Il 12/04/2012 11:57, Jonathan Buzzard ha scritto:
Sorry to reopen an old thread, but it seems I can't understand (or still
miss) something...
The problem:
Is it just me or there's no way to restrict access to [homes] share to
members of an AD group? Or is it treated like an ordinary Unix group
then your missing perl files on your centos server.
type this on your debian server:
apt-cache show smbldap-tools | grep Depends
and check your perl files on centos.
should be something like this.
yum install openldap openldap-clients openldap-servers nss_ldap samba
samba-client httpd
here is what I use in my conf
[ProfileShare]
...
path = /home/%D/%U
root preexec = /root/pdc/smbmkhomedir.sh %D %U
...
smbmkhomedir.sh
#!/bin/bash
if [ ! -e /home/$1/$2 ]; then
mkdir -p /home/$1/$2
chown $2:Domain Users /home/$1/$2
chmod 4711 /home/$1/$2
setfacl
then your missing perl files on your centos server.
No, I didn't. As i said before - the problem is that perl-LDAP on
CentOS 5 is too old. I have tested on Debian 4 with
libnet-ldap-perl-0.33.2 and got the same error.
On Wed, May 23, 2012 at 10:11 AM, L.P.H. van Belle be...@bazuin.nl wrote:
Hello,
Thank for the warning.
My problem is now the following : I've created a auxiliary class with
optional attribute following this explanation :
http://semifershome.free.fr/semifer/index.php?2008/02/12/42-etendre-le-schema-active-directory-classes-attributs-et-display-specifiers
(1)
On 05/23/2012 01:22 AM, Hervé Hénoch wrote:
Hello,
Thank for the warning.
My problem is now the following : I've created a auxiliary class with
optional attribute following this explanation :
yes i have !!!
i've even tested by linking the optional attribute alone with the class
user !!!
so ?
Le 23/05/2012 10:39, Matthieu Patou a écrit :
On 05/23/2012 01:22 AM, Hervé Hénoch wrote:
Hello,
Thank for the warning.
My problem is now the following : I've created a auxiliary class
Precision : i've added the attribute by ldapmodify and it worked But
the script continue to fail.
Le 23/05/2012 10:46, Hervé Hénoch a écrit :
yes i have !!!
i've even tested by linking the optional attribute alone with the
class user !!!
so ?
Le 23/05/2012 10:39, Matthieu Patou a
On 05/22/2012 1:01 PM, Newman, John W wrote:
Thanks..
Unfortunately neither suggestion worked
chgrp still just says invalid group
invalid group, even though it shows up in wbinfo -g and getent group
says a lot about winbind.
valid users = @DOMAIN\\My Group behaves the same as I
Il 23/05/2012 09:11, Jorell ha scritto:
here is what I use in my conf
[ProfileShare]
Uh?
...
path = /home/%D/%U
root preexec = /root/pdc/smbmkhomedir.sh %D %U
ARGH! 'root preexec'. I missed that root bit :(
Tks! You saved my day!
smbmkhomedir.sh
#!/bin/bash
if [ ! -e /home/$1/$2 ]; then
On Mon, May 21, 2012 at 12:17 PM, alex.rans...@free.fr wrote:
We're having trouble joining an AD domain with 3.6.5
This message when running net join looks fishy :
got principal=not_defined_in_RFC4178@please_ignore
I'm sure it looks fishy, but it's not. This is normal for newer
versions of
On 23/05/12 13:40, NdK wrote:
Il 23/05/2012 09:11, Jorell ha scritto:
exit 0
I've had to obtain DOMAIN\domin_users gid before chown or it gave an
error (maybe due to a clash from a trusted domain -- still trying to
understand how can it happen).
And I'm still having issues with setfacl (I
Hi Deepak,
When you join a machine to the domain, that action adds an account in the
domain with the machine's name, followed by a $. This is the same for
Samba3 and Samba4. I'm not exactly sure what you mean by working fine
without an entry, but I suspect you may be working with a machine in
Hello
I've modified AD schema by adding a new auxiliary class (iscA) with an
auxilairy attribute (iscA1).
I've followed this explanation /_*entirely*_/ :
http://semifershome.free.fr/semifer/index.php?2008/02/12/42-etendre-le-schema-active-directory-classes-attributs-et-display-specifiers
Hello,
On Wed, May 23, 2012 at 1:59 PM, Jim McDonough j...@samba.org wrote:
On Mon, May 21, 2012 at 12:17 PM, alex.rans...@free.fr wrote:
We're having trouble joining an AD domain with 3.6.5
This message when running net join looks fishy :
got principal=not_defined_in_RFC4178@please_ignore
Hi all,
i've got samba 3.6 joined to a ad domain (s4 in this case)
running winbind
all looks ok, but i ran into a problem (for us that is)
i've got 2 groups (students and employes)
who have there home dirs in 2 different places.
/home/students/user
/home/employ/user
so far so good, but i
OK, my samba server was working fine i have 2TB RAID1 drive as a
storage and had 300gb sata drive for boot the Debian OS 6.0.4.
unfortunately my sata boot drive faild and i had to reinstall the OS
in new drive. now when i plug the old Raid drives the data was still
there. but permissions were a
here is my global details in smb.conf
[global]
workgroup = ASSURETYCONSULT
realm = ASSURETYCONSULTING.COM
netbios name = nasbox
server string = %h server
security = ADS
obey pam restrictions = Yes
pam password change = Yes
passwd program =
On 05/23/2012 03:56 PM, Collen wrote:
Hi all,
i've got samba 3.6 joined to a ad domain (s4 in this case)
running winbind
all looks ok, but i ran into a problem (for us that is)
i've got 2 groups (students and employes)
who have there home dirs in 2 different places.
/home/students/user
Now, what seems suspicious (to me, at least !) is the line :
ads_dns_lookup_srv: Failed to resolve _ldap._tcp.pdc._msdcs.CORP
(Connection timed out)
Shouldn't it try to resolve _ldap._tcp.pdc._msdcs.CORP.NET instead ?
Now I've tried running it through dbx
(dbx) where
=[1]
check this.
[ProfileShare]
comment = Roaming Profile Share
path = /nas/users/%D/%U
valid users = %U
read only = No
guest ok = No
browseable = yes
root preexec = /scripts/smbmkdir.sh %D %U
create mask = 4770
directory mask = 4770
Hi,
I'm trying to join samba 4 alpha 20 to my windows 2003 AD domain and I get this
error:
Adding SPNs to CN=SAMBADC1,OU=Domain Controllers,DC=montecarlotv,DC=com,DC=uy
Setting account password for SAMBADC1$
Enabling account
Calling bare provision
Join failed - cleaning up
checking
On 05/23/2012 07:22 PM, Muhammad Yousuf Khan wrote:
check this.
[ProfileShare]
comment = Roaming Profile Share
path = /nas/users/%D/%U
valid users = %U
read only = No
guest ok = No
browseable = yes
root preexec = /scripts/smbmkdir.sh %D
On 05/23/2012 06:48 AM, Hervé Hénoch wrote:
Hello
I've modified AD schema by adding a new auxiliary class (iscA) with an
auxilairy attribute (iscA1).
I've followed this explanation /_*entirely*_/ :
On 05/23/2012 02:21 AM, Hervé Hénoch wrote:
Precision : i've added the attribute by ldapmodify and it worked
But the script continue to fail.
Ok it means that storing the attribute works in some case.
We just have to figure why it didn't work in all case.
Le 23/05/2012 10:46, Hervé
On 23/05/2012 15:30, steve wrote:
If the gidNumber for the gid is stored in AD (as the 2008 and samba4
schema allow) then there can be no clash. It is then no problem in
extracting it and applying it using normal /etc/nsswitch.conf format.
The AD schema is still 2003. And who manages it thinks
On 22/05/2012 22:17, Newman, John W wrote:
Well.. I'm not really sure what that is (I inherited this project). In
smb.conf all he has here is: idmap uid = 1-2 idmap
gid=1-2 I don't see idmap backend = set at all in here. That is
probably a big part of the
steve wrote:
[SNIP]
Under winbind we cannot see how to do it. So we have used the new
nss-pam-ldapd instead and store the unixHomeDirectory in the directory.
As it's available in both the 2008 and s4 schema it works quickly and
efficiently. With the homeDirectory [share] and
NdK wrote:
On 23/05/2012 15:30, steve wrote:
If the gidNumber for the gid is stored in AD (as the 2008 and samba4
schema allow) then there can be no clash. It is then no problem in
extracting it and applying it using normal /etc/nsswitch.conf format.
The AD schema is still 2003. And who
Hello list,
We know that CTDB uses lockfile in the cluster file system to prevent
split-brain.
It is a really good design when all nodes in the cluster can mount the
cluster file system (e.g. GPFS/GFS/GlusterFS) and CTDB can work happily in
this assumption.
However, when split-brain happens, the
The branch, master has been updated
via 37866df s3:smbd: use reply_force_doserror(req, ERRSRV, ERRbaduid)
on SMBulogoff
from 42b2026 Second part of fix for bug 8953 - winbind can hang as
nbt_getdc() has no timeout.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log
The branch, master has been updated
via dcfb34f blackbox: fix samba4.blackbox.kinit test
via 2b14453 gse: Use the smb_gss_oid_equal wrapper.
via 0a6e568 krb5samba: Add smb_gss_oid_equal wrapper.
via c1444c3 s3-autoconf: fix typo after migrating DNS resolver code to
The branch, v3-6-test has been updated
via 96b6f3a s3-auth: Don't lookup the system user in pdb.
from 865eca1 Check the return from create_acl_blob
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -
The branch, master has been updated
via b211768 s3:rpc_server/dfs: pass allow_broken_path=true to
create_junction()
via aa7b1e2 s3:smbd/proto.h: remove unused resolve_dfspath() prototype
via 97f0a36 s3:smbd/files: remove unused VALID_FNUM()
via a0c9a29
The branch, master has been updated
via e8601c0 s3-configure: Fix configure version information.
from b211768 s3:rpc_server/dfs: pass allow_broken_path=true to
create_junction()
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log
The branch, master has been updated
via f52afa9 dlz_bind9: Make the talloc destructor static and return 0.
via 34eab45 dlz_bind9: Fix the named crash on reloading named
from e8601c0 s3-configure: Fix configure version information.
36 matches
Mail list logo