Re: [Samba] Samba 4
On Thu, 2013-02-21 at 12:20 +0100, Markus Bajones wrote: first hit on google. http://wiki.samba.org/index.php/Samba_AD_DC_HOWTO Or, even *BETTER*, skip the stupid search engines [which will lead you astray as often as not] - and just go to www.samba.org. Huge time saver! -- Adam Tauno Williams GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] LDAP recommendations please
On Thu, 2013-02-21 at 16:36 +, ray klassen wrote: Actually I was hoping to use the new internal LDAP as the master. I notice that http://www.windowsitpro.com/content1/topic/integrate-active-directory-and-openldap-98449/catpath/ldap has an article on using slapd as a proxy to Active Directory. This one loks even better. Never used 389Server but there's a first time for everything http://www.linuxmail.info/ad-fds-sync-howto/ (I did google this before I asked the question, but I was searching for samba4 ldap, not active directory ldap. I hope samba4 AD is that similar that I can pull similar stunts to the ones described) Upgrading to AD requires that you use our internal LDAP backend. https://wiki.samba.org/index.php/Samba4/FAQ stop with the googling, and just look at the docs. https://wiki.samba.org/index.php/Samba4/beyond The wiki has an openLDAP proxy to AD section. -- Adam Tauno Williams GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Thank-you to Samba developers
On Mon, 2012-04-30 at 15:52 -0500, nicholas geovanis wrote: Here's a short quote from a work-related email I sent earlier today, announcing AD authentication from a linux VM. It expresses my awe at the folks who write and maintain Samba, and it's long overdue from me: It’s been 3 or 4 years since I configured Samba; it’s always a challenge for me, mainly due to my poor understanding of MSoft networking. +1 Samba I think often gets a bum wrap for 'complexity' by virtue of people just not understanding how MSoft intends it to work. Then when it works, It is crazy amazing how well it works out-of-the-box. I offer a silent prayer for those crazy Australians who originated it. The pain they must have endured in getting it to work boggles my mind. In that respect it may be the most impressive open-source project out there, and they haven’t slowed-down in the least. +1 BTW, they accept donations http://www.samba.org/samba/donations.html -- Adam Tauno Williams GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] AD DC LDAP support for the 'password change' extended operation
On Thu, 2013-02-07 at 08:25 +1100, Andrew Bartlett wrote: On Mon, 2013-02-04 at 10:31 +0100, Luis Angel Fernandez Fernandez wrote: ldappasswd -d4 -h 192.168.0.137 cn=juan.lapuerta,ou=alisys.net ,dc=aliratiun,dc=tic ldap_build_search_req ATTRS: supportedSASLMechanisms SASL/GSSAPI authentication started SASL username: administra...@aliratiun.tic SASL SSF: 56 SASL data security layer installed. Result: Protocol error (2) Additional info: Extended Operation(1.3.6.1.4.1.4203.1.11.1) not supported But I think I read somewhere that that extended operation is supported. I can help on this part of the question: No, the extended operation is not supported - it remains a wishlist item that one of our developers was working on at some point, but has not progressed beyond that. Luis, that is Bug#5611 https://bugzilla.samba.org/show_bug.cgi?id=5611 -- Adam Tauno Williams System Administrator, OpenGroupware Developer, LPI / CNA Fingerprint 8C08 209A FBE3 C41A DD2F A270 2D17 8FA4 D95E D383 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Upgrading from 4.0.0 to 4.0.3
On Wed, 2013-02-06 at 13:14 +, Brian Haupt wrote: I have the same question. +1 [and PLEASE bottom post] -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Thomas Simmons Sent: Tuesday, February 05, 2013 2:15 PM To: samba@lists.samba.org Subject: [Samba] Upgrading from 4.0.0 to 4.0.3 I made note the following in the 4.0.3 release notes about upgrades: o For more details concerning the ACL problem with delegation of privileges and deletion of accounts over LDAP interface (bugs #8909 and #9267) regarding upgrades from older 4.0.x versions, please see http://wiki.samba.org/index.php/Samba_AD_DC_HOWTO#Upgrading A related question - what if I have multiple Samba4DCs. One is 4.0.1, and one is 4.0.3... will it remain healthy. [I assume so]. which will be filled with details once we have worked out an upgrade strategy. I assume the ACL problems being referred to here are the reason I have acl search:false in my smb.conf. Is it OK to perform the upgrade now, if that is left in smb.conf? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Web Site E-mail Server authentication with Samba4
On Mon, 2013-02-04 at 12:16 +0530, Vijay Thakur wrote: I have a running Samba4 Server. I am able to authenticate Windows and Linux Clients very. (1) I want to use samba4 as SSO. In this regard my next step is to authenticate our web site users from samba4 server. In this web site, at home page our corporate users give their e-mail address usern...@companydomain.com and password (not e-mail password). (2) Our E-mail server is hosted on cloud. We want to deploy our own in-house E-mail Server. The users of E-mail server will be authenticated from Samba4. In precise, i want to turn my samba server a SSO in my required two scenario. SSO means Kerberos (GSSAPI) or NTLM. There really isn't anything specific about this for Samba4. If you can configure SSO for Active Directory [Microsoft] then you can configure it for Samba4. Not that a lot of people read SSO and think single-password/authenticated-against-LDAP but that is not SSO. SSO is no username/password prompt at all; the application already knows who the user is. The beyond Wiki page @ http://wiki.samba.org/index.php/Samba4/beyond has a mention of performing Single Sign-On through Apache. Other clients like Evolution and Outlook should *JUST WORK*. Provided your SMTP IMAP server supports Kerberos - which I believe they all do. -- Adam Tauno Williams GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Basic questions regarding Samba capabilities
On Fri, 2012-05-25 at 09:49 -0500, Jason Voorhees wrote: On Mon, May 21, 2012 at 8:01 AM, Daniel Müller muel...@tropenklinik.de wrote: IN a such great environment like yours I would suggest having several PDCs in replication mode. Is this possible to implement with Samba 3.x? Yes, *painfully*. Use Samba4 and create an Active Directory domain. It is *much* smoother, less work, and more feature complete. Not to mention that Samba3/NT4 domains support is in support twilight; is is very much time to move on. -- Adam Tauno Williams GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Posted this question once already -- no response. Password expiry problem
On Tue, 2013-01-15 at 17:53 +, ray klassen wrote: Solved this problem gentle rant This is precisely the sort of question that should be answerable on this list. as no one run into this before? I've brought it up twice here and several times on the irc channel with no response, but the solution was simple enough /gentle rant anyway here it is. So that it goes in the mailing list and others can find it. /etc/smbldap-tools/smbldap.conf includes a line that says defaultMaxPasswordAge=45 FYI, I've never used smbldap-tools. This affects the sambaPwdMustChange date stamp attribute in the ldap user record at the time smbldap-passwd is run. sambaPwdMustChange appears to trump the user X flag and the maximum password age system policy Maybe that's the nature of the samba 3.x beast. Yes, that matches my recollection [I could be wrong]. The password policy just controlled the calculation of sambaPwdMustChange. I recall just going in sometimes and manually setting sambaPwdMustChange to some value like 12 in order to force a user to change there password on their next logon, and moving the value way up to avoid expiration. The precedent of one value over the other was never expressly documented AFAIK. I *assumed*, and it seemed to be true, that the more specific value [sambaPwdMustChange] would win. Maybe it has to be that way if you are using LDAP. Now that Samba 4 is out probably no one will want to comment on that. :) I suggest you upgrade yesterday. Samba4 is a much better PDC that Samba3 ever thought about being on the brightest most optimistic spring day. -- Adam Tauno Williams GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] fail-over, redundancy, bdc, multi-dc-domain
On Tue, 2013-01-22 at 10:53 -0800, Gregory Sloop wrote: I'm aware of, at least generally, how one would have done a BDC/Redundant server under OpenLDAP Samba3. However, rolling your own multi-domain-controller was fairly daunting [for me] under Samba3 / OpenLDAP. Yea... that is an understatement. Replication... OpenLDAP... shivers/. It was rough, and then they switched to cn=config. Never bothered to make a single administrative tool worth @^@*@ and that-one-developer harassed and insulted and was a general @*%^@*$ to anyone who tried [including me] - tools are for whimps! [and, you know, people who have stuff to do, those whimps!]. Sad, OpenLDAP is a really great project/product. I've been very interested in Samba4 for the more integrated nature of having LDAP/DNS/Samba all under one roof. [i.e. Fewer places where I can screw it up horribly.] Yep, it does that. Yay! Or you can look at it as one-stop horrible screw up; kill it, and you kill everything. However I'm also interested in how one can handle fail-over. I don't need something totally seamless and big-iron style. A backup box that would need some manual intervention would be fine. So, something like an rsync'd backup box where the shared files/accounts/etc are perhaps an hour out of date, and that would require 15 minutes to bring up as a primary would be an acceptable solution. It does hot-replication of the SAM (at least). In theory it does replication of DNS [if you are using internal DNS] but there might be some bugs there. It doesn't replicate the sysvol [yet], you gotta do that yourself, old-school. That's not to say I wouldn't want something better, but that's kind of the low end of the acceptable scale. It is above your acceptable out-of-the-box. I've done some searches on the list and spent a while looking for examples but I don't easily find any. [Using searches with: samba4 bdc, redundant, backup, etc. There are a ton of very old articles on the list, but almost nothing I could find specifically on Samba4.] Create a DC, add a another DC, done. Move on. Could some kind soul point me either to: 1) Search terms more likely to produce results, or some discussion threads or 2) wiki/how-to's on how to accomplish something i the neighborhood on this subjet? [Option #2 preferred.] The Samba4 wiki! http://wiki.samba.org/index.php/Samba4 And you need to read up on Active Directory. As a note, I'd be glad to help document this/provide a here's what I did and how, provided it's something reasonable for me to apply to the situation I'm referring to - so I'm more than glad to contribute back where I can. Create an account on the wiki. -- Adam Tauno Williams GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba AD DC initial join fails at schema replication
On Thu, 2013-01-17 at 13:57 -0800, Matthieu Patou wrote: On 01/16/2013 06:03 PM, Rican, Joshua T Civ USAF AF ISR Agency NASIC/SCXE wrote: Date: 16Jan2013 Samba Version: 4.0.1 OS Version: RHEL 6.3 Windows OS: Server 2012 Forest/Domain: 2008r2 Warning: Failed to convert schema object CN=ms-DS-Claim-Type,CN=Schema,CN=Configuration,dnsdomain into ldb msg That's a known issue I have a patch for this it was working back in October and it's in my todo to restest it, ping me in a couple of days, for the moment you need not to have Windows 2012 schema. That is to say never join a Windows 2012 server to your domain. Do you mean (a) Do not join a Windows 2012 Server to the domain or (b) do not join a Windows 2012 Server as a Domain Controller in the domain? -- Adam Tauno Williams GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Can a Samba4 DC join an extant Windows domain?
Quoting Ken D'Ambrosio k...@jots.org: The subject pretty much says it all. This has been the holy grail for some friends and me, and we'd love to incorporate it into our environment... if it can join the domain as a DC. Can it? Yes. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] DNS updates working Windows only
Quoting Robert Moggach r...@dashing.tv: I'm using BIND9_FLATFILE and able to join windows machines and have DNS updates working but Linux machines join with DNS update errors. Is there additional configuration necessary on Linux for the machines' NICs to be seen as valid? We are using Samba 4.0.0 AD DC and the internal DNS - we see the same issue. When LINUX / Samba boxes are joined to the domain there is a DNS error and the record is not published. Windows clients join the domain without an issue. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 Key Management Server; DNS Failure To Register
I have Microsoft Key Management server on a Windows 2003 server - joined to my new Samba4 AD domain. But the KMS is not available. In the event log it says: Event Type: Error Event Source: Software Licensing Service Event Category: None Event ID: 12293 Date: 1/4/2013 Time: 3:05:38 PM User: N/A Computer: IPECACA Description: Publishing the Key Management Service (KMS) to DNS in the 'micore.us' domain failed. Info: hr=0x80072338 Our Samba4 DC is using the Internal DNS. -- Adam Tauno Williams GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 classicupgrade to Samba AD
On Fri, 2013-01-04 at 12:28 -0700, Max Olivas wrote: Hey All, I have a Samba 3 PDC (Debian, Samba version 3.5.6 with NIS groups and no winbind) with about 300 users, 200 client PC's, 15 member servers(mixed Windows Server 2003/2008 and Samba 3), and I'm attempting the classicupgrade to Samba AD. To test I've created a new Ubuntu 12.04 LTS and followed the HOWTO, successfully creating a blank Samba AD and testing adding users/PC's and connecting with Windows AD tools. I then attempted the classicupgrade (rolled VM back and copied .tdb files and smb.conf from current PDC) but I'm getting several errors. Importing groups Importing users Failed to create user record CN=watersan ,CN=Computers,DC=northglenn,DC=org: Entry CN=watersan,CN=Computers,DC=northglenn,DC=org already exists ERROR(class 'passdb.error'): uncaught exception - Unable to add sam account 'watersan $', (-1073741725,User exists) Hopefully someone sees something that Im doing blatently wrong and can point out my mistake. Thanks in advance for any help! I'd wager the error message is exact and meaningful - you have a duplicate sambaSID in your LDAPSAM. Also the machine account watersan $ contains a space. That seems odd. I had several of these inconsistencies in my old LDAPSAM that I needed to correct before the upgrade completed. -- Adam Tauno Williams GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Migrate samba3.5 classic domain to Windows2008R2
On Thu, 2012-12-20 at 14:06 -0600, Hoover, Tony wrote: Most of the documentation I have found on the subject is several years old and involves creating a new domain and then migrating users/workstations from the classic domain to the new AD. I'd prefer to not create another domain. AFAIK, Microsoft no longer provides any means to upgrade from an NT domain. All the tools are deprecated, and they don't like to run on current servers. At least that is what I found. I have ~150 users workstations, 30 domain groups, 5 local groups, and an interdomain trust (to a 2003AD) to allow some administrative users access to some academic resources. What is the simplest/cleanest method to accomplish the migration? What precautions do I need to take to make sure I can get back to the current setup if migration experiments fail? It is actually pretty simple. (a) Provision a LINUX host (b) Install Samba4 (c) Perform and Samba3 - Samba4 domain upgrade. This will migrate you data from the Samba3 NT domain to an Active Directory domain. (d) Promote a Windows 2008 server to be a DC (e) Demote the Samba4 as DC You are now on Active Directory with a Windows 2008 DC. You'll have to recreate your trust accounts, I assume. -- Adam Tauno Williams GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] difference between version 3.x and version 4
On Wed, 2012-12-19 at 08:38 +, Nirmit Kansal wrote: Actually I am working on a project in which we are migrating from 3.x to 4, so Please tell me the difference in versions See the WHATSNEW file for configuration parameters added, changed, or removed. v3 and v4 are quite different. and also give me information that how we can use active directory of 4.0 effectively as we are having CIFS and Kerberos feature in 3.x, And how this active directory can be helpful in our implementation. That depends on a lot of things; and isn't really Samba specific. But: (a) Kerberos is good (b) Using a directory services centric approach is good (c) Policies are good (d) Integrated DNS is good It is a lot to learn, but Active Directory is in every possible way a superior solution than NT4 Domains. And I am also having a question as we are using 3.x so only because of active directory in 4.0 we should migrate from 3.x to 4.0 or is it having some more additional features that can be useful in future. Please reply as soon as possible. If you want to be an Active Directory domain controller you must be version 4. If you just want to be a file/print server [even as a *member* of an Active Directory domain] then stick with version 3. ~~Disclaimer~ Information contained and transmitted by this e-mail is confidential and proprietary If possible please discontinue the use of the silly legal signature. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 Domain UP, but no roaming profiles
On Tue, 2012-12-18 at 02:45 +1100, Stephen Jones wrote: The problem is your smb.conf [profiles]. The only options you need are the path and read only = no. Control access from Windows with an ACL applied to the profiles share security properties rather than forcing permissions from Samba. S4 is different from S3. I'm not sure if those mask options work in S4 but, if they do, those values will deny all access set through extended ACLs because those are applied through the group class. Fix smb.conf Ok, did that. Anyway, for whatever reason roaming profiles started worked. Even before I make this change. and start with an empty profiles directory Totally and completely not an option. This is a migrated domain with existing profiles. root:root. getfacl will show you the Posix ACLs created from Windows. From Windows ADUC add the roaming profiles path to the user's profile. They already have this attribute by virtue of the migration. The existence of the attribute has been verified. Tip: There is a GPO setting under computer-policies-templates-system-user profiles to add the administrators group to roaming profiles. This is a good idea, otherwise administrators cannot browse the profile folders. Cool, I'll take a look on that. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] SAMBA4: Caching enabled on roaming profile share; cannot disable.
After logging in the Windows Event Log records the following: Windows has detected that Offline Caching is enabled on the Roaming Profile share - to avoid potential profile corruption, Offline Caching must be disabled on shares where roaming user profiles are stored. But navigating to the share via Computer Management - System Tools - Shares - Profiles - Properties - Caching - Unchecking Allow caching of files in this shared folder only results in an Changes cannot be saved. Access is denied dialog box when the changes are applied. -- Adam Tauno Williams GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] static only wins server
On Tue, 2012-12-18 at 15:14 -0500, Chris Smith wrote: On Tue, Dec 18, 2012 at 2:08 PM, Gaiseric Vandal gaiseric.van...@gmail.com wrote: If your windows clients use login scripts to map drives, then they don't need WINS at all, since they resolve hosts via DNS. I think that WINS is necessary for the clients to find the Domain Controller. ??? With Active Directory I'm pretty sure that happens via a DNS query (or series of them). However, if a client isn't using wins it will still use netbios browser to locate resource on the network.I am not sure if you can totally defeat this by pointing the windows clients to an inactive WINS server. I want the WINS server to be active - just read only. Clients will receive P-Node instructions (WINS only) from the DHCP server. If you don't have file and print sharing enable on the windows client that should prevent them from showing up a netbios resources. Many of the client systems will not be under management control. -- Adam Tauno Williams GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] S4 AD Domain Up; but lots of NTLMSSP NTLM2 errors
samba-4.0.0 x86_64, CentOS6.3 My Samba4 / AD is up and running after migrating this weekend. Testing looked good and the domain *is working* but there are some issues. My log.samba file is full of the following; I'm not certain of the significance of these. [2012/12/17 05:59:09, 0] ../auth/ntlmssp/ntlmssp_sign.c:236(ntlmssp_check_packet) NTLMSSP NTLM2 packet check failed due to invalid signature! [2012/12/17 06:35:30, 0] ../auth/ntlmssp/ntlmssp_sign.c:236(ntlmssp_check_packet) NTLMSSP NTLM2 packet check failed due to invalid signature! [2012/12/17 06:55:58, 0] ../auth/ntlmssp/ntlmssp_sign.c:236(ntlmssp_check_packet) NTLMSSP NTLM2 packet check failed due to invalid signature! [2012/12/17 06:59:10, 0] ../auth/ntlmssp/ntlmssp_sign.c:236(ntlmssp_check_packet) NTLMSSP NTLM2 packet check failed due to invalid signature! [2012/12/17 07:44:14, 0] ../auth/ntlmssp/ntlmssp_sign.c:236(ntlmssp_check_packet) NTLMSSP NTLM2 packet check failed due to invalid signature! [2012/12/17 07:58:31, 0] ../auth/ntlmssp/ntlmssp_sign.c:236(ntlmssp_check_packet) NTLMSSP NTLM2 packet check failed due to invalid signature! [2012/12/17 08:10:11, 0] ../source4/rpc_server/drsuapi/writespn.c:237(dcesrv_drsuapi_DsWriteAccountSpn) Failed to modify SPNs on CN=pc02541,OU=Industries Workstations,DC=micore,DC=us: error in module acl: Constraint violation (19) [2012/12/17 08:26:00, 0] ../auth/ntlmssp/ntlmssp_sign.c:236(ntlmssp_check_packet) NTLMSSP NTLM2 packet check failed due to invalid signature! [2012/12/17 08:37:30, 0] ../auth/ntlmssp/ntlmssp_sign.c:236(ntlmssp_check_packet) NTLMSSP NTLM2 packet check failed due to invalid signature! [2012/12/17 08:41:42, 0] ../auth/ntlmssp/ntlmssp_sign.c:236(ntlmssp_check_packet) NTLMSSP NTLM2 packet check failed due to invalid signature! [2012/12/17 09:15:32, 0] ../source4/rpc_server/drsuapi/writespn.c:237(dcesrv_drsuapi_DsWriteAccountSpn) Failed to modify SPNs on CN=pc02541,OU=Industries Workstations,DC=micore,DC=us: error in module acl: Constraint violation (19) [2012/12/17 09:24:47, 0] ../source4/rpc_server/drsuapi/writespn.c:237(dcesrv_drsuapi_DsWriteAccountSpn) Failed to modify SPNs on CN=chrisxpprovm,OU=Industries Workstations,DC=micore,DC=us: error in module acl: Constraint violation (19) -- Adam Tauno Williams GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] S4 AD Domain Up; but no DNS auto-registration
samba-4.0.0 x86_64, CentOS6.3 My Samba4 / AD is up and running after migrating this weekend. Testing looked good and the domain *is working* but there are some issues. Automatic DNS update is not working. Workstations seem to be registering their names but joining a server to the domain works but fails with a error - and the DNS record is *not* added. [root@crew etc]# net ads join -U Administrator Enter Administrator's password: Using short domain name -- BACKBONE Joined 'CREW' to realm 'micore.us' DNS update failed! -- Adam Tauno Williams GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 - Windows 200x DNS Migration
On Thu, 2012-12-13 at 15:58 -0500, Gaiseric Vandal wrote: Windows 200x AD DC's do not require that the DNS master is on a WIn 2003 AD server. You need a BIND9 compatible server with dynamic updates preferably enabled. If dynamic updates are not enabled then when a Windows machine joins the DC it will dump out DNS records that need to be added to the DNS master. As long as the Samba4 DNS server support dynamic updates it should work fine for supporting other domains No, my question was about adding a Windows 200x DNS server to the mix. If the DNS records registered on the Samba DNS server will replicate / transfer. From other reading it appears that this *should* happen, so I believe I have answered my question. On 12/13/12 13:56, Adam Tauno Williams wrote: Has anyone been able to migrate DNS from a Samba4 DC to a Windows 200x server? I've looked around the wiki, etc... and haven't found any pertaining to moving DNS between platforms. -- Adam Tauno Williams GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4: Upload an Administrative Policy Template?
We'd like to add an adm (administrative template) to our Samba4 server. I see where the .adm files are in the filesystem - /opt/s4/var/locks/sysvol/micore.us/Policies/{ED429C7D-156A-4F75-B21D-92DB8E10ACAB}/Adm/conf.adm - but how can I add a new ADM file? The ADM file in question allows the controlling of IE Favorites and a few other items on XP (not available in the default templates for XP). We previously did this via ugly old POLEDIT. -- Adam Tauno Williams GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] S4 AD Domain Up; but no DNS auto-registration
On Tue, 2012-12-18 at 08:27 +1100, Andrew Bartlett wrote: On Mon, 2012-12-17 at 09:36 -0500, Adam Tauno Williams wrote: samba-4.0.0 x86_64, CentOS6.3 My Samba4 / AD is up and running after migrating this weekend. Testing looked good and the domain *is working* but there are some issues. Automatic DNS update is not working. Workstations seem to be registering their names but joining a server to the domain works but fails with a error - and the DNS record is *not* added. [root@crew etc]# net ads join -U Administrator Enter Administrator's password: Using short domain name -- BACKBONE Joined 'CREW' to realm 'micore.us' DNS update failed! When using the BIND server, but not the internal DNS server, this happens for Samba clients only. We have modified the Samba client in 4.0 to also work with BIND, and we need to get back to the BIND folks about the issue. But I am using the internal Samba DNS server, not Bind. -- Adam Tauno Williams GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4: Upload an Administrative Policy Template?
On Mon, 2012-12-17 at 14:40 -0500, Adam Tauno Williams wrote: We'd like to add an adm (administrative template) to our Samba4 server. I see where the .adm files are in the filesystem - /opt/s4/var/locks/sysvol/micore.us/Policies/{ED429C7D-156A-4F75-B21D-92DB8E10ACAB}/Adm/conf.adm - but how can I add a new ADM file? The ADM file in question allows the controlling of IE Favorites and a few other items on XP (not available in the default templates for XP). We previously did this via ugly old POLEDIT. Never mind, it works now. :) The ADM template file was broken somehow, another copy loaded and applied without issues. ./var/locks/sysvol/micore.us/Policies/{ED429C7D-156A-4F75-B21D-92DB8E10ACAB}/Adm/system.adm ./var/locks/sysvol/micore.us/Policies/{ED429C7D-156A-4F75-B21D-92DB8E10ACAB}/Adm/wmplayer.adm ./var/locks/sysvol/micore.us/Policies/{ED429C7D-156A-4F75-B21D-92DB8E10ACAB}/Adm/ie_favorites_location.adm ./var/locks/sysvol/micore.us/Policies/{ED429C7D-156A-4F75-B21D-92DB8E10ACAB}/Adm/inetres.adm ./var/locks/sysvol/micore.us/Policies/{ED429C7D-156A-4F75-B21D-92DB8E10ACAB}/Adm/wuau.adm Awesome. I'm really impressed with how slick this works, way better than the RC4! :) -- Adam Tauno Williams GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4: wins hook wins support ???
Does wins support and wins hook still work on Samba4? I hjave wins support enables [set to yes] and a wins hook script, but it never seems to be getting fired. -- Adam Tauno Williams GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 Domain UP, but no roaming profiles
I've performed a *successful* domain migration from S3/LDAPSAM to S4.0.0. Yay! I can browse and connect to the server from a workstation [logged in as a local account]. DNS looks good. kinit klist work. I was able to *add* a workstation to the domain. But I can't get roaming profiles to work. On the server the roaming profile looks like - [profiles] path = /opt/s4/var/profiles read only = No profile acls = Yes writeable = yes create mask = 0600 directory mask = 0700 -- Adam Tauno Williams GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba_dnsupdate --verbose --all-names with internal DNS?
Using the internal / default DNS server should the command samba_dnsupdate --verbose --all-names work? Looking at the wiki this appears to be part of step#9, but I not sure the test shouldn't succeed. $ samba_dnsupdate --verbose --all-names ... ; TSIG error with server: tsig verify failure Failed nsupdate: 2 Calling nsupdate for SRV _gc._tcp.default-first-site-name._sites.micore.us barbel.micore.us 3268 Outgoing update query: ;; -HEADER- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: _gc._tcp.default-first-site-name._sites.micore.us. 900 IN SRV 0 100 3268 barbel.micore.us. ; TSIG error with server: tsig verify failure Failed nsupdate: 2 Failed update of 21 entries -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 - Windows 200x DNS Migration
Has anyone been able to migrate DNS from a Samba4 DC to a Windows 200x server? I've looked around the wiki, etc... and haven't found any pertaining to moving DNS between platforms. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba3+OpenLDAP - Samba4 implications.
On Wed, 2012-06-13 at 18:33 +1000, Alex Ferrara wrote: Hi everyone, I might be going over old stuff, and if so, I apologise. I administer a network that uses Samba 3 with an OpenLDAP backend for domain logons, printing and file sharing. I am interested in moving to Samba4 for the domain control side of things, but the twist is that I have many other things relying on OpenLDAP for authentication and configuration, with several custom schemas. Is there a samba4 schema for OpenLDAP or is there a migration path for networks like mine? There is an upgrade path; the proceedure for doing upgrade provisioning is on the Samba4 wiki. At this point it works pretty well. signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] See logged in users or workstations?
On Fri, 2012-03-09 at 11:58 +0100, Daniel Hedblom wrote: Run a large network on Samba4 and so far, working great. What i do miss is a way to see how many computers or users are logged into the servers. So, is there any way to get a list or number of logged on users/workstations on Samba4 running on Linux? If you connect to the S4 server with Computer Management do you not see them listed? -- System Network Administrator [ LPI NCLA ] http://www.whitemiceconsulting.com OpenGroupware Developer http://www.opengroupware.us Adam Tauno Williams -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Change password (like smbpasswd) from Windows?
On Wed, 2012-03-07 at 00:25 -0800, Jack Bates wrote: From Linux I can use smbpasswd -r 192.168.1.123 -U jack to change the password I use to map network drives. How can I do the same from Windows I configured a Samba share that several folks connect to from their personal (Windows) laptops. They want to be able to change the passwords they use to connect to this share Assuming: since you say personal laptops that these machines are *not* members of a domain and thus are participating in a workgroup [however adhoc that workgroup may be] I'm not aware of any way to change an account/share password from a Windows client when operating in workgroup mode; this is regardless of if the server is Samba or Windows. signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Kerberos password annoyance
On Wed, 2012-03-07 at 16:03 +0100, steve wrote: Samba4 How can I change this: http://db.tt/9mV49vvV So that it warns me say, 4 days before. Instead of every time I login? This is a domain policy setting. I always thought the default was 14 days, but maybe it changed. You can set it the same way you set any other policy. -- System Network Administrator [ LPI NCLA ] http://www.whitemiceconsulting.com OpenGroupware Developer http://www.opengroupware.us Adam Tauno Williams -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Anything like nss_updatedb for ldapsam account information backend?
On Tue, 2012-02-28 at 00:31 -0800, Jack Bates wrote: Is there anything like nss_updatedb [1] for ldapsam account information backend? nss_updatedb caches unix account information, so it is available even when the LDAP directory isn't available But ldapsam stores additional account information. How can I cache this additional account information, so it is also available even when the LDAP directory isn't available? I don't believe this is possible; and a DC always requires write access to the backend, so it probably just isn't feasible. You can configure a local slapd an use OpenLDAP's very fine replication technology to just have a DSA on every DC; which is pretty much what multiple PDC/BDCs would have accomplished in a pure Microsoft solution. [1] http://www.padl.com/OSS/nss_updatedb.html signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba domain member server using only nss ldap
On Sat, 2012-02-25 at 19:49 +0100, steve wrote: one little problem. When I execute ls -la in the directory there is a delay about 1-2 seconds. Is it normal? nscd deamon solves this problem, there is no delay. Is there any solution without using nscd? nss-ldapd with nslcd. Much quicker mappings. http://arthurdejong.org/nss-pam-ldapd/ +1 Use nslcd, not nscd. It also reduces the number of separate connections to the DSA. signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] openldap integration failed after power cut
On Mon, 2012-02-20 at 12:13 +, Fergus Clarke wrote: running ldapsearch -x on the primary LDAP server fails, it gives [root@servername ~]# ldapsearch -x ldap_bind: Can't contact LDAP server (-1) And yet on that server the Zimbra instance appears to be fine. Can you suggest any further diagnosis of the LDAP on that server, or action I might take? Yes, research the problem. On the DSA [LDAP server] is the slapd server listening on the expected port? netstat --listen --tcp --program Given the contents of /etc/openldap/ldap.conf [or wherever your client LDAP config is] - does the hostname specified there resolve? Is the port specified the same the server is listening on? Can you telnet hostname port-number from the client and get a connection? All this is just standard debugging steps. signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to Force Domain Clients to use new PDC
On Mon, 2012-02-20 at 08:38 +0100, Daniel Müller wrote: If you have setup a new domain. You need to rejoin all clients to that domain? Yes. It is a new domain. Creating a new domain isn't the same as adding a new / additional DC to an existing domain [Samba doesn't really do PDC/BDC but multiple-PDC]. A domain is identified by it's SID which is 'randomly' generated. If your 'new' domain has a different SID the clients will view it as a different domain. -- System Network Administrator [ LPI NCLA ] http://www.whitemiceconsulting.com OpenGroupware Developer http://www.opengroupware.us Adam Tauno Williams -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba LDAP passthrough authentication to another openLDAP
On Thu, 2012-02-16 at 21:10 +0800, Fajar Priyanto wrote: Hi all, I have a setup like this. Pls let me know if it's possible or not. SAMBA + Local LDAP --- SASLAUTHD -- Global LDAP No. Samba uses the sambaNTPassword attribute in it's LDAP schema which is a crypt of the password. You may be able to get plain-text authentication to work but only by adjusting Samba *and* hacking the registry on every client. Desc: I'd like to do Samba authentication to LDAP, passthrough to another LDAP using SASL. The current situation is: SSH authentication from LDAP user to that Samba box works. That doesn't involve Samba unless you are using Kerberos or something like pam_winbind / pam_smbpasswd [I don't even know which if any of those are currently 'active']. However, smb authentication doesn't work (yet). This is what's shown in syslog when doing Samba authentication: Feb 16 20:47:05 sglabldap slapd[1393]: = access_allowed: read access to uid=fajar,ou=people,dc=example,dc=com userPassword requested Looks like pam_ldap authentication to me. There may be a way to proxy authentication via LDAP [there are jillions of things you can do with LDAP] but I doubt involving saslauthd [plain text authentication] is going to work very well. -- System Network Administrator [ LPI NCLA ] http://www.whitemiceconsulting.com OpenGroupware Developer http://www.opengroupware.us Adam Tauno Williams -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] About SAMBA Configuration
On Sun, 2012-02-12 at 16:32 +0545, Uttam Shrestha Rana wrote: I am in need of help on configuring SAMBA Server: requirement as - Two SAMBA user: *one user* should have *read, write* access to SAMBA server share directory but *not delete, modify* the files uploaded on share directory *files size limited to 300K* where as *another user* should have only *read access* to same SAMBA server share directory. Please help me if it is possible to be configured or if any alternate things can be approximately matches this scenario. It will be great support for you like experts. This is certainly possible; everything required is included in the standard documentation. Check out the valid users and write list defaults. You should also be able to modify share permissions with cacls or other Windows tools. -- System Network Administrator [ LPI NCLA ] http://www.whitemiceconsulting.com OpenGroupware Developer http://www.opengroupware.us Adam Tauno Williams -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba, ldap, password complexity, cracklib - questions
On Thu, 2012-02-02 at 15:00 +0100, Götz Reinicke wrote: --ms020400080806080209020400 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: quoted-printable Hallo, we run a Redhat samba 3.5.4 PDC with openldap 2.4 as user/passwordbackend. The ldap also contains the posix information for the users to login to some web/mail/etc. servers. I'm faced with the task to implement a 'both worlds' compatible paswword sync process regarding complexity etc. For the posix account password we use a webfrontend, configure to use pam/cracklib checks which works fine. E.g. 'hello' is NOT allowed as password :-) Checking the password change from a windows 7 / XP notebook reveals, that there is not such a complexity check used. E.g. 'hello' IS allowed as a users password. :-( Password syncing (posix - windows) works. That means changing from the web or windows changes both ldap entries. My question: can someone point me to some docs or can someone explain how I can use (the same/a) camplexity check when changing passwords from windows? check password script = /usr/local/sbin/crackcheck -c -s Not sure where I got crackcheck from; it is a compiled binary. -- System Network Administrator [ LPI NCLA ] http://www.whitemiceconsulting.com OpenGroupware Developer http://www.opengroupware.us Adam Tauno Williams -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Internal DNS server question [Was: Great LWN Samba article !]
On Wed, 2012-01-18 at 08:51 +0100, Daniel Müller wrote: In this article there is told about an internal dns server for samba4. Is there a version of samba4 out where I can test it. Will this internal DNS server replicate to/from an MS-AD DNS server? -- System Network Administrator [ LPI NCLA ] http://www.whitemiceconsulting.com OpenGroupware Developer http://www.opengroupware.us Adam Tauno Williams signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] RFC2307 Samba4 [Was: Linux users and Samba 4]
On Fri, 2012-01-13 at 02:51 +0100, steve wrote: On 12/01/12 23:02, Adam Tauno Williams wrote: Quoting steve st...@steve-ss.com: Samba4's winbind does not support RFC2307, so doing this is pretty rough. I think you need to either use CIFS + winbind everywhere or somehow maintain an external idmap. Yea, it is horrible. We are staring down the barrell of the same gun. As Jeremy said, they are discussing what needs to be done before releasing Samba 4.0.0 and how to reconcile Samba 3's winbind and Samba 4's winbind etc., so if something that is critical for you does not currently work, you should file a bug report. Yep. I realise the 'alphaness' of Samba 4 but I think I am not alone with my issue. I think I should be easy to fix now before it goes beta. https://bugzilla.samba.org/show_bug.cgi?id=8635 Holy awesome; it got better. I just tested an upgrade of our production domain and it appears that Samba4 took [and kept] the UID number from the existing account. Production - [root@littleboy ~]# id adam uid=437(adam) gid=230(cis) groups=230(cis) Test Server barbel:~ # wbinfo -i adam BACKBONE\adam:*:437:100:Adam Williams:/home/BACKBONE/adam:/bin/false Home directory is a bit wierd, and the gidNumber didn't stick. But at least I have the uidNumber. 4.0.0alpha18-GIT-103c1cb [openSUSE 12.1 x86_64] transitioned via samba-tool domain samba3upgrade from Samba S3w/LDAPSAM. Nice find you have there. Meanwhile I've got it working. Very rough. But working for 10 hour Kerberos sessions at a time;) http://linuxcostablanca.blogspot.com/2011/12/samba-4-linux-integration-first-i-want.html Steve What I'm puzzled by [and maybe this is a deficiency in Samba4 still] is that while the LDAP modify works the wbinfo output doesn't change. dn: CN=adam,CN=Users,DC=micore,DC=us changetype: modify add: objectclass objectclass: posixaccount - add: objectclass objectclass: shadowaccount - add: uidnumber uidnumber: 437 - add: gidnumber gidnumber: 230 - add:unixhomedirectory unixhomedirectory: /home/adam - add: loginshell loginshell: /bin/ksh barbel:~ # wbinfo -i adam BACKBONE\adam:*:437:100:Adam Williams:/home/BACKBONE/adam:/bin/false So obviously the gidNumber attribute is ignored. The uidNumber attribute didn't exist in the object - so that is obviously coming from elsewhere. Guess I need to dig into winbind. I'm currently *assuming* that these attributes are compatible with SFU for Windows and that they'd replicate to a Windows AD server. -- Adam Tauno Williams awill...@whitemice.org LPIC-1, Novell CLA http://www.whitemiceconsulting.com OpenGroupware, Cyrus IMAPd, Postfix, OpenLDAP, Samba signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] RFC2307 Samba4 [Was: Linux users and Samba 4]
On Fri, 2012-01-13 at 10:32 -0500, Adam Tauno Williams wrote: On Fri, 2012-01-13 at 02:51 +0100, steve wrote: On 12/01/12 23:02, Adam Tauno Williams wrote: Quoting steve st...@steve-ss.com: Samba4's winbind does not support RFC2307, so doing this is pretty rough. I think you need to either use CIFS + winbind everywhere or somehow maintain an external idmap. Yea, it is horrible. We are staring down the barrell of the same gun. As Jeremy said, they are discussing what needs to be done before releasing Samba 4.0.0 and how to reconcile Samba 3's winbind and Samba 4's winbind etc., so if something that is critical for you does not currently work, you should file a bug report. Yep. I realise the 'alphaness' of Samba 4 but I think I am not alone with my issue. I think I should be easy to fix now before it goes beta. https://bugzilla.samba.org/show_bug.cgi?id=8635 Holy awesome; it got better. I just tested an upgrade of our production domain and it appears that Samba4 took [and kept] the UID number from the existing account. Production - [root@littleboy ~]# id adam uid=437(adam) gid=230(cis) groups=230(cis) Test Server barbel:~ # wbinfo -i adam BACKBONE\adam:*:437:100:Adam Williams:/home/BACKBONE/adam:/bin/false Home directory is a bit wierd, and the gidNumber didn't stick. But at least I have the uidNumber. 4.0.0alpha18-GIT-103c1cb [openSUSE 12.1 x86_64] transitioned via samba-tool domain samba3upgrade from Samba S3w/LDAPSAM. Nice find you have there. Meanwhile I've got it working. Very rough. But working for 10 hour Kerberos sessions at a time;) http://linuxcostablanca.blogspot.com/2011/12/samba-4-linux-integration-first-i-want.html Steve What I'm puzzled by [and maybe this is a deficiency in Samba4 still] is that while the LDAP modify works the wbinfo output doesn't change. dn: CN=adam,CN=Users,DC=micore,DC=us changetype: modify add: objectclass objectclass: posixaccount - add: objectclass objectclass: shadowaccount - add: uidnumber uidnumber: 437 - add: gidnumber gidnumber: 230 - add:unixhomedirectory unixhomedirectory: /home/adam - add: loginshell loginshell: /bin/ksh barbel:~ # wbinfo -i adam BACKBONE\adam:*:437:100:Adam Williams:/home/BACKBONE/adam:/bin/false I am able to get my home-directory path back to the previous value [ based on the useful information from this link - https://lists.samba.org/archive/samba/2010-May/156051.html ] Setting: template homedir = /home/%ACCOUNTNAME% The old %U type variables aren't supported. But the above results in the same thing - barbel:/opt/s4 # wbinfo -i adam BACKBONE\adam:*:437:100:Adam Williams:/home/adam:/bin/false I found a list of Windows environment variables here http://vlaurie.com/computers2/Articles/environment.htm According the old 2010 thread these are now expanded on the client side in Microsoft fashion rather than expanded on the serve [in the config backend??]. -- System Network Administrator [ LPI NCLA ] http://www.whitemiceconsulting.com OpenGroupware Developer http://www.opengroupware.us Adam Tauno Williams -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba-tool samba3upgrade question
Quoting Deyan Stoykov dstoy...@uni-ruse.bg: I'm looking into using this tool for migration to samba4, however I'm unable to determine if it requires any intervention on the domain members like ADMT does? After looking into the source code I see that the domain SID remains the same. Does this mean that the members (WinXP 7) will continue to function properly? Theoretically, yes. But be careful, once they find the Active Directory domain they can't be made to go back to the old domain model / controller. So TEST TEST TEST. Will they start using AD membership functionality such as Group policies and kerberos automatically? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Linux users and Samba 4
Quoting steve st...@steve-ss.com: Samba4's winbind does not support RFC2307, so doing this is pretty rough. I think you need to either use CIFS + winbind everywhere or somehow maintain an external idmap. Yea, it is horrible. We are staring down the barrell of the same gun. As Jeremy said, they are discussing what needs to be done before releasing Samba 4.0.0 and how to reconcile Samba 3's winbind and Samba 4's winbind etc., so if something that is critical for you does not currently work, you should file a bug report. Yep. I realise the 'alphaness' of Samba 4 but I think I am not alone with my issue. I think I should be easy to fix now before it goes beta. https://bugzilla.samba.org/show_bug.cgi?id=8635 Holy awesome; it got better. I just tested an upgrade of our production domain and it appears that Samba4 took [and kept] the UID number from the existing account. Production - [root@littleboy ~]# id adam uid=437(adam) gid=230(cis) groups=230(cis) Test Server barbel:~ # wbinfo -i adam BACKBONE\adam:*:437:100:Adam Williams:/home/BACKBONE/adam:/bin/false Home directory is a bit wierd, and the gidNumber didn't stick. But at least I have the uidNumber. 4.0.0alpha18-GIT-103c1cb [openSUSE 12.1 x86_64] transitioned via samba-tool domain samba3upgrade from Samba S3w/LDAPSAM. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Can Samba + (OpenLDAP Kerberos) completely replace ActiveDirectory?
On Mon, 2012-01-09 at 10:47 -0500, mikel king wrote: I am sure this pops up on the list ever once in a while. I have inherited a LAN that have a large amount of Mac OS X, FreeBSD, Linux and of course because bean counters have to use financial apps that only run on Windows. My long term goal is to install some sort of central management system and really feel that AD is not in my best interest considering that 90% of the 300+ computers are not Windows based. Unfortunately the 20 or so Windows machines are running mostly Win7 and there are some 2k8r2 servers in the mix somewhere. Does anyone know of any good how-to, best practices/guidelines sites or documents? Thoughts? Suggestions? Well, for the question in subject - Can Samba + (OpenLDAP Kerberos) completely replace ActiveDirectory? Emphatically - NO. At least if your using Samba3. Use Samba4 and you get Active Directory for free. -- System Network Administrator [ LPI NCLA ] http://www.whitemiceconsulting.com OpenGroupware Developer http://www.opengroupware.us Adam Tauno Williams -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] SAMBA4: Changing DC's IP address (Bind 9.8.x) for testing
On Wed, 2011-12-07 at 21:37 +0100, Gémes Géza wrote: 2011-12-07 15:41 keltezéssel, Adam Tauno Williams írta: I upgraded by S3 domain to S4 using the upgrade script. To do that i had to have the S4 test box connected to the production network. Now I want to take it to the test network. But the Bind 9.8.x instance using the DLZ still has the old address... dynamic dns update doesn't work because the tool can't find the KDC because DNS returns the wrong IP address. Can I modify the DNS zone using an ldb tool [ldbmodify]? To change the IP of the DC (the only address in DNS at this point, everything seems to CNAME back to the address). Under the older Bind config I just changed the one or two lines in the text zone file when I moved the VM from production to testing. samba-tool dns is your friend here. Okay, I can change the IP of the host entry for the DC. samba-tool dns update 127.0.0.1 micore.us barbel A 172.16.0.128 192.168.5.2 Works great. But how can I change the name of the root . entry of the domain. That also holds an A record I don't seem to be able to change. samba-tool dns query 127.0.0.1 micore.us @ ALL Password for [administra...@micore.us]: **8 Name=, Records=3, Children=0 SOA: serial=5, refresh=900, retry=600, expire=86400, ns=barbel.micore.us., email=hostmaster.micore.us. (flags=60f0, serial=5, ttl=3600) NS: barbel.micore.us. (flags=60f0, serial=1, ttl=900) A: 192.168.231.132 (flags=60f0, serial=1, ttl=900) Name=_msdcs, Records=0, Children=0 Name=_sites, Records=0, Children=1 Name=_tcp, Records=0, Children=4 Name=_udp, Records=0, Children=2 Name=barbel, Records=1, Children=0 A: 192.168.5.2 (flags=f0, serial=3, ttl=900) Name=DomainDnsZones, Records=0, Children=2 Name=ForestDnsZones, Records=0, Children=2 But what is the value for name in samba-tool dns update 127.0.0.1 micore.us name A 192.168.231.132 192.168.5.2 in order to modify that entry. I've tried , ., @ none of which map to a record in the LDB, thus yielding - ERROR(runtime): uncaught exception - (9701, 'WERR_DNS_ERROR_RECORD_DOES_NOT_EXIST') -- System Network Administrator [ LPI NCLA ] http://www.whitemiceconsulting.com OpenGroupware Developer http://www.opengroupware.us Adam Tauno Williams -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] sambaPwdMustChange
On Sun, 2011-12-18 at 20:31 -0800, yudi shiddiq wrote: I want to ask something about implementing sambapwdmustchange, my goal is to force user to change password, then i setting on pla(phpldapadmin) on sambaPwdMustChange to 0, but there's no affect to user, what's the problem occure? It works; although you don't need to set it to 0. It is a timestamp, any low value will work. But this setting doesn't mean anything if you haven't defined a password policy for the domain. -- System Network Administrator [ LPI NCLA ] http://www.whitemiceconsulting.com OpenGroupware Developer http://www.opengroupware.us Adam Tauno Williams -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] (no subject)
On Mon, 2011-12-12 at 09:53 +0100, Molo CoC wrote: iam using samba 4 (apt -get - Ubunt 11.04) and did the provision with --ldap-backend-type=openldap . It generates a slapd file and included a modul called: rndval which can not be located. it tryed it again with compiling samba 4 from source, and the same, no module rndval for ldap. The Samba4 LDAP backend no longer works; it hasn't worked for some time and is not longer expected to work. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] sambaMungedDial
On Mon, 2011-12-12 at 11:22 +0100, Alexander Födisch wrote: Hi, does anybody know how to decode/recode sambaMungedDial attribute? I need to store the terminal server profile path in it but can not find any documentation. There are a couple of applications that decode/encode sambaMungedDial. Looking at their source(s) might help. For example http://gosa.sourcearchive.com/documentation/2.5.8/class__sambaMungedDial_8inc-source.html -- System Administrator / OpenGroupware developer: awill...@whitemice.org http://www.whitemiceconsulting.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] PDC file server on same machine?
On Wed, 2011-12-07 at 17:03 -0600, John Heim wrote: How much of a resource hog is a PDC? My understanding is that authentication is done vs a BDC if available. I configured my new file server as the domain PDC because I figured it would already have to run samba. I have two other machines configured as BDCs to serve as logon servers I'm looking for opinions on whether I'm asking for performance problems by making my file server the PDC. Actually, this machine is already serving as PDC but its not in production yet as a file server. So right now, its just the domain PDC. When I log into the domain and echo %logonserver%, it shows that one of the BDCs was the logon server, not the PDC. It doesn't look like the PDC has to do anything but handle joining machines to the domain. There really isn't an answer for your question. The load implied by being a DC depends on the number of clients and how heavily they are used. If you have only a hundred or so clients, in my experience, the load is pretty mild [for modern hardware/networks]. With Samba3 domain control there isn't really a BDC/PDC distinction. Every box is a PDC that operates in parallel with the other DCs. That is a bit different than a true NT4 domain. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] PDC file server on same machine?
On Thu, 2011-12-08 at 08:36 -0500, Aaron E. wrote: I have a s3.4 pdc with a bdc,, pdc is serving around 80 users on terminal services and another 50 fat clients,,, acts as the file server.. roaming profiles etc... I have no issues other than the network card only being 100mb,, I do have a throughput issues.. but that is on the table.. Our PDC is a virtual machine. It search ~200 desktops and ~300 users. That includes roaming profiles, netlogin, and some redirected folers [some folders in the roaming profile are redirected to shares on the server]. Backend is LDAPSAM. Load is very low [with current-ish version of OpenLDAP - slapd used to burn much more juice than it does now]. Actual file-serving traffic burns up network bandwidth; but CPU and memory requirements are surprisingly low. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Configure samba to not look for domain master browser
On Tue, 2011-12-06 at 17:26 +0200, Timothy Madden wrote: On my network there is no domain master browser, and my nmbd is spamming my /var/log/messages file with messages that it cound not find one. Can I configure nmbd not to look for the domain master browser ? Do you have a WINS server? If so set that in the smb.conf file. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] SAMBA4: Changing DC's IP address (Bind 9.8.x) for testing
I upgraded by S3 domain to S4 using the upgrade script. To do that i had to have the S4 test box connected to the production network. Now I want to take it to the test network. But the Bind 9.8.x instance using the DLZ still has the old address... dynamic dns update doesn't work because the tool can't find the KDC because DNS returns the wrong IP address. Can I modify the DNS zone using an ldb tool [ldbmodify]? To change the IP of the DC (the only address in DNS at this point, everything seems to CNAME back to the address). Under the older Bind config I just changed the one or two lines in the text zone file when I moved the VM from production to testing. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] openldap authentication
On Wed, 2011-11-30 at 13:18 -0700, James Devine wrote: I have an existing openldap schema which is handling mail, web and ftp services right now. I am trying to get a windows machine talking to the same filesystem as apache on linux via samba and read/write using the correct uid/gid. I was trying to shy away from using pam_ldap as there is no need to tie the user in ldap directly to the filesystem. The problem is it looks like the samba ldap module requires a specific ldap schema to function, whereas currently I map needed functionality to the ldap schema as depicted below # fxmul...@nsab.us, gwis dn: cn=fxmul...@nsab.us,dc=gwis objectClass: top objectClass: person objectClass: posixAccount accountid: 65534 uidNumber: 65534 gidNumber: 65534 active: 1 cn: fxmul...@nsab.us loginShell: /usr/sbin/nologin sn: nsab.us wenable: 1 wpass: testpass whome: /www/nsab.us/nsab.us/fx/fxmulder I don't suppose there is a similar way to map attributes with samba? You need to use the Samba [Samba 3] schema. The sambaAccount objectclass is auxillary; so you can add it to your existing account objects. The [nearly obsolete, look at Samba 4] Samba 3 LDAP overlays on the RFC2307 schema you are currently using. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 and Bind with DLZ
On Wed, 2011-12-07 at 13:13 -0500, fe...@epepm.cupet.cu wrote: Could you, please, give me some clue on how to configure dlz in Bind to work with Samba4? I installed samba4 from git check out from a week ago, then I provisioned it but DNS is not working. What error do you get when you try to start bind? What version of bind? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 4 named. dlz_bind9.so not found
On Sun, 2011-12-04 at 08:45 +, Marcel Ritter wrote: the last configuration is the correct one. However you may have to set LD_LIBRARY_PATH to the directory containing libsamdb.so.0 (or other libraries it may complain about during startup). I'm also using bind-9.8.1 on openSUSE 12.1 x86_64 and seeing something like the same problem. I run bind as - named -4 -c /etc/named.conf -g -u named -d 65535 06-Dec-2011 10:43:20.486 Loading 'AD DNS Zone' using driver dlopen 06-Dec-2011 10:43:20.486 Loading SDLZ driver. 06-Dec-2011 10:43:20.562 samba_dlz: Failed to connect to /opt/s4/private/dns/sam.ldb 06-Dec-2011 10:43:20.563 dlz_dlopen of 'AD DNS Zone' failed 06-Dec-2011 10:43:20.563 SDLZ driver failed to load. 06-Dec-2011 10:43:20.563 DLZ driver failed to load. Does that mean it loaded the samba_dlz driver? [I have /opt/s4/lib in /etc/ld.so.conf.d/s4.conf, and have run /sbin/ldconfig] The group named has rw- for /opt/s4/private/dns/sam.ldb It doesn't seem terribly informative. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Cannot open sam.ldb [Was: dlz_bind9.so not found]
On Tue, 2011-12-06 at 10:47 -0500, Adam Tauno Williams wrote: On Sun, 2011-12-04 at 08:45 +, Marcel Ritter wrote: the last configuration is the correct one. However you may have to set LD_LIBRARY_PATH to the directory containing libsamdb.so.0 (or other libraries it may complain about during startup). I'm also using bind-9.8.1 on openSUSE 12.1 x86_64 and seeing something like the same problem. I run bind as - named -4 -c /etc/named.conf -g -u named -d 65535 06-Dec-2011 10:43:20.486 Loading 'AD DNS Zone' using driver dlopen 06-Dec-2011 10:43:20.486 Loading SDLZ driver. 06-Dec-2011 10:43:20.562 samba_dlz: Failed to connect to /opt/s4/private/dns/sam.ldb 06-Dec-2011 10:43:20.563 dlz_dlopen of 'AD DNS Zone' failed 06-Dec-2011 10:43:20.563 SDLZ driver failed to load. 06-Dec-2011 10:43:20.563 DLZ driver failed to load. Does that mean it loaded the samba_dlz driver? [I have /opt/s4/lib in /etc/ld.so.conf.d/s4.conf, and have run /sbin/ldconfig] The group named has rw- for /opt/s4/private/dns/sam.ldb It doesn't seem terribly informative. Via strace I clearly see - 2434 mmap(NULL, 2105528, PROT_READ|PROT_EXEC, MAP_PRIVATE| MAP_DENYWRITE, 9, 0) = 0x7fc8f850c000 2434 mprotect(0x7fc8f850e000, 2093056, PROT_NONE) = 0 2434 mmap(0x7fc8f870d000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE| MAP_FIXED|MAP_DENYWRITE, 9, 0x1000) = 0x7fc8f870d000 2434 close(9) = 0 2434 mprotect(0x7fc8f870d000, 4096, PROT_READ) = 0 2434 stat(/opt/s4/modules/ldb, {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 2434 stat(/opt/s4/modules/ldb, {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 2434 stat(/opt/s4/private/dns/sam.ldb, 0x7fc9123692a0) = -1 EACCES (Permission denied) 2434 open(/opt/s4/private/dns/sam.ldb, O_RDWR|O_CREAT, 0600) = -1 EACCES (Permission denied) 2434 stat(/etc/localtime, {st_mode=S_IFREG|0644, st_size=2202, ...}) = 0 after it has opened a bunch of Samba libraries and read from /opt/s4/etc/smb.conf In /etc/selinux/config I have SELINUX=disabled -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Cannot open sam.ldb [Was: dlz_bind9.so not found]
On Tue, 2011-12-06 at 11:11 -0500, Adam Tauno Williams wrote: On Tue, 2011-12-06 at 10:47 -0500, Adam Tauno Williams wrote: On Sun, 2011-12-04 at 08:45 +, Marcel Ritter wrote: the last configuration is the correct one. However you may have to set LD_LIBRARY_PATH to the directory containing libsamdb.so.0 (or other libraries it may complain about during startup). I'm also using bind-9.8.1 on openSUSE 12.1 x86_64 and seeing something like the same problem. I run bind as - named -4 -c /etc/named.conf -g -u named -d 65535 06-Dec-2011 10:43:20.486 Loading 'AD DNS Zone' using driver dlopen 06-Dec-2011 10:43:20.486 Loading SDLZ driver. 06-Dec-2011 10:43:20.562 samba_dlz: Failed to connect to /opt/s4/private/dns/sam.ldb 06-Dec-2011 10:43:20.563 dlz_dlopen of 'AD DNS Zone' failed 06-Dec-2011 10:43:20.563 SDLZ driver failed to load. 06-Dec-2011 10:43:20.563 DLZ driver failed to load. Does that mean it loaded the samba_dlz driver? [I have /opt/s4/lib in /etc/ld.so.conf.d/s4.conf, and have run /sbin/ldconfig] The group named has rw- for /opt/s4/private/dns/sam.ldb It doesn't seem terribly informative. Via strace I clearly see - 2434 mmap(NULL, 2105528, PROT_READ|PROT_EXEC, MAP_PRIVATE| MAP_DENYWRITE, 9, 0) = 0x7fc8f850c000 2434 mprotect(0x7fc8f850e000, 2093056, PROT_NONE) = 0 2434 mmap(0x7fc8f870d000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE| MAP_FIXED|MAP_DENYWRITE, 9, 0x1000) = 0x7fc8f870d000 2434 close(9) = 0 2434 mprotect(0x7fc8f870d000, 4096, PROT_READ) = 0 2434 stat(/opt/s4/modules/ldb, {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 2434 stat(/opt/s4/modules/ldb, {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 2434 stat(/opt/s4/private/dns/sam.ldb, 0x7fc9123692a0) = -1 EACCES (Permission denied) 2434 open(/opt/s4/private/dns/sam.ldb, O_RDWR|O_CREAT, 0600) = -1 EACCES (Permission denied) 2434 stat(/etc/localtime, {st_mode=S_IFREG|0644, st_size=2202, ...}) = 0 after it has opened a bunch of Samba libraries and read from /opt/s4/etc/smb.conf In /etc/selinux/config I have SELINUX=disabled It was a permissions problem. Changing the permissions - linux-uf10:~ # chmod 777 /opt/s4/private/dns/sam.ldb linux-uf10:~ # chmod 777 /opt/s4/private/dns linux-uf10:~ # chmod 777 /opt/s4/private - changed the error. :( linux-uf10:~ # named -4 -c /etc/named.conf -g -u named 06-Dec-2011 11:14:35.735 Loading 'AD DNS Zone' using driver dlopen ldb: module partition initialization failed : Operations error ldb: module show_deleted initialization failed : Operations error ldb: module extended_dn_out_ldb initialization failed : Operations error ldb: module repl_meta_data initialization failed : Operations error ldb: module subtree_delete initialization failed : Operations error ldb: module schema_load initialization failed : Operations error ldb: module operational initialization failed : Operations error ldb: module aclread initialization failed : Operations error ldb: module acl initialization failed : Operations error ldb: module descriptor initialization failed : Operations error ldb: module objectclass initialization failed : Operations error ldb: module asq initialization failed : Operations error ldb: module server_sort initialization failed : Operations error ldb: module paged_results initialization failed : Operations error ldb: module dirsync initialization failed : Operations error ldb: module rootdse initialization failed : Operations error ldb: module samba_dsdb initialization failed : Operations error ldb: Unable to load modules for /opt/s4/private/dns/sam.ldb: Unable to open tdb '/opt/s4/private/dns/sam.ldb.d/DC=MICORE,DC=US.ldb' 06-Dec-2011 11:14:35.813 samba_dlz: Failed to connect to /opt/s4/private/dns/sam.ldb -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Cannot open sam.ldb [Was: dlz_bind9.so not found] [SUCCESS/SOLVED]
On Tue, 2011-12-06 at 11:18 -0500, Adam Tauno Williams wrote: On Tue, 2011-12-06 at 11:11 -0500, Adam Tauno Williams wrote: On Tue, 2011-12-06 at 10:47 -0500, Adam Tauno Williams wrote: On Sun, 2011-12-04 at 08:45 +, Marcel Ritter wrote: the last configuration is the correct one. However you may have to set LD_LIBRARY_PATH to the directory containing libsamdb.so.0 (or other libraries it may complain about during startup). I'm also using bind-9.8.1 on openSUSE 12.1 x86_64 and seeing something like the same problem. I run bind as - named -4 -c /etc/named.conf -g -u named -d 65535 06-Dec-2011 10:43:20.486 Loading 'AD DNS Zone' using driver dlopen 06-Dec-2011 10:43:20.486 Loading SDLZ driver. 06-Dec-2011 10:43:20.562 samba_dlz: Failed to connect to /opt/s4/private/dns/sam.ldb 06-Dec-2011 10:43:20.563 dlz_dlopen of 'AD DNS Zone' failed 06-Dec-2011 10:43:20.563 SDLZ driver failed to load. 06-Dec-2011 10:43:20.563 DLZ driver failed to load. Does that mean it loaded the samba_dlz driver? [I have /opt/s4/lib in /etc/ld.so.conf.d/s4.conf, and have run /sbin/ldconfig] The group named has rw- for /opt/s4/private/dns/sam.ldb It doesn't seem terribly informative. Via strace I clearly see - 2434 mmap(NULL, 2105528, PROT_READ|PROT_EXEC, MAP_PRIVATE| MAP_DENYWRITE, 9, 0) = 0x7fc8f850c000 2434 mprotect(0x7fc8f850e000, 2093056, PROT_NONE) = 0 2434 mmap(0x7fc8f870d000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE| MAP_FIXED|MAP_DENYWRITE, 9, 0x1000) = 0x7fc8f870d000 2434 close(9) = 0 2434 mprotect(0x7fc8f870d000, 4096, PROT_READ) = 0 2434 stat(/opt/s4/modules/ldb, {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 2434 stat(/opt/s4/modules/ldb, {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 2434 stat(/opt/s4/private/dns/sam.ldb, 0x7fc9123692a0) = -1 EACCES (Permission denied) 2434 open(/opt/s4/private/dns/sam.ldb, O_RDWR|O_CREAT, 0600) = -1 EACCES (Permission denied) 2434 stat(/etc/localtime, {st_mode=S_IFREG|0644, st_size=2202, ...}) = 0 after it has opened a bunch of Samba libraries and read from /opt/s4/etc/smb.conf In /etc/selinux/config I have SELINUX=disabled It was a permissions problem. Changing the permissions - linux-uf10:~ # chmod 777 /opt/s4/private/dns/sam.ldb linux-uf10:~ # chmod 777 /opt/s4/private/dns linux-uf10:~ # chmod 777 /opt/s4/private - changed the error. :( linux-uf10:~ # named -4 -c /etc/named.conf -g -u named 06-Dec-2011 11:14:35.735 Loading 'AD DNS Zone' using driver dlopen ldb: module partition initialization failed : Operations error ldb: module show_deleted initialization failed : Operations error strace again comes to the rescue; and makes it blindingly obvious that I overlooked the obvious. /opt/s4/private/dns/sam.ldb is a file, there is also a /opt/s4/private/dns/sam.ldb.d directory. Fix the permissions there as well and bind starts... 06-Dec-2011 11:19:07.018 Loading 'AD DNS Zone' using driver dlopen 06-Dec-2011 11:19:07.303 samba_dlz: started for DN DC=micore,DC=us 06-Dec-2011 11:19:07.304 samba_dlz: starting configure 06-Dec-2011 11:19:07.307 samba_dlz: configured writeable zone 'micore.us' 06-Dec-2011 11:19:07.310 samba_dlz: configured writeable zone '_msdcs.micore.us' 06-Dec-2011 11:19:07.312 set up managed keys zone for view _default, file 'managed-keys.bind' BAM! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 make fails (openSUSE 12.1) [SOLVED]
On Thu, 2011-12-01 at 12:48 +0100, steve wrote: On 30/11/11 22:33, Adam Tauno Williams wrote: On Tue, 2011-11-29 at 06:23 +0100, steve wrote: On 28/11/11 21:14, Adam Tauno Williams wrote: Then from:http://aur.archlinux.org/packages.php?ID=40043 sed -i -e s/gnutls_transport_set_lowat(tlss-tls_session, 0);// \ source4/lib/tls/tls_tstream.c sed -i -e s/gnutls_transport_set_lowat(tls-session, 0);// \ source4/lib/tls/tls.c Am now at 2503/3909 of the make. The only test box I have is a 512Mb acer laptop running 12.1 from a 16Gb usb stick. Not ideal for code of this size! Getting up to commit 456c69f95e7a672c4cc9a5e6e52fb37e14012304 fixed the issue for me. Samba4 now builds on my openSUSE 12.1 x86_64 box. Sorry, but I don't understand that. I have the stuff from git downloaded as explained in the samba 4 wiki. Monday I think. Has there been a change since then? Update your checkout, clean, and rebuild. There is a constant stream of changes - multiple a day. git pull git clean -f -d -x {rebuild} Referencing commit 456c69f95e7a672c4cc9a5e6e52fb37e14012304 Author: Matthias Dieter Wallnöfer m...@samba.org Date: Mon Nov 28 20:55:37 2011 +0100 s4:lib/tls - call gnutls_transport_set_lowat only on GNUTLS 3.0 This function call together with the lowat feature has been removed in release 3.0 as described in this mailing list post: http://old.nabble.com/gnutls_transport_set_lowat-deprecated-td32554230.html. Since we do not make any use of lowat (esprimed by each function call) we are free to simply omit it on v3.0 and later. This addresses bug #8537. Reviewed by: abartlet + metze Autobuild-User: Matthias Dieter Wallnöfer m...@samba.org Autobuild-Date: Wed Nov 30 20:11:14 CET 2011 on sn-devel-104 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Linux users and Samba 4
On Wed, 2011-11-30 at 17:37 +0100, steve wrote: On 30/11/11 16:40, Matthieu Patou wrote: Matthieu, On 30/11/2011 08:09, steve wrote: Yep. I realise the 'alphaness' of Samba 4 but I think I am not alone with my issue. I think I should be easy to fix now before it goes beta. Certainly true, why not trying to start working on solution on your own, by doing the first move you have much more insurance that someone else will help you to make it good for master tree. Well, I'm no developer and only have an old laptop running from a usb memory stick for testing but I've made a start by adding a home directory attribute to Samba 4 user database using phpldapadmin. But now I'm stuck since I don't know where or how the roaming profiles are stored. In Samba 3 there were stored in the /home of the user. The statement In Samba 3 there were stored in the /home of the user is false. They are stored where they are configured to be stored; we do not store profiles in home directories [and generall i think that is a bad idea]. Samba4 provisions a shared volume for storing a user's roaming profile. By default something like - With AD it seems that they are all be saved in a [profiles] share. That bit I think I understand so I think the solution to single sign on with Samba 4 would be linking the roaming profile to a users /home folder. Or make the profiles share subfolder the /home folder for Linux. With Samba3 and LDAP, all this was centralised and easy to administer. In openSUSE, YAST would create an LDAP user for you and give him the Samba attributes he needed. It even created his home folder too. It was simple for a linux user to logon to windows and vica versa. Samba 4 takes away this centralisation. It also has the inconvenience of having to use windows to administer the Samba server. I feel that Samba dev's have forgotten that Linux clients are just as important as windows clients in the network. They seem to think that Linux is only ever used as a server and clients are only ever windows 7! Another bit I don't get is where is a file that is created on a windows client is stored on the Samba server? The documentation is not clear here. As basic as that. Does any of this make sense? Cheers Steve. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Linux users and Samba 4
On Wed, 2011-11-30 at 17:37 +0100, steve wrote: On 30/11/11 16:40, Matthieu Patou wrote: Matthieu, On 30/11/2011 08:09, steve wrote: Yep. I realise the 'alphaness' of Samba 4 but I think I am not alone with my issue. I think I should be easy to fix now before it goes beta. Certainly true, why not trying to start working on solution on your own, by doing the first move you have much more insurance that someone else will help you to make it good for master tree. Well, I'm no developer and only have an old laptop running from a usb memory stick for testing but I've made a start by adding a home directory attribute to Samba 4 user database using phpldapadmin. But now I'm stuck since I don't know where or how the roaming profiles are stored. In Samba 3 there were stored in the /home of the user. The statement In Samba 3 there were stored in the /home of the user is false. They are stored where they are configured to be stored; we do not store profiles in home directories [and generall i think that is a bad idea]. Samba4 provisions a shared volume for storing a user's roaming profile. By default something like - [profiles] path = /usr/local/samba/var/profiles read only = no Which is very much the same as S3. With AD it seems that they are all be saved in a [profiles] share. Yes, and the nothing changed there. think I understand so I think the solution to single sign on with Samba 4 would be linking the roaming profile to a users /home folder. No. The roaming profile is the roaming profile, the user's home directory is the user's home directory. You can map a drive to their home directory or use folder redirection via policy [just like in Samba3]. the profiles share subfolder the /home folder for Linux. With Samba3 and LDAP, all this was centralised and easy to administer. I don't know about easy. After many years it feels a bit more like cleverly-hacked. :) would create an LDAP user for you and give him the Samba attributes he needed. It even created his home folder too. It was simple for a linux user to logon to windows and vica versa. Samba 4 takes away this centralisation. It also has the inconvenience of having to use windows to administer the Samba server. This loss is temporary until the tool-chain catches up to Samba 4 - which provides Python bindings, command line tools, and [of course] the entire AD RPC approach. I feel that Samba dev's have forgotten that Linux clients are just as important as windows clients in the network. They seem to think that Linux is only ever used as a server and clients are only ever windows 7! Heh, I think the current situation sucks for servers to! :) But nobody has forgotten anything - it is just not there yet. A simple issue of resource constraints. Another bit I don't get is where is a file that is created on a windows client is stored on the Samba server? The documentation is not clear here. As basic as that. That works the same as in Samba 3. Does any of this make sense? The frustration, yes, and it is shared. Getting from S3 to AD has been ugly going so far. But many of your presumptions are incorrect; you are assuming that things configured by your tool-chain are fundamental Samba behaviors. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 make fails (openSUSE 12.1) [SOLVED]
On Tue, 2011-11-29 at 06:23 +0100, steve wrote: On 28/11/11 21:14, Adam Tauno Williams wrote: On Mon, 2011-11-28 at 20:16 +0100, steve wrote: On 28/11/11 16:23, Adam Tauno Williams wrote: On Mon, 2011-11-28 at 17:16 +0200, Michael Wood wrote: 2011/11/28 Samba-JP ootarib...@samba.gr.jp: On Mon, Nov 28, 2011 at 05:52:55AM -0500, Adam Tauno Williams wrote Yep. I updated my test VM to openSUSE 12.1 [Bind 9.8!!!]. And I get the same failure when building. make fails: [ 976/3909] Compiling source4/lib/tls/tls.c ../source4/lib/tls/tls.c: In function ‘tls_init_server’: ../source4/lib/tls/tls.c:508:2: error: implicit declaration of function ‘gnutls_transport_set_lowat’ [-Werror=implicit-function-declaration] ../source4/lib/tls/tls.c: In function ‘tls_init_client’: ../source4/lib/tls/tls.c:569:2: warning: ‘gnutls_certificate_type_set_priority’ is deprecated (declared at /usr/include/gnutls/compat.h:288) [-Wdeprecated-declarations] cc1: some warnings being treated as errors Waf: Leaving directory `/home/steve/samba-master/bin' Build failed: - task failed (err #1): {task: cc tls.c - tls_1.o} make: *** [all] Error 1 My test server (openSUSE 12.1 x86-64) has no probrem [ 985/3936] Compiling source4/lib/tls/tls.c [ 986/3936] Compiling source4/lib/tls/tlscert.c ../source4/lib/tls/tlscert.c:174:6: warning: no previous prototype for ‘tls_cert_dummy’ [-Wmissing-prototypes] [ 987/3936] Compiling source4/lib/tls/tls_tstream. Then from:http://aur.archlinux.org/packages.php?ID=40043 sed -i -e s/gnutls_transport_set_lowat(tlss-tls_session, 0);// \ source4/lib/tls/tls_tstream.c sed -i -e s/gnutls_transport_set_lowat(tls-session, 0);// \ source4/lib/tls/tls.c Am now at 2503/3909 of the make. The only test box I have is a 512Mb acer laptop running 12.1 from a 16Gb usb stick. Not ideal for code of this size! Getting up to commit 456c69f95e7a672c4cc9a5e6e52fb37e14012304 fixed the issue for me. Samba4 now builds on my openSUSE 12.1 x86_64 box. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Linux users and Samba 4
On Tue, 2011-11-29 at 20:09 +0100, steve wrote: I have a LAN of linux and win7 clients currently with Samba 3.6 and LDAP. Linux users authenticate against LDAP and are placed in their nfs'd /home folder. The same user can also logon to windows. His roaming profile is stored in his /home folder. (something like .msprofile_v2) How do I transfer my current Linux/Samba 3/LDAP users over to Linux/Samba 4? Samba4's winbind does not support RFC2307, so doing this is pretty rough. I think you need to either use CIFS + winbind everywhere or somehow maintain an external idmap. Yea, it is horrible. We are staring down the barrell of the same gun. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Exporting tdbsam
On Mon, 2011-11-28 at 16:04 +0800, Fajar Priyanto wrote: Hi all, I'm trying to export the tdbsam pdbedit -e tdbsam:backup-tdbsam_2028 tdbsam_open: Converting version 0 database to version 3 Looks successful, but the resulting file is only 4K, whereas the passdb.tdb file is 60K Does it successfully exported? Once upon a time it was possible to export to xml. pdbedit -e xml:backup.xml If that still works you can then open the file in a viewer and verify what is there. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 make fails
On Mon, 2011-11-28 at 11:49 +0100, steve wrote: Samba 4 git from 1 hour ago. openSUSE 12.1 Yep. I updated my test VM to openSUSE 12.1 [Bind 9.8!!!]. And I get the same failure when building. make fails: [ 976/3909] Compiling source4/lib/tls/tls.c ../source4/lib/tls/tls.c: In function ‘tls_init_server’: ../source4/lib/tls/tls.c:508:2: error: implicit declaration of function ‘gnutls_transport_set_lowat’ [-Werror=implicit-function-declaration] ../source4/lib/tls/tls.c: In function ‘tls_init_client’: ../source4/lib/tls/tls.c:569:2: warning: ‘gnutls_certificate_type_set_priority’ is deprecated (declared at /usr/include/gnutls/compat.h:288) [-Wdeprecated-declarations] cc1: some warnings being treated as errors Waf: Leaving directory `/home/steve/samba-master/bin' Build failed: - task failed (err #1): {task: cc tls.c - tls_1.o} make: *** [all] Error 1 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 make fails(openSUSE 12.1)
On Mon, 2011-11-28 at 17:16 +0200, Michael Wood wrote: 2011/11/28 Samba-JP oota rib...@samba.gr.jp: On Mon, Nov 28, 2011 at 05:52:55AM -0500, Adam Tauno Williams wrote Yep. I updated my test VM to openSUSE 12.1 [Bind 9.8!!!]. And I get the same failure when building. make fails: [ 976/3909] Compiling source4/lib/tls/tls.c ../source4/lib/tls/tls.c: In function ‘tls_init_server’: ../source4/lib/tls/tls.c:508:2: error: implicit declaration of function ‘gnutls_transport_set_lowat’ [-Werror=implicit-function-declaration] ../source4/lib/tls/tls.c: In function ‘tls_init_client’: ../source4/lib/tls/tls.c:569:2: warning: ‘gnutls_certificate_type_set_priority’ is deprecated (declared at /usr/include/gnutls/compat.h:288) [-Wdeprecated-declarations] cc1: some warnings being treated as errors Waf: Leaving directory `/home/steve/samba-master/bin' Build failed: - task failed (err #1): {task: cc tls.c - tls_1.o} make: *** [all] Error 1 My test server (openSUSE 12.1 x86-64) has no probrem [ 985/3936] Compiling source4/lib/tls/tls.c [ 986/3936] Compiling source4/lib/tls/tlscert.c ../source4/lib/tls/tlscert.c:174:6: warning: no previous prototype for ‘tls_cert_dummy’ [-Wmissing-prototypes] [ 987/3936] Compiling source4/lib/tls/tls_tstream. . Could it have something to do with what packages are installed? e.g. if you don't have the GnuTLS devel package installed it breaks? I don't have an OpenSUSE box to test this theory. I have libgnutls-devel-3.0.3-5.2.1.x86_64 installed. GCC is gcc (SUSE Linux) 4.6.2. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 make fails(openSUSE 12.1)
On Mon, 2011-11-28 at 20:16 +0100, steve wrote: On 28/11/11 16:23, Adam Tauno Williams wrote: On Mon, 2011-11-28 at 17:16 +0200, Michael Wood wrote: 2011/11/28 Samba-JP ootarib...@samba.gr.jp: On Mon, Nov 28, 2011 at 05:52:55AM -0500, Adam Tauno Williams wrote Yep. I updated my test VM to openSUSE 12.1 [Bind 9.8!!!]. And I get the same failure when building. make fails: [ 976/3909] Compiling source4/lib/tls/tls.c ../source4/lib/tls/tls.c: In function ‘tls_init_server’: ../source4/lib/tls/tls.c:508:2: error: implicit declaration of function ‘gnutls_transport_set_lowat’ [-Werror=implicit-function-declaration] ../source4/lib/tls/tls.c: In function ‘tls_init_client’: ../source4/lib/tls/tls.c:569:2: warning: ‘gnutls_certificate_type_set_priority’ is deprecated (declared at /usr/include/gnutls/compat.h:288) [-Wdeprecated-declarations] cc1: some warnings being treated as errors Waf: Leaving directory `/home/steve/samba-master/bin' Build failed: - task failed (err #1): {task: cc tls.c - tls_1.o} make: *** [all] Error 1 My test server (openSUSE 12.1 x86-64) has no probrem [ 985/3936] Compiling source4/lib/tls/tls.c [ 986/3936] Compiling source4/lib/tls/tlscert.c ../source4/lib/tls/tlscert.c:174:6: warning: no previous prototype for ‘tls_cert_dummy’ [-Wmissing-prototypes] [ 987/3936] Compiling source4/lib/tls/tls_tstream. . Could it have something to do with what packages are installed? e.g. if you don't have the GnuTLS devel package installed it breaks? I don't have an OpenSUSE box to test this theory. I have libgnutls-devel-3.0.3-5.2.1.x86_64 installed. GCC is gcc (SUSE Linux) 4.6.2. I have rpm -q gcc gcc-4.6-15.1.3.i586 rpm -q libgnutls-devel libgnutls-devel-3.0.3-5.1.2.i586 make is ok on ubuntu 11.10 but not with openSUSE 12.1 What are we missing? Any ideas? Use an older gcc? I pulled down gcc-3.3 using zypper. $ CPP=/usr/bin/cpp-3.3 CC=/usr/bin/gcc-3.3 ./configure.developer --prefix=/opt/s4 Checking for program gcc or cc : /usr/bin/gcc-3.3 Checking for program ar : /usr/bin/ar Checking for program ranlib : /usr/bin/ranlib ... But when it gets down to the TLS stuff it still fails. Waf: Entering directory `/root/samba-master/bin' [ 126/3908] Generating VERSION [ 162/3908] Generating smbd/build_options.c [ 977/3908] Compiling source4/lib/tls/tls.c ../source4/lib/tls/tls.c: In function `tls_init_server': ../source4/lib/tls/tls.c:508: error: implicit declaration of function `gnutls_transport_set_lowat' ../source4/lib/tls/tls.c: In function `tls_init_client': ../source4/lib/tls/tls.c:569: warning: `gnutls_certificate_type_set_priority' is deprecated (declared at /usr/include/gnutls/compat.h:290) Waf: Leaving directory `/root/samba-master/bin' Build failed: - task failed (err #1): {task: cc tls.c - tls_1.o} make: *** [all] Error 1 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] testing samba 4 alongside samba 3
On Thu, 2011-11-24 at 12:06 +0100, steve wrote: Hi I have the opportunity to test Samba 4 and in particular the possibility of migrating from 3.6 to 4. I have a setup a spare box with 3.6 and ldap running under openSUSE 12.1 with a win 7 client on virtualbox. I had not used windows for over 10 years until I set up our SSO lan last month so I don't know much about AD. I read in the Samba 4 docs that you can drag and drop machines and users onto the AD. 1. Can I run Samba 4 alongside Samba 3 on my test box? Maybe, I don't know. It is certainly much easier to use virtual machines and run them separately. 2. Can I migrate users and machines (in my case a few test users and one w7 virtual machine) from Samba 3 to Samba 4? Is there a script? Yes, samba4 provides samba-tool which has a domain upgrade tool. samba-tool domain samba3upgrade 3. For the 'drag-and-drop-users. . .' bit, will I need a GUI on my openSUSE host? No, you can to quite a bit via net / samba-tool. And there is [although I've never used it] a Python API. Otherwise you use the MSC on a Windows box. 4. Will I need to administrate Samba 4 from windows? It is helpful. 5. Can anyone give me a one liner which starts with 'AD is. . .' No, and anyone who says they can is full-of-crap and doesn't know what they are talking about. 6. Is my setup OK for testing this? Do I need a separate physical windows client to test it? You can test from a virtual machine. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6 VS Samba4
On Thu, 2011-11-24 at 09:15 +0100, Daniel Müller wrote: Hello again, samba 3X is a nt-style domain. You have to work hard to distribute gpos by writing own scripts. Samba3 is an NT-Domain when used as a Domain Controller, it is not Active Directory. It can however participate as an Active Directory domain *member* [not as an AD DC]. Samba3 is a fully-capable file and print server. Samba 4 ia a ADS style domain. GPOs on the fly and nearly everything else like ADS. You can work with MS ADS Tools to administrate Samba4. Samba4's primary purpose currently is to be an Active Directory Domain Controller, or an additional DC in an existing Active Directory domain. Samba4 is not a up-to-snuff yet as a file and print server; for those roles you want to use Samba 3. So you might have a Samba 4 Domain Controller (to create an Active Directory Domain) and Samba 3 member servers to provide file and print services. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Recommended Linux Distro and Windows Client
Craig Ham mrc...@wsa.net wrote: I've gotten some great suggestions about setting up a samba server for our Windows xp and 98 clients. Thanks! What Linux distro would you recommend to create the server and then put Samba on it? CentOS 6. Straight foward boring server Operating Syste. What client would I need to put on each windows workstation for them to have access to the linux file server? You don't need to install anything on the clients; Samba implements the native Windows network services. -- Adam Tauno Williams -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] newcomer
On Mon, 2011-11-21 at 04:57 -0500, STeve Andre' wrote: On 11/21/11 04:22, anna-karin.bur...@bjurholm.se wrote: I am just getting to know the server and network I am supposed to handle. What would be the first thing to check when it comes to a Samba server you know nothing about? Kind regards Reading the documentation at http://samba.org/samba/docs/. +1 the documentation is uncommonly good. Beware of problem solving via searching-the-Internet method; there is a great deal of bad advice, incorrect information, and obsolete information out there. The documentation and this list are the go-to places. In particular, start with http://samba.org/samba/docs/using_samba/toc.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba + Heimdal + windows
On Mon, 2011-11-21 at 11:25 +1300, brijesh patel wrote: Does it mean i need to use samba4 and have to use inbuilt kerberos and ldap server because this link says ldap backend is not supported. Correct. http://wiki.samba.org/index.php/Samba4/LDAP_Backend#.28De.29motivation If yes how would i migrate all the user from openldap to samba4? The 'samba-tool domain samba3upgrade' will migrate machine accounts, users, and groups. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4 ldap?
On Thu, 2011-11-17 at 12:34 -0600, John Heim wrote: I am confused... Using an ldap server as a backend for samba4 is not recommended? Not only not recommended, it will not work and is not supported. We are primarily a linux shop. We have an ldap database we use for authentication. I can't use that anymore if I switch to samba4? Nope. Active Directory provides an LDAP service (DSA) but Active Directory is not LDAP. It has very specific provisioning, security, and schema rules. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Users full name
On Sat, 2011-11-12 at 09:42 +0100, Gémes Géza wrote: 2011-11-12 04:02 keltezéssel, Philippe LeCavalier írta: Hi. On Thu, 2011-11-10 at 21:14 +0100, Gémes Géza wrote: 2011.11.10. 20:39 keltezéssel, Philippe LeCavalier írta: Hi everyone. What's the trick to get the users full name in the start menu? I used to think it was as simple as assigning it in the system account on the samba server but that doesn't seem to work. It can be set with pdbedit -r -u username -f Full Name This seems to work. So to be clear; smbpasswd can't pull the account full name field? smbpasswd was designed when the only available account database was the file /etc/smbpasswd (before samba 3.0). You can see what that format supports by listing you account database with: pdbedit -Lw (aka the smbpasswd format) smbpasswd is *old*. You can use the tools to migrate to tdbsam. pdbedit -i smbpasswd -e tdbsam You should probably jump to tdbsam [and leave smbpasswd] in any case. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Users full name
Philippe LeCavalier supp...@plecavalier.com wrote: What's the trick to get the users full name in the start menu? I used to think it was as simple as assigning it in the system account on the samba server but that doesn't seem to work. Do you see the user's full name in the user manager? What SAM backed are you using? -- Adam Tauno Williams -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Users full name
Philippe LeCavalier supp...@plecavalier.com wrote: What's the trick to get the users full name in the start menu? I used to think it was as simple as assigning it in the system account on the samba server but that doesn't seem to work. Do you see the user's full name in the user manager? What SAM backed are you using? -- Adam Tauno Williams -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba3 ADMT, cannot migrate SIDs
I'm attempting to migrate a Samba 3.x / NT domain to Active Directory. I have a Windows 2003 SE host and ADMT. I've established trusts between the Samba 3 domain and the Windows 2003 AD domain. I can use User Account Migration Wizard up to the Account Transition Options. Then of I check the option to Migrate SIDs it fails with - Could not verify auditing and TcpipClientSupport on domains. Will not be able to migrate Sids. The system cannot find the file specified. Is there something that can be done to enable SID migration from S3? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Ideas for distributed Samba servers
On Sat, 2010-04-10 at 10:14 -0700, Eric Shubert wrote: Robert LeBlanc wrote: I'm trying to think about how to setup a Samba system and would like to pick the brains of some experts. We are looking up put a large amount of storage ~75TB in a central data center. We have some remote (ok, not remote, but across slower links, ok if you consider several hundred clients over 1Gb to be slow) locations that we would like to set up samba servers that 'cache' the file system and serve it up to the clients in the building and sync with the main data center storage. a.) I don't think you can really do that with a 'file server' b.) I believe what you describe is almost exactly how AFS works. http://www.openafs.org/ OpenAFS is the world's foremost location independent file system. c.) Most SAN vendors provide a block-level replication solution for their products. The idea is have a couple of TB that are located in the building that serve up the Samba share. When a client requests a file, if it's in the local cache it is served up from there, if not then the Samba server grabs the file from the main data center and serves it to the client. When a file is written, something like rsync is used to transfer only difference back to the main data center. The problem is that I'm not sure of a file system that does this. We are using Lustre on our HPC, but this won't do what we want. With all the fun of file locking, concurrent access, etc... I think what you describe just won't work, or at least will never work well. Why not just you a groupware server that supports document check-out and check-in; that seems like the correct solution to me. Or possibly something like iFolder http://ifolder.com/ifolder -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Mess-Windows dumbness...
On Tue, 2010-03-30 at 11:48 -0400, Robert Heller wrote: I changed the Samba security mode from share to user and added a couple of users to allow some writable shares. Now the MS-Windows machines are insisting on a username/password to access the *anonymous* (guest ok = yes) printers and the one read-only public file system. How do I fix this? Do I *have* to configure a real-live guest user? Is there a way to allow some file systems anonymous access *without* a username/pasword and some file system write access with a username/password? Or is mess-windows too stupid to handle this? I assume you have mapped guest to a valid user account on the Samba server? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] 3.4.6 slow access to shares ?
On Wed, 2010-03-10 at 11:22 +0100, Frank Bonnet wrote: On 03/10/10 10:47, Richard Lamboj We recently upgraded our samba server from 3.4.3 to 3.4.6 and I noticed shares access became much more slow than before. Shares are living on local disks. the machine is an HP proliant DL380G5 with 16 Gb RAM and runs Linux Debian lenny 64 bits. The samba software was compiled on the machine. just the share access, or file access too? Whats with your socket options in the smb.conf. shares AND files socket options = TCP_NODELAY Remove all socket options statements from all smb.conf files unless you are *intimately* familiar with both (a) your particular OS' IP stack and (b) how Samba handles sockets. -- Adam Tauno Williams awill...@whitemice.org LPIC-1, Novell CLA http://www.whitemiceconsulting.com OpenGroupware, Cyrus IMAPd, Postfix, OpenLDAP, Samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [Probably OT]: Samba LDAP data migration
On Wed, 2010-03-10 at 11:42 +0530, mallapadi niranjan wrote: On Wed, Mar 10, 2010 at 11:28 AM, Zaeem Arshad zaeem.ars...@gmail.comwrote: This is probably more of an LDAP specific question but I am sure I can have a couple of pointers from the list members. So, I have this Samba PDC running Samba 3.4.3 with OpenLDAP 2.3.43-3 on a CentOS 5.3 box. All the user data is stored in the OpenLDAP directory. I am interested in migrating this data to a Sun LDAP server that is already in place. Is there any script that any of you might have come across to help migrate the data from OpenLDAP to Sun? Any pointers or caveats that I may have to face in such a migration? Appreciate the help. What about doing ldapsearch to the base tree and redirecting it to an LDIF and importing LDIF file to Sun DIrectory server but there are few thing you need to take care Use the OpenLDAP tool slapcat to export your database (which is typically how you made backups anyway). The output is LDIF, so *theoretically* you can load it into any DSA that supports the same schema. 1. First stop samba service, so that no further user passowrd changes or machine password changes takes place Executing slapcat is always transaction safe. -- Adam Tauno Williams awill...@whitemice.org LPIC-1, Novell CLA http://www.whitemiceconsulting.com OpenGroupware, Cyrus IMAPd, Postfix, OpenLDAP, Samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Setting up LDAP Authentification - Tree design/search scope
On Wed, 2010-03-10 at 08:38 +0100, Götz Reinicke - IT-Koordinator wrote: Adam Tauno Williams schrieb: On Mon, 2010-03-08 at 11:04 -0500, Gaiseric Vandal wrote: But in terms of an address book, if someone has an LDAP address book client (e.g. thunderbird) you can't prevent them from trying to recursively query ou=people,) vs ou=students.You can advise end users whether they should set up two LDAP address books (students vs employees) rather than one top level people one.From the end user pespective, a single LDAP directory will probably be simpler. True; or all non-related entries can simply be hidden from the clients. Or, the simplest solution, is it use a virtual root to 'glob' any objects [and just the specific attributes] that an addressbook consumer would want to see. OpenLDAP provides excellent support for partitioning, federating, and creating virtual (remapped) partitions. So I may have one branch with the DNs of users with there IDs, passwords, ... and one partition for the phonebook entries: dn: ou=People,dc=example,dc=com I'd recommend sub-rooting everything Samba needs to see; and not using the [dreadful IMO] ou=People,$ROOT, ou=Groups,$ROOT design. dn: ou=Phonebook,dc=example,dc=com You certainly can do that. Aside: Although in the end I think you'll find LDAP makes a very crappy addressbook soluton. Why that? For us e.g the purpose of the addressbook is to have name and e-mail-address available; postal Address, phonenumber etc should not be in our directory. (a) No client but Evolution supports write access. This shortly equals unhappy users. (b) Clients blithely ignore schema rules [for example mail is multi-valued] (c) How clients map attributes to fields varies widely [and who ever wrote the Mozilla addressbook's LDAP support was using hard-drugs at the time] If you really want nothing more than to expose e-mail addresses it works reasonably well. It is pretty terrible once you go beyond that. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] New Domain Controler (PDC) and Windows Profiles
On Tue, 2010-03-09 at 07:05 -0800, Pedro Ribeiro wrote: Hi there Gaiseric, Does the new samba PDC have the same SID as the old one? Did you have rejoin the machines to the domain? My guess is the PC's think it is a new domain, therefore new user, therefore a new profile. ok, I think thats the point. the SID isnt the same, but by now I cant figure out how to set the same SID. can u tell me how to do this ? net setlocalsid S-1-5-21-x-y-z -- Adam Tauno Williams awill...@whitemice.org LPIC-1, Novell CLA http://www.whitemiceconsulting.com OpenGroupware, Cyrus IMAPd, Postfix, OpenLDAP, Samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Setting up LDAP Authentification - Tree design/search scope
On Mon, 2010-03-08 at 11:04 -0500, Gaiseric Vandal wrote: smb.conf will list where samba searches in ldap. ldap suffix=o=abc.com ldap user suffix=ou=employees,ou=people ldap group suffix = ou=groups ldap machine suffix=ou=machines,ou=people I think the main challenge will be configuring access control lists. If you have a server you only want accessed by employees, you would set the ldap user suffix parameter in smb.conf appropriately. We've parented all of Samba related 'stuff' under ou=SAM,$BASE, so we have ou=SAM,$BASE ou=Entities,ou=SAM,$BASE ou=People,ou=Entities,ou=SAM,$BASE ou=System Account,ou=Entities,ou=SAM,$BASE ou=Groups,ou=SAM,$BASE Because very different ACLs typically apply to these three types of objects (users, system accounts, and groups) But in terms of an address book, if someone has an LDAP address book client (e.g. thunderbird) you can't prevent them from trying to recursively query ou=people,) vs ou=students.You can advise end users whether they should set up two LDAP address books (students vs employees) rather than one top level people one.From the end user pespective, a single LDAP directory will probably be simpler. True; or all non-related entries can simply be hidden from the clients. Or, the simplest solution, is it use a virtual root to 'glob' any objects [and just the specific attributes] that an addressbook consumer would want to see. OpenLDAP provides excellent support for partitioning, federating, and creating virtual (remapped) partitions. Aside: Although in the end I think you'll find LDAP makes a very crappy addressbook soluton. I also suspect that LDAP attributes may not be restricted by default as much as they should be. Yep; you'll find most sites [in-my-experience] to have severely neglected the confguration of their DSA once they reach got-it-working status. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] LDAP backend replication?
On Wed, 2010-02-10 at 02:01 +0100, Jakov Sosic wrote: Hi to all! I've set up Zimbra LDAP (2.4) as master, and I want to use RHEL v5 LDAP (2.3) as a slave. This is relevant part of my slapd.conf on LDAP 2.3: That won't work. But you can get OpenLDAP 2.4 packages from http://staff.telkomsa.net/packages/rhel5/openldap/i386/ for CentOS/RHEL. Am I missing something? You can't replicate between servers of significantly different versions. or is the sync from LDAP 2.4 to LDAP 2.3 impossible? Yes. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] A question to Samba developers (or experienced users) about connections to a LDAP server using Unix sockets (LDAPI)
On Mon, 2010-02-08 at 21:04 +, Miguel Medalha wrote: I couldn't find any significant answer by googling this. Oh well, I had just posted that when I found this : Samba connect ldap via socket http://lists.samba.org/archive/samba/2008-May/140869.html The following setting works fine for me on a Debian testing system and with openLDAP: [globals] passdb backend = ldapsam:ldapi:// You can also specify the LDAPI socket path if your OpenLDAP server is listening in a 'non-standard' location, like: passdb backend = ldapsam:ldapi://%2fvar%2frun%2fldap2.4%2fldapi You have to escape the / elements of the path. -- OpenGroupware developer: awill...@whitemice.org http://whitemiceconsulting.blogspot.com/ OpenGroupare Cyrus IMAPd documenation @ http://docs.opengroupware.org/Members/whitemice/wmogag/file_view -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] A question to Samba developers (or experienced users) about connections to a LDAP server using Unix sockets (LDAPI)
On Sun, 2010-02-07 at 21:52 +, Miguel Medalha wrote: After acquiring some experience with the use of Samba+OpenLDAP, I am now in the process of creating my first PDC based on Samba+CentOS (Red Hat, Fedora, 389) Directory Server. While reading the DS documentation, something caught my attention. The Administration Guide for Red Hat Directory Server 8.1 states the following: Inter-process communication (IPC) is a way for separate processes on a Unix machine or a network to communicate directly with each other. LDAPI is a way to run LDAP Does Samba support this type of connection to the LDAP server? Yes. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] smbpasswd vs passwd to change
On Thu, 2010-02-04 at 10:11 -0600, Adam wrote: so what's you're question? Nickolas Gray wrote: Not sure if someone here can answer this for me. The OpenLDAP guys have blown me off on this one. Don't feel bad; providing opportunities to blow people off is the primarily purpose of their listserv. I have a standalone server which is using ldap as the passdb backend. I can ssh into an account. I can show that smbclient works -L localhost -U ldaptestuser works. If I change the password using smbpasswd both still work with new password. If i change the password using /usr/bin/passwd I can login interactively with the new password but samba still uses the old password. Of course. passwd does not update the SAM password attributes. With a Samba 3.x SAM you have [at least] two passwords in your LDAP object - userpassword and sambantpassword. Samba may know to update all the password entries, and potentially other meta-data, but passwd certainly does not. Unless you've been successful at configuring the smbk5pwd module and are performing password changes via the password change extended operation. This is covered in the official documentation somwhere. -- OpenGroupware developer: awill...@whitemice.org http://whitemiceconsulting.blogspot.com/ OpenGroupare Cyrus IMAPd documenation @ http://docs.opengroupware.org/Members/whitemice/wmogag/file_view -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help with samba implementation
On Thu, 2010-01-21 at 11:20 -0500, roxane.b.el...@census.gov wrote: I am writing from the US Census Bureau in Washington, DC. There is an immediate need for samba to be implemented on 3 AIX lpars. Attached is the smb.conf file and testparm for dadsp003. Here is the scenario: 3 AIX, 6.1 lpars, dadsp001, dadsp002 and dadsp003. Installed samba 3.0.24 from aix6 cd. Currently installed on dadsp002 and dadsp003. Configured only on dadsp003. That is a *seriously* antique version of Samba, you may have some compatibility issues with newer client OSs. pWare provides much more current versions of Samba for AIX http://pware.hvcc.edu/ Otherwise these is nothing different about setting up Samba on AIX vs. other operating systems. The local networks on all 3 lpars are 192.168.0 and 192.168.1 I have 2 shares configured. The daemons (smdb and nmdb) are running and users can connect to the shares on dadsp003. How do I add/configure the other 2 lpars (dadsp001 and dadsp002) so a user can login to dadsp001 or dadsp002 and have the shares available. We do not use ldap on the AIX servers. I am using smbpasswd to configure users as you will see in the smb.conf.dadsp003 file. You will need to add identical entries to all three smbpasswd (given that you have no network backend for authentication / identification). We have the net use command for dadsp003 working via ssh login from AIX to windows. In addition to any configuration, my guess would be that the same net use command can be changed to point from the correct server. I have no idea if I am asking the right question(s), I'm not sure what from AIX to windows means. but I have to start somewhere. The developers/testers are way behind in their work waiting on the samba configuration. HELP ASAP please. I have read and googled to the point of confusion. Google is not your friend. Avoid all documentation except http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ and http://www.samba.org/samba/docs/man/Samba-Guide/ which really do lay it out step-by-step, especially the Guide. Start with http://www.samba.org/samba/docs/man/Samba-Guide/simple.html. A phone call would be great, but if email is the only way, then I will take what I can get. Do you have the smbd nmbd services running? Do Windows clients see the Samba servers? -- OpenGroupware developer: awill...@whitemice.org http://whitemiceconsulting.blogspot.com/ OpenGroupare Cyrus IMAPd documenation @ http://docs.opengroupware.org/Members/whitemice/wmogag/file_view -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows clients connecting to Samba with OpenLDAP password backend
On Mon, 2009-11-02 at 12:56 +, Jonathan Adams wrote: I am having real troubles with one of our servers. Background: We have been using samba in our company for more than 11 years now, since version 1.9.16 ... We run Sun Solaris on our servers. We used to run NIS+ as our password system, but due to it's almost impossibility to manage (basically only I knew how) we've moved to LDAP ... We have now decided to centralize all our Samba passwords into the LDAP. Because LDAP is easier to manage! :) I've been an OpenLDAP admin for 10 + years... that really illustrates how horrible NIS was. On the one machine configured to use LDAP for passwords we have a mysterious problem, If we access the machine via a Windows computer (XP, Vista, etc) we can create files and folders we can even rename and delete folders, but we cannot rename or delete files. This sounds like a basic permissions problem. If NSS is working, and you've authenticated, it pretty much has to be a permissions problem. If we access the machine via a Solaris or Linux machine using smbclient we can do everything. Maybe those are invoking unix extensions. I've got no clue how that specifically would effect permission handling. I originally wondered if it was due to the Sun compiled Samba 3.0.35 server that is installed, so i removed it and compiled in 3.4.2 with OpenLDAP support, but it has exactly the same issues. Which even more strongly points to a permissions issue. This problem does not occur on our other machines (that run ldap as their naming service in all but samba) ... I'm not sure what this means. I'm happy to show all relevant information and logs/debugs if necessary I have seen some people talk about this before on the internet, but there doesn't appear to be any answer. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] LDAP and setting the password
On Thu, 2009-10-29 at 02:49 -0500, Zane C.B. wrote: When it comes to using the LDAP backend and setting the password, how does one prevent it from being regarded as out of date? By what? If you mean OpenLDAP ppolicy: OpenLDAP ppolicy and Samba are essentially incompatible. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] password sync
On Wed, 2009-10-28 at 13:36 -0500, Paras pradhan wrote: Is it possible to use the /etc/passwd for the samba users? No. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 Support
On Thu, 2009-10-15 at 15:38 -0300, Zoolook wrote: On Wed, Sep 30, 2009 at 9:23 AM, John Drescher dresche...@gmail.com wrote: Glad to hear that. Even Windows 7 x64 is included? :) That is the only version I use since all processors are 64 bit now. Anyways samba 3.3 supports this. Does it support policies too? As a domain controller? No. You need Samba 4 [experimental] to be an AD server; Samba 3.x is NT4 domain only, that is ntconfig.pol stuff that doesn't seem to work at all for Vista/7/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Centos Directory Server with Samba
I was wondering if someone'd known about some manual to prepare samba for a Directory Server. I don't even understand what this question means. But see the documentation section of www.samba.org; particularly the Samba-HOWTO and Samba-BY-EXAMPLE guides. These are excellent documents and probably the most current [there are a *LOT* of horribly outdated guides floating around, so Google is a dangerous tool for setting up Samba]/ signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Strange LDAP query
On Thu, 2009-10-08 at 14:21 +0200, Julio Gómez Belmonte wrote: Hi We have a large installation consisting of many Citrix servers using 2 Samba servers as domain controllers, using 2 LDAP 389 Directory Servers as user database. Also, there are workstations using the Samba servers. These LDAP servers have around 3 user accounts, and we have detected that Samba servers make this ldap search: You should really [always] specify query size limits on the DSA. For example - limits anonymous size.soft=512 size.hard=1024 size.unchecked=32767 time.soft=10 time.hard=60 limits group=cn=Administrators,ou=Entities,ou=Access Control,dc=rss,dc=nw size.soft=unlimited size.hard=unlimited size.unchecked=unlimited time.soft=60 time.hard=120 limits dn.exact=uid=syncrepl,ou=Entities,ou=Access Control,dc=rss,dc=nw size.soft=unlimited size.hard=unlimited size.unchecked=unlimited time.soft=unlimited time.hard=unlimited limits users size.soft=1024 size.hard=2048 size.unchecked=32767 time.soft=15 time.hard=60 I'm fairly certain AD imposes query size limits; the client can page the results if they need to exceed the limit. Since Samba works with AD I assume it will page results. This makes like much easier for the DSA. [I assume your Samba servers are not binding to the DSA with the admin DN.] [07/ Oct /2009:13:54:06 +0200] conn=46 op=13 SRCH base=dc=domain,dc=my scope=2 filter=((uid=*)(objectClass=sambaSamAccount)) attrs=uid sambaSID displayName description sambaAcctFlags So Samba is trying to retrieve the 3 user accounts, making the LDAP servers freeze. We don't what is happening to make this big query, I think that this query results of running the net user command from a Windows or Linux machine, but I cannot find which machine is executing that command. Is there any way to obtain which host is running this command, or which host is the responsible of make Samba make that LDAP query? Enable logging on the DSAs. Maybe loglevel 768 if I recall correctly, that should give you statistics for operations (256) and results (512). If not, is there any way to make Samba apply an additional filter when obtaining accounts? I would like to make the query like ((uid=*)(objectClass=sambaSamAccount)((objectClass=myOwnClass)(ou:dn:=People))). How would that help? Wouldn't it retrieve the same number of objects? We designed our Dit so that all the Samba and NSS stuff [users groups] were beneath ou=SAM, so we have ou=SAM, ou=Entities,ou=SAM, ou=People,ou=Entities,ou=SAM, ou=System Accounts,ou=Entities,ou=SAM, ou=Groups,ou=Entities,ou=SAM, which keeps Samba and other systems out of the rest of the Dit. [Of course that will all have to be restructured for Samab4/AD]. Sadly the, rather retarded, PADL conversion scripts created almost a convention of , ou=Groups, ou=People, which is a rather crappy design. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] config file locations
On Wed, 2009-10-07 at 14:23 -0400, Richard Clemens wrote: I checked and for my version this is not the case. I am using RHEL 5.4 server edition. I did find .tdb files in /etc/samba. I tried to view the files using vim but no joy. I need a file that I can edit using vi or gedit and avoid the gui tool or a way to import the data from a text file. You can't. Use the pdbedit, net, and smbpasswd CLI tools and you can manipulate you TDB SAM pretty much any way you want. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba authentication via pam_pwdfile
On Mon, 2009-09-28 at 18:37 -0400, Charles Yost wrote: I'm attempting to setup samba authentication via PAM and more specifically the pam_pwdfile module. So far I have had trouble determining the right mix of global settings to get this to work. I have read through many tutorials online, but so far I have not found good documentation on how to achieve this. Because it doesn't work; at least not without hacking every Windows client. [Does that even still work anymore? I don't know, it really is not a reasonable/maintainable thing to do]. You need to either setup an LDAP DSA and use that for authentication and have Samba use that too (as a DC). Or setup Samba as a NT4 PDC and use that for authentication. PAM is, practically speaking, a lost cause for Windows clients - for technical/implementation reasons it can't work well. -- OpenGroupware developer: awill...@whitemice.org http://whitemiceconsulting.blogspot.com/ OpenGroupare Cyrus IMAPd documenation @ http://docs.opengroupware.org/Members/whitemice/wmogag/file_view signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] FYI, Samba presentation at Ohio LinuxFest 2009
At this years Ohio LinuxFest 2009 Don Vosburg will be presenting on his experiences deploying Samba in various configurations: So You Think You Can Dance? Samba in the Real World by Don Vosburg Samba is a terrific file sharing project - but how well can you dance? Hear real world examples of hot to swing with Samba. We will explore integration with existing networks, or standing up your own Samba domain. The emphasis will be on creating a practical Samba server environment, and making it robust as well. Look for some strong tips, a few tricks, and a start on best practice. Demonstrations will be shown as well. Don Vosburg (So You Think You Can Dance? Samba in the Real World) has been in the IT industry for over 15 years in a wide variety of roles. His experiences as a system administrator, architect, and consultant provide a wealth of illustration. For the last five years he has been a technology specialist for Novell, Inc. His area of special concentration has been Linux. He has been tapped for presentations at Novell Brainshare, LinuxWorld San Francisco, Ohio LinuxFest, and numerous other venues. OHIO LINUXFEST REGISTRATION DEADLINE IS SEPT 18 Ohio LinuxFest 2009 Free and Open Source Software Conference and Expo Columbus, Ohio : September 25-27, 2009 http://www.ohiolinux.org Registration Deadline: September 18, 2009 The Ohio LinuxFest 2009 registration deadline is September 18, 2009. If you have not registered yet, please hurry over to http://www.ohiolinux.org and register today. Join us for the seventh annual Ohio LinuxFest conference to celebrate 40 years of Unix. We have an exciting line up of talks and this year the conference extends from Friday to Sunday. Friday, September 25, features professional training courses (Professional package registration required) and a course for Linux beginners which includes a refurbished computer, with Linux pre- installed for you (Quick Start package required). A series of conference talks and other sessions will be held on Friday as well. Saturday, September 26, features the expo and four conference tracks. We have a great line up of speakers; Doug McIlroy, Shawn Powers, Dr. Peter Salus, and many more. The Diversity in OpenSource Workshop will be held on Sunday, September 27th. A mix of talks and open discussion will help attendees identify biases and learn ways to break down barriers, invisible or blatant. Also, two certification examinations will be held on Sunday the 27th. Linux Professional Institute will host an LPI certification exam, and the BSD Certification Group will offer the BSDA certification exam for Ohio LinuxFest attendees. Four registration packages are available for the Ohio LinuxFest this year. The Enthusiast Package is available at no cost for students, enthusiasts, and those that want to come to the event to find out more about Free and Open Source software. The Supporter Package is available again at a low cost of $65.00 to support the event. As a measure of appreciation, the supporter package includes lunch on Saturday and a commemorative Ohio LinuxFest tee-shirt. The Quick Start Package is available for $250.00, which in addition to access to the events on Saturday, includes a full day of Linux Basics training on Friday and a refurbished Linux computer to take home. The Professional Package is available for $350.00, which in addition to Saturday's activities, also includes access to the one day OLFU tutorials on Friday. The Ohio LinuxFest welcomes people from all 50 states and international participants. We have had participants from Canada, England, Argentina, Brazil, and Australia in years past. Note that the Ohio LinuxFest is a 501c3 non-profit, volunteer organization. All proceeds are used for conference costs. Thank you and hope to see you in Columbus, The Ohio LinuxFest team. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba