Re: [Samba] suse 8.2 Samba 3 LDAP Domain Join Error : Logon failure: unknown user name or bad password (fwd)
-- John H Terpstra Email: [EMAIL PROTECTED] -- Forwarded message -- Date: Tue, 30 Dec 2003 04:33:24 + (GMT) From: John H Terpstra <[EMAIL PROTECTED]> To: Sundaram Ramasamy <[EMAIL PROTECTED]> Cc: [EMAIL PROTECTED] Subject: Re: [Samba] suse 8.2 Samba 3 LDAP Domain Join Error : Logon failure: unknown user name or bad password On Mon, 29 Dec 2003, Sundaram Ramasamy wrote: > Hi, > > I am using suse 8.2 with samba 3+ LDAP PDC. When I try to join the W2K > machine I am getting Logon failure: unknown user name or bad password. Yes. There is a bug there. I can give you RPMs for SuSE 8.2 that do work. You can download patched samba3-3.0.1 RPMs foe SuSE 8.2 (that is what I run) from: http://samba.org/~jht/files/RPMS/ I am not sure it this fixes your problem. I'll look further at your logs. Meanwhile, you most likely will want to use the patched RPMS. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Anonymous printing and howto, dumb questions :-)
Tuesday, December 30, 2003, 11:35:46 AM, Beast wrote: > Monday, December 29, 2003, 9:33:32 PM, Peter wrote: >> On Mon, 29 Dec 2003, Beast wrote: >>> >>> In samba howto collection it says : >>> ... >>> Dont use it if you want to protect your passwords. Better share the printer in >>> a way that does not require a password! Printing will only work if you have a >>> working netbios >>> name resolution up and running. >>> >>> How to set "anonymous shared printer" in Win 2000? >>> even if I give permision to anyone, Win refuses to gives list. >> I guess you want is a standalone printer which serves everyone on >> your local network. I use cups and this simple smb.conf > I mean printing to windows 2000 from samba (without giving username > and password). > I'm using RH 9.0 + CUPS + Samba 3.0 Oh, i have to enable guest account (either local or domain guest) which is not preferred... --beast -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Container for computer account [WAS Re: [Samba] Re: Transfering Machine Accounts / MACHINE.SID
Tuesday, December 30, 2003, 11:19:48 AM, Craig wrote: > On Mon, 2003-12-29 at 11:37, Sharp, Clint wrote: >> Quotes are required around the two ldap:// URIs AFAIK. I've not used AS >> 3, but on 8 I've always built from Source RPM as I've also added ACL >> support (pretty easy with the Redhat kernels, and even though they say >> it's not stable, I've yet to have any problems with it). I'd go grab >> Samba 3.0.1 source RPMs from the Samba website and build from there, or >> even upgrade to 3.0.1 from the Redhat RPMs on the Samba site, as those >> are known to have proper LDAP support included. > --- > It's a bit vague (changelog's for various changes since 3.0.0) but > apparently they've fixed 'more' ldap group mappings > searches...undoubtedly good - does that mean that it would be safe to > have Computers in their own ou or even with 3.0.1 would they still have > to be in ou=People? I'm using separate container for computer account and it works with samba 3.x. With ldap, it don't matter where you put the entry as long as you user correct base and filter you'll find that object, is it correct? ldap machine suffix = ou=computer ldap filter = (&(uid=%u)(objectclass=sambaSamAccount)) also in /etc/ldap.conf, dont put filter on nss_base_passwd and nss_base_shadow. --beast -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Request to Answer Survey
On Tue, 30 Dec 2003, John H Terpstra wrote: > Folks, > > Open Magazine are running a survey. The outcome will determine how much > coverage they give Samba in future. I know a lot of you use Samba Domain > Controllers. Please visit the site and answer the survey. All Yes answers > would be wonderful - but do answer truthfully please. > > I'd like to see a few hundred responses as soon as possible. Right now > there are 53. That is not a representative sample, but is already being > touted as "statistics say that xx% of respondents Do NOT use Samba as a > Domain Controller." > > Please help to get the record straight. Blast! I left off the URL. http://www.open-mag.com/9085339824.shtml Sorry. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] help regarding migration of user from nt to linux
We are in a process of migrating our windows nt server to linux and hence users also.We are facing some difficulty regarding this.We tried to do the steps mentioned in the article written by you in the pc quest magzine. While running the command : net rpc vampire -w domain-name -U Administrator%password follwoing message is coming : Failed to fetch domain database : NT_STATUS_ACCESS_DENIED Which access it is refering ? While looking the system log in event viewer on winnt following messge are coming : The full synchronisation request from the server MKP failed with the following error : Access is denied. While running following command : net rpc join -S NTSERVERNAME -w NTDOMAINNAME -U Administrator%password at linux it is coming : Joined MAIL Domain And also at server manager this host is added but system log is telling that : The session setup from the computer MKP failed to authenticate.The name of the account refrenced in the secuirty database is MKP$.The access is denied. MKP is the host name of linux server. while running the command net rpc testjoin message is coming : join to 'MAIL' is OK. Where MAIL is the domain name. Kindly suggest some solution to rectify the problem. I shall be highly thankful to you. Regards Sanjay Kumar Net Manager ITI LTD. MANKAPUR GONDA(U.P.) INDIA -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Anonymous printing and howto, dumb questions :-)
Monday, December 29, 2003, 9:33:32 PM, Peter wrote: > On Mon, 29 Dec 2003, Beast wrote: >> >> In samba howto collection it says : >> ... >> Dont use it if you want to protect your passwords. Better share the printer in >> a way that does not require a password! Printing will only work if you have a >> working netbios >> name resolution up and running. >> >> How to set "anonymous shared printer" in Win 2000? >> even if I give permision to anyone, Win refuses to gives list. > I guess you want is a standalone printer which serves everyone on > your local network. I use cups and this simple smb.conf I mean printing to windows 2000 from samba (without giving username and password). I'm using RH 9.0 + CUPS + Samba 3.0 --beast -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: Transfering Machine Accounts / MACHINE.SID
On Mon, 29 Dec 2003, Craig White wrote: > On Mon, 2003-12-29 at 11:37, Sharp, Clint wrote: > > Quotes are required around the two ldap:// URIs AFAIK. I've not used AS > > 3, but on 8 I've always built from Source RPM as I've also added ACL > > support (pretty easy with the Redhat kernels, and even though they say > > it's not stable, I've yet to have any problems with it). I'd go grab > > Samba 3.0.1 source RPMs from the Samba website and build from there, or > > even upgrade to 3.0.1 from the Redhat RPMs on the Samba site, as those > > are known to have proper LDAP support included. > --- > It's a bit vague (changelog's for various changes since 3.0.0) but > apparently they've fixed 'more' ldap group mappings > searches...undoubtedly good - does that mean that it would be safe to > have Computers in their own ou or even with 3.0.1 would they still have > to be in ou=People? No. The search facility has not been fixed in 3.0.1. You should still use the People container for Machine accounts with 3.0.1. - John T. > > I haven't a clue where AS 3 fits in RH 8/9 scheme - me thinks more like > 9. I have been reticent to add 'value' to the Red Hat offering but ended > up compiling Netatalk and Webmin from source since they aren't > supported. I am gonna have to think about this one... > > Thanks, > > Craig > > -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Transfering Machine Accounts / MACHINE.SID
Monday, December 29, 2003, 10:08:16 PM, Clint wrote: > Passdb backend = ldapsam:"ldap://master ldap://slave"; works just fine > for me. I have the passwd program set to /usr/bin/passwd and Samba > updates the Samba related entries in the Master LDAP (with passwd > updating the posixAccount related entries). Took me a while to find the > ldapsam:"ldap://master ldap://slave"; workaround too, but it's worked > flawlessly for me in production since. Could you try (on PDC) : Passdb backend = ldapsam:"ldap://slave ldap://master"; since what I want is PDC -> slave ldap server --beast -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] suse 8.2 Samba 3 LDAP Domain Join Error : Logon failure: unknown user name or bad password
Hi, I am using suse 8.2 with samba 3+ LDAP PDC. When I try to join the W2K machine I am getting Logon failure: unknown user name or bad password. with root user I was able log in to the machine, Even from Windows 2000 I was able to access the share like this \\192.168.0.101. Here is some more information. Any Help to fix this. -Sundaram linux:/var/log # id root uid=0(root) gid=512(Domain Admins) groups=512(Domain Admins) rpm -qa | grep sam samba3-client-3.0.1-15 samba3-3.0.1-15 samba3-doc-3.0.1-15 samba3-winbind-3.0.1-15 linux:/var/log # testparm -s Load smb config files from /etc/samba/smb.conf Processing section "[homes]" Processing section "[printers]" Loaded services file OK. # Global parameters [global] workgroup = TECHGROUP netbios name = RISHI server string = rishi Samba Server null passwords = Yes passdb backend = ldapsam passwd program = /usr/local/bin/smbldap-passwd.pl -o %u passwd chat = *new*password* %n\n *new*password:* %n\ *successfully* passwd chat debug = Yes log level = 3 log file = /var/log/samba/%m.log socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 add user script = /usr/local/sbin/smbldap-useradd.pl -a "%u" delete user script = /usr/local/sbin/smbldap-useradd.pl -d "%u" add group script = /usr/local/sbin/smbldap-useradd.pl -a -g "%g" delete group script = /usr/local/sbin/smbldap-useradd.pl -d -g "%g" add user to group script = /usr/local/sbin/smbldap-useradd.pl -j -u "%u" -g "%g" delete user from group script = /usr/local/sbin/smbldap-useradd.pl -j -u "%u" -g "%g" set primary group script = /usr/local/sbin/smbldap-useradd.pl -m -u "%u" -gid "%g" add machine script = /usr/local/sbin/smbldap-useradd.pl -a -w "%m" domain logons = Yes os level = 22 preferred master = Yes local master = No domain master = Yes dns proxy = No wins support = Yes ldap suffix = dc=sfgroup,dc=com ldap machine suffix = ou=People ldap user suffix = ou=People ldap group suffix = ou=Groups ldap filter = (&(uid=%u)(objectclass=sambaSamAccount)) ldap admin dn = "cn=Manager,dc=sfgroup,dc=com" ldap ssl = no [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No LDAP data: == linux:/var/log # ldapsearch -x # extended LDIF # # LDAPv3 # base <> with scope sub # filter: (objectclass=*) # requesting: ALL # # sfgroup.com dn: dc=sfgroup,dc=com objectClass: dcObject objectClass: organization dc: sfgroup o: sfgroup # People, sfgroup.com dn: ou=People,dc=sfgroup,dc=com objectClass: organizationalUnit ou: People # Groups, sfgroup.com dn: ou=Groups,dc=sfgroup,dc=com objectClass: organizationalUnit ou: Groups # Computers, sfgroup.com dn: ou=Computers,dc=sfgroup,dc=com objectClass: organizationalUnit ou: Computers # nobody, People, sfgroup.com dn: uid=nobody,ou=People,dc=sfgroup,dc=com cn: nobody sn: nobody objectClass: inetOrgPerson objectClass: sambaSAMAccount objectClass: posixAccount gidNumber: 514 uid: nobody uidNumber: 999 homeDirectory: /dev/null sambaPwdLastSet: 0 sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaPwdMustChange: 2147483647 sambaHomePath: \\rishi\homes sambaHomeDrive: _HOMEDRIVE_ sambaProfilePath: \\_PDCNAME_\profiles\ sambaPrimaryGroupSID: S-1-5-21-3516781642-1962875130-3438800523-514 sambaLMPassword: NO PASSWORDX sambaNTPassword: NO PASSWORDX sambaAcctFlags: [NU ] sambaSID: S-1-5-21-3516781642-1962875130-3438800523-2998 loginShell: /bin/false # Domain Admins, Groups, sfgroup.com dn: cn=Domain Admins,ou=Groups,dc=sfgroup,dc=com objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 512 cn: Domain Admins description: Netbios Domain Administrators sambaSID: S-1-5-21-3516781642-1962875130-3438800523-512 sambaGroupType: 2 displayName: Domain Admins # Domain Users, Groups, sfgroup.com dn: cn=Domain Users,ou=Groups,dc=sfgroup,dc=com objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 513 cn: Domain Users description: Netbios Domain Users sambaSID: S-1-5-21-3516781642-1962875130-3438800523-513 sambaGroupType: 2 displayName: Domain Users # Domain Guests, Groups, sfgroup.com dn: cn=Domain Guests,ou=Groups,dc=sfgroup,dc=com objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 514 cn: Domain Guests description: Netbios Domain Guests Users sambaSID: S-1-5-21-3516781642-1962875130-3438800523-514 sambaGroupType: 2 displayName: Domain Guests # Administrators, Groups, sfgroup.com dn: cn=Administrators,ou=Groups,dc=sfgroup,dc=com objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 544 cn: Administrators description: Netbios Do
RE: [Samba] Re: Transfering Machine Accounts / MACHINE.SID
On Mon, 2003-12-29 at 11:37, Sharp, Clint wrote: > Quotes are required around the two ldap:// URIs AFAIK. I've not used AS > 3, but on 8 I've always built from Source RPM as I've also added ACL > support (pretty easy with the Redhat kernels, and even though they say > it's not stable, I've yet to have any problems with it). I'd go grab > Samba 3.0.1 source RPMs from the Samba website and build from there, or > even upgrade to 3.0.1 from the Redhat RPMs on the Samba site, as those > are known to have proper LDAP support included. --- It's a bit vague (changelog's for various changes since 3.0.0) but apparently they've fixed 'more' ldap group mappings searches...undoubtedly good - does that mean that it would be safe to have Computers in their own ou or even with 3.0.1 would they still have to be in ou=People? I haven't a clue where AS 3 fits in RH 8/9 scheme - me thinks more like 9. I have been reticent to add 'value' to the Red Hat offering but ended up compiling Netatalk and Webmin from source since they aren't supported. I am gonna have to think about this one... Thanks, Craig -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Request to Answer Survey
Folks, Open Magazine are running a survey. The outcome will determine how much coverage they give Samba in future. I know a lot of you use Samba Domain Controllers. Please visit the site and answer the survey. All Yes answers would be wonderful - but do answer truthfully please. I'd like to see a few hundred responses as soon as possible. Right now there are 47. That is not a representative sample, but is already being touted as "statistics say that 56% of respondents Do NOT use Samba as a Domain Controller." Please help to get the record straight. Cheers, John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] nbp hell
On Mon, Dec 29, 2003 at 08:36:30PM -0500, Romeyn Prescott wrote: > Greetings, > > I spent the better part of a day tracking down a rather annoying > problem. I would like someone more knowledgeable than myself to > confirm this diagnosis. > > I have a RH 8.0 Linux box with three NICS. I had been developing it > testing with an XP box. Everything seemed groovy. > > Today I went to put it into "production" and Win98 clients were > having all sorts of problems. > > eth2 is the system's "default" interface. eth1 is used for netatalk, > and eth2 for samba. I have used the interfaces and nind interfaces > only options in smb.conf. You have 3 interfaces onto the same LAN? You fill find that you are only really using one of them, as the system will accept ARP requests on all for all IPs. > After more hairpulling, I did a packet capture on a hub with the Win98 client. > > It seems that the client does an nbp query. My server responds, but > the response comes from eth2, not eth0! Sounds standard for UDP. > Despite the packet's payload > having the correct information (that the server the client seeks is > at the IP address bound to eth0), Win98 decides that the server is at > the IP address associated with the packet informing it of such. > > I am told that this is a violation of the smb protocol. > > Can anyone suggest a fix? Should I just relegate samba to the > server's "default" interface and not worry about this anymore? Ditch the multiple network cards, if they are to the same LAN. You would do much better to upgrade to Gigabit if you really need it, or make them 'one card' with channel bonding and an fancy switch. Andrew Bartlett -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can domain logon requests handled by Samba Configured as a Member Server.
On Mon, 29 Dec 2003, Yeri Swamy wrote: > Hi > > Windows NT as Backup domain controller can participate in the logon > process. When a user logs on to a domain, the logon request can be > handled by any primary or backup domain controller. This spreads the > logon processing load across the available servers. > > Can this be done when we configure Samba as just a Member Server? or > DoesSamba has to be setup as PDC In order to handle logon requests? Domain Member servers do NOT run the network logon service. Samba-3 can be configured as a PDC or as a BDC. Samba-3 can NOT be a BDC to a Windows NT4 PDC. Windows NT4 can NOT be a BDC to a Samba-3 PDC. Samba-3 can be configured as a BDC to a Samba-3 PDC. For information please refer to the Samba-HOWTO-Collection.pdf. A Samba-3 BDC functions in precisely the same way as an NT4 BDC so far as handling of domain logons is concerned. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Can domain logon requests handled by Samba Configured as a Member Server.
Hi Windows NT as Backup domain controller can participate in the logon process. When a user logs on to a domain, the logon request can be handled by any primary or backup domain controller. This spreads the logon processing load across the available servers. Can this be done when we configure Samba as just a Member Server? or DoesSamba has to be setup as PDC In order to handle logon requests? with Regards YS -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smb.conf man page FUBAR
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Romeyn Prescott wrote: | I don't know who to report this to, but I'll post it here and hope | someone with authority sees it. | | The on-line posting of the smb.conf man page is missing lots of | information: | | http://us1.samba.org/samba/docs/man/smb.conf.5.html It's already been filed as a bug and we're working on it. cheers, jerry ~ -- ~ Hewlett-Packard- http://www.hp.com ~ SAMBA Team -- http://www.samba.org ~ GnuPG Key http://www.plainjoe.org/gpg_public.asc ~ "If we're adding to the noise, turn off this song" --Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/8N5XIR7qMdg1EfYRAt4sAJ4+qZUHfWZCfQbH6YLWf/aPzNILpgCg1pI3 PYP6FFsrNAjq63PHg1nviZc= =Wkd3 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] nbp hell
Greetings, I spent the better part of a day tracking down a rather annoying problem. I would like someone more knowledgeable than myself to confirm this diagnosis. I have a RH 8.0 Linux box with three NICS. I had been developing it testing with an XP box. Everything seemed groovy. Today I went to put it into "production" and Win98 clients were having all sorts of problems. eth2 is the system's "default" interface. eth1 is used for netatalk, and eth2 for samba. I have used the interfaces and nind interfaces only options in smb.conf. After more hairpulling, I did a packet capture on a hub with the Win98 client. It seems that the client does an nbp query. My server responds, but the response comes from eth2, not eth0! Despite the packet's payload having the correct information (that the server the client seeks is at the IP address bound to eth0), Win98 decides that the server is at the IP address associated with the packet informing it of such. I am told that this is a violation of the smb protocol. Can anyone suggest a fix? Should I just relegate samba to the server's "default" interface and not worry about this anymore? Cheers, ...ROMeyn -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] installing gui interfaces for samba
On Mon, 2003-12-29 at 23:06, Andrew Gaffney wrote: > kent E. wrote: > > i've browse the web and found 'Smb4K - An SMB share browser for KDE' > > since this is something similar like a windows sharing this would be > > safer for our newbie(unix) users but i have problem installing the > > package > > > > === > > checking for Qt... configure: error: Qt (>= Qt 3.1 (20021021)) (headers > > and libraries) not found. Please check your installation! > > For more details about this problem, look at the end of config.log. > > > > > > i already installed the qt ver 3.1++ > > > > [EMAIL PROTECTED] smb4k-0.3.1]# rpm -qa qt > > qt-3.1.1-6 > > > > You might want to try to find an RPM for your distro for that program. yes. i already did install the rpm version of the distro.. i think before(by default) it is 3.0 > Another good SMB browser I've found is Xfsamba. ok i will check it out. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Article
On Mon, 29 Dec 2003, Jeremy Allison wrote: > On Mon, Dec 29, 2003 at 08:53:44PM +, John H Terpstra wrote: > > Hi, > > > > Ok. I am hooting my own trumpet it seems, but why not - just once! > > > > http://www.open-mag.com/9085339824.shtml > > > > Ok John, it's after midnight at my parents house. > (they're both in bed). > > Will you find *AND KILL* the person who thought it > was cute to add a loud musical accompanyment to that > page :-(. Oh shoot! I don't have sound turn on. Hope you survived the blast. More to the point, I hope you are enjoying your well earned break with the folks back home. Cheers, John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Article
On Mon, Dec 29, 2003 at 08:53:44PM +, John H Terpstra wrote: > Hi, > > Ok. I am hooting my own trumpet it seems, but why not - just once! > > http://www.open-mag.com/9085339824.shtml > Ok John, it's after midnight at my parents house. (they're both in bed). Will you find *AND KILL* the person who thought it was cute to add a loud musical accompanyment to that page :-(. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smb.conf man page FUBAR
Romeyn, Thanks for reporting this. We are well aware of the problem and we are taking corrective action. Apologies for ruining your day with this stuff up. For the record, we implemented a system that automatically builds the Samba documentation and then uploads it to the Web sites. Those of us who maintain the documentation now find ourselves in between a rock and a hard place. It takes several days to implement structural change necessary so that we can support multiple languages. In the intervening period, we broke the build process. The automatic build and upload process did not know that the build broke, so it uploaded broken (incomplete) documentation. Just so you are aware that the news is not all bad, The Samba HOWTO is presently being translated from English into: German French Spanish Japanese as well as several other languages. All translation work is being done by volunteer groups. This is really an exciting time for Samba and particularly for our users. PS: All bug reports should go to: https://bugzilla.samba.org This one is in hand, but if you wish to make it official and to have it on record, feel free to post one. Cheers, John T. On Mon, 29 Dec 2003, Romeyn Prescott wrote: > I don't know who to report this to, but I'll post it here and hope > someone with authority sees it. > > The on-line posting of the smb.conf man page is missing lots of information: > > http://us1.samba.org/samba/docs/man/smb.conf.5.html > > Thanks, > ...ROMeyn > -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smb.conf man page FUBAR
I don't know who to report this to, but I'll post it here and hope someone with authority sees it. The on-line posting of the smb.conf man page is missing lots of information: http://us1.samba.org/samba/docs/man/smb.conf.5.html Thanks, ...ROMeyn -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] FREE Yellowpage listings, -- It's t
I am looking for the phone number for e-machines in the Toronto area. Thank you, laughlikecrazy - Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Adding XP to a samba domain
By any chance got a link? Type samba howto into google and you get about 50,000 different hits http://hr.uoregon.edu/davidrl/samba.html is a good start. Holger -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Adding XP to a samba domain
On Mon, Dec 29, 2003 at 05:45:34PM -0500, Conlan Adams wrote: > > >Samba 3.0 supports this. > > All versions of samba 3.0? > > >See the HOWTO. > > By any chance got a link? Type samba howto into google and you get about > 50,000 different hits The official one - should abe about 3rd. http://www.samba.org/samba/docs/man/ or http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection.html for all-on-one-page or http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection.pdf for the pdf. Lots of choice :-) Andrew Bartlett -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Adding XP to a samba domain
>Samba 3.0 supports this. All versions of samba 3.0? >See the HOWTO. By any chance got a link? Type samba howto into google and you get about 50,000 different hits Thanks -Conlan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Slow browsing through Windows Explorer
Clint, Here is my /etc/samba/smb.conf file: [global] workgroup = SCDSERVICES netbios name = LINK server string = Link log file = /var/log/samba/log.%m max log size = 50 security = user encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd unix password sync = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = yes os level = 65 domain master = yes domain admin group = @adm @root preferred master = yes domain logons = yes logon script = STARTUP.BAT logon path = logon home = logon drive = ;add user script = /usr/sbin/useradd -d /dev/null -g machines -c 'Machine Account' -s /bin/false -M %u ;add user script = /usr/sbin/useradd -s /bin/false %u name resolve order = wins lmhosts bcast wins support = yes dns proxy = no No wins server = entry (which is a good thing) ;-) just a wins support = yes (which looks good) Ok, I turned off the "Folder Bar" and then proceded to \\unreal\backup however it still hangs. Thanks, -- Curtis Strite Director of Internet Services 7321 S. Lindbergh Blvd. Suite 104 St. Louis, MO 63125 Office: 314-892-2100 Mobile: 314-280-8270 Email: [EMAIL PROTECTED] Website: www.scdservices.com - Original Message From: Sharp, Clint <[EMAIL PROTECTED]> To: Curtis Strite <[EMAIL PROTECTED]>, samba <[EMAIL PROTECTED]> Subject: RE: [Samba] Slow browsing through Windows Explorer Date: 30/12/03 00:06 > > > -Original Message- > > > > Clint, > > > > > > > > We may have different problems. You were doing this w/o > > the folders > > > bar in Windows Explorer right? > > > > Not sure what you mean here. I'm just in explore mode of > > Windows Explorer. > > > > In windows explorer, under View->Explorer Bar->Folders, is this checked? > If so, uncheck it and go to the server via \servernameshare again and > see if takes a long time still. This will tell you if it's a browsing > related issue, as with the folders explorer bar open, it's attempting to > build a browse list for the workgroup. > > > > > > > > > Also, these machines are in a workgroup setting? Is your > > machine on a > > > domain or in the same workgroup? > > > > I'm on a domain, I have another box RedHat (LINK) that is my > > PDC. Which is working when the XP Client logs in, it has a > > netlogon share which maps the > > H: and the Y: drives to Morpheus and Unreal respectivly. > > > > > > Have you done an nmblookup -M -- - or > > > findsmb to determine which machine is your master browser? > > > > No, I think this is a good place to start. I did restart > > Samba on Morpheus and bumped up the log level to 2 and now > > I'm getting this. > > > > > > [2003/12/29 15:27:44, 2] > > nmbd/nmbd_nameregister.c:register_name_timeout_response(199) > > register_name_timeout_response: WINS server at address > > 10.11.86.17 is not responding. > > > > > > > > 10.11.86.17 is LINK which is my PDC that I've also told to be > > a wins server in the smb.conf file. > > > > > > Make sure on the machine you think is your WINS Server you set wins > support = yes instead of wins server = yes, as the wins server is the > parameter for telling a machine which IP to query for WINS. I have a > feeling this is setup wrong which is why you're having a problem > browsing and thus it's slow in Windows. > > Clint > > > > > This sounds > > > like a browsing related issue, and you have to have a > > reachable master > > > browser for the workgroup/domain of the machine you're > > attempting to > > > connect to so that Windows can pull the browse list, > > otherwise it'll > > > take forever before timing out. Maybe someone else here has more > > > experience at this than I do, but that's what it seems like to me. > > > > > > Clint > > > > Message sent using UebiMiau 2.7.2 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Adding XP to a samba domain
On Mon, 29 Dec 2003, Conlan Adams wrote: > Bare with me please :-) > > I know this question has probably been asked before but a quick overview of > the archives didn't help me out. > > Couple of parts > > 1. Can a samba domain be established that doesn't require registry hacks on > an XP machine to add the XP machine? Yes. Use Samba-3.0.x. Can not be done with Samba-2.2.x. > > 2. What would a VERY basic smb.conf file look like that creates a samba > domain for W2K and XP machines? # Global parameters [global] workgroup = MIDEARTH server string = Samba3 passdb backend = tdbsam username map = /etc/samba/smbusers log file = /var/log/samba/%m smb ports = 139 445 add user script = /usr/sbin/useradd -m %u delete user script = /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupdel %g add user to group script = /usr/sbin/usermod -G %g %u add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null %u domain logons = Yes os level = 35 preferred master = Yes domain master = Yes idmap uid = 15000-2 idmap gid = 15000-2 winbind use default domain = Yes Is that basic enough? > > 3. Does anyone remember my name? :-) Nope. But I trust you. :) > > I used to be a big samba lister about 2-3 years ago, but havent been around > due to changes in jobs. Thanks for hepling out. > Thanks for any help I can get Fee for service remains the same. Cheers, John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Adding XP to a samba domain
On Mon, Dec 29, 2003 at 05:17:12PM -0500, Conlan Adams wrote: > Bare with me please :-) > > I know this question has probably been asked before but a quick overview of > the archives didn't help me out. > > Couple of parts > > 1. Can a samba domain be established that doesn't require registry hacks on > an XP machine to add the XP machine? Samba 3.0 supports this. > 2. What would a VERY basic smb.conf file look like that creates a samba > domain for W2K and XP machines? See the HOWTO. > 3. Does anyone remember my name? :-) No, Andrew Bartlett -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind-Cyrus-Outlook
On Mon, Dec 29, 2003 at 10:37:08AM -0600, Tim Branson wrote: > Andrew: > > I now have it working fine. It was a case sensitive issue. When Outlook > send the DOMAINNAME+username it made it all lower case. I had to make the > imap server mailboxes lower case not mixed case like winbind has it. > > Is there a way to alias the user names? I.e. TESTDOMAIN+tbranson = > tbranson? This is what 'winbind use default domain = yes' is for. Andrew Bartlett -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Adding XP to a samba domain
Bare with me please :-) I know this question has probably been asked before but a quick overview of the archives didn't help me out. Couple of parts 1. Can a samba domain be established that doesn't require registry hacks on an XP machine to add the XP machine? 2. What would a VERY basic smb.conf file look like that creates a samba domain for W2K and XP machines? 3. Does anyone remember my name? :-) I used to be a big samba lister about 2-3 years ago, but havent been around due to changes in jobs. Thanks for any help I can get -Conlan Adams -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Slow browsing through Windows Explorer
> -Original Message- > > Clint, > > > > > We may have different problems. You were doing this w/o > the folders > > bar in Windows Explorer right? > > Not sure what you mean here. I'm just in explore mode of > Windows Explorer. > In windows explorer, under View->Explorer Bar->Folders, is this checked? If so, uncheck it and go to the server via \\servername\share again and see if takes a long time still. This will tell you if it's a browsing related issue, as with the folders explorer bar open, it's attempting to build a browse list for the workgroup. > > > > > Also, these machines are in a workgroup setting? Is your > machine on a > > domain or in the same workgroup? > > I'm on a domain, I have another box RedHat (LINK) that is my > PDC. Which is working when the XP Client logs in, it has a > netlogon share which maps the > H: and the Y: drives to Morpheus and Unreal respectivly. > > > Have you done an nmblookup -M -- - or > > findsmb to determine which machine is your master browser? > > No, I think this is a good place to start. I did restart > Samba on Morpheus and bumped up the log level to 2 and now > I'm getting this. > > > [2003/12/29 15:27:44, 2] > nmbd/nmbd_nameregister.c:register_name_timeout_response(199) > register_name_timeout_response: WINS server at address > 10.11.86.17 is not responding. > > > > 10.11.86.17 is LINK which is my PDC that I've also told to be > a wins server in the smb.conf file. > > Make sure on the machine you think is your WINS Server you set wins support = yes instead of wins server = yes, as the wins server is the parameter for telling a machine which IP to query for WINS. I have a feeling this is setup wrong which is why you're having a problem browsing and thus it's slow in Windows. Clint > > This sounds > > like a browsing related issue, and you have to have a > reachable master > > browser for the workgroup/domain of the machine you're > attempting to > > connect to so that Windows can pull the browse list, > otherwise it'll > > take forever before timing out. Maybe someone else here has more > > experience at this than I do, but that's what it seems like to me. > > > > Clint -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 2.2.8a open Files malfunction ?
Hi Group, having several Problems with Samba Client Win2000 SP2 Server SUSE 9.0 SAMBA 2.2.8a connection from Client to Server is fine (RW Access possible), but a little Textfile opened in Windows Notepad (and changed) is not reported as 'Open File' by smbstatus -d after opening another File (e.g. with Microsoft WORD) --- smbstatus -d reports both files 'OPEN' --- after a while in most! cases the littel TXT-File disappears from 'OPEN Files List' what's going wrong here? known Bugs ?? P.S. shutting down the Server by leaving the Files open on Win2K Client I get no warning that Files are in use How do I change this ? Uli -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Article
Hi, Ok. I am hooting my own trumpet it seems, but why not - just once! http://www.open-mag.com/9085339824.shtml - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Slow browsing through Windows Explorer
Curtis, I have similar problems when not joined to a domain browsing Windows shares as well. This is a problem with Windows attempting to enumerate a browse list for all the machines in your workgroup. Ironically, I don't see this problem when the folders tab isn't there (i.e. go through my computer instead of windows explorer and type in \\server\share). Clint > -Original Message- > Hello, > > I'm having a very strange problem with Samba version 2.2.7a. > I have four boxes, Two Linux Mandrake Boxes (Morpheus and > Unreal both v. 9.2), One RedHat (Link v. 8.0) and an XP > Workstation (Kek XP Pro NO SP1). > > When I bring up My computer (Explorer) and attempt to browse > through the H: drive (SMB Share mapped to Users Home dir on > Morpheus), Y: drive (SMB Share maped to /backup on Unreal) > > It takes a veary, very long time to list the files on any of > the mapped samba drives. It basically hangs the explorer.exe > process. I can bring up the task manager, I can still toggle > (Control + Tab) between other apps that are open, but I > cannot access my start menu or do anything with the current > explorer window that's reading the files form the network. > > However with the task manager open I can launch a new task > cmd.exe and then fro the command prompt I can C:>H: change to > the H: drive, do a "dir" and list all the files, I can even > dig down into sub dirs and list files over the network, the > whole time the explorer process appears to be hung trying to > list the files, just like I did in the command prompt window. > > Then after about 4 or 5 mintues, everything comes back to > normal, it shows all the files in the explorer window, and > then any clicking I did like on the start menu or trying to > move winodws while it was hung all happens very quickly and > then it's fine. Until I try to access the drive again in > about 2 or 3 hours. > > Sorry so long. > Thanks in advance for any help. > -- > Curtis Strite > Director of Internet Services > 7321 S. Lindbergh Blvd. > Suite 104 > St. Louis, MO 63125 > Office: 314-892-2100 > Mobile: 314-280-8270 > Email: [EMAIL PROTECTED] > Website: www.scdservices.com > > > > > Message sent using UebiMiau 2.7.2 > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Slow browsing through Windows Explorer
Hello, I'm having a very strange problem with Samba version 2.2.7a. I have four boxes, Two Linux Mandrake Boxes (Morpheus and Unreal both v. 9.2), One RedHat (Link v. 8.0) and an XP Workstation (Kek XP Pro NO SP1). When I bring up My computer (Explorer) and attempt to browse through the H: drive (SMB Share mapped to Users Home dir on Morpheus), Y: drive (SMB Share maped to /backup on Unreal) It takes a veary, very long time to list the files on any of the mapped samba drives. It basically hangs the explorer.exe process. I can bring up the task manager, I can still toggle (Control + Tab) between other apps that are open, but I cannot access my start menu or do anything with the current explorer window that's reading the files form the network. However with the task manager open I can launch a new task cmd.exe and then fro the command prompt I can C:>H: change to the H: drive, do a "dir" and list all the files, I can even dig down into sub dirs and list files over the network, the whole time the explorer process appears to be hung trying to list the files, just like I did in the command prompt window. Then after about 4 or 5 mintues, everything comes back to normal, it shows all the files in the explorer window, and then any clicking I did like on the start menu or trying to move winodws while it was hung all happens very quickly and then it's fine. Until I try to access the drive again in about 2 or 3 hours. Sorry so long. Thanks in advance for any help. -- Curtis Strite Director of Internet Services 7321 S. Lindbergh Blvd. Suite 104 St. Louis, MO 63125 Office: 314-892-2100 Mobile: 314-280-8270 Email: [EMAIL PROTECTED] Website: www.scdservices.com Message sent using UebiMiau 2.7.2 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] NT_STATUS_WRONG_PASSWORD????
Hi all, My smb.conf is: [global] netbios name= Test workgroup = NIK server string = Samba server (on %L) hosts allow = 10.1.1. 10.0.0. localhost interfaces = 10.0.0.0/24 10.1.1.0/24 bind interfaces only= yes local master= yes os level= 34 encrypt passwords = yes time server = yes security= user log level = 2 max log size= 1000 log file= /sambalog/log.%m socket options = TCP_NODELAY IPTOS_LOWDELAY guest ok = yes [homes] comment = Home Directory valid users = %S browsable = no read only = no The sharing looks ok but > smbclient -U% -L 10.1.1.1 added interface ip=10.0.0.1 bcast=10.0.0.255 nmask=255.255.255.0 added interface ip=10.1.1.1 bcast=10.1.1.255 nmask=255.255.255.0 Domain=[NIK] OS=[Unix] Server=[Samba 2.2.7a-SuSE] tree connect failed: NT_STATUS_WRONG_PASSWORD What is wrong? I didn't change passwords and it worked correctly. Thanks! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: User Manager For Domains - SAMBA 3.0.1-2
Hi, usrmgr is working very fine for me one miracle is that usmgr should be stored on a smb share, and as client you should use a trusted !!! win computer from the samba domain, some features will only work with this setup, specially adding users (results of my tests), you should be root ( admin user ) to do all stuff check attached conf which is valid for suse 9.0 samba 3.01, samba as pdc, compare parameters maybe you have some typos too. there are some entries in bugzilla relate to usrmgr a study of this should be helpfull too Best Regards - Original Message - From: "Erik Holst Trans" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, December 29, 2003 6:52 PM Subject: [Samba] Re: User Manager For Domains - SAMBA 3.0.1-2 > Hi again, > > Well i did not get any response to my problem :-( > > The only thing i have noticed since my last posting is a log entry that > seems to show up when i try to add a user with the "User Manager For > Domains" (on windws 98se) > > I also tried to make my own "add user script" in perl, that make use of > both the "adduser" and "smbpasswd" commands. > But no success. > > This is the entry from the log. > > [2003/12/28 20:41:36, 1] smbd/ipc.c:api_fd_reply(292) > api_fd_reply: INVALID PIPE HANDLE: > > I suppose that means that "UMFD" is not supported, but i find that > difficult to belive cause the delete and change group member ship > functions works great. > > > //Erik > > > Erik Holst Trans wrote: > > > Hi, > > > > I,m running Samba 3.0.1-2 on a RedHat 9.0 box, and would like to use > > the "User Manager for Domains" tool to control users and groups. > > But i can't get it to work proberly. > > > > Deleting users and groups, change group membership on users works > > fine, but adding users and groups does not. > > > > I have tried to find out how well the "User Manager for Domains" is > > supported in Samba 3.0.1-2, but without success. > > Does anybody have some experience with this tool ? > > > > In my smb.conf i have added the following lines: > > > > //--snip--// > > > > add machine script = /usr/sbin/useradd -d /dev/null -g 100 -s > > /bin/false -M "%u" > > add user script = /usr/sbin/useradd "%u" > > add group script = /usr/sbin/groupadd "%g" > > add user to group script = /usr/bin/gpasswd -a "%u" "%g" > > delete user from group script = /usr/bin/gpasswd -d "%u" "%g" > > set primary group script = /usr/sbin/usermod -g "%g" "%u" > > delete user script = /usr/sbin/userdel "%u" > > delete group script = /usr/sbin/groupdel "%g" > > > > //--snip--// > > > > > > Best regards > > Erik Holst Trans > > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: Transfering Machine Accounts / MACHINE.SID
On Mon, 29 Dec 2003, Craig White wrote: > On Mon, 2003-12-29 at 08:08, Sharp, Clint wrote: > > > Passdb backend = ldapsam:"ldap://master ldap://slave"; works just fine > > for me. I have the passwd program set to /usr/bin/passwd and Samba > > updates the Samba related entries in the Master LDAP (with passwd > > updating the posixAccount related entries). Took me a while to find the > > ldapsam:"ldap://master ldap://slave"; workaround too, but it's worked > > flawlessly for me in production since. > > perhaps this is a problem with only the version of Samba 3 that shipped > in Red Hat AS 3 but if I put in... > > passdb backend = ldapsam:ldap://localhost/ ldap://slave/ You must delimit the two instances with double quotes as follows" passdb backend = ldapsam:"ldap://master ldap://slave"; > > I end up with the following in /var/log/samba/log.smbd... > > [2003/12/29 10:04:58, 0] > passdb/pdb_interface.c:make_pdb_methods_name(447) > No builtin nor plugin backend for ldap found > Correct. It sees the second entry (the one after the space) as a request for another backend, not as the same backend as the one specified by ldapsam:ldap://master. > Official Samba-3 Howto also states that default (meaning undeclared > value) for ldap ssl = Start_tls but that doesn't seem to be the case. Page reference please - I need to fix that. The default is: ldap ssl = Yep, that is a blank. This is output from Saturday's CVS tree: [EMAIL PROTECTED]:~/Samba.Org> testparm -s -v | grep ldap Load smb config files from /etc/samba/smb.conf Can't find include file /etc/samba/machine. Processing section "[homes]" Processing section "[print$]" Processing section "[netlogon]" Processing section "[Profiles]" Processing section "[printers]" Processing section "[media]" Processing section "[data]" Processing section "[cdr]" Processing section "[apps]" Loaded services file OK. ldap suffix = ldap machine suffix = ldap user suffix = ldap group suffix = ldap idmap suffix = ldap filter = (uid=%u) ldap admin dn = ldap ssl = ldap passwd sync = no ldap delete dn = No ldap replication sleep = 1000 - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: Transfering Machine Accounts / MACHINE.SID
Quotes are required around the two ldap:// URIs AFAIK. I've not used AS 3, but on 8 I've always built from Source RPM as I've also added ACL support (pretty easy with the Redhat kernels, and even though they say it's not stable, I've yet to have any problems with it). I'd go grab Samba 3.0.1 source RPMs from the Samba website and build from there, or even upgrade to 3.0.1 from the Redhat RPMs on the Samba site, as those are known to have proper LDAP support included. Clint > -Original Message- > perhaps this is a problem with only the version of Samba 3 > that shipped in Red Hat AS 3 but if I put in... > > passdb backend = ldapsam:ldap://localhost/ ldap://slave/ > > I end up with the following in /var/log/samba/log.smbd... > > [2003/12/29 10:04:58, 0] > passdb/pdb_interface.c:make_pdb_methods_name(447) > No builtin nor plugin backend for ldap found > > Official Samba-3 Howto also states that default (meaning undeclared > value) for ldap ssl = Start_tls but that doesn't seem to be the case. > > Craig > > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: Transfering Machine Accounts / MACHINE.SID
On Mon, 2003-12-29 at 08:08, Sharp, Clint wrote: > Passdb backend = ldapsam:"ldap://master ldap://slave"; works just fine > for me. I have the passwd program set to /usr/bin/passwd and Samba > updates the Samba related entries in the Master LDAP (with passwd > updating the posixAccount related entries). Took me a while to find the > ldapsam:"ldap://master ldap://slave"; workaround too, but it's worked > flawlessly for me in production since. perhaps this is a problem with only the version of Samba 3 that shipped in Red Hat AS 3 but if I put in... passdb backend = ldapsam:ldap://localhost/ ldap://slave/ I end up with the following in /var/log/samba/log.smbd... [2003/12/29 10:04:58, 0] passdb/pdb_interface.c:make_pdb_methods_name(447) No builtin nor plugin backend for ldap found Official Samba-3 Howto also states that default (meaning undeclared value) for ldap ssl = Start_tls but that doesn't seem to be the case. Craig -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Open Source W2k Policy Implementation (was Re: Windows2000 policies in a Samba PDC)
Clint, Thanks for responding. As I think through the issues and consider what is safe to document it is important that I do not overlook material that ought to be documented. On the other hand, experience has taught me that anything that goes into print becomes law. For that reason I am reluctant to point readers at marginal, speculative, or shifting-sand technologies and methods. Great intentions are seldom met. Despite my objectives, I have included more marginal material than I should, but it is hard to draw the line in a safe place. :) I am aware of LAM and am documenting it in the Appendix. I have also been in touch with the author (nice guy) and am confident that there will be a few refinements in the near term that will benefit users of LAM. In many areas Open Source software has a technology edge, but what it offers in technology edge it more than loses through lack of integration. Microsoft have an undeniable edge in terms of the total solution they deliver. It is therefore not suprising that we always seem to be playing catch-up. I too, am earnestly seeking input from people who have developed smart ways to implement open source solutions. The best I can contribute is through documentation. I do not aim to compete with Microsoft, rather to help Open Source oriented users to get the best mileage they can get. I also have to be brutally honest and point out where the strong points are on both sides of the debate. Samba is great technology for integrating UNIX and Windows networks. It's file and print services are legendary. Samba can replace MS Windows solutions. OpenLDAP can provide a great directory for use by Samba. But these solutions are simply not "the same" as ADS and Win2Kx. My simple goal in writing the "Samba-3 by Example" book was to document HOW example network problems could be solved using Samba-3. I thought it would be easy to do in under 200 pages. So far I am 70% done, and have already written 280 pages. There is so much more material that I could cover that it scares me. Cheers, John T. On Mon, 29 Dec 2003, Sharp, Clint wrote: > John, > > What I've done so far is mostly a hack. I've implemented some custom > VBS scripts at login to install software (that only works part of the > time because my method for granting the users admin priviledges is a UI > based VBS hack which types the password in for them from an encrypted > VBS script) and I've yet to implement any Windows policies as I've not > been motivated enough to dig up poledit.exe or figure out how to > implement them with Samba (although admittedly I'm sure your book would > go great strides to helping me with that). Right now we're implementing > policies the old fashioned way, "Screw up the computer you're fired." :) > > For the same reason LDAP and it's associated open source management > tools (I'm a big fan of LAM which is in beta now at > http://sf.net/project/lam) are great for allowing us to get away from > NT4 based management tools, I've become increasingly aware there's no > way to implement NT4 based policies w/o having to have NT based > management tools (of which I'm not sure Microsoft's license allows one > to use them w/o NT4 installed). I've begun thinking an expandable > architecture based on an open-source NT service installed on the clients > could help us solve many of the problems we're still relying on NT tools > for. This could possibly even allow us to implement new ideas since we > would have a priveledged executable running on the workstations. > > However, I'm merely thinking at this point, and I don't want to > re-invent the wheel either (well, anyone but Microsoft's wheel, as their > tools are becoming dated and may not be supported in future Windows > desktop releases). If someone has a way to solve the problems I've > listed below in an easily manageable way w/o using Microsoft tools, I'd > be glad to help them as I've said previously. > > So in summary, I'm interested if someone has started work like this, and > in response to your last post, I don't have anything worth putting in > your book at this point, I'm merely looking for other people who might > have started work on something like this. > > Clint > > > > > -Original Message- > > From: John H Terpstra [mailto:[EMAIL PROTECTED] > > Sent: Monday, December 29, 2003 11:11 AM > > To: Sharp, Clint > > Cc: samba > > Subject: Re: [Samba] Open Source W2k Policy Implementation > > (was Re: Windows2000 policies in a Samba PDC) > > > > > > Clint, > > > > In my new book "Samba-3 by Example", which will be released > > to open source when the book is in print, I have given > > step-by-step prescriptive guidance on how to implement total > > control over client Windows workstations. I have restricted > > coverage to NT4 style profiles, even though I am fully aware > > that SYSVOL type Win2kx profiles do partly work. > > > > That book will be available in April, and will be part of the > > samba-docs project (that is where th
[Samba] pam_winbind
I have an environment at home with the following: 1. Samba PDC 2.27A 2. Windows XP Pro, login in to the domain 3. Fedora Core 1 Workstation (with machine account on the domain) On the Fedora Workstation, smb.conf is fairly simple [global] workgroup = MEPHISTOPHELES server string = Samba Server security = DOMAIN auth methods = winbind log file = /var/log/samba/%m.log max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = No wins server = 192.168.1.10 ldap ssl = no idmap uid = 1-2 idmap gid = 1-2 template shell = /bin/sh [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No Winbind is running, with I do a getent passwd, among the standard passwd file entries, I get the following: MEPHISTOPHELES\roberto:x:1:1::/home/MEPHISTOPHELES/roberto:/bin/sh MEPHISTOPHELES\joann:x:10001:1::/home/MEPHISTOPHELES/joann:/bin/sh MEPHISTOPHELES\root:x:10002:1::/home/MEPHISTOPHELES/root:/bin/sh I'm not knowedgeable when it comes to PAM configuration, but I configure two files according to the documentation I read. login file #%PAM-1.0 auth required /lib/security/pam_stack.so service=system-auth auth sufficient /lib/security/pam_winbind.so use_first_pass accountrequired /lib/security/pam_winbind.so sessionrequired /lib/security/pam_limits.so sessionrequired /lib/security/pam_mkhomedir.so umask=0022 sessionoptional /lib/security/pam_console/so and gdm file #%PAM-1.0 auth required /lib/security/pam_stack.so service=system-auth auth sufficient /lib/security/pam_winbind.so accountrequired /lib/security/pam_winbind.so sessionrequired /lib/security/pam_limits.so sessionoptional /lib/security/pam_console.so sessionrequired /lib/security/pam_mkhomedir.so skel=/etc/skel umask=0022 I still can't log in from my work station, using for example the login from the domain. Is anyone able to see where I may have gone wrong. Thank You Roberto -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: User Manager For Domains - SAMBA 3.0.1-2
Hi again, Well i did not get any response to my problem :-( The only thing i have noticed since my last posting is a log entry that seems to show up when i try to add a user with the "User Manager For Domains" (on windws 98se) I also tried to make my own "add user script" in perl, that make use of both the "adduser" and "smbpasswd" commands. But no success. This is the entry from the log. [2003/12/28 20:41:36, 1] smbd/ipc.c:api_fd_reply(292) api_fd_reply: INVALID PIPE HANDLE: I suppose that means that "UMFD" is not supported, but i find that difficult to belive cause the delete and change group member ship functions works great. //Erik Erik Holst Trans wrote: Hi, I,m running Samba 3.0.1-2 on a RedHat 9.0 box, and would like to use the "User Manager for Domains" tool to control users and groups. But i can't get it to work proberly. Deleting users and groups, change group membership on users works fine, but adding users and groups does not. I have tried to find out how well the "User Manager for Domains" is supported in Samba 3.0.1-2, but without success. Does anybody have some experience with this tool ? In my smb.conf i have added the following lines: //--snip--// add machine script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M "%u" add user script = /usr/sbin/useradd "%u" add group script = /usr/sbin/groupadd "%g" add user to group script = /usr/bin/gpasswd -a "%u" "%g" delete user from group script = /usr/bin/gpasswd -d "%u" "%g" set primary group script = /usr/sbin/usermod -g "%g" "%u" delete user script = /usr/sbin/userdel "%u" delete group script = /usr/sbin/groupdel "%g" //--snip--// Best regards Erik Holst Trans -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Open Source W2k Policy Implementation (was Re: Windows2000 policies in a Samba PDC)
John, What I've done so far is mostly a hack. I've implemented some custom VBS scripts at login to install software (that only works part of the time because my method for granting the users admin priviledges is a UI based VBS hack which types the password in for them from an encrypted VBS script) and I've yet to implement any Windows policies as I've not been motivated enough to dig up poledit.exe or figure out how to implement them with Samba (although admittedly I'm sure your book would go great strides to helping me with that). Right now we're implementing policies the old fashioned way, "Screw up the computer you're fired." :) For the same reason LDAP and it's associated open source management tools (I'm a big fan of LAM which is in beta now at http://sf.net/project/lam) are great for allowing us to get away from NT4 based management tools, I've become increasingly aware there's no way to implement NT4 based policies w/o having to have NT based management tools (of which I'm not sure Microsoft's license allows one to use them w/o NT4 installed). I've begun thinking an expandable architecture based on an open-source NT service installed on the clients could help us solve many of the problems we're still relying on NT tools for. This could possibly even allow us to implement new ideas since we would have a priveledged executable running on the workstations. However, I'm merely thinking at this point, and I don't want to re-invent the wheel either (well, anyone but Microsoft's wheel, as their tools are becoming dated and may not be supported in future Windows desktop releases). If someone has a way to solve the problems I've listed below in an easily manageable way w/o using Microsoft tools, I'd be glad to help them as I've said previously. So in summary, I'm interested if someone has started work like this, and in response to your last post, I don't have anything worth putting in your book at this point, I'm merely looking for other people who might have started work on something like this. Clint > -Original Message- > From: John H Terpstra [mailto:[EMAIL PROTECTED] > Sent: Monday, December 29, 2003 11:11 AM > To: Sharp, Clint > Cc: samba > Subject: Re: [Samba] Open Source W2k Policy Implementation > (was Re: Windows2000 policies in a Samba PDC) > > > Clint, > > In my new book "Samba-3 by Example", which will be released > to open source when the book is in print, I have given > step-by-step prescriptive guidance on how to implement total > control over client Windows workstations. I have restricted > coverage to NT4 style profiles, even though I am fully aware > that SYSVOL type Win2kx profiles do partly work. > > That book will be available in April, and will be part of the > samba-docs project (that is where the Samba-HOWTO-Collection > also has its home). > > The reasons for which I have not provided guidance specific > to Win2K GPO implementation are: > > 1. Part of the protocol is dependant on Active Directory queries > that Samba-3 can not support. > 2. NT4 Policies allow almost everything that must be achieved > without a whole lot more complicated steps that are > very easy to get wrong. > > But if you wish to help document what you have done I am most > willing to put it in the appendix and to point readers at it > from appropriate locations in the text. > > Cheers, > John T. > > On Mon, 29 Dec 2003, Sharp, Clint wrote: > > > > > Sorry for badly hacking up your reply since most of this could be > > taken out of context w/o his message, but I wanted to leave > a couple > > of the lines in there. > > > > The reason I joined the list was to ask this question. I'm > aware of > > the current situation with W2k policies, and I was > wondering if anyone > > has undertaken work to implement all or part of the W2k GPO > outside of > > Active Directory. Since essentially GPOs are simply an ACL which > > implements registry changes dependent on the policy defined in the > > GPO, I would think this is definitely possible. Maybe I'm over > > simplifying what GPOs do or possibly I only used GPO features which > > were NT4 compatible (which would mean that I could get by with .POL > > files). > > > > I'm currently trying to solve three problems in my Samba > > implementation. Two of these are irrelevant to this > discussion, but I > > want to include them as I'm considering solving them with the same > > software: > > > > * Microsoft implemented roaming profiles suck and are incredibly > > ineffecient over slow links. I'm considering re-implementing them > > using a client-side process and librsync. * Patching systems is a > > pain, as well as installating software for users. This is > generally > > part of SUS or could be part of GPO (maybe SUS creates GPOs > to install > > the updates, I dunno). The problem I've always found is getting > > around my users not having admin privile
[Samba] 3.0.0 -> 3.0.1 : group_mapping.tdb perms
Hello, I'm running Samba 3.0.0 on a PDC server with LDAP. I tested the latest version (3.0.1) on a test server with the same config files. But I get the following message in my logs if /var/lib/samba/group_mapping.tdb 's mode is set to 600 (like it is set in my 3.0.0 server). [2003/12/29 17:59:51, 0] groupdb/mapping.c:init_group_mapping(139) Failed to open group mapping database [2003/12/29 17:59:51, 0] groupdb/mapping.c:get_group_from_gid(655) failed to initialize group mappingFailed to open group mapping database [2003/12/29 17:59:51, 0] groupdb/mapping.c:get_group_from_gid(655) failed to initialize group mappingFailed to open group mapping database [2003/12/29 17:59:51, 0] groupdb/mapping.c:get_group_from_gid(655) failed to initialize group mappingFailed to open group mapping database [2003/12/29 17:59:51, 0] groupdb/mapping.c:get_group_from_gid(655) failed to initialize group mappingget_alias_user_groups: gid of user p-dinhvan doesn't exist. Check your /etc/passwd and /etc/group files To avoid this messages, I need to chmod 666 the file. Doesn't seem to be normal, is it ? When I chmod 666 the group_mapping.tdb, I get another strange message in my logs (log level = 10) : [2003/12/29 18:08:59, 1] lib/smbldap.c:smbldap_retry_open(890) Connection to LDAP Server failed for the 1 try! [2003/12/29 18:08:59, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1649) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (Insufficient access) ldapsam_search_one_group: Query was: ou=groups,dc=linux,dc=strg,dc=arte, (&(objectClass=sambaGroupMapping)(gidNumber=4294967295)) [2003/12/29 18:08:59, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1636) ldapsam_search_one_group: searching for:[(&(objectClass=posixGroup)(gidNumber=4294967295))] [2003/12/29 18:08:59, 0] lib/smbldap.c:smbldap_open(801) smbldap_open: cannot access LDAP when not root.. The gidNumber seems ... big... the last user manipulated by samba is p-dinhvan, who has : gidNumber: 100 sambaSID: S-1-5-21-2533171995-41200505-3792937173-4156 uidNumber: 1578 sambaPrimaryGrouSID: S-1-5-21-2533171995-41200505-3792937173-513 This message doesn't seem to make problems for the user's logon. I found nothing answering to this problem in the lists archives... Thank you PS : sorry for my poor english -- Pierre Dinh-van -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Open Source W2k Policy Implementation (was Re: Windows2000 policies in a Samba PDC)
Clint, In my new book "Samba-3 by Example", which will be released to open source when the book is in print, I have given step-by-step prescriptive guidance on how to implement total control over client Windows workstations. I have restricted coverage to NT4 style profiles, even though I am fully aware that SYSVOL type Win2kx profiles do partly work. That book will be available in April, and will be part of the samba-docs project (that is where the Samba-HOWTO-Collection also has its home). The reasons for which I have not provided guidance specific to Win2K GPO implementation are: 1. Part of the protocol is dependant on Active Directory queries that Samba-3 can not support. 2. NT4 Policies allow almost everything that must be achieved without a whole lot more complicated steps that are very easy to get wrong. But if you wish to help document what you have done I am most willing to put it in the appendix and to point readers at it from appropriate locations in the text. Cheers, John T. On Mon, 29 Dec 2003, Sharp, Clint wrote: > > -Original Message- > > On Mon, 29 Dec 2003, [ISO-8859-1] Áncor González Sosa wrote: > > > > With Samba you can do only what you can do with NT4 using the > > NTConfig.POL file. > > > > > > You can copy the files Win2K creates in > > c:\WINNT\SYSVOL\sysvol\domainname\profiles to a share called > > "SYSVOL" under the path: > > /var/lib/sysvol/sysvol/domainname/profiles/... > > Where the root of the SYSVOL share is /var/lib/sysvol. > > > > From my experimentation this only partly works at best. Only NT4 > > NTConfig.POL policies work consistently. > > > > The other choice you have is to edit the NTUSER.DAT from the > > users' profile, add the policy settings in it, then save it back. > > > > To do this you must load the NTUSER.DAT file as an add-on > > hive in regedt32. Edit, then unload the hive. Be careful with > > this! It can ruin your day! > > > > > > No to create that you must use the NT4 Group Policy Editor. > > No alternative exists. > > > > > > Sorry. Not possible today. > > > > > > - John T. > > -- > > John H Terpstra > > Email: [EMAIL PROTECTED] > > Sorry for badly hacking up your reply since most of this could be taken > out of context w/o his message, but I wanted to leave a couple of the > lines in there. > > The reason I joined the list was to ask this question. I'm aware of the > current situation with W2k policies, and I was wondering if anyone has > undertaken work to implement all or part of the W2k GPO outside of > Active Directory. Since essentially GPOs are simply an ACL which > implements registry changes dependent on the policy defined in the GPO, > I would think this is definitely possible. Maybe I'm over simplifying > what GPOs do or possibly I only used GPO features which were NT4 > compatible (which would mean that I could get by with .POL files). > > I'm currently trying to solve three problems in my Samba implementation. > Two of these are irrelevant to this discussion, but I want to include > them as I'm considering solving them with the same software: > > * Microsoft implemented roaming profiles suck and are incredibly > ineffecient over slow links. I'm considering re-implementing them using > a client-side process and librsync. * Patching systems is a pain, as > well as installating software for users. This is generally part of SUS > or could be part of GPO (maybe SUS creates GPOs to install the updates, > I dunno). The problem I've always found is getting around my users not > having admin priviledges on their machines. I've found several free > su-like implementations for Windows, but all still require a password on > the command line or are just too insecure for me if they don't. I'm > considering implementing a service which would patch software on the > Windows machine based on output from a server process running on my > Samba servers (possibly only the PDC). * As mentioned before, I'd like > an open-source implementation of W2k GPOs. This wouldn't run using > Microsoft's GPO process, instead it would be implemented by a > client-side process which would make the necessary changes. > > Has anyone currently started work fixing any of these? I'm ready to > trash all the custom work I've done to solve these problems and start > fresh with something that'll work cleanly and smoothly. I've got some > ideas for architecture including development language, communications > protocols, etc, but nothing's firm, and I'd be glad to contribute to > someone who's already started a project which solves one or more of the > above problems. If not, if anyone else is interested in the above > problems and wants to start work on a new project which would solve > those, I'd be happy to discuss with you offline. > > Cheers, > Clint > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > --
Re: [Samba] samba 3.0 - ldap - pdc
Wolfgang, What script are you calling, and with what parameters for "add user script" and "add machine script"? If you do not have them you will have the exact problem you have reported. Cheers, John T. On Mon, 29 Dec 2003, Wolfgang Pichler wrote: > hi all, > > i am actually trying to get samba 3.01 (on SLES 8.0) working as PDC with > the ldap backend. I have already configured nsswitch to also use ldap > for groups and passwords (the root user is still in the /etc/passwd file > - i can't imagine that putting the root user into openldap is a really > good idea). > > There is one sentence in the howto > (http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.html#create_ldap_recs) > which i don't understand complete - "Remember that if you need join a > XP to the domain, an uidNumber=0 account is ALSO required (ie > Administrator or root accounts)." - should this mean that i need (when > i'd like to join XP's - not win2k?) to add the objectClass posixaccount > to the Administrator entrie with the uidNumber 0 ? - If this is so - > doesn't this collidates then with the root user in the /etc/passwd file > ? > > There is also another thing - I've triied to add a workstation with: > "smbpasswd -a -m nomicro$ -D 256" - then i got this: > --- > some messages about connecting... > The LDAP server is succesful connected > pdb backend ldapsam has a valid init > Attempting to find an passdb backend to match guest (guest) > Found pdb backend guest > pdb backend guest has a valid init > smbldap_search_suffix: searching > for:[(&(uid=nomicro$)(objectclass=sambaSamAccount))] > smbldap_open: already connected to the LDAP server > ldapsam_getsampwnam: Unable to locate user [nomicro$] count=0 > Finding user nomicro$ > Trying _Get_Pwnam(), username as lowercase is nomicro$ > Trying _Get_Pwnam(), username as uppercase is NOMICRO$ > Checking combinations of 0 uppercase letters in nomicro$ > Get_Pwnam_internals didn't find user [nomicro$]! > Failed to initialise SAM_ACCOUNT for user nomicro$. > Failed to modify password entry for user nomicro$ > -- > > this looks like it is searching for the user so that it can alter his > password - but i wanted to add the user not to alter the password, so > what is here wrong. > > and, the relevant parts from my smb.conf > - > [global] > workgroup = DIALOG-TELEKOM > netbios name = ZION > comment = Dialog PDC > security = user > null passwords = Yes > encrypt passwords = yes > logon drive = U: > logon path = \\%N\profiles\%g > domain master = yes > domain logons = yes > preferred master = yes > os level = 255 > wins support = yes > public = No > browseable = No > writable = No > debug level = 255 > # ldap parameters > passdb backend = ldapsam > ldap admin dn = "cn=administrator,dc=dialog-telekom,dc=at" > ldap suffix = dc=dialog-telekom,dc=at > ldap machine suffix = ou=computers > ldap user suffix= ou=people > ldap ssl = No > ldap delete dn = no > --- > > hope this arn't stupid questions ;-) > > have a nice day > wolfi > > -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Winbind-Cyrus-Outlook
Andrew: I now have it working fine. It was a case sensitive issue. When Outlook send the DOMAINNAME+username it made it all lower case. I had to make the imap server mailboxes lower case not mixed case like winbind has it. Is there a way to alias the user names? I.e. TESTDOMAIN+tbranson = tbranson? -Original Message- From: Andrew Bartlett [mailto:[EMAIL PROTECTED] Sent: Friday, December 26, 2003 4:59 PM To: Tim Branson Cc: '[EMAIL PROTECTED]' Subject: Re: [Samba] Winbind-Cyrus-Outlook On Thu, 2003-12-18 at 05:00, Tim Branson wrote: > I have been using Winbind for some time. We are now looking to use IMAP to > replace Exchange. Currently we have configured Winbind to join our domain. > Shares work fine and the ability to assign rights from the command line work > fine for domain users is fine. > > > > The problem is that when outlook sends the user name and password to Winbind > and PAM it bails out. When I see the users in Linux they are listed as > DOMAIN+username. When Outlook passes the name and password it sends it as > domain+username. How can I get Winbind to pass the proper case. It's a > sure thing that Micro$oft won't provide me a fix. Has anyone else run into > this? It shouldn't matter. What makes you think that the case of the username is causing this problem? Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Open Source W2k Policy Implementation (was Re: Windows2000 policies in a Samba PDC)
> -Original Message- > On Mon, 29 Dec 2003, [ISO-8859-1] Áncor González Sosa wrote: > > With Samba you can do only what you can do with NT4 using the > NTConfig.POL file. > > > You can copy the files Win2K creates in > c:\WINNT\SYSVOL\sysvol\domainname\profiles to a share called > "SYSVOL" under the path: > /var/lib/sysvol/sysvol/domainname/profiles/... > Where the root of the SYSVOL share is /var/lib/sysvol. > > From my experimentation this only partly works at best. Only NT4 > NTConfig.POL policies work consistently. > > The other choice you have is to edit the NTUSER.DAT from the > users' profile, add the policy settings in it, then save it back. > > To do this you must load the NTUSER.DAT file as an add-on > hive in regedt32. Edit, then unload the hive. Be careful with > this! It can ruin your day! > > > No to create that you must use the NT4 Group Policy Editor. > No alternative exists. > > > Sorry. Not possible today. > > > - John T. > -- > John H Terpstra > Email: [EMAIL PROTECTED] Sorry for badly hacking up your reply since most of this could be taken out of context w/o his message, but I wanted to leave a couple of the lines in there. The reason I joined the list was to ask this question. I'm aware of the current situation with W2k policies, and I was wondering if anyone has undertaken work to implement all or part of the W2k GPO outside of Active Directory. Since essentially GPOs are simply an ACL which implements registry changes dependent on the policy defined in the GPO, I would think this is definitely possible. Maybe I'm over simplifying what GPOs do or possibly I only used GPO features which were NT4 compatible (which would mean that I could get by with .POL files). I'm currently trying to solve three problems in my Samba implementation. Two of these are irrelevant to this discussion, but I want to include them as I'm considering solving them with the same software: * Microsoft implemented roaming profiles suck and are incredibly ineffecient over slow links. I'm considering re-implementing them using a client-side process and librsync. * Patching systems is a pain, as well as installating software for users. This is generally part of SUS or could be part of GPO (maybe SUS creates GPOs to install the updates, I dunno). The problem I've always found is getting around my users not having admin priviledges on their machines. I've found several free su-like implementations for Windows, but all still require a password on the command line or are just too insecure for me if they don't. I'm considering implementing a service which would patch software on the Windows machine based on output from a server process running on my Samba servers (possibly only the PDC). * As mentioned before, I'd like an open-source implementation of W2k GPOs. This wouldn't run using Microsoft's GPO process, instead it would be implemented by a client-side process which would make the necessary changes. Has anyone currently started work fixing any of these? I'm ready to trash all the custom work I've done to solve these problems and start fresh with something that'll work cleanly and smoothly. I've got some ideas for architecture including development language, communications protocols, etc, but nothing's firm, and I'd be glad to contribute to someone who's already started a project which solves one or more of the above problems. If not, if anyone else is interested in the above problems and wants to start work on a new project which would solve those, I'd be happy to discuss with you offline. Cheers, Clint -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3.0 - ldap - pdc
Wolfgang Pichler a écrit : hi, thanx for this fast reply at http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.html#smbpasswd there is documented that -- Example for (-a )dd a new (-m)achine named icb$ with debug (-D ) set to 256: ./bin/smbpasswd -m -a icb$ -D 256 -- this command is needed to add a machine to my PDC - but there isn't mentioned that i first have to create an user account with the same name (which doesn't seems to be logically to me). The aboce command should create the account (or i am wrong?) wolfi Am Mo, den 29.12.2003 schrieb Stéphane Purnelle um 15:51: Wolfgang Pichler a écrit : hi all, i am actually trying to get samba 3.01 (on SLES 8.0) working as PDC with the ldap backend. I have already configured nsswitch to also use ldap for groups and passwords (the root user is still in the /etc/passwd file - i can't imagine that putting the root user into openldap is a really good idea). There is one sentence in the howto (http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.html#create_ldap_recs) which i don't understand complete - "Remember that if you need join a XP to the domain, an uidNumber=0 account is ALSO required (ie Administrator or root accounts)." - should this mean that i need (when i'd like to join XP's - not win2k?) to add the objectClass posixaccount to the Administrator entrie with the uidNumber 0 ? - If this is so - doesn't this collidates then with the root user in the /etc/passwd file ? There is also another thing - I've triied to add a workstation with: "smbpasswd -a -m nomicro$ -D 256" - then i got this: --- some messages about connecting... The LDAP server is succesful connected pdb backend ldapsam has a valid init Attempting to find an passdb backend to match guest (guest) Found pdb backend guest pdb backend guest has a valid init smbldap_search_suffix: searching for:[(&(uid=nomicro$)(objectclass=sambaSamAccount))] smbldap_open: already connected to the LDAP server ldapsam_getsampwnam: Unable to locate user [nomicro$] count=0 Finding user nomicro$ Trying _Get_Pwnam(), username as lowercase is nomicro$ Trying _Get_Pwnam(), username as uppercase is NOMICRO$ Checking combinations of 0 uppercase letters in nomicro$ Get_Pwnam_internals didn't find user [nomicro$]! Failed to initialise SAM_ACCOUNT for user nomicro$. Failed to modify password entry for user nomicro$ -- this looks like it is searching for the user so that it can alter his password - but i wanted to add the user not to alter the password, so what is here wrong. and, the relevant parts from my smb.conf - [global] workgroup = DIALOG-TELEKOM netbios name = ZION comment = Dialog PDC security = user null passwords = Yes encrypt passwords = yes logon drive = U: logon path = \\%N\profiles\%g domain master = yes domain logons = yes preferred master = yes os level = 255 wins support = yes public = No browseable = No writable = No debug level = 255 # ldap parameters passdb backend = ldapsam ldap admin dn = "cn=administrator,dc=dialog-telekom,dc=at" ldap suffix = dc=dialog-telekom,dc=at ldap machine suffix = ou=computers ldap user suffix= ou=people ldap ssl = No ldap delete dn = no --- hope this arn't stupid questions ;-) have a nice day wolfi Have you created the account nomicro ? smbuseradd -w nomicro Could you see in your LDAP tree is you are a nomicro$$, samba add the '$' directly. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] installing gui interfaces for samba
kent E. wrote: i've browse the web and found 'Smb4K - An SMB share browser for KDE' since this is something similar like a windows sharing this would be safer for our newbie(unix) users but i have problem installing the package === checking for Qt... configure: error: Qt (>= Qt 3.1 (20021021)) (headers and libraries) not found. Please check your installation! For more details about this problem, look at the end of config.log. i already installed the qt ver 3.1++ [EMAIL PROTECTED] smb4k-0.3.1]# rpm -qa qt qt-3.1.1-6 You might want to try to find an RPM for your distro for that program. Another good SMB browser I've found is Xfsamba. -- Andrew Gaffney -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How to send a domain wide message with smbclient?
From a quick glance at the script, it does the same thing as the script that I posted. Travis L. Bean wrote: I found a working script to send a domain wide message: http://www.netsys.com/sunmgr/1998-10/msg00122.html. This is a modified version of the /examples/misc/wall.perl included in the Samba 3.x.x distribution. The wall.perl script in the Samba distribution appears to be broken, because it does not send a message unless a host name is provided. Perhaps someone on the samba team would be so kind as to view the differences between these two scripts and incorporate these modifications into the wall.perl script that is included in the Samba distribution. Thanks, Travis -Original Message- From: Andrew Gaffney [mailto:[EMAIL PROTECTED] Sent: Sunday, December 28, 2003 6:05 AM To: Travis L. Bean Cc: [EMAIL PROTECTED] Subject: Re: [Samba] How to send a domain wide message with smbclient? Travis L. Bean wrote: Is there a way to send a message to all users currently logged into a Samba domain controller? The reason why I ask is that I have a Samba 3.x.x primary/backup domain controller setup and as soon as the system monitor detects that the primary domain controller is offline I would like to execute a command to send a domain wide message telling all domain users to save their work to the local machine, log off the pdc and log back in to the bdc. Is there a way to accomplish this with smbclient or another open source software solution? You can send a message with a command such as 'echo "Testing" | smbclient -M '. I don't know if there is a way to send a message to all clients. You could try to do it yourself. If you have any bash/sed/awk or perl abilities, you could write a script that parses the output of 'smbstatus' to determine which clients are currently logged on to the domain. It could then go through a loop and send the message to every client. In perl: #!/usr/bin/perl open PIPE, "smbstatus |"; foreach $line () { if($line =~ /\d+\s+(\S+)\s+\S+\s+(\S+)\s+\((.+)\)/) { system "echo 'Attention user $1! PDC is down. Please save all work to local disk, logout, and log back in on the BDC.' | smbclient -M $2 -I $3"; } } I ran a brief test on this and it appears to work correctly with 3.0.1. -- Andrew Gaffney -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] ntlm_auth problem in Squid 2.5
Would is be possible to create a winbind group and add squid to the group, then change ownership on the winbind directory to root.winbind instead of root.squid? root.squid seems to work, but root.winbind not? am I missing something in the way that groups work on linux? Regards Rabie ** -- NOTICE -- This message contains privileged and confidential information intended only for the person or entity to which it is addressed. Any review, retransmission, dissemination, copy or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient, is prohibited. If you received this message in error, please notify the sender immediately by e-mail, facsimile or telephone and thereafter delete the material from any computer. Metropolitan Health Group, its subsidiaries or associates do not accept liability for any personal views expressed in this message. ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: Transfering Machine Accounts / MACHINE.SID
> -Original Message- > Tried what? ;-) > > Setup : >unix password sync = yes >passwd program = /usr/local/sbin/ldap-passwd.pl %u > > Note: ldap-passwd.pl is custom script to modify userpassword > attribute, > modify master server/able to chase referral if any. > > BDC -> Slave Openldap: > > 1. ldapmanager as replica account. > User was able to change password from Win WS. > ldap-passwd.pl update master, samba update slave. > > 2. ldapmanager not as replica account. > - user unable to change password, err from Windows is "you > did not have permision to change your password". > - run smbpasswd to change user password also giving error. > > but i did not try : > passdb backend = ldapsam:"ldap://slave ldap://master"; > Will it solve my problem? > > Another question: > On what interval client changed their machine password? is it > triggered forn client or server? > > > --beast Passdb backend = ldapsam:"ldap://master ldap://slave"; works just fine for me. I have the passwd program set to /usr/bin/passwd and Samba updates the Samba related entries in the Master LDAP (with passwd updating the posixAccount related entries). Took me a while to find the ldapsam:"ldap://master ldap://slave"; workaround too, but it's worked flawlessly for me in production since. Clint -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] multi subnetted network (was: CIDR notation in config file)
> -Original Message- > I have a slightly different problem, but it is veeery > similar: I have a number of machines with variu\ous OS, some > uses real M$ > client/server, other use samba (in server mode). > These are set in a MS domain . > most machine have a 192.168.a.* address , other a public b.c.d.* > address , the PDC and BDC have two NIC on both networks. > It works fine. > However i have some [win 2k] clients that are either on b.c.e.* and > 192.169.f.* or worse are behind a natting firewall that convert > [symmetrically dnat/snat] the private addresses thay have in > a "remote" > rentwork into unique b.c.d.* addresses . > While if i login locally and try to access remote servers i > have almost no > problem (except a very, very, interesting effect, see below) > if i stay > outside one of the "home"network i have the following problems: > (note: the routers are linux server with statical routes and > no firewalling > active, all addresses, either private or public are static) > 1. I cannot add new windows hosts to the domain, since it > say that no > domain server is found, althought if i plug in one of the home > networks i can add > 2. Once i have added and move to the "remote" network i cannot use > the authenthication of user at login, since it say thet > PDC is not > reacheable. However i can, if i login as a local user, > access to the > shares in that host, that ask me domain/username/password [so > i can corfirm that routing is really working] >3. From machine behind DNAT/SNAT i cannot even change > permissions since i cannot get the list of user/group > from domain ! . 4. the final problem, that I mentioned before: > From machines behind NAT i can access the server but ... > If the client is XP pro i can access only > server with win2k or samba3.0 . No luck with hosts with NT4 sp6 > But if i plug it in the home networks, directly, i can > access the NT4 > servers again.. Win2k works ok, instead ! > > Any idea/ihint/explaination/ ? > This seems like a Windows browsing problem, which would exist for machines not on the same subnet. Do you have wins support = yes in your smb.conf and the machines on all subnets set to use your Samba server as the WINS server? This should get you around most of your browsing-related issues. Clint -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3.0 - ldap - pdc
hi all, i am actually trying to get samba 3.01 (on SLES 8.0) working as PDC with the ldap backend. I have already configured nsswitch to also use ldap for groups and passwords (the root user is still in the /etc/passwd file - i can't imagine that putting the root user into openldap is a really good idea). There is one sentence in the howto (http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.html#create_ldap_recs) which i don't understand complete - "Remember that if you need join a XP to the domain, an uidNumber=0 account is ALSO required (ie Administrator or root accounts)." - should this mean that i need (when i'd like to join XP's - not win2k?) to add the objectClass posixaccount to the Administrator entrie with the uidNumber 0 ? - If this is so - doesn't this collidates then with the root user in the /etc/passwd file ? There is also another thing - I've triied to add a workstation with: "smbpasswd -a -m nomicro$ -D 256" - then i got this: --- some messages about connecting... The LDAP server is succesful connected pdb backend ldapsam has a valid init Attempting to find an passdb backend to match guest (guest) Found pdb backend guest pdb backend guest has a valid init smbldap_search_suffix: searching for:[(&(uid=nomicro$)(objectclass=sambaSamAccount))] smbldap_open: already connected to the LDAP server ldapsam_getsampwnam: Unable to locate user [nomicro$] count=0 Finding user nomicro$ Trying _Get_Pwnam(), username as lowercase is nomicro$ Trying _Get_Pwnam(), username as uppercase is NOMICRO$ Checking combinations of 0 uppercase letters in nomicro$ Get_Pwnam_internals didn't find user [nomicro$]! Failed to initialise SAM_ACCOUNT for user nomicro$. Failed to modify password entry for user nomicro$ -- this looks like it is searching for the user so that it can alter his password - but i wanted to add the user not to alter the password, so what is here wrong. and, the relevant parts from my smb.conf - [global] workgroup = DIALOG-TELEKOM netbios name = ZION comment = Dialog PDC security = user null passwords = Yes encrypt passwords = yes logon drive = U: logon path = \\%N\profiles\%g domain master = yes domain logons = yes preferred master = yes os level = 255 wins support = yes public = No browseable = No writable = No debug level = 255 # ldap parameters passdb backend = ldapsam ldap admin dn = "cn=administrator,dc=dialog-telekom,dc=at" ldap suffix = dc=dialog-telekom,dc=at ldap machine suffix = ou=computers ldap user suffix= ou=people ldap ssl = No ldap delete dn = no --- hope this arn't stupid questions ;-) have a nice day wolfi -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] samba PDC & BDC
-Original Message- Machine is added to domain, no problem right, because PDC fields this whereas BDC handles most of logon chores. What if PDC/LDAP is offline? Doesn't Machine Add then get added to slave LDAP? How about if user changes his password? Do I really want the secrets.tdb to have rootdn PASSWORD? Shouldn't this be a non-rootdn in the BDC's smb.conf with only sufficient access to see sambaNTPassword & sambaLMPassword with read only and no write privileges to anything? I.E. PDC down, no password changes, no new machine accounts. Craig Craig, Usually, it's recommended you set the binddn to something other than root, but with priviledges that can modify anything needed (even on the PDC). In a BDC situation, that user canNOT have access to modify anything (and will be required to be set as the updatedn in the slapd.conf anyways, if it's a replication slave). Cheers, Clint -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smbd and microsoft-ds
Hello How to enable or run smbd service beside the nmbd service? I have two samba server 3.0.0 in a domain, both of them are domain logons, and domain master. They have almost same configuration about being the server. But only one of them running both nmbd and smbd (with netbios-ssn at 159 and microsoft-ds at port 445), and the other server only nmbd. I have check both /etc/service and /etc/inet.conf, they're same. The cause of this effect is the same user (from same LDAP server) only can change their password from server which running with microsoft-ds at 445. Is there any correlation between them? Regards Widi Pradnyana -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Anonymous printing and howto, dumb questions :-)
On Mon, 29 Dec 2003, Beast wrote: > > In samba howto collection it says : > ... > Dont use it if you want to protect your passwords. Better share the printer in > a way that does not require a password! Printing will only work if you have a > working netbios > name resolution up and running. > > How to set "anonymous shared printer" in Win 2000? > even if I give permision to anyone, Win refuses to gives list. I guess you want is a standalone printer which serves everyone on your local network. I use cups and this simple smb.conf # Samba config file created using SWAT # from 127.0.0.1 (127.0.0.1) # Date: 2003/12/29 08:09:35 # Global parameters [global] netbios name = SMALL security = SHARE passdb backend = guest ldap ssl = no hosts allow = 192.168.10. [hpdj] path = /var/spool/samba guest ok = Yes printable = Yes use client driver = Yes My /var/spool/samba is set to drwxrwxrwt . For the details - of course - you have to google around, since I don't know your OS and your printer. Hope that helps a bit. Uli. > > [EMAIL PROTECTED] SAMBA-NEW]# smbclient -L nt10-jkt > Password: > Anonymous login successful > > Sharename Type Comment > - --- > Error returning browse list: NT_STATUS_ACCESS_DENIED > Anonymous login successful > > > > --beast > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > +-+ | Peter Ulrich Kruppa | | - Wuppertal - | | Germany | +-+ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Anonymous printing and howto, dumb questions :-)
In samba howto collection it says : ... Dont use it if you want to protect your passwords. Better share the printer in a way that does not require a password! Printing will only work if you have a working netbios name resolution up and running. How to set "anonymous shared printer" in Win 2000? even if I give permision to anyone, Win refuses to gives list. [EMAIL PROTECTED] SAMBA-NEW]# smbclient -L nt10-jkt Password: Anonymous login successful Sharename Type Comment - --- Error returning browse list: NT_STATUS_ACCESS_DENIED Anonymous login successful --beast -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problems with printers
Rob Sell lists at facnd.com Mon Dec 22 17:46:29 GMT 2003 I have samba 3.0.1 running and have successfully set it up to be a print spooler, which is working great, until I tried to add more than 5 printers. I am using cups, using the cups web interface to add printers, today I added 2 more printers. They do not show up in samba, I have restarted cups, smb nmb, everything except the machine itself. Samba is set to load /etc/printcap printers, my /etc/printcap is as follows. # This file was automatically generated by cupsd(8) from the # /etc/cups/printers.conf file. All changes to this file # will be lost. 7th_Dock_Laser: Edgeley_Inkjet: Edgeley_Laser: Eng_Laser: Eng_Laser_Color: Front_Office_Big_Laser: Front_Office_Laser: Michigan_Plotter: Any ideas why only the 1st 5 printers show up in samba? The first 5 printers have max. 15 characters in their name. The last 3 printers have min. 16 characters in their name. You may have crossed a limit (bug or feature?). Rob Cheers, Kurt -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Changing ACL on Windows XP
Hello, I'm running Samba 3.0.1 (compiled with acl) on a FreeBSD 5.1-machine mit UFS2 and ACL support. I created a directory "xyz" and set the acl as follows: setfacl -dm g:groupxyz:rwx xyz setfacl -dm g:admins:rwx xyz Now I copied some files into it. So they got the Default-ACLs. When I connect from a Windows XP client (logged in as "user1", member of the admins-group) to the samba, I cannot change the permissions of the directory. I always get a "permission denied" error. What have I done wrong? Thanks for your help Holger -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Transfering Machine Accounts / MACHINE.SID
Monday, December 29, 2003, 5:52:20 PM, Andrew wrote: > Have you actually tried this? Really, we are not in the buisness of > creating solutions that simply don't work. Many production sites > (mind included) rely on our LDAP code, including the bahaviour that > allows DCs to bind to slave ldap servers, rebinding to the mster when > required. Indeed, we recently intergrated the 'ldap replication > sleep' parmaeter to assist in this process. Tried what? ;-) Setup : unix password sync = yes passwd program = /usr/local/sbin/ldap-passwd.pl %u Note: ldap-passwd.pl is custom script to modify userpassword attribute, modify master server/able to chase referral if any. BDC -> Slave Openldap: 1. ldapmanager as replica account. User was able to change password from Win WS. ldap-passwd.pl update master, samba update slave. 2. ldapmanager not as replica account. - user unable to change password, err from Windows is "you did not have permision to change your password". - run smbpasswd to change user password also giving error. but i did not try : passdb backend = ldapsam:"ldap://slave ldap://master"; Will it solve my problem? Another question: On what interval client changed their machine password? is it triggered forn client or server? --beast -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Transfering Machine Accounts / MACHINE.SID
On Mon, Dec 29, 2003 at 04:34:02PM +0700, Beast wrote: > Saturday, December 27, 2003, 1:45:33 PM, Andrew wrote: > > > On Sat, 2003-12-27 at 15:51, Beast wrote: > >> Saturday, December 27, 2003, 5:41:37 AM, Andrew wrote: > > >> If I put PDC in slave ldap, is this means that it will update the > >> slave (because samaba will bind as ldap-root which has authority of > >> updating this replica)? > >> No way to prevent samba to using other ldap account to update the > >> directory? > > > You should never list the Manager account as the replicator. Instead, > > create a new account, and use it only for the replication. That way, > > everybody who is not the replicator account will be forced to talk to > > the master. > > This is expected behaviour :-) > as long as openldap did not support multimaster or samba can not > chasing update referral, i have to live with un-synch sambapassword > attributes in ldap :-( Have you actually tried this? Really, we are not in the buisness of creating solutions that simply don't work. Many production sites (mind included) rely on our LDAP code, including the bahaviour that allows DCs to bind to slave ldap servers, rebinding to the mster when required. Indeed, we recently intergrated the 'ldap replication sleep' parmaeter to assist in this process. Andrew Bartlet -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Creation of Domain- and PDC-SID in samba
Monday, December 29, 2003, 5:24:18 AM, John wrote: > Craig, > I feel your pain, but just want to comment that I have now completed > chapter 8 of my new book "Samba-3 by Example". This chapter is called, > "Migration from NT4 to Samba-3," and in it I have documented the precise > steps for migration using LDAP ldapsam, as well as using tdbsam. > It all went pretty smoothly. > The key gotcha's I found are: You did not mention creating posixgroup for any groups in NT and NTgroup mapping as in howto? it will be handled automatically? > Note: LDAP should have only the top-level entry, plus the container > entries for People and Groups. > Of course, the choke-points are getting LDAP to accept all accounts with > both the Posix and SambaSAM entries. Is this same as using pwdump and update ldap entry manually? My entries after vampir-ing is strage, esp. on password field : loginShell: /bin/bash gecos: System User description: System User userPassword:: e2NyeXB0fXg= sambaPwdLastSet: 0 sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaPwdMustChange: 2147483647 displayName: System User sambaAcctFlags: [UX] sambaSID: S-1-5-21-2140563141-904681572-988572150-11186 sambaPrimaryGroupSID: S-1-5-21-2140563141-904681572-988572150-513 sambaHomeDrive: H: sambaLogonScript: login.cmd sambaLMPassword: XXX sambaNTPassword: XXX sambaProfilePath: \\LINJKT\profiles\jktbudhi sambaHomePath: \\LINJKT\homes Do you got similar results? --beast -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Transfering Machine Accounts / MACHINE.SID
Saturday, December 27, 2003, 1:45:33 PM, Andrew wrote: > On Sat, 2003-12-27 at 15:51, Beast wrote: >> Saturday, December 27, 2003, 5:41:37 AM, Andrew wrote: >> If I put PDC in slave ldap, is this means that it will update the >> slave (because samaba will bind as ldap-root which has authority of >> updating this replica)? >> No way to prevent samba to using other ldap account to update the >> directory? > You should never list the Manager account as the replicator. Instead, > create a new account, and use it only for the replication. That way, > everybody who is not the replicator account will be forced to talk to > the master. This is expected behaviour :-) as long as openldap did not support multimaster or samba can not chasing update referral, i have to live with un-synch sambapassword attributes in ldap :-( --beast -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] An Invitation from Group 1 Software and DM Review
Group 1 Software Data Quality: The Cornerstone of Effective Data Integration Date: January 29, 2004 Time: 2:00 p.m. ET (Duration approx. 1 hr.) FREE Web Seminar! By 2005, Fortune 1000 enterprises will lose more money in operational inefficiency due to data quality issues than they will spend on data warehouse and CRM initiatives, according to Gartner, Inc. principal analyst Ted Friedman. Because the quality of underlying data dictates the return from most operational systems, the implementation of data quality is paramount to the success of data warehouses as well as business intelligence (BI), enterprise resource planning (ERP) and CRM applications. Join Group 1 Software and featured speakers Ted Friedman of Gartner, Inc. and Nancy Rybeck of Emerson Process Management for a discussion of the complementary nature of data quality and data integration. This Web seminar will provide you: 1. Best practices in data quality implementation from a leading analyst and an experienced data warehouse architect 2. An overview of the important trends in data quality and data integration 3. The most common data quality and data integration challenges - and how to overcome them 4. Practical elements of effective data integration initiatives Please register at - http://www.dmreview.com/eletters/clickReg.cfm?URLID=3580 To unsubscribe send a blank e-mail to [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba server
Hi, suses yast inbuild smb configurator make only simple entries for smb.conf, it is not very handy to setup samba, use swat to produce a complex smb.conf which fit to your needs. or edit /etc/samba/smb.conf by vi pico or some kde editor after editing restart nmb and smb you did not write what configuration is wanted for samba ( as Pdc, with ldap? ) finally you should upgrade to samba 3.01 from suse ftp people gd, the default on suse 9 is version 2.2.8a Best Regards - Original Message - From: "Craig White" <[EMAIL PROTECTED]> To: "JACOB OUAKNINE" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Monday, December 29, 2003 8:13 AM Subject: Re: [Samba] Samba server > On Sun, 2003-12-28 at 21:54, JACOB OUAKNINE wrote: > > I currently run Suse 9 Personal. I'm trying to set up > > Samba to share files with windows XP. So far, I'm able > > so see my windows box from Suse but not Suse from XP. > > I have been trying to set up the samba server but > > can't find it In the KDE Gui. Does anyone knows how > > to set up the samba server in Suse9? All i could find > > was the client. > > Do i have to install it? When samba is installed, > > isn't the server installed with it? > > I have used RedHat 9 and was quickly able to set it > > up. Suse9 is all new to me. > > Can anyone please help? > > Thanks a million. > --- > Check out SuSE firewall/security. Turn it off for a second and try > again. > > Craig > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] multi subnetted network (was: CIDR notation in config file)
I have a slightly different problem, but it is veeery similar: I have a number of machines with variu\ous OS, some uses real M$ client/server, other use samba (in server mode). These are set in a MS domain . most machine have a 192.168.a.* address , other a public b.c.d.* address , the PDC and BDC have two NIC on both networks. It works fine. However i have some [win 2k] clients that are either on b.c.e.* and 192.169.f.* or worse are behind a natting firewall that convert [symmetrically dnat/snat] the private addresses thay have in a "remote" rentwork into unique b.c.d.* addresses . While if i login locally and try to access remote servers i have almost no problem (except a very, very, interesting effect, see below) if i stay outside one of the "home"network i have the following problems: (note: the routers are linux server with statical routes and no firewalling active, all addresses, either private or public are static) 1. I cannot add new windows hosts to the domain, since it say that no domain server is found, althought if i plug in one of the home networks i can add 2. Once i have added and move to the "remote" network i cannot use the authenthication of user at login, since it say thet PDC is not reacheable. However i can, if i login as a local user, access to the shares in that host, that ask me domain/username/password [so i can corfirm that routing is really working] 3. From machine behind DNAT/SNAT i cannot even change permissions since i cannot get the list of user/group from domain ! . 4. the final problem, that I mentioned before: From machines behind NAT i can access the server but ... If the client is XP pro i can access only server with win2k or samba3.0 . No luck with hosts with NT4 sp6 But if i plug it in the home networks, directly, i can access the NT4 servers again.. Win2k works ok, instead ! Any idea/ihint/explaination/ ? Il 28 Dec 2003 alle 23:32 Malte Starostik immise in rete > I wrote: > > Hi again, > > one of "my" networks spans several subnets for some reason or the > > other. > The whole net is 192.168.0.0/21. I'd really very very much like if I > > could put it like that into smb.conf > [...] > Args, sorry! > I promise I did try it some time ago. Now I tried again and sure as > hell it worked already. Why didn't I try before sending the mail? > Would it have worked then as well? :-) -- Leonardo Boselli Nucleo Informatico e Telematico del Dipartimento Ingegneria Civile Universita` di Firenze , V. S. Marta 3 - I-50139 Firenze tel +39 0554796431 cell +39 3488605348 fax +39 055495333 http://www.dicea.unifi.it/~leo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] id mapping / group mapping
On Mon, 29 Dec 2003, Craig White wrote: > as long as I'm showing my ignorance here...the How-to doesn't exactly > make this clear to me, I'm not all that bright... > > It would appear that if using LDAP and authentication for PAM is > properly working and that all of the uid/cn's and other necessary fields > for objectclass for both sambaSamAccount & posixAccount are within the > same record that there isn't really any need for id mapping/group > mapping or even winbind. > > Am I missing something here? You are! :) The group membership will be stored in LDAP groups entries. The "net groupmap" stuff will live in LDAP, but mappings are still applied. Winbind is essential to handle SIDs from foreign domains, as well as from workstations that are not domain members. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows2000 policies in a Samba PDC
On Mon, 29 Dec 2003, [ISO-8859-1] Áncor González Sosa wrote: > I'm installing a Samba 3.0 PDC with LDAP backend in a classroom in > a Spanish school. Client workstations are Windows2000 and, in the future, > there will be Linux clients. > > I'm following the Samba Project Documentation book (also known as Samba > Howto Collection). The document is wonderfull, but there is a part that > I don't fully understand, maybe because, as you can read, I'm not a > native English speaker. :-( > I work with Spanish versions of Windows, so some terms can be inexact > (is MY translation from Spanish Windows's terms to English, not > Microsoft's one). Ok. I am the author of that HOWTO. > > I want to use complete policies, centralized in the server and applied > depending of the user and the groups the user belongs to. I want to use > those features that W2000 policies have and WinNT lacks, like making > available particular applications to particular users and/or groups. > After reading the document, I'm not sure of the way I can manage > those advances policies without having a W2K Server: With Samba you can do only what you can do with NT4 using the NTConfig.POL file. > > * It's said in the document (23.2.3) that W2k policies are not stored in the >NETLOGON share (like it's done with NT policies) but rather part of a >Windows 200x policy file is stored in the Active Directory itself and the >other part is stored in a shared (and replicated) volume called the >SYSVOL folder. > > * It's also said (23.3) that policy files contains the registry settings for >all users, groups, and computers, so only a policy file is necessary for >managing a whole domain. > > * The document also says (23.2.3.1) that W2k policies must be created with >a Microsoft Management Console (MMC) snap-in. >Start -> Programs ->Admntive Tools-> Active Directory Users and Computers > >Right-click on the OU -> Properties -> Group Policy > > Well, when I use this tool, I need to create some GPOs for totally defining a > policy. For each GPO I create, a complex directory is created in: >c:\WINNT\SYSVOL\sysvol\domainname\profiles > This created folder includes several subfolders and files You can copy the files Win2K creates in c:\WINNT\SYSVOL\sysvol\domainname\profiles to a share called "SYSVOL" under the path: /var/lib/sysvol/sysvol/domainname/profiles/... Where the root of the SYSVOL share is /var/lib/sysvol. >From my experimentation this only partly works at best. Only NT4 NTConfig.POL policies work consistently. The other choice you have is to edit the NTUSER.DAT from the users' profile, add the policy settings in it, then save it back. To do this you must load the NTUSER.DAT file as an add-on hive in regedt32. Edit, then unload the hive. Be careful with this! It can ruin your day! > > The document says that NTConfig.POL must be copied in NETLOGON, but using the > MMC I don't get a .POL file, but a set of complex folders! Furthermore, a part > of the policy information is supposed to be located in the AD, not in that set > of folders. No to create that you must use the NT4 Group Policy Editor. No alternative exists. > > I did the tests of the MMC with a W2k server that doesn't belong to the > classroom I'm configuring. In fact, I can't use that W2k server usually. > > Well, I've already explained my situation, here are the questions: > > * How can I create complex W2k policies with the W2k MMC and use them in my >Samba PDC? See above comments. > >Of course, I would like to change the policies (or, better, create them from >the beginning) without using a W2k server. It's possible? Sorry. Not possible today. > > * Maybe the client machine converts the profile in a single .POL file >(accessible in My Computer -> Properties -> User's Profiles) in the login >process. No. See comments above. >If it occurs this way, is *everything* stored in this .POL file? Including >those settings that are not applied (for example, settings for a different >group)? > >If this assumption is right, it would mean that the only way to get a >feature-rich policy ("a la" W2k, that are really more powerfull than WinNT >policies) is creating the policy in a W2k server and login afterwards from a >W2k worksation to obtain a single .POL file. >I expect there is a way of getting a W2k policy without installing and >configuring a W2k server and replacing it with Samba afterwards, so >Where are my assumptions wrong? >What is the best way for getting feature-rich W2k policies in a Samba PDC >without installing a W2k server? >Should I resign myself to using WinNT profiles (that are poorer but easier >to create)? > > Thanks a lot, I promise I will write a Spanish howto explaining everything. :) - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://li
Re: [Samba] Problems accessing Linux Shares
Guys, Samba-2.2.x does not support the "Digitally Sign'n'Seal" settings in Win2K and XP. Your choices are: a) Use Samba-2.2.x and use the registry patch to turn off signing OR b) Update to samba-3.0.x - John T. On Mon, 29 Dec 2003, Craig White wrote: > On Sun, 2003-12-28 at 17:31, Ferindo Middleton Jr wrote: > > I use Redhat Linux 9, SWAT version 2.2.7a-8.9.0 , and Samba version > > 2.2.7a-8.9.0. I have one Windows 2000 and one XP system that use the > > linuxbox as a filserver. There are various access problems with the > > Windows machines getting access to the Samba shares. > > > > The Windows2000 machine accesses the Linux shares fine (requiring > > authentication for each share and giving access rights based on the > > local acces rights of the user/password combination provided from the > > windows machine to access the linux share) > > > > However, when at the Windows XP machine, the WindowsXP system can > > 'see' the host and it's shares on the network (my LAN) but when I > > double-click on the share, I get a Windows error message saying it > > cannot 'find the path' to the network share... > > > > Why is this happening? > > > > I never use 'security = share' so I won't guess but my thinking is that > somewhere in /var/log/samba is a log file (log.workstation or > log.ipaddress) that will provide a very good clue. > > Craig > > -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Clustering and winbindd
On Mon, 29 Dec 2003, Peter Giorgilli wrote: > Hi all! > > I'm working on a project that, funnily enough, involves clustering and > "winbindd". Specifically, we have a 2-node cluster configured in an > active-active configuration whereby both servers are running Samba, each > "exporting" different filesystems that are backed on a shared storage > subsystem such that at any given time, one node can takeover from the other. > > The problem: if I run "winbindd" on both systems independently, the > Windows-domain user accts are mapped to different UNIX uids/gids, which in turn > creates a problem when a particular share is relocated from one node to > the other because of the different file permissions. (Ideally, both nodes would see > the same "winbindd_idmap.tdb".) > > Can I effectively configure "winbindd" in a master/backup configuration such > that only one of the nodes is able to update the database, whilst the other is only > able to read the database? I thought to set the "winbind cache time" > to a value such as 1 day that would effectively relegate one of the nodes to > "backup" status. At the same time, the "backup" server would periodically "rsync" > the "winbindd_idmap.tdb" database to pickup any changes. > > Can anyone see any problems with this approach and/or suggest a better way of > going about it? > > I should also mention that I'm running on Red Hat Linux Advanced Server > release 2.1AS, using the latest "rpm" released by Red Hat which as best I can > understand is based on Samba release 2.2.7, plus select patches back-ported from > 2.2.8. You should update to samba-3.0.0 or later. USA LDAP backend, and use: idmap backend = ldap://your-ldap-server This way both servers will have a common mapping of SIDs to UID/GIDs. Cheers, John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Install from rpm - suse 8.2
Hi all, I try install it from samba3-3.0.1pre3-0.i586.rpm. In the rpm there is a file: /INFO/PROVIDES So, has only these features been compiled to rpm? I need acl, ldap support. Thanks! Roland -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] id mapping / group mapping
as long as I'm showing my ignorance here...the How-to doesn't exactly make this clear to me, I'm not all that bright... It would appear that if using LDAP and authentication for PAM is properly working and that all of the uid/cn's and other necessary fields for objectclass for both sambaSamAccount & posixAccount are within the same record that there isn't really any need for id mapping/group mapping or even winbind. Am I missing something here? Craig -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Windows2000 policies in a Samba PDC
I'm installing a Samba 3.0 PDC with LDAP backend in a classroom in a Spanish school. Client workstations are Windows2000 and, in the future, there will be Linux clients. I'm following the Samba Project Documentation book (also known as Samba Howto Collection). The document is wonderfull, but there is a part that I don't fully understand, maybe because, as you can read, I'm not a native English speaker. :-( I work with Spanish versions of Windows, so some terms can be inexact (is MY translation from Spanish Windows's terms to English, not Microsoft's one). I want to use complete policies, centralized in the server and applied depending of the user and the groups the user belongs to. I want to use those features that W2000 policies have and WinNT lacks, like making available particular applications to particular users and/or groups. After reading the document, I'm not sure of the way I can manage those advances policies without having a W2K Server: * It's said in the document (23.2.3) that W2k policies are not stored in the NETLOGON share (like it's done with NT policies) but rather part of a Windows 200x policy file is stored in the Active Directory itself and the other part is stored in a shared (and replicated) volume called the SYSVOL folder. * It's also said (23.3) that policy files contains the registry settings for all users, groups, and computers, so only a policy file is necessary for managing a whole domain. * The document also says (23.2.3.1) that W2k policies must be created with a Microsoft Management Console (MMC) snap-in. Start -> Programs ->Admntive Tools-> Active Directory Users and Computers Right-click on the OU -> Properties -> Group Policy Well, when I use this tool, I need to create some GPOs for totally defining a policy. For each GPO I create, a complex directory is created in: c:\WINNT\SYSVOL\sysvol\domainname\profiles This created folder includes several subfolders and files The document says that NTConfig.POL must be copied in NETLOGON, but using the MMC I don't get a .POL file, but a set of complex folders! Furthermore, a part of the policy information is supposed to be located in the AD, not in that set of folders. I did the tests of the MMC with a W2k server that doesn't belong to the classroom I'm configuring. In fact, I can't use that W2k server usually. Well, I've already explained my situation, here are the questions: * How can I create complex W2k policies with the W2k MMC and use them in my Samba PDC? Of course, I would like to change the policies (or, better, create them from the beginning) without using a W2k server. It's possible? * Maybe the client machine converts the profile in a single .POL file (accessible in My Computer -> Properties -> User's Profiles) in the login process. If it occurs this way, is *everything* stored in this .POL file? Including those settings that are not applied (for example, settings for a different group)? If this assumption is right, it would mean that the only way to get a feature-rich policy ("a la" W2k, that are really more powerfull than WinNT policies) is creating the policy in a W2k server and login afterwards from a W2k worksation to obtain a single .POL file. I expect there is a way of getting a W2k policy without installing and configuring a W2k server and replacing it with Samba afterwards, so Where are my assumptions wrong? What is the best way for getting feature-rich W2k policies in a Samba PDC without installing a W2k server? Should I resign myself to using WinNT profiles (that are poorer but easier to create)? Thanks a lot, I promise I will write a Spanish howto explaining everything. PD.- Sorry about my poor English writing. -- .--. LINUX|o_o | |¡_/ | Usuario registrado #239475 // \ \ (| | ) Áncor González Sosa /'\_ _/`\ [EMAIL PROTECTED] \___)=(___/ Debian GNU/Linux 3.0 (Woody) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba PDC & BDC
OK - I'm actually functioning but I'm afraid and I want to fill in a knowledge gap - perhaps a slight gap in the How-To Book or my ability to soak in its' wisdom. LDAP up and working on two machines, master & slave and changes made in master can be found by ldapsearch on slave faster than two up arrows and a return (gosh, it only took me 10 days but the light bulb has definitely lit). Two Linux systems PDC - Linux2 - also is LDAP master BDC - Linux1 - also is LDAP slave smbpasswd -w PASSWORD puts binddn password into secrets.tdb Machine is added to domain, no problem right, because PDC fields this whereas BDC handles most of logon chores. What if PDC/LDAP is offline? Doesn't Machine Add then get added to slave LDAP? How about if user changes his password? Do I really want the secrets.tdb to have rootdn PASSWORD? Shouldn't this be a non-rootdn in the BDC's smb.conf with only sufficient access to see sambaNTPassword & sambaLMPassword with read only and no write privileges to anything? I.E. PDC down, no password changes, no new machine accounts. Craig -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba server
On Sun, 2003-12-28 at 21:54, JACOB OUAKNINE wrote: > I currently run Suse 9 Personal. I'm trying to set up > Samba to share files with windows XP. So far, I'm able > so see my windows box from Suse but not Suse from XP. > I have been trying to set up the samba server but > can't find it In the KDE Gui. Does anyone knows how > to set up the samba server in Suse9? All i could find > was the client. > Do i have to install it? When samba is installed, > isn't the server installed with it? > I have used RedHat 9 and was quickly able to set it > up. Suse9 is all new to me. > Can anyone please help? > Thanks a million. --- Check out SuSE firewall/security. Turn it off for a second and try again. Craig -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems accessing Linux Shares
On Sun, 2003-12-28 at 17:31, Ferindo Middleton Jr wrote: > I use Redhat Linux 9, SWAT version 2.2.7a-8.9.0 , and Samba version > 2.2.7a-8.9.0. I have one Windows 2000 and one XP system that use the > linuxbox as a filserver. There are various access problems with the > Windows machines getting access to the Samba shares. > > The Windows2000 machine accesses the Linux shares fine (requiring > authentication for each share and giving access rights based on the > local acces rights of the user/password combination provided from the > windows machine to access the linux share) > > However, when at the Windows XP machine, the WindowsXP system can > 'see' the host and it's shares on the network (my LAN) but when I > double-click on the share, I get a Windows error message saying it > cannot 'find the path' to the network share... > > Why is this happening? > I never use 'security = share' so I won't guess but my thinking is that somewhere in /var/log/samba is a log file (log.workstation or log.ipaddress) that will provide a very good clue. Craig -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba