Helo samba list,
We are using a samba (3.0.25b-1.el5_1.2) PDC ( users are in an LDAP
backend ).
The perfs were bad and there were errors until I set winbind nested
groups = no in smb.conf.
I saw this post
http://lists.samba.org/archive/samba-technical/2005-May/040946.html
saying
What I
leurs professeurs.
Cordialement
Jean-Marc Pouchoulon.
-Message d'origine-
De :
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
.org] De la part de Stefan G. Weichinger
Envoyé : mardi 11 novembre 2003 11:25
À : [EMAIL PROTECTED]
Cc : Bäcker; Hendrik; Schmidt, Jochen
Objet : Re
Hi ,
I've just tried Samba 3.0.1pre2 on redhat 9 with xpclient.
I can connect ( very slow ) but I have :
[2003/11/10 14:37:51, 0] lib/util.c:smb_panic(1400)
PANIC: init_unistr2_from_datablob: malloc fail
[2003/11/10 14:37:51, 0] lib/util.c:smb_panic(1408)
BACKTRACE: 20 stack frames:
#0
I tried to add with a pdbedit -a -uAdministrator -U0 -G0 -d99
I get an error message : Unable to find user...
the user must be present in the ldap, pdbedit is going to add the
samba
attributes.
I create an Administrator account in my /etc/passwd and tried again with
the
pdbedit command, it
Correction :
sn: Administrator
uid: Administrator
uidNumber: 1000
gidNumber: 513
uidnumber: 0
gidnumber: 0
But this not mandatory. Sambasid = 1000 and Samabagroupsid = 1001 is the
important thing for samba.
A+
Jean-marc
--
To unsubscribe from this list go to the following URL and
client. Can someone can explain the
registry keys involved in communication between sambaAnd xp ? ( for
instance, I change only requiresignorseal=dword: and it works
well with samba 3 as DC )
Thanks
jean-marc
-Original Message-
From: jean-marc pouchoulon
[mailto:[EMAIL
Thereby sorry for being impolite :-(, but at present I'm running samba
3.0.1pre1 with ldapsam in the production servers, and Win9x clients
couldn't get list of users and groups from Samba DCs (Bug596). I have 3
choices:
- -- Switch back to 2.2.7 (not very nice:-(, I would need group support
for
logon home = \\serv1\%U\
the H drive is set correctly but the profile for the xp is
straightly stored in the /home/lambda
What I don't understand ?
Thanks
Jean-Marc Pouchoulon
--
To unsubscribe from this list go to the following URL and read the
instructions: http
I am also unable to add any user other than administrator, if I try this
Get_Pwnam_internals didn't find user [user]! Failed initialise
SAM_ACCOUNT for user user. Failed to modify password
entry for user
Does your user exist en /etc/passwd or ldap with posix account
attribute?
authentication'
If I set the server g4 as a BDC there is no problem. I access
the home share from xp.
Wrong config ?
Jean-Marc Pouchoulon
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Just one more thing
With security = server it works.
-Message d'origine-
De :
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
.org] De la part de jean-marc pouchoulon
Envoyé : mercredi 22 octobre 2003 14:50
À : [EMAIL PROTECTED]
Cc : [EMAIL PROTECTED]
Objet : [Samba] Samba 3 pre01 security
));
return LDAP_INSUFFICIENT_ACCESS;
}
#endif
Bug ?
Jean-Marc Pouchoulon.
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
In production for two month( ldap backend - Redhat 9). It is stable in
that configuration. Few minor questions and problems, but it works.
-Message d'origine-
De :
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
.org] De la part de Bert Rapp
Envoyé : mardi 21 octobre 2003 0:06
À : [EMAIL
You must have for each users uid and gid store in local /etc/passwd or
in ldap. But you must have them elsewhere.
-Message d'origine-
De :
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
.org] De la part de Nicko
Envoyé : lundi 20 octobre 2003 23:18
À : [EMAIL PROTECTED]
Objet : [Samba]
Bonsoir,
So when i create an user account with the script from IdealX
(smbldap-useradd.pl), i can log with this user on my Linux Box it's
normal,
but if i want to use this account on Samba Network i have to create the
same
account in /etc/passwd with useradd ?
use pdbedit -a username to add
have this message only in this case.
Jean-Marc Pouchoulon
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Bonsoir John
Refer to the Samba-HOWTO-Collection.pdf - chapter 10.3.2, see also
chapter 6.2.5.2.
On review of the information I refer you to above, it is clear that we
need to provide more information. I guess that means there is more
writing to be done. :(
I Read them carefully ( and
(0x40283000)
Does this give you what you want ?
-Message d'origine-
De : Andrew Bartlett [mailto:[EMAIL PROTECTED]
Envoyé : mercredi 15 octobre 2003 8:55
À : jean-marc pouchoulon
Cc : 'Andrew Bartlett'; [EMAIL PROTECTED]
Objet : Re: RE : RE : RE : [Samba] samba-3 PDC BDC fail
success. The rpm source is different.
Thanks for your previous answers.
Jean-Marc.
-Message d'origine-
De : Andrew Bartlett [mailto:[EMAIL PROTECTED]
Envoyé : vendredi 10 octobre 2003 10:12
À : jean-marc pouchoulon
Cc : 'Rauno Tuul'; [EMAIL PROTECTED]
Objet : Re: RE
# pdbedit -v -a -m -u tardis
ldapsam_modify_entry: Failed to add user dn=
uid=tardis$,ou=Machines,dc=amazing-internet,dc=net with: Object class
violation
object class 'sambaSamAccount' requires attribute 'sambaSID'
Did you create the machine account in /etc/passwd or in ldap
they sould be created
on the fly as they were with 3.0.0beta1.
As I can see, with 3.0 stable this is not done.
pdbedit -a -m testonsddd$ -D99
...
ldapsam_modify_entry: Failed to add user dn=
uid=testonsddd$,ou=pc,o=g,c=fr with: Object c
lass violation
But a
Can someone clarify how do I add machine accounts and user accounts?
Do they have to exist already in /etc/passwd?
Pdbedit is reading your smb.conf and specially the backend you
choose. What is your backend in smb.conf ? I think your are using
ldapbackend.
Machine account
d'origine-
De :
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
.org] De la part de jean-marc pouchoulon
Envoyé : jeudi 2 octobre 2003 9:15
À : 'Gerald (Jerry) Carter'
Cc : [EMAIL PROTECTED]
Objet : RE : [Samba] Winbind ldap samba 3 BDC getent passwd answerdon't
retrieve domain users,can't login
octobre 2003 10:12
À : jean-marc pouchoulon
Cc : 'Rauno Tuul'; [EMAIL PROTECTED]
Objet : Re: RE : [Samba] samba-3 PDC BDC fail-over with 2 LDAP
serversfails
On Tue, 2003-10-07 at 19:58, jean-marc pouchoulon wrote:
PDC (also master-ldap) smb.conf
passdb backend = ldapsam:ldaps://master-ldap.lan
PDC (also master-ldap) smb.conf
passdb backend = ldapsam:ldaps://master-ldap.lan
ldapsam:ldaps://slave-ldap.lan
Beware of the comma :
use passdb backend = ldapsam:ldaps://master-ldap.lan,
ldapsam:ldaps://slave-ldap.lan, guest
Jean-Marc
--
To unsubscribe from this
Thanks It's solve my problem too, but
Pdbedit -L user gave :
Password can change: lun, 06 oct 2003 16:13:21 GMT
Password must change: ven, 13 déc 1901 21:45:51 GMT
If I use another time
pdbedit -v -P 'maximum password age' -C 100
After a smbpasswd I have :
Password can change: lun, 06 oct
Hi,
My password expired at every connexion. I use pdbedit
pdbedit -P 'maximum password age' -C 100 to force the max password
age.
account policy value for maximum password age was 100
account policy value for maximum password age is now 100
I can't use it to resolve my own user
Hi,
The idea is to avoid to have machines accounts in /etc/passwd
and store all on the ldap.
I must have a machine account in /etc/passwd ( normal way ) to
create the account with pdbedit -a -m machine_account.
In fact once it is created , I can delete the account in the
: EOF
-Message d'origine-
De : Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED]
Envoyé : mercredi 1 octobre 2003 0:32
À : jean-marc pouchoulon
Cc : [EMAIL PROTECTED]
Objet : Re: [Samba] Winbind ldap samba 3 BDC getent passwd answer don't
retrieve domain users, can't login on the domain
Thanks for your answer.
But it didn't work.
There is no ldap request except for user with posix account. ( I can see
these users using getent )
I think there is no appeal by libnss library to winbind but I don't
understatnd why.
Jean-marc
-Message d'origine-
De :
[EMAIL PROTECTED]
But it didn't work.
Was this, to do with winbind and getent passwd?
Wbinfo -u -g works( list users's domain), getent passwd don't give me
back info on user's domain. ( just local users in /etc/passwd and ldap
users with posix account set)
There is no ldap request except for user with
Helo,
On redhat 9 - samba 3 stable - Using the rpm from 24 september.
I try to configure a bdc.
Smb.conf is :
idmap backend = ldap:ldap://ip_address
ldap idmap suffix = ou=personnes,ou=ac-ville,ou=educ
winbind uid = 1-2
I going to remove the rpm and try the last cvs, bug ?:
Wed Sep 24 01:24:13 2003
1d 13h 26m ago
fixing a bug in the retry loop for winbindd_pam_auth[_crap]()
Author: jerry
Modified: source/nsswitch/winbindd_pam.c
--
To unsubscribe from this list go to the following URL and read the
So what should I add the the LDAP server to make a
proper PDC ?
Here it is.
dn: sambaDomainName=DOMAIN,o=,c=Country
sambadomainname: DOMAIN
sambaalgorithmicridbase: 1000
objectclass: sambaDomain
creatorsname: cn=Directory Master
createtimestamp: 20030818142849Z
sambasid:
net getlocalsid gives :
SID for domain WOODY is: S-1-5-21-3032950689-949544758-3596382992
what is the answer of net getlocalsid YOURDOMAINNAME command.
This is the sid of the domain.
It seems that domain name sid and local name sid can/must? be the
same on the PDC. I learnt that
Yes you must, use it to add workstation in domain. SambaSid =
siddom-1001 (uid=0 )
Jean-marc
-Message d'origine-
De :
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
.org] De la part de Antoine Jacoutot
Envoyé : mardi 16 septembre 2003 13:49
À : [EMAIL PROTECTED]
Objet : [Samba] need of a
So, my question is: why do I have to create a posix user root since
my
system (/etc/passwd) already has one root ? I though just creating the
samba user would be enough...
samba reads backend nor /etc/passwd, isn't it ? So root can be
in /etc/passwd and he must be in a backend.
the 'pdbedit' tool.
eg: pdbedit -Lv -b ldapsam:ldap://ip-two/ will use the second backend.
Ok thanks
Jean-marc Pouchoulon
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
I'm using samba-3.0RC3.
I just figured out that if I wanted a user to be a Domain Admin, his
primarygroupSID had to be the group mapped to Domain Admins
(sid=512). Is there a way to just add the user to the admin group
without modifying his
primarygroupSID ?
If I understand well your
it on the ldap server except an
ldapmodify.
There is also a command that go back on the last sid.
I have a doc ... In french.
Jean-Marc Pouchoulon
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
The Domain SID and the PDC SID will be the same. Here is the output of
these on my PDC:
frodo:~ # net getlocalsid
SID for domain FRODO is: S-1-5-21-1593769616-160655940-3590153233
frodo:~ # net getlocalsid MIDEARTH
SID for domain MIDEARTH is: S-1-5-21-1593769616-160655940-3590153233
How can I have multiple backend on one samba pdc.
Samba seems to accept this two lines in the smb.conf.
passdb backend = ldapsam:ldap://ip-one/,guest
passdb backend = ldapsam:ldap://ip-two/,guest
With the cache mechanism on xp client , I am not able to see if it works
et whitch ldap server
Hi ,
We use redhat 8 . Samba is 3rc2
Smb.conf is
workgroup = TEST
server string = %h server (Samba %v)
null passwords = Yes
passdb backend = ldapsam:ldap://X.X.X.X /,guest
passwd program = /usr/bin/sudo /usr/local/samba/bin/ldapsync.pl
%u
Compiling the last cvs source it works now.
Thanks ? to developpers.
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Sorry too fast,
In fact it works from allow samba group to access to a share. But in mmc
I can't add a domain group to the local group.
Can someone test that on his own site to confirm?
thanks
-Message d'origine-
De : jean-marc pouchoulon
[mailto:[EMAIL PROTECTED]
Envoyé : jeudi 28
users.
Thanks for your help.
Jean-Marc Pouchoulon
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
More infos:
I disabled the test , same result , other logs.
ldapsam_search_one_group: searching
for:[((objectClass=sambaGroupMapping)(|(displayName=Domai
n Admins)(cn=Domain Admins)))]
[2003/08/27 09:46:03, 2] passdb/pdb_ldap.c:init_group_from_ldap(1677)
Entry found for group: 512
Ldapsam on netscape 4 directory server
System Red hat 8
Except adding group from xp client ( see my last message ) all is
working well
[EMAIL PROTECTED] source]# pdbedit -i ldapsam -e tdbsam
Searching for:[((objectClass=sambaDomain)(sambaDomainName=DOMAIN))]
smbldap_search_suffix: searching
The last patch on cvs had fixed the accent problem.
Thanks to the developper.
Jean-marc
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
I get the following error trying to join domain:
The following error occured attempting to join the domain SAMBA: No
mapping between account named and security ID's was done.
Did you have that kind of record in your ldap directory :
ldapsearch
I Think I've got the origin of the problem : Samba doesn't like french
accent.
We have a workgroup sib réseau every time I clicked on it or every
time name resolution is asking a computer name on that workgroup.
We have :
Received a packet of len 201 from (172.29.160.5) port 138
Conversion
Any help would be greatly appreciated.
Jean-Marc Pouchoulon
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Helo,
Does anyone made ldap schema's samba 3 beta for netscape directory 4 ?
Jean-Marc Pouchoulon
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Hi,
I had two logon server on Samba 302alpha on a domain DOM to provide
failover environment.
With smbgroupedit I can map domain group but I must using
net setlocalsid MY-SID-DOMAIN on the second server to map the same
domains groups with domain SID on the two server.
On the other hands I can
Answering to myself.
Using rpcclient 227a version with smbserver 30alpha2 provides the same
error.
I've made un mistake it works.( except on ldap parameter coming with
302 alpha )
Ignoring unknown parameter passdb backend
Unknown parameter encountered: ldap machine suffix
Ignoring unknown
55 matches
Mail list logo