Re: [Samba] Upgrading Samba-LDAP
John Drescher wrote: I am looking to upgrade my Samba server to Samba 3.5.x from Samba 3.0.20 and openldap from 2.2.13 to 2.3.43. Is there anyway to do this and still keep my current domain intact? The interest in upgrading is so that we can suppport Win 7 systems. Of course you can keep your current domain intact. Do you have more than 1 ldap server? I highly recommend that. John Is it really as simple as just migrating my ldap data over to another ldap version on a server with a new release of Samba and changing the local sids? I may have gotten confused when reading something in the upgrade from 3.0.x to the 3.0.23 version in the documentation. (old documentation) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Upgrading Samba-LDAP
I am looking to upgrade my Samba server to Samba 3.5.x from Samba 3.0.20 and openldap from 2.2.13 to 2.3.43. Is there anyway to do this and still keep my current domain intact? The interest in upgrading is so that we can suppport Win 7 systems. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ldap ssl = off ??
* * ldap ssl = off In the how to for setting up samba-ldap http://www.howtoforge.com/centos-5.x-samba-domain-controller-with-ldap-backend-p2 * * the author writes that you need ldap ssl = off* *for samba 3.x am I interpreting this incorrectly? I interpreted 'ldap ssl = off' as being that the communication from the samba server to ldap server was not encrypted or not using tls and has nothing to do with the communication with client computers in the domain. Is this a change in the 3.x versions which requires that you explicitly state you are not using ssl/tls. * * -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [SAMBA] Problem connecting Computer to network
Yep, I had a problem with ldap.conf
I had checked that 3 times, I found a problem yesterday, but didn't see
that there was an error in my suffix for rootdn
getent passwd worked
and entering the computer into the domain worked.
Thank you very much
That's one of the bad things about linux, is you set it up and it works for
8 years and then do it again and you've forgotten all the nuances.
Well this really wasn't a nuance, more like suffering from config blindness.
Thanks
On Fri, Jul 30, 2010 at 3:05 PM, Gaiseric Vandal
wrote:
> I am fairly certain that the underlying OS will need to see the samba
> account with the "getent" command. We use ldap for unix level
> authentication anyway so I am not 100% sure this is true.
>
>
> Check /etc/nsswitch.conf
>
> passwd: files ldap
> shadow: files ldap
> group: files ldap
>
>
> Also check /etc/ldap.conf and /etc/openldap/ldap.conf (assuming you are on
> linux and not solaris.)
>
>
>
>
>
>
> On 07/30/2010 03:09 PM, Clark Johnston wrote:
>
> I reexamined the slapcat output and it did create iet013c$ account in LDAP,
> but getent passwd isn't showing it.
>
> When I look at a previous installation of a Samba LDAP PDC I do not see
> the accounts in /etc/passwd , but I do see them when I put in getent passwd.
>
> dn: uid=iet013c$,ou=Computers,dc=internaltest
> objectClass: top
> objectClass: account
> objectClass: posixAccount
> cn: iet013c$
> uid: iet013c$
> uidNumber: 1001
> gidNumber: 515
> homeDirectory: /dev/null
> loginShell: /bin/false
> description: Computer
> gecos: Computer
> structuralObjectClass: account
> entryUUID: e73c4f2e-2ee7-102f-8017-31ff3607ac6d
> creatorsName: cn=Manager,dc=internaltest
> createTimestamp: 20100728230213Z
> entryCSN: 20100728230213Z#01#00#00
> modifiersName: cn=Manager,dc=internaltest
> modifyTimestamp: 20100728230213Z
>
> So I am not quite sure what is going on here.
>
>
> On Thu, Jul 29, 2010 at 4:44 PM, Gaiseric Vandal <
> gaiseric.van...@gmail.com> wrote:
>
>> When you try to join a computer to the network, you mean you are trying to
>> join a Windows PC (e.g. XP Pro) to the domain? Or you are trying to join
>> the PDC machine to the domain?
>>
>>
>> I would guess you need to manually create the PDC's unix account, even if
>> samba is going to create the other unix accounts for you. (I don't have
>> samba do this myself.) Does "getent passwd" show the accounts for your PDC
>> and other computers? If you manually create the unix account for a
>> computer, is it able to join the domain?
>>
>>
>>
>>
>>
>> On 07/29/2010 11:10 AM, Clark Johnston wrote:
>>
>>> I am trying to attempt to set up a samba ldap PDC server.
>>>
>>> When I try and connect a computer to the network I get error 'Username
>>> could
>>> not be found'
>>>
>>> I have included smbldap.conf ##smbldap.conf
>>> slapd.conf ##slapd.conf
>>> the smb.conf ##smb.conf
>>> the results of slapcat ##slapcat
>>> the eriror log for log.roor ##log.root
>>>
>>>
>>>
>>> The error I marked as interesting ##interesting , shows that it can't
>>> create
>>> the user or maybe something else. But up until that time there didn't
>>> seem
>>> to be a problem.
>>>
>>> ##smbldap.conf
>>> SID="S-1-5-21-2244683438-1300233924-2635510394"
>>> sambaDomain="internaltest"
>>> slaveLDAP="127.0.0.1"
>>> slavePort="389"
>>> masterLDAP="127.0.0.1"
>>> masterPort="389"
>>> ldapTLS="0"
>>> ldapSSL="0"
>>> verify="none"
>>> cafile="/etc/smbldap-tools/ca.pem"
>>> clientcert="/etc/smbldap-tools/smbldap-tools.iallanis.info.pem"
>>> clientkey="/etc/smbldap-tools/smbldap-tools.iallanis.info.key"
>>> suffix="dc=internaltest"
>>> usersdn="ou=Users,${suffix}"
>>> computersdn="ou=Computers,${suffix}"
>>> groupsdn="ou=Groups,${suffix}"
>>> idmapdn="ou=Idmap,${suffix}"
>>> sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"
>>> scope="sub"
>>> hash_encrypt="SSHA"
>>> crypt_salt_format="%s"
>>> userLoginShell="/bin/bash"
>>> userHome="/home/%U"
>>> userHomeDirectoryMode="700"
>>> userGec
[Samba] [SAMBA] Problem connecting Computer to network
I am trying to attempt to set up a samba ldap PDC server.
When I try and connect a computer to the network I get error 'Username could
not be found'
I have included smbldap.conf ##smbldap.conf
slapd.conf ##slapd.conf
the smb.conf ##smb.conf
the results of slapcat ##slapcat
the eriror log for log.roor ##log.root
The error I marked as interesting ##interesting , shows that it can't create
the user or maybe something else. But up until that time there didn't seem
to be a problem.
##smbldap.conf
SID="S-1-5-21-2244683438-1300233924-2635510394"
sambaDomain="internaltest"
slaveLDAP="127.0.0.1"
slavePort="389"
masterLDAP="127.0.0.1"
masterPort="389"
ldapTLS="0"
ldapSSL="0"
verify="none"
cafile="/etc/smbldap-tools/ca.pem"
clientcert="/etc/smbldap-tools/smbldap-tools.iallanis.info.pem"
clientkey="/etc/smbldap-tools/smbldap-tools.iallanis.info.key"
suffix="dc=internaltest"
usersdn="ou=Users,${suffix}"
computersdn="ou=Computers,${suffix}"
groupsdn="ou=Groups,${suffix}"
idmapdn="ou=Idmap,${suffix}"
sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"
scope="sub"
hash_encrypt="SSHA"
crypt_salt_format="%s"
userLoginShell="/bin/bash"
userHome="/home/%U"
userHomeDirectoryMode="700"
userGecos="System User"
defaultUserGid="513"
defaultComputerGid="515"
skeletonDir="/etc/skel"
defaultMaxPasswordAge="45"
userSmbHome="\\PDC-TEST2\%U"
userProfile="\\PDC-TEST2\profiles\%U"
userHomeDrive="H:"
userScript="logon.bat"
mailDomain="internaltest.com"
with_smbpasswd="0"
smbpasswd="/usr/bin/smbpasswd"
with_slappasswd="0"
slappasswd="/usr/sbin/slappasswd"
##slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba3.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
database bdb
suffix "dc=internaltest"
rootdn "cn=Manager,dc=internaltest"
rootpw {SSHA}a7kYChHl9wXQKkJJYJ+JRLi/4EE2PH+B
password-hash {SSHA}
directory /var/lib/ldap
index cn,sn,uid,displayName pres,sub,eq
index uidNumber,gidNumber eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index objectClass pres,eq
index default sub
##smb.conf
# Global parameters
[global]
workgroup = internaltest
netbios name = PDC-TEST2
#security = DOMAIN
enable privileges = yes
#interfaces = 192.168.5.11
#username map = /etc/samba/smbusers
server string = Samba Server %v
#security = ads
encrypt passwords = Yes
#min passwd length = 3
#pam password change = no
#obey pam restrictions = No
# method 1:
unix password sync = no
ldap passwd sync = yes
# method 2:
#unix password sync = no
#ldap passwd sync = no
passwd program = /usr/sbin/smbldap-passwd -u "%u"
passwd chat = "Changing *\nNew password*" %n\n "*Retype new
password*" %n\n"
log level = 3
syslog = 0
log file = /var/log/samba/log.%U
max log size = 10
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
SO_KEEPALIVE
mangling method = hash2
Dos charset = 850
Unix charset = ISO8859-1
logon script = logon.bat
logon drive = H:
logon home =
logon path =
domain logons = Yes
domain master = Yes
os level = 65
preferred master = Yes
wins support = yes
# passdb backend = ldapsam:"ldap://ldap1.company.com ldap://
ldap2.company.com"
passdb backend = ldapsam:ldap://127.0.0.1
ldap admin dn = cn=Manager,dc=internaltest
idmap backend = ldap:ldap://127.0.0.1
idmap uid = 1-2
idmap gid = 1-2
winbind trusted domains only = Yes
ldap admin dn = cn=Manager,dc=internaltest
ldap suffix = dc=internaltest
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Idmap
add user script = /usr/sbin/smbldap-useradd -m "%u"
#ldap delete dn = Yes
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
#delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u"
"%g"
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
# printers configuration
#printer admin = @"Print Operators"
load printers = Yes
create mask = 0640
directory mask = 0750
#force create mode = 0640
#force directory mode = 0750
ldap ssl = off
nt acl support = yes
printing =
[Samba] recycle touch error
I have setup the recycle with touch and when I examine the log files I see smbd_audit: recycle: touching /SHARE/.recycle/testuser/Manufacturing/History/5030A750 failed, reason = Operation not permitted I have not seen any related issues in the logs as to why this is not working. Hoping someone here might know what's going on and can point me in the right direction. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem with Snow Leopard and Samba
On Wed, Dec 16, 2009 at 2:06 PM, Mike Eggleston wrote: > On Wed, 16 Dec 2009, Clark Johnston might have said: > > > We have a user who purchased a Mac Book Pro with OSX 10.6.2. > > Everyday he has a problem with one or another Samba Server. One day it's > > FileShare1 , the next day it's ProductionData Server. > > I use Windows and Linux and neither has a problem connecting to these > > servers. He has XP in VMWare Fusion and that works fine. But about > every > > other day he comes and says some server won't allow him to connect. > > Sometimes a reboot will fix the problem. > > We are using Samba PDC with LDAP backend and these are member servers he > is > > logging into. > > Today he is getting an error that the login is incorrect on one Member > > Server, yesterday he would log into a server and it would hang about 3 > deep > > into a directory tree and require reboot of the system. > > Eventually that error just seemed to go away. > > Anyone know of some glitch or issue with software on OSX 10.6.2? > > I am not familiar with MACs and didn't think that there would be an > issue, > > but thought someone out here may know of a quirk or something that would > > cause this type of problem and how to resolve it. > > > > Thanks, > > > > P.S. Are Snow Leopards an endangered species? Do I need a license to > shoot > > a Mac Book Pro? :) > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > I have seen issues with Microsoft Office for the Mac trying to connect to > shares of the same name on multiple servers. The Microsoft applications > gets confused. > > - $server1 > - ProductionData > - $server2 > - ProductionData > > My user could not open for writing, and other permission errors, an > Excel file on one of the shares because the shares have the same name. > > Mike > Thanks for the info But I haven't even gotten to that problem yet. :) Oh joy the day. This is just simply connecting to different named shares on differently named servers. Maybe I need some tutoring on a Mac also, anyone have any book recommendations. This one computer seems to be taking up about 10% of my time in the last 2 weeks. I'd be looking for information on log files and other such troubleshooting help. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem with Snow Leopard and Samba
We have a user who purchased a Mac Book Pro with OSX 10.6.2. Everyday he has a problem with one or another Samba Server. One day it's FileShare1 , the next day it's ProductionData Server. I use Windows and Linux and neither has a problem connecting to these servers. He has XP in VMWare Fusion and that works fine. But about every other day he comes and says some server won't allow him to connect. Sometimes a reboot will fix the problem. We are using Samba PDC with LDAP backend and these are member servers he is logging into. Today he is getting an error that the login is incorrect on one Member Server, yesterday he would log into a server and it would hang about 3 deep into a directory tree and require reboot of the system. Eventually that error just seemed to go away. Anyone know of some glitch or issue with software on OSX 10.6.2? I am not familiar with MACs and didn't think that there would be an issue, but thought someone out here may know of a quirk or something that would cause this type of problem and how to resolve it. Thanks, P.S. Are Snow Leopards an endangered species? Do I need a license to shoot a Mac Book Pro? :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Gotten getent to work but uid off by 1
I have gotten getent to work, but now the uid for files are off by one and some of the gid are off by 4 to 24. So if I copy from one system to another the file ownerships get changed all up. Any work around for this? idmap uid = 1-2 idmap gid = 1-2 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Another getent problem
Thanks that solved the problem. I wonder when this got changed. The original smb.conf was copied from another system and modified for the new server. So somewhere between 3.0.10 and 3.0.28 The change was made. I never saw this in the latest HOW-TO either. Thanks maybe later today or tomorrow I would have thrown the kitchen sink at this and finally found the problem, so thanks for saving me a bunch of time. On Tue, Oct 7, 2008 at 12:02 PM, Gerald (Jerry) Carter <[EMAIL PROTECTED]>wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Clark Johnston wrote: > > I have set up a system to be a member server and installed the samba > > rpms. I then copied over the samba config file and changed it to > > reflect the new shares and name change. I ran 'net rpc join - > > UAdministrator%'secret' and I was able to join the domain. > > Started up smb and then winbind > > wbinfo -u > > and I can see the users in the domain > > getent passwd > > shows nothing but the users in /etc/passwd > > "By default, "winbind enum users" and "winbind enum groups" > are both disabled. See the smb.conf (5) man page for details. > > > > > cheers, jerry > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.6 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFI65YdIR7qMdg1EfYRApzXAJ91TZwLOdYDymgBSwlA1LmSKe3nqwCgqVST > QeGBhOk1090EWWs4HSVL0ns= > =R/kW > -END PGP SIGNATURE- > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Another getent problem
I have set up a system to be a member server and installed the samba rpms. I then copied over the samba config file and changed it to reflect the new shares and name change. I ran 'net rpc join - UAdministrator%'secret' and I was able to join the domain. Started up smb and then winbind wbinfo -u and I can see the users in the domain getent passwd shows nothing but the users in /etc/passwd checked nsswitch.conf and the following lines are there passwd: files winbind shadow: files group: files winbind I have the following links /lib/libnss_winbind.so /lib/libnss_winbind.so.2 /lib64/libnss_winbind.so /lib64/libnss_winbind.so.2 /usr/lib/libnss_winbind.so /usr/lib/libnss_winbind.so.2 /usr/lib64/libnss_winbind.so /usr/lib64/libnss_winbind.so.2 /usr/lib64/nss/libnss_winbind.so /usr/lib64/nss/libnss_winbind.so.2 when running ldconfig /lib64/libnss_winbind.so.2 is pulled. Tried deleting the cache files winbindd_cache.tdb winbindd_idmap.tdb and restarting smb and winbind The only error I'm finding is Oct 6 18:04:45 localhost winbindd[3914]: cli_rpc_pipe_open_ntlmssp_internal: cli_rpc_pipe_bind failed with error NT_STATUS_NETWORK_ACCESS_DENIED samba-common-3.0.28-0.el5.8 samba-3.0.28-0.el5.8 samba-client-3.0.28-0.el5.8 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
