Re: [Samba] What version plays well with Windows 7?
May be following fact help you Win 7 cannot join to Samba 3.2.11, can join to Samba 3.2.12 and 3.2.15, but a lot registry editing required. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Para meters] DomainCompatibilityMode=dword:0001 DNSNameResolutionRequired=dword: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\] “LmCompatibilityLevel”=dword: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon\Parameters] Update=no DisablePasswordChange=dword: MaximumPasswordAge=dword:001e RequireSignOrSeal=dword:0001 RequireStrongKey=dword:0001 SealSecureChannel=dword:0001 SignSecureChannel=dword:0001 Thanks On 1/19/11, Ed Kasky e...@esson.net wrote: Farhan, Yes I did and made the changes suggested in the registry. But I missed the version info at the top. 3.3.7 was tested. I wonder if there were any changes from 3.3.2... Ed -- On Jan 18, 2011, at 10:17 AM, Farhan Ahmad far...@thebitguru.com wrote: Hello Ed, I don't have the answer to your question, but have you also installed the hotfix listed here: http://wiki.samba.org/index.php/Windows7? (maybe that page has the official answer, i.e. 3.3+? :)) - Farhan On Tue, Jan 18, 2011 at 12:14 PM, Ed Kasky e...@esson.net wrote: I am currently running version 3.3.2 on an older Fedora machine that works just fine with XP. I am trying to get a Win7 machine to work but keep getting trust relationship errors on the final step in the configuration on the Win machine. This is the error in the logs: Jan 17 18:51:00 yoda smbd[32288]: _netr_ServerAuthenticate2: netlogon_creds_server_check failed. Rejecting auth request from client HPLAP machine account HPLAP$ Jan 17 18:51:00 yoda smbd[32288]: [2011/01/17 18:51:00, 0] rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(546) I installed the reg hacks to no avail. I have read some conflicting reports as to the minimum version that works with Win 7 but what is the official answer? Is it 3.4? Thanks in advance... Ed -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- http://linuxmantra.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] suitable samba version for windows 7
Thanks John for reply. Now i am trying to install samba-3.5.6 from rpm by downloading it from http://enterprisesamba.com/index.php?id=54 , But it shows error ' samba3-client is needed by samba3-3.5.6-43.el5.i386' while i already installed samba3-5.6 client' . What may be the issue ?,please guide me Thanks On 1/9/11, John Drescher dresche...@gmail.com wrote: I have samba+ldap setup,act as Domain server on Rhel 5.0 with samba version 3.0.28. Windows 7 machines are not joining this domain. I think i need to upgrade samba. What samba version is stable with windows 7? I would say 3.5.6 is the best but you can get away with using 3.3.X versions. John -- http://linuxmantra.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Could not find base dn trying to join a machine into the domain
I think you should mention 'root' as username and password should be which you put while running 'smbldap-populate'. You can change 'root' password using root# smbpasswd root command Thanks On 12/30/10, sisu . npil...@hotmail.com wrote: Hi all, Trying to set up a samba PDC with 389-fd LDAP I get and error when I try to join my first windows machine to the domain. I did the smbldap-populate and all seems ok. The point is when I add a machine through command line as: usr/sbin/smbldap-useradd -w testmaschine4 I don't get any error, below I can demonstrate it: #getent passwd |grep 515 testmachine$:*:5001:515:Computer:/dev/null:/bin/false testmaschine2$:*:5002:515:Computer:/dev/null:/bin/false But the problem occurs when through the windowsXP box I try to join to the domain. I type my Administrator user with his password but then I get an error dialogue which says: The user name could not be found When I try to find out more info in the administrator.log on samba server I can see these lines: check_ntlm_password: authentication for user [Administrator] - [Administrator] - [Administrator] succeeded Returning domain sid for domain X - S-1-5-21-2019295574-2912910430-xx Could not find base dn, to get next uidNumber at /usr/lib/perl5/vendor_perl/5.8.8/smbldap_tools.pm line 1181 _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w vmwinxpbox$' gave 2 I don't understand why smbldap-useradd is able to add that machine through command line but it is not able through windows box Useful info: smbldap-populate file: suffix=o=company,dc=lan computersdn=ou=machines,${suffix} sambaUnixIdPooldn=sambadomainname=domainname,ou=domains,o=company,dc=lan defaultComputerGid=515 smb.cnf: ldap suffix = dc=lan ldap machine suffix = ou=machines,o=company add machine script = /usr/sbin/smbldap-useradd -w %u Thank you in advance. any advice will be grateful :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- http://linuxinterviews.blogspot.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Questions about ldap organizational units
I think you should post question in squid mailing list. googling 'squid' will help you On 12/30/10, Anil Wakhare aswakh...@gmail.com wrote: Hi, Can anybody give me the idea about squid server. On Thu, Dec 30, 2010 at 2:01 AM, Taso Hatzi taso.ha...@gmail.com wrote: Environment is Samba as a PDC, OpenLDAP backend, with smbldap-tools providing the scripts to manipulate the data. What are the recommended/mandated organizational units (OU=) for user, computer, group info. I'm pretty sure that groups go in ou=Groups, but I am confused about where user and computer data goes. I have seen ou=People, ou=Computers, and ou=Users in various places. Which is it and why? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- --- Thanks Regards. Anil S Wakhare. Pune 411027,Maharashtra,India Ph:-9763328839 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- http://linuxinterviews.blogspot.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Multiple LDAP backends with different search base
I think you should mention this is /etc/ldap.conf Thanks On 12/23/10, Daniel Müller muel...@tropenklinik.de wrote: This is not possible as in samba3 conf, you will have to fix your search base. Ldap as I understand and use it, is a way to have one and only pass through directory for A whole network. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von David Touzeau Gesendet: Donnerstag, 23. Dezember 2010 00:28 An: samba@lists.samba.org Betreff: [Samba] Multiple LDAP backends with different search base Dear I would like Samba query multiple LDAP backend servers According documentation passdb backend = ldapsam:ldap://192.168.1.60/ ldap://192.168.1.61/ ldap://192.168.1.62/; Will do the trick but i have different settings according ldap suffix,ldap group suffix and ldap admin dn How to define different suffix and LDAP admin dn for all LDAP backends ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- http://linuxinterviews.blogspot.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ldap user suffix
Thanks for your idea . thanks On 10/22/10, Gaiseric Vandal gaiseric.van...@gmail.com wrote: If the two organizations having nothing to do with each other, does that mean they don't need access to the same files? Will the following solution work for you - configure a 2nd IP on the server - run two instances of samba- each samba instance has its own smb.conf file, with unique ip, server name, ldap settings, local configuration directories etc. The two samba instances don't even have to be in the same domain or workgroup.I would however make one the WINS server for the whole organization. -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of vishesh kumar Sent: Friday, October 22, 2010 8:18 AM To: Lukasz Zalewski Cc: samba@lists.samba.org Subject: Re: [Samba] ldap user suffix Thanks Luk I have to store users in different OU, because there is two separate Units running inside one organization. They have nothing to do with each other and their parent organization is same and their is only one Server to manage both. Thanks On 10/20/10, Lukasz Zalewski lu...@eecs.qmul.ac.uk wrote: On 10/20/2010 08:16 AM, vishesh kumar wrote: Thanks oliver for your reply, But No this is not possible in my case Thanks Why do you want to store users in two separate OU's? What is the rule that defines which OU should be used? You could look into openldap overlays, which might allow you to do dynamic re-write of dn's (amongst other things). Some distros ship openldap without overlays enabled so you need to check (this approach sounds like an overkill though, and might be more trouble than its worth) I'm assuming you are using openldap Regards Luk On 10/20/10, Olivier FONTESoliv...@famille-fontes.net wrote: On Wed, 20 Oct 2010 11:19:12 +0530, vishesh kumar linuxtovish...@gmail.com wrote: Dear friends My domain users in two diffrent OU, one OU is TEMP_USERS and other OU is PEOPLE. What i should mention in smb.conf ? If i mention ldap user suffix = ou=PEOPLE, then users of ou TEMP_USERS is not able to authenticate. Please guide me. Thanks -- http://linuxinterviews.blogspot.com Hi, is it possible to put the two OU into a specific OU that you could mention in your smb.conf ?? I had a similar problem, i solved it this way. Olivier --- Le domaine famille-fontes.net est auto hébergé à mon domicile. Contactez moi si vous souhaitez faire de même. -- http://linuxinterviews.blogspot.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- http://linuxinterviews.blogspot.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ldap user suffix
Thanks Luk I have to store users in different OU, because there is two separate Units running inside one organization. They have nothing to do with each other and their parent organization is same and their is only one Server to manage both. Thanks On 10/20/10, Lukasz Zalewski lu...@eecs.qmul.ac.uk wrote: On 10/20/2010 08:16 AM, vishesh kumar wrote: Thanks oliver for your reply, But No this is not possible in my case Thanks Why do you want to store users in two separate OU's? What is the rule that defines which OU should be used? You could look into openldap overlays, which might allow you to do dynamic re-write of dn's (amongst other things). Some distros ship openldap without overlays enabled so you need to check (this approach sounds like an overkill though, and might be more trouble than its worth) I'm assuming you are using openldap Regards Luk On 10/20/10, Olivier FONTESoliv...@famille-fontes.net wrote: On Wed, 20 Oct 2010 11:19:12 +0530, vishesh kumar linuxtovish...@gmail.com wrote: Dear friends My domain users in two diffrent OU, one OU is TEMP_USERS and other OU is PEOPLE. What i should mention in smb.conf ? If i mention ldap user suffix = ou=PEOPLE, then users of ou TEMP_USERS is not able to authenticate. Please guide me. Thanks -- http://linuxinterviews.blogspot.com Hi, is it possible to put the two OU into a specific OU that you could mention in your smb.conf ?? I had a similar problem, i solved it this way. Olivier --- Le domaine famille-fontes.net est auto hébergé à mon domicile. Contactez moi si vous souhaitez faire de même. -- http://linuxinterviews.blogspot.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ldap user suffix
Thanks oliver for your reply, But No this is not possible in my case Thanks On 10/20/10, Olivier FONTES oliv...@famille-fontes.net wrote: On Wed, 20 Oct 2010 11:19:12 +0530, vishesh kumar linuxtovish...@gmail.com wrote: Dear friends My domain users in two diffrent OU, one OU is TEMP_USERS and other OU is PEOPLE. What i should mention in smb.conf ? If i mention ldap user suffix = ou=PEOPLE, then users of ou TEMP_USERS is not able to authenticate. Please guide me. Thanks -- http://linuxinterviews.blogspot.com Hi, is it possible to put the two OU into a specific OU that you could mention in your smb.conf ?? I had a similar problem, i solved it this way. Olivier --- Le domaine famille-fontes.net est auto hébergé à mon domicile. Contactez moi si vous souhaitez faire de même. -- http://linuxinterviews.blogspot.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba+ldap setup, users info in two OU
Dear friends My domain users in two diffrent OU, one OU is TEMP_USERS and other OU is PEOPLE. What i should mention in smb.conf ? If i mention ldap user suffix = ou=PEOPLE, then users of ou TEMP_USERS is not able to authenticate. Please guide me. Thanks -- http://linuxinterviews.blogspot.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ldap user suffix
Dear friends My domain users in two diffrent OU, one OU is TEMP_USERS and other OU is PEOPLE. What i should mention in smb.conf ? If i mention ldap user suffix = ou=PEOPLE, then users of ou TEMP_USERS is not able to authenticate. Please guide me. Thanks -- http://linuxinterviews.blogspot.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] limit the samba access to 1 concurrent session per user? limit a samba user only to access from 1 IP?
share modes = yes strict locking = yes I think that it can limit concurrent file access . On 10/5/10, Andrew Schneider aschneider...@gmail.com wrote: Hello All, Is there a way to limit the samba access to 1 concurrent session per user? or limit a samba user only to access from 1 IP? Ive been searching arround but have not had luck. Thanks -Andrew -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- http://linuxinterviews.blogspot.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] store samba account in ldap
First try to setup openldap by including samba schema (conf file slapd.conf) . Then change passdb backend to ldap in smb.conf. As muller googling is best way. On 10/4/10, Udo Müller deb...@cs-ol.de wrote: Am 25.09.10 20:43, schrieb hesam mohamadian: hi want to setup samba file sharing that identify their samba users from ldap and windows linux client can access their own files but without joining to any domain can you introduce me some resource and how to Use google and search for samba ldap. Regards Udo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- http://linuxinterviews.blogspot.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Mac showing permission issue
Dear all I have a samba setup 3.0.28 , on the RHEl 5.4 linux system on which samba running, there is a filesystem mounted with acl option.Now i shared that samba and accessing share on windows as well as on mac system. Windows system are responding properly but mac showing 'access denied error' . what may be the reason -- http://linuxinterviews.blogspot.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] error in 3.5.2 compilation
Dear all I compiled and installed samba 3.5.2 on centos 5.4. Everything installed successfully but starting smbd shows following error ./sbin/smbd: error while loading shared libraries: libwbclient.so.0: cannot open shared object file: No such file or directory Am i doing anything wrong? Thanks Regards Vishesh kumar -- http://linuxinterviews.blogspot.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Windows 7 and samba 3.0.28
Dear all May be this question asked earlier in list but i didn't able to search exact . I have samba+ldap domain setup on RHEL 5.1 and samba version is 3.0.28. Today i got a windows 7 system , but i am not able to join that system in our samba+ldap domain. Do i need to do any registry tweaking. I can't upgrade own samba version beyond 3.0.33 because this maximum version i get if i update my system to RHEL 5.5. Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 and samba 3.0.28
Thanks for quick response. Let you know if i get success. Thanks On Fri, Apr 16, 2010 at 4:55 PM, mallapadi niranjan niranjan.as...@gmail.com wrote: On Fri, Apr 16, 2010 at 4:32 PM, vishesh kumar linuxtovish...@gmail.comwrote: Dear all May be this question asked earlier in list but i didn't able to search exact . I have samba+ldap domain setup on RHEL 5.1 and samba version is 3.0.28. Today i got a windows 7 system , but i am not able to join that system in our samba+ldap domain. Do i need to do any registry tweaking. I can't upgrade own samba version beyond 3.0.33 because this maximum version i get if i update my system to RHEL 5.5. Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Hi RHEL5.5 ships samba3x package also along with samba-3.0.33 , samba3x-3.3.8-0.51.el5 supports Windows 7 to be added as client to samba PDC. check the release notes of RHEL5.5 http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.5/html/Release_Notes/ar01s08.html Check samba section in the above link Regards Niranjan -- http://linuxinterviews.blogspot.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 and samba 3.0.28
Thanks for suggestion. it worked . Thanks On Fri, Apr 16, 2010 at 5:11 PM, Miguel Medalha miguelmeda...@sapo.ptwrote: On 2010-04-16 12:20, Miguel Medalha wrote: May be this question asked earlier in list but i didn't able to search exact . I have samba+ldap domain setup on RHEL 5.1 and samba version is 3.0.28. Today i got a windows 7 system , but i am not able to join that system in our samba+ldap domain. Do i need to do any registry tweaking. I can't upgrade own samba version beyond 3.0.33 because this maximum version i get if i update my system to RHEL 5.5. With the version you have you won't make it work. You can use a more recent Sernet package for CentOS 5: http://ftp.sernet.de/pub/samba/ Ooops! I wrongly assumed you were on CentOS. You will find the Red Hat packages at the same Sernet address. -- http://linuxinterviews.blogspot.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 and samba 3.0.28
Sorry , again here. Windows 7 client joined Domain but user is unable to log on error is ' The trust relationship between this workstation and primary doamin failed'. Dumped again what may be reason of this error Thanks On Fri, Apr 16, 2010 at 6:49 PM, vishesh kumar linuxtovish...@gmail.comwrote: Thanks for suggestion. it worked . Thanks On Fri, Apr 16, 2010 at 5:11 PM, Miguel Medalha miguelmeda...@sapo.ptwrote: On 2010-04-16 12:20, Miguel Medalha wrote: May be this question asked earlier in list but i didn't able to search exact . I have samba+ldap domain setup on RHEL 5.1 and samba version is 3.0.28. Today i got a windows 7 system , but i am not able to join that system in our samba+ldap domain. Do i need to do any registry tweaking. I can't upgrade own samba version beyond 3.0.33 because this maximum version i get if i update my system to RHEL 5.5. With the version you have you won't make it work. You can use a more recent Sernet package for CentOS 5: http://ftp.sernet.de/pub/samba/ Ooops! I wrongly assumed you were on CentOS. You will find the Red Hat packages at the same Sernet address. -- http://linuxinterviews.blogspot.com -- http://linuxinterviews.blogspot.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 and samba 3.0.28
Thanks for reply. I make registry change but same error continues. On Fri, Apr 16, 2010 at 7:54 PM, Damien Dye damien.j@googlemail.comwrote: Have you place the registry keys in that are stated on the site ??? http://wiki.samba.org/index.php/Windows7 -- Damien Dye BSC(hon) On 16 April 2010 15:12, vishesh kumar linuxtovish...@gmail.com wrote: Sorry , again here. Windows 7 client joined Domain but user is unable to log on error is ' The trust relationship between this workstation and primary doamin failed'. Dumped again what may be reason of this error Thanks On Fri, Apr 16, 2010 at 6:49 PM, vishesh kumar linuxtovish...@gmail.com wrote: Thanks for suggestion. it worked . Thanks On Fri, Apr 16, 2010 at 5:11 PM, Miguel Medalha miguelmeda...@sapo.pt wrote: On 2010-04-16 12:20, Miguel Medalha wrote: May be this question asked earlier in list but i didn't able to search exact . I have samba+ldap domain setup on RHEL 5.1 and samba version is 3.0.28. Today i got a windows 7 system , but i am not able to join that system in our samba+ldap domain. Do i need to do any registry tweaking. I can't upgrade own samba version beyond 3.0.33 because this maximum version i get if i update my system to RHEL 5.5. With the version you have you won't make it work. You can use a more recent Sernet package for CentOS 5: http://ftp.sernet.de/pub/samba/ Ooops! I wrongly assumed you were on CentOS. You will find the Red Hat packages at the same Sernet address. -- http://linuxinterviews.blogspot.com -- http://linuxinterviews.blogspot.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- http://linuxinterviews.blogspot.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 and samba 3.0.28
Yes i restarted my samba pdc but not ldap server. One thing i want to know , Do i need to make any changes in smb.conf? Thanks On Fri, Apr 16, 2010 at 8:23 PM, John Drescher dresche...@gmail.com wrote: On Fri, Apr 16, 2010 at 10:50 AM, vishesh kumar linuxtovish...@gmail.com wrote: Thanks for reply. I make registry change but same error continues. Have you restarted the PDC and all BDCs. When I first tested win7 I forgot to restart 1 of my 3 BDCs after upgrading samba and that caused the error you are getting for me. John -- http://linuxinterviews.blogspot.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] long file name not supported
Dear all I have samba 3.0.28 on RHEL 5.2. From last 2 days i am facing a strange issue , one of my samba share on a specific xp client ask for short filename , when i try to paste a file with long filename. Ealier same setup never asked for any change in filename and even currently other xp client don't ask for short filename. It would be great help for me if someone guide me right direction. Thanks -- http://linuxinterviews.blogspot.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Group not updating - Active Directory Auth with Winbind - Is there a way to make it update?
I think on linux system you can view primary group of user, if suppose user is member of 'Domain Users' and 'sales' group , on linux system it just show 'Domain users' Thanks On 11/27/09, KJS li...@netzensolutions.com wrote: Hi Guys, I have a machine setup to auth over AD with winbind and it's working fine. However, I just added a user to a group on my Windows box in AD, when I am logged into Linux and i id the user it does not show the group I just added the user to. Is there a way of forcing it to update? I have tried restarting winbind and samba. Many Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- http://linuxinterviews.blogspot.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba + LDAP error in windows xp while ACL
Dear rajan Did you set ldap admin password for samba by using following command. root#smbpasswd -w ldap admin password By the way you can also use *pdbedit -Lv* command to ensure samba is communicating to ldap properly. Thanks On Tue, Nov 17, 2009 at 10:55 AM, D.Rajan rajand_2...@yahoo.com wrote: Dear All, What the files i need to be check to solve the problem. i am having PDC BDC r...@sangam:/var/log/samba# net getlocalsid SID for domain SANGAM is: S-1-5-21-4020846335-601350461-1468625926 r...@vaigai:~# net getlocalsid SID for domain VAIGAI is: S-1-5-21-4020846335-601350461-1468625926 Error while ACL from windows XP: ys...@sangam:/var/log/samba$ tailf log.kh-sys-02635 [2009/11/16 19:12:43, 0] printing/print_cups.c:cups_connect(69) Unable to connect to CUPS server localhost:631 - Connection refused [2009/11/17 09:32:28, 0] auth/auth_util.c:create_builtin_users(758) create_builtin_users: Failed to create Users [2009/11/17 09:32:32, 0] auth/auth_util.c:create_builtin_users(758) create_builtin_users: Failed to create Users [2009/11/17 09:32:49, 0] auth/auth_util.c:create_builtin_users(758) create_builtin_users: Failed to create Users [2009/11/17 09:32:49, 0] auth/auth_util.c:create_builtin_users(758) create_builtin_users: Failed to create Users [2009/11/17 10:26:38, 0] auth/auth_util.c:create_builtin_users(758) create_builtin_users: Failed to create Users [2009/11/17 10:27:03, 0] auth/auth_util.c:create_builtin_users(758) create_builtin_users: Failed to create Users [2009/11/17 10:27:29, 0] smbd/posix_acls.c:create_canon_ace_lists(1438) create_canon_ace_lists: unable to map SID S-1-5-21-4020846335-601350461-1468625926-3174 to uid or gid. As per your instruction i convert one systems from our domain to workgroup and restart the system and once again i convert to my domain, eventhough i am not able to give permission from my system. 1. In My client Xp system what i want to check regarding SID infomation ? 2. How to solve the unable to map SID error in server. I am having more than 2500 client system. C U Next Mail Raj Take Care HAVE A NICE DAY --- On Sun, 8/11/09, D.Rajan rajand_2...@yahoo.com wrote: From: D.Rajan rajand_2...@yahoo.com Subject: Samba + LDAP error in windows xp while ACL To: samba@lists.samba.org Date: Sunday, 8 November, 2009, 6:08 PM Dear all, I am using Samba + PDC LDAP in a single server. From last month onward i am facing problem When I set manualy the acl (setfacl -m g:group:rwx the_file) It's ok, the other domain member see the ACL But when I set the acl with a Windows Workstation, that's don't work it gives the furnished error : sys...@sangam:/var/log/samba$ tailf log.r-sys-03703 [2009/11/08 17:54:05, 0] auth/auth_util.c:create_builtin_users(758) create_builtin_users: Failed to create Users [2009/11/08 17:54:09, 0] passdb/pdb_ldap.c:ldapuser2displayentry(4211) sid S-1-5-21-3986255151-1643105893-2919334401-3002 does not belong to our domain . . . [2009/11/08 17:54:15, 0] auth/auth_util.c:create_builtin_users(758) create_builtin_users: Failed to create Users [2009/11/08 17:54:17, 0] smbd/posix_acls.c:create_canon_ace_lists(1438) create_canon_ace_lists: unable to map SID S-1-5-21-4020846335-601350461-1468625926-27594 to uid or gid. C U Next Mail Raj Take Care HAVE A NICE DAY The INTERNET now has a personality. YOURS! See your Yahoo! Homepage. The INTERNET now has a personality. YOURS! See your Yahoo! Homepage. http://in.yahoo.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- http://linuxinterviews.blogspot.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] DC priority, BDC prob with domain groups
Dear vandal By setting *os level* higher i think we can give preference to one server. Thanks On Tue, Nov 17, 2009 at 4:18 AM, Gaiseric Vandal gaiseric.van...@gmail.comwrote: There was an incorrect entry in smb.conf on BDC1 which mean it was not registering in WINS as a bdc. According to the Samba How To documentation, all other things being equal, Windows clients will use a bdc rather than a pdc. Now when I logon, I may get any of the three domain controllers. When I get BDC1 (Samba 3.0.37) I don't seem have problems. So my following problems remain: Can I adjust some variable so that one DC is more likely to be used by windows clients than another? Why does Samba 3.4.3 not seem to handle domain groups as members of local groups? If I connect from XP Pro client GATES [2009/11/16 17:34:46, 3] auth/auth.c:222(check_ntlm_password) check_ntlm_password: Checking password for unmapped user []...@[gates] with t he new password interface [2009/11/16 17:34:46, 3] auth/auth.c:225(check_ntlm_password) check_ntlm_password: mapped user is: [domain]...@[gates] ... It also looks like I may not get the same logon server each time I logon- so I guess my PC could have authenticated against one DC, and I could authenticate against another. Thanks On 11/13/09 19:04, Gaiseric Vandal wrote: Setting announce version = 4.5 in smb.conf on BDC2 did not change anything. (The other samba domain still use 4.9 as the default version.) Windows clients will still connect to BDC2 (if it is running.) On each DC, net getdomainsid and getlocalsid show that the local sid on each machine is the domain sid. BDC2# net getdomainsid SID for local machine BDC2 is: S-1-5-21-xxx-xxx-x99 SID for domain DOMAIN is: S-1-5-21-xxx-xxx-x99 BDC2# net getlocalsid SID for domain BDC is-xxx-xxx-x99 BDC2# Pdbedit -Lv, wbinfo -u and wbinfo -g all seem to give the same results Also BDC# wbinfo -t checking the trust secret via RPC calls succeeded Thanks -Original Message- From: Gaiseric Vandal [mailto:gaiseric.van...@gmail.com] Sent: Friday, November 13, 2009 12:48 PM To: samba@lists.samba.org Subject: DC priority, BDC prob with domain groups I have the following setup: PDC: Samba 3.0.37 on Solaris 10 BDC1: Samba 3.0.37 on Solaris 10 BDC2: Samba 3.4.3 on Solaris 10 Samba 3.0.37 is the bundled version of Samba. Samba 3.4.3 is compiled from source. BDC2 is a recent addition to the network. All machine use LDAP as the backend for everything. They use winbind to handle a domain trust with another domain, but otherwise isn't needed. If I start samba on BDC2 and logon to an XP (or Win 2003) Machine, the logon will be to BDC2.This can be verified with echo %logonserver%.Rebooting the XP machine is probably not necessary to see this. If I login as the domain administrator, I am effectively not considered a member of the local administrator group. If I look at the local Administrator group I will see the DOMAIN/Administrators as members. But I am unable to install software, see all local files, add users to local groups etc. OS level on all three DC's was not explictly set, so was 20 by default. I changed BDC2 to os level=0 and set the PDC to os level=33. I did not restart samba on PDC. It seems to be a browsing issue. I still logon to BDC2. So I have two issues: 1- How to make sure that the PDC (or PDC and BDC1) use used in preference to BDC2. I assume that something about BDC2 having a newer ver of samba is getting it priority. 2. What is wrong with the domain members in local users group. This may be a BDC config in general issue (and I just never found it because BDC1 never took precendence over PDC) or it may be something to do with Samba 3.4.x vs 3.0.x. Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- http://linuxinterviews.blogspot.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] adduser is contacting the AD server?
Look at /etc/nsswitch.conf On 11/12/09, robertobo...@bayviewassetmanagement.com robertobo...@bayviewassetmanagement.com wrote: Hello, I'm just wondering if someone stumble upon this. We are trying to create a local account but it looks like the adduser script is contacting the AD server for some reason and saying that the user already exists when it doesn't locally. Is there a way to disable adduser to contact AD or something similar? Thank you. [r...@server01~]# adduser user01 adduser: user user01 exists [r...@server01 ~]# user01 exists on AD but not on the local machine. I try removing winbind from the nsswitch.conf but that locks me out. Roberto Bouza -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Sent from my mobile device http://linuxinterviews.blogspot.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba unix group permissions problems
Dear mariano Why you not using 'force group' parameter . This will set group owner of newly created folder correctly. Thanks On Sat, Nov 7, 2009 at 3:33 AM, Mariano Absatz el.b...@gmail.com wrote: Any hints, anyone?... On Wed, Nov 4, 2009 at 08:47, Mariano Absatz el.b...@gmail.com wrote: Paul te Bokkel escribió el 04/11/09 06:47: Sounds like your nsswitch.conf to me, perhaps in combination with your ID backend. Check the output of: getent passwd accountname It should list any LDAP account, with the groups you have added them to.. Well... getent passwd mary yelds just the passwd entry, something like: mary:*:100036:10:Mary James:/home/DOMAIN/mary:/bin/bash nothing further than the primary Mary's group (10). However getent group accountatns does include mary: accountants:*:97019:mary,patricia My nsswitch.conf looks like this: ### nsswitch.conf ### passwd: files ldap [NOTFOUND=return] db group: files ldap [NOTFOUND=return] db shadow: files ldap hosts: files dns wins networks: files protocols: db files services: db files ethers: db files rpc:db files netgroup: nis ### nsswitch.conf ### and the ID backend parts of my smb.conf look like this: ## smb.conf ## ## # IDENTINTY MAPPING between windows and unix (SID == UID/GID) # WINBIND ## # http://samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html ## idmap backend = ldap:ldap://ldap0.i.domain.org # http://samba.org/samba/docs/man/manpages-3/smb.conf.5.html#IDMAPUID idmap uid = 9-9 # http://samba.org/samba/docs/man/manpages-3/smb.conf.5.html#IDMAPGID idmap gid = 9-9 # ALL relevant UID/GID are stored in LDAP # http://samba.org/samba/docs/man/manpages-3/smb.conf.5.html#LDAPSAM:TRUSTED ldapsam:trusted = yes # Manage users directly on LDAP # http://samba.org/samba/docs/man/manpages-3/smb.conf.5.html#LDAPSAM:EDITPOSIX ldapsam:editposix = yes # http://samba.org/samba/docs/man/manpages-3/smb.conf.5.html#IDMAPCONFIG # http://samba.org/samba/docs/man/manpages-3/smb.conf.5.html#IDMAPBACKEND idmap config DOMAIN:backend = ldap idmap config DOMAIN:ldap_url = ldap://ldap0.i.domain.org idmap config DOMAIN:ldap_user_dn = cn=admin,cn=config idmap config DOMAIN:ldap_base_dn = ou=idmap,o=domain idmap config DOMAIN:readonly = no #idmap config DOMAIN:default = yes #idmap config DOMAIN:range = 10-50 ## smb.conf ## I'm using samba 3.3.2 from the standard Ubuntu 9.04 packages (3.3.2-1ubuntu3.2), except that I rebuilt the ubuntu winbind package because the idmap ldap.so module is not included in it (see https://bugs.launchpad.net/ubuntu/+source/samba/+bug/397203). -- Mariano Absatz - El Baby el.b...@gmail.com www.clueless.com.ar -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Clarke's Third Law: Any sufficiently advanced technology is indistinguishable from magic. Arthur C. Clarke, 1973 English physicist science fiction author (1917 - 2008) -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- * TagZilla 0.066 * http://tagzilla.mozdev.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Mariano Absatz - El Baby www.clueless.com.ar -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- http://linuxinterviews.blogspot.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] problem with force group parameter
I also facing same issue. Does it mean that we cant specify secondary group as 'force group' in group. On 11/5/09, Andrey Zykov and...@dce.ifmo.ru wrote: Hello! I tryed to configure Debian Linux file server as Windows 2003 domain member using samba with security = ADS mode and stucked with such problem: File server (fs) succesfully joined my domain with correct user and group mapping (i'm using idmap rid). Users from domain have their unix accounts with DOMAIN_NAME\ prefix, i.e for domain user andrey i have local unix user: 'DOMAIN\andrey': fs:~# id DOMAIN\\andrey uid=8(DOMAIN\andrey) gid=10513(DOMAIN\пользователи домена) группы=10513(DOMAIN\пользователи домена),10512(DOMAIN\администраторы домена),11395(DOMAIN\сотрудники),10001(BUILTIN\users),1(BUILTIN\administrators) as you can see, user have uid=8, primary group gid=10513('DOMAIN\пользователи домена' - 'DOMAIN\domain users' in english) and few supplementary groups. Now i want to make a share restricted to use by users from one of supplementary groups, i.e. 11395(DOMAIN\сотрудники). I created a directory: fs:~# ls -l /home/sambashare/ | grep officepub drwxrwx--- 2 DOMAIN\adminDOMAIN\сотрудники 4096 Окт 26 20:28 officepub and checked that i can access it localy via ssh: fs:~# su DOMAIN\\andrey domain\and...@fs:/root$ cd /home/sambashare/officepub/ domain\and...@fs:/home/sambashare/officepub$ touch file domain\and...@fs:/home/sambashare/officepub$ rm file Next i added share definition in smb.conf with my group in 'force group' parameter: ... [officepub] comment = Office Public Share path = /home/sambashare/officepub force group = +DOMAIN\сотрудники read only = No browseable = No restarted samba, tried to access it via smbclient and got following error: fs:~# smbclient '\\fs\officepub' -U DOMAIN\\andrey Enter DOMAIN\andrey's password: Domain=[DOMAIN] OS=[Unix] Server=[Samba 3.2.5] smb: \ ls NT_STATUS_NETWORK_ACCESS_DENIED listing \* 0 blocks of size 0. 61680 blocks available smb: \ But in the same time i have similar working share with restriction by _primary_ group: fs:~# id DOMAIN\\andrey uid=8(DOMAIN\andrey) gid=10513(DOMAIN\пользователи домена) группы=10513(DOMAIN\пользователи домена),10512(DOMAIN\администраторы домена),11395(DOMAIN\сотрудники),10001(BUILTIN\users),1(BUILTIN\administrators) fs:~# ls -l /home/sambashare/ | grep pub drwxrwx--- 2 DOMAIN\adminDOMAIN\пользователи домена4096 Ноя 4 00:00 pub fs:~# su DOMAIN\\andrey domain\and...@fs:/root$ cd /home/sambashare/pub/ domain\and...@fs:/home/sambashare/pub$ touch file domain\and...@fs:/home/sambashare/pub$ exit exit fs:~# smbclient '\\fs\pub' -U DOMAIN\\andrey Enter DOMAIN\andrey's password: Domain=[DOMAIN] OS=[Unix] Server=[Samba 3.2.5] smb: \ ls . D0 Thu Nov 5 17:02:01 2009 .. D0 Wed Jun 3 18:22:47 2009 file 0 Thu Nov 5 17:02:01 2009 64000 blocks of size 8192. 28337 blocks available smb: \ So i've decided that problem is in the not working (or misundertandeted?) 'force group' parameter. What did i do wrong and how to fix this? Some technical information: Distro used: Debian Lenny, kernel 2.6.26-2-amd64 Samba version: 3.2.5-4lenny6 Domain Controller: Windows Server 2003 R2 Enterprise Edition smb.conf: http://pastebin.ca/1658364 Log file: http://pastebin.ca/1658368 P.S. Sorry for my english :-) -- Andrey Zykov e-mail: and...@dce.ifmo.ru jabber: z...@jabber.org. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Sent from my mobile device http://linuxinterviews.blogspot.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] posix user mapped to window users without idmap ?
Dear all I am using samba+ldap as PDC , now i want a create a BDC that takes over domain logon process process when PDC become down by taking users/groups information from slave ldap server . My shares are present on disk which is accessible both by PDC and BDC and permission given to POSIX uesrs and group which i think internally mapped to samba users/groups. Now since ldap storing posix users/groups as well as samba users/group so is any need to configure IDMAP in smb.conf ? Does slave ldap server not map posix users/groups to samba users/groups correctly without configuring IDMAP ? Thanks -- http://linuxinterviews.blogspot.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Idmap purpose
Dear all I m using samba+master ldap server as pdc and samba +slave ldap server as bdc. I want to know is there any need to use idmap in this configuration Thanks -- Sent from my mobile device http://linuxinterviews.blogspot.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samab unable to contact ldap or something else
Dear all I am trying to configure samba+ldap on our rhel 5.2 server. samba version is 3.0.33-3.14.el5 and openldap version is openldap-2.3.43 . My samba configuration is #=== Global Settings === [global] workgroup = abp server string = abpdel1 netbios name = abp security = user passdb backend = ldapsam:ldap://127.0.0.1 ldap suffix = dc=abp=,dc=del ldap machine suffix = ou=Computers,dc=abp,dc=del ldap user suffix = ou=People,dc=abp,dc=del ldap group suffix = ou=Group,dc=abp,dc=del ldap admin dn= cn=Manager,dc=abp,dc=del domain master = yes domain logons = yes add user script = /usr/sbin/smbldap-useradd %u add group script = /usr/sbin/smbldap-groupadd %g add machine script = /usr/sbin/smbldap-useradd -w %u delete user script = /usr/sbin/smbldap-userdel %u delete group script = /usr/sbin/smbldap-groupdel %g local master = yes os level = 65 preferred master = yes # Share Definitions == [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon guest ok = yes writable = no share modes = no = My ldap configuration is ok because i tested ldap separately but my samba service die automatically by generationg following error messages in /var/log/samba/smb.log lib/smbldap_util.c:smbldap_search_domain_info(263) smbldap_search_domain_info: Problem during LDAPsearch: Time limit exceeded lib/smbldap_util.c:smbldap_search_domain_info(264) smbldap_search_domain_info: Query was: dc=abp=,dc=del, ((objectClass=sambaDomain)(sambaDomainName=ABP)) passdb/pdb_ldap.c:pdb_init_ldapsam(5667) pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the domain pdb_init_ldapsam: Continuing on regardless, will be unable to allocate new users/groups, and will risk BDCs having inconsistant SIDs services/services_db.c:svcctl_init_keys(420) svcctl_init_keys: key lookup failed! (WERR_ACCESS_DENIED) abpdel1 smbd[3664]: [2009/10/22 15:43:23, 0] smbd/server.c:main abpdel1 smbd[3664]: ERROR: failed to setup guest info. Any suggestions in this regard will greatly appreciated Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] failed to setup guest info
Dear friends Today i am trying to setup samba+ldap on one of my server, and facing following problem Oct 22 15:43:23 abpdel1 smbd[3664]: [2009/10/22 15:43:23, 0] services/services_db.c:svcctl_init_keys(420) Oct 22 15:43:23 abpdel1 smbd[3664]: svcctl_init_keys: key lookup failed! (WERR_ACCESS_DENIED) Oct 22 15:43:23 abpdel1 smbd[3664]: [2009/10/22 15:43:23, 0] smbd/server.c:main Oct 22 15:43:23 abpdel1 smbd[3664]: ERROR: failed to setup guest info. -- ldap is working perfectly i tested ldap functionality separately. What may be the issue thanks My smb.conf is with attachment thnks http://linuxinterviews.blogspot.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] migrate Windows Active Directory Users to Samba+LDAP
I was also searching for same. Thnks for suggestion On 10/21/09, mor...@tuxedo.darktech.org mor...@tuxedo.darktech.org wrote: On Tue 20/10/09 4:34 AM , Osmany Goderich Navarro osm...@oc.quimefa.cu wrote: utility that's built in AD and it works fine. I can specifically extract de OU of my interest but the problem is that the users in the output file come out with lots of attributes that are not compatible with the samba schema. I'm wondering if there is some script that can restructure and modify the users so that I can import these users to OpenLDAP with a simple ldapadd command. There aren't any that I'm personally aware of (maybe others on the list know of scripts that I don't know about), but once you have an LDIF it's all text. You could slap a Perl or Python script together in no time; these scripts tend to be very site-specific. The Windows 2003 'R2' LDAP schema for AD is RFC 2307 compliant, so if your target LDAP directory is RFC 2307, it should be a piece of cake. Either you add the necessary AD attributes to your LDAP schema, or you simply weed the ones you don't care about out of the of the LDIF by using something along the lines of what 'grep -v' does. If you're using some other ActiveDirectory schema, I'm afraid it's going to be rather harder. Message sent via Atmail Open - http://atmail.org/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Sent from my mobile device http://linuxinterviews.blogspot.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Authentication with a windows password server
Dear wispa does machine name or workgroup name collide in your network. Send smb.conf configuration for detail analysis thanks On Mon, Oct 5, 2009 at 9:03 PM, wispa oliver.s...@googlemail.com wrote: Hi all, I'm trying to set up Samba on a client's computer so that it authenticates the users which are accessing it via a windows domain controller and kerberos. I've been following various tutorials and it all seems to go through correctly but when the client tries to access the shares, it doesn't accept his credentials and won't get past the login window. The only failure seems to be within the nmbd log which says this (I've changed the domain name / IPs): [2009/10/05 16:27:43, 0] nmbd/nmbd_nameregister.c:register_name_response(129) register_name_response: server at IP 192.168.1.122 rejected our name registration of DOMAIN00 IP 192.168.1.120 with error code 6. [2009/10/05 16:27:43, 0] nmbd/nmbd_mynames.c:my_name_register_failed(35) my_name_register_failed: Failed to register my name DOMAIN00 on subnet 192.168.1.120. Now the odd thing is that 192.168.1.120 is the samba machine but 192.168.1.120 is a proxy server and doesn't seem to be referenced anywhere. Could this be a result of the windows machines not being set up correctly or would this be something incorrectly set up on the linux machine? I can't seem to figure it out. Many thanks. Oliver -- View this message in context: http://www.nabble.com/Samba-Authentication-with-a-windows-password-server-tp25752970p25752970.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- http://linuxinterviews.blogspot.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Can winning authenticate users from two AD groups?
What exactly error, does it give login / password error while connecting samba box from windows. thnks On Wed, Sep 16, 2009 at 2:45 AM, Joel_Therrien joel_therr...@uml.eduwrote: Hello, I am trying to authenticate users from two seperate groups within our active directory listings: faculty and students. I can do wbinfo -a on users from both groups. But when students try to access samba shares they cannot. Since I am using PAM for authentication, I had them try logging into the Linux box. They can do that using the exact same credentials they tried with the samba login. Faculty have no issues. I have the samba.conf file and log files available if needed. Thanks in advance for any help, this issue is preventing my students from having easy access to the lab's data file server. Joel Therrien Ast. Professor, Electrical and Computer Engineering -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- http://linuxinterviews.blogspot.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] sambaprimaryGroupSid
thanks for solution. On Fri, Aug 14, 2009 at 5:45 PM, David Wells david_wells...@yahoo.com.arwrote: David Wells escribió: Dear Vishesh, Thank you very much for your reply. Please allow me to clarify. I have created a root user in my LDAP directory wich has 0 as it's UID and as it's GID. Additionally it has a sambaPrimaryGroupSid of S-1-5-21-XX-XX-X-512 so it should be equivalent to the windows Domain Administrator account. However when I query samba to see this users information I get that it's Primary Group SID is S-1-5-21-XX-XX-X-513 even though it's correctly setup in LDAP. Thank you again. Best regards, David Wells. Just in case anybody encounters this issue I found that if the root user is named anything diferent from Administrator or has 0 as its GID samba will set it's Primary Group SID to 513, regardless of what the user has stored in LDAP. Renaming the user to Administrator and setting its GID to anything but 0 solved the problem. Thank you very much Best regards, David Wells. -- http://linuxinterviews.blogspot.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] can't write to share
Dear dale i think there should be guest account = username entry in global section. thanks On Fri, Aug 14, 2009 at 12:45 AM, Dale Schroeder d...@briannassaladdressing.com wrote: From this example, http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/FastStart.html#anon-rw it looks like you need force user and force group parameters. Dale Leonardo Carneiro wrote: hi everyone. i just want to create a share that anyone can read and write. simple that. what i'm doing wrong? here is my smb.conf [global] netbios name = delsoftserver writeable = yes server string = Samba Server Version %v workgroup = WORKGROUP security = share passdb backend = tdbsam unix charset = ISO8859-1 [FFe] writeable = yes path = /dados/NFe public = yes create mask = 0777 force create mode = 0777 directory mask = 02777 force directory mode = 02777 guest ok = yes browsable = yes read only = no -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- http://linuxinterviews.blogspot.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] sambaprimaryGroupSid
Dear david Do your root working as domain admin? I think you have to modify your ldap database for that Thanks On Thu, Aug 13, 2009 at 1:22 AM, David Wells david_wells...@yahoo.com.arwrote: Hi all! I'm configuring a samba PDC with an LDAP sam. Everything is working great except that when I do pdbedit -Lv root (which is my Domain Administrator account) I see that it's getting a Primary Group SID value of S-1-5-21-XX-XX-X-513 instead of the S-1-5-21-XX-XX-X-512 that is stored in my LDAP tree. Does someone know why this is happening and how could I get my root user to have Domain Administrators as it's primary group? Thank you very much! Best regards, David Wells. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- http://linuxinterviews.blogspot.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] This is happening during config
Does kernel header present your system ? Thnks On Mon, Aug 10, 2009 at 12:18 PM, Michael Heydon micha...@jaswin.com.auwrote: Chris Lavin wrote: configure: WARNING: sys/mount.h: check for missing prerequisite headers Did you do this? Your other message also mentions missing headers. You probably need to install various header/development packages. Do you really need to be compiling from source? Using your distro's packages is much simpler and less likely to cause problems down the track. *Michael Heydon - IT Administrator * micha...@jaswin.com.au mailto:micha...@jaswin.com.au -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- http://linuxinterviews.blogspot.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] I am try to install samba on debian 2.6
Dear samatha You can samba as PDC in place of Windows AD. Clarify your requirement, do u want tdbsam to store your users and computer account information or ldap database for same. If you opt for ldap, other than samba you have to configure openldap server. If you are at initial stage i will recommend to use tdbsam. Thanks On Fri, Aug 7, 2009 at 9:32 AM, Samantha Bandara hera_...@yahoo.com wrote: i am new to samba i want install PDC on debian2.6 with xp prop. please help me -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- http://linuxinterviews.blogspot.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] moving from nt4 to active directory
Dear Try to use winbind, that will map your Windows Ad users to linux, no need to maintain separate password. thanks On Thu, Aug 6, 2009 at 8:09 PM, jthrumston jthru...@crhc.org wrote: I have 2 AIX systems that run Samba. We are currently on an NT4 domain and moving to Active directory. I am trying to find out what all would be needed to make that transition. The only authenification is for users connecting to their shares. I read one site via Google that states I need to create a user (Rocky) on both Samba and the AD server with different passwords but this does not seem right. My AIX servers are version 5.3 I am running an older version of Samba 2.2.7-4 but could upgrade if needed. The AD servers are Win2K3. I was just wondering if anyone else has done this and if maybe someone could shed some light on the procedure to do this. I am not well versed in Samba (I can bang around but don't know all the ins and outs) Thanks -- View this message in context: http://www.nabble.com/moving-from-nt4-to-active-directory-tp24834321p24834321.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- http://linuxinterviews.blogspot.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] I am try to install samba on debian 2.6
Dear where On Fri, Aug 7, 2009 at 11:31 AM, Helmut Hullen hul...@t-online.de wrote: Hallo, Samantha, Du meintest am 06.08.09: i am new to samba i want install PDC on debian2.6 with xp prop. Do you need a PDC (something like a Microsoft controller, with Microsoft behaviour), or do you need a Samba server for Windows clients? PDC leads very quickly to LDAP, and that's another problem. If your Samba server is the only SMB server in the LAN then security = user passdb backend = tdbsam is a simple and well working solution. Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- http://linuxinterviews.blogspot.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Use windows to set file permissions.
If you mount ext3 formatted partition, with support of acl then it is possible to set acl permission using windows Thanks 2009/6/22 Björn Meier bjoern.me...@googlemail.com Of course, it works. I use it in my domain with ACL-support. 赵老师 wrote: Windows? no way~~ 2009/6/22 Johan Hendriks jo...@double-l.nl I have searched for a howto, but could not find one. Is it possible to use a windows workstation to set ACL attributes on files, or the share itself. Regards, Johan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Error trying to create LOCAL groups Users
Dear Mike Edit /etc/nsswitch.conf file, this file is reponsible for local system authentication, nsswitch.conf should look like following, but remember to store original nsswitch.conf file before editing. passwd : files shadow: files group: files After creating users restore original nsswitch.conf file thanks On Tue, Mar 10, 2009 at 11:47 PM, Mike Hurst mhu...@creditacceptance.comwrote: We are running Samba 3.033 / Winbind on RHEL5 x64 that authenticates to our AD domain. We need to create a few LOCAL service accounts and groups (for Oracle) however when we try to add the user group accounts, we get the error: groupadd: group dba exists. This is because we have a domain account with the same name, but we do not want to use the domain group, we want a new local only group. Is there a way we can add the local user group accounts without it looking the account up in AD first? Thanks! Mike Hurst UNIX Administrator -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Fwd: win xp machine disconnected from share and repeated authentication required
Dear ambasta Can you try following command on xp net config server /autodisconnect:0 thanks On Fri, Feb 20, 2009 at 9:06 AM, Pramathesh Ambasta pramathesh.amba...@gmail.com wrote: Sorry for posting this again. But i have not been able to find a satisfactory resolution to this. I urgently need to attend to this issue and would be very grateful for some help on this. Regards Pramathesh -- Forwarded message -- From: Pramathesh Ambasta pramathesh.amba...@gmail.com Date: Wed, Feb 18, 2009 at 8:31 PM Subject: win xp machine disconnected from share and repeated authentication required To: samba@lists.samba.org I have set up a Ubuntu 8.04 server for file and print sharing on a small network. The server runs smbd version 3.0.28a. The samba server is a standalone server and is used by some users to access common data. The scheme is that all users have a Unix account on the server. When they want to access the shared service, they are asked for a password after which they can work. One of the machines on the network is a win xp SP2 machine on which the user had already logged in, but in trying to attach a file from the server in Outlook Express got an error message that the file could not be found. He had to go to Network Neighborhood, click on the shared service, authenticate again. This happened quite a few times within a fairly short span of time. An examination of the log for the machine (log.hpm with IP 192.168.1.6) shows some connection reset by peer messages. I have browsed on the net and come across several people reporting similar issues with earlier versions of samba but have not come across a definitive solution. Is this an smb ports = 445 issue or a network card/connection failure? Why does the log below show a write failure on 0.0.0.0? The log also shows some failures to create built in users. Will be very grateful on help/pointers on this. Below is a cutting of the relevant sections from log.hpm followed by the smb.conf file. Thanks in advance Pramathesh *log.hpm* [2009/02/18 10:49:57, 1] smbd/service.c:make_connection_snum(1033) hpm (192.168.1.6) connect to service DataShare initially as user mih (uid=1003, gid=119) (pid 10051) hpm (192.168.1.6) closed connection to service DataShare [2009/02/18 15:20:42, 0] auth/auth_util.c:create_builtin_administrators(792) create_builtin_administrators: Failed to create Administrators [2009/02/18 15:20:42, 0] auth/auth_util.c:create_builtin_users(758) create_builtin_users: Failed to create Users [2009/02/18 15:20:42, 0] auth/auth_util.c:create_builtin_administrators(792) create_builtin_administrators: Failed to create Administrators [2009/02/18 15:20:42, 0] lib/util_sock.c:write_data(562) write_data: write failure in writing to client 192.168.1.6. Error Connection reset by peer [2009/02/18 15:20:42, 0] lib/util_sock.c:send_smb(761) Error writing 4 bytes to client. -1. (Connection reset by peer) [2009/02/18 15:20:42, 0] auth/auth_util.c:create_builtin_users(758) create_builtin_users: Failed to create Users [2009/02/18 15:20:42, 0] lib/util_sock.c:write_data(562) write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer ** ***smb.conf* [global] workgroup = DOMAIN server string = SERVER (MAIN) dns proxy = no log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d security = user passdb backend = tdbsam obey pam restrictions = yes invalid users = root unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes map to guest = bad user usershare allow guests = yes username map = /etc/samba/smbusers [printers] comment = All Printers browseable = no path = /var/spool/samba printable = yes create mask = 0700 [print$] comment = Printer Drivers path = /var/lib/samba/printers [DataShare] path = /home/core/DataShare writeable = yes ;browseable = yes valid users = specific, valid, user, names, listed, here directory mask = 0770 create mask = 0660 force group = groupname ** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] changing owner and group
Dear Marc You can set SGID bit on file to avoid this problem. Set SGID bit using 'create mask ' parameter in smb.conf thanks On Sat, Jan 24, 2009 at 5:29 AM, Marc Fromm marc.fr...@wwu.edu wrote: Is there a way to prevent a samba connection from changing the file owner and group? Users connect to the website on a linux box from windows desktops with Dreamweaver. Each time a user edits a file that file's owner and group is changed from apache and developers to username and username, thus preventing other users from editing the file. Can I set an option in samba to leave the owner and groups alone? Thanks Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] disconnect specific share
Dear all I want to take backup of a specific partition that is shared using samba , for that i need to stop samba sharing of that partition. I want to do this without stopping samba service. I there any way to do that? thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] recycle vfs module
Dear all I am using samba 3.0.28 on RHEL5.2. I configured VFS to store deleted file from samba share. Now i want to write script to delete files from recycle store after 7 days of deleting file from samba share. How i know the date when file was deleted from samba share. Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] read failure for 4 byte
Dear all My server running samba 3.0.28 on RHEL 5.2 . Samba acting as File Server using winbind to authenticate AD users. Following messages repeatedly generated in /var/log/messages by samba -- Dec 30 09:48:37 abpdel2 smbd[10945]: [2008/12/30 09:48:37, 0] lib/util_sock.c:get_peer_addr(1232) Dec 30 09:48:37 abpdel2 smbd[10945]: getpeername failed. Error was Transport endpoint is not connected Dec 30 09:48:37 abpdel2 smbd[10945]: [2008/12/30 09:48:37, 0] lib/util_sock.c:read_data(534) Dec 30 09:48:37 abpdel2 smbd[10945]: read_data: read failure for 4 bytes to client 0.0.0.0. Error = Connection reset by peer --- What may be reason of this log messages? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] replace winbind with ldap
dear madars I am not migrating for interest but want to free server running windows active directory. Group Policy has not been implemented in our enviroment. thanks On Mon, Dec 15, 2008 at 1:59 PM, Madars Vitolins m...@silodev.eu wrote: Hi Vishesh, Why do you want to migrate to openLdap? Just for interest. One thing about your case I could say that openLdap won't support group policy. Thanks, Madars vishesh kumar wrote: dear all Currently i am using samba 3.0.28 with windbind on rhel5.2. Our network consist almost 200 users and window 2003 active directory which holds domain data. Now i want to replace active directory with openldap. I want to know is there any tool that help to migrate Active Directory data to openldap ? thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] replace winbind with ldap
Dear madars On Mon, Dec 15, 2008 at 4:44 PM, Madars Vitolins m...@silodev.eu wrote: Well, I would like to know the actual reason :) Is the licence price too high? Stability of the Win2003 Server? Or... virus posibilities? Something else? Well, I have similar situation, with not such count of client machines, but plan is to migrate to samba. I just wanted to know your reason. Thanks, Madars vishesh kumar wrote: dear madars I am not migrating for interest but want to free server running windows active directory. Group Policy has not been implemented in our enviroment. thanks On Mon, Dec 15, 2008 at 1:59 PM, Madars Vitolins m...@silodev.eum...@silodev.euwrote: Hi Vishesh, Why do you want to migrate to openLdap? Just for interest. One thing about your case I could say that openLdap won't support group policy. Thanks, Madars vishesh kumar wrote: dear all Currently i am using samba 3.0.28 with windbind on rhel5.2. Our network consist almost 200 users and window 2003 active directory which holds domain data. Now i want to replace active directory with openldap. I want to know is there any tool that help to migrate Active Directory data to openldap ? thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] replace winbind with ldap
Dear madars since linux server is already running in our enviroment then why waste money on windows license too. Another reason is maintaining multiple server is just wastage of resources if all purpose all be solved by one linux server only thanks On Mon, Dec 15, 2008 at 4:44 PM, Madars Vitolins m...@silodev.eu wrote: Well, I would like to know the actual reason :) Is the licence price too high? Stability of the Win2003 Server? Or... virus posibilities? Something else? Well, I have similar situation, with not such count of client machines, but plan is to migrate to samba. I just wanted to know your reason. Thanks, Madars vishesh kumar wrote: dear madars I am not migrating for interest but want to free server running windows active directory. Group Policy has not been implemented in our enviroment. thanks On Mon, Dec 15, 2008 at 1:59 PM, Madars Vitolins m...@silodev.eum...@silodev.euwrote: Hi Vishesh, Why do you want to migrate to openLdap? Just for interest. One thing about your case I could say that openLdap won't support group policy. Thanks, Madars vishesh kumar wrote: dear all Currently i am using samba 3.0.28 with windbind on rhel5.2. Our network consist almost 200 users and window 2003 active directory which holds domain data. Now i want to replace active directory with openldap. I want to know is there any tool that help to migrate Active Directory data to openldap ? thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] replace winbind with ldap
dear all Currently i am using samba 3.0.28 with windbind on rhel5.2. Our network consist almost 200 users and window 2003 active directory which holds domain data. Now i want to replace active directory with openldap. I want to know is there any tool that help to migrate Active Directory data to openldap ? thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NT_STATUS_ACCESS_DENIED
Dear all i also faced this problem few days back. I recreated trust and problem resolved, thanks On Wed, Dec 3, 2008 at 3:37 PM, Mailing List SVR [EMAIL PROTECTED]wrote: Hi all, I have a samba PDC (with ldap), all ok for several months since today users experience very slow login, in my log I have : [2008/12/03 11:00:18, 0] auth/auth_util.c:create_builtin_administrators(792) create_builtin_administrators: Failed to create Administrators [2008/12/03 11:00:18, 0] auth/auth_util.c:create_builtin_users(758) create_builtin_users: Failed to create Users net sam createbuiltingroup Users give NT_STATUS_ACCESS_DENIED and wbinfo -g Error looking up domain groups until yesterday all was ok, what can be the origin of this problems? I think isn't a configuration issue, I repeat myself the same configuration is working since several months, a google search give several results with similar problems but seems none is able to solve thanks for your help, regards Nicola -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba upgradation
Dear all I know that this is very basic questions but i unable to find out solution for this. I want to upgrade my samba version without disturbing running configuration. is any sort of patching is possible is samba as we do for linux kernel? thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbd process list
Dear all My server running samba 3.0.28 on RHEL 5.2 command 'ps -aux | grep smbd' list running process in following format root 29334 0.0 0.1 15748 4384 ?S13:41 0:03 smbd -D 16777231 29413 0.0 0.0 15712 3880 ?S13:42 0:00 smbd -D ABP\anil 29414 0.0 0.0 15588 4076 ?S13:42 0:00 smbd -D 16777291 29440 0.0 0.1 15992 4292 ?S13:43 0:00 smbd -D 16777317 30281 0.0 0.0 15768 4040 ?S13:59 0:00 smbd -D 16777242 30475 0.0 0.0 15592 3896 ?S14:03 0:00 smbd -D in first column, some process display root, some display uid number of user and some display name of user. I eager to know why smbd process run under diffrent users. thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] long filename
Dear all My server running samba 3.0.28 on RHEL 5.2 using winbind to authenticate user from window 2003 AD. Today i got a strange problem, a user working on window xp client trying to copy a file on samba share, but this process ask for short name for file,denying copying long filename's file. Our other clients are working perfectly, and day before today that clients also had no such issue. thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba authentication PAM/LDAP
On Thu, Nov 13, 2008 at 4:22 AM, Volker Lendecke [EMAIL PROTECTED]wrote: On Wed, Nov 12, 2008 at 03:41:12PM -0700, Christian McHugh wrote: On Wed, Nov 12, 2008 at 03:53:51PM -0500, Lenny Shovsky wrote: Can Samba authenticate directly ( through pam_ldap ? ) via LDAP, which only has Unix uids password hashes ? Thank you. No. You need to store the NT hashes somewhere, either in LDAP or in another passdb backend. What about the nss winbind backend? Couldn't you setup nss_ldap and pam_ldap, and still run a samba server with the nss winbind backend? Sure. But someone in the end must have the NT hashes. In the case of winbind it's a domain controller. Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba dear all Does NT hashes require even if we use kerberos for authentication?. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba performance degrade
Thanks for attention But there is no networking related issue, the server is perfectly accessible for ftp server. Also there is no RTO for ping to samba server. The only new thing that i done is configured DNS slave server on that. On Wed, Oct 22, 2008 at 10:28 PM, Hoover, Tony [EMAIL PROTECTED] wrote: have you ruled out a networking problem? (i.e. Switch didn't auto-neg to the same speed/duplex settings as the server)? Tony Hoover, Network Administrator KSU - Salina, College of Technology and Aviation (785) 826-2660 Don't Blend in... -Original Message- From: [EMAIL PROTECTED] [mailto:samba-bounces+hoover samba-bounces%2Bhoover=sal.ksu.edu@ lists.samba.org] On Behalf Of vishesh Sent: Wednesday, October 22, 2008 4:55 PM To: samba@lists.samba.org Subject: [Samba] samba performance degrade dear all I am using samba 3.0.28 on RHEl 5.2. I am using samba with winbind that authenticate window 2003 domain. From last few months samba was running properly. But today samba server performance badly, even sometime mapped drive on xp disappear. When i tried to connect samba shares, error appear server not available. Anyone suggest me what may be the problem. Why samba performance degrade after running around a month. my configuration is as follows #=== Global Settings = [global] #--authconfig--start-line-- # Generated by authconfig on 2008/09/04 22:25:21 # DO NOT EDIT THIS SECTION (delimited by --start-line--/--end-line--) # Any modification may be deleted or altered by authconfig in future workgroup = abp password server = s2.abp.del realm = ABP.DEL security = ads idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/bash winbind use default domain = true winbind offline logon = false winbind enum users = yes winbind enum groups = yes #--authconfig--end-line-- server string = netbios name = abpdel2 admin users = @abp\domain admins # --- Network Related Options - # passdb backend = tdbsam map read only = no ;map system = no ;store dos attributes = yes hide dot files = yes veto files=/lost+found/Trash/Recycler # Share Definitions == ;[homes] ;comment = Home Directories ;browseable = no ;writeable = yes ;valid users = %S ;valid users = MYDOMAIN\%S ;[printers] ;comment = All Printers ;path = /var/spool/samba ;browseable = no ;guest ok = no ;writeable = no ;printable = yes # Un-comment the following and create the netlogon directory for Domain Logons ;[netlogon] ;comment = Network Logon Service ;path = /var/lib/samba/netlogon ;guest ok = yes ;writable = no ;share modes = no # Un-comment the following to provide a specific roving profile share # the default is to use the user's home directory ;[Profiles] ;path = /var/lib/samba/profiles ;browseable = no ;guest ok = yes # A publicly accessible directory, but read only, except for people in # the staff group ;[public] ;comment = Public Stuff ;path = /home/samba ;public = yes ;writable = yes ;printable = no ;write list = +staff [design] comment = home folder for design department path = /data/design vfs object = recycle recycle:repository = /data/design/Trash recycle:keeptrace = Yes writeable = yes create mask = 644 directory mask = 2755 [home] comment = home folder for bwedit path = /data/edit/home vfs object = recycle recycle:repository = /data/edit/home/Trash recycle:keeptrace = Yes writeable = yes create mask = 644 directory mask = 2755 [user] comment = home directory to tt feature and ab edit users path = /data/edit/user vfs object = recycle recycle:repository = /data/edit/user/Trash recycle:keeptrace = Yes writeable = yes create mask = 644 directory mask = 2755 [mark] comment = marketting users path = /data/marketting vfs object = recycle vfs:repository = /data/marketting/Trash vfs:keeptrace = Yes writeable = yes create mask = 644 directory mask = 2755 [system] comment = home folder for it path = /data/system vfs object = recycle recycle:repository = /data/system/Trash recycle:keeptrace = Yes writeable = yes [com] path=/data/marketting/com vfs object = recycle recycle:repository = /data/marketting/Trash recycle:keeptrace = Yes writeable=yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe
[Samba] acl owner
dear all i am using winbind for samba authentication. I just want to know does acl permission can be reset only by root and owner of file/folder ?. does any way to allow domain admins to reset acl of any file/folder. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] acl reset
dear all i am using samba 3.0.28-0 on EL5.2 with winbind that get users and group window 2003 active directory (native mode). i implemented acl for user and group permission. What i want that regardless of file/folder group owner, member of AD 'domain admins ' can change acl of any file/folder. Thanking you -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] inherited acl
Thanks Willy and Roberto testparm -vis serving my purpose. Another doubt i have is related with acl. Even though by default inherit permissions = No inherits acls =No map acl inherit = No New files and folder is inheriting permission from parent. thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba