[Samba] Roaming profiles
I have a question about disabling roaming profiles. Apparently we can do that by adding logon path = , but if we do that on a machine that has roaming enabled, will I have to go and change that to local on all the accounts or will it do it automatically? Also, will that impact the users at all? Andy -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Adding computer account - username could not be found
I'm trying to add a computer account as root and I am getting the following error: the user name could not be found The root account appears in the smbpasswd file and I have access to the server when I use the root credentials. I have the following in the smb.conf file to add users: add user script = /usr/sbin/useradd -d /dev/null -g machines -c machine account -s /bin/false -M %u I am running RH v3 and: samba-client-3.0.0-14.3E samba-3.0.0-14.3E samba-common-3.0.0-14.3E redhat-config-samba-1.0.16-1 My groupmap looks like: System Operators (S-1-5-32-549) - -1 Replicators (S-1-5-32-552) - -1 Guests (S-1-5-32-546) - -1 Domain Admins (S-1-5-21-1206063004-3966108128-1487570950-512) - root Domain Guests (S-1-5-21-1206063004-3966108128-1487570950-514) - nobody Power Users (S-1-5-32-547) - -1 Print Operators (S-1-5-32-550) - -1 Administrators (S-1-5-32-544) - -1 Account Operators (S-1-5-32-548) - -1 Domain Users (S-1-5-21-1206063004-3966108128-1487570950-513) - users Backup Operators (S-1-5-32-551) - -1 Users (S-1-5-32-545) - -1 Any help much appreciated. Best regards, Andrew Judge -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] net groupmap / domain admins problem - Amazon prize
Okay, I did all the below successfully. I actually had the old SID from the other PDC MACHINE.SID and net setlocalsid S-1-fdsfsd - so didn't modify the NTUSER.DAT files Still no luck with the admin rights. It will log into the domain and can see the domain groups and I can add them to local groups. It even uses the netlogon scripts. Do you need more info? I think we are close though. Andy -Original Message- From: John H Terpstra [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 07, 2004 11:42 PM To: Andrew Judge Cc: [EMAIL PROTECTED] Subject: Re: [Samba] net groupmap / domain admins problem - Amazon prize 1. Stop Samba 2. Delete the group_mapping.tdb file. 3. Restart Samba - the default Domain Groups will automatically be created if you are NOT using LDAP ldapsam. 4. Map your groups as follows: net groupmap modify ntgroup=Domain Users unixgroup=users net groupmap modify ntgroup=Domain Admins unixgroup=root net groupmap modify ntgroup=Domain Guests unixgroup=nobody Add any Domain Groups you may want. Do tie them to existing (manually created UNIX groups) eg: groupadd engineers net groupmap add ntgroup=Domain Engineers unixgroup=engineers type=d groupadd ntadmins net groupmap add ntgroup=Domain Power Users unixgroup=ntadmins type=d PS: If you have a problem with these commands email me, I'll help you. 5. Add all users who should have Domain Admin rights to the UNIX root group in /etc/group, like this: root:0::jht,jimbo,jack,jill 6. Add all users who should have Workstation Admin rights (Power Users) to the UNIX ntadmins group in /etc/group, like this: ntadmins:123::maryo,susant,billm 7. Verify that the groups are correctly mapped: net groupmap list. 8. Now: On every windows client machine add: a) Domain Admins to the Local Administrators Group b) Domain Power Users to the Local Power Users Group Now... I migrated from 2.2.3a to the above and I have all the tdb and I cahnged the SID to the last PDC. Anyway, how would I get the right SID? I have NTUSER.DAT files that I can run profiles against to read them. Would that help? You can use the Samba-3.0.x tools 'profiles' to reset the SID in the NTUSER.DAT files. To obtain the domain SID just run: net getlocalsid First one that can point me in the right direction to get this resolved - I'll buy them a amazon gift cert for $50. Beats going bald from pulling out my hair. It's a deal man! - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] net groupmap / domain admins problem - Amazon prize
Also, my info is now - and it look like the last 3 digits are supposed to be different from the mmain part of the SID, but are not? Should I try to modify the domain '*' SIDs? [EMAIL PROTECTED] root]# net getlocalsid SID for domain FPICSRV is: S-1-5-21-1206063004-3966108128-1487570950 [EMAIL PROTECTED] root]# net groupmap list System Operators (S-1-5-32-549) - -1 Replicators (S-1-5-32-552) - -1 Guests (S-1-5-32-546) - -1 Domain Guests (S-1-5-21-3168668608-3928139368-1822977481-514) - nobody Domain Admins (S-1-5-21-3168668608-3928139368-1822977481-512) - root Power Users (S-1-5-32-547) - -1 Print Operators (S-1-5-32-550) - -1 Administrators (S-1-5-32-544) - -1 Account Operators (S-1-5-32-548) - -1 Domain Power Users (S-1-5-21-3168668608-3928139368-1822977481-2081) - ntadmins Domain Users (S-1-5-21-3168668608-3928139368-1822977481-513) - users Backup Operators (S-1-5-32-551) - -1 Users (S-1-5-32-545) - -1 Andy -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] net groupmap / domain admins problem - Amazon prize
One last part that I noticed - the kicker - eventhough the the netlogon scripts run, if I create a new user, it won't let me log in. It's like the account passwords were cached and now it has taken away the domain admin rights. Andy -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Andrew Judge Sent: Thursday, January 08, 2004 9:14 AM To: John H Terpstra Cc: [EMAIL PROTECTED] Subject: RE: [Samba] net groupmap / domain admins problem - Amazon prize Also, my info is now - and it look like the last 3 digits are supposed to be different from the mmain part of the SID, but are not? Should I try to modify the domain '*' SIDs? [EMAIL PROTECTED] root]# net getlocalsid SID for domain FPICSRV is: S-1-5-21-1206063004-3966108128-1487570950 [EMAIL PROTECTED] root]# net groupmap list System Operators (S-1-5-32-549) - -1 Replicators (S-1-5-32-552) - -1 Guests (S-1-5-32-546) - -1 Domain Guests (S-1-5-21-3168668608-3928139368-1822977481-514) - nobody Domain Admins (S-1-5-21-3168668608-3928139368-1822977481-512) - root Power Users (S-1-5-32-547) - -1 Print Operators (S-1-5-32-550) - -1 Administrators (S-1-5-32-544) - -1 Account Operators (S-1-5-32-548) - -1 Domain Power Users (S-1-5-21-3168668608-3928139368-1822977481-2081) - ntadmins Domain Users (S-1-5-21-3168668608-3928139368-1822977481-513) - users Backup Operators (S-1-5-32-551) - -1 Users (S-1-5-32-545) - -1 Andy -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] net groupmap / domain admins problem - Amazon prize
samba-client-3.0.0-14.3E samba-3.0.0-14.3E samba-common-3.0.0-14.3E From RH En v.3 CD. Do you think that it wouold be better to upgrade? Andy -Original Message- From: John H Terpstra [mailto:[EMAIL PROTECTED] Sent: Thursday, January 08, 2004 10:44 AM To: Andrew Judge Cc: [EMAIL PROTECTED] Subject: RE: [Samba] net groupmap / domain admins problem - Amazon prize On Thu, 8 Jan 2004, Andrew Judge wrote: One last part that I noticed - the kicker - eventhough the the netlogon scripts run, if I create a new user, it won't let me log in. It's like the account passwords were cached and now it has taken away the domain admin rights. First, as I wrote in my last email, the Domain SID and that stored in the group_mapping.tdb database MUST be consistent. Second, what version of Samba are you running? If this is 3.0.1 please update to 3.0.2pre1. There is a fix in 3.0.2pre1 for a bug you may have tripped. - John T. Andy -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Andrew Judge Sent: Thursday, January 08, 2004 9:14 AM To: John H Terpstra Cc: [EMAIL PROTECTED] Subject: RE: [Samba] net groupmap / domain admins problem - Amazon prize Also, my info is now - and it look like the last 3 digits are supposed to be different from the mmain part of the SID, but are not? Should I try to modify the domain '*' SIDs? [EMAIL PROTECTED] root]# net getlocalsid SID for domain FPICSRV is: S-1-5-21-1206063004-3966108128-1487570950 [EMAIL PROTECTED] root]# net groupmap list System Operators (S-1-5-32-549) - -1 Replicators (S-1-5-32-552) - -1 Guests (S-1-5-32-546) - -1 Domain Guests (S-1-5-21-3168668608-3928139368-1822977481-514) - nobody Domain Admins (S-1-5-21-3168668608-3928139368-1822977481-512) - root Power Users (S-1-5-32-547) - -1 Print Operators (S-1-5-32-550) - -1 Administrators (S-1-5-32-544) - -1 Account Operators (S-1-5-32-548) - -1 Domain Power Users (S-1-5-21-3168668608-3928139368-1822977481-2081) - ntadmins Domain Users (S-1-5-21-3168668608-3928139368-1822977481-513) - users Backup Operators (S-1-5-32-551) - -1 Users (S-1-5-32-545) - -1 Andy -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] net groupmap / domain admins problem - Amazon prize
Nope - it makes it's own SIDs. To prove - it starts and ends with net getlocalsid. Here is the output since I tried it again: [EMAIL PROTECTED] root]# net getlocalsid SID for domain FPICSRV is: S-1-5-21-1206063004-3966108128-1487570950 [EMAIL PROTECTED] root]# service smb stop Shutting down SMB services:[ OK ] Shutting down NMB services:[ OK ] [EMAIL PROTECTED] root]# rm -f /var/cache/samba/group_mapping.tdb [EMAIL PROTECTED] root]# service smb start Starting SMB services: [ OK ] Starting NMB services: [ OK ] [EMAIL PROTECTED] root]# net groupmap list System Operators (S-1-5-32-549) - -1 Replicators (S-1-5-32-552) - -1 Guests (S-1-5-32-546) - -1 Domain Guests (S-1-5-21-3168668608-3928139368-1822977481-514) - -1 Domain Admins (S-1-5-21-3168668608-3928139368-1822977481-512) - -1 Power Users (S-1-5-32-547) - -1 Print Operators (S-1-5-32-550) - -1 Administrators (S-1-5-32-544) - -1 Account Operators (S-1-5-32-548) - -1 Domain Users (S-1-5-21-3168668608-3928139368-1822977481-513) - -1 Backup Operators (S-1-5-32-551) - -1 Users (S-1-5-32-545) - -1 [EMAIL PROTECTED] root]# net getlocalsid SID for domain FPICSRV is: S-1-5-21-1206063004-3966108128-1487570950 -Original Message- From: John H Terpstra [mailto:[EMAIL PROTECTED] Sent: Thursday, January 08, 2004 10:34 AM To: Andrew Judge Cc: Samba Subject: RE: [Samba] net groupmap / domain admins problem - Amazon prize On Thu, 8 Jan 2004, Andrew Judge wrote: Okay, I did all the below successfully. I actually had the old SID from the other PDC MACHINE.SID and net setlocalsid S-1-fdsfsd - so didn't modify the NTUSER.DAT files Still no luck with the admin rights. It will log into the domain and can see the domain groups and I can add them to local groups. It even uses the netlogon scripts. Do you need more info? I think we are close though. Andy, In the procedure I gave you rather specific steps. That was for a reason. Maybe I should have explained each stpe a lot more fully. Samba stores its Domain/Machine SID in the secrets.tdb file. When you deleted the group_mapping.tdb file and then restarted Samba, it re-created the group_mapping.tdb file with all the default accounts. When it did this, the default accounts were initialized with the SID that was in the secrets.tdb file. I am guessing that you changed the SID _AFTER_ restarting Samba. I was trying to get your SIDs uniform throughout with mimimum effort on your part. By resetting the Domain SID, you undid what I was trying to get you to rectify. Your Windows clients will be very confused by the inconsistent SIDs. What you did by resetting the SID would be expected to break everything again. I am guessing that by running: net getlocalsid your will now be able to confirm that the Samba Domain SID is the same as your original Domain SID. If you want this to work, you will have to repeat the steps I gave you though. Domain security will not work unless the SIDS are consistent. Cheers, John T. Andy -Original Message- From: John H Terpstra [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 07, 2004 11:42 PM To: Andrew Judge Cc: [EMAIL PROTECTED] Subject: Re: [Samba] net groupmap / domain admins problem - Amazon prize 1. Stop Samba 2. Delete the group_mapping.tdb file. 3. Restart Samba - the default Domain Groups will automatically be created if you are NOT using LDAP ldapsam. 4. Map your groups as follows: net groupmap modify ntgroup=Domain Users unixgroup=users net groupmap modify ntgroup=Domain Admins unixgroup=root net groupmap modify ntgroup=Domain Guests unixgroup=nobody Add any Domain Groups you may want. Do tie them to existing (manually created UNIX groups) eg: groupadd engineers net groupmap add ntgroup=Domain Engineers unixgroup=engineers type=d groupadd ntadmins net groupmap add ntgroup=Domain Power Users unixgroup=ntadmins type=d PS: If you have a problem with these commands email me, I'll help you. 5. Add all users who should have Domain Admin rights to the UNIX root group in /etc/group, like this: root:0::jht,jimbo,jack,jill 6. Add all users who should have Workstation Admin rights (Power Users) to the UNIX ntadmins group in /etc/group, like this: ntadmins:123::maryo,susant,billm 7. Verify that the groups are correctly mapped: net groupmap list. 8. Now: On every windows client machine add: a) Domain Admins to the Local Administrators Group b) Domain Power Users to the Local Power Users Group Now... I migrated from 2.2.3a to the above and I have all the tdb and I cahnged the SID to the last PDC. Anyway, how would I get the right SID? I have NTUSER.DAT files that I can run profiles against to read them. Would that help? You can use the Samba-3.0.x tools 'profiles' to reset the SID in the NTUSER.DAT files. To obtain
RE: [Samba] net groupmap / domain admins problem - Amazon prize
AH ha. John is the winner!!! I needed to delete the secrets.tdb file with the group_mapping.tdb John - email me off list and let me know how you want your gift certificate. Thanks for all your help. Andy -Original Message- From: John H Terpstra [mailto:[EMAIL PROTECTED] Sent: Thursday, January 08, 2004 12:09 PM To: Andrew Judge Cc: Samba Subject: RE: [Samba] net groupmap / domain admins problem - Amazon prize Andrew, You have something rather strange going on here. The following is the result of running these steps on my system: frodo:/etc/samba # net setlocalsid S-1-5-21-1206063004-3966108128-1487570950 frodo:/etc/samba # net getlocalsid SID for domain FRODO is: S-1-5-21-1206063004-3966108128-1487570950 frodo:/etc/samba # samba start Starting SAMBA nmbd : done cups on Waiting for cupsd to get ready done Starting SAMBA smbd : done Starting SAMBA winbind : done frodo:/etc/samba # net groupmap list System Operators (S-1-5-32-549) - -1 Replicators (S-1-5-32-552) - -1 Guests (S-1-5-32-546) - -1 Domain Admins (S-1-5-21-1206063004-3966108128-1487570950-512) - -1 Domain Guests (S-1-5-21-1206063004-3966108128-1487570950-514) - -1 Power Users (S-1-5-32-547) - -1 Print Operators (S-1-5-32-550) - -1 Administrators (S-1-5-32-544) - -1 Account Operators (S-1-5-32-548) - -1 Domain Users (S-1-5-21-1206063004-3966108128-1487570950-513) - -1 Backup Operators (S-1-5-32-551) - -1 Users (S-1-5-32-545) - -1 frodo:/etc/samba # net getlocalsid SID for domain FRODO is: S-1-5-21-1206063004-3966108128-1487570950 Note: The SIDs are consistent. I have been unable to reproduce the observations you have. Please would you email me your secrets.tdb file (off-line). i'd like to see if there is something weird in it. Other than that, please move your secrets.tdb file to a backup location. Make sure samba is NOT running when you do this. Then delete the group_mapping.tdb file, then restart Samba. Then check the value of the Domain SID from: net getlocalsid net groupmap list I'd like to help track this one down. Cheers, John T. On Thu, 8 Jan 2004, Andrew Judge wrote: Nope - it makes it's own SIDs. To prove - it starts and ends with net getlocalsid. Here is the output since I tried it again: [EMAIL PROTECTED] root]# net getlocalsid SID for domain FPICSRV is: S-1-5-21-1206063004-3966108128-1487570950 [EMAIL PROTECTED] root]# service smb stop Shutting down SMB services:[ OK ] Shutting down NMB services:[ OK ] [EMAIL PROTECTED] root]# rm -f /var/cache/samba/group_mapping.tdb [EMAIL PROTECTED] root]# service smb start Starting SMB services: [ OK ] Starting NMB services: [ OK ] [EMAIL PROTECTED] root]# net groupmap list System Operators (S-1-5-32-549) - -1 Replicators (S-1-5-32-552) - -1 Guests (S-1-5-32-546) - -1 Domain Guests (S-1-5-21-3168668608-3928139368-1822977481-514) - -1 Domain Admins (S-1-5-21-3168668608-3928139368-1822977481-512) - -1 Power Users (S-1-5-32-547) - -1 Print Operators (S-1-5-32-550) - -1 Administrators (S-1-5-32-544) - -1 Account Operators (S-1-5-32-548) - -1 Domain Users (S-1-5-21-3168668608-3928139368-1822977481-513) - -1 Backup Operators (S-1-5-32-551) - -1 Users (S-1-5-32-545) - -1 [EMAIL PROTECTED] root]# net getlocalsid SID for domain FPICSRV is: S-1-5-21-1206063004-3966108128-1487570950 -Original Message- From: John H Terpstra [mailto:[EMAIL PROTECTED] Sent: Thursday, January 08, 2004 10:34 AM To: Andrew Judge Cc: Samba Subject: RE: [Samba] net groupmap / domain admins problem - Amazon prize On Thu, 8 Jan 2004, Andrew Judge wrote: Okay, I did all the below successfully. I actually had the old SID from the other PDC MACHINE.SID and net setlocalsid S-1-fdsfsd - so didn't modify the NTUSER.DAT files Still no luck with the admin rights. It will log into the domain and can see the domain groups and I can add them to local groups. It even uses the netlogon scripts. Do you need more info? I think we are close though. Andy, In the procedure I gave you rather specific steps. That was for a reason. Maybe I should have explained each stpe a lot more fully. Samba stores its Domain/Machine SID in the secrets.tdb file. When you deleted the group_mapping.tdb file and then restarted Samba, it re-created the group_mapping.tdb file with all the default accounts. When it did this, the default accounts were initialized with the SID that was in the secrets.tdb file. I am guessing that you changed the SID _AFTER_ restarting Samba. I was trying to get your SIDs uniform throughout with mimimum effort on your part. By resetting the Domain SID, you undid what I was trying to get you to rectify. Your Windows clients will be very confused by the inconsistent SIDs. What you did by resetting the SID would be expected to break everything again. I am guessing
RE: [Samba] upgrade from 2.2.x to 3.0.0
Yeah, I actually did that. Now the really sucky part - the people with domain admin rights before no longer have them. So.. things like quickbooks no longer work on their machines. And... you can't see the friging domain users - probably as a result of not having the same SID on the machine. Anyone know how to test this? Andy -Original Message- From: Andrew Gaffney [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 06, 2004 12:17 PM To: Andrew Judge Cc: [EMAIL PROTECTED] Subject: Re: [Samba] upgrade from 2.2.x to 3.0.0 Andrew Judge wrote: I upgraded (a side by side migration) from RH 7.3 to RH EN v.3 and one of the packages was samba acting as a PDC. Was working beautifully, but now some XP machines don't see the new server at login. Password are cached so not a huge problem. One machine didn't cache the password. I deleted the machine account from the samba PDC, put it into a workgroup. I then tried to add it to the domain and I get can not find user as root. root is there and valid. When I use a bad password for root, it says that I am using a bad password - so it sees the user? Nothing unusual in the logs and event viewer. I migrated by: 1. copying passwd, shadow, group 2. copying smbpasswd 3. creating the ntadmin group 4. modifying the smb.conf file I ran into this same problem. There is one more thing you need to do: net groupmap modify ntgroup=Domain Admins unixgroup=ntadmin -- Andrew Gaffney System Administrator Skyline Aeronautics, LLC. 776 North Bell Avenue Chesterfield, MO 63005 636-357-1548 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] step by step migration guide?
Does anyone know where I can find a step by step migration guide for side by side servers from 2.2 to 3.0? The guide in the docs is more of what's new and what's depreciated and doesn't help much. Andy -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] net groupmap / domain admins problem - Amazon prize
I think that most of my problems are somewhat resolved except for this last one. I can not get domain admin rights to the ntadmins users. I get the following output for groupmaps: [EMAIL PROTECTED] i386]# net groupmap list System Operators (S-1-5-32-549) - -1 Replicators (S-1-5-32-552) - -1 Guests (S-1-5-32-546) - -1 Domain Users (S-1-5-21-4130613172-3879250231-1853402206-513) - users Domain Guests (S-1-5-21-3168668608-3928139368-1822977481-514) - -1 Domain Admins (S-1-5-21-3168668608-3928139368-1822977481-512) - -1 Domain Guests (S-1-5-21-1206063004-3966108128-1487570950-514) - -1 Power Users (S-1-5-32-547) - -1 Print Operators (S-1-5-32-550) - -1 Administrators (S-1-5-32-544) - -1 Account Operators (S-1-5-32-548) - -1 Domain Admins (S-1-5-21-4130613172-3879250231-1853402206-512) - ntadmins Domain Users (S-1-5-21-1206063004-3966108128-1487570950-513) - -1 Domain Users (S-1-5-21-3168668608-3928139368-1822977481-513) - -1 Domain Guests (S-1-5-21-4130613172-3879250231-1853402206-514) - -1 Backup Operators (S-1-5-32-551) - -1 Users (S-1-5-32-545) - -1 Obviously there is a problem with the domain '*' SID because there are duplicates. Any idea how to correct this problem and get the users logged in with admin rights. I have RH EN v.3 and samba 3.0.0-14.3E from RH. I can see the users from the samba server and the users can log in, but no rights. Big problem. Now... I migrated from 2.2.3a to the above and I have all the tdb and I cahnged the SID to the last PDC. Anyway, how would I get the right SID? I have NTUSER.DAT files that I can run profiles against to read them. Would that help? First one that can point me in the right direction to get this resolved - I'll buy them a amazon gift cert for $50. Beats going bald from pulling out my hair. Andy Judge -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] upgrade from 2.2.x to 3.0.0
I upgraded (a side by side migration) from RH 7.3 to RH EN v.3 and one of the packages was samba acting as a PDC. Was working beautifully, but now some XP machines don't see the new server at login. Password are cached so not a huge problem. One machine didn't cache the password. I deleted the machine account from the samba PDC, put it into a workgroup. I then tried to add it to the domain and I get can not find user as root. root is there and valid. When I use a bad password for root, it says that I am using a bad password - so it sees the user? Nothing unusual in the logs and event viewer. I migrated by: 1. copying passwd, shadow, group 2. copying smbpasswd 3. creating the ntadmin group 4. modifying the smb.conf file my smb.conf (testparm)looks like [EMAIL PROTECTED] profile]# testparm Load smb config files from /etc/samba/smb.conf Processing section [homes] Processing section [netlogon] Processing section [printers] Processing section [general] Processing section [reports] Processing section [accounting] Processing section [executive] Loaded services file OK. Server role: ROLE_DOMAIN_PDC Press enter to see a dump of your service definitions # Global parameters [global] workgroup = FPIC netbios name = FPICSRV server string = Linux Server log file = /var/log/samba/%m.log max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 add user script = /usr/sbin/useradd -d /dev/null -g machines -c machine account -s /bin/false -M %u logon script = %U.bat logon drive = h: domain logons = Yes os level = 64 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes [homes] comment = Home Directories read only = No create mask = 0664 directory mask = 0775 browseable = No [netlogon] comment = Network Logon Service path = /home/netlogon write list = root guest ok = Yes share modes = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [general] comment = General public file space path = /var/share/general read only = No force create mode = 0666 guest ok = Yes [reports] comment = Report drive path = /var/share/reports read only = No force create mode = 0644 guest ok = Yes [accounting] comment = Accounting path = /var/share/accounting valid users = @accounting write list = @accounting force group = accounting read only = No create mask = 0660 directory mask = 02770 [executive] comment = Executive path = /var/share/executive valid users = @executive write list = @executive force group = executive read only = No create mask = 0660 directory mask = 02770 Andy Judge -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] secrets.tdb problem!!!
So I think that my original post of upgrading samba pdc is related to secrets.tdb. I did not copy from the old to the new. So... I still have the secrets.tdb from the original 2.2 pdc - how would I apply that to the new 3.0.0 PDC? Any help much appreciated. And, if it didn't help, how would I revert? Andy Judge -Original Message- From: Andrew Gaffney [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 06, 2004 12:17 PM To: Andrew Judge Cc: [EMAIL PROTECTED] Subject: Re: [Samba] upgrade from 2.2.x to 3.0.0 Andrew Judge wrote: I upgraded (a side by side migration) from RH 7.3 to RH EN v.3 and one of the packages was samba acting as a PDC. Was working beautifully, but now some XP machines don't see the new server at login. Password are cached so not a huge problem. One machine didn't cache the password. I deleted the machine account from the samba PDC, put it into a workgroup. I then tried to add it to the domain and I get can not find user as root. root is there and valid. When I use a bad password for root, it says that I am using a bad password - so it sees the user? Nothing unusual in the logs and event viewer. I migrated by: 1. copying passwd, shadow, group 2. copying smbpasswd 3. creating the ntadmin group 4. modifying the smb.conf file I ran into this same problem. There is one more thing you need to do: net groupmap modify ntgroup=Domain Admins unixgroup=ntadmin -- Andrew Gaffney System Administrator Skyline Aeronautics, LLC. 776 North Bell Avenue Chesterfield, MO 63005 636-357-1548 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: Internet goes down. Samba dies
What is your smb domain? Does testparm spit out errors? I went to a place once where this happened and it was because the admin had mydomain.com as a windows domain as well as a host of other mistakes. Best regards, Andrew Judge -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] multiple samba machines and accounts
What is the best way to add an additional samba server to a samba PDC network? Can I use winbind to populate the unix passwd file or should I use NIS and then security = domain? There are only two samba machines here and I need to get the accounts right on the unix and smb side. Any help much appreciated. Looking to do this right from the beginning. Best regards, Andrew Judge -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
