date:20130717

[Samba] i can figure out. is it config issue or bug. please help

2013-07-17 Thread Muhammad Yousuf Khan

i am using samba 3.6.5 with winbind.for active directory authentication

there is a samba share folder name Filesharing and plethora of folders
are inside it.
i have been using 2.7 stable for more then 2 years with no problem however
after my harddisk failure i had to restore data to new server. and install
samba from zero , fortunately or unfortunately samba has been updated in
debian repository to 3.5.6

root@nas:/nas/backup# smbd -V
Version 3.5.6

all user including owner user and group can see shared file but only
everyone/all users can not copy the file to there desktop or any other
location in windows 7, they receive permission denied
messages however these are the same settings that i used to work with Samba
2.7 stable.


even groups who to not have r-x permission can not copy data.
same goes for eveyone with r-x no user can copy the data.
until i give them rwx

this wasn't happening previously.

is there anyone who can help me in this regard.

Thanks,

MYK
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] New ADC configuration

2013-07-17 Thread steve

On Tue, 2013-07-16 at 18:48 -0400, Matthew Daubenspeck wrote:
 On Tue, Jul 16, 2013 at 08:45:15PM +0200, Marc Muehlfeld wrote:
  Did you clean up the tdb files on your member server? I could imagine, that
  Samba mixes the old and new domain in it's idmap cache. If it's a new
  installation and nothing important in the member servers registry (like
  print server printer settings), just remove the whole samba installation,
  'make install' again and rejoin.
 
 Well now I am out of ideas. I hosed both setups and started from
 scratch. Redid the provision with the proper rfc2307 added, and I have
 created test users and assigned them UIDs in ADUC. I can create groups
 and give them GIDs as well. I rejoined the member server, I can list all
 users, but I still get no results from id on the member server. What the
 heck could I be missing?

Are the uid entries really there?

ldbsearch --url=/usr/local/samba/private/sam.ldb cn=testuser | grep
uidNumber

BTW, you really are doing this the hard way. There is none of this
fiddling with sssd.
Cheers


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba 3.6 issues

2013-07-17 Thread wong lmark

Dear Samba Team,

There are three issues happening in my Samba 3.6.6

Issue 1: After upgrade, when upload file which is more 100mb to Samba, it
shows error File name too long cannot copy in windows xp. Tried to use 3
different pc to upload different files more than 100mb, it also fail to
transfer the file and show the error. Tested to upload file which is 25mb
or 50mb, it is okay, no problem . Before upgrade the samba 3.6, I am using
samba 3.0.28.

Issue 2: Users could logon to the pc within the domain, but the network
drive could not be mapped from 15-7-16 after 18:00 around (e.g.
\\dc01\netlogon). And the network drive could not be mapped through net use
command in windows xp. Also, the trust relationship with anthoner domain
chb lost. Attached the samba log and error screen capture for reference

Issue 3. When enter the command service smb status, it show many process
id, is it normal?

Thanks for your help.

There my smb.conf:

[global]
workgroup = HB
server string = DC01
netbios name = DC01
interfaces = eth0
hosts allow = 10. 172. 127.0.0.1
security = user
encrypt passwords = yes
unix password sync = no
socket options = SO_KEEPALIVE TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
username map = /etc/samba/smbusers
admin users = root lh2 jos1
hide unreadable = yes
smb ports = 139

local master = yes
os level = 33
domain master = no
preferred master = yes

domain logons = yes
logon path =
logon home =
#logon path = \\%L\profiles\%U
#logon path = \\%L\%U\profiles
logon drive =
#logon home = \\%L\%U
#logon home = \\%L\homes
#logon script = %U.bat
logon script = %g.bat

wins support = yes
name resolve order = wins lmhosts host
dns proxy = no

add user script = /usr/sbin/smbldap-useradd -a -m %u
add machine script = /usr/sbin/smbldap-useradd -W %u
add group script = /usr/sbin/smbldap-groupadd -a -p %g
add user to group script = /usr/sbin/smbldap-groupmod -m %u %g
delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g
set primary group script = /usr/sbin/smbldap-usermod -g %g %u

passdb backend = ldapsam:ldap://127.0.0.1
ldap delete dn = yes
ldap ssl = no
;winbind nested groups = no

ldap suffix = dc=ch,dc=com
ldap admin dn = uid=edp,dc=ch,dc=com
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Idmap
ldap passwd sync = yes
ldap delete dn = no

log file = /var/log/samba/%m.log
log level = 5
max log size = 1

   template shell = /bin/false
   ;winbind use default domain = no
   idmap uid = 16777216-33554431
   idmap gid = 16777216-33554431
[homes]
comment = Home Directories
browseable = no
writable = yes
valid users = %S

[netlogon]
comment = Network Logon Service
path = /home2/samba/netlogon
guest ok = yes
writable = no
share modes = no

[testing]
path = /home2/test
comment = testing
writable = yes
browseable = no
create mode = 0770
directory mode = 2770
public = no
valid users = @testing
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] tab key does not complete the package name or list the packages in apt-get command

2013-07-17 Thread Muhammad Yousuf Khan

i am using debian 6.0.7.
in my other debian machines when i type apt-get install samtab it give
me all item start from sam and this is a default behavour. however now for
some reason tab key is not working. is there anyone know why.

note: for other commands tab key is working fine.

Thanks,

Myk
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] tab key does not complete the package name or list the packages in apt-get command

2013-07-17 Thread L . P . H . van Belle

This is normal behavor, 
apt-get install sam(tab ) should not work. 
And if it does, then its because samXXX existe in one of the search folders.

This is not a samba thingy..  
use apt-cache search  


-Oorspronkelijk bericht-
Van: sir...@gmail.com [mailto:samba-boun...@lists.samba.org] 
Namens Muhammad Yousuf Khan
Verzonden: woensdag 17 juli 2013 10:11
Aan: samba@lists.samba.org
Onderwerp: [Samba] tab key does not complete the package name 
or list the packages in apt-get command

i am using debian 6.0.7.
in my other debian machines when i type apt-get install 
samtab it give
me all item start from sam and this is a default behavour. 
however now for
some reason tab key is not working. is there anyone know why.

note: for other commands tab key is working fine.

Thanks,

Myk
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] tab key does not complete the package name or list the packages in apt-get command

2013-07-17 Thread Muhammad Yousuf Khan

sorry, i ask in wrong lists,

see for your self what i am saying may be i can not communicate it properly.
see below result it is giving me no match. means samba is not installed.
root@virt-dev:~# dpkg -l  | grep samba
root@virt-dev:~#

now check this out.

root@virt-dev:~# apt-get install sam
sam2psamba-docsamidare
sambasamba-doc-pdfsamizdat
samba-common samba-tools  samplerate-programs
samba-common-bin samdump2 samtools
samba-dbgsamhain
root@virt-dev:~# apt-get install sam

when i hit sab after sam you can see the result for your self.

Thanks,





On Wed, Jul 17, 2013 at 1:23 PM, L.P.H. van Belle be...@bazuin.nl wrote:

 This is normal behavor,
 apt-get install sam(tab ) should not work.
 And if it does, then its because samXXX existe in one of the search
 folders.

 This is not a samba thingy..
 use apt-cache search 


 -Oorspronkelijk bericht-
 Van: sir...@gmail.com [mailto:samba-boun...@lists.samba.org]
 Namens Muhammad Yousuf Khan
 Verzonden: woensdag 17 juli 2013 10:11
 Aan: samba@lists.samba.org
 Onderwerp: [Samba] tab key does not complete the package name
 or list the packages in apt-get command
 
 i am using debian 6.0.7.
 in my other debian machines when i type apt-get install
 samtab it give
 me all item start from sam and this is a default behavour.
 however now for
 some reason tab key is not working. is there anyone know why.
 
 note: for other commands tab key is working fine.
 
 Thanks,
 
 Myk
 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  https://lists.samba.org/mailman/options/samba
 
 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] need soms tips for adding samba4 to windows 2008R2 domain

2013-07-17 Thread L . P . H . van Belle

Hai  Marc, 
Thanks for your reply. 

-Oorspronkelijk bericht-
Van: Marc Muehlfeld [mailto:sa...@marc-muehlfeld.de] 
Verzonden: maandag 15 juli 2013 19:39
Aan: L.P.H. van Belle
CC: samba@lists.samba.org
Onderwerp: Re: [Samba] need soms tips for adding samba4 to 
windows 2008R2 domain

Hello Louis,

Am 15.07.2013 12:48, schrieb L.P.H. van Belle:
 1) keep my existing windows 2008 domain.  ( contains dhcp + 
dns + AD )
  its a clean domain, no users yet. dhcp+dns is used already.

 2) add samba4 to the windows domain dc as  secondairy DC.
  ( this server wil be my zarafa mail server )

Setup and joining a Samba machine as DC you can find here:
http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC


This step, Im using bind, i already have windows setup to replicate the DNS to 
some other linux servers.
can i just point samba to the windows server, or can i use the replicated dns, 
or
do i need to setup the dns completely also for samba.

Thats not clear in the howto. 
because this howto points to : 
http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC 
( im using the enterprise samba packages on ubuntu 12.04 ) 
and http://wiki.samba.org/index.php/Dns-backend_bind 

Realy, im sorry to say, but for me the wiki is a maze of information.
to much referendes to other locations. 
the, im pointed to  
http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC 
there i read.  

This HOWTO will assume you had configured and installed Samba in the default 
location of /usr/local/samba. 
It assumes you are joining Samba to an existing domain called 
'samdom.example.com'. 

??? really im lost. 
sorry, i think its me, :-(( 





 3) add samba3/4 servers tot this domain als domain members.  
( i know this for samba3 )

http://wiki.samba.org/index.php/Samba4/Domain_Member




 4) for my remote location i also want to add samba4 servers, 
which wil get there own share for profiles.
  ( this i know )

Same as 3. But for the users who should have their profiles on the 
remote server, you have to specify their profile path in ADUC pointing 
to this server.

Some information about roaming profiles:
http://wiki.samba.org/index.php/Samba_%26_Windows_Profiles




 my old environment is running samba3 +Ldap.
 I do not need the old info with clasic upgrade, because some 
pc's have same sid's, and im setting this up for windows 7 pc's.

Here's the point, where I'm not sure, if I fully understand you. In 1 
you wrote, that you are having an AD, but with no users. Here you say 
you have a Samba NT4 style domain with users, etc.

Yes, this is correct, i now have 
1 samba domain, on which everyone is working. ( pdc+bdc ldap etc ) 
extra domain, 2 windows servers for my voip., no users on it, 
im going to use this AD, for my users, so this wil be the new domain when 
ready. 
( with newly installed pc's ) 


Do you want to bring them together? I mean keep your Windows 
Domain and 
migrate the Samba3 accounts to the domain? You can export your LDAP, 
script something around for the changes and import them in 
your AD. But 
you have to re-join your workstations then.

This is not needed, because im replacing al of the pc's from XP to Win7. 
Clean pc's in new domain, i have a pxe setup for my pc installs so thats ok. 


Or do you want a trust. But this isn't possible in both directions yet:
http://wiki.samba.org/index.php/FAQ#Does_Samba_support_trust_re
lationship_with_AD.3F

Or do you skip the old domain and join the PCs to the new Windows 
domain? Then just follow the HowTos above.

Great, im going to setup from the howto's . 
I dont need trusts.  ( and if needed i just authenticatie with DOMAIN\user to a 
server ) 
so the trust is not needed. 



If you meant something else, please give some more details :-)

Here you are. 



  Question here is, do i need the registry fixes for windows 7, if my
  windows 2008 DC if domain controller.

No registry changes, if your Domain is provided by Windows or 
Samba AD. 
I have read that it's necessary for a Samba NT4 style domain 
only. But I 
haven't used a Samba PDC with Win7 yet myself (only Samba AD).

I have some win7 on the NT4 style domain, but i didnt use any registry fixed.
and, it works, 





Regards,
Marc



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Classicupgrade set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_INVALID_OWNER

2013-07-17 Thread Stéphane PURNELLE

Hi,

This trick don't resolve the problem

regards

Stéphane

---
Stéphane PURNELLE Admin. Systèmes et Réseaux 
Service Informatique   Corman S.A.   Tel : 00 32 (0)87/342467

Marc Muehlfeld sa...@marc-muehlfeld.de wrote on 16/07/2013 17:52:32:

 De : Marc Muehlfeld sa...@marc-muehlfeld.de
 A : Stéphane PURNELLE stephane.purne...@corman.be, 
 Cc : samba@lists.samba.org samba@lists.samba.org
 Date : 16/07/2013 17:52
 Objet : Re: [Samba] Classicupgrade set_nt_acl_no_snum: fset_nt_acl 
 returned NT_STATUS_INVALID_OWNER
 
 Am 16.07.2013 09:28, schrieb Stéphane PURNELLE:
  I have the same problem with classicupgrade (samba 4.0.6) but on
  S-1-5.21---xxx-500.
 
 This is the domain Admin account. What happens if you remove it before 
 the classicupgrade?
 
 
 Regards
 Marc
 
 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] New ADC configuration

2013-07-17 Thread Ali Bendriss

On Tuesday, July 16, 2013 06:48:07 PM Matthew Daubenspeck wrote:
 On Tue, Jul 16, 2013 at 08:45:15PM +0200, Marc Muehlfeld wrote:
  Did you clean up the tdb files on your member server? I could imagine,
  that
  Samba mixes the old and new domain in it's idmap cache. If it's a new
  installation and nothing important in the member servers registry (like
  print server printer settings), just remove the whole samba installation,
  'make install' again and rejoin.
 
 Well now I am out of ideas. I hosed both setups and started from
 scratch. Redid the provision with the proper rfc2307 added, and I have
 created test users and assigned them UIDs in ADUC. I can create groups
 and give them GIDs as well. I rejoined the member server, I can list all
 users, but I still get no results from id on the member server. What the
 heck could I be missing?
 
 Does the ADC server need special idmap config/ranges, etc as well?

Hello,

The last time I was having this kind of error, it was because I haven't setup 
the gid number for the primary group for each users (domain users).
I ended changing the gid of domain users for something high (the default for 
provision is 100) so my idmap range for idmap_ad doesn't have to go as lower 
as 100. And then I gave all the users the new configured gid number.
it may be useful to run net cache flush on the member server while doing the 
test.
you set idmap config NWLTECH:range = 500-4
but the default gid for domain user is 100 so I think that you need to change 
it (see above) or adapt your range.

regards,

--
Ali
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba 3.6 issues

2013-07-17 Thread Gaiseric Vandal





When I upgraded from samba 3.0.x to 3.4.x I ran into several issues.

First of all, I would look through the logs.   (They did not attach to 
your messgae.)  I would also run testparm -v in case some default 
settings have changed.   NTLM should be enabled.  If you require NTLMv2 
that may cause problems (I couldn't get it to work.)


1st, with  idmap and domain trusts:  With 3.0.x the idmap entries 
for trusted users were automatically created but they would expire in a 
week and have to be manually purged.   With 3.4.x the idmap cache issue 
was fixed BUT the entries were no longer auto created.   I had to 
manually add idmap entries in ldap for users in the trusted domain (only 
5 or 6 anyway.)


Do you use idmap for assigning user id's for users in primary domain?  I 
explicitly create user and group accounts.  I would verify with 
pbedit -Lv username and pdbedit -Lv comptuername$ that  the samba 
accounts haven't lost their unix id and that everything looks OK.


I also found with 3.4.x (vs 3.0.x) that the  I needed to explicitly map 
the guest user and group. This could affect the share permissions.  
Generally I leave the share permissions unrestricted and rely on the 
file system permissions for all the control.



Also make sure that the well known groups (e.g. Domain Users) look ok 
with net groupmap list -


Multiple smbd processes is normal-  should be one for each connection.

I also found it is better not to specify ports in the smb.conf. 
Although samba does not use 445 for data, windows clients NOT using 
wins  may have problems connecting to to samba servers if 445 is not 
running .




On 07/17/13 03:57, wong lmark wrote:

Dear Samba Team,

There are three issues happening in my Samba 3.6.6

Issue 1: After upgrade, when upload file which is more 100mb to Samba, it
shows error File name too long cannot copy in windows xp. Tried to use 3
different pc to upload different files more than 100mb, it also fail to
transfer the file and show the error. Tested to upload file which is 25mb
or 50mb, it is okay, no problem . Before upgrade the samba 3.6, I am using
samba 3.0.28.

Issue 2: Users could logon to the pc within the domain, but the network
drive could not be mapped from 15-7-16 after 18:00 around (e.g.
\\dc01\netlogon). And the network drive could not be mapped through net use
command in windows xp. Also, the trust relationship with anthoner domain
chb lost. Attached the samba log and error screen capture for reference

Issue 3. When enter the command service smb status, it show many process
id, is it normal?

Thanks for your help.

There my smb.conf:

[global]
workgroup = HB
server string = DC01
netbios name = DC01
interfaces = eth0
hosts allow = 10. 172. 127.0.0.1
 security = user
encrypt passwords = yes
unix password sync = no
socket options = SO_KEEPALIVE TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
username map = /etc/samba/smbusers
admin users = root lh2 jos1
hide unreadable = yes
smb ports = 139

local master = yes
os level = 33
domain master = no
preferred master = yes

domain logons = yes
logon path =
logon home =
#logon path = \\%L\profiles\%U
#logon path = \\%L\%U\profiles
logon drive =
#logon home = \\%L\%U
#logon home = \\%L\homes
#logon script = %U.bat
logon script = %g.bat

wins support = yes
name resolve order = wins lmhosts host
dns proxy = no

add user script = /usr/sbin/smbldap-useradd -a -m %u
add machine script = /usr/sbin/smbldap-useradd -W %u
add group script = /usr/sbin/smbldap-groupadd -a -p %g
add user to group script = /usr/sbin/smbldap-groupmod -m %u %g
delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g
set primary group script = /usr/sbin/smbldap-usermod -g %g %u

passdb backend = ldapsam:ldap://127.0.0.1
ldap delete dn = yes
ldap ssl = no
;winbind nested groups = no

ldap suffix = dc=ch,dc=com
ldap admin dn = uid=edp,dc=ch,dc=com
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Idmap
ldap passwd sync = yes
ldap delete dn = no

log file = /var/log/samba/%m.log
log level = 5
max log size = 1

template shell = /bin/false
;winbind use default domain = no
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
[homes]
comment = Home Directories
browseable = no
writable = yes
valid users = %S

[netlogon]
comment = Network Logon Service
path = /home2/samba/netlogon
guest ok = yes
writable = no
share modes = no

[testing]
 path = /home2/test
 comment = testing
 writable = yes
 browseable = no
 create mode = 0770
 directory mode = 2770
 public = no
 valid users = @testing


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] i can figure out. is it config issue or bug. please help

2013-07-17 Thread Gaiseric Vandal


So you really mean Samba 2.7 or do you mean Samba 3.2.7 ?




On 07/17/13 02:09, Muhammad Yousuf Khan wrote:

i am using samba 3.6.5 with winbind.for active directory authentication

there is a samba share folder name Filesharing and plethora of folders
are inside it.
i have been using 2.7 stable for more then 2 years with no problem however
after my harddisk failure i had to restore data to new server. and install
samba from zero , fortunately or unfortunately samba has been updated in
debian repository to 3.5.6

root@nas:/nas/backup# smbd -V
Version 3.5.6

all user including owner user and group can see shared file but only
everyone/all users can not copy the file to there desktop or any other
location in windows 7, they receive permission denied
messages however these are the same settings that i used to work with Samba
2.7 stable.


even groups who to not have r-x permission can not copy data.
same goes for eveyone with r-x no user can copy the data.
until i give them rwx

this wasn't happening previously.

is there anyone who can help me in this regard.

Thanks,

MYK


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Administrative users on domain

2013-07-17 Thread Donny Brooks

 

 
On Saturday, July 13, 2013 04:43 AM CDT, Marc Muehlfeld 
sa...@marc-muehlfeld.de wrote: 
 
 Hello Donny,
 
 Am 12.07.2013 21:34, schrieb Donny Brooks:
  On the old domain, which was setup before I got here,
   our IT section was in an ldap group that allowed us to
   join PC's to the domain ...
 
 http://wiki.samba.org/index.php/Samba_AD_DC_HOWTO/AD_Delegation#Delegating_.27Joining_Computers_to_the_domain.27-permissions
 
 
 
 
   ... and when the prompt came up in windows to
   install software we could log in as ourselves.
 
 What do you mean by this? Do you want to have a group of users 
 automatically in the administrator group on your workstations?
 
 http://community.spiceworks.com/how_to/show/2123-add-an-active-directory-group-to-the-local-administrator-group-of-workstation-s
 
 If you mean something else, please give some more details.
 
 
 
 Regards,
 Marc
 
 
 
 
 
 
Yes, on the old domain we had all of our IT staff in a group that was able to 
join pcs to the domain and install software by inputting their domain 
credentials when prompted. Looking at the first link that is for Samba 4.X. We 
are on Samba 3.5.10 so that does not apply. 

-- 

Donny B. 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Administrative users on domain

2013-07-17 Thread Gaiseric Vandal

According to the net man page

In order for Samba to be joined or unjoined remotely an account
must be
used that is either member of the Domain Admins group, a member
of the

local Administrators group or a user that is granted the
SeMachineAccountPrivilege privilege.

The simplest thing is probably to have the Domain IT group be a member
of the local admin group on each machine. I don't know if you would
need to grant them the SeMachineAccountPrivilege.

On 07/17/13 09:44, Donny Brooks wrote:

On Saturday, July 13, 2013 04:43 AM CDT, Marc Muehlfeld sa...@marc-muehlfeld.de wrote:

Hello Donny,

Am 12.07.2013 21:34, schrieb Donny Brooks:

On the old domain, which was setup before I got here,

our IT section was in an ldap group that allowed us to
join PC's to the domain ...

http://wiki.samba.org/index.php/Samba_AD_DC_HOWTO/AD_Delegation#Delegating_.27Joining_Computers_to_the_domain.27-permissions

... and when the prompt came up in windows to
install software we could log in as ourselves.

What do you mean by this? Do you want to have a group of users
automatically in the administrator group on your workstations?

http://community.spiceworks.com/how_to/show/2123-add-an-active-directory-group-to-the-local-administrator-group-of-workstation-s

If you mean something else, please give some more details.

Regards,
Marc

Yes, on the old domain we had all of our IT staff in a group that was able to join pcs to the domain and install software by inputting their domain credentials when prompted. Looking at the first link that is for Samba 4.X. We are on Samba 3.5.10 so that does not apply.

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

Re: [Samba] samba Digest, Vol 127, Issue 17

2013-07-17 Thread luis aravena

Estimados,

Estoy fuera de la oficina hasta el lunes 22/07/13.
Ante cualquier requerimiento favor generar el ticket respectivo o comunicarse
con roberto.var...@pyaing.cl, freddy.arev...@pyaing.cl,
frederick.esco...@pyaing.cl o marcos.ur...@pyaing.cl


atte
Luis Aravena
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Does Samba Re-read Changes To smb.conf

2013-07-17 Thread bhogue


Hi,

I was told that samba will re-read the smb.conf if you make changes 
without restarting the smb service.


Is that true, if yes how long do I need to wait before I see the new 
share I added to the smb.conf.


Thanks
Bob


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Administrative users on domain

2013-07-17 Thread Donny Brooks

On Wednesday, July 17, 2013 10:11 AM CDT, Gaiseric Vandal
gaiseric.van...@gmail.com wrote:

According to the net man page

In order for Samba to be joined or unjoined remotely an account
must be
used that is either member of the Domain Admins group, a member
of the
local Administrators group or a user that is granted the
SeMachineAccountPrivilege privilege.

The simplest thing is probably to have the Domain IT group be a member
of the local admin group on each machine. I don't know if you would
need to grant them the SeMachineAccountPrivilege.

On 07/17/13 09:44, Donny Brooks wrote:

On Saturday, July 13, 2013 04:43 AM CDT, Marc Muehlfeld
sa...@marc-muehlfeld.de wrote:

Hello Donny,

Am 12.07.2013 21:34, schrieb Donny Brooks:
On the old domain, which was setup before I got here,
our IT section was in an ldap group that allowed us to
join PC's to the domain ...

http://wiki.samba.org/index.php/Samba_AD_DC_HOWTO/AD_Delegation#Delegating_.27Joining_Computers_to_the_domain.27-permissions

... and when the prompt came up in windows to
install software we could log in as ourselves.

What do you mean by this? Do you want to have a group of users
automatically in the administrator group on your workstations?

http://community.spiceworks.com/how_to/show/2123-add-an-active-directory-group-to-the-local-administrator-group-of-workstation-s

If you mean something else, please give some more details.

Regards,
Marc

Yes, on the old domain we had all of our IT staff in a group that was able
to join pcs to the domain and install software by inputting their domain
credentials when prompted. Looking at the first link that is for Samba 4.X.
We are on Samba 3.5.10 so that does not apply.

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

Looks like I need to do this here:
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/groupmapping.html

And map our itgroup to the Domain Admins group. Although we do have a Domain
Admins group in ldap. Should that cause an issue?
--

Donny B.

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

Re: [Samba] Does Samba Re-read Changes To smb.conf

2013-07-17 Thread Helmut Hullen

Hallo, bhogue,

Du meintest am 17.07.13:

 I was told that samba will re-read the smb.conf if you make changes
 without restarting the smb service.

That's not true for the [global] section.

Viele Gruesse!
Helmut
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] New ADC configuration

2013-07-17 Thread Matthew Daubenspeck

On Wed, Jul 17, 2013 at 12:31:54PM +0200, Ali Bendriss wrote:
The last time I was having this kind of error, it was because I haven't
setup the gid number for the primary group for each users (domain
users).
 
I ended changing the gid of domain users for something high (the
default for provision is 100) so my idmap range for idmap_ad doesn't
have to go as lower as 100. And then I gave all the users the new
configured gid number.
 
it may be useful to run net cache flush on the member server while
doing the test.
 
you set idmap config NWLTECH:range = 500-4
 
but the default gid for domain user is 100 so I think that you need to
change it (see above) or adapt your range.

The last thing it has to be is something with Arch Linux. I removed all
their samba packages and rolled from source and it does the EXACT same
thing. I then fired up a quick and dirty Ubuntu LTS VM, installed some
samba 4.0.6 packages from a PPA, and it worked. First try. I didn't even
have to set uid/gid numbers for the users. getent passwd displays all
domain users and:

$ id testuser3
uid=70009(testuser3) gid=70001(domain users) groups=70001(domain
users),70012(BUILTIN\users)

grabs all the info properly and gives them proper uid/gid as per the
ranges in smb.conf. I guess I'll rework everything with Ubuntu, although
I'm not overly crazy about using older packages. But if it works, whom
am I to argue? I don't know what else could possibly be wrong with
Arch.

Do users created still need a uid/gid added in the UNIX Attributes tab?

Thanks a ton to everyone that offered help, I really appreciate the
effort.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] need soms tips for adding samba4 to windows 2008R2 domain

2013-07-17 Thread Marc Muehlfeld


Hello,

Am 17.07.2013 11:29, schrieb L.P.H. van Belle:

Am 15.07.2013 12:48, schrieb L.P.H. van Belle:

1) keep my existing windows 2008 domain.  ( contains dhcp +

dns + AD )

  its a clean domain, no users yet. dhcp+dns is used already.

2) add samba4 to the windows domain dc as  secondairy DC.
  ( this server wil be my zarafa mail server )


Setup and joining a Samba machine as DC you can find here:
http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC



This step, Im using bind, i already have windows setup to replicate the DNS to 
some other linux servers.
can i just point samba to the windows server, or can i use the replicated dns, 
or
do i need to setup the dns completely also for samba.

Thats not clear in the howto.
because this howto points to : 
http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC
( im using the enterprise samba packages on ubuntu 12.04 )
and http://wiki.samba.org/index.php/Dns-backend_bind


I haven't used a Windows server yet. But if the DNS zone is stored in 
AD, then the directory replication will replicate it to your Samba 
server, too. But of course you have to run a DNS on your Samba server, 
too (the internal or BIND DLZ).






Realy, im sorry to say, but for me the wiki is a maze of information.
to much referendes to other locations.
the, im pointed to  
http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC
there i read.


What exactly confuses you. Then maybe I can unravel it.
Sure, there are references to other HowTos. Otherwise we had to write 
the same content in different HowTos again and again. And every change 
had to be done on all places.


But if you have good suggestions I can try to do improvments and changes 
the HowTos.






This HOWTO will assume you had configured and installed Samba in the default 
location of /usr/local/samba.
It assumes you are joining Samba to an existing domain called 
'samdom.example.com'.


What is the problem with that? Because you can configure to have Samba 
and parts of it whereever you want (as ./configure options), 
/usr/local/samba is just the default location where Samba is installed 
in, if you don't do any changes on ./configure.


For a tutorial it's best to use the default locations. Just adapt the 
pathes to your environment. And samdom.example.com is just a sample 
realm we use in our wiki HowTos. Replace it with your own one.






Question here is, do i need the registry fixes for windows 7, if my
windows 2008 DC if domain controller.


No registry changes, if your Domain is provided by Windows or
Samba AD.
I have read that it's necessary for a Samba NT4 style domain
only. But I
haven't used a Samba PDC with Win7 yet myself (only Samba AD).


I have some win7 on the NT4 style domain, but i didnt use any registry fixed.


If it's working fine without any fixes, where's the problem? ;-)



Regards,
Marc
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Administrative users on domain

2013-07-17 Thread Gaiseric Vandal

On 07/17/13 14:32, Donny Brooks wrote:

On Wednesday, July 17, 2013 10:11 AM CDT, Gaiseric Vandal gaiseric.van...@gmail.com wrote:

According to the net man page

The simplest thing is probably to have the Domain IT group be a member
of the local admin group on each machine. I don't know if you would
need to grant them the SeMachineAccountPrivilege.

On 07/17/13 09:44, Donny Brooks wrote:

On Saturday, July 13, 2013 04:43 AM CDT, Marc Muehlfeld sa...@marc-muehlfeld.de wrote:

Hello Donny,

Am 12.07.2013 21:34, schrieb Donny Brooks:

On the old domain, which was setup before I got here,

our IT section was in an ldap group that allowed us to
join PC's to the domain ...

http://wiki.samba.org/index.php/Samba_AD_DC_HOWTO/AD_Delegation#Delegating_.27Joining_Computers_to_the_domain.27-permissions

... and when the prompt came up in windows to
install software we could log in as ourselves.

What do you mean by this? Do you want to have a group of users
automatically in the administrator group on your workstations?

http://community.spiceworks.com/how_to/show/2123-add-an-active-directory-group-to-the-local-administrator-group-of-workstation-s

If you mean something else, please give some more details.

Regards,
Marc

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

Looks like I need to do this here: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/groupmapping.html

And map our itgroup to the Domain Admins group. Although we do have a Domain
Admins group in ldap. Should that cause an issue?

Group mapping is to make sure Windows groups map to the correct unix
group. This is not like mapping a Windows user name to a different
unix user name (e.g Windows Administrator = Unix root.)

With LDAP, group mapping is usually simpler since the LDAP object for a
group usually has the Samba SID and the unix group id. The net
groupmap list command is useful for validating this. You want to make
sure that you do see group mapping for Domain Admins and Domain
Users and other well known groups. You are more likely to have to use
the net groupmap add command when you don't have LDAP.

Well known groups have to specific relative ID's. The domain admin
group HAS to have a relative ID of 512 in the SID.You have to make
sure the Administrator is in the group. That behavior changes with
versions newer than 3.0.x

#net groupmap list

Domain Admins (S-1-5-21--x-x-512) - Domain Admins
...
# getent group Domain Admins
Domain Admins::512:Administrator
#

I don't think you have a samba issue. I think you have a general
windows issue about the most practical way to provide IT group with
sufficient privileges to manage computers with out giving too much access.

Depending on the size of your IT department, and the necessity to
audit/control you makes what change, each IT user may need two accounts,
one that is a regular account and one that is a member of the domain
admins and local admins group. (e.g. donny and donny_admin.)this
way they can do whatever they need, but they don't run as admin for
routine tasks, and you can track who made what change (if need be) or
limit who has full admin rights.

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

Re: [Samba] Administrative users on domain

2013-07-17 Thread Donny Brooks

On Wednesday, July 17, 2013 01:53 PM CDT, Gaiseric Vandal
gaiseric.van...@gmail.com wrote:

On 07/17/13 14:32, Donny Brooks wrote:

On Wednesday, July 17, 2013 10:11 AM CDT, Gaiseric Vandal
gaiseric.van...@gmail.com wrote:

According to the net man page

The simplest thing is probably to have the Domain IT group be a member
of the local admin group on each machine. I don't know if you would
need to grant them the SeMachineAccountPrivilege.

On 07/17/13 09:44, Donny Brooks wrote:

On Saturday, July 13, 2013 04:43 AM CDT, Marc Muehlfeld
sa...@marc-muehlfeld.de wrote:

Hello Donny,

Am 12.07.2013 21:34, schrieb Donny Brooks:
On the old domain, which was setup before I got here,
our IT section was in an ldap group that allowed us to
join PC's to the domain ...

http://wiki.samba.org/index.php/Samba_AD_DC_HOWTO/AD_Delegation#Delegating_.27Joining_Computers_to_the_domain.27-permissions

... and when the prompt came up in windows to
install software we could log in as ourselves.

What do you mean by this? Do you want to have a group of users
automatically in the administrator group on your workstations?

http://community.spiceworks.com/how_to/show/2123-add-an-active-directory-group-to-the-local-administrator-group-of-workstation-s

If you mean something else, please give some more details.

Regards,
Marc

Yes, on the old domain we had all of our IT staff in a group that was
able to join pcs to the domain and install software by inputting their
domain credentials when prompted. Looking at the first link that is for
Samba 4.X. We are on Samba 3.5.10 so that does not apply.

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

Looks like I need to do this here:
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/groupmapping.html

And map our itgroup to the Domain Admins group. Although we do have a
Domain Admins group in ldap. Should that cause an issue?

Group mapping is to make sure Windows groups map to the correct unix
group. This is not like mapping a Windows user name to a different
unix user name (e.g Windows Administrator = Unix root.)

#net groupmap list

Domain Admins (S-1-5-21--x-x-512) - Domain Admins
...
# getent group Domain Admins
Domain Admins::512:Administrator
#

It is correctly mapped and is 512. Nothing changed on the windows side during
the domain change other than removing the machines from the old domain and
rejoining them to the new one. We don't have to have the accounting trail that
two accounts would give us right now. I just want to be able to tell my other
people they can join computers to the domain and perform software upgrades with
their own credentials.
--

Donny B.

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

Re: [Samba] Administrative users on domain

2013-07-17 Thread Gaiseric Vandal

On 07/17/13 15:02, Donny Brooks wrote:

On Wednesday, July 17, 2013 01:53 PM CDT, Gaiseric Vandal gaiseric.van...@gmail.com wrote:

On 07/17/13 14:32, Donny Brooks wrote:

On Wednesday, July 17, 2013 10:11 AM CDT, Gaiseric Vandal gaiseric.van...@gmail.com wrote:

According to the net man page

The simplest thing is probably to have the Domain IT group be a member
of the local admin group on each machine. I don't know if you would
need to grant them the SeMachineAccountPrivilege.

On 07/17/13 09:44, Donny Brooks wrote:

On Saturday, July 13, 2013 04:43 AM CDT, Marc Muehlfeld sa...@marc-muehlfeld.de wrote:

Hello Donny,

Am 12.07.2013 21:34, schrieb Donny Brooks:

On the old domain, which was setup before I got here,

our IT section was in an ldap group that allowed us to
join PC's to the domain ...

http://wiki.samba.org/index.php/Samba_AD_DC_HOWTO/AD_Delegation#Delegating_.27Joining_Computers_to_the_domain.27-permissions

... and when the prompt came up in windows to
install software we could log in as ourselves.

What do you mean by this? Do you want to have a group of users
automatically in the administrator group on your workstations?

http://community.spiceworks.com/how_to/show/2123-add-an-active-directory-group-to-the-local-administrator-group-of-workstation-s

If you mean something else, please give some more details.

Regards,
Marc

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

Looks like I need to do this here: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/groupmapping.html

And map our itgroup to the Domain Admins group. Although we do have a Domain
Admins group in ldap. Should that cause an issue?

Group mapping is to make sure Windows groups map to the correct unix
group. This is not like mapping a Windows user name to a different
unix user name (e.g Windows Administrator = Unix root.)

#net groupmap list

Domain Admins (S-1-5-21--x-x-512) - Domain Admins
...
# getent group Domain Admins
Domain Admins::512:Administrator
#

OK
I am looking at your original post again. I don't think you said
which version you had been using.

net rpc rights grant 'MDAH\Domain Admins' SeMachineAccountPrivilege -S
enterprise -U superusername

Is the superuser name the domain Administrator account? The problem
seems to involve the superusername user, not the Domain Admins
group. I think with older version of samba, the Administrator
account was implicit, and you could map the windows Administrator to
the unix root account and all was OK. With

Re: [Samba] Administrative users on domain

2013-07-17 Thread Donny Brooks

On Wednesday, July 17, 2013 02:39 PM CDT, Gaiseric Vandal
gaiseric.van...@gmail.com wrote:

On 07/17/13 15:02, Donny Brooks wrote:

On Wednesday, July 17, 2013 01:53 PM CDT, Gaiseric Vandal
gaiseric.van...@gmail.com wrote:

On 07/17/13 14:32, Donny Brooks wrote:

On Wednesday, July 17, 2013 10:11 AM CDT, Gaiseric Vandal
gaiseric.van...@gmail.com wrote:

According to the net man page

The simplest thing is probably to have the Domain IT group be a member
of the local admin group on each machine. I don't know if you would
need to grant them the SeMachineAccountPrivilege.

On 07/17/13 09:44, Donny Brooks wrote:

On Saturday, July 13, 2013 04:43 AM CDT, Marc Muehlfeld
sa...@marc-muehlfeld.de wrote:

Hello Donny,

Am 12.07.2013 21:34, schrieb Donny Brooks:
On the old domain, which was setup before I got here,
our IT section was in an ldap group that allowed us to
join PC's to the domain ...

http://wiki.samba.org/index.php/Samba_AD_DC_HOWTO/AD_Delegation#Delegating_.27Joining_Computers_to_the_domain.27-permissions

... and when the prompt came up in windows to
install software we could log in as ourselves.

What do you mean by this? Do you want to have a group of users
automatically in the administrator group on your workstations?

http://community.spiceworks.com/how_to/show/2123-add-an-active-directory-group-to-the-local-administrator-group-of-workstation-s

If you mean something else, please give some more details.

Regards,
Marc

Yes, on the old domain we had all of our IT staff in a group that was
able to join pcs to the domain and install software by inputting their
domain credentials when prompted. Looking at the first link that is for
Samba 4.X. We are on Samba 3.5.10 so that does not apply.

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

Looks like I need to do this here:
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/groupmapping.html

And map our itgroup to the Domain Admins group. Although we do have a
Domain Admins group in ldap. Should that cause an issue?
Group mapping is to make sure Windows groups map to the correct unix
group. This is not like mapping a Windows user name to a different
unix user name (e.g Windows Administrator = Unix root.)

#net groupmap list

Domain Admins (S-1-5-21--x-x-512) - Domain Admins
...
# getent group Domain Admins
Domain Admins::512:Administrator
#

It is correctly mapped and is 512. Nothing changed on the windows side
during the domain change other than removing the machines from the old
domain and rejoining them to the new one. We don't have to have the
accounting trail that two accounts would give us right now. I just want to
be able to tell my other people they can join computers to the domain and
perform software upgrades with their own credentials.

OK
I am looking at your original post again. I don't think you said
which version you had been using.

net rpc rights grant 'MDAH\Domain Admins' SeMachineAccountPrivilege -S
enterprise -U

Re: [Samba] Administrative users on domain

2013-07-17 Thread Gaiseric Vandal

On 07/17/13 16:12, Donny Brooks wrote:

On Wednesday, July 17, 2013 02:39 PM CDT, Gaiseric Vandal gaiseric.van...@gmail.com wrote:

On 07/17/13 15:02, Donny Brooks wrote:

On Wednesday, July 17, 2013 01:53 PM CDT, Gaiseric Vandal gaiseric.van...@gmail.com wrote:

On 07/17/13 14:32, Donny Brooks wrote:

On Wednesday, July 17, 2013 10:11 AM CDT, Gaiseric Vandal gaiseric.van...@gmail.com wrote:

According to the net man page

The simplest thing is probably to have the Domain IT group be a member
of the local admin group on each machine. I don't know if you would
need to grant them the SeMachineAccountPrivilege.

On 07/17/13 09:44, Donny Brooks wrote:

On Saturday, July 13, 2013 04:43 AM CDT, Marc Muehlfeld sa...@marc-muehlfeld.de wrote:

Hello Donny,

Am 12.07.2013 21:34, schrieb Donny Brooks:

On the old domain, which was setup before I got here,

our IT section was in an ldap group that allowed us to
join PC's to the domain ...

http://wiki.samba.org/index.php/Samba_AD_DC_HOWTO/AD_Delegation#Delegating_.27Joining_Computers_to_the_domain.27-permissions

... and when the prompt came up in windows to
install software we could log in as ourselves.

What do you mean by this? Do you want to have a group of users
automatically in the administrator group on your workstations?

http://community.spiceworks.com/how_to/show/2123-add-an-active-directory-group-to-the-local-administrator-group-of-workstation-s

If you mean something else, please give some more details.

Regards,
Marc

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

Looks like I need to do this here: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/groupmapping.html

And map our itgroup to the Domain Admins group. Although we do have a Domain
Admins group in ldap. Should that cause an issue?

Group mapping is to make sure Windows groups map to the correct unix
group. This is not like mapping a Windows user name to a different
unix user name (e.g Windows Administrator = Unix root.)

#net groupmap list

Domain Admins (S-1-5-21--x-x-512) - Domain Admins
...
# getent group Domain Admins
Domain Admins::512:Administrator
#

OK
I am looking at your original post again. I don't think you said
which version you had been using.

net rpc rights grant 'MDAH\Domain Admins' SeMachineAccountPrivilege -S
enterprise -U superusername

Is the superuser name the domain Administrator account? The problem
seems to involve the superusername user, not the Domain Admins
group. I think with

Re: [Samba] Administrative users on domain

2013-07-17 Thread Donny Brooks

On Wednesday, July 17, 2013 04:33 PM CDT, Gaiseric Vandal
gaiseric.van...@gmail.com wrote:

On 07/17/13 16:12, Donny Brooks wrote:

On Wednesday, July 17, 2013 02:39 PM CDT, Gaiseric Vandal
gaiseric.van...@gmail.com wrote:

On 07/17/13 15:02, Donny Brooks wrote:

On Wednesday, July 17, 2013 01:53 PM CDT, Gaiseric Vandal
gaiseric.van...@gmail.com wrote:

On 07/17/13 14:32, Donny Brooks wrote:

On Wednesday, July 17, 2013 10:11 AM CDT, Gaiseric Vandal
gaiseric.van...@gmail.com wrote:

According to the net man page

In order for Samba to be joined or unjoined remotely an
account
must be
used that is either member of the Domain Admins group, a
member
of the
local Administrators group or a user that is granted the
SeMachineAccountPrivilege privilege.

The simplest thing is probably to have the Domain IT group be a member
of the local admin group on each machine. I don't know if you would
need to grant them the SeMachineAccountPrivilege.

On 07/17/13 09:44, Donny Brooks wrote:

On Saturday, July 13, 2013 04:43 AM CDT, Marc Muehlfeld
sa...@marc-muehlfeld.de wrote:

Hello Donny,

Am 12.07.2013 21:34, schrieb Donny Brooks:
On the old domain, which was setup before I got here,
our IT section was in an ldap group that allowed us to
join PC's to the domain ...

http://wiki.samba.org/index.php/Samba_AD_DC_HOWTO/AD_Delegation#Delegating_.27Joining_Computers_to_the_domain.27-permissions

... and when the prompt came up in windows to
install software we could log in as ourselves.

What do you mean by this? Do you want to have a group of users
automatically in the administrator group on your workstations?

http://community.spiceworks.com/how_to/show/2123-add-an-active-directory-group-to-the-local-administrator-group-of-workstation-s

If you mean something else, please give some more details.

Regards,
Marc

Yes, on the old domain we had all of our IT staff in a group that was
able to join pcs to the domain and install software by inputting
their domain credentials when prompted. Looking at the first link
that is for Samba 4.X. We are on Samba 3.5.10 so that does not apply.

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

Looks like I need to do this here:
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/groupmapping.html

#net groupmap list

Domain Admins (S-1-5-21--x-x-512) - Domain Admins
...
# getent group Domain Admins
Domain Admins::512:Administrator
#

It is correctly mapped and is 512. Nothing changed on the windows side
during the domain change other than removing the machines from the old
domain and rejoining them to the new one. We don't have to have the
accounting trail that two accounts would give us right now. I just want
to be able to tell my other people they can join computers to the domain
and perform software upgrades with their own credentials.

OK
I am

Re: [Samba] Restore samba4 backup

2013-07-17 Thread TI

Hi Marc,

It works. Thank you very much.

Regards,

Edison
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

autobuild: intermittent test failure detected

2013-07-17 Thread autobuild

The autobuild test system has detected an intermittent failing test in 
the current master tree.

The autobuild log of the failure is available here:

   http://git.samba.org/autobuild.flakey/2013-07-17-1057/flakey.log

The samba3 build logs are available here:

   http://git.samba.org/autobuild.flakey/2013-07-17-1057/samba3.stderr
   http://git.samba.org/autobuild.flakey/2013-07-17-1057/samba3.stdout

The source4 build logs are available here:

   http://git.samba.org/autobuild.flakey/2013-07-17-1057/samba.stderr
   http://git.samba.org/autobuild.flakey/2013-07-17-1057/samba.stdout
  
The top commit at the time of the failure was:

commit 9b2aa351ceb756d6ea63f3158f0e983ae7262da8
Author: Alexander Werth alexander.we...@de.ibm.com
Date:   Tue Jul 9 17:14:08 2013 +0200

s3: Remove old mode special substitution.

The mode special substitution now happens in a separate function.
The substitution at this point is unnecessary.

Reviewed-by: Andrew Bartlett abart...@samba.org
Reviewed-by: Christian Ambach a...@samba.org

Autobuild-User(master): Christian Ambach a...@samba.org
Autobuild-Date(master): Tue Jul 16 00:52:26 CEST 2013 on sn-devel-104

autobuild: intermittent test failure detected

2013-07-17 Thread autobuild

The autobuild test system has detected an intermittent failing test in 
the current master tree.

The autobuild log of the failure is available here:

   http://git.samba.org/autobuild.flakey/2013-07-18-0339/flakey.log

The samba3 build logs are available here:

   http://git.samba.org/autobuild.flakey/2013-07-18-0339/samba3.stderr
   http://git.samba.org/autobuild.flakey/2013-07-18-0339/samba3.stdout

The source4 build logs are available here:

   http://git.samba.org/autobuild.flakey/2013-07-18-0339/samba.stderr
   http://git.samba.org/autobuild.flakey/2013-07-18-0339/samba.stdout
  
The top commit at the time of the failure was:

commit 9b2aa351ceb756d6ea63f3158f0e983ae7262da8
Author: Alexander Werth alexander.we...@de.ibm.com
Date:   Tue Jul 9 17:14:08 2013 +0200

s3: Remove old mode special substitution.

The mode special substitution now happens in a separate function.
The substitution at this point is unnecessary.

Reviewed-by: Andrew Bartlett abart...@samba.org
Reviewed-by: Christian Ambach a...@samba.org

Autobuild-User(master): Christian Ambach a...@samba.org
Autobuild-Date(master): Tue Jul 16 00:52:26 CEST 2013 on sn-devel-104

[SCM] CTDB repository - branch master updated - ctdb-2.3-2-g5740155

2013-07-17 Thread Amitay Isaacs

The branch, master has been updated
   via  5740155cc5de1a223412e8529aa1a383a5412514 (commit)
   via  67c227a5d30cb8487b20b19b20bdfa4613906609 (commit)
  from  412bc0e20bef694d4e911dc9c984fd7716231f1f (commit)

http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=master


- Log -
commit 5740155cc5de1a223412e8529aa1a383a5412514
Author: Amitay Isaacs ami...@gmail.com
Date:   Tue Jul 16 12:53:16 2013 +1000

packaging: Bundle debug_locks.sh script in RPM

Signed-off-by: Amitay Isaacs ami...@gmail.com

commit 67c227a5d30cb8487b20b19b20bdfa4613906609
Author: Amitay Isaacs ami...@gmail.com
Date:   Tue Jul 16 12:52:00 2013 +1000

packaging: No need to check for existence of scripts, they always do

Signed-off-by: Amitay Isaacs ami...@gmail.com

---

Summary of changes:
 Makefile.in|7 ---
 packaging/RPM/ctdb.spec.in |1 +
 2 files changed, 5 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/Makefile.in b/Makefile.in
index 678141f..620ed84 100755
--- a/Makefile.in
+++ b/Makefile.in
@@ -389,10 +389,11 @@ install: all manpages $(PMDA_INSTALL)
if [ -f doc/onnode.1 ];then ${INSTALLCMD} -m 644 doc/onnode.1 
$(DESTDIR)$(mandir)/man1; fi
if [ -f doc/ltdbtool.1 ]; then ${INSTALLCMD} -m 644 doc/ltdbtool.1 
$(DESTDIR)$(mandir)/man1; fi
if [ -f doc/ping_pong.1 ];then ${INSTALLCMD} -m 644 doc/ping_pong.1 
$(DESTDIR)$(mandir)/man1; fi
-   if [ ! -f $(DESTDIR)$(etcdir)/ctdb/notify.sh ];then ${INSTALLCMD} -m 
755 config/notify.sh $(DESTDIR)$(etcdir)/ctdb; fi
+   ${INSTALLCMD} -m 755 config/notify.sh $(DESTDIR)$(etcdir)/ctdb
${INSTALLCMD} -m 755 config/debug-hung-script.sh 
$(DESTDIR)$(etcdir)/ctdb
-   if [ ! -f $(DESTDIR)$(etcdir)/ctdb/ctdb-crash-cleanup.sh ];then 
${INSTALLCMD} -m 755 config/ctdb-crash-cleanup.sh $(DESTDIR)$(etcdir)/ctdb; fi
-   if [ ! -f $(DESTDIR)$(etcdir)/ctdb/gcore_trace.sh ];then ${INSTALLCMD} 
-m 755 config/gcore_trace.sh $(DESTDIR)$(etcdir)/ctdb; fi
+   ${INSTALLCMD} -m 755 config/ctdb-crash-cleanup.sh 
$(DESTDIR)$(etcdir)/ctdb
+   ${INSTALLCMD} -m 755 config/gcore_trace.sh $(DESTDIR)$(etcdir)/ctdb
+   ${INSTALLCMD} -m 755 config/debug_locks.sh $(DESTDIR)$(etcdir)/ctdb
 
 install_pmda:
$(INSTALLCMD) -m 755 -d $(DESTDIR)$(PMDA_DEST_DIR)
diff --git a/packaging/RPM/ctdb.spec.in b/packaging/RPM/ctdb.spec.in
index b87ba0b..62fc65f 100644
--- a/packaging/RPM/ctdb.spec.in
+++ b/packaging/RPM/ctdb.spec.in
@@ -149,6 +149,7 @@ rm -rf $RPM_BUILD_ROOT
 %config(noreplace) %{_sysconfdir}/ctdb/debug-hung-script.sh
 %config(noreplace) %{_sysconfdir}/ctdb/ctdb-crash-cleanup.sh
 %config(noreplace) %{_sysconfdir}/ctdb/gcore_trace.sh
+%config(noreplace) %{_sysconfdir}/ctdb/debug_locks.sh
 
 %if %{with_systemd}
 %{_unitdir}/ctdb.service


-- 
CTDB repository

[Samba] i can figure out. is it config issue or bug. please help

Re: [Samba] New ADC configuration

[Samba] Samba 3.6 issues

[Samba] tab key does not complete the package name or list the packages in apt-get command

Re: [Samba] tab key does not complete the package name or list the packages in apt-get command

Re: [Samba] tab key does not complete the package name or list the packages in apt-get command

Re: [Samba] need soms tips for adding samba4 to windows 2008R2 domain

Re: [Samba] Classicupgrade set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_INVALID_OWNER

Re: [Samba] New ADC configuration

Re: [Samba] Samba 3.6 issues

Re: [Samba] i can figure out. is it config issue or bug. please help

Re: [Samba] Administrative users on domain

Re: [Samba] Administrative users on domain

Re: [Samba] samba Digest, Vol 127, Issue 17

[Samba] Does Samba Re-read Changes To smb.conf

Re: [Samba] Administrative users on domain

Re: [Samba] Does Samba Re-read Changes To smb.conf

Re: [Samba] New ADC configuration

Re: [Samba] need soms tips for adding samba4 to windows 2008R2 domain

Re: [Samba] Administrative users on domain

Re: [Samba] Administrative users on domain

Re: [Samba] Administrative users on domain

Re: [Samba] Administrative users on domain

Re: [Samba] Administrative users on domain

Re: [Samba] Administrative users on domain

Re: [Samba] Restore samba4 backup

autobuild: intermittent test failure detected

autobuild: intermittent test failure detected

[SCM] CTDB repository - branch master updated - ctdb-2.3-2-g5740155

29 matches

Site Navigation

Mail list logo

Footer information