Re: [Samba] Samba Server Under Microsoft Windows Network
On 2/3/13, Fabian von Romberg fromberg...@hotmail.com wrote: Im running a samba4 server. When I logged onto the server from a XP Machine and then I go to My Network Places - Microsoft Windows Network - Mydomain my samba4 server is not listed. It's well known and documented limitation of current samba. What could be the reason? Should I set up anything on my XP machine? I know workaround: 1) Use windows or samba3 (or samba4 configured as classic server) boxes to serve as netbios browsers. Set os level=1 in your smb.conf, this sh'ld be enough. 2) Start on your samba4 AD server nmbd from any 3.* series. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] generate keytab
Please! Don't write into private mail. Thanks. $ Samba-tool user create http-user --random-password $ Samba-tool spn add HTTP/www.nisled.org http-user Okay, you've got user http-user with principals http-u...@nisled.org and HTTP/www.nisled@nisled.org. $ Samba-tool domain exportkeytab --principal=HTTP/www.nisled.org http.keytab Here you export _only_ HTTP/www.nisled@nisled.org. $ kinit -k -t http.keytab http-user kinit: Key table entry not found while getting initial credentials Of cause, because you didn't export it. Can anyone help me? Export http-u...@nisled.org too. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ACL on GPO directory does not match expected value from GPO object. AGAIN.
On 1/10/13, Alex Matthews qoole.sa...@lillimoth.com wrote: Comparing the two ACLs O:LAG:DUD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) O:DAG:DUD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) The only difference I can see is the 'DAG' vs 'LAG' at the beginning (Directory ACL vs File ACL?) Take a look here: https://bugzilla.samba.org/show_bug.cgi?id=9483 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Slow winbind lookups
On 1/10/13, Alex Matthews qoole.sa...@lillimoth.com wrote: wbinfo -u takes a long time to return a list of users I guess that if you attach output of strace wbinfo -u or may be even strace -f wbinfo -u you'll find assistance faster :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4.0.0 - Browseable option don't work
On 1/7/13, Bruno Pereira bpere...@ipbrick.com wrote: I configured some shares with the option browseable = No but this share still browseable. server services = ... smb I guess the reason is the ntvfs. Try s3fs. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba AD DC migration and official packages
On 12/28/12, Federico Alberto Sayd fs...@uncu.edu.ar wrote: Release version is in experimental. You can backport it for testing (it's very easy). I do the same but with package files changed a bit to include smbd. It sounds very interesting. Did you just rebuild the packages to use smbd instead of ntvfs? No, if you want to include smbd you should edit several files from debian.tar.gz. I put smbd into samba4 package (like Zentyal does) but this is the bad way. If you want I can put my debian.tar.gz somewhere. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba AD DC migration and official packages
On 12/27/12, Federico Alberto Sayd fs...@uncu.edu.ar wrote: Now I want to migrate my real installation to Samba4 but my question is about packaging. For now there is not a v4.0 stable Samba package in Debian Wheezy, and I don't want install a rc version. Release version is in experimental. You can backport it for testing (it's very easy). I do the same but with package files changed a bit to include smbd. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [Samba4] Is VFS working in Samba 4.0.0?
On 12/21/12, Kaito Kumashiro kumashiro.ka...@gmail.com wrote: server services = smb, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate, dns You are using ntvfs, use s3fs. server services = -smb +s3fs dcerpc endpoint servers = -winreg -srvsvc see https://wiki.samba.org/index.php/Samba4/s3fs -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] generate keytab
On 12/20/12, Clodonil Trigo clodo...@nisled.org wrote: $ samba-tool user add proxy-user $ samba-tool user setexpiry proxy-user -noexpiry $ samba-tool spn add http/proxy-user proxy.nisled.org Find the difference: samba-tool spn add http/proxy.nisled.org proxy-user $ samba-tool domain exportkeytab /etc/proxy.keytab --principal=http/ proxy.nisled.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] incorrect gpo acl after sysvolreset (rc6)
I'm running rc6, but it's not a clean installation, it's samba3
upgraded to 4.0 in ages of beta2.
samba-tool ntacl sysvolcheck dies with message about incorrect acl on
gpo, but that acl is set by sysvolreset.
lobus@sirius-a:~$ sudo samba-tool ntacl sysvolcheck
ERROR(class 'samba.provision.ProvisioningError'): uncaught exception
- ProvisioningError: DB ACL on GPO directory
/var/lib/samba/sysvol/shch8.brnv.rw/Policies/{6AC1786C-016F-11D2-945F-00C04FB984F9}
O:LAG:DUD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)
does not match expected value
O:DAG:DUD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)
from GPO object
File /usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py,
line 175, in _run
return self.run(*args, **kwargs)
File /usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py, line
245, in run
lp)
File /usr/lib/python2.7/dist-packages/samba/provision/__init__.py,
line 1576, in checksysvolacl
direct_db_access)
File /usr/lib/python2.7/dist-packages/samba/provision/__init__.py,
line 1527, in check_gpos_acl
domainsid, direct_db_access)
File /usr/lib/python2.7/dist-packages/samba/provision/__init__.py,
line 1477, in check_dir_acl
raise ProvisioningError('%s ACL on GPO directory %s %s does not
match expected value %s from GPO object' %
(acl_type(direct_db_access), path, fsacl_sddl, acl))
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind - samba4
On 12/5/12, Clodonil Trigo clodo...@nisled.org wrote: The pipe is in /usr/local/samba/var/run/winbindd. The winbind this working because the wbinfo returns successfully. I think that is something between the centos and the lib's winbind. Yep, I wasn't correct: in Debian one can have the opposite issue -- working nss but not wbinfo. Sorry :( -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind - samba4
On 12/4/12, Clodonil Trigo clodo...@nisled.org wrote: I did not think the process of winbind, I believe it is internal to samba. There is no separate winbindd process in samba4. There are several *.so providing this service. I did several test before migrating to the samba3 Samba4 and had success in all cases. More time to make real the problem gave winbind. But have you tried? What line you changed in smb.conf? I'm still using bind mount :) But option you need is winbindd socket directory. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind - samba4
On 12/3/12, Clodonil Trigo clodo...@nisled.org wrote: I am using centos 6.3 and did the migration from samba3 to Samba4. More the getent passwd does not return users. I made the link: ln-s /usr/local/samba/lib/libnss_winbind.so.2 / lib/libnss_winbind.so ln-s /lib/libnss_winbind.so /lib/libnss_winbind.so.2 I had similar problem but with Debian package, so I'm not sure that I'll help you (debian samba4 package is rather interesting thing) but in my case the problem was that libnss_winbind expects socket to be in /tmp/.winbind/ (or .winbindd? Check with strings.) while winbind component stores it in /var/run/samba4/winbind/ (I don't know the correct path for your case). Try to make bind mount of socket directory or set correct path in smb.conf. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 - Bind Config with DHCP
On 11/23/12, Joubert, Dawie dawie.joub...@rhdhv.com wrote: My question is thus: How can I make Samba4 update the DNS entries and allow DHCP to update the entries? Somebody should add this link to howto :) http://blog.michael.kuron-germany.de/2011/02/isc-dhcpd-dynamic-dns-updates-against-secure-microsoft-dns/ Secondly, is this even necessry with the AD type domain? dunno -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] S4 Bind vs Internal DNS
On 11/26/12, Thomas Simmons twsn...@gmail.com wrote: What are the benefits of using BIND instead of Samba's internal DNS server? You can use additional resource types like SPF or SSHFP. You can use different views for different clients. It's much easier to update zone using good old shared key than using wrapper (isc dhcpd knows nothing about kerberos). Bind is known to *x admins and it's rather stable, samba's internal dns is new and possibly buggy :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] about samba 4 rc2
On 10/12/12, Amaury Viera Hernández avhernan...@uci.cu wrote: Hello, I'm testing samba 4 rc2. i can not find the file /usr/local/samba/private/named.conf Did you choose a type of DNS implementation? RC2 uses internal by default, see https://ftp.samba.org/pub/samba/rc/WHATSNEW-4-0-0rc2.txt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] reverse dns zone managed by samba4
On 9/13/12, Kai Blin k...@samba.org wrote: While it's possible to create reverse zone in samba4 directory, it's impossible to update it the same way as forward zone. Why? How did you create the zone, how did you try to update it, and what exactly happens? I've found the problem. My order of actions was: 1) add grant entry into named.conf.update.static which allows update of PTR 1a) wait until new named.conf.update appear 2) add reverse zone using w2k3 tools 3) try to add PTR using `nsupdate -g` (NOTAUTH) Logs says that problem not in samba_dlz but in bind itself. With additional step 2a) /etc/init.d/bind reload update will succeed. May bind sh'ld be reloaded by samba itself on new zone addition. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ntlm_auth returns nothing (4.0beta8)
ntlm_auth from samba 3.6: # /usr/local/bin/ntlm_auth --domain=DOMAIN --username=USER --password=PASSWORD Ignoring unknown parameter server role Ignoring unknown parameter server services Ignoring unknown parameter dcerpc endpoint servers NT_STATUS_OK: Success (0x0) ntlm_auth from samba 4.0-beta8: # /usr/bin/ntlm_auth --domain=DOMAIN --username=USER --password=PASSWORD /usr/bin/ntlm_auth: /usr/lib/i386-linux-gnu/libwbclient.so.0: no version information available (required by /usr/lib/i386-linux-gnu/samba/libauth4.so) No useful output and result code is always 0. Message about version isn't related to problem, it's because libwbclient is from samba 3.6, but with native result is the same. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [Announce] Samba 4.0.0rc1 Available for Download
On 9/13/12, steve st...@steve-ss.com wrote: Thanks for that but I can't reporovision. Who can? I have 150 linux, xp and w7 clients to support. I simply cannot start from bare metal. To be able to do that I would have to have a reliable backup. Evidently neither the backup scripts in samba-master nor rsync can do that at the moment. (secretly hopes someone can confirm otherwise) Steve, you sh'ld read the original letter better :) If you used the BIND9_FLATFILE or BIND9_DLZ features, you'll have to add '-dns' to the 'server services' option, as the internal dns server (SAMBA_INTERNAL) is the default now. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] syntax of samba-tool to deal with SRV DNS record
On 9/11/12, Alain Foucher a.fouc...@cht.nc wrote: I tried to use the quotes around the data but i got another error message ERROR: Data requires 4 elements - server, port, priority, weight any Idea I suppose you use them incorrectly :) Compare with my yesterday's experiments: samba-tool dns add pdc-srv.my.domain. my.domain _kerberos-adm._tcp SRV 'pdc-srv.my.domain. 88 100 0' samba-tool dns update pdc-srv.my.domain. my.domain _kerberos-adm._tcp SRV 'pdc-srv.my.domain. 88 100 0' 'pdc-srv.my.domain. 88 0 100' samba-tool dns update pdc-srv.my.domain. my.domain _kerberos-adm._tcp SRV 'pdc-srv.my.domain. 88 0 100' 'pdc-srv.my.domain. 749 0 100' samba-tool dns delete pdc-srv.my.domain. my.domain _kerberos-adm._tcp SRV 'pdc-srv.my.domain. 749 0 100' -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] errors in log: Failed to bind to uuid ...@ncalrpc
What this entry from from log may mean? [2012/09/10 09:55:01, 0] ../source4/rpc_server/netlogon/dcerpc_netlogon.c:1256(dcesrv_netr_LogonGetCapabilities) ../source4/rpc_server/netlogon/dcerpc_netlogon.c:1256 Bad credentials - error [2012/09/10 09:55:01, 0] ../source4/librpc/rpc/dcerpc_util.c:660(dcerpc_pipe_auth_recv) Failed to bind to uuid 12345678-1234-abcd-ef00-01234567cffb for 12345678-1234-abcd-ef00-01234567cffb@ncalrpc:127.0.0.1[DEFAULT,sign,seal] NT_STATUS_UNSUCCESSFUL -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] reverse dns zone managed by samba4
While it's possible to create reverse zone in samba4 directory, it's impossible to update it the same way as forward zone. So my current setup has forward zone stored in AD and reverse one stored in good old flat file. Does any solution exist which allows to store in samba4 AD? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] syntax of samba-tool to deal with SRV DNS record
On 8/30/12, Alain Foucher a.fouc...@cht.nc wrote: i try to use something like : samba-tool dns add smb4 domain.local_http._tcp.domain.local SRV tx4.domain.local 80 1 5 but i get this message Usage: samba-tool dns add server zone name A||PTR|CNAME|NS|MX|SRV|TXT data You've forgot quotes around data: samba-tool dns add smb4 domain.local_http._tcp.domain.local SRV tx4.domain.local 80 1 5 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] syntax of samba-tool to deal with SRV DNS record
On 8/29/12, Alain Foucher a.fouc...@cht.nc wrote: i'm looking to update some SRV DNS Record , but i didn't find the correct syntax to handle priority, weight and port. from samba-tool output: ERROR: Data requires 4 elements - server, port, priority, weight -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 is it possible to change the IP of a DC?
On 8/21/12, steve st...@steve-ss.com wrote: I changed IP of DC but from windows box using administrative tools from 2003. So that should work against a Sama4 DC no? Was that from Active Yes, it was Samba (4.0 beta2). Directory Users and Computers? I had a quick look there but couldn't find it. There is an applet it that tools called somewhat like DNS, I used it. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 is it possible to change the IP of a DC?
I changed IP of DC but from windows box using administrative tools from 2003. -- http://375gnu.wordpress.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
