Re: [Samba] segmentation fault
Bensi, Looks like this is bug in samba 3, we are also having same kind of problem. lets wait some Samba develpers will address this problem. -Sundaram On Thu, 18 Nov 2004 12:40:46 +0530, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Dear sir, I have configured samba with ads integration and it was working perfectly in RedHat Linux 9.0. But Yesterday I changed that configuration as simple user level security. But my problem was when I run 'smbpasswd' command I am getting one error as 'Segmentation fault'. What I can do to trouble shoot this problem. Kindly reply me as soon as possible.. Thanks Rgds Bensi Bose T.C. RHCE Confidentiality Notice The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain confidential or privileged information. If you are not the intended recipient, please notify the sender at Wipro or [EMAIL PROTECTED] immediately and destroy all copies of this message and any attachments. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- Software Groups (SFG) http://sfg.homeunix.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba ADS Winbind unable to join SuSe 9.1
Hi all,
We are trying to add SuSe 9.1 file server to Windows Domain. Here is
our configuration.
Windows 2000 Active Directory
SuSe 9.1 with Samba 3.0.8
When I try to add Linux file server to windows domain using net
command, net command dies with segment fault message. While starting
winbind process, it dies with segment fault error message.
Here is my configuration files and error message on this problem.
smb.conf:
# Global parameters
[global]
workgroup = xyz
realm = xyz.COM
security = ADS
map to guest = Bad User
password server = 192.168.1.201
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
preferred master = No
local master = No
domain master = No
wins server = 192.168.1.201
ldap ssl = no
idmap uid = 1-2
idmap gid = 1-2
winbind separator = /
winbind use default domain = Yes
printer admin = @ntadmin, root, administrator
[homes]
comment = Home Directory
valid users = xyz/%S
read only = No
browseable = No
net as join -UAdministrator -d 10 command output
=
ads_try_connect: trying ldap server port 389
[2004/11/17 20:11:24, 3] libads/ldap.c:ads_connect(247)
Connected to LDAP server 192.168.1.201
[2004/11/17 20:11:24, 3] libads/ldap.c:ads_server_info(2431)
got ldap server name [EMAIL PROTECTED], using bind path: dc=XYZ,dc=COM
[2004/11/17 20:11:24, 4] libads/ldap.c:ads_server_info(2437)
time offset is -86 seconds
[2004/11/17 20:11:24, 4] libads/sasl.c:ads_sasl_bind(447)
Found SASL mechanism GSS-SPNEGO
[2004/11/17 20:11:24, 3] libads/sasl.c:ads_sasl_spnego_bind(204)
ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
[2004/11/17 20:11:24, 3] libads/sasl.c:ads_sasl_spnego_bind(204)
ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
[2004/11/17 20:11:24, 3] libads/sasl.c:ads_sasl_spnego_bind(204)
ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
[2004/11/17 20:11:24, 3] libads/sasl.c:ads_sasl_spnego_bind(204)
ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
[2004/11/17 20:11:24, 3] libads/sasl.c:ads_sasl_spnego_bind(211)
ads_sasl_spnego_bind: got server principal name [EMAIL PROTECTED]
[2004/11/17 20:11:24, 3] libsmb/clikrb5.c:ads_krb5_mk_req(382)
ads_krb5_mk_req: krb5_cc_get_principal failed (No such file or directory)
[2004/11/17 20:11:24, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(319)
Ticket in ccache[MEMORY:net_ads] expiration Thu, 18 Nov 2004 06:09:58 GMT
[2004/11/17 20:11:24, 10] libsmb/clikrb5.c:ads_krb5_mk_req(409)
ads_krb5_mk_req: Ticket ([EMAIL PROTECTED]) in ccache
(MEMORY:net_ads) is valid until: (Thu, 18 Nov 2004 06:09:58 GMT -
1100776198)
[2004/11/17 20:11:24, 10] libsmb/clikrb5.c:get_krb5_smb_session_key(511)
Got KRB5 session key of length 16
[2004/11/17 20:11:24, 10] lib/util.c:name_to_fqdn(2506)
name_to_fqdn: lookup for filesrv1 - filesrv1.XYZ.com.
[2004/11/17 20:11:24, 0] libads/ldap.c:ads_add_machine_acct(1366)
ads_add_machine_acct: Host account for filesrv1 already exists -
modifying old account
[2004/11/17 20:11:24, 5] libads/ldap_utils.c:ads_do_search_retry(56)
Search for (objectclass=*) gave 1 replies
[2004/11/17 20:11:25, 3] libads/ldap.c:ads_workgroup_name(2526)
Found alternate name 'XYZ' for realm 'XYZ.COM'
net command strace output:
=
# strace -v -f -F -o /tmp/aa net ads join -UAdministrator
6418 fcntl64(3, F_SETLKW64, {type=F_WRLCK, whence=SEEK_SET,
start=324, len=1}, 0xbfffe370) = 0
6418 fcntl64(3, F_SETLKW64, {type=F_UNLCK, whence=SEEK_SET,
start=324, len=1}, 0xbfffe370) = 0
6418 fcntl64(3, F_SETLKW64, {type=F_WRLCK, whence=SEEK_SET,
start=344, len=1}, 0xbfffe470) = 0
6418 fcntl64(3, F_SETLKW64, {type=F_UNLCK, whence=SEEK_SET,
start=344, len=1}, 0xbfffe470) = 0
6418 time(NULL)= 1100740285
6418 fcntl64(3, F_SETLKW64, {type=F_WRLCK, whence=SEEK_SET,
start=532, len=1}, 0xbfffe470) = 0
6418 fcntl64(3, F_SETLKW64, {type=F_UNLCK, whence=SEEK_SET,
start=532, len=1}, 0xbfffe470) = 0
6418 fcntl64(3, F_SETLKW64, {type=F_WRLCK, whence=SEEK_SET,
start=552, len=1}, 0xbfffe470) = 0
6418 fcntl64(3, F_SETLKW64, {type=F_UNLCK, whence=SEEK_SET,
start=552, len=1}, 0xbfffe470) = 0
6418 getuid32()= 0
6418 geteuid32() = 0
6418 getgid32()= 0
6418 getegid32() = 0
6418 open(/etc/krb5.conf, O_RDONLY|O_LARGEFILE) = -1 ENOENT (No
such file or directory)
6418 getuid32()= 0
6418 geteuid32() = 0
6418 getgid32()= 0
6418 getegid32() = 0
6418 --- SIGSEGV (Segmentation fault) @ 0 (0) ---
6418 +++ killed by SIGSEGV +++
#tcpdump output:
=
20:11:24.603653 IP (tos 0x0, ttl 64, id 52256, offset 0, flags [DF],
length: 77) 172.68.1.53.32772 172.68.1.201.53:
[Samba] SuSe 9.1 samba quota questions
I have downloaded samba 3.0.4 from suse FTP site. README.SuSE (/usr/share/doc/packages/samba) files says Quota support doesnt work. Some people are reporting they are using samba quota feature. What are the issues with SuSE OS? Is there a way I can use Quota on SuSE (by re-compiling with quota option). Can you share your experience with samba 3 quota support? Thanks SR -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Win support=yes samba 2..28a
Hi, I am running samab 2.2.8a on Redhat 9. in my smb.conf file I set wins support =yes. But this machine is not reponding wins request. No process binding on wins port. Here is the smb.conf output: # testparm | grep win name resolve order = lmhosts host wins bcast max wins ttl = 518400 min wins ttl = 21600 wins proxy = No wins server = wins support = Yes wins hook = #grep win /etc/services nextstep178/tcp NeXTStep NextStep # NeXTStep window wins1512/tcp# Microsoft's Windows Internet Name Service wins1512/udp# Microsoft's Windows Internet Name Service [EMAIL PROTECTED] root]# netstat -an --ip |grep 1512 tcp0 0 0.0.0.0:515 0.0.0.0:* LISTEN [ root]# ps -fed|grep nm root 10503 1 0 Mar13 ?00:01:28 nmbd -D root 10504 10503 0 Mar13 ?00:00:00 nmbd -D root 22826 22779 0 21:58 pts/000:00:00 grep nm #/etc/init.d/smb status smbd (pid 22374 21676 20694 20482 20426 19506 19295 18231 10552 10551 10498) is running... nmbd (pid 10504 10503) is running... [EMAIL PROTECTED] root]# rpm -qa |grep samba samba-common-2.2.8a-0 samba-client-2.2.8a-0 samba-debuginfo-2.2.8a-0 samba-swat-2.2.8a-0 samba-2.2.8a-0 I would except some process on 1512 wins port. Any input on this? Thanks SR -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba, CUPS A StarDocPrinter call was not issued.
Hi all, I am using Samba -3.0.2a with cups on SuSe 9.0. Samba PDC works fine, but I have some problem with CUPS PDF Printer printing. From Linux I was able print the test page. From 2000 workstation I was able add and print the document as root user. If I login as ordinary user, not able to print anything (not even testing) I received the following errors: From NotePad: A StarDocPrinter call was not issued. From OpenOffice: Could not start printer. Please check your printer configuration Any tips to fix this problem. Note: Same setup and configuration works at my home. I was able to print the document from Windows 2000 Client. -Sundaram -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] cupsaddsmb adobe error message
Hi, I am trying to add automatic driver install, its giving me ADOBEPS5.DLL file not found error message. Where can I get these files? My configuration Samba 3.0.2a with cups. # cupsaddsmb -U root -v -a Password for root required to access localhost via SAMBA: Running command: smbclient //localhost/print\$ -N -U'root%abc123' -c 'mkdir W32X86;put /var/spool/cups/tmp/4051394ee08ec W32X86/pdf.PPD;put /usr/share/cups/drivers/ADOBEPS5.DLL W32X86/ADOBEPS5.DLL;put /usr/share/cups/drivers/ADOBEPSU.DLL W32X86/ADOBEPSU.DLL;put /usr/share/cups/drivers/ADOBEPSU.HLP W32X86/ADOBEPSU.HLP' Domain=[TUX-NET] OS=[Unix] Server=[Samba 3.0.2a-SuSE] NT_STATUS_OBJECT_NAME_COLLISION making remote directory \W32X86 putting file /var/spool/cups/tmp/4051394ee08ec as \W32X86/pdf.PPD (6463.0 kb/s) (average 6463.2 kb/s) /usr/share/cups/drivers/ADOBEPS5.DLL does not exist /usr/share/cups/drivers/ADOBEPSU.DLL does not exist /usr/share/cups/drivers/ADOBEPSU.HLP does not exist Password for root required to access localhost via SAMBA: -SR -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] getlogon.pl script problem
Hi,
I want to generate the logon script on the fly. I want to map user home
directory into H: drive.
Genlogon.pl script executes three times for single user, each time its
getting diffract argument value.
Here is my configuration
root preexec = /netlogon/genlogon.pl %U %G %L
logon script = %U.bat
logon path =
logon drive =
logon home =
domain logons = Yes
[netlogon]
path = /netlogon
write list = ntadmin
locking = No
genlogon.pl
===
# Log client connection
#($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) =
localtime(time);
($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time);
open LOG, /var/log/samba/netlogon.log;
print LOG $mon/$mday/$year $hour:$min:$sec - User $ARGV[0] logged into
$ARGV[1] ==;
print LOG %U User $ARGV[0] : %G Group $ARGV[1] : %L Server
$ARGV[2]\n;
close LOG;
# Start generating logon script
open LOGON, /netlogon/$ARGV[0].bat;
print LOGON [EMAIL PROTECTED] OFF\r\n;
# Connect shares just use by Software Development group
if ($ARGV[1] eq SOFTDEV || $ARGV[0] eq softdev)
{
print LOGON NET USE M: $ARGV[2]\\SOURCE\r\n;
}
# Connect shares just use by Technical Support staff
if ($ARGV[1] eq SUPPORT || $ARGV[0] eq support)
{
print LOGON NET USE S: $ARGV[2]\\SUPPORT\r\n;
}
print LOGON net time $ARGV[2] /set /y\r\n;
print LOGON NET USE T: /delete /y\r\n;
print LOGON NET USE T: $ARGV[2]\\tmp\r\n;
print LOGON NET USE H: /delete /y\r\n;
print LOGON NET USE H: $ARGV[2]\\$ARGV[0]\r\n;
# All done! Close the output file.
close LOGON;
# cat /var/log/samba/netlogon.log
2/9/104 23:24:44 - User %G logged into testpdc == %U User %G : %G Group
testpdc : %L Server
2/9/104 23:24:45 - User %G logged into testpdc == %U User %G : %G Group
testpdc : %L Server
2/9/104 23:24:47 - User user1 logged into Domain == %U User user1 : %G
Group Domain : %L Server Users
Generated script.
This one is wrong; it takes server name as users, correct server name is
testpdc.
mail:~ # cat /netlogon/user1.bat
@ECHO OFF
net time \\Users /set /y
NET USE T: /delete /y
NET USE T: \\Users\tmp
NET USE H: /delete /y
NET USE H: \\Users\user1
How will I generate the script with correct server name? Why this script
is executing three times with different argument values
Thanks
Sundaram
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LDAP replication
Can you post you configuration file. from the document, look like they are running master slave on the same machine, if your using two machine, you need to change following entry with replica host=127.0.0.1:3790 binddn=cn=replica,o=aphroland,c=us bindmethod=simple credentials=linux to replica host=slave ldap server ip binddn=cn=replica,o=aphroland,c=us bindmethod=simple credentials=linux -SR Hi all, I know this is not ldap list, but I'm setting SAMBA LDAP BDC; I think many of you have experience with this. I setup a replica, I haven't done the following I followed 1. http://howto.aphroland.de/HOWTO/LDAP/ReplicationOverSSLConfigureOpenLDAP 2. http://howto.aphroland.de/HOWTO/LDAP/ReplicationOverSSLSlaveServer 3. http://howto.aphroland.de/HOWTO/LDAP/ReplicationOverSSLTheInitialTransfe r to setup replication, but slurpd doesn't not want to propagate from the master to the slave at all. I check the replication log. the master ldap replication's log (/var/lib/ldap/replication.log) was empty, while slurpd replication log /usr/local/var/openldap-slurpd/replication/rep.log had all the changed I have made on the master, but the slave hasn't changed at all. I checked from .rej, there's no .rej. The status file is empty as well. I have no where to check for what's going on. Any idea? suggestion? Thanks! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Auto printer dirver install for windows client
Edd, Thanks for your information. I am not clear about this part can you give some more information on this statment. === Go into the Printers folder on the Server, select File Server Properties, then upload the drivers and associate them with the printer in the dialogue boxes that come up = Where will I do this on Linux machine? How will I upload the driver to Linux machine? Thanks SR - Original Message - From: Edd Payne [EMAIL PROTECTED] To: Nandish [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, January 16, 2004 5:09 AM Subject: Re: [Samba] Auto printer dirver install for windows client The way I did it was: Use redhat-config-printer to set the printer up, making sure you make it a Raw print queue (ie no driver), then make sure you can print from the linux box (print a test page, or dump some PostScript/PCL to it to make sure it can see the printer). Then make sure you can see the printer share when you browse to the server through My Network Places on Windows. Go into the Printers folder on the Server, select File Server Properties, then upload the drivers and associate them with the printer in the dialogue boxes that come up. My Windows clients now automatically download and install the printer drivers (I use the PS ones), and can do point-and-print (I don't normally run Win2k on the desktop so can't verify these steps exactly but it should be reasonably obvious - it took me about 5 minutes to work out how to do it) edd On Friday 16 Jan 2004 5:56 am, Nandish wrote: Dear Sir, We have HP Laserjet 4000 / 4050 printer, I made Redhat Linux as my print server, I was not able to auto install the printer dirver to windows client machine, I tried various option make driver auto install, now print job is come to the queue but it's not printing. If any solutions for this problem, pls. mail me. Thanks in advance Nandish -- Edd Payne IT Co-ordinator University of London Union Malet Street, London WC1E 7HY tel: 020 7664 2060 fax: 020 7436 4604 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Uploading driver from windows 2000 to samba server.
Hi all,
I am looking for a way to transfer my printer driver from windows to Samba
print$ share.
I computer log file shows the following error message.
register_message_flags: tdb_fetch failed
couldn't find service ::{2227a280-3aea-1069-a2de-08002b30309d}
[2004/01/16 11:54:51, 1] smbd/service.c:make_connection_snum(698)
rsundaram (192.168.1.140) connect to service RPM initially as user nobody
(uid=99, gid=99) (pid 25808)
[2004/01/16 11:54:51, 1] smbd/service.c:make_connection_snum(698)
rsundaram (192.168.1.140) connect to service sundaram initially as user
sundaram (uid=1023, gid=100) (pid 25808)
[2004/01/16 11:54:58, 0] smbd/connection.c:register_message_flags(220)
register_message_flags: tdb_fetch failed
[2004/01/16 11:58:06, 0] smbd/connection.c:register_message_flags(220)
register_message_flags: tdb_fetch failed
[2004/01/16 11:58:07, 0] smbd/service.c:make_connection(850)
rsundaram (192.168.1.140) couldn't find service
::{2227a280-3aea-1069-a2de-08002b30309d}
Here is my smb.conf printer share setting
[PDFPrint]
path = /pub/pdf_out
read only = No
guest only = Yes
guest ok = Yes
[printers]
comment = All Printers
path = /var/spool/samba
printer admin = root, @ntadmins
read only = No
create mask = 0700
guest only = Yes
guest ok = Yes
printable = Yes
use client driver = Yes
browseable = No
[print$]
comment = Printer Drivers
path = /etc/samba/drivers
read only = No
guest ok = Yes
any help to fix this error message.
Thanks
SR
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] SAMBA 2.2.8a PDC with OpenLDAP automatcally adding machine account
Hi, I am trying add w2k machine to my samba 2.28a PDC, but it's not creating machine account auotmatically. Here is my configuration: add user script = /usr/local/sbin/smbldap-useradd.pl -w -d /dev/null -g Domain Computers -s /bin/false ldap server = 127.0.0.1 ldap port = 389 ldap suffix = dc=sfgroup,dc=com ldap filter = ((uid=%u)(objectclass=sambaAccount)) ldap admin dn = cn=Manager,dc=sfgroup,dc=com ldap ssl = no ldap del only sam attr = No This command work from command line: /usr/local/sbin/smbldap-useradd.pl -w -d /dev/null -g Domain Computers -s /bin/false ramas$ log message : == Initializing connection to 127.0.0.1 on port 389 [2004/01/12 20:08:29, 2] passdb/pdb_ldap.c:ldap_open_connection(217) ldap_open_connection: connection opened [2004/01/12 20:08:29, 0] passdb/pdb_ldap.c:ldap_connect_system(316) ldap_connect_system: Binding to ldap server as cn=Manager,dc=sfgroup,dc=com [2004/01/12 20:08:29, 2] passdb/pdb_ldap.c:ldap_connect_system(331) ldap_connect_system: succesful connection to the LDAP server [2004/01/12 20:08:29, 2] passdb/pdb_ldap.c:ldap_search_one_user(343) ldap_search_one_user: searching for:[((uid=ramas$)(objectclass=sambaAccount))] [2004/01/12 20:08:29, 0] passdb/pdb_ldap.c:pdb_getsampwnam(940) LDAP search ((uid=ramas_)(objectclass=sambaAccount)) returned 0 entries. [2004/01/12 20:08:29, 3] smbd/sec_ctx.c:pop_sec_ctx(436) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2004/01/12 20:08:29, 3] smbd/reply.c:smb_create_user(543) smb_create_user: Running the command `/usr/local/sbin/smbldap-useradd.pl -w -d /dev/null -g Domain Computers -s /bin/false' gave 1 [2004/01/12 20:08:29, 0] rpc_server/srv_samr_nt.c:_api_samr_create_user(1934) User ramas$ does not exist in system password file (usually /etc/passwd). Cannot add account without a valid local system user. [2004/01/12 20:08:29, 5] rpc_parse/parse_prs.c:prs_debug(60) 00 samr_io_r_create_user [2004/01/12 20:08:29, 6] rpc_parse/parse_prs.c:prs_debug(60) 00 smb_io_pol_hnd user_pol SR -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] SAMBA 2.2.8a PDC with OpenLDAP automatcally adding machine account
Hi, I am trying add w2k machine to my samba 2.28a PDC, but it's not creating machine account auotmatically. Here is my configuration: add user script = /usr/local/sbin/smbldap-useradd.pl -w -d /dev/null -g Domain Computers -s /bin/false ldap server = 127.0.0.1 ldap port = 389 ldap suffix = dc=sfgroup,dc=com ldap filter = ((uid=%u)(objectclass=sambaAccount)) ldap admin dn = cn=Manager,dc=sfgroup,dc=com ldap ssl = no ldap del only sam attr = No This command work from command line: /usr/local/sbin/smbldap-useradd.pl -w -d /dev/null -g Domain Computers -s /bin/false ramas$ log message : == Initializing connection to 127.0.0.1 on port 389 [2004/01/12 20:08:29, 2] passdb/pdb_ldap.c:ldap_open_connection(217) ldap_open_connection: connection opened [2004/01/12 20:08:29, 0] passdb/pdb_ldap.c:ldap_connect_system(316) ldap_connect_system: Binding to ldap server as cn=Manager,dc=sfgroup,dc=com [2004/01/12 20:08:29, 2] passdb/pdb_ldap.c:ldap_connect_system(331) ldap_connect_system: succesful connection to the LDAP server [2004/01/12 20:08:29, 2] passdb/pdb_ldap.c:ldap_search_one_user(343) ldap_search_one_user: searching for:[((uid=ramas$)(objectclass=sambaAccount))] [2004/01/12 20:08:29, 0] passdb/pdb_ldap.c:pdb_getsampwnam(940) LDAP search ((uid=ramas_)(objectclass=sambaAccount)) returned 0 entries. [2004/01/12 20:08:29, 3] smbd/sec_ctx.c:pop_sec_ctx(436) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2004/01/12 20:08:29, 3] smbd/reply.c:smb_create_user(543) smb_create_user: Running the command `/usr/local/sbin/smbldap-useradd.pl -w -d /dev/null -g Domain Computers -s /bin/false' gave 1 [2004/01/12 20:08:29, 0] rpc_server/srv_samr_nt.c:_api_samr_create_user(1934) User ramas$ does not exist in system password file (usually /etc/passwd). Cannot add account without a valid local system user. [2004/01/12 20:08:29, 5] rpc_parse/parse_prs.c:prs_debug(60) 00 samr_io_r_create_user [2004/01/12 20:08:29, 6] rpc_parse/parse_prs.c:prs_debug(60) 00 smb_io_pol_hnd user_pol SR -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] suse 8.2 Samba 3(samba3-3.0.2pre1-20) LDAP PDC :Cannot Log onto Domain Member Workstation After Joining Domain
Tarjei, thanks, your right my sid was wrong. SID fixed my problem. -SR - Original Message - From: Tarjei Huse [EMAIL PROTECTED] To: Sundaram Ramasamy [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, January 14, 2004 7:36 AM Subject: Re: [Samba] suse 8.2 Samba 3(samba3-3.0.2pre1-20) LDAP PDC :Cannot Log onto Domain Member Workstation After Joining Domain Hi, Successfully I was able to joining Windows 2000 Professional to samba 3 domain (TUX_NET). After that I was not able to login to domain from windows 2000 machine. Hi, take a look at the sambasid of your nobody user. I belive that the gues user has to have a sid ending in 501. If I am not wrong, this is also an error in the smbldap-populate script that idealx uses. (Therefore I crosspost) th I have tried with three different samba 3 versions, same result. My configuration: SuSE 8.2 Samba 3pre2 Is there any problem with my configuration? I am attaching machine log file also. # extended LDIF # # LDAPv3 # base with scope sub # filter: (objectclass=*) # requesting: ALL # # sfgroup.com dn: dc=sfgroup,dc=com objectClass: dcObject objectClass: organization dc: sfgroup o: sfgroup # People, sfgroup.com dn: ou=People,dc=sfgroup,dc=com objectClass: organizationalUnit ou: People # Groups, sfgroup.com dn: ou=Groups,dc=sfgroup,dc=com objectClass: organizationalUnit ou: Groups # nobody, People, sfgroup.com dn: uid=nobody,ou=People,dc=sfgroup,dc=com cn: nobody sn: nobody objectClass: inetOrgPerson objectClass: sambaSAMAccount objectClass: posixAccount gidNumber: 514 uid: nobody homeDirectory: /dev/null sambaPwdLastSet: 0 sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaPwdMustChange: 2147483647 sambaHomePath: \\rishi\homes sambaHomeDrive: _HOMEDRIVE_ sambaProfilePath: \\_PDCNAME_\profiles\ sambaPrimaryGroupSID: S-1-5-21-3516781642-1962875130-3438800523-514 sambaLMPassword: NO PASSWORDX sambaNTPassword: NO PASSWORDX loginShell: /bin/false uidNumber: 99 sambaAcctFlags: [U ] sambaSID: S-1-5-21-3516781642-1962875130-3438800523-514 # Domain Admins, Groups, sfgroup.com dn: cn=Domain Admins,ou=Groups,dc=sfgroup,dc=com objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 512 cn: Domain Admins memberUid: Administrator description: Netbios Domain Administrators sambaSID: S-1-5-21-3516781642-1962875130-3438800523-512 sambaGroupType: 2 displayName: Domain Admins # Domain Users, Groups, sfgroup.com dn: cn=Domain Users,ou=Groups,dc=sfgroup,dc=com objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 513 cn: Domain Users description: Netbios Domain Users sambaSID: S-1-5-21-3516781642-1962875130-3438800523-513 sambaGroupType: 2 displayName: Domain Users memberUid: root memberUid: admin memberUid: testuser memberUid: sun # Domain Guests, Groups, sfgroup.com dn: cn=Domain Guests,ou=Groups,dc=sfgroup,dc=com objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 514 cn: Domain Guests description: Netbios Domain Guests Users sambaSID: S-1-5-21-3516781642-1962875130-3438800523-514 sambaGroupType: 2 displayName: Domain Guests # Administrators, Groups, sfgroup.com dn: cn=Administrators,ou=Groups,dc=sfgroup,dc=com objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 544 cn: Administrators description: Netbios Domain Members can fully administer the computer/sambaDom ainName sambaSID: S-1-5-21-3516781642-1962875130-3438800523-544 sambaGroupType: 2 displayName: Administrators # Users, Groups, sfgroup.com dn: cn=Users,ou=Groups,dc=sfgroup,dc=com objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 545 cn: Users description: Netbios Domain Ordinary users sambaSID: S-1-5-21-3516781642-1962875130-3438800523-545 sambaGroupType: 2 displayName: users # Guests, Groups, sfgroup.com dn: cn=Guests,ou=Groups,dc=sfgroup,dc=com objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 546 cn: Guests memberUid: nobody description: Netbios Domain Users granted guest access to the computer/sambaDo mainName sambaSID: S-1-5-21-3516781642-1962875130-3438800523-546 sambaGroupType: 2 displayName: Guests # Power Users, Groups, sfgroup.com dn: cn=Power Users,ou=Groups,dc=sfgroup,dc=com objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 547 cn: Power Users description: Netbios Domain Members can share directories and printers sambaSID: S-1-5-21-3516781642-1962875130-3438800523-547 sambaGroupType: 2 displayName: Power Users # Account Operators, Groups, sfgroup.com dn: cn=Account Operators,ou=Groups,dc=sfgroup,dc=com objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 548 cn: Account Operators description: Netbios Domain Users to manipulate users accounts sambaSID: S-1-5-21-3516781642
[Samba] samba 2.2.8a PDC LDAP CTRL+ALT+DEL password change, not chaning Unix password
Hi,
I am running samba 2.2.8a with ldap PDC. From windows machine If I change
password by process CTL+ALT+DEL key its changing only windows password.
from command line smbldap-passwd.pl script changing the both UNIX and
samba password.
any idea why its not changing UNIX password?
Thanks
SR
Here my smb.conf file
encrypt passwords = Yes
min passwd length = 5
null passwords = No
password server =
smb passwd file = /etc/samba/smbpasswd
pam password change = Yes
passwd program = /usr/local/sbin/smbldap-passwd.pl %u
passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password*
%n\n*passwd:*all*authentication*tokens*updated*successfully*
passwd chat debug = Yes
password level = 0
unix password sync = No
machine password timeout = 604800
my smbldap-passwd.pl file
===
use FindBin;
use FindBin qw($RealBin);
use lib $RealBin/;
use smbldap_tools;
use smbldap_conf;
my $user;
my $oldpass;
my $ret;
my $arg;
foreach $arg (@ARGV) {
if ($ != 0) {
die Only root can specify parameters\n;
} else {
if ( ($arg eq '-?') || ($arg eq '--help') ) {
print Usage: $0 [username]\n;
print -?, --help show this help message\n;
exit (6);
} elsif (substr($arg,0) ne '-') {
$user = $arg;
}
$oldpass = 1;
}
}
if (!defined($user)) {
$user=$ENV{USER};
}
# test existence of user in LDAP
my $dn_line;
if (!defined($dn_line = get_user_dn($user))) {
print $0: user $user doesn't exist\n;
exit (10);
}
my $dn = get_dn_from_line($dn_line);
my $samba = is_samba_user($user);
print Changing password for $user\n;
# non-root user
if (!defined($oldpass)) {
# prompt for current password
system stty -echo;
print (current) UNIX password: ;
chomp($oldpass=STDIN);
print \n;
system stty echo;
if (!is_user_valid($user, $dn, $oldpass)) {
print Authentication failure\n;
exit (10);
}
}
# prompt for new password
my $pass;
my $pass2;
system stty -echo;
print New password : ;
chomp($pass=STDIN);
print \n;
system stty echo;
system stty -echo;
print Retype new password : ;
chomp($pass2=STDIN);
print \n;
system stty echo;
if ($pass ne $pass2) {
print New passwords don't match!\n;
exit (10);
}
# only modify smb passwords if smb user
if ($samba == 1) {
if (!$with_smbpasswd) {
# generate LanManager and NT clear text passwords
if ($mk_ntpasswd eq '') {
print Either set \$with_smbpasswd = 1 or specify \$mk_ntpasswd\n;
exit(1);
}
my $ntpwd = `$mk_ntpasswd '$pass'`;
chomp(my $lmpassword = substr($ntpwd, 0, index($ntpwd, ':')));
chomp(my $ntpassword = substr($ntpwd, index($ntpwd, ':')+1));
# change nt/lm passwords
my $tmpldif =
$dn_line
changetype: modify
replace: lmpassword
lmpassword: $lmpassword
-
changetype: modify
replace: ntpassword
ntpassword: $ntpassword
-
;
die $0: error while modifying password for $user\n
unless (do_ldapmodify($tmpldif) == 0);
undef $tmpldif;
}
else {
if ($ != 0) {
my $FILE=|$smbpasswd -s /dev/null;
open (FILE, $FILE) || die $!\n;
print FILE EOF;
'$oldpass'
'$pass'
'$pass'
EOF
;
close FILE;
} else {
my $FILE=|$smbpasswd $user -s /dev/null;
open (FILE, $FILE) || die $!\n;
print FILE EOF;
'$pass'
'$pass'
EOF
;
close FILE;
}
}
}
# change unix password
$ret = system $ldappasswd $dn -s '$pass' /dev/null;
if ($ret == 0) {
print all authentication tokens updated successfully\n;
} else {
return $ret;
}
exit 0;
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba 2.2.8a PDC LDAP CTRL+ALT+DEL password change, not chaning Unix password
I don't thinsk so, Its not chaning the userpasswod value at all. -SR - Original Message - From: Dragan Krnic [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Wednesday, January 14, 2004 10:24 AM Subject: Re: samba 2.2.8a PDC LDAP CTRL+ALT+DEL password change, not chaning Unix password I am running samba 2.2.8a with ldap PDC. From windows machine If I change password by process CTL+ALT+DEL key its changing only windows password. from command line smbldap-passwd.pl script changing the both UNIX and samba password. any idea why its not changing UNIX password? Case sensitivity perhaps? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Trying to configure a SAMBA 3 PDC with OpenLDAP
On Sun, 11 Jan 2004 15:01:27 -0400 Vegeta [EMAIL PROTECTED] wrote: I found in an older post in the list that there is a bug in Samba 3. It says that Samba 3 does not search in the ou=Computers (ou=Computadoras in my case) so one has to put the machines in the ou=People (ou=Personas in my case) section of the LDAP server. I did that and smbpasswd -a -m worked. Does somebody know when/if this bug will be fixed? Any links? I've used (store ws on ou=computer) without problem. What samab version your using 3.0.0 or 3.0.1 With 3.0.1pre2 version I was not able to store my computer account under ou=computer tree. I have to store under ou=People tree. I don't know why they changed. SR I still have doubts regarding some users and groups that MUST exist in the LDAP server. In particular I have seen a lot of people say that a root account (uid 0) in the LDAP server is needed. I think this is a bad idea and I would like to Yes, it must have uid/guid = 0. you can give non valid shell (ie /bin/false) --beast -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] problem with smbldap-useradd.pl
Hi, I think you missed some thing in smbldap_conf.pm file. Can you start fresh. copy the smbldap-tools files from source and try again. Thanks SR hi. i´m having big trouble with smbldap-useradd.pl when i try #cd /usr/local/bin #./smbldap-useradd -a test i got this message: Can't call method get_value on an undefined value at ./smbldap-useradd.pl line 152, DATA line 283. help please!!!?? []´s Bruno Ricci -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Re: Trying to configure a SAMBA 3 PDC with OpenLDAP
Vegeta, I had problem while adding windows 2000 machine to domain with ou=Computer. As per John advice I moved computer account to ou=People tree after that I was able to join 2000 machine to domain. My configuration: SuSE 8.2 samba-3.0.2pre1-1 ( with ldapsam) smbtools for account management. Do you have any 2000 cline in your configuration?, if so can you post your smb.conf file I would like to store computer account in a separate tree Thanks SR - Original Message - From: Vegeta [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, January 12, 2004 11:27 AM Subject: [Samba] Re: Re: Trying to configure a SAMBA 3 PDC with OpenLDAP Sundaram Ramasamy wrote: On Sun, 11 Jan 2004 15:01:27 -0400 Vegeta [EMAIL PROTECTED] wrote: I found in an older post in the list that there is a bug in Samba 3. It says that Samba 3 does not search in the ou=Computers (ou=Computadoras in my case) so one has to put the machines in the ou=People (ou=Personas in my case) section of the LDAP server. I did that and smbpasswd -a -m worked. Does somebody know when/if this bug will be fixed? Any links? I've used (store ws on ou=computer) without problem. What samab version your using 3.0.0 or 3.0.1 I am using 3.0.1 -- Fuera Chávez -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Re: Re: Trying to configure a SAMBA 3 PDC with OpenLDAP
Curtis Grote, I have the same configuration, what you have. I am storing computer under ou=People tree. 1. when you add machine account using smbldap-useradd -a -w machine name. it will create only postfix entry. while adding machine it willcreate sambaSamAccount entry. 2. I didn't use the perl command to install perl LDAP module. perl -MCPAN -e 'install Bunle::Net::LDAP' For computer account storage, we need to ask samba develoment list. Thanks SR Sundaram, I am using SuSE 8.2 and Samba 3.0.2pre1. I just re-populated using smbladp-populate and tried to add a machine account (under 'computers'). The machine account is added OK, but the subsequent lookup is still searching under 'People'. The machine account add function does not, however add a 'sambaSamAccount entry, even though my machine account script line includes a '-a'. I would also like to use 'computers' as this seems to be a lot cleaner way to seperate entities, but I too would like some idea as to how close this is to being fixed. The other angle I would like to pursue is if we are experiencing some problems because of some distribution unique configuration. Did you have to perform a 'perl -MCPAN -e 'install Bunle::Net::LDAP' in order to get the smbldap-tools to work? I am wondering if that what is causing me to experience some problems which others do not seem to have. Here are some pertinent lines from my smb.conf: passdb backend = ldapsam:ldap://kemosabe.pmmc.com ldap admin dn=cn=admin,dc=pmmc,dc=com ldap ssl = off ldap delete dn = no ldap passwd sync = yes ldap suffix = dc=pmmc,dc=com ldap user suffix = ou=People ldap group suffix = ou=Groups ldap machine suffix = ou=Computers ldap filter = ((uid=%u)(objectclass=sambaSamAccount)) ldap idmap suffix = dc=pmmc,dc=com passwd program = /home/sambaldap/smbldap-passwd.pl '%u' passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* add user script = /home/sambaldap/smbldap-useradd.pl -a -F \\%L\profiles\%u %u delete user script = /home/sambaldap/smbldap-userdel.pl '%u' add group script = /home/sambaldap/smbldap-groupadd.pl '%g' delete group script = /home/sambaldap/smbldap-groupdel.pl '%g' add user to group script = /home/sambaldap/smbldap-groupmod.pl -m '%u' '%g' delete user from group script = /home/sambaldap/smbldap-groupmod.pl -x '%u' '%g' set primary group script = /home/sambaldap/smbldap-usermod.pl -g '%g' '%u' add machine script = /home/sambaldap/smbldap-useradd.pl -a -w -d /dev/null -g 553 -c 'Machine Account' -s /bin/false %m Curtis Grote Memorial Hospital -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] disabled roaming profile
Just now I disabled roaming profile, in smb.conf set the logon path value to empty and restart the samba process. logon path = Hope this helps SR ok.. at first i thought this is nice but i seem (still) don't know how to control things so i decided not to use roaming profiles... i disabled it and some of the workstations is now using their local profiles (winNT and winXP) but i have still problems with windows 2000 ... it kept on contacting the server for the profile.. i can't find how to disable the roaming profile in win2k i already tried to do .. MY COMPUTERPROPERTIESUSER PROFILES but it is set on local not roaming... i also tried to search the registry but i don't know that to search for.. pls help.. TIA Kent -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3 PDC with LDAP on SuSE
Hi, Does anyone have Samba 3 running as a PDC and LDAP backend with W2K as domain member successfully on SuSE 8.x ? I have been trying to get this going for several weeks. With Redhat Linux I was able to configure this setup, I have problem with SuSE8.2 Thanks -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0 PDC+LDAP Help in Fedora Core 1
Can you put user and computer account in the same tree. change in smb.conf ldap machine suffix = ou=User also change you smbldap_conf.pm file also. - Original Message - From: Jason P Holland [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, January 09, 2004 3:08 PM Subject: [Samba] Samba 3.0 PDC+LDAP Help in Fedora Core 1 Hello, I am hoping someone will offer some help. I'm currently trying to setup a samba 3 PDC with LDAP authentication backend in Fedora core 1. I've read loads of documentation, including http://www.hilinski.net/samba/ldap_PDC_samba.doc http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.html http://samba.idealx.org/samba-ldap-howto.pdf As well as tons of posts in the mailing list archives, but I still cannot get this combination to work. As for the setup, I've installed Openldap 2.1.22, Samba 3.0.0, smbldap-tools-0.8.2. I've run smbpasswd -w to add my slapd.conf password to the secrets.tdb file. I've setup smbldap_conf.pl with my correct SID and ldap dn. I've populated my ldap database using smbldap-populate.pl, everything shows up correctly. I've gone in to the ldap db and fixed roots uid and gid as well as its sambaSID so that it can act as administrator. As far as I can tell, its setup correctly. However, when I go to join a W2k Workstation client, I get The user name could not be found.. Thats using root-testing combination from my config files. Samba does automatically create the machine account, that looks fine. But it refuses to join the machine. Yes, I'm aware of the registry hack for XP,W2K machines, and that has also been changed. The weird thing is from that client, who I cannot join, I can view shares on the PDC using root-testing user pass combination, so I know the authentication is working correctly through ldap. So what does that user name not found error really mean? Does anyone see anything obviously wrong in my config files that would cause this? I've cut them into the post below. I would appreciate any help as I'm just tired of reading and just can't seem to get past adding a machine. Thanks for any help... Jason --- begin ldap.conf HOST 127.0.0.1 BASE dc=test,dc=edu end ldap.conf --- begin slapd.conf include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/samba.schema pidfile /var/run/slapd.pid argsfile /var/run/slapd.args database bdb suffix dc=test,dc=edu rootdn cn=root,dc=test,dc=edu rootpw testing directory /var/lib/ldap index objectClass eq index cn pres,sub,eq index sn pres,sub,eq index uid pres,sub,eq index displayName pres,sub,eq index uidNumber eq index gidNumber eq index memberUid eq index sambaSID eq index sambaPrimaryGroupSID eq index sambaDomainName eq index default sub end slapd.conf begin smb.conf [global] passdb backend = ldapsam ldap suffix = dc=test,dc=edu ldap machine suffix = ou=Computers ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap admin dn = cn=root,dc=test,dc=edu ldap ssl = no idmap backend = ldap:ldap://127.0.0.1 passwd chat debug = Yes passwd program =/usr/local/sbin/smbldap-passwd.pl -o %u passwd chat = *new*password* %n\n *new*password:* %n\ *successfully* socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 add machine script = /usr/local/sbin/smbldap-useradd.pl -w %m add user script = /usr/local/sbin/smbldap-useradd.pl -a %u delete user script = /usr/local/sbin/smbldap-userdel.pl %u add group script = /usr/local/sbin/smbldap-groupadd.pl %g delete group script = /usr/local/sbin/smbldap-groupdel.pl %g add user to group script = /usr/local/sbin/smbldap-groupmod.pl -m %u %g delete user from group script = /usr/local/sbin/smbldap-groupmod.pl -x %u %g set primary group script = /usr/local/sbin/smbldap-usermod.pl -G %g %u workgroup = TEST netbios name = donald comment = test samba pdc security = user null passwords = yes encrypt passwords = yes logon script=logon.bat logon drive = logon path = domain master = yes domain logons = yes preferred master = yes os level = 33 wins support = yes wins proxy = no log file = /var/log/samba/%m.log public = No browseable = yes writable = No ; necessary share for domain controller [netlogon] path = /netlogon locking = no read only = yes write list = ntadmin ;test share [tmp] writeable = yes public = yes path = /tmp [profiles] path = /profiles read only = no writeable = yes create mask = 0600 directory mask = 0700 end smb.conf --- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0 PDC+LDAP Help in Fedora Core 1
Hi,
smbldap-useradd.pl command -w option will append the $ sign to the computer
name.
I think its like a user account.
getent passwd
command will list computer account also.
-Sundaram
- Original Message -
From: Jason P Holland [EMAIL PROTECTED]
To: Sundaram Ramasamy [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Friday, January 09, 2004 4:19 PM
Subject: Re: [Samba] Samba 3.0 PDC+LDAP Help in Fedora Core 1
Thanks for the response. Doesn't the machine account have to have a $ at
the end?? In which case the user and machine account are not the same
right?
Jason
On Fri, 9 Jan 2004, Sundaram Ramasamy wrote:
Can you put user and computer account in the same tree.
change in smb.conf
ldap machine suffix = ou=User
also change you smbldap_conf.pm file also.
- Original Message -
From: Jason P Holland [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, January 09, 2004 3:08 PM
Subject: [Samba] Samba 3.0 PDC+LDAP Help in Fedora Core 1
Hello,
I am hoping someone will offer some help. I'm currently trying to
setup a
samba 3 PDC with LDAP authentication backend in Fedora core 1. I've
read
loads of documentation, including
http://www.hilinski.net/samba/ldap_PDC_samba.doc
http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.html
http://samba.idealx.org/samba-ldap-howto.pdf
As well as tons of posts in the mailing list archives, but I still
cannot
get this combination to work.
As for the setup, I've installed Openldap 2.1.22, Samba 3.0.0,
smbldap-tools-0.8.2. I've run smbpasswd -w to add my slapd.conf
password
to the secrets.tdb file. I've setup smbldap_conf.pl with my correct
SID
and ldap dn. I've populated my ldap database using
smbldap-populate.pl,
everything shows up correctly. I've gone in to the ldap db and fixed
roots uid and gid as well as its sambaSID so that it can act as
administrator. As far as I can tell, its setup correctly.
However, when I go to join a W2k Workstation client, I get The user
name
could not be found.. Thats using root-testing combination from my
config
files. Samba does automatically create the machine account, that
looks
fine. But it refuses to join the machine. Yes, I'm aware of the
registry
hack for XP,W2K machines, and that has also been changed.
The weird thing is from that client, who I cannot join, I can view
shares
on the PDC using root-testing user pass combination, so I know the
authentication is working correctly through ldap. So what does that
user name not found error really mean?
Does anyone see anything obviously wrong in my config files that would
cause this? I've cut them into the post below. I would appreciate
any
help as I'm just tired of reading and just can't seem to get past
adding
a machine. Thanks for any help...
Jason
--- begin ldap.conf
HOST 127.0.0.1
BASE dc=test,dc=edu
end ldap.conf
--- begin slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/samba.schema
pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
database bdb
suffix dc=test,dc=edu
rootdn cn=root,dc=test,dc=edu
rootpw testing
directory /var/lib/ldap
index objectClass eq
index cn pres,sub,eq
index sn pres,sub,eq
index uid pres,sub,eq
index displayName pres,sub,eq
index uidNumber eq
index gidNumber eq
index memberUid eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index default sub
end slapd.conf
begin smb.conf
[global]
passdb backend = ldapsam
ldap suffix = dc=test,dc=edu
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap admin dn = cn=root,dc=test,dc=edu
ldap ssl = no
idmap backend = ldap:ldap://127.0.0.1
passwd chat debug = Yes
passwd program =/usr/local/sbin/smbldap-passwd.pl -o %u
passwd chat = *new*password* %n\n *new*password:* %n\ *successfully*
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
add machine script = /usr/local/sbin/smbldap-useradd.pl -w %m
add user script = /usr/local/sbin/smbldap-useradd.pl -a %u
delete user script = /usr/local/sbin/smbldap-userdel.pl %u
add group script = /usr/local/sbin/smbldap-groupadd.pl %g
delete group script = /usr/local/sbin/smbldap-groupdel.pl %g
add user to group script = /usr/local/sbin/smbldap-groupmod.pl -m %u
%g
delete user from group script = /usr/local/sbin/smbldap-groupmod.pl -x
%u
%g
set primary group script = /usr/local/sbin/smbldap-usermod.pl -G %g %u
workgroup = TEST
netbios name = donald
comment = test samba pdc
security = user
null passwords = yes
[Samba] samba 3 webmin module configuration
Hi all, I am using samab 3 and openldap2-2.1.12 for PDC. When i use webmin to create new user I am getting this error message Failed to save user : Failed to add user to LDAP database : object class 'sambaSAMAccount' requires attribute 'sambaSID' Any help to configure webmin LDAP module for samba 3. Thanks SR -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] suse 8.2 Samba 3(samba3-3.0.2pre1-20) LDAP PDC :Cannot Log onto Domain Member Workstation After Joining Domain
Hi all, Successfully I was able to joining Windows 2000 Professional to samba 3 domain (TUX_NET). After that I was not able to login to domain from windows 2000 machine. I have tried with three different samba 3 versions, same result. My configuration: SuSE 8.2 Samba 3pre2 Is there any problem with my configuration? I am attaching machine log file also. # extended LDIF # # LDAPv3 # base with scope sub # filter: (objectclass=*) # requesting: ALL # # sfgroup.com dn: dc=sfgroup,dc=com objectClass: dcObject objectClass: organization dc: sfgroup o: sfgroup # People, sfgroup.com dn: ou=People,dc=sfgroup,dc=com objectClass: organizationalUnit ou: People # Groups, sfgroup.com dn: ou=Groups,dc=sfgroup,dc=com objectClass: organizationalUnit ou: Groups # nobody, People, sfgroup.com dn: uid=nobody,ou=People,dc=sfgroup,dc=com cn: nobody sn: nobody objectClass: inetOrgPerson objectClass: sambaSAMAccount objectClass: posixAccount gidNumber: 514 uid: nobody homeDirectory: /dev/null sambaPwdLastSet: 0 sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaPwdMustChange: 2147483647 sambaHomePath: \\rishi\homes sambaHomeDrive: _HOMEDRIVE_ sambaProfilePath: \\_PDCNAME_\profiles\ sambaPrimaryGroupSID: S-1-5-21-3516781642-1962875130-3438800523-514 sambaLMPassword: NO PASSWORDX sambaNTPassword: NO PASSWORDX loginShell: /bin/false uidNumber: 99 sambaAcctFlags: [U ] sambaSID: S-1-5-21-3516781642-1962875130-3438800523-514 # Domain Admins, Groups, sfgroup.com dn: cn=Domain Admins,ou=Groups,dc=sfgroup,dc=com objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 512 cn: Domain Admins memberUid: Administrator description: Netbios Domain Administrators sambaSID: S-1-5-21-3516781642-1962875130-3438800523-512 sambaGroupType: 2 displayName: Domain Admins # Domain Users, Groups, sfgroup.com dn: cn=Domain Users,ou=Groups,dc=sfgroup,dc=com objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 513 cn: Domain Users description: Netbios Domain Users sambaSID: S-1-5-21-3516781642-1962875130-3438800523-513 sambaGroupType: 2 displayName: Domain Users memberUid: root memberUid: admin memberUid: testuser memberUid: sun # Domain Guests, Groups, sfgroup.com dn: cn=Domain Guests,ou=Groups,dc=sfgroup,dc=com objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 514 cn: Domain Guests description: Netbios Domain Guests Users sambaSID: S-1-5-21-3516781642-1962875130-3438800523-514 sambaGroupType: 2 displayName: Domain Guests # Administrators, Groups, sfgroup.com dn: cn=Administrators,ou=Groups,dc=sfgroup,dc=com objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 544 cn: Administrators description: Netbios Domain Members can fully administer the computer/sambaDom ainName sambaSID: S-1-5-21-3516781642-1962875130-3438800523-544 sambaGroupType: 2 displayName: Administrators # Users, Groups, sfgroup.com dn: cn=Users,ou=Groups,dc=sfgroup,dc=com objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 545 cn: Users description: Netbios Domain Ordinary users sambaSID: S-1-5-21-3516781642-1962875130-3438800523-545 sambaGroupType: 2 displayName: users # Guests, Groups, sfgroup.com dn: cn=Guests,ou=Groups,dc=sfgroup,dc=com objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 546 cn: Guests memberUid: nobody description: Netbios Domain Users granted guest access to the computer/sambaDo mainName sambaSID: S-1-5-21-3516781642-1962875130-3438800523-546 sambaGroupType: 2 displayName: Guests # Power Users, Groups, sfgroup.com dn: cn=Power Users,ou=Groups,dc=sfgroup,dc=com objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 547 cn: Power Users description: Netbios Domain Members can share directories and printers sambaSID: S-1-5-21-3516781642-1962875130-3438800523-547 sambaGroupType: 2 displayName: Power Users # Account Operators, Groups, sfgroup.com dn: cn=Account Operators,ou=Groups,dc=sfgroup,dc=com objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 548 cn: Account Operators description: Netbios Domain Users to manipulate users accounts sambaSID: S-1-5-21-3516781642-1962875130-3438800523-548 sambaGroupType: 2 displayName: Account Operators # Server Operators, Groups, sfgroup.com dn: cn=Server Operators,ou=Groups,dc=sfgroup,dc=com objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 549 cn: Server Operators description: Netbios Domain Server Operators sambaSID: S-1-5-21-3516781642-1962875130-3438800523-549 sambaGroupType: 2 displayName: Server Operators # Print Operators, Groups, sfgroup.com dn: cn=Print Operators,ou=Groups,dc=sfgroup,dc=com objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 550 cn: Print Operators description: Netbios Domain Print Operators sambaSID: S-1-5-21-3516781642-1962875130-3438800523-550 sambaGroupType: 2 displayName: Print Operators # Backup Operators, Groups, sfgroup.com dn: cn=Backup
Re: [Samba] Samba-ldap-pdc questions
You need to set ldap admin passowd like this. smbpasswd -w ldap admin passwd to create the domain user account use smbldap-useradd.pl command. SR Hi, There I am setting up Samba(3.0.1-1)-ldap(openldap-2.1.22-8)-pdc on Fedora 1.0. I used the RPMs for the installations. After setup, start both smb and ldap without problem. However when I tried to add users with smbpasswd -a userid, it gave me the following errors. Can someone point me to right direction, is there anything I can do to do more test and diagnosis. I've copied the error message, and the conf file for samba.conf and slapd.conf Thank you for your help! Ron Liu Information Technology Consultant Biology Department San Jose State University 408-924-4860 [EMAIL PROTECTED] [EMAIL PROTECTED] openldap]# smbpasswd -a bliu New SMB password: Retype new SMB password: fetch_ldap_pw: neither ldap secret retrieved! ldap_connect_system: Failed to retrieve password from secrets.tdb Connection to LDAP Server failed for the 1 try! smbldap_search_suffix: Problem during the LDAP search: (unknown) (Invalid credentials) fetch_ldap_pw: neither ldap secret retrieved! ldap_connect_system: Failed to retrieve password from secrets.tdb Connection to LDAP Server failed for the 1 try! smbldap_search_suffix: Problem during the LDAP search: (unknown) (Invalid credentials) fetch_ldap_pw: neither ldap secret retrieved! ldap_connect_system: Failed to retrieve password from secrets.tdb Connection to LDAP Server failed for the 1 try! ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (unknown) (Invalid credentials) fetch_ldap_pw: neither ldap secret retrieved! ldap_connect_system: Failed to retrieve password from secrets.tdb Connection to LDAP Server failed for the 1 try! smbldap_search_suffix: Problem during the LDAP search: (unknown) (Invalid credentials) Failed to add entry for user bliu. Failed to modify password entry for user bliu #=== Global Settings = [global] workgroup = mydomain netbios name = ts010 encrypt passwords = yes passdb backend = ldapsam:ldap://localhost/ ldap suffix = o=mydomain,dc=mydomain,dc=com ldap machine suffix = ou=Comupters ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap admin dn = cn=tsadmin,dc=mydomain,dc=com # ldap ssl = start tls ldap delete dn = no server string = mydomain Samba Server hosts allow = 10.101.0. 10.101.1. 127. printcap name = cups load printers = yes printing = cups log file = /var/log/samba/%m.log max log size = 50 security = user password level = 8 ; username level = 8 smb passwd file = /etc/samba/smbpasswd unix password sync = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd *all*authentication*tokens*updated*successfully* ; username map = /etc/samba/smbusers ; include = /etc/samba/smb.conf.%m socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = yes os level = 33 domain master = yes preferred master = yes domain logons = yes logon script = scripts\logscript.bat logon path = \\%L\Profiles\%U logon drive = H: logon home = \\%L\%U ; name resolve order = wins lmhosts bcast wins support = yes dns proxy = no write list = @tsadmin add machine script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u [home] ... * my slapd.conf # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.8 2003/05/24 23:19:14 kurt Exp $ # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/redhat/autofs.schema #rliu, 12/31/03 include /etc/openldap/schema/samba.schema # Allow LDAPv2 client connections. This is NOT the default. allow bind_v2 # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org pidfile /var/run/slapd.pid #argsfile //var/run/slapd.args # Load dynamic backend modules: # modulepath/usr/sbin/openldap # moduleloadback_bdb.la # moduleloadback_ldap.la # moduleloadback_ldbm.la # moduleloadback_passwd.la # moduleloadback_shell.la # The next three lines allow use of TLS for connections using a dummy test # certificate, but you should generate a proper certificate by changing to # /usr/share/ssl/certs, running make slapd.pem, and fixing permissions on # slapd.pem so that the ldap user or
Re: [Samba] questions
As per my samba exprience you can have single userid to access the same share from different computer. SR Hi, I have a samba server running on Linux (RedHat 9.0), with the security set to user and 3 valid user IDs. The clients are 3 PCs running on Windows XP (HomeEdition) and connected through a router. From the PCs running Windows I can see the localhost (Sambas Server), but for some reason one PC can only connect to the share directory on the Samba Server. The questions are as follows. 1. Should every user log in with a different user ID to access the shared directory on the Samba Server? or can I use the same user ID to log in on different PCs to access the shared directory? 2. Could there be another reason why only one PC can connect to the shared directory? Note that I ran the utility ping on the Window PCs and the Linux machine and got good replies so I do not think there is a connection problem. Any help will be appreciated! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Urgent Please - Samba 3.0.1 - LDAP - WinXP ... has anyonegot it working???
You need to change Administrator uid to 0 and gui to 521( Domain Admin). -SR I've been trying to have Samba 3.0.1 work as a primary domain controller using LDAP as the authentication mechanism. However I am unable to get any of my Windows XP Pro machine join the domain. When prompt for an account with permissions to join the domain by the XP client, I give it the Administrator account which is granted Full access to the LDAP directory (BTW this is poor security, what is the right privilege I should give to the Domain Admin?), but SAMBA still responds with a permission denial when trying to open the domain and create the machine account. Here is a log of what happens on the samba server when I attempt the join operation. [2004/01/05 16:20:28, 2] smbd/sesssetup.c:setup_new_vc_session(544) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2004/01/05 16:20:28, 2] smbd/sesssetup.c:setup_new_vc_session(544) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2004/01/05 16:20:28, 2] lib/smbldap.c:smbldap_search_suffix(1068) smbldap_search_suffix: searching for:[(((uid=Administrator)(objectclass=sambaSamAccount))(objectclass=sambaSamAccount))] [2004/01/05 16:20:29, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462) init_sam_from_ldap: Entry found for user: Administrator [2004/01/05 16:20:40, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1636) ldapsam_search_one_group: searching for:[((objectClass=sambaGroupMapping)(gidNumber=513))] [2004/01/05 16:20:40, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [Administrator] - [Administrator] - [Administrator] succeeded [2004/01/05 16:20:41, 2] smbd/server.c:exit_server(558) Closing connections [2004/01/05 16:20:42, 2] smbd/sesssetup.c:setup_new_vc_session(544) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2004/01/05 16:20:42, 2] smbd/sesssetup.c:setup_new_vc_session(544) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2004/01/05 16:20:42, 2] lib/smbldap.c:smbldap_search_suffix(1068) smbldap_search_suffix: searching for:[(((uid=Administrator)(objectclass=sambaSamAccount))(objectclass=sambaSamAccount))] [2004/01/05 16:20:43, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462) init_sam_from_ldap: Entry found for user: Administrator [2004/01/05 16:20:52, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1636) ldapsam_search_one_group: searching for:[((objectClass=sambaGroupMapping)(gidNumber=513))] [2004/01/05 16:20:52, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [Administrator] - [Administrator] - [Administrator] succeeded [2004/01/05 16:20:53, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2461) Returning domain sid for domain SOLA - S-1-5-21-238816456-3885207889-2738941293 [2004/01/05 16:20:53, 2] rpc_server/srv_samr_nt.c:access_check_samr_object(93) _samr_open_domain: ACCESS DENIED (requested: 0x0211) [2004/01/05 16:20:53, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2461) Returning domain sid for domain SOLA - S-1-5-21-238816456-3885207889-2738941293 [2004/01/05 16:20:53, 2] rpc_server/srv_samr_nt.c:access_check_samr_function(115) _samr_create_user: ACCESS DENIED (granted: 0x0201; required: 0x0010) [2004/01/05 16:20:53, 2] smbd/server.c:exit_server(558) Closing connections Does anyone have any suggestion on how to sort this out? thanks Davide -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ou=Computers vs ou=Users
I have tried samba 3.0.1pre2 on suse 8.2. I force to keep Computer and User account in single tree People. I don't know it fixed. eg. User account: uid=testuser,ou=People,dc=sfgroup,dc=com Machine acount: uid=sales$,ou=People,dc=sfgroup,dc=com SR Recently I've read here, that there is a problem with storing computer accounts in a separate container, of LDAPSAM backend. We're successfully using Samba3.0.1pre1 (with a patch for bug#64, #532 and #569, Win9x userlist problem) with separate ous for users and computers, after configuring pam-ldap As are we. Samba = 3.0.1rc2 Machine accounts in ou=System Accounts and user accounts in ou=People ldap admin dn = cn=CIFS DC,o=Morrison Industries,c=US ldap suffix = o=Morrison Industries,c=US ldap group suffix = ou=Groups ldap user suffix = ou=People ldap machine suffix = ou=System Accounts idmap backend = ldap:ldap://localhost/ ldap idmap suffix = ou=idMap,ou=CIFS,ou=SubSystems idmap uid = 4-5 idmap gid = 4-5 Works great. Printer support seems REALLY slow, but I don't think it has anything to do with the SAM. We are waiting for Samba 3.0.2 to move up. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] XP Pro client cannot access stand-alone linux samba server
can you change security = shared restart samba and try to access the share. SR Hi, I am trying to set up my internet connection sharing linux box as a stand-alone samba server. When i try to access the server from a Windows XP Pro client using \\192.168.0.1 i get a dialog box asking for a username and password. I duly enter this and the dialog box immediately re-appears without connecting me to the share. There exists both a samba and linux account with the same password which is also the same as the XP Pro logon. The XP Pro box is not set up to logon to a domain, both of the boxes are on the same workgroup. I can get samba to work using share-level security but only for a guest account. Would appreciate any suggestions *smb.conf* [global] workgroup = WORKGROUP netbios name = SAMBA server string = Samba server in user level security = users encrypt passwords = yes [Logs] path= /var/log valid user = ian -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] suse 8.2 Samba 3 LDAP :Cannot Log onto Domain Member Workstation After Joining Domain
In my windows 2000 machine I don't have Group Policy Editor , User Profiles not there, after chaning this setting also, I was not able to login. Refrence: == I had the same problem and the following steps executed on the Win2K system as Administrator did it for me: Start the Administrative Tools (Start / Settings / Control Panel / Administrative Tools). From there start the Local Security Policy. In the Local Security Policy open Local Policies and then Security Options. Disable the following entries: Domain member: Digitally encrypt or sign secure channel data (Always) Domain member: Digitally encrypt secure channel data (when possible) Domain member: Digitally sign secure channel data (when possible) Domain member: Require strong (Windows 2000 or later) session key In the Group Policy Editor (C:\windows\system32\gpedit.msc) enable the following entry: Computer Configuration\Administrative Templates\System\User Profiles\do not check for user ownership of roaming profiles folders == Hi, Now I was not able to login to the samba3 domain from windows 2000, after refreing this document http://us3.samba.org/samba/docs/man/samba-pdc.html#id2888010 Here is my smb.conf setting. client schannel = Auto server schannel = Auto client signing = auto server signing = No What should I change to login to the domain. I am attaching smb.conf file. [global] workgroup = TUX-NET passdb backend = ldapsam:ldap://localhost debuglevel = 3 time server = yes interfaces = 127.0.0.1 eth0 bind interfaces only = true printing = cups printcap name = cups load printers = yes wins support = Yes unix charset = LOCALE local master = yes domain master = yes domain logons = yes security = user add user script = ldapsmb -a -u %u delete user script = ldapsmb -d -u %u add machine script = ldapsmb -a -w %u add group script = ldapsmb -a -g %g delete group script = ldapsmb -d -g %g add user to group script = ldapsmb -j -u %u -g %g delete user from group script = ldapsmb -j -u %u -g %g set primary group script = ldapsmb -m -u %u -gid %g ldap admin dn = cn=Manager,dc=sfgroup,dc=com ldap suffix = dc=sfgroup,dc=com ldap machine suffix = ou=People ldap group suffix = ou=Groups ldap user suffix= ou=People -SR -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3 suse 8.2 ERROR: we did not create the shmem (owned by another user)
Hi all, When I start samba 3 on SUSE 8.2, I am gettig following error message. I re-installed the samba, also re-booted the machine, any help to fix this . [2003/12/31 12:21:19, 0] smbd/server.c:main(747) smbd version 3.0.0-SuSE started. Copyright Andrew Tridgell and the Samba Team 1992-2003 [2003/12/31 12:21:19, 0] profile/profile.c:profile_setup(140) ERROR: we did not create the shmem (owned by another user) [2003/12/31 12:21:19, 0] smbd/server.c:main(772) ERROR: failed to setup profiling SR -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] suse 8.2 Samba 3 LDAP :Cannot Log onto Domain Member Workstation After Joining Domain
Hi, Now I was not able to login to the samba3 domain from windows 2000, after refreing this document http://us3.samba.org/samba/docs/man/samba-pdc.html#id2888010 Here is my smb.conf setting. client schannel = Auto server schannel = Auto client signing = auto server signing = No What should I change to login to the domain. I am attaching smb.conf file. [global] workgroup = TUX-NET passdb backend = ldapsam:ldap://localhost debuglevel = 3 time server = yes interfaces = 127.0.0.1 eth0 bind interfaces only = true printing = cups printcap name = cups load printers = yes wins support = Yes unix charset = LOCALE local master = yes domain master = yes domain logons = yes security = user add user script = ldapsmb -a -u %u delete user script = ldapsmb -d -u %u add machine script = ldapsmb -a -w %u add group script = ldapsmb -a -g %g delete group script = ldapsmb -d -g %g add user to group script = ldapsmb -j -u %u -g %g delete user from group script = ldapsmb -j -u %u -g %g set primary group script = ldapsmb -m -u %u -gid %g ldap admin dn = cn=Manager,dc=sfgroup,dc=com ldap suffix = dc=sfgroup,dc=com ldap machine suffix = ou=People ldap group suffix = ou=Groups ldap user suffix= ou=People -SR -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.1 RMP?
You can download from jhone web site http://samba.org/~jht/files/RPMS/ Hi All - i'm new to linux My Specs: Suse 9.0 Windows 2003 Server (PDC) My needs: authenticating with Windows 2003 Server My Problem: Samba 2.x.x not working with Windows 2003 Server (worked with Windows 2000 Server!?) My Solution: Try Samba 3.0.1... Unfortunately - I could noy locate a RPM for Samba 3.0.1 so far... Have any one got any idea where I would be able to get hold of such an RPM? Regards Mynhardt -- Mr M Loubser (Network Administrator Postmaster) Stellenbosch High School Voice: +27 21 887 3082 X123 http://WWW.STELLIES.COM ...captain - my captain? -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.1 - installation?
Hi, I am using only SuSE 8.2. you can try to download SuSE 9 RPM here. ftp://ftp.sernet.de/pub/samba http://ftp.sernet.de/pub/samba Thanks Thank you - i got the needed RPMs for Samba 3.0.1 On installing Samba 3.0.1 via YaST it requires the following: libasn.so.5 libcom.err.so.1 libcrypto.so.0.9.6 libpopt.so.0 libroken.so.9 libssl.so.0.9.6 i do not know what this is? how do i get arround this? Are these RPMs I need to install? what will the name of the RPMs be? Greets Mynhardt On 30 Dec 2003 at 9:40, Sundaram Ramasamy wrote: You can download from jhone web site http://samba.org/~jht/files/RPMS/ Thank you Sundaram Hi All - i'm new to linux My Specs: Suse 9.0 Windows 2003 Server (PDC) My needs: authenticating with Windows 2003 Server My Problem: Samba 2.x.x not working with Windows 2003 Server (worked with Windows 2000 Server!?) My Solution: Try Samba 3.0.1... Unfortunately - I could noy locate a RPM for Samba 3.0.1 so far... -- Mr M Loubser (Network Administrator Postmaster) Stellenbosch High School Voice: +27 21 887 3082 X123 http://WWW.STELLIES.COM ...captain - my captain? -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Changing password from windows
Hi, I am also getting same kind of error message with samab 2.2.8a LDAP PDC. Here my smb.conf file. [global] coding system = client code page = 850 code page directory = /usr/share/samba/codepages netbios aliases = netbios scope = server string = Percipia PDC Server interfaces = bind interfaces only = No security = USER encrypt passwords = Yes update encrypted = No allow trusted domains = Yes hosts equiv = min passwd length = 5 map to guest = Never null passwords = No obey pam restrictions = Yes password server = smb passwd file = /etc/samba/smbpasswd root directory = pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n*passwd:*all*authentication*tokens*updated*successfully* passwd chat debug = Yes username map = password level = 0 username level = 0 unix password sync = Yes restrict anonymous = No lanman auth = Yes use rhosts = No admin log = No log level = 103 syslog = 1 syslog only = No log file = /var/log/samba/%m.log max log size = 50 timestamp logs = Yes debug hires timestamp = No debug pid = No debug uid = No protocol = NT1 large readwrite = Yes max protocol = NT1 min protocol = CORE read bmpx = No read raw = Yes write raw = Yes acl compatibility = nt smb support = Yes nt pipe support = Yes nt status support = Yes announce version = 4.9 announce as = NT max mux = 50 max xmit = 16644 name resolve order = lmhosts host wins bcast max ttl = 259200 max wins ttl = 518400 min wins ttl = 21600 time server = No unix extensions = No change notify timeout = 60 deadtime = 0 getwd cache = Yes keepalive = 300 lpq cache time = 10 max smbd processes = 0 max disk size = 0 max open files = 1 name cache timeout = 660 read size = 16384 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 stat cache size = 50 use mmap = Yes total print jobs = 0 load printers = Yes printcap name = /etc/printcap disable spoolss = No enumports command = addprinter command = deleteprinter command = show add printer wizard = Yes os2 driver map = strip dot = No mangling method = hash character set = ISO8859-1 mangled stack = 50 stat cache = Yes domain admin group = domain guest group = machine password timeout = 604800 add user script = /usr/local/sbin/smbldap-useradd.pl -m -d /dev/null -g Domain Computers -s /bin/false delete user script = logon script = logon path = \\%N\%U\profile logon drive = H: logon home = \\%N\%U domain logons = Yes os level = 64 lm announce = Auto lm interval = 60 preferred master = Yes local master = Yes domain master = Yes browse list = Yes enhanced browsing = Yes dns proxy = Yes wins proxy = No wins server = wins support = Yes wins hook = kernel oplocks = Yes lock spin count = 3 lock spin time = 10 oplock break wait time = 0 ldap server = 127.0.0.1 ldap port = 389 ldap suffix = dc=sfgroup,dc=com ldap filter = ((uid=%u)(objectclass=sambaAccount)) ldap admin dn = cn=Manager,dc=sfgroup,dc=com ldap ssl = no add share command = change share command = delete share command = config file = preload = lock dir = /var/cache/samba pid directory = /var/run utmp directory = wtmp directory = utmp = No default service = message command = dfree command = valid chars = remote announce = remote browse sync = socket address = 0.0.0.0 homedir map = auto.home time offset = 0 NIS homedir = No source environment = panic action = hide local users = No host msdfs = No winbind uid = winbind gid = template homedir = /home/%D/%U template shell = /bin/false winbind separator = \ winbind cache time = 15 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = No comment = path = alternate permissions = No username = guest account = nobody invalid users = valid
[Samba] suse 8.2 Samba 3 LDAP Domain Join Error : Logon failure: unknown user name or bad password
Hi, I am using suse 8.2 with samba 3+ LDAP PDC. When I try to join the W2K machine I am getting Logon failure: unknown user name or bad password. with root user I was able log in to the machine, Even from Windows 2000 I was able to access the share like this \\192.168.0.101. Here is some more information. Any Help to fix this. -Sundaram linux:/var/log # id root uid=0(root) gid=512(Domain Admins) groups=512(Domain Admins) rpm -qa | grep sam samba3-client-3.0.1-15 samba3-3.0.1-15 samba3-doc-3.0.1-15 samba3-winbind-3.0.1-15 linux:/var/log # testparm -s Load smb config files from /etc/samba/smb.conf Processing section [homes] Processing section [printers] Loaded services file OK. # Global parameters [global] workgroup = TECHGROUP netbios name = RISHI server string = rishi Samba Server null passwords = Yes passdb backend = ldapsam passwd program = /usr/local/bin/smbldap-passwd.pl -o %u passwd chat = *new*password* %n\n *new*password:* %n\ *successfully* passwd chat debug = Yes log level = 3 log file = /var/log/samba/%m.log socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 add user script = /usr/local/sbin/smbldap-useradd.pl -a %u delete user script = /usr/local/sbin/smbldap-useradd.pl -d %u add group script = /usr/local/sbin/smbldap-useradd.pl -a -g %g delete group script = /usr/local/sbin/smbldap-useradd.pl -d -g %g add user to group script = /usr/local/sbin/smbldap-useradd.pl -j -u %u -g %g delete user from group script = /usr/local/sbin/smbldap-useradd.pl -j -u %u -g %g set primary group script = /usr/local/sbin/smbldap-useradd.pl -m -u %u -gid %g add machine script = /usr/local/sbin/smbldap-useradd.pl -a -w %m domain logons = Yes os level = 22 preferred master = Yes local master = No domain master = Yes dns proxy = No wins support = Yes ldap suffix = dc=sfgroup,dc=com ldap machine suffix = ou=People ldap user suffix = ou=People ldap group suffix = ou=Groups ldap filter = ((uid=%u)(objectclass=sambaSamAccount)) ldap admin dn = cn=Manager,dc=sfgroup,dc=com ldap ssl = no [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No LDAP data: == linux:/var/log # ldapsearch -x # extended LDIF # # LDAPv3 # base with scope sub # filter: (objectclass=*) # requesting: ALL # # sfgroup.com dn: dc=sfgroup,dc=com objectClass: dcObject objectClass: organization dc: sfgroup o: sfgroup # People, sfgroup.com dn: ou=People,dc=sfgroup,dc=com objectClass: organizationalUnit ou: People # Groups, sfgroup.com dn: ou=Groups,dc=sfgroup,dc=com objectClass: organizationalUnit ou: Groups # Computers, sfgroup.com dn: ou=Computers,dc=sfgroup,dc=com objectClass: organizationalUnit ou: Computers # nobody, People, sfgroup.com dn: uid=nobody,ou=People,dc=sfgroup,dc=com cn: nobody sn: nobody objectClass: inetOrgPerson objectClass: sambaSAMAccount objectClass: posixAccount gidNumber: 514 uid: nobody uidNumber: 999 homeDirectory: /dev/null sambaPwdLastSet: 0 sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaPwdMustChange: 2147483647 sambaHomePath: \\rishi\homes sambaHomeDrive: _HOMEDRIVE_ sambaProfilePath: \\_PDCNAME_\profiles\ sambaPrimaryGroupSID: S-1-5-21-3516781642-1962875130-3438800523-514 sambaLMPassword: NO PASSWORDX sambaNTPassword: NO PASSWORDX sambaAcctFlags: [NU ] sambaSID: S-1-5-21-3516781642-1962875130-3438800523-2998 loginShell: /bin/false # Domain Admins, Groups, sfgroup.com dn: cn=Domain Admins,ou=Groups,dc=sfgroup,dc=com objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 512 cn: Domain Admins description: Netbios Domain Administrators sambaSID: S-1-5-21-3516781642-1962875130-3438800523-512 sambaGroupType: 2 displayName: Domain Admins # Domain Users, Groups, sfgroup.com dn: cn=Domain Users,ou=Groups,dc=sfgroup,dc=com objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 513 cn: Domain Users description: Netbios Domain Users sambaSID: S-1-5-21-3516781642-1962875130-3438800523-513 sambaGroupType: 2 displayName: Domain Users # Domain Guests, Groups, sfgroup.com dn: cn=Domain Guests,ou=Groups,dc=sfgroup,dc=com objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 514 cn: Domain Guests description: Netbios Domain Guests Users sambaSID: S-1-5-21-3516781642-1962875130-3438800523-514 sambaGroupType: 2 displayName: Domain Guests # Administrators, Groups, sfgroup.com dn: cn=Administrators,ou=Groups,dc=sfgroup,dc=com objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 544 cn: Administrators description: Netbios Domain Members can fully
[Samba] Getting NT Domain password.
I would like to know this is possible. I want to move my windows domain users to Linux samba account. Is it possible to get the current windows domain password and populate the ldap database? Thanks SR
[Samba] re-exporting smb mounted filesystems from Redhat linux 8.0 to Solaris 8.0
Hi, I am trying to mount the windows NT share to solaris 8.0using Redhat 8.0 nfs. Using smbmount I mounted windows share in Linux as /home/percipia/smb. I setup Linux as NFS Server and exported /home as nfs export. [root@ldap root]# cat /etc/exports/home 192.168.1.0/255.255.255.0(ro,nohide,insecure,sync) [root@ldap root]# rpcinfo -p program vers proto port 10 2 tcp 111 portmapper 10 2 udp 111 portmapper 100024 1 udp 32768 status 100024 1 tcp 32768 status 391002 2 tcp 32769 sgi_fam 100011 1 udp 639 rquotad 100011 2 udp 639 rquotad 100011 1 tcp 642 rquotad 100011 2 tcp 642 rquotad 13 2 udp 2049 nfs 13 3 udp 2049 nfs 100021 1 udp 32787 nlockmgr 100021 3 udp 32787 nlockmgr 100021 4 udp 32787 nlockmgr 15 1 udp 32788 mountd 15 1 tcp 32815 mountd 15 2 udp 32788 mountd 15 2 tcp 32815 mountd 15 3 udp 32788 mountd 15 3 tcp 32815 mountd In Solaris, I was able to mount the Linux nfs share: bash-2.03# showmount -e 192.168.1.135export list for 192.168.1.135:/home 192.168.1.0/255.255.255.0 bash-2.03# mount 192.168.1.135:/home /tmp/mnt bash-2.03# ls /tmp/mntlost+found percipia sysadm zzz bash-2.03# ls /tmp/mnt/percipia/smb No files listing. Its not showing windows files. In the news groups, I saw the following messages ruing nfsd with --re-export option. Redhat 8.0 nfsd man page I don't see the --re-export option. Do I need to install some other NFS package?. [root@ldap root]# rpm -qa | grep -I nfsredhat-config-nfs-1.0.1-3nfs-utils-1.0.1-2 Any help to achine withis Thanks -SR New Group message: === From the Linux man-page nfsd(8): -r or --re-export Allow imported NFS file-systems to be exported. This can be used to turn a machine into an NFS mul- tiplier. Caution should be used when re-exporting loopback NFS mounts because re-entering the mount point will result in deadlock between the NFS client and the NFS server. I would like to thank everybody who has found time to share theirexpertise in this matter. After having played with 3 versions of Red HatLinux(5.1, 6.2, 7.0), recompiling from source two kernels (2.2.18, 2.4.2),experimenting with 3 versions of nfs-utils (0.1.6, 0.1.9, 0.3.1), andfinally coming back to nfs-server-2.2beta, I finally made it work! If youremember, when I had it partially working with nfs-server-2.2beta before,all I had to do is add another modification to the /etc/rc.d/init.d/nfsscript. Turns out that not only rpc.mountd daemon, but also rpc.nfsddaemon has to be started with --re-export option. It will then make thesubdirectory structure of /foo available to A as well. It was a greatexperience, and I learned a lot of new things. Again, thanks for yourhelp.
[Samba] WinNT - samba - Linux - NFS - Solaris
I haveSolaris machines that I'd like to use togain access to SMB shared drives. I can get a Linux box tomount SMB shares via samba. I can get a Solaris box to accessfiles on a Linux box using NFS. Can I get the Solaris box toaccess files on the Linux box, which actually are mounted to SMBshares using samba (smbmount)on the Linux box? Is there any documents for this? Thanks -SR
[Samba] PAM rlogin Winbind - Solaris - NT Domain
Hi, I am trying to install winbind PAM on my Solaris 8 machine. The Samba server has been added to the domain as a member server, and things, like getent passwd and group actually work and showing the NT domain accounts . Since its production machine first I want to enable winbind authentication for rloing module. I made change in my /etc/pam.conf. But I was not able to login. Same configuration works in Linux machine. I am attaching my configuration files. please help me Thanks SR $ rlogin [EMAIL PROTECTED] Password: Login incorrect rlogin: connection closed. bash-2.03# ls /export/home/guest bash-2.03# tail -f /var/adm/messages Dec 10 09:26:03 pnet login[1622]: [ID 468494 auth.crit] login account failure: No account present for user bash-2.03# /usr/local/samba/bin/wbinfo -t Secret is good ***Versions:*** Solaris 8 Samba 2.2.7 compiled --with-pam --with-winbind more /etc/nsswitch.conf passwd: files winbind group: files winbind ***smb.conf*** [global] # printing = bsd # printcap name = /etc/printcap # load printers = yes guest account = pcguest workgroup = TECHGROUP #security = Share security = DOMAIN ENCRYPT PASSWORDS = YES password server = enterprise hosts allow = localhost, pnet, 192.168.1.140, 192.168.1. hosts deny = All # use uids from 1 to 2 for domain users winbind uid = 1-2 # use gids from 1 to 2 for domain groups winbind gid = 1-2 # allow enumeration of winbind users and groups winbind enum users = yes winbind enum groups = yes # give winbind users a real shell (only needed if # they have telnet access) template homedir = /export/home/%U #template homedir = /home/%U template shell = /bin/bash winbind separator = + wins support = no wins server = 192.168.1.135 name resolve order = hosts lmhosts bcast ; This next option sets a separate log file for each client. Remove ; it if you want a combined log file. log file = /var/log/log.%m log level = 2 ; You will need a world readable lock directory and "share modes=yes" ; if you want to support the file sharing modes for multiple users ; of the same files lock directory = /usr/local/samba/var/locks share modes = yes [homes] comment = Home Directories browseable = no read only = no create mode = 0750 [printers] comment = All Printers browseable = no printable = yes public = no writable = no create mode = 0700 [share] path = /export/home/share comment = Solaris share guest ok = Yes read only = No bash-2.03# more /etc/pam.conf # #ident "@(#)pam.conf 1.1499/09/16 SMI" # # Copyright (c) 1996-1999, Sun Microsystems, Inc. # All Rights Reserved. # # PAM configuration # # Authentication management # login auth required /usr/lib/security/$ISA/pam_unix.so.1 login auth required /usr/lib/security/$ISA/pam_dial_auth.so.1 # rlogin auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1 rlogin auth sufficient /usr/lib/security/pam_winbind.so debug rlogin auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass # dtlogin auth required /usr/lib/security/$ISA/pam_unix.so.1 # rsh auth required /usr/lib/security/$ISA/pam_rhosts_auth.so.1 other auth required /usr/lib/security/$ISA/pam_unix.so.1 # # Account management # login account requisite /usr/lib/security/$ISA/pam_roles.so.1 login account required/usr/lib/security/$ISA/pam_unix.so.1 # dtlogin account requisite /usr/lib/security/$ISA/pam_roles.so.1 dtlogin account required/usr/lib/security/$ISA/pam_unix.so.1 # other account requisite /usr/lib/security/$ISA/pam_roles.so.1 other account required/usr/lib/security/$ISA/pam_unix.so.1 # # Session management # other session required/usr/lib/security/$ISA/pam_unix.so.1 # # Password management # other password required /usr/lib/security/$ISA/pam_unix.so.1 dtsession auth required /usr/lib/security/$ISA/pam_unix.so.1 # # Support for Kerberos V5 authentication (uncomment to use Kerberos) # #rlogin auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass #login auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass #dtloginauth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_p ass #other auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass #dtloginaccount optional /usr/lib/security/$ISA/pam_krb5.so.1
Re: [Samba] Installed New version of Samba for HPUX 2.2.7 - Winbind doesn't w ork
if your winbind separator is + then try this command wbinfo -a domainname+userid%passwd -SR - Original Message - From: Jennifer Fountain [EMAIL PROTECTED] To: 'Gareth Davies' [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, December 11, 2002 10:40 AM Subject: RE: [Samba] Installed New version of Samba for HPUX 2.2.7 - Winbind doesn't w ork I am having the weirdest problems with this. when i run ./wbinfo -A userid%password, i get plaintext password auth failed and ./wbinfo -a userid%password, i get could not obtain winbind separator or domain name. i can't find anything wrong! -Original Message- From: Gareth Davies [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 10, 2002 11:19 AM To: Jennifer Fountain; [EMAIL PROTECTED] Subject: Re: [Samba] Installed New version of Samba for HPUX 2.2.7 - Winbind doesn't w ork Original Message - From: Jennifer Fountain [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, December 10, 2002 4:08 PM Subject: [Samba] Installed New version of Samba for HPUX 2.2.7 - Winbind doesn't w ork Errors: could not check secret 'ping' to winbindd failed winbind is in my nsswitch any ideas? Thanks Nope sorry, mis-placed my crystal ball today :) Shaolin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
