Samba w/ AD 2008 last year, and were forced to use a third-party authentication product called Centrify DirectControl to facilitate. This may have changed by now — have you opened a support case with Oracle? --Rob Rob LaRose systems administrator imaginary forces | 530 west 25th st | new york city | p 646.486.6868 | f 646.486.4700 | www.imaginaryforces.com From: Ben George bentech4...@gmail.commailto:bentech4...@gmail.com Date: Wed, 29 Sep 2010 03:07:15 -0400 To: samba@lists.samba.orgmailto:samba@lists.samba.org samba@lists.samba.orgmailto:samba@lists.samba.org Subject: [Samba] help with AD integration HI my name ins Ben.T.George i am new to samba and active directory integration my machine ins Sun Slaris SPARC (solaris 10). the unix side samba and all deps are installed...from this link http://www.sunfreeware.com/programlistsparc10.html#samba now i want to sync samba with active directory.. so please help to for this.. please provide me the step by step for this.. now i am stuck with kerberos configuration. also please provide me the kerberos step by step configuration thanks Ben.T.George -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba This e-mail is intended only for the named person or entity to which it is addressed and contains valuable business information that is proprietary, privileged, confidential and/or otherwise protected from disclosure. If you received this e-mail in error, any review, use, dissemination, distribution or copying of this e-mail is strictly prohibited. Please notify us immediately of the error via e-mail to ifpostmaster postmas...@imaginaryforces.com and please delete the e-mail from your system, retaining no copies in any media. We appreciate your cooperation. ...imaginaryforces.com... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] help with AD integration
HI Thanks for your reply..me using.2003 server.. when i give the command in unix wbinfo -u ,it shows all the users in AD and wbinfo -g shows the group.. after that? bcoz i am beginner with this.actually i am working in linux,and i got job on sun..so my manager gave this work to me only for me..:( so i don't know the correct procedures about the samba-AD synchronization.. so please help me with these,for further steps. also give me the gud tutorial for Centrify DirectControl Again thanks for your reply Ben.T.George On Wed, Sep 29, 2010 at 6:52 PM, Rob LaRose r...@imaginaryforces.comwrote: Hi Ben, Which version of AD are you using? We had no luck integrating Solaris Samba w/ AD 2008 last year, and were forced to use a third-party authentication product called Centrify DirectControl to facilitate. This may have changed by now — have you opened a support case with Oracle? --Rob * * * * *Rob LaRose systems administrator imaginary forces | 530 west 25th st | new york city | p 646.486.6868 | f 646.486.4700 | www.imaginaryforces.com * * * From: Ben George bentech4...@gmail.com Date: Wed, 29 Sep 2010 03:07:15 -0400 To: samba@lists.samba.org samba@lists.samba.org Subject: [Samba] help with AD integration HI my name ins Ben.T.George i am new to samba and active directory integration my machine ins Sun Slaris SPARC (solaris 10). the unix side samba and all deps are installed...from this link http://www.sunfreeware.com/programlistsparc10.html#samba now i want to sync samba with active directory.. so please help to for this.. please provide me the step by step for this.. now i am stuck with kerberos configuration. also please provide me the kerberos step by step configuration thanks Ben.T.George -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- This e-mail is intended only for the named person or entity to which it is addressed and contains valuable business information that is proprietary, privileged, confidential and/or otherwise protected from disclosure. If you received this e-mail in error, any review, use, dissemination, distribution or copying of this e-mail is strictly prohibited. Please notify us immediately of the error via e-mail to ifpostmaster postmas...@imaginaryforces.com and please delete the e-mail from your system, retaining no copies in any media. We appreciate your cooperation. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] help with user permissions
Ben, If I understand you correctly, you are describing expected behavior. Using valid users means only the users listed can access that share. If you want all the users to have access, don't use valid users. Dale valid users (S) This is a list of users that should be allowed to login to this service. Names starting with '@', '+' and '' are interpreted using the same rules as described in the /|invalid users|/ parameter. If this is empty (the default) then any user can login. If a username is in both this list and the /|invalid users|/ list then access is denied for that user. The current servicename is substituted for /|%S|/. This is useful in the [homes] section. Default: //|valid users|/ = | # No valid users list (anyone can login) | / Example: //|valid users|/ = |greg, @pcusers| / On 09/28/2010 10:22 AM, Ben George wrote: Hi My Name is Ben.T.George i successfully installed samba and other all dependencies on my Solaris 10 (SPARC) machine. i stopped the default samba and swat and enabled these 2 from the installed location (/usr/local/samba/sbin) then i edited the smb.conf using swat.after that i got a smb.conf like this\ # Samba config file created using SWAT # from UNKNOWN (ÿ¿û ) # Date: 2010/09/28 16:30:12 [global] workgroup = GROUP hosts allow = 192.168.1. [user1] path = /export/home/user1 valid users = user1 [ramana] path = /export/home/ramana valid users = ramana [teju] path = /export/home/teju valid users = teju [user1] path = /export/home/user1 valid users = user1 after that i created these 3 user's and set password (smbpassword and normal password) then i added one windows xp machine to this same GROUP,i can view these shared folders there then my problem is when i access that particular shared folders,every time one folder opens,when i try to access other 2 ,it says not accessible after that i tried to create these same users on windows,i logged another user and tried,,then the folder permission changed still i can access another folder and other 2 are not accessible.. every time these changed according to the user. please help me to solve thesewithout giving valid users it works perfect for me please Thanks Ben.T.George -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] help with user permissions
Thanks for your reply.. yea i also want that same thing..give permission to that listed users only.. but when i checked that 3 folders in windows pc.,,only one folder can accable without password and when i try to access the other 2 folder's,,it says that network not reachable..u don't have permission to access this network...like that... On Tue, Sep 28, 2010 at 8:58 PM, Dale Schroeder d...@briannassaladdressing.com wrote: Ben, If I understand you correctly, you are describing expected behavior. Using valid users means only the users listed can access that share. If you want all the users to have access, don't use valid users. Dale valid users (S) This is a list of users that should be allowed to login to this service. Names starting with '@', '+' and '' are interpreted using the same rules as described in the *invalid users* parameter. If this is empty (the default) then any user can login. If a username is in both this list and the *invalid users* list then access is denied for that user. The current servicename is substituted for *%S*. This is useful in the [homes] section. Default: *valid users = # No valid users list (anyone can login) * Example: *valid users = greg, @pcusers * On 09/28/2010 10:22 AM, Ben George wrote: Hi My Name is Ben.T.George i successfully installed samba and other all dependencies on my Solaris 10 (SPARC) machine. i stopped the default samba and swat and enabled these 2 from the installed location (/usr/local/samba/sbin) then i edited the smb.conf using swat.after that i got a smb.conf like this\ # Samba config file created using SWAT # from UNKNOWN (ÿ¿û ) # Date: 2010/09/28 16:30:12 [global] workgroup = GROUP hosts allow = 192.168.1. [user1] path = /export/home/user1 valid users = user1 [ramana] path = /export/home/ramana valid users = ramana [teju] path = /export/home/teju valid users = teju [user1] path = /export/home/user1 valid users = user1 after that i created these 3 user's and set password (smbpassword and normal password) then i added one windows xp machine to this same GROUP,i can view these shared folders there then my problem is when i access that particular shared folders,every time one folder opens,when i try to access other 2 ,it says not accessible after that i tried to create these same users on windows,i logged another user and tried,,then the folder permission changed still i can access another folder and other 2 are not accessible.. every time these changed according to the user. please help me to solve thesewithout giving valid users it works perfect for me please Thanks Ben.T.George -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] help making fileserver
I have a file server that I authenticate against LDAP/Samba. The smb.conf looks something like this...(which of course does not include the shares section of the config...) This configuration assumes using nss_ldap (for getting user accounts) and POSIX ACL's for permissions using getfacl and setfacl. [global] log file = /var/log/samba/%m.log passdb backend = ldapsam:ldap://ip address ldap suffix = ldap suffix ldap machine suffix = ou=Machine ldap user suffix = ou=People ldap group suffix = ou=Group ldap idmap suffix = ou=IdMap ldap admin dn = ldap dn to connect as show add printer wizard = No dns proxy = No cups options = raw server string = File Server password server = SERVER1 SERVER2 domain logons = no domain master = no workgroup = CORPDOM printcap name = cups security = DOMAIN preferred master = No max log size = 50 disable spoolss = Yes On 08/18/2010 09:37 PM, Hernan Caffera wrote: Hi, folks ! Perhaps somebody can help me with a litle isuue. I´ve got a PDC with Ubuntu+Samba 3.5 +LDAP working fine in my network. But now I’m trying to implement a fileserver that autenticate against my domain server. If someone have any idea about how to do it and can give me a link or some clue about it, I really will apreciate it! Thank you very much for your time. -- Christopher Springer IS/IT Systems Administrator BRC Rubber Plastics, Inc 260-693-2171 x389 csprin...@brcrp.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] help making fileserver
On 08/18/2010 09:37 PM, Hernan Caffera wrote: Hi, folks ! Perhaps somebody can help me with a litle isuue. I´ve got a PDC with Ubuntu+Samba 3.5 +LDAP working fine in my network. But now I’m trying to implement a fileserver that autenticate against my domain server. If someone have any idea about how to do it and can give me a link or some clue about it, I really will apreciate it! Thank you very much for your time. Is the new server also a samba server? You should be able to configure it as a workgroup server or domain BDC. My experience is that if already have an LDAP backend, and if you are already using LDAP for unix level account management, that the BDC is the better approach since it helps keep all your Windows and Unix id's consistent on both machines. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help on Samba 4
Look at my howto : [Samba] HOWTO centOS 5.5 samba4 dns dynamic update of today in this list --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Amitava Chakraborty Gesendet: Montag, 26. Juli 2010 10:45 An: samba@lists.samba.org Betreff: [Samba] Help on Samba 4 We are trying to install Samba 4 on a RHEL4 update 4 machine and are facing problems. We have downloaded the samba4 tar ball from http://repo.or.cz/w/Samba.git/snapshot/master.tar.gz After untarring it we have done cd source4 ./autogen.sh ./configure But at this stage itself we are getting the following error: /root/Samba/source4/wscript: error: Traceback (most recent call last): File /root/Samba/buildtools/bin/.waf-1.5.17-164170d221747ffbb50f4a8b9ccc2b2a/waf admin/Utils.py, line 198, in load_module exec(compile(code,file_path,'exec'),module.__dict__) File /root/Samba/source4/wscript, line 11, in ? import wafsamba, Options, samba_dist, Scripting File ../buildtools/wafsamba/wafsamba.py, line 53 @conf ^ SyntaxError: invalid syntax Can anybody kindly help us? Regards Amitava CAhkraborty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help to buy a SAN server
Another option is http://www.openfiler.com/ open source etc. Best regards, Dave Wynne Senior Engineer Artimech Pty. Ltd. MiniFab 1 Dalmore Drive Scoresby, Vic 3179 Australia Tel: (03) 9753 3700 Fax: (03) 9753 3711 Email:d...@artimech.com.au Please Visit Our Website www.artimech.com.au Information Contained Within This Communication Is Private and In Confidence -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Gaiseric Vandal Sent: Thursday, 17 June 2010 11:28 To: samba@lists.samba.org Subject:Re: [Samba] Help to buy a SAN server NetGear and Buffalo make lower cost workgroup NAS server. But this isn't really a samba question. You want to decide SAN vs NAS. There is a big range of stuff out there - you may want to talk to a reseller if your company uses one. NetApp is a higher end vendor. EMC and Sun are the big $$$ products. I bought a cheap 1 disk user size NAS appliance from netgear. I had to return it. It was using linux with a version of samba that was not compatible with the version of samba running on my PDC. I was unable to join it to the Samba domain which meant I could not apply user permissions to the files on the NAS. I could not rebuild samba myself and there were no patches from the vendor. NAS can be nice if you want your end user PC's to be able to access files directly from the appliance.And you can use it for backups if you want to rsync data from your servers to it. If you want to add more disk space to a server, SAN is they want to go. The server will see the space on the SAN as a block-type disk device, not a network share. SAN is really most useful when you want to share a disk storage appliance between multiple servers- e.g. 70 % might be to add disk space to one server and 30 % might be for another server. SAN is also useful if you are into fail over and virtualization. Beyond the scope of this discussion. -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Yannick Bergeron Sent: Wednesday, June 16, 2010 7:36 PM To: nasrin...@yahoo.com; samba@lists.samba.org Subject: Re: [Samba] Help to buy a SAN server I'm moderating the samba-technical mailing list. This post is more appropriate on samba@lists.samba.org So I'll just answer on this one and discard the post on samba-technical Hi, I have to linux server and using samba beetwen all win xp and win7 clients. I need to have som SAN box that working az raid 5 and backup. What I find is just supporting windows OS not Linux. Do you have any sugastion? Thanks a lot, Best regards, Nasrin Khatami, nasr...@skarpnack.fhsk.se Don't mix up SAN and NAS, both are 2 different things ;) You are probably talking about a NAS than a SAN What do you mean about just supporting windows and not Linux? If they support SMB/CIFS or any protocol such as FTP, SSH, etc., you'll be able to use them from your Linux _ Learn more ways to connect with your buddies now http://go.microsoft.com/?linkid=9734388 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help to buy a SAN server
Another option is http://www.openfiler.com/ or http://freenas.org/ open source etc. Best regards, Dave Wynne Senior Engineer Artimech Pty. Ltd. MiniFab 1 Dalmore Drive Scoresby, Vic 3179 Australia Tel: (03) 9753 3700 Fax: (03) 9753 3711 Email:d...@artimech.com.au Please Visit Our Website www.artimech.com.au Information Contained Within This Communication Is Private and In Confidence -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Gaiseric Vandal Sent: Thursday, 17 June 2010 11:28 To: samba@lists.samba.org Subject:Re: [Samba] Help to buy a SAN server NetGear and Buffalo make lower cost workgroup NAS server. But this isn't really a samba question. You want to decide SAN vs NAS. There is a big range of stuff out there - you may want to talk to a reseller if your company uses one. NetApp is a higher end vendor. EMC and Sun are the big $$$ products. I bought a cheap 1 disk user size NAS appliance from netgear. I had to return it. It was using linux with a version of samba that was not compatible with the version of samba running on my PDC. I was unable to join it to the Samba domain which meant I could not apply user permissions to the files on the NAS. I could not rebuild samba myself and there were no patches from the vendor. NAS can be nice if you want your end user PC's to be able to access files directly from the appliance.And you can use it for backups if you want to rsync data from your servers to it. If you want to add more disk space to a server, SAN is they want to go. The server will see the space on the SAN as a block-type disk device, not a network share. SAN is really most useful when you want to share a disk storage appliance between multiple servers- e.g. 70 % might be to add disk space to one server and 30 % might be for another server. SAN is also useful if you are into fail over and virtualization. Beyond the scope of this discussion. -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Yannick Bergeron Sent: Wednesday, June 16, 2010 7:36 PM To: nasrin...@yahoo.com; samba@lists.samba.org Subject: Re: [Samba] Help to buy a SAN server I'm moderating the samba-technical mailing list. This post is more appropriate on samba@lists.samba.org So I'll just answer on this one and discard the post on samba-technical Hi, I have to linux server and using samba beetwen all win xp and win7 clients. I need to have som SAN box that working az raid 5 and backup. What I find is just supporting windows OS not Linux. Do you have any sugastion? Thanks a lot, Best regards, Nasrin Khatami, nasr...@skarpnack.fhsk.se Don't mix up SAN and NAS, both are 2 different things ;) You are probably talking about a NAS than a SAN What do you mean about just supporting windows and not Linux? If they support SMB/CIFS or any protocol such as FTP, SSH, etc., you'll be able to use them from your Linux _ Learn more ways to connect with your buddies now http://go.microsoft.com/?linkid=9734388 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help to buy a SAN server
I'm moderating the samba-technical mailing list. This post is more appropriate on samba@lists.samba.org So I'll just answer on this one and discard the post on samba-technical Hi, I have to linux server and using samba beetwen all win xp and win7 clients. I need to have som SAN box that working az raid 5 and backup. What I find is just supporting windows OS not Linux. Do you have any sugastion? Thanks a lot, Best regards, Nasrin Khatami, nasr...@skarpnack.fhsk.se Don't mix up SAN and NAS, both are 2 different things ;) You are probably talking about a NAS than a SAN What do you mean about just supporting windows and not Linux? If they support SMB/CIFS or any protocol such as FTP, SSH, etc., you'll be able to use them from your Linux _ Learn more ways to connect with your buddies now http://go.microsoft.com/?linkid=9734388 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help to buy a SAN server
NetGear and Buffalo make lower cost workgroup NAS server. But this isn't really a samba question. You want to decide SAN vs NAS. There is a big range of stuff out there - you may want to talk to a reseller if your company uses one. NetApp is a higher end vendor. EMC and Sun are the big $$$ products. I bought a cheap 1 disk user size NAS appliance from netgear. I had to return it. It was using linux with a version of samba that was not compatible with the version of samba running on my PDC. I was unable to join it to the Samba domain which meant I could not apply user permissions to the files on the NAS. I could not rebuild samba myself and there were no patches from the vendor. NAS can be nice if you want your end user PC's to be able to access files directly from the appliance.And you can use it for backups if you want to rsync data from your servers to it. If you want to add more disk space to a server, SAN is they want to go. The server will see the space on the SAN as a block-type disk device, not a network share. SAN is really most useful when you want to share a disk storage appliance between multiple servers- e.g. 70 % might be to add disk space to one server and 30 % might be for another server. SAN is also useful if you are into fail over and virtualization. Beyond the scope of this discussion. -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Yannick Bergeron Sent: Wednesday, June 16, 2010 7:36 PM To: nasrin...@yahoo.com; samba@lists.samba.org Subject: Re: [Samba] Help to buy a SAN server I'm moderating the samba-technical mailing list. This post is more appropriate on samba@lists.samba.org So I'll just answer on this one and discard the post on samba-technical Hi, I have to linux server and using samba beetwen all win xp and win7 clients. I need to have som SAN box that working az raid 5 and backup. What I find is just supporting windows OS not Linux. Do you have any sugastion? Thanks a lot, Best regards, Nasrin Khatami, nasr...@skarpnack.fhsk.se Don't mix up SAN and NAS, both are 2 different things ;) You are probably talking about a NAS than a SAN What do you mean about just supporting windows and not Linux? If they support SMB/CIFS or any protocol such as FTP, SSH, etc., you'll be able to use them from your Linux _ Learn more ways to connect with your buddies now http://go.microsoft.com/?linkid=9734388 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help to buy a SAN server
NetGear and Buffalo make lower cost workgroup NAS server. But this isn't really a samba question. You want to decide SAN vs NAS. There is a big range of stuff out there - you may want to talk to a reseller if your company uses one. NetApp is a higher end vendor. EMC and Sun are the big $$$ products. I bought a cheap 1 disk user size NAS appliance from netgear. I had to return it. It was using linux with a version of samba that was not compatible with the version of samba running on my PDC. I was unable to join it to the Samba domain which meant I could not apply user permissions to the files on the NAS. I could not rebuild samba myself and there were no patches from the vendor. NAS can be nice if you want your end user PC's to be able to access files directly from the appliance.And you can use it for backups if you want to rsync data from your servers to it. If you want to add more disk space to a server, SAN is they want to go. The server will see the space on the SAN as a block-type disk device, not a network share. SAN is really most useful when you want to share a disk storage appliance between multiple servers- e.g. 70 % might be to add disk space to one server and 30 % might be for another server. SAN is also useful if you are into fail over and virtualization. Beyond the scope of this discussion. -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Yannick Bergeron Sent: Wednesday, June 16, 2010 7:36 PM To: nasrin...@yahoo.com; samba@lists.samba.org Subject: Re: [Samba] Help to buy a SAN server I'm moderating the samba-technical mailing list. This post is more appropriate on samba@lists.samba.org So I'll just answer on this one and discard the post on samba-technical Hi, I have to linux server and using samba beetwen all win xp and win7 clients. I need to have som SAN box that working az raid 5 and backup. What I find is just supporting windows OS not Linux. Do you have any sugastion? Thanks a lot, Best regards, Nasrin Khatami, nasr...@skarpnack.fhsk.se Don't mix up SAN and NAS, both are 2 different things ;) You are probably talking about a NAS than a SAN What do you mean about just supporting windows and not Linux? If they support SMB/CIFS or any protocol such as FTP, SSH, etc., you'll be able to use them from your Linux _ Learn more ways to connect with your buddies now http://go.microsoft.com/?linkid=9734388 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] help installing samba 3.0.37 on solairs 9 server
On 30 March 2010 23:24, gregory.jo...@exeloncorp.com wrote: I am getting these errors running: sh makepkg.sh can anyone help? === root# sh makepkg.sh Distribution base: /var/tmp/samba-3.0.37 Temp install dir: /tmp/samba-3.0.37-build Install directory: /opt/samba mkdir: Failed to make directory /tmp/samba-3.0.37-build; File exists Try: mv /tmp/samba-3.0.37-build{,.old} before running sh makepkg.sh again. Not sure if that will fix the other issues, but the first thing it's complaining about is that it can't create the directory because there's already a file/directory called that. make: Fatal error: Don't know how to make target `install' makepkg.sh: bin/smbd: not found . . . (truncated for easy reading) cp: cannot access nsswitch/libnss_wins.so cp: cannot access nsswitch/libnss_winbind.so makepkg.sh: /tmp/samba-3.0.37-build//smbd: not found makepkg.sh: man: does not exist ## Building pkgmap from package prototype file. ERROR in prototype: no object for sbin/smbd found in root directory no object for sbin/nmbd found in root directory . . . (truncated) . . WARNING: parametric paths may ignore BASEDIR pkgmk: ERROR: unable to build pkgmap from prototype file ## Packaging was not successful. The samba package is in /tmp -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help with Samba 2.28 configuration
On Wed, Mar 10, 2010 at 02:10:14PM -0800, Purnell, Alton J wrote: I'm not sure if anyone will get this note. If you are willing to help me, page me @ 800.247.0493 . I have Samba 2.28 installed and working on 2 Windows Server 2003. I am having trouble getting users authenticated on Samba via the windows server. I have solaris8 on the unix server. I have tried many, many methods. Currently, I trying to configure Samba with a domain setup... still no success Samba 2.2.8 is ancient. Isn't there a way to get something newer? Volker signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help with Samba 2.28 configuration
On 03/11/2010 10:38 AM, Volker Lendecke wrote: On Wed, Mar 10, 2010 at 02:10:14PM -0800, Purnell, Alton J wrote: I'm not sure if anyone will get this note. If you are willing to help me, page me @ 800.247.0493 . I have Samba 2.28 installed and working on 2 Windows Server 2003. I am having trouble getting users authenticated on Samba via the windows server. I have solaris8 on the unix server. I have tried many, many methods. Currently, I trying to configure Samba with a domain setup... still no success Samba 2.2.8 is ancient. Isn't there a way to get something newer? Volker Is one of the Windows servers the PDC? Is it in mixed mode (i.e. will support NT4 servers.) If the domain mode is native 2000/2003 it probably is not going to work. Or are you trying to configure Samba as the PDC? On the samba server, do you see the users with wbinfo -u command? Do you see the users with the getent passwd command? If you see the users with wbinfo -u but not getent passwd verify that /etc/nsswitch.conf has entries for passwd: winbind group: winbind Can you update your machine to Solaris 10? That has a bundled Samba 3.0.x. (But Solaris 10 has some pretty big changes as well that you may want to avoid for now.) Solaris 8 is no longer a supported platform by Sun. You can also download precompiled samba packages from www.sunfreeware.com BUT I don't think it includes the necessary nss winbind files so you may want to recompile anyway. (I would still use GCC from sunfreeware for this.) If samba is the PDC and the only samba server and you aren't setting up domain trusts then you don't need the winbind stuff working anyway. Solaris 10 is available for both sparc and x86- you can use a spare PC as a test machine even if your final platform will be on sparc. Solaris 9 should also be available for download for both platforms- Solaris 9 is pretty similar from the command line to Solaris 8. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help with Samba 2.28 configuration
On Thu, Mar 11, 2010 at 11:05:15AM -0500, Gaiseric Vandal wrote: On 03/11/2010 10:38 AM, Volker Lendecke wrote: On Wed, Mar 10, 2010 at 02:10:14PM -0800, Purnell, Alton J wrote: I'm not sure if anyone will get this note. If you are willing to help me, page me @ 800.247.0493 . I have Samba 2.28 installed and working on 2 Windows Server 2003. I am having trouble getting users authenticated on Samba via the windows server. I have solaris8 on the unix server. I have tried many, many methods. Currently, I trying to configure Samba with a domain setup... still no success Samba 2.2.8 is ancient. Isn't there a way to get something newer? Volker Is one of the Windows servers the PDC? Is it in mixed mode (i.e. will support NT4 servers.) If the domain mode is native 2000/2003 it probably is not going to work. That's a myth. The only thing native mode prohibits is a NT4 Backup Domain Controller. Samba members work in all Windows domain modes, although for example 2.2 won't talk to a default w2k3 dc due to missing SMB signing in 2.2. Volker signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help with Samba 2.28 configuration
On 03/11/2010 11:31 AM, Volker Lendecke wrote: On Thu, Mar 11, 2010 at 11:05:15AM -0500, Gaiseric Vandal wrote: On 03/11/2010 10:38 AM, Volker Lendecke wrote: On Wed, Mar 10, 2010 at 02:10:14PM -0800, Purnell, Alton J wrote: I'm not sure if anyone will get this note. If you are willing to help me, page me @ 800.247.0493 . I have Samba 2.28 installed and working on 2 Windows Server 2003. I am having trouble getting users authenticated on Samba via the windows server. I have solaris8 on the unix server. I have tried many, many methods. Currently, I trying to configure Samba with a domain setup... still no success Samba 2.2.8 is ancient. Isn't there a way to get something newer? Volker Is one of the Windows servers the PDC? Is it in mixed mode (i.e. will support NT4 servers.) If the domain mode is native 2000/2003 it probably is not going to work. That's a myth. The only thing native mode prohibits is a NT4 Backup Domain Controller. Samba members work in all Windows domain modes, although for example 2.2 won't talk to a default w2k3 dc due to missing SMB signing in 2.2. Volker I stand corrected- I have not tried setting up Samba as an Active Directory client and had forgotten about this.However I think would require kerberos configuration on the samba machine- which may open up a whole new set of challenges.(I could never get kerberos to play nice between Solaris and Linux machines, let alone trying to have Samba use it.) Can you set up domain trusts between a Samba Domain (samba PDC) and a Windows domain with a Win 2003 PDC in Native mode?My understanding had been that this was an NT4 domain trust mechanism. I did try setting up a domain trust trust with a Windows 2008 PDC in native 2003 mode - which was did not work. (this may have just been a discrepancy between NTLM versions or other security settings rather than a fundamental incompatibility.) The domain trust between Samba and a Win 2003 PDC in mixed mode did work. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help to fix the remaining problems when migration from windows to a linux print server
Ok, i will answer a few of my own questions cause maybe someone still have those problems, but i would appreciate if someone could lead me to answer the others . On Sat, Jan 23, 2010 at 14:29, Salatiel Filho salatiel.fi...@gmail.com wrote: Hi, i am trying to migrate my print servers from windows to linux , everything is getting really nice but i still face a few problems , and since i don't know if i need help from cups or samba guys i will post to both lists, so maybe someone can give me some help. Well, i have now cups and samba working just fine, i can authenticate my users in cups from Active Directory using winbind and they can print just fine. The remaining problems/doubts are: 1) Is there a way to run cupsaddsmb when security = ads in smb.conf ? No idea yet. I always have to set security = user before running cupsaddsmb or it will fail. 2) Even though my cups printers are configured to DefaultPage = A4, after a cupsaddsmb all windows clients still default to LETTER. What am i doing wrong? Is there a way to mass set all printer queues in windows to use A4 ? Some rpcclient parameter to change this ? I have over 1k queues, so manually change each one in windows GUI is kinda very time consuming. You can use the setprinter command from windows resource kit to mass set all printers to a4. 3) Why do i always get count page = 1 when printing from windows ? I thought since i was using the right PPD for each printer and adobe postscripts + cups drivers exported from cupsaddsmb , page accounting would work, but apparently not. I had cups option = raw in smb.conf , so all jobs would go directly to the printer. This was also impacting printing in my non-postscript printers cause the printer was printing the PS source. Remove that line from smb.conf will fix the page count and printing in non-ps printers. 4) now the critical problem , sometimes when im trying to print a big job, over 400 hundred pages with lots of pictures to a cups class from Word for example , word starts spooling to the samba spool but after it finishes printing the only thing really printed in cups is the BANNER page, the job itself never gets there. Still the same proble, for now i am using the queue in raw mode and using the windows driver. Thanks in advance. -- []'s Salatiel O maior prazer do inteligente é bancar o idiota diante de um idiota que banca o inteligente. -- []'s Salatiel O maior prazer do inteligente é bancar o idiota diante de um idiota que banca o inteligente. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help with samba implementation
If you are doing anything samba related on AIX, I highly suggest that you look at the pware site. http://pware.hvcc.edu/ there are some docs on setting up Bill's pWare compile of samba on AIX here: http://pware.hvcc.edu/documentation.html And you can join the pWare mailing list here: http://lists.hvcc.edu/mailman/listinfo/pware Bill is usually very helpful in getting people's difficulties ironed out, and has the most current, stable versions of samba compiled and working for 6.1. -=Andrew -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help with samba implementation
On Thu, 2010-01-21 at 11:20 -0500, roxane.b.el...@census.gov wrote: I am writing from the US Census Bureau in Washington, DC. There is an immediate need for samba to be implemented on 3 AIX lpars. Attached is the smb.conf file and testparm for dadsp003. Here is the scenario: 3 AIX, 6.1 lpars, dadsp001, dadsp002 and dadsp003. Installed samba 3.0.24 from aix6 cd. Currently installed on dadsp002 and dadsp003. Configured only on dadsp003. That is a *seriously* antique version of Samba, you may have some compatibility issues with newer client OSs. pWare provides much more current versions of Samba for AIX http://pware.hvcc.edu/ Otherwise these is nothing different about setting up Samba on AIX vs. other operating systems. The local networks on all 3 lpars are 192.168.0 and 192.168.1 I have 2 shares configured. The daemons (smdb and nmdb) are running and users can connect to the shares on dadsp003. How do I add/configure the other 2 lpars (dadsp001 and dadsp002) so a user can login to dadsp001 or dadsp002 and have the shares available. We do not use ldap on the AIX servers. I am using smbpasswd to configure users as you will see in the smb.conf.dadsp003 file. You will need to add identical entries to all three smbpasswd (given that you have no network backend for authentication / identification). We have the net use command for dadsp003 working via ssh login from AIX to windows. In addition to any configuration, my guess would be that the same net use command can be changed to point from the correct server. I have no idea if I am asking the right question(s), I'm not sure what from AIX to windows means. but I have to start somewhere. The developers/testers are way behind in their work waiting on the samba configuration. HELP ASAP please. I have read and googled to the point of confusion. Google is not your friend. Avoid all documentation except http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ and http://www.samba.org/samba/docs/man/Samba-Guide/ which really do lay it out step-by-step, especially the Guide. Start with http://www.samba.org/samba/docs/man/Samba-Guide/simple.html. A phone call would be great, but if email is the only way, then I will take what I can get. Do you have the smbd nmbd services running? Do Windows clients see the Samba servers? -- OpenGroupware developer: awill...@whitemice.org http://whitemiceconsulting.blogspot.com/ OpenGroupare Cyrus IMAPd documenation @ http://docs.opengroupware.org/Members/whitemice/wmogag/file_view -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [HELP] SAMBA as PDC for windows.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 21 Jan 2010, Chris_90 wrote: Date: Thu, 21 Jan 2010 05:45:12 -0800 (PST) From: Chris_90 chrischris...@hotmail.com To: samba@lists.samba.org Subject: [Samba] [HELP] SAMBA as PDC for windows. Hi guys, well, reason I'm here is because im stuck, I've tried everything but have come up empty handed every single time, and I really need this security, and fast. I'm not going to pay a few thousand for windows server ... because this can be done with SAMBA. Here goes. I tried to setup samba with defaults, went to (on windows) Control Panel - System - (TAB) Computer Name - Change ... Change domain name to my domain name I setup on samba and I get this error : [code] A domain controler for domain X could not be located. Ensure the domain name is typed correctly. [/code] After that I went to a website and got some other configs and I used them : [code] [global] workgroup = mydomain wins support = yes printing = cups printcap name = cups printcap cache time = 750 cups options = raw map to guest = Bad User include = /etc/samba/dhcp.conf logon path = \%L\profiles\.msprofile logon home = \%L\%U\.9xprofile logon drive = P: domain logons = Yes os level = 65 usershare allow guests = No add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$ domain logons = Yes domain master = Yes local master = Yes os level = 64 preferred master = Yes security = user netbios name = mycomp passdb backend = smbpasswd [/code] But still I get exactly the same error, now I don't know if I need some other things setup with this for it to work, I need some help urgently ... please help ... N.B. On this comp no DHCP or DNS server is setup, for the sole reason that I have no idea how to do it. I would appreciate the help ... and please be very specific as I have about 2 weeks linux experience I use SUSE 11.1. Thanx in advance. Chris. -- View this message in context: http://old.nabble.com/-HELP--SAMBA-as-PDC-for-windows.-tp27257909p27257909.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba You may want to read over some of the docs from samba and others. Also, you need DNS or at least DNS records for your domain controller. Read over the docs below before replying with further questions. Setting up a Domain Controller is not a trivial or quick task. http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-pdc.html http://www.enterprisenetworkingplanet.com/nethub/article.php/10950_1144701_1 - ---Robert Freeman-Day - --- I would really like you to be on my side, but the side you show me isn't what I had in mind. - -Judybats GPG Public Key: http:keyserver.ubuntu.com:11371/pks/lookup?op=getsearch=0xBA9DF9ED3E4C7D36 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAktYyqUACgkQup357T5MfTaDgwCgqUmKHIRzAIX8qhVFj9zc3gaJ skoAnicqDDcKzoM/Ql8SaYFsulAT1Erc =C+O+ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help - Cannot join Windows 7 client to Samba PDC
Make sure that this settings are as follows: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon\Parameters] “RequireSignOrSeal”=dword:0001 “RequireStrongKey”=dword:0001 It helped solve a problem like the one you're having. On Thursday 14 January 2010 09:27:08 Richard Basch wrote: I have been going through all the Wikis and various Google searches to try to solve my problem, all to no avail. I can mount a Samba share, but whenever I try to login using a domain account, I receive an error about The trust relationship between this workstation and the primary domain failed. What I have done so far, all to no avail. - Upgraded from Samba 3.4.2 to Samba 3.4.4 (under OpenSUSE 11.2) - Edited the registry settings on my Windows 7 client HKLM\System\CCS\Services\LanmanWorkstation\Parameters DWORD DomainCompatibilityMode = 1 DWORD DNSNameResolutionRequired = 0 (I also tried reducing the security requirements for signing encryption, but have read this is not required with current versions of Samba.) (And, I am running Windows 7 Professional on my client.) testparm -v indicates my smb.conf is valid, and I am able to mount shares, which is a positive indication the OpenLDAP integration is working. I am running OpenLDAP 2.4.15 or higher on all my LDAP servers (I think they are all 2.4.19 - 2.4.21). DNS is static, with none of the normal ADS entries. Only the DHCP server is allowed to modify DNS (and only the forward map allows updates, since DHCP updates of the reverse in-addr.arpa maps were problematic). To assist with finding the domain controller, I added the following to C:\Windows\System32\Drivers\etc\lmhosts: 192.168.15.2tardis #PRE #DOM:N2HA (Thus my attempts to join the domain appear successful, with the documented warnings about the domain suffix. Unfortunately, appearances are deceiving when I actually try to login using a domain account.) Attached are entries from my smbd.log and C:\Windows\debug\NetSetup.log and smb.conf. Any assistance or guidance would be greatly appreciated. log.smbd [2010/01/14 03:31:38, 0] rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client BAST machine account BAST$ [2010/01/14 03:31:38, 0] rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client BAST machine account BAST$ [2010/01/14 03:31:48, 0] lib/util_sock.c:539(read_fd_with_timeout) [2010/01/14 03:31:48, 0] lib/util_sock.c:1491(get_peer_addr_internal) getpeername failed. Error was Transport endpoint is not connected read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer. [2010/01/14 03:33:17, 0] rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client BAST machine account BAST$ [2010/01/14 03:33:17, 0] rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client BAST machine account BAST$ [2010/01/14 03:33:30, 0] lib/util_sock.c:539(read_fd_with_timeout) [2010/01/14 03:33:30, 0] lib/util_sock.c:1491(get_peer_addr_internal) getpeername failed. Error was Transport endpoint is not connected read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer. [2010/01/14 03:34:18, 0] lib/util_sock.c:539(read_fd_with_timeout) [2010/01/14 03:34:18, 0] lib/util_sock.c:1491(get_peer_addr_internal) getpeername failed. Error was Transport endpoint is not connected read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer. C:\Windows\debug\NetSetup.log = 01/13/2010 23:36:18:337 NetpJoinDomain: status of connecting to dc '\\TARDIS': 0x0 01/13/2010 23:36:18:337 NetpProvisionComputerAccount: 01/13/2010 23:36:18:337 lpDomain: N2HA 01/13/2010 23:36:18:337 lpMachineName: BAST 01/13/2010 23:36:18:337 lpMachineAccountOU: (NULL) 01/13/2010 23:36:18:337 lpDcName: TARDIS 01/13/2010 23:36:18:337 lpDnsHostName: (NULL) 01/13/2010 23:36:18:337 lpMachinePassword: (null) 01/13/2010 23:36:18:337 lpAccount: N2HA\ntadmin 01/13/2010 23:36:18:337 lpPassword: (non-null) 01/13/2010 23:36:18:337 dwJoinOptions: 0x25 01/13/2010 23:36:18:337 dwOptions: 0x4003 01/13/2010 23:36:18:352 NetpLdapBind: ldap_bind failed on TARDIS: 49: Invalid Credentials 01/13/2010 23:36:18:426 NetpGetLsaPrimaryDomain: DNS Domain policy not supported, falling back to Primary Domain 01/13/2010 23:36:18:430 NetpGetLsaPrimaryDomain: status: 0x0 01/13/2010 23:36:18:432 NetpCreateComputerObjectInDs: DC passed '\\TARDIS' doesn't have writable DS 0x101 01/13/2010