[Samba] limit login
Hello, in first sorry for my poor english i'm looking for a solution to limit the login of a user . i mean when a user is already loged on one machine, it's not possible for him to log twice on an other machine at the same time. is there a way to do that ?? thank you for your answers -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] limit login
Hi! On Wed, Sep 05, 2007 at 11:08:31AM +0200, Pascal Legrand wrote: > i'm looking for a solution to limit the login of a user . > > i mean when a user is already loged on one machine, it's not possible > for him to log twice on an other machine at the same time. > > > is there a way to do that ?? As discussed on irc: I've once written these logon_once patches which don't apply cleanly anymore. There hasn't been much interest at that time, so it has not been applied upstream. You are one now, anybody else? Volker pgpaLhfOCgqPX.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] ERROR: failed to setup guest info [3.0.23c]
Hi, Trying to setup Samba to use an LDAP backend. I'm also using it with NSS which is working fine for all the unix related stuff (i.e. i can finger accounts etc). When i start samba i get the following error: Sep 5 19:42:57 staging1 nmbd[30805]: [2007/09/05 19:42:57, 0] nmbd/nmbd.c:terminate(58) Sep 5 19:42:57 staging1 nmbd[30805]: Got SIGTERM: going down... Sep 5 19:42:57 staging1 smbd[31035]: [2007/09/05 19:42:57, 0] services/services_db.c:svcctl_init_keys(420) Sep 5 19:42:57 staging1 smbd[31035]: init_services_keys: key lookup failed! (WERR_ACCESS_DENIED) Sep 5 19:42:57 staging1 smbd[31035]: [2007/09/05 19:42:57, 0] smbd/server.c:main(960) Sep 5 19:42:57 staging1 smbd[31035]: ERROR: failed to setup guest info. Here is the config i'm using: #/usr/local/etc/smb.conf #=== Global Settings = [global] log level = 5 workgroup = foo server string = foo Server security = user # passdb backend = tdbsam passdb backend = ldapsam:ldap://localhost ldap suffix = ou=windows,dc=foointernet,dc=com ldap user suffix = ou=users ldap group suffix = ou=groups # change password with 'smbpasswd -w ' ldap admin dn = cn=Manager,dc=foointernet,dc=com load printers = yes log file = /var/log/samba/log.%m max log size = 5000 dns proxy = no store dos attributes = yes nt acl support = yes inherit acls = yes map acl inherit = yes obey pam restrictions = Yes ldapsam:trusted = Yes [tmp] comment = Temporary file space path = /tmp read only = no public = yes Had almost exactly the same setup working with 3.0.10-1.4E.1 with no problems. Any and all help appreciated! --N -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] limit login
On Wed, Sep 05, 2007 at 11:46:39AM +0200, Volker Lendecke wrote: > Hi! > > On Wed, Sep 05, 2007 at 11:08:31AM +0200, Pascal Legrand wrote: > > > i'm looking for a solution to limit the login of a user . > > > > i mean when a user is already loged on one machine, it's not possible > > for him to log twice on an other machine at the same time. > > > > > > is there a way to do that ?? > > As discussed on irc: I've once written these logon_once > patches which don't apply cleanly anymore. There hasn't been > much interest at that time, so it has not been applied > upstream. You are one now, anybody else? Yes, please. This would be incredibly useful in my current situation, to prevent school children logging in multiple times. Dan -- Daniel Bye PGP Key: http://www.slightlystrange.org/pgpkey-dan.asc PGP Key fingerprint: D349 B109 0EB8 2554 4D75 B79A 8B17 F97C 1622 166A pgp2V3iT5NCC9.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] tru64 unix make command problem
Jeff, There have been a lot of discussions about slowness when windows PCs are accessing Samba shares 9using Word, Excel, etc...). I have some clients now experiencing this problem every now and then. Have there been any specific updates to remedy this situation? Following the links, I cannot see one happy resolution. Would you please advise? Thank you. Aaron Rantes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbd starting up as non-root user
Hi all, FreeBSD 6.2-RELEASE-p7, with standard port-built Samba 3.0.25a. Samba is running as a PDC, serving a small LAN of about 20 XP Pro hosts. Permissions on the [profiles] share are 0700, root:wheel owned, with each user's profile being owned by the user's UNIX user:wheel and with 0700 permissions. [homes] is fairly standard - I have left home dir ownership and permissions as FreeBSD's pw command creates them. My users have their own primary groups named for their UNIX account, and are all members of the ntusers local group, which is mapped to "Domain Users". I created a couple of new accounts yesterday, which cannot access their profiles. Pre-existing, functional accounts work as expected - a new smbd is spawned running as root, and correctly load the user's profile. However, with these new accounts, smbd is spawned as nobody, then as the connecting user's UNIX name, so is unable to read the profiles due to permissions. As far as I can tell, there is no difference in the way I created any of these accounts, the well- or the ill-behaved. What might I be missing? As a workaround, I have just loosened the permissions on the profiles share to 755, and the problem goes away. However, I would really like to go back to the tighter restrictions, as this is a school environment and I am paranoid of the little dears fiddling and breaking things! Thanks for your time and any insights. Apart from this, I have found Samba to be an absolute pleasure to work with! Dan -- Daniel Bye PGP Key: http://www.slightlystrange.org/pgpkey-dan.asc PGP Key fingerprint: D349 B109 0EB8 2554 4D75 B79A 8B17 F97C 1622 166A pgp5CDKS9ok2P.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] limit login
> > i'm looking for a solution to limit the login of a user . > > i mean when a user is already loged on one machine, it's not possible > > for him to log twice on an other machine at the same time. > > is there a way to do that ?? > As discussed on irc: I've once written these logon_once > patches which don't apply cleanly anymore. There hasn't been > much interest at that time, so it has not been applied > upstream. You are one now, anybody else? Absolutely, yes. I've wanted this at several sites for a long time. -- Adam Tauno Williams, Network & Systems Administrator Consultant - http://www.whitemiceconsulting.com Developer - http://www.opengroupware.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] limit login
Message original > i'm looking for a solution to limit the login of a user . > i mean when a user is already loged on one machine, it's not possible > for him to log twice on an other machine at the same time. > is there a way to do that ?? As discussed on irc: I've once written these logon_once patches which don't apply cleanly anymore. There hasn't been much interest at that time, so it has not been applied upstream. You are one now, anybody else? Absolutely, yes. I've wanted this at several sites for a long time. we are two now !! ;-) -- --- Pascal Legrand *IUT de Chartres* - _Service Informatique_ --- 1, place Roger Joly 28000 Chartres Tel : 02 37 91 83 36 - Fax: 02 37 91 83 01 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re-2: [Samba] limit login
yes please this would fix problems with have with user loggin on at one end of the site then at the other later. Original Message Subject: Re: [Samba] limit login (05-Sep-2007 10:52) From:[EMAIL PROTECTED] To: [EMAIL PROTECTED] > Hi! > > On Wed, Sep 05, 2007 at 11:08:31AM +0200, Pascal Legrand wrote: > > > i'm looking for a solution to limit the login of a user . > > > > i mean when a user is already loged on one machine, it's not possible > > for him to log twice on an other machine at the same time. > > > > > > is there a way to do that ?? > > As discussed on irc: I've once written these logon_once > patches which don't apply cleanly anymore. There hasn't been > much interest at that time, so it has not been applied > upstream. You are one now, anybody else? > > Volker > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > > To: [EMAIL PROTECTED] > Cc: samba@lists.samba.org > [EMAIL PROTECTED] Cc: samba@lists.samba.org [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] limit login
Hallo, Volker, Du (Volker.Lendecke) meintest am 05.09.07: >> i'm looking for a solution to limit the login of a user . > As discussed on irc: I've once written these logon_once > patches which don't apply cleanly anymore. There hasn't been > much interest at that time, so it has not been applied > upstream. You are one now, anybody else? Interesse! In schools many colleagues may want this option (switchable ...). John Doe, pupillimited to 1 login Ken Plato, teacher many logins student, pupil many logins Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: Re-2: [Samba] limit login
On Wed, Sep 05, 2007 at 12:14:25PM +, [EMAIL PROTECTED] wrote: > yes please this would fix problems with have with user > loggin on at one end of the site then at the other later. Just to make sure: You are aware that once someone has logged in an administrator has to reset that account. This is *NOT* automatic if the user logs out from his first workstation. That functionality is impossible to achieve for us, Windows does not tell us when the user logs out. Volker pgpWy6qrFJgqu.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: Re-2: [Samba] limit login
Hallo, Volker, Du (Volker.Lendecke) meintest am 05.09.07: >> yes please this would fix problems with have with user >> loggin on at one end of the site then at the other later. > Just to make sure: > You are aware that once someone has logged in an > administrator has to reset that account. This is *NOT* > automatic if the user logs out from his first > workstation. That functionality is impossible to achieve for > us, Windows does not tell us when the user logs out. Can a "postexec" line help? Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: Re-2: [Samba] limit login
On Wed, Sep 05, 2007 at 02:38:00PM +0200, Helmut Hullen wrote: > > You are aware that once someone has logged in an > > administrator has to reset that account. This is *NOT* > > automatic if the user logs out from his first > > workstation. That functionality is impossible to achieve for > > us, Windows does not tell us when the user logs out. > > Can a "postexec" line help? No. Volker pgp50z3m9eLVM.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re-4: [Samba] limit login
could it be possible to code in a time out. so I can set say user kirsty can login once in a 24 or 12 hour period. Original Message Subject: Re: Re-2: [Samba] limit login (05-Sep-2007 14:17) From:[EMAIL PROTECTED] To: [EMAIL PROTECTED] > On Wed, Sep 05, 2007 at 02:38:00PM +0200, Helmut Hullen wrote: > > > You are aware that once someone has logged in an > > > administrator has to reset that account. This is *NOT* > > > automatic if the user logs out from his first > > > workstation. That functionality is impossible to achieve for > > > us, Windows does not tell us when the user logs out. > > > > Can a "postexec" line help? > > No. > > Volker > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > > To: [EMAIL PROTECTED] > Cc: samba@lists.samba.org To: [EMAIL PROTECTED] Cc: samba@lists.samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: Re-4: [Samba] limit login
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 If this is for students at a university or school, I don't recommend it. Students move around all the time, even during one visit to the lab. If I log off, I expect to be able to log back on (flaky keyboard at a computer, want to sit near a friend, etc). I think there currently IS a timeout of some kind, but I'm not sure how long it is. [EMAIL PROTECTED] wrote: > could it be possible to code in a time out. > so I can set say > > user kirsty can login once in a 24 or 12 hour period. > > Original Message > Subject: Re: Re-2: [Samba] limit login (05-Sep-2007 14:17) > From:[EMAIL PROTECTED] > To: [EMAIL PROTECTED] > >> On Wed, Sep 05, 2007 at 02:38:00PM +0200, Helmut Hullen wrote: You are aware that once someone has logged in an administrator has to reset that account. This is *NOT* automatic if the user logs out from his first workstation. That functionality is impossible to achieve for us, Windows does not tell us when the user logs out. >>> Can a "postexec" line help? >> No. >> >> Volker >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/listinfo/samba >> >> To: [EMAIL PROTECTED] >> Cc: samba@lists.samba.org > > > To: [EMAIL PROTECTED] > Cc: samba@lists.samba.org > - -- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Systems Programmer II |$&| |__| | | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG3rNbmb+gadEcsb4RAtQGAJ9JkGvs77qphcrOQbJvnzyGQI1DHACg2YN0 R8lmUJVIF+j+4a1n9ytiKmM= =Y+3d -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: Re-4: [Samba] limit login
On Wednesday 05 September 2007, [EMAIL PROTECTED] wrote: > could it be possible to code in a time out. > so I can set say > > user kirsty can login once in a 24 or 12 hour period. Maybe some sort of hack where upon login you set the allowed workstations (net sam set workstaions, for tdbsam) for the user to only the current workstation. Then if there's no way to see a logout you could still reset the allowed workstation list with a cron job every x number of hours. -- Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbd starting up as non-root user
On Wed, Sep 05, 2007 at 09:16:47AM +0100, Daniel Bye wrote: > Hi all, > > FreeBSD 6.2-RELEASE-p7, with standard port-built Samba 3.0.25a. > > Samba is running as a PDC, serving a small LAN of about 20 XP Pro hosts. Sorted - down to group memberships in FreeBSD. Sorry for the noise, everyone. It was a pebcak kind of a day... Cheers, Dan -- Daniel Bye PGP Key: http://www.slightlystrange.org/pgpkey-dan.asc PGP Key fingerprint: D349 B109 0EB8 2554 4D75 B79A 8B17 F97C 1622 166A pgpz5VoC8uXBO.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] NT_STATUS_PIPE_DISCONNECTED
Today ... After days working i get this message in rpc_client/cli_pipe.c:rpc_api_pipe(790) rpc_api_pipe: Remote machine SDAUTENTICA pipe \NETLOGON fnum 0xc00ereturned critical error. Error was NT_STATUS_PIPE_DISCONNECTED -- Att. Lutieri G. B. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] NT_STATUS_PIPE_DISCONNECTED
After few days working smoothly today i get this message in log.wb-MYDOMAIN: rpc_client/cli_pipe.c:rpc_api_pipe(790) rpc_api_pipe: Remote machine MYPDCBOX pipe \NETLOGON fnum 0xc00ereturned critical error. Error was NT_STATUS_PIPE_DISCONNECTED I cannot find any help in mailing lists and google. anyone knows what is this?! regards! -- Att. Lutieri G. B. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: NT_STATUS_PIPE_DISCONNECTED
my samba version #smbd -V Version 3.0.25a # uname -a FreeBSD sd.xyz.com.br 6.2-STABLE FreeBSD 6.2-STABLE #0: Wed Aug 29 10:26:18 BRT 2007 [EMAIL PROTECTED]:/usr/src/sys/amd64/compile/LGB amd64 2007/9/5, Lutieri G. <[EMAIL PROTECTED]>: > After few days working smoothly today i get this message in log.wb-MYDOMAIN: > > rpc_client/cli_pipe.c:rpc_api_pipe(790) > rpc_api_pipe: Remote machine MYPDCBOX pipe \NETLOGON fnum > 0xc00ereturned critical error. Error was NT_STATUS_PIPE_DISCONNECTED > > I cannot find any help in mailing lists and google. > > anyone knows what is this?! > > > regards! > > > -- > Att. > Lutieri G. B. > -- Att. Lutieri G. B. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] (no subject)
Hi all, On my Suse 9.3 prof. server I had two NIC’s: Eth0 IP 192.168.1.1 Eth1 IP 192.168.2.1 Now I added new NIC (eth2) Eth0 IP 192.168.1.1 Eth1 IP 192.168.2.1 Eth2 IP 192.168.1.2 Now I erased eth0 config and turned off this NIC in motherboard bios Eth1 IP 192.168.2.1 Eth2 IP 192.168.1.2 I renamed eth2 to eth0 Eth1 IP 192.168.2.1 Eth0 IP 192.168.1.2 And, finally I changed IP of eth0 Eth1 IP 192.168.2.1 Eth0 IP 192.168.1.1 So, now I have same setup as I had before but with new NIC at place. Swat is working as it should, but when I press “status” button in swat, smbd and nmbd are shown as not started, but my samba works well. Anyway, in /var/log/samba/log.swat when I press “status” button I have: [2006/03/29 08:34:16, 2] lib/util_sock.c:open_socket_out(789) error connecting to 192.168.1.2:445 (No route to host) [2006/03/29 08:34:19, 2] lib/util_sock.c:open_socket_out(789) error connecting to 192.168.1.2:139 (No route to host) [2006/03/29 08:34:19, 1] libsmb/cliconnect.c:cli_connect(1326) Error connecting to 192.168.1.2 (No route to host) [2006/03/29 08:34:22, 2] lib/util_sock.c:open_socket_out(789) error connecting to 192.168.1.2:445 (No route to host) [2006/03/29 08:34:25, 2] lib/util_sock.c:open_socket_out(789) error connecting to 192.168.1.2:139 (No route to host) [2006/03/29 08:34:25, 1] libsmb/cliconnect.c:cli_connect(1326) Error connecting to 192.168.1.2 (No route to host) [2006/03/29 08:34:25, 0] libsmb/nmblib.c:send_udp(790) Packet send failed to 192.168.1.2(137) ERRNO=Invalid argument [2006/03/29 08:34:25, 0] libsmb/nmblib.c:send_udp(790) Packet send failed to 192.168.1.2(137) ERRNO=Invalid argument As you can see, swat is somehow using IP 192.168.1.2 that is not in use now, instead of 192.168.1.1 of 192.168.2.1. server:/var/log/samba # ifconfig eth0 Link encap:Ethernet HWaddr 00:11:95:5F:F2:6F inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::211:95ff:fe5f:f26f/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:649842 errors:0 dropped:0 overruns:0 frame:0 TX packets:771539 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:153367849 (146.2 Mb) TX bytes:431793577 (411.7 Mb) Interrupt:185 Base address:0x4000 eth1 Link encap:Ethernet HWaddr 00:11:95:5F:F2:72 inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0 inet6 addr: fe80::211:95ff:fe5f:f272/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:5168465 errors:0 dropped:0 overruns:0 frame:0 TX packets:6542625 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:961455736 (916.9 Mb) TX bytes:5116440423 (4879.4 Mb) Interrupt:217 Base address:0x6000 loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:225478 errors:0 dropped:0 overruns:0 frame:0 TX packets:225478 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:75038623 (71.5 Mb) TX bytes:75038623 (71.5 Mb) server:/var/log/samba # route Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 192.168.2.0 * 255.255.255.0 U 0 00 eth1 192.168.1.0 * 255.255.255.0 U 0 00 eth0 loopback* 255.0.0.0 U 0 00 lo server:/var/log/samba # I can’t figure out where this 192.168.1.2 is written? Zoran -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] (no subject)
Hi; I just installed Fedora 2.6.20, using FC-6-i386-disc1.iso -- disc5.iso. It included Samba 3.0.24. When I view a Fedora folder, /lantik/data, from a Win 2003 Small Business Server, My Network Places\ …\Samba Server (Fedora)\lantik\data only 4 of 9 files are listed. >From the KDE file manager I can see that 8 files belong to user ‘harry’ & group ‘harry’, while the 9th belongs to ‘root’ & is one of the files displayed. All 9 files have the same permissions –rw-rw-rw-. The displayed files have either ‘txt’ or ‘dbf’ as their extensions. The files that aren’t displayed range from 752 bytes to 3.8KB, are all dbfs, and have combinations of upper & lower case characters and numbers in their names. I’ve checked the share properties for the data folder, even More Samba Options – which I haven’t changed – but can’t see anything that would cause the list to be filtered. I am a newbie to Linux & Samba, but have been playing with other OS’s for a long time. Any assistance would be appreciated. Harry Internal Virus Database is out-of-date. Checked by AVG Free Edition. Version: 7.5.472 / Virus Database: 269.10.1/889 - Release Date: 06/07/2007 8:00 PM -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problems joining machine to domain
Our Samba server was recently the recipient of a major upgrade. I thought all the kinks were worked out, but apparently not. I think this is the first time I've tried to join a machine account to the domain since the upgrade. I've tried using smbldap-tools and also just using smbpasswd (I have my users in LDAP). I'll also say that 'net join' works just fine from my Samba domain members to my Samba domain master. First, the preliminaries: OS: Ubuntu 7.04 Server Samba Version: 3.0.24 Smbldap-tools Version: 0.9.2 Passdb Backend: LDAP (openLDAP) Anyway, when I try to join to the domain using smbldap-tools, here is my script in smb.conf: add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u" If I run that by hand, as root, it adds the posixAccount but not the sambaSamAccount. On the Windows system I get an error like "No such user". In the Samba logs, I see an error like this: [2007/09/05 13:24:55, 3] passdb/pdb_interface.c:pdb_default_create_user(368) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -t 0 -w "xptommy$"' gave 0 [2007/09/05 13:24:55, 3] passdb/pdb_interface.c:pdb_default_create_user(384) pdb_default_create_user: failed to create a new user structure: NT_STATUS_NO_SUCH_USER Just to be sure I had the privileges right: net rpc rights grant "CORP\Domain Admins" SeMachineAccountPrivilege I am joining domains as 'root', who is a member of the Domain Admins group: memberUid: root,misty,carl Obviously smbldap-tools is set up at least somewhat correctly, because it is creating the posixAccount. I re-ran 'smbpasswd -W' just to be sure that Samba could bind to the LDAP server. I also tried using the username 'misty' to join the domain. Same results every time. Any idea what I can try next, apart from simply adding the sambaSamAccount objectclass by hand? Misty Stanley-Jones System Administrator -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems joining machine to domain
Misty Stanley-Jones escreveu:
Our Samba server was recently the recipient of a major upgrade. I thought
all the kinks were worked out, but apparently not.
I think this is the first time I've tried to join a machine account to the
domain since the upgrade. I've tried using smbldap-tools and also just
using smbpasswd (I have my users in LDAP). I'll also say that 'net join'
works just fine from my Samba domain members to my Samba domain master.
First, the preliminaries:
OS: Ubuntu 7.04 Server
Samba Version: 3.0.24
Smbldap-tools Version: 0.9.2
Passdb Backend: LDAP (openLDAP)
Anyway, when I try to join to the domain using smbldap-tools, here is my
script in smb.conf:
add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
Can you explain to me what "-t" means and where did you got it from?
If I run that by hand, as root, it adds the posixAccount but not the
sambaSamAccount. On the Windows system I get an error like "No such user".
In the Samba logs, I see an error like this:
[2007/09/05 13:24:55, 3] passdb/pdb_interface.c:pdb_default_create_user(368)
_samr_create_user: Running the command `/usr/sbin/smbldap-useradd -t 0 -w
"xptommy$"' gave 0
[2007/09/05 13:24:55, 3] passdb/pdb_interface.c:pdb_default_create_user(384)
pdb_default_create_user: failed to create a new user structure:
NT_STATUS_NO_SUCH_USER
Just to be sure I had the privileges right:
net rpc rights grant "CORP\Domain Admins" SeMachineAccountPrivilege
I am joining domains as 'root', who is a member of the Domain Admins group:
memberUid: root,misty,carl
Obviously smbldap-tools is set up at least somewhat correctly, because it is
creating the posixAccount. I re-ran 'smbpasswd -W' just to be sure that
Samba could bind to the LDAP server. I also tried using the username
'misty' to join the domain. Same results every time.
Any idea what I can try next, apart from simply adding the sambaSamAccount
objectclass by hand?
Misty Stanley-Jones
System Administrator
Have you configured NSS properly ("getent passwd" show your machine
accounts from LDAP)? Any chance that you are using nscd and winbind?
Regards.
Edmundo Valle Neto
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Problems joining machine to domain
>
> Anyway, when I try to join to the domain using smbldap-tools, here is
> my script in smb.conf:
> add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
>
Can you explain to me what "-t" means and where did you got it from?
-ttime. Wait 'time' seconds before exiting (when adding Windows
Workstation)
I copied it from the config before the upgrade, where it worked. I took out
the -t 0 just to test, and I get the same result.
> If I run that by hand, as root, it adds the posixAccount but not the
> sambaSamAccount. On the Windows system I get an error like "No such
user".
> In the Samba logs, I see an error like this:
>
> [2007/09/05 13:24:55, 3]
passdb/pdb_interface.c:pdb_default_create_user(368)
> _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -t
> 0 -w "xptommy$"' gave 0
> [2007/09/05 13:24:55, 3]
passdb/pdb_interface.c:pdb_default_create_user(384)
> pdb_default_create_user: failed to create a new user structure:
> NT_STATUS_NO_SUCH_USER
>
> Just to be sure I had the privileges right:
> net rpc rights grant "CORP\Domain Admins" SeMachineAccountPrivilege
>
> I am joining domains as 'root', who is a member of the Domain Admins
group:
> memberUid: root,misty,carl
>
> Obviously smbldap-tools is set up at least somewhat correctly, because
> it is creating the posixAccount. I re-ran 'smbpasswd -W' just to be
> sure that Samba could bind to the LDAP server. I also tried using the
> username 'misty' to join the domain. Same results every time.
>
> Any idea what I can try next, apart from simply adding the
> sambaSamAccount objectclass by hand?
>
>
> Misty Stanley-Jones
> System Administrator
Have you configured NSS properly ("getent passwd" show your machine accounts
from LDAP)? Any chance that you are using nscd and winbind?
Nss is configured just fine. The getent command works just fine, both for
'root' and for 'misty'. Should I be able to getent my machine accounts?
Hmm, I think I should.
OK, I had been specifying the base for users and groups in the nss
configuration file. I took that off so it would search the whole tree.
Lets test...
Yep, that was it! You must not specify nss_base_passwd (in
/etc/libnss-ldap.conf on my system) if your users and computers are in
different sections of the LDAP tree. It makes sense now that I think about
it. The downside is that the entire LDAP tree will be searched for users
every time nss is used. I think I will definitely start using nscd
post-haste.
Any ideas on a better way to do this?
Misty
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Remote EFS share mounting
Hi all, I have a system/process in place where I mount remote shares(with EFS) on windows boxes from Linux servers and rsync data to them. The Windows machines now are windows 2000 pro and I need to migrate them to Windows XP or even Vista later in the future. The Windows 2000 Pro machines which work are set up like so: Local folder path: c:\datashare Share:\\machinename\share$ AD domain: 2003 ->ACL on folder: local admins -FULL | system -FULL |service account -FULL | User account -READ >Share ACL: Everyone FULL --->EFS is setup like so: logon with service account, and set EFS on folder, backup CERT and import CERT to users account. This all works perfect in windows 2000, but in windows XP Microsoft tightened up EFS in addition to above you have to: set "trusted for delagation" on both the user and computer account at the domain level. I found this artical and many others Like it would give the Hex codes to downgrade the Symetrical crypto: http://support.microsoft.com/kb/329741 and also tryed the system Policys and forced: (use FIPS crypto) I am mounting with mount.cifs like so: mount -t cifs //machinename/share /home/Nex6/winmount -o username=accountnamehere I am greatly suspecting it is the "trusted for delagation" requirements for EFS remote sharing: here is a the EFS docs: http://technet.microsoft.com/en-us/library/bb457116.aspx got this section: Remote EFS Operations in a File Share Environment Does anyone have any insight into this? Thanks -Nex6 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems joining machine to domain
Misty Stanley-Jones escreveu:
Anyway, when I try to join to the domain using smbldap-tools, here is
my script in smb.conf:
add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
Can you explain to me what "-t" means and where did you got it from?
-ttime. Wait 'time' seconds before exiting (when adding Windows
Workstation)
I copied it from the config before the upgrade, where it worked. I took out
the -t 0 just to test, and I get the same result.
Yes I saw that it doesn't gave any error as the logs says that this line
"gave 0", my doubt was if is really accepted or make any difference.
Does your smbldap-useradd accepts a "-t" ?
If I run that by hand, as root, it adds the posixAccount but not the
sambaSamAccount. On the Windows system I get an error like "No such
user".
In the Samba logs, I see an error like this:
[2007/09/05 13:24:55, 3]
passdb/pdb_interface.c:pdb_default_create_user(368)
_samr_create_user: Running the command `/usr/sbin/smbldap-useradd -t
0 -w "xptommy$"' gave 0
[2007/09/05 13:24:55, 3]
passdb/pdb_interface.c:pdb_default_create_user(384)
pdb_default_create_user: failed to create a new user structure:
NT_STATUS_NO_SUCH_USER
Just to be sure I had the privileges right:
net rpc rights grant "CORP\Domain Admins" SeMachineAccountPrivilege
I am joining domains as 'root', who is a member of the Domain Admins
group:
memberUid: root,misty,carl
Obviously smbldap-tools is set up at least somewhat correctly, because
it is creating the posixAccount. I re-ran 'smbpasswd -W' just to be
sure that Samba could bind to the LDAP server. I also tried using the
username 'misty' to join the domain. Same results every time.
Any idea what I can try next, apart from simply adding the
sambaSamAccount objectclass by hand?
Misty Stanley-Jones
System Administrator
Have you configured NSS properly ("getent passwd" show your machine accounts
from LDAP)? Any chance that you are using nscd and winbind?
Nss is configured just fine. The getent command works just fine, both for
'root' and for 'misty'. Should I be able to getent my machine accounts?
Hmm, I think I should.
OK, I had been specifying the base for users and groups in the nss
configuration file. I took that off so it would search the whole tree.
Lets test...
Yep, that was it! You must not specify nss_base_passwd (in
/etc/libnss-ldap.conf on my system) if your users and computers are in
different sections of the LDAP tree. It makes sense now that I think about
it. The downside is that the entire LDAP tree will be searched for users
every time nss is used. I think I will definitely start using nscd
post-haste.
Any ideas on a better way to do this?
Misty
I never really bothered about that. The only thing I can do is say that
the documentation shows that in [1], it says it can be put everything
together, separate searching the whole tree, separate searching with a
sub scope or separate with two options that would make the subtrees be
searched in sequence.
1. http://us1.samba.org/samba/docs/man/Samba-Guide/happy.html#id336060
Regards.
Edmundo Valle Neto
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems joining machine to domain
(...) Yes I saw that it doesn't gave any error as the logs says that this line "gave 0", my doubt was if is really accepted or make any difference. Does your smbldap-useradd accepts a "-t" ? Yes, sorry. I didn't found it in the idealx documentation but I downloaded the Ubuntu Feisty package and it really have that option. (...) Regards. Edmundo Valle Neto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba ADS join dropping after reboot?
Hi all, I've been searching around and asking in IRC to no avail to solve this problem, and I don't know how to go about fixing it. I recently finally got my Ubuntu 7.04 computer joined to a Windows 2k3 server via samba/winbind/kerberos, mainly with the assistance of SADMS. I've also got PAM set up to authenticate users. It works great - I can issue a net ads join -U:Adminstrator and it'll go through successfully, and afterwards I can log out, or issue a login prompt, and login as an ADS domain user. That part all works just fine, and things are great when I'm joined to the domain. But if I reboot, my machine drops the domain membership, and so I can't login as a domain user with PAM (presumably because I'm not joined to the domain). If I log in as a local user and re-join the domain, things work just fine. What do I need to do to get my machine to either stay joined to the domain, or at least join on start up? Is there anything I'm missing? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] NT_STATUS_ACCESS_DENIED making remote directory
Vital Stats - AMD 64-bit CPU, Ubuntu 7.0.4 (Feisty Fawn), Samba 3.0.24, Win2003 AD Domain If I've left anything out, please feel free to ask. This *was* working yesterday until my Kerberos ticket expired. (growl) Anyway, now that Kerberos appears to be working again, all of my users still only have read access - no write access. The "temp" test works fine. Exactly as expected - full access. Nothing should have changed in the last 24 hours on the AD side so I'm not sure why all of a sudden I'm getting read only access for my user shares. Samba & the authentication seems to be working. I get sensible and complete results when I do a wbinfo -u and -g. When I try mapping the share and doing stuff from the actual Ubuntu server, I see that no user is allowed write access to their own home directory. I was hoping that one of you folk might have some insight. [global] workgroup = COX realm = ELCSB.NET server string = bakserve2 security = DOMAIN log level = 3 log file = /var/log/samba/%m max log size = 50 printcap name = cups disable spoolss = Yes show add printer wizard = No os level = 33 preferred master = No local master = No domain master = No wins server = 129.119.81.20 idmap uid = 1-2 idmap gid = 1-2 template shell = /bin/bash winbind cache time = 10 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes [homes] comment = Home Directories path = /home/%U user = %U valid users = COX\%S read only = No create mask = 0770 directory mask = 0770 writeable = Yes browseable = Yes [temp] comment = Temp Test path = /tmp writeable = Yes browseable = Yes read only = No Thanks, Ms. Jimi Thompson, CISSP Manager of Web Operations SMU Cox School of Business "Contemplate the mangled bodies of your countrymen and then ask yourself, What should be the reward of such sacrifices... If ye love wealth better than freedom, the tranquility of servitude than the animating contest of freedom, go from us in peace. We ask not your counsels or arms. Crouch down and lick the hands that feed you. May your chains sit lightly upon you, and may posterity forget that ye were our countrymen." - Samuel Adams This from our founding fathers. I wonder what they'd think of the Patriot Act & the Emergency Powers Act. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind and LDAP
I've been having a miserable time trying to get Winbind working. All of the literature I've found seems to indicate it "just works" - which I'd love - but it hasn't gone that way for me. Because I'm already using LDAP, it seemed to make sense to use the LDAP support for Winbind. But Winbind continues to give errors and generally be unhappy. Besides using the current schema, and setting the idmap parameters in smb.conf - is there another magic trick to getting it to work? -- Daniel A spam trap for your crawler pleasure: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
