[Samba] Well hells bells
I just found out about the preconfigured packages for pfsense And got Asterisk 10 running on FreeBSD... Strange world we live in. TMS III -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help - Mounting a Windows computer with two IP addresses
Hi all, I need to mount a Windows share locally on my laptop. However, I cannot do this via sudo mount -t smbfs //host_name/share_name /local_mount because the host_name has two IP addresses with it as shown by nmblookup //host_name. In Windows network adapter settings, disable netbios over tcp/ip for the address you don't want. If you have a WINS server delete the entry for that IP after disabling it. (That is, I try mounting and I'm given this error: mount error(115): Operation now in progress Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) ) One IP address is a static one which the Windows computer uses to connect to another machine. The other IP address is a DHCP-given IP and is the one I need to connect to. I can mount the share if I use sudo mount -t smbfs //dhcp_ip/share_name /local_mount however, this is problematic for obvious reasons since I need the mount to be permanent (eventually going in fstab). My question is: Is there a way to ignore the static IP address when mounting? Further info: I can connect to the Windows machine using smbclient //host_name/share_name and browse just fine. Also, nautilus can browse the remote file system as well. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Fw: PDC/wins on multiple networks
Hi, The pc that runs the samba server is my own property, it also dubs as router and dhcp server. I assign WINS server to the clients by dhcp using dnsmasq. I do not need or want to setup a domain. I just want to share files between the two networks using windows neighborhood and a workgroup, just like the clients would have been connected in the same network. I have deleted the remote anounce thingy but the error is the same: The network path could not be found WINS needs to be set up correctly. Maybe something has to do with the firewall? can you tell me which ports to open and their direction ? Ports 137, 138, 139, and 445 should be sufficient. -- .. Microsoft broke the Volkswagen world record: Volkswagen only made 22 million bugs! .. It is time for us to stand and cheer for the doer, the achiever, the one who recognizes the challenge and does something about it. -Vince Lombardi .. Everybody can learn how to make kids, but not everyone can raise them right! From: Daniel Müller muel...@tropenklinik.de To: Gala Dragos gala_dra...@yahoo.com Cc: samba list samba@lists.samba.org Sent: Thursday, March 24, 2011 11:24 PM Subject: Re: [Samba] PDC/wins on multiple networks Hi, you have a (Samba)domain server and it is your wins? You just to have an entry in your win xp clients wins-server: YourSambaWinsServer.Enable Netbios over TCP .. That is all. No: remote announce = 192.168.5.255/WORKGROUP 192.168.7.255/WORKGROUP This is working for me with 3 subnets. On Thu, 24 Mar 2011 13:25:41 -0700 (PDT), Gala Dragos gala_dra...@yahoo.com wrote: Hi to everyone on the mailing list. I have two networks at home, apart from the internet. One is the wired network, LAN, and the other is the wireless network, WLAN. They need to be separated, not bridged, because of hardware issues. I am trying to setup inter-networking browsing on these networks, pc's on LAN should see and browse pc's on WLAN and viceversa. After reading the manual I have enabled wins server master and wins proxy in samba configuration. However I can only see the pc's from the other network, but I cannot browse them, windows returns an error like network path could not be found. The samba server runs on my router box, together with the firewall (managed through shorewall) and dnsmasq for dhcp/dns. Below is my global smb.conf part. [global] server string = Samba Server interfaces = eth1, lo, wlan0 bind interfaces only = Yes security = SHARE log file = /var/log/samba/%m.log max log size = 50 announce as = NT Workstation os level = 99 lm interval = 10 preferred master = Yes domain master = Yes wins proxy = Yes wins support = Yes remote announce = 192.168.5.255/WORKGROUP 192.168.7.255/WORKGROUP create mask = 0666 case sensitive = No preserve case = No short preserve case = No hide special files = Yes map hidden = Yes store dos attributes = Yes Thanks. -- . Microsoft broke the Volkswagen world record: Volkswagen only made 22 million bugs! . It is time for us to stand and cheer for the doer, the achiever, the one who recognizes the challenge and does something about it. -Vince Lombardi . Everybody can learn how to make kids, but not everyone can raise them right! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] qmail schema
Hallo all, I need help right now, i've installed samba PDC and i think it work's, i can add and remove users and groups. I need to include qmail.schema on my slapd.conf, so i have copied qmail.schema file on /etc/openldap/schema/ but when i restart ldap service always failed, this is the error message on /var/log/message : Mar 24 16:18:52 x slapd[2144]: slapd shutdown: waiting for 0 operations/tasks to finish Mar 24 16:18:52 x slapd[2144]: slapd stopped. Mar 24 16:18:55 x slapd[3982]: @(#) $OpenLDAP: slapd 2.4.21 (Jul 5 2010 13:34:44) $#012#011abuild@build24:/usr/src/packages/BUILD/openldap-2.4.21/servers/slapd Mar 24 16:18:55 x slapd[3982]: /etc/openldap/schema/qmail.schema: line 19: You have a problem with your db def's at line 19 in qmail.schema. That's where you need to look. unknown directive # outside backend info and database definitions. Mar 24 16:18:55 x slapd[3982]: slapd stopped. Mar 24 16:18:55 x slapd[3982]: connections_destroy: nothing to destroy. This is installed on my server : - openSUSE 11.3 - samba-3.5.4-4.1.i586 - openldap2-2.4.21-9.1.i586 This is my slapd.conf : # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/samba3.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/phpQLAdmin.schema include /etc/openldap/schema/qmail.schema pidfile /var/run/slapd/slapd.pid argsfile/var/run/slapd/slapd.args # Load dynamic backend modules: modulepath /usr/lib/openldap/modules # moduleloadback_bdb.la # moduleloadback_hdb.la # moduleloadback_ldap.la access to * by * read ### # BDB database definitions ### databasebdb suffix dc=x,dc=xxx checkpoint 10245 cachesize 4 rootdn cn=Manager,dc=x,dc=xxx rootpw x directory /var/lib/ldap index objectClass eq index cn,sn,uid pres,sub,eq #index mail,accountStatus eq #index mailHost,mailMessageStore sub,eq #index mailQuotaSize eq index userPasswordeq index uidNumber eq index gidNumber eq index memberUid eq index givenname eq index sambaSIDeq index sambaPrimaryGroupSIDeq index sambaDomainName eq index default sub Please give a suggest for this problem. Thx, Dee dee -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 domain trust to windows 2003 domain
Hi, i have installed Samba4 ALPHA 15 on debian/ubuntu how to described in http://wiki.samba.org/index.php/Samba4/HOWTO all ok i created a domain and i have join pc and member server, etc.. etc... Now i want trust my test domain with a existent windows AD domain, is possible? exist an HOWTO that described this procedure? AFAIK that functionality does not exist yet. thanks. -- Zanon Luca write me at luca.zanon[at]gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
You should show us enough information for us to re-produce such as all content of smb.conf and related settings: In my lab, profile dir is successfully created. My env is... - Debian lenny (hostname is lenny5) + self-compiled Samba 3.5.6 - my smb.conf and shares --- [global] workgroup = SAMBA domain logons = yes add machine script = useradd %u map to guest = bad user logon path = \\lenny5\profiles\%U [homes] writeable = yes browseable = no [profiles] path = /var/lib/samba/shares/profiles guest ok = yes browseable = no create mask = 0600 directory mask = 0700 writeable = yes --- # ls -lR /var/lib/samba /var/lib/samba/: total 4 drwxr-xr-x 6 root root 4096 2011-03-15 20:48 shares /var/lib/samba/shares: total 16 drwxrwxrwx 6 root root 4096 2011-03-17 01:07 profiles - Created a user: # useradd -d /var/home/test01 test01 # smbpasswd -a test01 # pdbedit -v test01 ... Profile Path: \\lenny5\profiles\test01 ... - When I logon as test01 from Windows XP workstation which is already joined to the SAMBA domain and logoff, profiles are created like: # ls -lR /var/lib/samba total 4 drwxr-xr-x 6 root root 4096 2011-03-15 20:48 shares /var/lib/samba/shares: total 16 drwxrwxrwx 6 root root 4096 2011-03-17 01:07 profiles /var/lib/samba/shares/profiles: total 16 drwx-- 13 test01 test01 4096 2011-03-17 01:08 test01 /var/lib/samba/shares/profiles/test01: total 568 drwx-- 3 test01 test01 4096 2010-10-11 01:10 Start Menu drwx-- 2 test01 test01 4096 2010-10-11 01:10 Desktop drwx-- 4 test01 test01 4096 2011-03-17 01:08 Application Data drwx-- 2 test01 test01 4096 2010-10-11 01:18 Cookies drwx-- 3 test01 test01 4096 2011-03-17 01:08 Favorites drwx-- 4 test01 test01 4096 2011-03-17 01:08 My Documents drwx-- 2 test01 test01 4096 2010-10-11 01:10 NetHood -rw--- 1 test01 test01 524288 2011-03-17 01:08 NTUSER.DAT -rw--- 1 test01 test01 1024 2011-03-17 01:08 ntuser.dat.LOG -rw--- 1 test01 test01270 2011-03-17 01:08 ntuser.ini ... --- TAKAHASHI Motonobumo...@monyo.com smb.conf [global] printing = bsd netbios name = PDC server string = PDC (%h) workgroup = workgroup interfaces = eth0,lo security = user encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . local master = yes preferred master = yes os level = 200 domain master = yes domain logons = yes add user script = /usr/sbin/useradd -m '%u' -g ntusers -G ntusers -s /bin/false delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/usermod -G '%g' '%u' add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody '%u' -g machines logon path = \\%L\profile\%U logon drive = h: logon script = %U.bat profile acls = yes hide files = /desktop.ini/ntuser.ini/NTUSER.*/Thumbs.db/ wins support = no log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 log level = 12 panic action = /usr/share/samba/panic-action %d use sendfile = yes Where is your profile path? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Debian Lenny 5.04 and DMS in Windows 2000 Native Domain +Forest with Samba 3.2.5
Hello All, I have been struggling with this for a long, long time. I came here looking for answers. So, I have a VM running Debian Lenny. I install the apt package samba, which installs 3.2.5. I work in a large university with an extensive Active Directory environment, both forest and domain running in Win2k native mode. There is a NetApp filer which houses all our admin files, scripts, and installers. Nothing really special. The computer, FILESERVER, is in the child domain of the forest, whose root domain is DOMAIN.FOREST.UNIVERSITY.TLD. The root domain is FOREST.UNIVERSITY.TLD. Now, can I mount this without joining the domain? I have tried reading the documentation, and I think this is It's quite unclear what you are trying to accomplish. What are your goals/purposes with this VM? telling me no. Use of raw SMB over TCP/IP (No NetBIOS layer) can be done only with Active Directory domains. Samba is not an Active Directory domain controller: ergo, it is not possible to run Samba as a domain controller and at the same time not use NetBIOS. Where Samba is used as an Active Directory domain member server (DMS) it is possible to configure Samba to not use NetBIOS over TCP/IP. A Samba DMS can integrate fully into an Active Directory domain, however, if NetBIOS over TCP/IP is disabled, it is necessary to manually create appropriate DNS entries for the Samba DMS because they will not be automatically generated either by Samba, or by the ADS environment. [0] So if I do not need to join this Debian VM to the domain, what is the proper config and/or command structure? I have toyed with disable netbios = yes and security = ads, but it still does now work well. When I run smbclient, I can pull up a connection just fine, browse files, and even upload. smbclient -L fileserver.domain.forest.university.tld\\PubShare0 -W DOMAIN.FOREST.UNIVERSITY.TLD -U my_ad_account However, mounting it never, ever works. It mentions NBT being disabled when getting a share list, among all the shares listed. Domain=[DOMAIN] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager] Sharename Type Comment - --- IPC$IPC Remote IPC ETC$Disk Remote Administration C$ Disk Remote Administration Data$ Disk PubShare0 Disk PubShare1 Disk PubShare2 Disk PubShare3 Disk PubShare5 Disk PubShare5 Disk Connection to fileserver.domain.forest.university.tld failed (Error NT_STATUS_CONNECTION_REFUSED) NetBIOS over TCP disabled -- no workgroup available When I mount, I envitably get an IO error. BACC-UTIL-VM:/home/me# whoami root BACC-UTIL-VM:/home/me# smbmount //fileserver.domain.forest.university.tld/PubShare0 /mnt/fileserver/pubshare0/ --verbose -o domain=DOMAIN.FOREST.UNIVERSITY.TLD,user=my_ad_account Password: mount.cifs kernel mount options: unc=//fileserver.domain.forest.university.tld\share,ip=10.XXX.XX.XX,ver=1,domain=GEORGETOWN.MEI.GEORGETOWN.EDU,user=ajs67,pass=mount error 5 = Input/output error Refer to the mount.cifs(8) manual page (e.g.man mount.cifs) BACC-UTIL-VM:/home/me# Why is this? Will it go away if and when I join the domain? The IP address is accurate and their are proper DNS entries. None of the variations I try work. As someone clued me in on IRC, NBT is probably the culprit here, so I want to better understand the underlying principle, and then figure out the correct config for the future. Sorry for the outrageously long email, but I love my Linux and hate my Windows. This will make my transition much, much easier. Best, _AJS [0]http://samba.org/samba/docs/man/Samba-HOWTO-Collection/NetworkBrowsing.html#id2580798 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] problem with samba 3.5.6 try to join W2K8
hi, I trying to join a samba 3.5.6 (debian) on a domain W2K8 without kerberos followin the wiki page (http://wiki.samba.org/index.php/Samba__Active_Directory) using net ads join ads implies kerberos i've got this error Failed to join domain: failed to join domain 'MYDOMAIN.COM' over rpc: NT_STATUS_NOT_SUPPORTED conf in /etc/smb.conf workgroup = MYDOMAIN server string = %h server # allow trusted domains = no realm = MYDOMAIN.COM password server = mntphone001.mydomain.com preferred master = no security = ADS encrypt passwords = yes log level = 5 log file = /var/log/samba/%m max log size = 50 printcap name = cups printing = cups winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind nested groups = Yes winbind separator = + idmap uid = 2000-2 idmap gid = 2000-2 client use spnego = yes ;template primary group = Domain Users template shell = /bin/bash auth methods = winbind log i have when i do net ads join -Umylogin%passwd -S mntphone001.mydomain.com -d 2 rlimit_max: rlimit_max (1024) below minimum Windows limit (16384) [2011/03/02 13:24:00.801641, 2] lib/interface.c:340(add_interface) added interface eth0 ip=fe80::213:72ff:fe56:6db6%eth0 bcast=fe80:::::%eth0 netmask=::::: [2011/03/02 13:24:00.801787, 2] lib/interface.c:340(add_interface) added interface eth0 ip=172.23.36.4 bcast=172.23.36.255 netmask=255.255.255.0 [2011/03/02 13:24:00.802018, 1] libnet/libnet_join.c:1947(libnet_Join) libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx in: struct libnet_JoinCtx dc_name : 'mntphone001.mydomain.com' machine_name : 'MNTSLX001' domain_name : * domain_name : 'MYDOMAIN.COM' account_ou : NULL admin_account: 'mylogin' admin_password : * machine_password : NULL join_flags : 0x0023 (35) 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT 0: WKSSVC_JOIN_FLAGS_DEFER_SPN 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE os_version : NULL os_name : NULL create_upn : 0x00 (0) upn : NULL modify_config: 0x00 (0) ads : NULL debug: 0x01 (1) use_kerberos : 0x00 (0) secure_channel_type : SEC_CHAN_WKSTA (2) [2011/03/02 13:24:00.814776, 1] libnet/libnet_join.c:1978(libnet_Join) libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx out: struct libnet_JoinCtx account_name : NULL netbios_domain_name : 'MYDOMAIN' dns_domain_name : 'mydomain.com' forest_name : 'root.com' dn : NULL domain_sid : * domain_sid : S-1-5-21-796845957-790525478-725345543 modified_config : 0x00 (0) error_string : 'failed to join domain 'MYDOMAIN.COM' over rpc: NT_STATUS_NOT_SUPPORTED' domain_is_ad : 0x01 (1) result : WERR_NOT_SUPPORTED [2011/03/02 13:24:00.815116, 2] utils/net.c:916(main) return code = -1 Failed to
Re: [Samba] Settings ACLS from Windows via member server
SNIP 2) With a non-AD environment, should our samba member servers run winbind? My understanding is not, but this could be part of the problem. If you want to set ACLs of domain users and groups, you have to run winbindd regardless of AD env. or not. I've done acls just using nss_ldap. # You can set ACLs of server local users and groups without running winbindd. --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Settings ACLS from Windows via member server
X-SpamDetect-Info: - End ASpam results - If you want to set ACLs of domain users and groups, you have to run winbindd regardless of AD env. or not. # You can set ACLs of server local users and groups without running winbindd. Hmm... I was working from: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html#id2604553 I have NSS setup to resolve via LDAP, which contains all of the appropriate user/group information that samba should need. The second heading on this page, Winbind is not used; users and groups resolved via NSS seemed to read as though I didn't actually need winbind. My concern here is that winbind appears to be necessary to create unix users for non-existent Windows NT domain users. This isn't our case... ever user available in the Windows NT domain (managed by the samba PDC/BDC) exist in LDAP and, therefore, unix as well. Do you have acls set on the file system for the member servers? Winbind is for authentication purposes, not files system acls. Regardless... I enable winbind and the behavior is the same. Once winbind is started, I can query most users (wbinfo -u) and groups (wbinfo -g). For some reason, some groups don't show. We have many groups and users, so I haven't checked them all, but a spot check suggests there are some missing. Mark -- -- I'd rather be burning carbohydrates than hydrocarbons -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Settings ACLS from Windows via member server
Do you have acls set on the file system for the member servers? Winbind is for authentication purposes, not files system acls. Without winbind I did not get users names in the ACLs tab under windwows? Do you get these? I don't currently have any S3 servers to check... John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Settings ACLS from Windows via member server
John, It would help the list to understand WHY you believe that winbind is NOT needed by the PDC/BDC, and WHY it is needed on member servers. Winbind, as the name suggests, does authentication for the unix server. Of course the manual has a very good write up of it: Winbind unifies UNIX and Windows NT account management by allowing a UNIX box to become a full member of an NT domain. Once this is done, the UNIX box will see NT users and groups as if they were “native” UNIX users and groups, allowing the NT domain to be used in much the same manner that NIS+ is used within UNIX-only environments... Additionally, Winbind provides an authentication service that hooks into the PAM system to provide authentication via an NT domain to any PAM-enabled applications. This capability solves the problem of synchronizing passwords between systems, since all passwords are stored in a single location (on the domain controller). http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html While subscribers keep explaining what they believe, and keep giving advice based on their belief system, rather than on well reasoned fact, confusion will continue to exist and complaints regarding Samba documentation will continue also. Are you willing to take a brave step to explain your reasoning? Cheers, John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] making BDC samba + ldap server
Hi Thanks, this howto for me its better. I have other doubt, syncrepl needs to be installed or comes integrated with slapd daemon? It is all part of the openldap suite. And to transfer all shared samba folders and profile content, when it's the better moment? I understand when samba is down or when is up? Depends on the permissions. However, so long as ALL the files to be transferred belong to users in LDAP then, with nss_ldap properly configured, any copy that preserves permissions should be fine. Thanks and Best Regards 2011/2/20 t...@tms3.com Now you are on to copy your slapd.conf and ldap.conf to your new machine: Ex: scp slapd.conf root@2machine:/etc/openldap ---HOw I can make this If slurpd is deprecated? The guide http://blog.suretecsystems.com/archives/129-Replacing-Slurpd-using-OpenLDAP-2.4.html not's easy to understand, not exist other howto more simple? Here is another guide. The first link is quite comprehensive. http://www.zytrax.com/books/ldap/ch7/ The entire online manual is a good read. I highly recommend it. Now important I do the trick with slurpd. There are many other ways but this is easy. Slurpd should be installed on your Master an only there. So go in to the slapd.conf on your master and put a few lines in it at the end. Be carefull all tabs must fit exact as this example: replica uri=ldap://IPOFYOUR2MACHINE:389 binddn=cn=youradmin,dc=your,dc=ldap suffix=dc=yourc,dc=ldap bindmethod=simple credentials=securepassword I understand the part of backup slapd only works with the service stopped? Well Im grateful for all your time :-) Thanks and Best Regards 2011/2/18 t...@tms3.com In my hint I think your samba PDC/Ldap is cuurently working well! First of all install a second machine with the samba and ldap. Do not start samba, do not start ldap. The ldap database should be nearly empty ex:/var/lib/ldap Now copy your smb.conf to your new machine ex: scp root@2machine:/etc/samba Edit the smb.conf to your needs and adjust it to be a bdc: domain master=NO domain logons=YES Make a testparm it should succed like this: testparm Load smb config files from /etc/samba/smb.conf Processing section [netlogon] WARNING: The share modes option is deprecated Processing section [sysvol] WARNING: The share modes option is deprecated Processing section [homes] Processing section [profiles] Processing section [alles] Processing section [printers] Processing section [print$] Loaded services file OK. Server role: ROLE_DOMAIN_BDC you are a BDC Press enter to see a dump of your service definitions Yes very nice! Now you are on to copy your slapd.conf and ldap.conf to your new machine: Ex: scp slapd.conf root@2machine:/etc/openldap Now important I do the trick with slurpd. Sorry, but Slurpd is depricated and no longer available in Openldap since 2.3 http://www.openldap.org/doc/admin24/replication.html#Replacing%20Slurpd Here is nice overview of the way LDAP currently works: http://blog.suretecsystems.com/archives/129-Replacing-Slurpd-using-OpenLDAP-2.4.html Once you have sync-repl set up on the current master, and a proper slapd.conf and ldap.conf file on the new machine, start ldap, then smbpasswd -w ldap-master-passwd net rpc join -Uadministrator domain name Done. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] making BDC samba + ldap server
Hi Ok, and how I config nss_ldap? When I copy all database is included? Well, the easiest way, for Samba use, is to simply cp your ldap.conf file for the ldap client application to nss_ldap.conf--cp ldap.conf nss_ldap.conf (this can be a bit confusing, as openldap uses a file called ldap.conf for configuring the ldap client as well as a file called ldap.conf for configuring basic ldap server process. The server file is generally contained in the directory where configuration files are kept in a subdirectory called openldap along with files like slapd.conf and is generally a small file witch looks something like this: # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. BASEdc=mydomain,dc=com URI ldapi://%2fvar%2frun%2fopenldap%2fldapi ldap://192.168.64.2:389 # TLS_CACERT /usr/local/etc/openldap/cacert.pem #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never whereas the ldap.conf for the client is rather lengthy and contains quite a bit of information for contacting the ldap server, how the dit should be searched, etc.) And, no, nss_ldap.conf has nothing to do with the ldap server. nss_ldap.conf can be used to contact an external ldap server, just as the ldap.conf for the ldap client application can/ Sorry for the newbie questions, If any time comes to barcelona contact me, you has a beer paid (Daniel too) :-) Well, now that's quite a generous offer. Much appreciated. Thanks and Best Regards 2011/2/20 t...@tms3.com Hi Thanks, this howto for me its better. I have other doubt, syncrepl needs to be installed or comes integrated with slapd daemon? It is all part of the openldap suite. And to transfer all shared samba folders and profile content, when it's the better moment? I understand when samba is down or when is up? Depends on the permissions. However, so long as ALL the files to be transferred belong to users in LDAP then, with nss_ldap properly configured, any copy that preserves permissions should be fine. Thanks and Best Regards 2011/2/20 t...@tms3.com Now you are on to copy your slapd.conf and ldap.conf to your new machine: Ex: scp slapd.conf root@2machine:/etc/openldap ---HOw I can make this If slurpd is deprecated? The guide http://blog.suretecsystems.com/archives/129-Replacing-Slurpd-using-OpenLDAP-2.4.html not's easy to understand, not exist other howto more simple? Here is another guide. The first link is quite comprehensive. http://www.zytrax.com/books/ldap/ch7/ The entire online manual is a good read. I highly recommend it. Now important I do the trick with slurpd. There are many other ways but this is easy. Slurpd should be installed on your Master an only there. So go in to the slapd.conf on your master and put a few lines in it at the end. Be carefull all tabs must fit exact as this example: replica uri=ldap://IPOFYOUR2MACHINE:389 binddn=cn=youradmin,dc=your,dc=ldap suffix=dc=yourc,dc=ldap bindmethod=simple credentials=securepassword I understand the part of backup slapd only works with the service stopped? Well Im grateful for all your time :-) Thanks and Best Regards 2011/2/18 t...@tms3.com In my hint I think your samba PDC/Ldap is cuurently working well! First of all install a second machine with the samba and ldap. Do not start samba, do not start ldap. The ldap database should be nearly empty ex:/var/lib/ldap Now copy your smb.conf to your new machine ex: scp root@2machine:/etc/samba Edit the smb.conf to your needs and adjust it to be a bdc: domain master=NO domain logons=YES Make a testparm it should succed like this: testparm Load smb config files from /etc/samba/smb.conf Processing section [netlogon] WARNING: The share modes option is deprecated Processing section [sysvol] WARNING: The share modes option is deprecated Processing section [homes] Processing section [profiles] Processing section [alles] Processing section [printers] Processing section [print$] Loaded services file OK. Server role: ROLE_DOMAIN_BDC you are a BDC Press enter to see a dump of your service definitions Yes very nice! Now you are on to copy your slapd.conf and ldap.conf to your new machine: Ex: scp slapd.conf root@2machine:/etc/openldap Now important I do the trick with slurpd. Sorry, but Slurpd is depricated and no longer available in Openldap since 2.3 http://www.openldap.org/doc/admin24/replication.html#Replacing%20Slurpd Here is nice overview of the way LDAP currently works: http://blog.suretecsystems.com/archives/129-Replacing-Slurpd-using-OpenLDAP-2.4.html Once you have sync-repl set up on the current master, and a proper slapd.conf and ldap.conf file on the new machine, start ldap, then smbpasswd -w ldap-master-passwd net rpc join -Uadministrator domain name Done. -- To unsubscribe from this list go to the following
Re: [Samba] making BDC samba + ldap server
Now you are on to copy your slapd.conf and ldap.conf to your new machine: Ex: scp slapd.conf root@2machine:/etc/openldap ---HOw I can make this If slurpd is deprecated? The guide http://blog.suretecsystems.com/archives/129-Replacing-Slurpd-using-OpenLDAP-2.4.html not's easy to understand, not exist other howto more simple? Here is another guide. The first link is quite comprehensive. http://www.zytrax.com/books/ldap/ch7/ The entire online manual is a good read. I highly recommend it. Now important I do the trick with slurpd. There are many other ways but this is easy. Slurpd should be installed on your Master an only there. So go in to the slapd.conf on your master and put a few lines in it at the end. Be carefull all tabs must fit exact as this example: replica uri=ldap://IPOFYOUR2MACHINE:389 binddn=cn=youradmin,dc=your,dc=ldap suffix=dc=yourc,dc=ldap bindmethod=simple credentials=securepassword I understand the part of backup slapd only works with the service stopped? Well Im grateful for all your time :-) Thanks and Best Regards 2011/2/18 t...@tms3.com In my hint I think your samba PDC/Ldap is cuurently working well! First of all install a second machine with the samba and ldap. Do not start samba, do not start ldap. The ldap database should be nearly empty ex:/var/lib/ldap Now copy your smb.conf to your new machine ex: scp root@2machine:/etc/samba Edit the smb.conf to your needs and adjust it to be a bdc: domain master=NO domain logons=YES Make a testparm it should succed like this: testparm Load smb config files from /etc/samba/smb.conf Processing section [netlogon] WARNING: The share modes option is deprecated Processing section [sysvol] WARNING: The share modes option is deprecated Processing section [homes] Processing section [profiles] Processing section [alles] Processing section [printers] Processing section [print$] Loaded services file OK. Server role: ROLE_DOMAIN_BDC you are a BDC Press enter to see a dump of your service definitions Yes very nice! Now you are on to copy your slapd.conf and ldap.conf to your new machine: Ex: scp slapd.conf root@2machine:/etc/openldap Now important I do the trick with slurpd. Sorry, but Slurpd is depricated and no longer available in Openldap since 2.3 http://www.openldap.org/doc/admin24/replication.html#Replacing%20Slurpd Here is nice overview of the way LDAP currently works: http://blog.suretecsystems.com/archives/129-Replacing-Slurpd-using-OpenLDAP-2.4.html Once you have sync-repl set up on the current master, and a proper slapd.conf and ldap.conf file on the new machine, start ldap, then smbpasswd -w ldap-master-passwd net rpc join -Uadministrator domain name Done. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] making BDC samba + ldap server
In my hint I think your samba PDC/Ldap is cuurently working well! First of all install a second machine with the samba and ldap. Do not start samba, do not start ldap. The ldap database should be nearly empty ex:/var/lib/ldap Now copy your smb.conf to your new machine ex: scp root@2machine:/etc/samba Edit the smb.conf to your needs and adjust it to be a bdc: domain master=NO domain logons=YES Make a testparm it should succed like this: testparm Load smb config files from /etc/samba/smb.conf Processing section [netlogon] WARNING: The share modes option is deprecated Processing section [sysvol] WARNING: The share modes option is deprecated Processing section [homes] Processing section [profiles] Processing section [alles] Processing section [printers] Processing section [print$] Loaded services file OK. Server role: ROLE_DOMAIN_BDC you are a BDC Press enter to see a dump of your service definitions Yes very nice! Now you are on to copy your slapd.conf and ldap.conf to your new machine: Ex: scp slapd.conf root@2machine:/etc/openldap Now important I do the trick with slurpd. Sorry, but Slurpd is depricated and no longer available in Openldap since 2.3 http://www.openldap.org/doc/admin24/replication.html#Replacing%20Slurpd Here is nice overview of the way LDAP currently works: http://blog.suretecsystems.com/archives/129-Replacing-Slurpd-using-OpenLDAP-2.4.html Once you have sync-repl set up on the current master, and a proper slapd.conf and ldap.conf file on the new machine, start ldap, then smbpasswd -w ldap-master-passwd net rpc join -Uadministrator domain name Done. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help needed with Windows7 roaming files.
Hi all, We've been trying to setup/upgrade a samba PDC (version 3.56) with OpenLDAP as backend and roaming profiles for Windows7 (32bit) Clients. windows7 has no problem with login after applying the reg patches, however, it seems to always load a temporary profile as opposed to roaming one for users, no local profile is created. this has caused Outlook 2010 to function improperly (complains about outlook data cannot be accessed and fail to send any email), if i force profile type to local only in registry then outlook works perfectly, local profile is not an option for us though as a lot of our users change sites/pcs quite often. I've enclosed some related info below; the same config works perfectly with windowsXP clients. Ldap entries (samba related) objectClass: sambaSamAccount sambaSID: S-1-5-21-1209579028-1696229136-1764916649-15754 sambaHomePath: \\server1\user1 sambaProfilePath: \\server1\user1\.profile sambaLogonScript: logon.bat sambaAcctFlags: [UX ] sambaPrimaryGroupSID: S-1-5-21-1209579028-1696229136-1764916649-513 sambaProfilePath: \\oakland\profiles\pcuser description: System User homeDirectory: /home/pcuser sn: pcuser sambaHomePath: \\oakland\open Works fine with XP, Vista and Win7 smb.conf SNIP [Profiles] path=/usr/home/sambashit/Profiles public = yes only guest = no browseable = yes writeable = yes printable = no create mask = 0770 force create mode = 0770 force directory mode = 0770 directory security mask = 0770 level2 oplocks = Yes Security fine grained control using acls set from Administrator account on Windows workstation. smb.conf [global] . logon drive = H: logon home = \\%s\%U [profiles] path = /home browseable = no read only = no profile acls = yes csc policy = disable hide files=/Desktop.ini/Thumbs.db/lost+found store dos attributes = Yes create mask = 0600 directory mask = 0700 [profiles.v2] copy = profiles Any ideas? thanks heaps. Dennis has anybody managed to get Windows 7 (final) to use roaming profiles? Windows 7 is joined to my Samba 3.4.1 domain and always logs me in with a temporary profile. Windows XP works without problems. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] making BDC samba + ldap server
I've never attempted, but here it is: http://wiki.samba.org/index.php/Replicated_Failover_Domain_Controller_and_file_server_using_LDAP Follow the LDAP stuff in the above article as a template. The smbldap_tools is a good idea too. The rest of the samba stuff is right out of the samba manual. Nothing real tricky in BDC v. PDC in smb.conf. On 02/17/2011 3:19 PM, marcos gonzalez wrote: Hi guys Im looking to config a BDC server for the high traffic supported inside the primary server. I never configured a BDC server inside ubuntu 9.04 and OpenLdap and Im very lost. Looking for internet I found howtos for PDCs server but not for BDC. Anyone can help me more? Im making a clean install and I don't know how to create same users than PDC for samba and how to make a slave ldap inside. Any help will be appreciated Thanks :-) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] I can't connect to a Samba resource
Dear, I'll appreciate your help because I can't connect to a samba resource. Here are the details: Samba Server: Centos 5.5 with samba and samba-common packages Content of smb.conf: [global] workgroup = somisa server string = Test server log file = /var/log/samba/%m.log security = user encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 [share] comment = recordings path = /var/recorder browseable = yes writable = yes public = yes read only = no #adduser jelo #passwd jelo (1234) #smbpasswd -a jelo (1234, same as Unix account) #/etc/init.d/smb restart I'm now in my Windows Desktop, connected to a domain called somisa, the same as the samba workgroup with user jelo with pass rata89012 (not 1234 as the samba pass). After that from into Windows explorer I connect to unit W: \\samba_server\share with user: jelo and pass: 1234 I can see the resource but I get an error telling me that the ACCESS IS DENIED to W: ls -la /var/recorder What's it show? and this is the log: [2011/02/16 16:22:16, 1] smbd/service.c:make_connection_snum(1077) 2000-96 (10.11.4.22) connect to service share initially as user jelo (uid=500, gid=500) (pid 20468) What can I do ??? I have this problem from a lot of days ago :( Thanks in advance !!! JeLo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] I can't connect to a Samba resource
Dear, thanks for your help.I've logged into a Windows domain with user: jelo and pass: rata89012. My desktop is Windows XP SP2. In samba server the shared resource is /var/recorder with this rigths: drwxr-xr-x 2 root root 4096 feb 16 14:56 recorder For starters try chown -R jelo:Domain\ Users recorder or at least chown -R jelo recorder See if that helps. The Unix local user is jelo with pass 1234, and then I execute: smbpasswd -a jelo with pass 1234, as I told before. A pair of months ago in other LAN, in the same scenario I could log in XXX domain and I could conect to a samba resource with YYY workgroup (YYY is different from XXX), but here I can't at all. So please what do you recommend to change for my current scenario ??? Thanks again, JeLo On Wed, Feb 16, 2011 at 4:41 PM, Philippe LeCavalier supp...@plecavalier.com wrote: Excerpts from J. L. Cabral's message of Wed Feb 16 14:25:40 -0500 2011: [...] Samba Server: Centos 5.5 with samba and samba-common packages Content of smb.conf: [global] workgroup = somisa [...] [share] comment = recordings path = /var/recorder browseable = yes writable = yes public = yes read only = no #adduser jelo #passwd jelo (1234) #smbpasswd -a jelo (1234, same as Unix account) #/etc/init.d/smb restart I'm now in my Windows Desktop, connected to a domain called somisa, the same as the samba workgroup with user jelo with pass rata89012 (not 1234 as the samba pass). Have you joined the domain? After that from into Windows explorer I connect to unit W: \\samba_server\share with user: jelo and pass: 1234 this is the source of your issues. See [1] for the why and how. I can see the resource but I get an error telling me that the ACCESS IS DENIED to W: and this is the log: [2011/02/16 16:22:16, 1] smbd/service.c:make_connection_snum(1077) 2000-96 (10.11.4.22) connect to service share initially as user jelo (uid=500, gid=500) (pid 20468) What can I do ??? I have this problem from a lot of days ago :( ref. [1] You'll have problems like that if your account credentials aren't identical. By logging in to the domain you're creating a link using a certain set of credentials. Then by issuing \\samba_server\share and providing a different set you're working against a longtime/well known limitation that windows cannot connect to the same network resource using different credentials...Is the Win 7 Pro by any chance? It's not impossible but will likely lead to problems if your not experienced in doing so. Thanks in advance !!! JeLo -- Thanks, Phil -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 and iptables
Hello tms3 and list-members, many thanks for your help. I spend a lot of time to configure my firewall. I opened all here http://technet.microsoft.com/en-us/library/dd772723%28WS.10%29.aspx listed ports, but at the first time without success. I don't know why, but the port 1024 That's a DCOM port. I wouldn't have thought that one was necessary. Maybe a question as to why on technical is in order. seems to be very important. I found this port step by step with less and less port-ranges. After I had opened this port I was able to logon the domain. netstat give me following result: ... tcp0 0 0.0.0.0:464 0.0.0.0:* LISTEN 1361/samba ... tcp0 0 192.168.0.1:53 0.0.0.0:* LISTEN 1183/named ... tcp0 0 0.0.0.0:88 0.0.0.0:* LISTEN 1361/samba ... tcp0 0 127.0.0.1:953 0.0.0.0:* LISTEN 1183/named tcp0 0 0.0.0.0:636 0.0.0.0:* LISTEN 1356/samba tcp0 0 0.0.0.0:445 0.0.0.0:* LISTEN 1343/samba ... tcp0 0 0.0.0.0:10240.0.0.0:* LISTEN 1346/samba tcp0 0 0.0.0.0:32680.0.0.0:* LISTEN 1356/samba tcp0 0 0.0.0.0:389 0.0.0.0:* LISTEN 1356/samba tcp0 0 0.0.0.0:135 0.0.0.0:* LISTEN 1346/samba tcp0 0 0.0.0.0:139 0.0.0.0:* LISTEN 1343/samba I tested this with one winxp-client and tomorrow I will start a test with more clients. I hope this will somebody help to make the server a litte bit more secured. Regards Bert Am 10.02.2011 15:53, schrieb t...@tms3.com: Hello everybody, I have a running an installation of Samba4 as AD. All is working fine, but when I start the firewall, the clients have problems to login. By my firewall-rules from the past, I had opened the ports 137:139 and 445 for samba and new for bind the port 53. Kerberos is on port 88 LDAP is on 339 636 Here is a list of AD port requirements and their uses. http://technet.microsoft.com/en-us/library/dd772723%28WS.10%29.aspx The clients (WinXP) seems to have problems to read and write from/to the home directories. Maybe samba4 need additional or other ports to working fine? Here my current iptables-rules: IPTABLES=/sbin/iptables #Bind $IPTABLES -A INPUT -p tcp --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT; $IPTABLES -A OUTPUT -p tcp --sport 53 -m state --state ESTABLISHED -j ACCEPT; $IPTABLES -A INPUT -p udp --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT; $IPTABLES -A OUTPUT -p udp --sport 53 -m state --state ESTABLISHED -j ACCEPT; #Samba $IPTABLES -A INPUT -p udp --dport 137:139 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT; $IPTABLES -A OUTPUT -p udp --sport 137:139 -m state --state ESTABLISHED,RELATED -j ACCEPT; $IPTABLES -A INPUT -p tcp --dport 137:139 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT; $IPTABLES -A OUTPUT -p tcp --sport 137:139 -m state --state ESTABLISHED,RELATED -j ACCEPT; $IPTABLES -A INPUT -p udp --dport 445 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT; $IPTABLES -A OUTPUT -p udp --sport 445 -m state --state ESTABLISHED,RELATED -j ACCEPT; $IPTABLES -A INPUT -p tcp --dport 445 -m state --state ESTABLISHED,RELATED -j ACCEPT; $IPTABLES -A OUTPUT -p tcp --sport 445 -m state --state ESTABLISHED,RELATED -j ACCEPT; iptables --list ACCEPT tcp -- anywhere anywhere tcp spt:domain state ESTABLISHED ACCEPT udp -- anywhere anywhere udp spt:domain state ESTABLISHED ACCEPT udp -- anywhere anywhere udp spts:netbios-ns:netbios-ssn state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp spts:netbios-ns:netbios-ssn state RELATED,ESTABLISHED ACCEPT udp -- anywhere anywhere udp spt:microsoft-ds state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp spt:microsoft-ds state RELATED,ESTABLISHED Note! I have the profiles configured with server-copies from the home-directorys! That's the reason for the necessary read-/write-possibility. When I login with a client, so the client look for the server-home-directory. When a client logout, the client synchronizes the local-home-directory to the ad-server. Without the running firewall on the AD it's work perfect. With the runnig firewall I get the message on login, that the client can't read the home-directory and when I logout, that the client can't synchronize the home-directory. The domain-login is always successful. Thanks in advance! Bert -- To unsubscribe from this list go to the following URL and read the instructions: https
Re: [Samba] Lost my Samba PDC, trying to rebuild
The problem comes with users. The users were user.HOME in 'Documents and Settings'. But so far on the one computer I have tried with the one user I have on that computer, it is creating a new profile for user.HDA. What controls the profile directory on the computer (btw, the OS is XP)? What do I need to do for it to use the profile of user.HOME? Disconnect the workstations from the network. Log in with the old domain user account. Run the file and programs transfer wizard (Start-All-Programs- Accessories...IIRC) and save the profile transfer locally. Log in with new domain user and import the saved profile. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Lost my Samba PDC, trying to rebuild
--- Original message --- Subject: Re: [Samba] Lost my Samba PDC, trying to rebuild From: Robert Moskowitz r...@htt-consult.com To: t...@tms3.com Cc: samba@lists.samba.org Date: Sunday, 13/02/2011 9:39 PM On 02/13/2011 11:42 PM, t...@tms3.com wrote: The problem comes with users. The users were user.HOME in 'Documents and Settings'. But so far on the one computer I have tried with the one user I have on that computer, it is creating a new profile for user.HDA. What controls the profile directory on the computer (btw, the OS is XP)? What do I need to do for it to use the profile of user.HOME? Disconnect the workstations from the network. Log in with the old domain user account. Run the file and programs transfer wizard (Start-All-Programs- Accessories...IIRC) and save the profile transfer locally. Log in with new domain user and import the saved profile. I disconnected the ethernet. I am logging in as the user for domain HOME. I get the error: Hmmm...you need to do a reboot without network connectivity on the Windows box. The passwords are cached locally. The system cannot log you on now because the domain HOME is not available. Before all this, if I did not have network connectivity, I could still log in locally. Hmmm, let's try disconnecting the server instead... No dice as the server is also the DHCP server. Next let's stop smb and nmb on the server, but leave it connected Just took longer, but still no login. So now why is it requiring the domain to be present to log in. No local log in? So I restarted the services and got logged in. If I log in locally as administrator, is there anyway to copy another user's files and settings? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem with trust relationship
--- Original message --- Subject: Re: [Samba] Problem with trust relationship From: Leonardo Carneiro chesterma...@gmail.com To: samba@lists.samba.org Date: Thursday, 10/02/2011 2:46 AM On Wed, Feb 9, 2011 at 4:36 PM, t...@tms3.com wrote: Hi John and others, Tks for the feedback. I tried the configs you showed to me and unfortunally did not work. Also, there is a [small] number of windows xp and vista getting the same problem too. Any new ideas? You need to re add the systems back to the domain after the trust expires. The registry entries are to prevent the expiration not to fix an already expired trust. The easy way to test is to use the Windoze network wizard and keep the name the same. If the join works and on reboot the trust works then it is most definately the machine pass issue. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba I tried both the sambaRefuseMachinePwdChange = 1 in LDAP and the test in the network wizard. The wizard fails with a RPC error message. Hmmm. Details? This is begining to smell of browsing issues. Do you have a WINS server? The setting in ldap had no effect. In fact, almost all machines are having this issue now, but it seems to be occasional. Once in a while, someone just logs in OK. It happens that the error is now happening on every windows machine, not just the the ones with windows 7. =S -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 and iptables
Hello everybody, I have a running an installation of Samba4 as AD. All is working fine, but when I start the firewall, the clients have problems to login. By my firewall-rules from the past, I had opened the ports 137:139 and 445 for samba and new for bind the port 53. Kerberos is on port 88 LDAP is on 339 636 Here is a list of AD port requirements and their uses. http://technet.microsoft.com/en-us/library/dd772723%28WS.10%29.aspx The clients (WinXP) seems to have problems to read and write from/to the home directories. Maybe samba4 need additional or other ports to working fine? Here my current iptables-rules: IPTABLES=/sbin/iptables #Bind $IPTABLES -A INPUT -p tcp --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT; $IPTABLES -A OUTPUT -p tcp --sport 53 -m state --state ESTABLISHED -j ACCEPT; $IPTABLES -A INPUT -p udp --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT; $IPTABLES -A OUTPUT -p udp --sport 53 -m state --state ESTABLISHED -j ACCEPT; #Samba $IPTABLES -A INPUT -p udp --dport 137:139 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT; $IPTABLES -A OUTPUT -p udp --sport 137:139 -m state --state ESTABLISHED,RELATED -j ACCEPT; $IPTABLES -A INPUT -p tcp --dport 137:139 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT; $IPTABLES -A OUTPUT -p tcp --sport 137:139 -m state --state ESTABLISHED,RELATED -j ACCEPT; $IPTABLES -A INPUT -p udp --dport 445 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT; $IPTABLES -A OUTPUT -p udp --sport 445 -m state --state ESTABLISHED,RELATED -j ACCEPT; $IPTABLES -A INPUT -p tcp --dport 445 -m state --state ESTABLISHED,RELATED -j ACCEPT; $IPTABLES -A OUTPUT -p tcp --sport 445 -m state --state ESTABLISHED,RELATED -j ACCEPT; iptables --list ACCEPT tcp -- anywhere anywheretcp spt:domain state ESTABLISHED ACCEPT udp -- anywhere anywhereudp spt:domain state ESTABLISHED ACCEPT udp -- anywhere anywhereudp spts:netbios-ns:netbios-ssn state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywheretcp spts:netbios-ns:netbios-ssn state RELATED,ESTABLISHED ACCEPT udp -- anywhere anywhereudp spt:microsoft-ds state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywheretcp spt:microsoft-ds state RELATED,ESTABLISHED Note! I have the profiles configured with server-copies from the home-directorys! That's the reason for the necessary read-/write-possibility. When I login with a client, so the client look for the server-home-directory. When a client logout, the client synchronizes the local-home-directory to the ad-server. Without the running firewall on the AD it's work perfect. With the runnig firewall I get the message on login, that the client can't read the home-directory and when I logout, that the client can't synchronize the home-directory. The domain-login is always successful. Thanks in advance! Bert -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem with trust relationship
Hi John and others, Tks for the feedback. I tried the configs you showed to me and unfortunally did not work. Also, there is a [small] number of windows xp and vista getting the same problem too. Any new ideas? You need to re add the systems back to the domain after the trust expires. The registry entries are to prevent the expiration not to fix an already expired trust. The easy way to test is to use the Windoze network wizard and keep the name the same. If the join works and on reboot the trust works then it is most definately the machine pass issue. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4 LDAP Timeout - Wrong IP?
I am trying to join a samba4 server to an existing Windows SBS 2003 domain as a DC. I've compiled samba4 from git and am following the howto. On what is essentially the first step, I get a failed to connect error with an ldap:// url, and the message NT_STATUS_IO_TIMEOUT. In reviewing an strace, it looks to me like it might be trying to connect to the wrong IP. The command I'm using is: # strace -o ~/samba-join.log bin/samba-tool join ba-cam.local DC -Uadministrator --realm=ba-cam.local -d10 ~/samba-tool.log I've put pastes up of the -d10 output of samba-tool, and the strace. samba-tool output: http://pastey.net/145858 strace log: http://pastey.net/145857 Note that it appears to correctly find the IP of the PDC (192.168.14.253), but in the strace on lines 5486 and 5496, it's talking about a 192.167.14.253, which will of course time out. That addy has to be a DNS entry. Look there. Am I doing something wrong? Is this a bug? Is there a way around this? Thanks, -Andrew -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Freebsd pdc
--- Original message --- I was just wondering how many people out there are using FreeBSD as a pdc. Yep. Built lots of them. With ldap backends. I see a few guides on the net mostly followed by a load of posts of problems people encounter. Is it like most things that once you have done it once you can soon set up a machine at the drop of hat as you encounter and remedy any problems. I have a few customers at the moment one of who requires a pdc with roaming profiles. I use bsd and samba all the time for normal file sharing and never have problems. I try and avoid windows servers due to costs and licensing but a pdc would be new for me. Any opinions welcome Thanks Terry -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Seperate BIND server for Samba 4
Hello! I've set up samba 4 with great success since alpha12, but i've always used a locally installed version of BIND. Is it possible to use a seperate BIND server instead? I'd like to not run BIND on my file server. Yes. That's how I set up mine. I have not seen any instructions to this effect, so perhaps someone would please point me in the correct direction? Thank You Very Much!! ++AMARU -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Managing win7 machines..
Ok, i get it... so both options are horror... so basically i have to use samba4 for the policies and all. and use samba3 on a different machine for the network browsing and printing. must be do-able just 1 question, can i use samba3 for the masterbrowser/wins and make samba4 use that.. (as for as i know the network browse support isn't ready for samba4) Yes Cheers, and thanx.. Collen On 21-1-2011 8:48, Daniel Müller wrote: No ntconfig.pol anymore. You may use kixtart or other tools. Or Registry-files. But be aware Some registry-things can only be done by administrator and no one else. If you have the most win 7 clients It is better to switch over to samba4. You can then manage your group policies with Microsoft tools on the fly. With things that samba4 does not support at this moment use a samba 3 domain member. Good Luck Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: http://www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Collen Blijenberg Gesendet: Freitag, 21. Januar 2011 08:35 An: samba@lists.samba.org Betreff: Re: [Samba] Managing win7 machines.. I did that, but that doesn't make win7 obey the ntconfig.pol (nt4 policies) as far as i know win7 can't handle these policies, so i think i need an other way to apply policies to win7. thx. Collen. On 20-1-2011 17:17, Wagg, Dave wrote: I don't know about version 3 but have you made the following changes to the Control Panel à Admin Tools à Local Security Policy à Local Policies à Security options Change the Network Security: LAN Manager authentication level to Send LM NTLM responses Remove 128 bit encryption on the following 2 items as well: Network security: Minimum session security for NTLM SSP based CLIENTS and Network security: Minimum session security for NTLM SSP based SERVERS -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Collen Blijenberg Sent: Thursday, January 20, 2011 10:42 AM To: samba@lists.samba.org Subject: [Samba] Managing win7 machines.. I'm curious how others manage their windows 7 machines on a samba 3.x.x domain .. especial the part of policies and scripts. i got the win7 running in the samba domain, but i'm stuck in the policies part.. and i don't want to use nitrobit for this. how do other users do this.. ?! thx, Collen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7/Samba unable to log in via name, works by IP
Hi, I'm hoping someone can help with this. We have a 3.3.8 Samba server, on Centos 5.5 64, security DOMAIN, works beautifully with XP. When windows 7 systems attempt to log in via \\NAME, the login window just continually repeats, but they can login successfully when using \\IP_ADDRESS Samba log shows the below in response to windows 7 login attempts. [2011/01/25 10:08:26, 0] lib/util_sock.c:get_peer_addr_internal(1676) getpeername failed. Error was Transport endpoint is not connected read_socket_with_timeout: client 0.0.0.0 read error = Connection reset by peer. Try this registry change in Win7 HKLM\System\CCS\Services\LanmanWorkstation\Parameters DWORD DomainCompatibilityMode = 1 DWORD DNSNameResolutionRequired = 0 smb.conf [global] workgroup = DOMAIN realm = DOMAIN.COM server string = andromeda security = DOMAIN password server = PASSWORD_JP log file = /var/log/samba/samba.log max log size = 250 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = No domain master = No dns proxy = No wins server = WINS_SERVER ldap ssl = No idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 create mask = 0666 directory mask = 0777 # disable cups printing to stop log spam printcap name = /etc/printcap smb ports = 445 139 client lanman auth = yes client ntlmv2 auth = yes lanman auth = yes ntlm auth = yes hide files = /lost+found/,.*/ template shell = /bin/false winbind use default domain = yes So far, we've tried: smb ports = 139 changing windows 7 Network security settings (LAN Manager authentication level and Minimum session security) added the auth lines to the smb.conf valid users = %S The domain controllers are 2 x Windows Server 2000 and 1 x Windows Server 2008. Could that be part of the problem? We will be replacing the Windows Server 2000 systems shortly, but would like to fix this sooner if possible. Any ideas? Thanks, Jay -- Jeremiah Coleman Systems Administrator C C Technologies 337-735-3741 Extension 3421 jay.cole...@cctechnol.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Trouble installing SWAT on a Samba 4 Alpha 13 build onUbuntu Server
I am not sure how to use Microsoft AD tools to create shares and then set those shares permissable to certain AD groups. For example, I need to create a share called Finance and only the people in Finance can read/write to it. I was hoping to use SWAT to help in creation and management of those shares. vi smb.conf (or your favorite text editor) add [finance] ...various parameter... valid users = @finance or write list = @finance read list = @finance I have been using AD tools to manage the domain and GPO's but I am not sure how to use them to create shares. You can see swat for samba4 here: https://github.com/rvelhote/GSoC-SWAT On Mon, Jan 24, 2011 at 5:03 AM, Daniel Müller muel...@tropenklinik.dewrote: I thought swat is no longer working!!Just use Microsoft ads tools and you are up and running. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: http://www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Lynn Dixon Gesendet: Sonntag, 23. Januar 2011 06:39 An: samba@lists.samba.org Betreff: [Samba] Trouble installing SWAT on a Samba 4 Alpha 13 build on Ubuntu Server Hello all, I have setup a complete domain using Samba 4 on my Ubuntu server 32 bit machine. I am using the Alpha 13 build (it was actually in the Ubuntu Repos). I am trying to setup swat to make it easier to manage shares. I have followed the instructions at https://github.com/rvelhote/GSoC-SWATbut I am having a few problems. When I run ./run I get the following errors: jenfab@dc:~/GSoC-SWAT$ sudo ./run Starting subprocess with file monitor Traceback (most recent call last): File /usr/local/bin/paster, line 9, in module load_entry_point('PasteScript==1.7.3', 'console_scripts', 'paster')() File /usr/lib/pymodules/python2.6/paste/script/command.py, line 84, in run invoke(command, command_name, options, args[1:]) File /usr/lib/pymodules/python2.6/paste/script/command.py, line 123, in invoke exit_code = runner.run(args) File /usr/lib/pymodules/python2.6/paste/script/command.py, line 218, in run result = self.command() File /usr/lib/pymodules/python2.6/paste/script/serve.py, line 276, in command relative_to=base, global_conf=vars) File /usr/lib/pymodules/python2.6/paste/script/serve.py, line 313, in loadapp **kw) File /usr/lib/pymodules/python2.6/paste/deploy/loadwsgi.py, line 204, in loadapp return loadobj(APP, uri, name=name, **kw) File /usr/lib/pymodules/python2.6/paste/deploy/loadwsgi.py, line 224, in loadobj global_conf=global_conf) File /usr/lib/pymodules/python2.6/paste/deploy/loadwsgi.py, line 248, in loadcontext global_conf=global_conf) File /usr/lib/pymodules/python2.6/paste/deploy/loadwsgi.py, line 278, in _loadconfig return loader.get_context(object_type, name, global_conf) File /usr/lib/pymodules/python2.6/paste/deploy/loadwsgi.py, line 409, in get_context section) File /usr/lib/pymodules/python2.6/paste/deploy/loadwsgi.py, line 431, in _context_from_use object_type, name=use, global_conf=global_conf) File /usr/lib/pymodules/python2.6/paste/deploy/loadwsgi.py, line 361, in get_context global_conf=global_conf) File /usr/lib/pymodules/python2.6/paste/deploy/loadwsgi.py, line 248, in loadcontext global_conf=global_conf) File /usr/lib/pymodules/python2.6/paste/deploy/loadwsgi.py, line 285, in _loadegg return loader.get_context(object_type, name, global_conf) File /usr/lib/pymodules/python2.6/paste/deploy/loadwsgi.py, line 561, in get_context object_type, name=name) File /usr/lib/pymodules/python2.6/paste/deploy/loadwsgi.py, line 587, in find_egg_entry_point possible.append((entry.load(), protocol, entry.name)) File /usr/lib/python2.6/dist-packages/pkg_resources.py, line 1954, in load entry = __import__(self.module_name, globals(),globals(), ['__name__']) ImportError: No module named swat.config.middleware Any suggestions as to where to go from here? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Trouble installing SWAT on a Samba 4 Alpha 13 buildonUbuntu Server
But when I click apply, the jenfab\finance group dissappears from the list and the changes never save. What OS are you using? If Linux then make sure share file system is xattrs capable and enable it in /etc/fstab (I believe). If not you can use: posix:eadb = /usr/local/samba/private/eadb.tdb in global. This does NOT scale well. I have tried giving 777 perms on the actual directory on my ubuntu box to troubleshoot, but had same results. I have also verified that ACL package has been installed on my Ubuntu machine. What user:group do I need to have the actual directory on the ubuntu machine set to? Any other things I should try? On Mon, Jan 24, 2011 at 11:02 AM, Taylor, Jonn jo...@taylortelephone.com wrote: Go to advanced when changing ACL's. Jonn On 01/24/2011 09:48 AM, Lynn Dixon wrote: That was the first thing that I had tried. I created a share using smb.conf, then restarted samba. I can see the share, and navigate down into it from windows. If I create a folder and then rick click from a windows machine and do security, I can add groups, but when I try to save, the changes just disappear. What is the best way to manage ACL's on the share from a windows machine? Sorry for all the questions, this is my first venture into a Samba 4 AD environment. I have used Samba 2/3 i on a workgroup in the past and used different security schemes. On Mon, Jan 24, 2011 at 10:37 AM, Taylor, Jonn jo...@taylortelephone.com wrote: This is all you need. [test] path = /data/test read only = no Then use windows to set the acl's. Jonn http://wiki.samba.org/index.php/Samba4/HOWTO On 01/24/2011 09:24 AM, Lynn Dixon wrote: Thanks. I tried both paramaters in my smb.conf but I got errors when I tried both: jenfab@dc:~$ sudo /etc/init.d/samba4 restart * Stopping Samba 4 daemon samba [ OK ] * Starting Samba 4 daemon samba Unknown parameter encountered: valid users Ignoring unknown parameter valid users [ OK ] jenfab@dc:~$ sudo nano /etc/samba/smb.conf jenfab@dc:~$ sudo /etc/init.d/samba4 restart * Stopping Samba 4 daemon samba [ OK ] * Starting Samba 4 daemon samba Unknown parameter encountered: write list Ignoring unknown parameter write list Unknown parameter encountered: read list Ignoring unknown parameter read list [ OK ] On Mon, Jan 24, 2011 at 9:52 AM, t...@tms3.com wrote: I am not sure how to use Microsoft AD tools to create shares and then set those shares permissable to certain AD groups. For example, I need to create a share called Finance and only the people in Finance can read/write to it. I was hoping to use SWAT to help in creation and management of those shares. vi smb.conf (or your favorite text editor) add [finance] ...various parameter... valid users = @finance or write list = @finance read list = @finance I have been using AD tools to manage the domain and GPO's but I am not sure how to use them to create shares. You can see swat for samba4 here: https://github.com/rvelhote/GSoC-SWAT On Mon, Jan 24, 2011 at 5:03 AM, Daniel Müller muel...@tropenklinik.de wrote: I thought swat is no longer working!!Just use Microsoft ads tools and you are up and running. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: http://www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Lynn Dixon Gesendet: Sonntag, 23. Januar 2011 06:39 An: samba@lists.samba.org Betreff: [Samba] Trouble installing SWAT on a Samba 4 Alpha 13 build on Ubuntu Server Hello all, I have setup a complete domain using Samba 4 on my Ubuntu server 32 bit machine. I am using the Alpha 13 build (it was actually in the Ubuntu Repos). I am trying to setup swat to make it easier to manage shares. I have followed the instructions at https://github.com/rvelhote/GSoC-SWATbut I am having a few problems. When I run ./run I get the following errors: jenfab@dc:~/GSoC-SWAT$ sudo ./run Starting subprocess with file monitor Traceback (most recent call last): File
Re: [Samba] Shutting down WinXP Pro instance
--- Original message --- Subject: Re: [Samba] Shutting down WinXP Pro instance From: Michael Wood esiot...@gmail.com To: Joe Tseng joe_ts...@hotmail.com Cc: samba@lists.samba.org Date: Monday, 24/01/2011 10:51 PM Hi On 25 January 2011 02:54, Joe Tseng joe_ts...@hotmail.com wrote: Recently I set up a PDC (Fedora 12 - I'm using this for a specific reason) using Samba 3.4.9 and OpenLDAP 2.4.19; I named my domain ATHOME. I am trying to figure out how to shut down WinXP Pro remotely and I'm not having any luck. Up to this point I have tried the following: - I used ATHOME\root which is the admin acct I used to join XP to my domain. I added ATHOME\root to my workstation's Administrators group. - I've disabled simple file sharing on WinXP. - I've disabled the WinXP firewall. My results are the following: [root@server0 openldap]# net rpc shutdown -d -I 10.1.0.154 -U root Hmmm. Do you have good NetBIOS browsing or WINS? I've noticed that these calls by IP address have a tendency to fail, but by NetBIOS name succeed. [2011/01/24 19:50:34, 0] lib/debug.c:451(debug_parse_params) debug_parse_params: unrecognized debug class name or format [-I] You are using incorrect syntax for the debug option. Try net rpc shutdown -d 10 -I 10.1.0.154 -U root and maybe that will show you what the problem is. (i.e. you need a number after -d.) -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] store profiles on a third server
--- Original message --- Subject: [Samba] store profiles on a third server From: André Rodier andre.rod...@red2.co.uk To: samba@lists.samba.org Date: Sunday, 23/01/2011 9:08 AM X-SpamDetect-Info: - Start ASpam results --- X-SpamDetect-Info: This message may be spam. This message BODY has been altered to show you the spam information X-SpamDetect: ***: 3.8 sd=3.8 [96]12%-6.0(Accept Orbs) [212]87%5.6(!46,60) [129]44%-0.0(from_return_nomatch) [27]46%-0.0(X-LangGuess:English) [sig=2] [nnot=1,nis=0,0.0] X-SpamDetect-Info: - End ASpam results - hello all, I am building a network system using Samba 3.5 on Debian Squeeze and Windows 2003 workstations. I have properly configured my samba PDC, and that's working correctly. I am using an external LDAP to store the credentials. I also wanted to use roaming profiles, and I have properly configured this. That's working well for me, using Windows 2003 work stations. I'll soon have both my PDC and my BDC. The profiles are actually stored on the PDC server. However, I'd like to store the profiles on a third server. I know this is possible but I want to know were I can find a proper documentation or tutorial to do this. In LDAP there is a storage location: sambaProfilePath: \\server name or IP addy\Profiles share name\username If you are using smbldap-tools, this can be set in smbldap.conf here: ## # # SAMBA Configuration # ## # The UNC path to home drives location (%U username substitution) # Just set it to a null string if you want to use the smb.conf 'logon home' # directive and/or disable roaming profiles # Ex: userSmbHome=\\PDC-SMB3\%U userSmbHome=\\HomeShare\DirectoryShare # The UNC path to profiles locations (%U username substitution) # Just set it to a null string if you want to use the smb.conf 'logon path' # directive and/or disable roaming profiles # Ex: userProfile=\\camarillo\profiles\%U userProfile=\\ProfileShare\ProfileShare\%U For existing users, copy the profiles to the new server (or not, really, as they will be re-written at logoff) and set permissions. Edit the ldap settings in your current DIT. Here my questions to start - I probably have to install samba on this third server, If you're using a *nix server, that would be best. neither as PDC or BDC, Why would you NOT have it be a BDC? I would. but Do I have to use special parameters ? - Should I use again NSS and LDAP on this third server for the authentication credentials database ? It should authenticate of the domain, yes. As I said making it a BDC would be best. André. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Multiple domains issue
I encountered a strange problem recently when changing the IP of my Samba server. We are in the process of moving from an ancient NT4 domain to an AD domain. We did a full migration of all the users, and up until Friday, our AD users were able to access the Samba server (which is still on the NT domain) with full permissions, etc. On Friday for reasons completely unrelated, we had to change the IP of the Samba server. When we brought it up on the new IP, it gave an error bringing up the Samba daemons. I was rushed and didn't pay to much attention to the error, but instead took the easy route of removing Samba from the NT domain, and re-joining. That got the Samba daemons up and running and we mostly had no problem, except now the AD users aren't allowed to access their home directories. Home directories in a trusted domain is probably a bad idea, and likely has some permission issues. It might be best to join the samba server to the AD domain instead. The AD and NT domains have a mutual trust relationship, and all SSIDs for the users on both domains are the same. As I said, prior to Friday, these users were able to access. I'm not entirely sure how Samba handles multiple domains, etc. and I have no idea how to even begin to trouble shoot this problem. Any suggestions would be welcome. -Ron -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] store profiles on a third server
I have had it this way for 5+ years at work. My PDC and BDCs exist as openvz and lvm virtual machines that I can move to any server. Neither of these contain any file shares. Can this be done if not using LDAP? I do not know. I believe it would be more difficult without LDAP however. We have used ldap with samba from the start since we migrated a windows 2000 domain over to samba. In a multi server environment it is advisable to use LDAP. I know this is possible but I want to know were I can find a proper documentation or tutorial to do this. Any pointers on where to find examples? Not really. I just put a few concepts that I was using together over the years. Also I have not looked for examples in a very long time. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba hangs the boot on Gentoo.
Hello, Today I came across with the problem with booting my Gentoo system. Yesterday I installed samba and when I turned on my notebook today it stops booting at starting up the samba daemon. It goes until: * samba - start: smbd ... I had some difficulties a few years back with Samba/LDAP nssldap, pam_ldap and pam. The system would hang for some 10 minutes at startup. The problem was that nssldap defaults to bind_policy hard, and as nssldap fired before the ldap server started (from the nssldap conf file): # Reconnect policy: hard (default) will retry connecting to # the software with exponential backoff, soft will fail # immediately. changing the value to bind_policy soft rectified the situation. ... and then freezes ... Maybe the problem is somehow related to my Wi-Fi connection on notebook and Samba is looking for Internet connection and waiting for it to be established? Maybe you can give any advice on how to boot to my system without loading samba and uninstalling it? Do an interactive boot. Press I when it asks you to do in the boot process. Then do not start the samba daemon. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problems with a trust relation between samba and sambadifferent subnet
My friends I want to make to domains running samba+ldap to share resources, I want to create a trust relation in two directions. Both domains have wins enable but are on different subnet. MUST use the same WINS server for trusts to work. Why have two domains? Domain Name: DOM1Netbios Name = DOM1PDC 192.168.50.0/24 Domain Name: DOM2Netbios Name = DOM2PDC 192.168.40.0/24 Both networks are separate, each one with his own switch, a FW is what help me they can communicate. OS: Centos 5.5 Samba 3.3.x. First, I follow the instructions from the bible of samba and say that I need to create the Interdomain account on each network: smbldap-useradd -a -i DOMAIN-NAME Done. smbldap-usershow I have the I flag on each account. I have enable the ports in my fw to communicate both domainsm done. Now went I run the command: net rpc trustdom establish DOM1 on PDC DOM2 I got the error net rpc trustdom establish DOM1 running on PDC DOM2 [2011/01/21 07:17:16, 0] libsmb/namequery.c:internal_resolve_name(1609) resolve_name: unknown name switch type lmhost [2011/01/21 07:17:16, 0] utils/net_rpc.c:rpc_trustdom_establish(5565) Couldn't find domain controller for domain DOM1 Some search pages point me that in this case I need to setup the file lmhosts to make this happen because no service is helping my PDC to reach the other end, I read the MS KB where it say how to setup a LMHOSTS and have this on my PDC DOM2: 127.0.0.1 localhost 192.168.50.3 DOM1 \0x1b #PRE 192.168.50.3 DOM1PDC #PRE #DOM:DOM1 on DOM1 I have 192.168.40.3 DOM2 \0x1b #PRE 192.168.40.3 DOM2PDC #PRE #DOM:DOM2 In samba smb.conf I have: hosts allow = 192.168.40. 192.168.50. 127. name resolve order = wins hosts bcast lmhost nsswitch have the line: hosts: files wins dns I try again and in DOM1 PDC: net rpc trustdom establish DOM2 [2011/01/21 07:22:13, 0] libsmb/namequery.c:internal_resolve_name(1609) resolve_name: unknown name switch type lmhost [2011/01/21 07:22:13, 0] utils/net_rpc.c:rpc_trustdom_establish(5565) Couldn't find domain controller for domain DOM2 There is something I forget to setup or what I'm doing wrong, hope some could give some tips and point my errors, I will appreciated, thanks!!! -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problems with a trust relation between samba andsambadifferent subnet
Two domains. Well this is a test systems. But my current production system are separate by a P2P link. What u recommend? Location A -- PDC Wins Server +LDAP server Location B -- BDC +LDAP server smb.conf to point to local ldap servers. ? Them, u say 1 wins to rule them all I have to work with this. Thanks!!! -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problems with a trust relation between sambaandsambadifferent subnet
--- Original message --- Subject: Re: [Samba] Problems with a trust relation between sambaandsambadifferent subnet From: Alberto Moreno ports...@gmail.com To: samba@lists.samba.org Date: Friday, 21/01/2011 3:32 PM On Fri, Jan 21, 2011 at 3:20 PM, t...@tms3.com wrote: Two domains. Well this is a test systems. But my current production system are separate by a P2P link. What u recommend? Location A -- PDC Wins Server +LDAP server Location B -- BDC +LDAP server smb.conf to point to local ldap servers. ? Them, u say 1 wins to rule them all I have to work with this. Thanks!!! -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba U suggest to build a PDC+Ldap and the other end BDC+Ldap and setup the replica of ldap right? Yes. Multimaster-syn-repl is my choice. The only issue is that, we already have 2 domains, I need to delete one and just work with one, but what about the SID of the clients that will lose there PDC, this will be a issue, because I will have to add them to the domain again right? Yes. That's a bit messy. If you have a large number of users, that might be a serious problem. I'm correct? This thread is giving me a lot of tips to try :-), thanks guys!!! -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to minimize authentication traffic
--- Original message --- Subject: [Samba] How to minimize authentication traffic From: Andreas Grabner andr...@vianova.cc To: samba@lists.samba.org Date: Tuesday, 18/01/2011 8:28 AM Hi, i have to set up a new server far away from home. At the central i have a Win 2008 native AD server with a samba AD member. Now i have to install a new server at an other location with a 1 Mbit/s connection. I don't know yet how reliable the connection will be. The users faraway should not need to manual authenticate to fileservers in the Central. What would you recommend? I thought about an new domain with domain trusts. Or should i make it just an AD member (what happens if the AD Server is not reachable?) I think an other setup i have done years before (PDC -LDAP -[P|B]DC) will not work with AD. If you don't need exchange you could try a Samba4 AD joined server and local DNS. Depending on the size of the sattelite location YMMV. For a large critical production environment, your best bet at this time would of course be another M$ server. Any suggestions? Thanks Andreas -- Andreas Grabner +43 676 840 775 101 andr...@vianova.cc Via Nova Mediendesign GmbH Augasse 24 A- 7400 oberwart +4333 52 / 32 860 http://www.vianova.cc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] trust relation between 2 networks firewall issues!!!
Hi. I have 2 separate networks. Net-A 192.168.50.0/24 Net-B 172.16.2.0/16 I have 1 Samba PDC+LDAP on each site. I want to create a trust relation between both networks, what ports do I have to open in my fw to make this works? 137, 138, 139, 389. For secure LDAP 636. For modern smb 445. thanks!!! Centos 5.5 Samba 3x. -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] MS Access
I need to have a server built and ready to install by this weekend, and I'm trying to decide whether to use the customer's copy of Windows 2000 Server, Seriously? http://blogs.technet.com/b/windowsserver/archive/2010/01/14/windows-2000-server-approaching-end-of-life.aspx or Ubuntu or Centos. I think Ubuntu would have a newer version of samba. One can always build from source. The problem is, for this one server, about 20 users hammer MS Access databases all day, and samba seems to have had issues with Access in the past. Is that still the case? Access has issues. What version? Most problems seem to boil down to file perms. I rarely had problems with Access files on FreeBSD/Samba platforms. The old server is dying, and they own Windows 2000 Server so it won't cost them $$ to continue using the OS, You'd best check the licensing. They most certainly don't own W2K server. but it cannot take advantage of newer hardware/technologies, so its slower. Thanks for any info... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC
2011/1/14 TAKAHASHI Motonobu mo...@monyo.com: 2011/1/13 Robert Fitzpatrick li...@webtent.net: If your Samba's version is 3.3.2 - 3.3.4, then the additional settings below are needed: HKLM\System\CCS\Services\Netlogon\Parameters DWORD RequireSignOrSeal = 0 DWORD RequireStrongKey = 0 I am using Samba 3.5.6 and the registry entries above are as you show currently. As I mentioned, - If your Samba's version is 3.3.5 - and the registries above are set, remove them and try again. - You must set these 2 entries below: - HKLM\System\CCS\Services\LanmanWorkstation\Parameters DWORD DomainCompatibilityMode = 1 DWORD DNSNameResolutionRequired = 0 - You must not set these 2 entries below: - DWORD RequireSignOrSeal = 0 DWORD RequireStrongKey = 0 - In my knowledge, your error messages: [2011/01/13 09:24:48.031223, 0] rpc_server/srv_netlog_nt.c:714(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client COLUMBUS-LAPTOP machine account COLUMBUS-LAPTOP$ occurs if you do not correctly set these 4 entries. If you still have problem, I recommend to examine with simple settings (not to use LDAP) like: - [global] workgroup = WEBTENT domain logons = yes add machine script = useradd %u [homes] writeable = yes browseable = no - If your Windows 7 can join to Samba domain with the settings above, at least you could know that Windows 7 registries are correctly set. Sorry, under FreeBSD, use - add machine script = /usr/sbin/pw useradd %u For smbldap-tools add machine script = /usr/local/sbin/smbldap-useradd -W '%u' - instead of - add machine script = useradd %u - --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Cannot list shares on a host
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, linux 2.6.34.7-0.7-desktop x86_64 smbclient 3.5.4-5.1.2-2426-SUSE-SL11.3 I issue this command: smbclient -L SMA-STN14L -U jmoe I get: Connection to SMA-STN14L failed (Error NT_STATUS_BAD_NETWORK_NAME) is that name in DNS? How about WINS? What if you use ip addy instead of NetBIOS machine name? In smb.conf [globals] section: workgroup = SOHNEN-MOE netbios name = SMA-STN14L Adding the -I option made no difference. The firewall port is open. There is nothing in /var/log/messages. There is nothing in /var/log/samba/log.*. So, what's the message about a bad name? - -- James Moe moe dot james at sohnen-moe dot com 520.743.3936 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.15 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk0vavcACgkQzTcr8Prq0ZNSYACeP94q7ydYsQkYHB8wwvIx5gdT 8u8An13z19s3MgUeOjpwhyhPWtZS6mAi =2a+T -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] can connect to 2 samba servers by name but to one by IPonly
Adding pdc1 to the hosts file (c:\windows\system32\drivers\etc\hosts) did not make a difference. After adding pdc1 to lmhosts, net use \\pdc1 did work. So in the case of pdc1 one, the name is being resolved as a netbios name (i.e. via lmhosts) not a tcp/ip type name (i.e. via dns or hosts) But then why does net use work with all the other windows or samba servers? As far as I can tell, DNS is the only method by which the names are being resolved. I did notice that nbtstat -c shows the following What does nbtstat -r show? SonicWALL VPN Connection: Node IpAddress: [x.x.x.x.] Scope Id: [] NetBIOS Remote Cache Name Table Name Type Host AddressLife [sec] BDC1 20 UNIQUE x.x.x.x.10522 BDC2 20 UNIQUE x.x.x.x.11560 SOMEMACHINE 20 UNIQUE x.x.x.x.12597 PDC1 is not in cache- which I guess makes sense since it is explicitly listed in lmhosts. The nbtstat -r command only shows machine on my home network, nothing on the corporate network, so this really does indicate that there is no netbios broadcasts going on crossing the VPN link. Thanks -Original Message- From: TAKAHASHI Motonobu [mailto:mo...@monyo.com] Sent: Thursday, January 06, 2011 8:09 AM To: gaiseric.van...@gmail.com Cc: samba@lists.samba.org Subject: Re: [Samba] can connect to 2 samba servers by name but to one by IP only 2011/1/6 Gaiseric Vandal gaiseric.van...@gmail.com: In fact this seems to work for any samba or windows machine on the network EXCEPT the Samba 3.4.x PDC. It seems to work for Win 2003 machines, Samba 3.4.x member servers, XP machines, etc. To analyze the problem, first put the entry for PDC1 into both LMHOSTS and hosts files and try: net use \\pdc1. If you still meet the 67 error, something other than name resolution will cause this problem. Look at the Samba log and network capture. My understanding is that XP (and Win 2000/2003) machines are smart enough to use DNS look ups to resolve a windows netbios name to IP in the case that legacy (archaic) Netbios name resolution (WINS, lmhosts, broadcast) methods don't work. NetBIOS name whose prefix is only #20 ,#00 (and #1C in some case) can be resolved by DNS. --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC
On 1/12/2011 11:18 AM, TAKAHASHI Motonobu wrote: 2011/1/13 Robert Fitzpatrickli...@webtent.net: OK, I am trying to setup my first Samba PDC on a FreeBSD 8.1 host. When I try to become a member of 'webtent.org' on my Windows 7 Ultimate to the PDC, I get the following error... DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain webtent.org: (snip) Anyone know what I am or could be doing wrong? Thanks for any help! Read at: http://wiki.samba.org/index.php/Windows7 And remember Samba 3 PDC is compatible with Windows NT Server, not with Active Directory. Thanks, I was able to join the domain, but when trying to logon, I get another error... the trust relationship between this workstation and the primary domain failed What can cause this? I have the computer name in LDAP, it was created when I joined the domain. I found that a properly configured WINS server solved many of these problems for me with Samba3.x/LDAP and Win7. --Robert -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Reestablishing trust with PDC
you haven't tried experimenting with backing up and restoring the samba password cache. look in /var/*/samba and /var/*/*/samba for files related to the password cache to backup and restore. If you use LDAP this problem goes away. If you're using tdb's then moving the tdb's and using the same Samba revision should do it...IIRC On 1/10/2011 10:45, Devon Crouse wrote: I often change configurations in a home server environment, and have scripts to back up all config files etc. - on a fresh OS install I can quickly restore function of all the services I'm running. I'm using version 3.4.7 as a PDC on Ubuntu with 4 Windows 7 clients. I can restore smb.conf which gets the file shares and server configuration back, but I lose the trust relationship with the clients and I can't figure out how to get it back (short of completely clearing all the profiles and dropping/adding to the domain.) I'm making the following assumptions: - There must be some sort of signature for the Samba/OS installation that changes - This signature must be recorded in Windows somewhere for it to validate the relationship (like known_hosts) I've tried the following in just about every order you can imagine: - Modifying/removing the profile registry entries in Windows - Removing/restoring the user directory in Windows - Removing/restoring the profile.v2 directory in Ubuntu - Experimenting with various local policy settings in Windows - Re-adding client to the domain - Using smbpasswd to recreate the users There must be something I can backup/change to retain/reestablish the trust relationship without having to scrap all the user profiles? Thanks in advance - all my reading so far has been of little help. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Domain trust between a Samba PDC domain and W2K ADdomain
SNIP Hi people. I'm working on a trust relation between Samba 3.3.X and Windows 2003 AD mixed mode. I have read the doc about this but for some reason wont work, my PDC+LDAP is working but I still cannot make this 2 servers share users. In my experience, it is fairly straightforward to get AD users trusted by the Samba controlled Domain, although granualar file permissions are tricky at best. In the opposite direction, this is quite difficult, unless the AD domain is in the very old now, mixed mode. Could u please give me the process u use to create the relation between win2k3(in/out) and samba? I will appreciated, thanks!!! -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] A device attached to the system is not functioning -When adding a computer to the domain
On Monday 03/01/2011 at 4:58 am, Chris Beach wrote: I wanted to send this out a 2nd (and last) time.. I got suggestions not to use BLAH.COM and to use BLAH instead for my domain name, however I don't think that's causing my problem as it's been this way for 6 years? Then you have done no research regarding NetBIOS names. NetBIOS Restictions Characters Unicode characters, numbers, white space, symbols: ! @ # $ % ^ ' ) ( . - _ { } ~ See chart top of page: http://technet.microsoft.com/en-us/library/cc959336.aspx Machine trusts MUST be able to resolve NetBIOS names. The preferred method is via WINS. Misconfigured NetBIOS names will make this, shall we say, difficult. Any way I still can't add machines to my domain and am fairly panicked (this is production, 140~ users). Any other suggestions? Thank you. On Thu, Dec 30, 2010 at 1:35 PM, Chris Beach chr...@pintys.com wrote: Hi all, I just setup a Samba 3.3.14, with an ldap back-end. I migrated the ldap back end and samba shares from my old samba server. I've found when adding a machine (WinXP) to the domain, I get the following error on XP: The following error occurred attempting to join the domain Blah.com: A device attached to the system is not functioning. in my /var/log/messages I have: Dec 30 09:40:24 hap smbd[29379]: [2010/12/30 09:40:24, 0] passdb/pdb_get_set.cdb_get_group_sid(210) Dec 30 09:40:24 hap smbd[29379]: pdb_get_group_sid: Failed to find Unix account for OAKRND02$ repeated about 6 times. My smb.conf looks like this for the scripts to run: * add machine script = /usr/sbin/smbldap-useradd -w %u add user script = /usr/sbin/smbldap-useradd -m -a %u delete user script = /usr/sbin/smbldap-userdel -r %u add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u ldap passwd sync = yes passwd program = /usr/sbin/smbldap-passwd %u passwd chat = Changing password for*\nNew password* %n\n *Retype new password* %n\n* When I do an LDAP search, I see there is an entry in LDAP for it the machine, so some of the add machine script must have worked: ldapsearch -b dc=mydomain,dc=com -x (uid=oakrnd01$) # OAKRND01$, Computers, mydomain, com dn: uid=OAKRND01$,ou=Computers,dc=pintys,dc=com uid: OAKRND01$ sambaSID: S-1-5-21-3318375643-2463009161-75282-41448 sambaPrimaryGroupSID: S-1-5-21-3318375643-2463009161-75282-515 sambaAcctFlags: [W ] objectClass: sambaSamAccount objectClass: account objectClass: top objectClass: inetOrgPerson objectClass: posixAccount sambaPwdCanChange: 1291378566 sambaPwdMustChange: 1299154566 sambaNTPassword: EED67D5B90ED8B5C2C168FB90DC4D313 sambaPwdLastSet: 1291378566 Also, I get results in pdbedit: [r...@happiness ~]# pdbedit -v oakrnd01$ Unix username:OAKRND01$ NT username: OAKRND01$ Account Flags:[W ] User SID: S-1-5-21-3318375643-2463009161-75282-41448 *pdb_get_group_sid: Failed to find Unix account for OAKRND01$* *Primary Group SID:(NULL SID)* Full Name: Home Directory: HomeDir Drive: Logon Script: logon.exe Profile Path: Domain: MYDOMAIN.COM Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: never Kickoff time: never Password last set:Fri, 03 Dec 2010 06:16:06 CST Password can change: Fri, 03 Dec 2010 06:16:06 CST Password must change: Thu, 03 Mar 2011 06:16:06 CST Last bad password : 0 Bad password count : 0 Logon hours : FF Also: /usr/sbin/smbldap-useradd -w OAKRND02 failed to add entry: Unexpected EOF at /usr/sbin//smbldap_tools.pm line 616. And then my slapd dies out (crashes)... this same behaviour happens when trying to use USRMGR.exe to add a new user (but doing it manually via smbldap DOES work for adding a new user). What's most annoying is I tested joining a Windows 7 machine to the domain before I went live with this server, and it was successful, so I've no clue why this isn't working now Any help I can get it REALLY APPRECIATED, right now I've got a PC I can't get on the domain, so a user how can't work. -- Chris Beach IT Analyst -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Remote connection to Samba service doesn't work
No, it's not. And as I've said I'm already using Samba shares from a two different servers on my Windows 7. I've already tried to change Windows settings via local policies and registry. No effect. Windows says it can't find the specified network name, smbclient on cygwin can't even open a connection. Just like there's a magical firewall blocking just the samba. There is no single log with my ip in it. Is there any simple way to test the connection itself? By telnet or sending just one packet, perhaps? You can try the host yourself, it's revik.one.pl, ip 88.198.15.203. OK prism# nbtscan -v 88.198.15.203 Doing NBT name scan for addresses from 88.198.15.203 NetBIOS Name Table for Host 88.198.15.203: Incomplete packet, 227 bytes long. Name Service Type REVIK00 UNIQUE REVIK03 UNIQUE REVIK20 UNIQUE __MSBROWSE__ 01 GROUP WORKGROUP1d UNIQUE WORKGROUP1e GROUP WORKGROUP00 GROUP Adapter address: 00-00-00-00-00-00 I would probably lock that down if I were you. Samba is currently up and running. Even a successful connection try would tell something. On Mon, Jan 3, 2011 at 10:01 AM, Daniel Müller muel...@tropenklinik.de wrote: Windows XP should work on the fly! Isn't it??? For Windows 7 you got to hack the registry. All entries HKLM. You find the enties: google Windows 7 samba On Fri, 31 Dec 2010 14:03:05 +0100, Mateusz Szymaniec revan...@gmail.com wrote: Hi. I've got a nasty problem with Samba. Basically, I can't connect to my Samba service from a home laptop (running Windows 7). I guess that on this side everything is fine, I'm using my corporate Samba shares via VPN, I've been using Samba on my previous server and it was running OK. I've asked my buddy living nearby to connect and it didn't work for him, as well as for 15 other people across living my country. The weirdest thing is, that there are actually people that are able to connect. They were using both Windows XP and 7 and I can't really tell why. I see their connections in logs, but I can't really tell a difference between my and theirs setup. I've tried to use default Debian Etch 2.x Samba, 3.x backports version, compiled 3.x from sources, even reinstalled operating system on the server. I've used default config, copied one from my previous server, wrote it from stretch server times. Every single time it was possible to connect locally (smbclient -L localhost). On the client side, I've tried using default Windows 7 (and XP) smb/cifs implementation and cygwin's smbclient. My server ISP tells that they don't block anything and it's the first time someone has reported problem like this. My iptables are clean at the moment. Currently I'm using v. 3.2.5 with default config with one share and added user by smbpasswd. revik:~# smbclient localhost\\test Enter root's password: Domain=[REVIK] OS=[Unix] Server=[Samba 3.2.5] smb: \ ls . D0 Fri Dec 31 13:57:25 2010 .. D0 Fri Dec 31 13:57:16 2010 testfile 0 Fri Dec 31 13:57:25 2010 35201 blocks of size 8388608. 33290 blocks available I don't really can think of any single idea how to make it work or where the problem actually lies. I'd appreciate any help, thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Need a little help with Samba 3.5.5 on FreeNAS 7.2.5543
--- Original message --- Subject: Re: [Samba] Need a little help with Samba 3.5.5 on FreeNAS 7.2.5543 From: Steve B stev...@gmail.com To: samba@lists.samba.org Date: Sunday, 02/01/2011 5:29 PM Ok, I've worked through a few different items but am still coming up zero. The Audiotron From Turtle Beach IMPORTANT NOTE: If you are using a NAS (Network Attached Storage) device please do NOT use this Firmware. The last known good version for NAS device Support was: 3.1.1. Sorry about this. http://www.turtlebeach.com/support/index.php?View=entryEntryID=114116399 Since the last update was 2004, I wonder what it's CIFS client is as well...oh well, the above might be a start. appears to be case insensitive (or at least how it talks to Samba). I tried the file in all upper, all lower and even mixed case. I still get the same error. If I delete the file, no error, but no file either. Additionally all the MP3 files are in mixed case and it appears to recognize all of them without trouble. Filename length also appears to not be an issue. I tried 8.3 format, ie radiotr.txt/RADIOTR.TXT/RadioIO.txt and came up with the same results. It appears to see the file is present but acts like it cannot read it saying no stations found. In addition all of the MP3 files are in mixed case and have longer than 8.3 file names. On Mon, Dec 20, 2010 at 3:57 AM, Michael Wood esiot...@gmail.com wrote: On 20 December 2010 04:16, Steve B stev...@gmail.com wrote: 1. Not sure what you mean by remote the file. I can open and read the file I believe he meant remove. I think he was just wondering if you got a different error with the file missing, which would prove that Audiotron was actually accessing the file. If you got the same symptoms, then it's possible that Audiotron was not actually finding/reading the file at all. in any editor, but the Audiotron performs some sort of read function on the file that tells it there are X number of radio stations defined in the file. The file is basically an XML file. -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] A device attached to the system is not functioning - Whenadding a computer to the domain
--- Original message --- Subject: [Samba] A device attached to the system is not functioning - Whenadding a computer to the domain From: Chris Beach chr...@pintys.com To: samba@lists.samba.org Date: Thursday, 30/12/2010 10:42 AM Hi all, I just setup a Samba 3.3.14, with an ldap back-end. I migrated the ldap back end and samba shares from my old samba server. I've found when adding a machine (WinXP) to the domain, I get the following error on XP: The following error occurred attempting to join the domain Blah.com: Blah.com---a . in a NETBios domain name is VERY bad. Rename it BLAH. A device attached to the system is not functioning. in my /var/log/messages I have: Dec 30 09:40:24 hap smbd[29379]: [2010/12/30 09:40:24, 0] passdb/pdb_get_set.cdb_get_group_sid(210) Dec 30 09:40:24 hap smbd[29379]: pdb_get_group_sid: Failed to find Unix account for OAKRND02$ repeated about 6 times. My smb.conf looks like this for the scripts to run: * add machine script = /usr/sbin/smbldap-useradd -w %u add user script = /usr/sbin/smbldap-useradd -m -a %u delete user script = /usr/sbin/smbldap-userdel -r %u add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u ldap passwd sync = yes passwd program = /usr/sbin/smbldap-passwd %u passwd chat = Changing password for*\nNew password* %n\n *Retype new password* %n\n* When I do an LDAP search, I see there is an entry in LDAP for it the machine, so some of the add machine script must have worked: ldapsearch -b dc=mydomain,dc=com -x (uid=oakrnd01$) # OAKRND01$, Computers, mydomain, com dn: uid=OAKRND01$,ou=Computers,dc=pintys,dc=com uid: OAKRND01$ sambaSID: S-1-5-21-3318375643-2463009161-75282-41448 sambaPrimaryGroupSID: S-1-5-21-3318375643-2463009161-75282-515 sambaAcctFlags: [W ] objectClass: sambaSamAccount objectClass: account objectClass: top objectClass: inetOrgPerson objectClass: posixAccount sambaPwdCanChange: 1291378566 sambaPwdMustChange: 1299154566 sambaNTPassword: EED67D5B90ED8B5C2C168FB90DC4D313 sambaPwdLastSet: 1291378566 Also, I get results in pdbedit: [r...@happiness ~]# pdbedit -v oakrnd01$ Unix username:OAKRND01$ NT username: OAKRND01$ Account Flags:[W ] User SID: S-1-5-21-3318375643-2463009161-75282-41448 *pdb_get_group_sid: Failed to find Unix account for OAKRND01$* *Primary Group SID:(NULL SID)* Full Name: Home Directory: HomeDir Drive: Logon Script: logon.exe Profile Path: Domain: MYDOMAIN.COM Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: never Kickoff time: never Password last set:Fri, 03 Dec 2010 06:16:06 CST Password can change: Fri, 03 Dec 2010 06:16:06 CST Password must change: Thu, 03 Mar 2011 06:16:06 CST Last bad password : 0 Bad password count : 0 Logon hours : FF Also: /usr/sbin/smbldap-useradd -w OAKRND02 failed to add entry: Unexpected EOF at /usr/sbin//smbldap_tools.pm line 616. And then my slapd dies out (crashes)... this same behaviour happens when trying to use USRMGR.exe to add a new user (but doing it manually via smbldap DOES work for adding a new user). What's most annoying is I tested joining a Windows 7 machine to the domain before I went live with this server, and it was successful, so I've no clue why this isn't working now Any help I can get it REALLY APPRECIATED, right now I've got a PC I can't get on the domain, so a user how can't work. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Need Help Getting Windows XP To Use Samba Properly
Everyone, Both the Microsoft Network Monitor (sniffer) and Nbtstat -r shows that Windows XP is not acknowledging the broadcast packets from the Samba box, Well, that's an interesting statement... So, XP spouts a request to the WINS server, it responds and the packet is dropped? Or is XP NOT sending a request at all??? which keeps XP from being able to browse the server because no master browser is being recognized. If the Computer Browser service was enabled in XP, Widows 2000, however, acknowledges them just fine, even with Comptuer Browser disabled, and all is well. Any suggestions? If you folks help me figure this out, you'll be heroes, because I have come across a lot of help requests all over the internet that go way back many years for this very same problem, few solutions, and none of them resulting in a solution that works for me. Bob -Original Message- From: t...@tms3.com [mailto:t...@tms3.com] Sent: Tuesday, December 28, 2010 3:48 PM To: Hodges, Robert CTR USAF AFMC 520 SMXS/MXDEC Cc: Chris Smith; samba@lists.samba.org Subject: Re: [Samba] Need Help Getting Windows XP To Use Samba Properly Excellent information, thank you. Unfortunately, none of it solved my problem. Start sniffing the machine as you do a Network Neighborhood search. You might also check and see just where and how lookups are being done for NETBios from an XP box command terminal nbtstat -r which will tell you how lookups are being done. Might lead you to a culprit. I see a lot of The specified network name is no longer available error messages all over the internet from Linux users, and none of the very few solutions I have come across have worked for me. Anybody else able to chime in and take a guess as why my XP box is having a problem talking to my Solaris/Samba box? Again, Win2K has no problems talking to the Samba box - it's just XP. Refresh: This error happens when you try to browse using My Network Places in the desktop. Mapping works fine, access works fine. Browsing is what fails in XP. I need this to work or I'm looking at a huge and expensive documentation change effort that few would understand. Still desperate for help on this. This problem happens with WinXP right out of the box, we have nothing weird installed. Help! -Original Message- From: Chris Smith [mailto:smb...@chrissmith.org] Sent: Tuesday, December 28, 2010 12:45 PM To: Hodges, Robert CTR USAF AFMC 520 SMXS/MXDEC Cc: John Drescher; samba@lists.samba.org Subject: Re: [Samba] Need Help Getting Windows XP To Use Samba Properly On Tue, Dec 28, 2010 at 2:23 PM, Hodges, Robert CTR USAF AFMC 520 SMXS/MXDEC robert.hodges@hill.af.mil wrote: Other details: I do not use a DNS server, I use the hosts file in XP. Yes, but NetBIOS desires the lmhosts file. See my ancient (but still valid) scribblings here: http://realcomputerguy.com/networksetup.htm#hosts Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Need Help Getting Windows XP To Use Samba Properly
Jeremy, This makes sense, I'll try it. Excellent idea. I'm new to Samba, so how do I get it to run in debug mode and do the logging option you mentioned? log level = 10 in smb.conf. Covered in the man page. man smb.conf Sorry to sound so juvenile, my experience with Samba is in reverse - getting Linux boxes to use Windows servers. Bob -Original Message- From: Jeremy Allison [mailto:j...@samba.org] Sent: Wednesday, December 29, 2010 10:33 AM To: Hodges, Robert CTR USAF AFMC 520 SMXS/MXDEC Cc: t...@tms3.com; samba@lists.samba.org Subject: Re: [Samba] Need Help Getting Windows XP To Use Samba Properly On Wed, Dec 29, 2010 at 10:22:46AM -0700, Hodges, Robert CTR USAF AFMC 520 SMXS/MXDEC wrote: TMS3, Thanks for joining in, really appreciate it. I'm trying to keep it all straight, I'm relatively new to Samba (but learning quickly). What I now know: 1. Sniffer on XP box reveals that XP does see the broadcasts from Samba. 2. The Microsoft support tool/command Browstat status shows that XP does recognize Samba as the server (if Computer Browser service disabled, otherwise XP may/may not elect itself as the master - unpredictable), but also shows that XP is unable to pull down the browse list form the Samba box. This is the key. Separate out the logs by incoming client name, run smbd at debug level 10 and then look in the log.xp client name to see if it's trying to fetch the browse list, and if so why it goes wrong. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Domain Member Server not showing domain users/groups andnot honoring domain user accounts
I've got a domain member server configured as such: Load smb config files from /etc/samba/smb.conf Processing section [videos] Processing section [music] Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER [global] workgroup = TEMPEST server string = Media Server (%h) (Livingroom Television) security = DOMAIN From the Official How To: Example ConfigurationSamba as a Domain Member Server This method involves addition of the following parameters in the smb.conf file: security = domainworkgroup = MIDEARTH In order for this method to work, the Samba server needs to join the MS Windows NT security domain. This is done as follows: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ServerType.html#id2559628 Use of this mode of authentication requires there to be a standard UNIX account for each user in order to assign a UID once the account has been authenticated by the Windows domain controller. This account can be blocked to prevent logons by clients other than MS Windows through means such as setting an invalid shell in the /etc/passwd entry. The best way to allocate an invalid shell to a user account is to set the shell to the file /bin/false. Domain controllers can be located anywhere that is convenient. The best advice is to have a BDC on every physical network segment, and if the PDC is on a remote network segment the use of WINS (see Network Browsing for more information) is almost essential. An alternative to assigning UIDs to Windows users on a Samba member server is presented in Winbind, Winbind: Use of Domain Accounts. Also see: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html#domain-member-server map to guest = Bad User syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 dns proxy = No wins server = density.aarcane.info usershare allow guests = Yes panic action = /usr/share/samba/panic-action %d [videos] comment = Rebirth local Videos path = /media/local/videos write list = @rebirth force group = videos create mask = 0664 force create mode = 0664 directory mask = 0775 force directory mode = 0775 [music] comment = Rebirth local Music path = /media/local/music write list = @rebirth force group = music create mask = 0664 force create mode = 0664 directory mask = 0775 force directory mode = 0775 The server is not honoring domain accounts (the PDC honors domain accounts and shows owners/groups as domain users without issue), but this one is saying Unknown username or bad password when trying to browse to it, and when you specify your domain username and password manually in the prompt, it shows files and groups as REBIRTH/username or UNIX-GROUP/groupname instead of as domain users and groups. below I've stopped the server, cleared out the old log files, and restarted smbd (and nmbd) and double-clicked on rebirth in the windows 7 network pane. ikari (10.0.0.241) is the client I'm using. aarc...@rebirth:/var/log/samba$ ls cores log.10.0.0.241 log.ikari log.nmbd log.smbd aarc...@rebirth:/var/log/samba$ cat log.10.0.0.241 aarc...@rebirth:/var/log/samba$ cat log.ikari [2010/12/29 16:04:30.647903, 0] lib/util_sock.c:474(read_fd_with_timeout) [2010/12/29 16:04:30.648046, 0] lib/util_sock.c:1432(get_peer_addr_internal) getpeername failed. Error was Transport endpoint is not connected read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer. aarc...@rebirth:/var/log/samba$ cat log.nmbd [2010/12/29 16:03:44, 0] nmbd/nmbd.c:857(main) nmbd version 3.5.4 started. Copyright Andrew Tridgell and the Samba Team 1992-2010 aarc...@rebirth:/var/log/samba$ cat log.smbd [2010/12/29 16:03:41, 0] smbd/server.c:1123(main) smbd version 3.5.4 started. Copyright Andrew Tridgell and the Samba Team 1992-2010 [2010/12/29 16:03:41.923307, 0] printing/print_cups.c:108(cups_connect) Unable to connect to CUPS server localhost:631 - Connection refused [2010/12/29 16:03:41.928781, 0] printing/print_cups.c:108(cups_connect) Unable to connect to CUPS server localhost:631 - Connection refused [2010/12/29 16:03:41.929413, 0] smbd/server.c:1169(main) standard input is not a socket, assuming -D option aarc...@rebirth:/var/log/samba$ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Need Help Getting Windows XP To Use Samba Properly
Excellent information, thank you. Unfortunately, none of it solved my problem. Start sniffing the machine as you do a Network Neighborhood search. You might also check and see just where and how lookups are being done for NETBios from an XP box command terminal nbtstat -r which will tell you how lookups are being done. Might lead you to a culprit. I see a lot of The specified network name is no longer available error messages all over the internet from Linux users, and none of the very few solutions I have come across have worked for me. Anybody else able to chime in and take a guess as why my XP box is having a problem talking to my Solaris/Samba box? Again, Win2K has no problems talking to the Samba box - it's just XP. Refresh: This error happens when you try to browse using My Network Places in the desktop. Mapping works fine, access works fine. Browsing is what fails in XP. I need this to work or I'm looking at a huge and expensive documentation change effort that few would understand. Still desperate for help on this. This problem happens with WinXP right out of the box, we have nothing weird installed. Help! -Original Message- From: Chris Smith [mailto:smb...@chrissmith.org] Sent: Tuesday, December 28, 2010 12:45 PM To: Hodges, Robert CTR USAF AFMC 520 SMXS/MXDEC Cc: John Drescher; samba@lists.samba.org Subject: Re: [Samba] Need Help Getting Windows XP To Use Samba Properly On Tue, Dec 28, 2010 at 2:23 PM, Hodges, Robert CTR USAF AFMC 520 SMXS/MXDEC robert.hodges@hill.af.mil wrote: Other details: I do not use a DNS server, I use the hosts file in XP. Yes, but NetBIOS desires the lmhosts file. See my ancient (but still valid) scribblings here: http://realcomputerguy.com/networksetup.htm#hosts Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Multinetwork environment without WINS server
Is there any way to use samba as pdc in multinetwork environment without WINS server? In this case (without wins), how will computers find pdc? -- Sure...LMHosts files on all the workstations. Kinda messy. You could allow the NETBios traffic to run wild on your network...with local workstations becoming local browse masters. All kinda messy. WINS was the first attempt to really deal with this problem. It works well enough with samba as a WINS server. If you have any old Windows server around, it might be easier to do, especially if you have 2 of them and want to distribute load a bit and have replication. Guess it really depends on how big your network is. To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] name resolution: dns name different to windows machinename
--- Original message --- Subject: Re: [Samba] name resolution: dns name different to windows machinename From: Gaiseric Vandal gaiseric.van...@gmail.com To: samba@lists.samba.org Date: Monday, 20/12/2010 5:15 PM I am not sure how you would have a DNS server assign random names. But if you aren't going to have the correct entries for the XP machine in DNS, then you probably should not have any DNS entries for those machines.XP machines can register their hostnames directly in DNS (if the DNS server supports it.) In general I don't think workstations machines need to be in DNS at all since (unless you have shared folders or printers.) It's certainly easier when a help desk request comes in to ask the user for the machine name label, then try and get the machines IP addy. rdp://acct1 rdp://lab7 rdp://eng21 rdp://admin5 soo But yeah, WinXP and up have no problem doing this. dhcp can be a big help as well. I general DISABLE dynamic updates in DNS and don't have DNS assignments/static IP's for most XP machines. -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Marcus Sent: Monday, December 20, 2010 5:17 AM To: samba@lists.samba.org Subject: [Samba] name resolution: dns name different to windows machine name Hi, we are running a samba domain controller as master with activated WINS. The machine name of each WinXP client is set manually during the installation initial process. Each client is using the WINS server of our domain controller. The WinXP clients are getting their IP by a global DNS Server, which sets the DNS and reverse DNS entry identically to the windos machine name. Now the administrator of the DNS server is planning to change the DNS and reverse DNS concept in the way that the DNS and reverse DNS entry will be not identically to the windows machine name any more. The WinXP clients will get a generic, randomly set DNS/reverse DNS entry. Does this have any effects for functionality of my samba domain controller and/or the WinXP clients? Thanks, Marcus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 smb.conf questions
--- Original message --- Subject: Re: [Samba] Samba4 smb.conf questions From: Michael Wood esiot...@gmail.com To: Ben Cone bc...@wwhfb.com Cc: samba@lists.samba.org Date: Saturday, 11/12/2010 11:37 PM Hi On 8 December 2010 19:28, Ben Cone bc...@wwhfb.com wrote: I am trying to find a good guide for setting up the smb.conf and can't seem to find anything. Here's what I have been trying to do and it hasn't been working correctly. We had a Windows Server 2003 DC. I had to upgrade it because of some problems we were having and upgraded to Windows Server 2008 R2. After that, my Samba 3 with Winbind file server quit authenticating to the AD domain and try as I might I couldn't get it to work. This is largely because even though we have a perfectly good DC, all of our workstations are just in a giant workgroup (and management just won't give in and let me change it). After playing with Likewise and samba for a bit I gave up that bag and thought I would give Samba4 a try. So far I am really liking what I am seeing. I realize that we are still in beta land, but what we have so far may just work for what I want to do. I have been trying to find a good guide to configure the smb.conf file but haven't really found anything. Well, why don't you let us know what it is you are trying to do? I believe it's currently best to have a Samba 3 member server joined to the Samba 4 domain for file serving rather than doing the file serving from Samba 4. Of course I don't really see how joining Samba 4 to the domain will help get Samba 3 working :) Perhaps you should provide more details on what is going wrong with Samba 3 - Win2k8r2. By the way, successful install on ubuntu 10.04 x64 server that formally had samba 3 and winbind on it that were installed from aptitude. Do you mean that you installed Samba 4 from the Ubuntu repositories? If so, rather install from Git or perhaps Alpha 14 as per the Samba 4 HOWTO. Any help would be appreciated. The samba-technical mailing list is currently the best place to ask about issues with samba 4. -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] libsunacl--for FreeBSD
Anyone know if there's a configure option for Samba4 to take advantage of this. Would like to NOT use eadb. Thoughts? Cheers, -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 connect to FreeBSD samba
On Tuesday 10/08/2010 at 1:54 pm, dan dylan wrote: I'm having trouble connecting my windows 7 machine to my Samba server that i set up on a FreeBSD VM. The FreeBSD version is 7.2 and the samba version is 3. I followed the directions here http://www.mrp3.com/windows-to-unix-samba.html to set it up as a domain controller exactly.. except for adding the samba_dns_update script because i didn't find it being asked for in the config file. The name of my Windows computer is Pushkin-PC so like it says in the script I added it using adduser and put it under the machines group. I added it as Pushkin-PC$ though.. as the site showed. then I did smbpasswd -a Pushkin-PC$ which also made me make a password. Then the script said to finalize it by doing the command smbpasswd -m Pushkin-PC$ .. but when I executed that command i got the errors: Failed to set password for user Pushkin-PC$. Failed to modify password entry for user Pushkin-PC$. I couldn't figure out why... Here's my config file.. all the uncommented parts: server string = WORKGROUP server string = Samba Server security = user hosts allow = 192.168.1 192.168.2 127. load printers = yes printing = cups log file = /var/log/samba/log.%m max log size = 50 passdb backend = tdbsam include = /usr/local/etc/smb.conf.%m local master = yes os level = 33 domain master = yes preferred master = auto domain logons = yes logon path = \\%L\Profiles\%U wins support = yes dns proxy = no add user script = /usr/local/sbin/smb-add-user %u add group script = /usr/local/sbin/smb-add-group %g add machine script = /usr/local/sbin/smb-add-machine %u add user to group script = /usr/local/sbin/smb-add-user-group %u %g delete user script = /usr/local/sbin/smb-rm-user %u delete user from group script = /usr/local/sbin/smb-rm-user-group %u %g delete group script = /usr/local/sbin/smb-rm-group %g Where did these scripts come from? [homes] comment = Home Directories browseable = no writeable = yes [netlogon] comment = Network Logon Service path = /usr/local/lib/samba/netlogon guest ok = yes writeable = no share modes = no [profiles] path = /usr/local/lib/samba/profiles browseable = no guest ok = yes [printers] comment =All Pringers path = /var/spool/samba browseable = no guest ok = no writeable = no printable = yes anyways, when try to connect my windows pc (Pushin-PC) to samba.. i do the following command: \\192.168.198.137\Pushkin-PC$ the ip is the freebsd's ip running samba. and I get the following error: The network path was not found. Help? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 net vampire
Can't even figure this one out. zaphod# ./net vampire tms3.com -Uadministrator --realm=tms3.com dos charset 'CP850' unavailable - using ASCII Password for [TMS3.COM\administrator]: Traceback (most recent call last): File /usr/local/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py, line 99, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.6/site-packages/samba/netcmd/vampire.py, line 51, in run (domain_name, domain_sid) = net.vampire(domain=domain, target_dir=target_dir) RuntimeError: samr_OpenDomain for [S-1-5-21-1524245422-3281793581-2119328624] failed: NT_STATUS_NO_SUCH_DOMAIN Everything in DNS, WINS, etc is functional. W2K3, W2K8, Ubuntu10.4Server Samba4 latest GIT, FreeBSD 8.1x64Release latest Git all joined and functional. Anyone got a guess? Cheers, -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Multiple Workgroups and Subnets
Short answer: Use 1 WINS server. --- Original message --- Subject: [Samba] Multiple Workgroups and Subnets From: Tawanda Kavayi tawa...@earth.co.zw To: samba@lists.samba.org Date: Tuesday, 27/07/2010 2:01 PM Hi, I am configuring a network with two subnets with a different workgroup in each subnet. My aim is to have users being able to view and access shares on both workgroups. I have a Samba server in each subnet/workgroup, configured as both the domain and local master for each workgroup. Each server is also the WINS server for its subnet. The setup is like this: Subnet1: network - 192.168.10.0/24 server IP - 192.168.10.254 workgroup - Group1 Subnet2: network - 192.168.20.0/24 server IP - 192.168.20.254 workgroup - Group2 The two servers are configured identically, except for the information above, so the smb.conf for the Group1 server looks like this: [global] workgroup = GROUP1 netbios name = GROUP1_SRV domain master = yes local master = yes preferred master = yes os level = 65 smb ports = 139 dns proxy = no socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 wins support = yes name resolve order = wins lmhosts bcast host interfaces = lo eth0 192.168.10.254/24 127.0.0.1/8 bind interfaces only = yes remote announce = 192.168.20.254/GROUP1 remote browse sync = 192.168.20.254 hosts allow = 127. 192.168.10. 192.168.20. The problem is that a machine in Group1 can see all the machines in it's workgoup, plus the network for Group2 appears in network neighborhood, but the machines and shares in Group2 do not. To troubleshoot, I ran smbtree with debug level 5. What I picked out from all the output was: Cannot find master browser for workgroup GROUP2 How can I resolve this? Tawanda -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Odd random roaming profile issues
When windows login fails, often windows gives a path error. My suspicion is that some rougue data with incompatible perms has gotten into the local users profile. I've seen it happen, but I'll be damned if I can remember the cause. --- Original message --- Subject: [Samba] Odd random roaming profile issues From: Donny Brooks dbro...@mdah.state.ms.us To: samba@lists.samba.org Date: Monday, 26/07/2010 2:05 PM We are currently using samba and openLDAP to enable our users to have roaming profiles on our domain network. We have one primary domain controller and 7 home servers at the various locations that serve the profiles and such. The problem is that randomly various users are unable to load their profile and windows just gives them a temporary profile. This mostly happens on vista machines but is not limited to that as it has happened on XP also. What is odd is the user can login as themselves on another machine just fine and other users can usually log in on the first users pc just fine. We have tried the standard checking log files, remove/reinstall pc into domain/ldap, remove/reinstall user into domain/ldap, etc but nothing seems to work. What we usually end up doing is reinstalling the users OS and programs. I know there has to be a better way to do this. Is there anything I may be missing here? Any pointers are more than welcome. Donny B. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] SMB2 and Samba4
Can't recall, but is SMB2 on by default in Samba4? Cheers, -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Cannot browse domain user list with 3.5.4
Does anyone have any idea about this problem ? I can't migrate because of it . Thanks in advance . What's your database backend. Hi, I am using Samba as a Domain Controler without AD nor LDAP. Everything works fine for a long time with samba 3.3.2. I am trying to upgrade to the latest samba release 3.5.4 . Here is the procedure I followed : - download, configure , and make samba 3.5.4 - stop the samba daemon (3.3.2 ) - backup the /usr/local/samba tree where samba 3.3.2 is installed - make install , (in the same location as 3.3.2 ) - restart the samba daemon (3.5.4) After doing some tests, everything seems to work ok. Except that : - when trying to use usrmgr.exe as a Domain Admin , I can't connect to the domain , I got the message : do you want to select another domain to administer - when I try to list the domain users (for adding Permissions to share a folder, or adding a domain user in a local group), I only see the domain groups, no domain users. Is it a known issue ? Does it have something to do with Domain Admin rights ? Please help ! Thanks in advance Henri -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] undefined reference to `_talloc_free'
Interesting. Just a wee bit more info, like version, OS version, perhaps a config file, some log info. --- Original message --- Subject: [Samba] undefined reference to `_talloc_free' From: Service Mouse mo...@servicemouse.com To: samba@lists.samba.org Date: Saturday, 24/07/2010 6:39 PM i get this error trying to install samba on freebsd -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Intermittent file rename problem with Vista, works with XP.
--- Original message --- Subject: [Samba] Intermittent file rename problem with Vista, works with XP. From: Massner, Keith kmass...@mgmresorts.com To: samba@lists.samba.org Date: Friday, 23/07/2010 2:44 PM So... It's been driving me nuts. I get intermittent permission denied errors when I try to rename a folder. T I do something like the following (the number of steps to cause the failure varies): Rename folder1 to folder2 works Rename folder2 to folder1 works Rename folder1 to folder2 nope Bouncing smb on the Linux server temporarily corrects things I suspect it's a broken oplock. Get a failed name change and do an smbstatus on the server. Compare the locked file PIDs to the machine names and see if something is getting stuck. . Out of frustration, I tried an XP machine, and can't get it to break, so SOMETHING with Vista, I guess. What I'm trying to do is have a wide open share. Permissions are set on the files and directories as specified below, all files belong to keith:keith. The files were initially created through Linux. No extended atrributed are set. Operating system is CentOS 5.5, Samba is 3.5.4. [global] log file = /var/log/samba/%m.log ; Take this out once you figure this crap out. log level = 3 netbios name = marvin usershare owner only = false null passwords = yes server string = Samba Server Version %v (%h) security = SHARE encrypt passwords = Yes username map = /etc/samba/smbusers max log size = 50 preferred master = Yes ; acl check permissions = No guest ok = Yes guest only = Yes ; nt acl support = No cups options = raw [SharedMedia] path = /storage1/SharedMedia force user = keith force group = keith read only = No ; acl group control = Yes force create mode = 0666 force directory mode = 6777 directory security mask = 6777 force unknown acl user = Yes map readonly = permissions Anyone have any thoughts? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] File sharing and subnets
SNIP Samba is installed on the server (192.168.0.1/24), and smbclient is available on the client (192.168.1.1/24), connected thru a gateway. If you cannot connect to the server via IP addy, such as \\192.168.0.1\share then, it is very likely ports 137, 138, 139, and 445 are blocked (certainly 139 and 445 are). Resolve this first. the problem is that i can't connect to the server from another subnet via samba. here is smb.conf from the server (taken from the o'reilly book 'using samba'): [global] netbios name = server workgroup = GARDEN wins support = yes dns proxy = yes [test] comment = For testing only, please path = /export/tmp read only = no server side: [r...@server etc]# ping client PING client (192.168.1.1) 56(84) bytes of data. 64 bytes from client (192.168.1.1): icmp_seq=1 ttl=63 time=0.924 ms [r...@server etc]# smbclient -L server -N Anonymous login successful Domain=[GARDEN] OS=[Unix] Server=[Samba 3.0.37] Sharename Type Comment - --- testDisk For testing only, please IPC$IPC IPC Service (Samba 3.0.37) ... [r...@server etc]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination client side: [r...@client]# ping server PING server (192.168.0.1) 56(84) bytes of data. 64 bytes from server (192.168.0.1): icmp_seq=1 ttl=63 time=0.497 ms [r...@client]# smbclient -L server -N Connection to hercule failed (Error NT_STATUS_UNSUCCESSFUL) when i connect from another client (located on the server's subnet, ie 192.168.0.2/24), it works: -bash-3.2$ smbclient -L server -N Anonymous login successful Domain=[GARDEN] OS=[Unix] Server=[Samba 3.0.37] Sharename Type Comment - --- testDisk For testing only, please IPC$IPC IPC Service (Samba 3.0.37) ... To resume my problem, i can not connect to a samba server from a client located on another subnet. Thank for your help. Julien -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] two PDCs
About multi-master replication. Scott wrote that he had to deal with it a lot, so he didn't recommended that. But, I need one domain, because a lot of users uses both site. So, I have the following options: 1. PDCs on each site, with the same domain, as chapter 6 describes. Look, I'm not sure if my emails are getting through or not, but drop this multi PDC thing. It's just more complexity. You need some sort of LDAP replication because you want authentication done locally. Multi-master is more difficult to set up, but more flexible. There are other schemes. I had some 16 servers setup this way and had very few difficulties. It is quite resilient and reliable. Here is a good primer: http://www.zytrax.com/books/ldap/ch7/ a. Master LDAP server in the HQ, and slave in the branch site, according to the SaMBa guide. b. Branch site uses master LDAP server too. It looks tepmting, but difficult/dangerous to me. 2. PDC on the HQ, BDC on the branch site a. branch site uses slave LDAP server. b. Branch site uses master LDAP server too. In 1/a and 2/a, the VPN outage could be problem. Am I right? No, the b's are the problem if the VPN is down. They're calling the master which is at the other end of the VPN. The a's have a slave copy. All is good, unless they need to write to LDAP. How much LDAP writing goes on in the branch? As i know, only PDC writes to the LDAP database. Is that true? No. If you're using smbldap-tools, the ldap calls are made via smbldap_bind.conf. So with multi-master this whole dual PDC thing is fairly useless. See, Multi-master...all are writable. Question: 1. Which office writes to LDAP? 2. Who does the writing? 3. Is there likely to be a mutually exclusive write, at approximately the same instant, during a VPN outage? Because in case of VPN outage, this situation has the same drawback. So, my main problem is the unreliable ADSL line. Can we live with slave server in the branch office? Yes, using Replication refreshOnly or Replication refreshAndPersist. You can truly go apeshit with this stuff, making only pieces of the DIT available to branches. Very nifty once you get it down. How are you intending to keep roaming profiles in sync (the files on the server, not the stuff in LDAP)? Are you going to use rsync? Unless users jump from office to office, why bother. I would set road warriors with local profiles and and sync their stuff in a manner appropriate to there schedules/primary location. Students will have that problem, but they have to bow to it. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem mapping Samba shares in Windows
Hi, In our company we are currently running a Samba server and Windows XP clients. At the moment we are having problems with mapping Samba shares in Windows. Shares are being mapped through a windows startup script, which executes net use (with the option persistent:no) command. For most users this works most of the time, nevertheless it often fails, the exect reason for this isn't clear yet. When this happens, the samba server prompts for username and password on executing the mapping script again (after logging on). This should not be nessecary since the user already is already logged on at that moment. Just a shot in the dark, but I'd check to make sure contact to the server is actually being made during login. Doesn't seem like it. After rebooting serveral times without making any changes, the script does work and all drives are mapped correctly. What could be the cause of this problem? Thanks in advance, Sincerely, Inaki -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 FreBSD
--- Original message --- Subject: Re: [Samba] Samba4 FreBSD From: Günter Kukkukk li...@kukkukk.com To: samba@lists.samba.org Date: Sunday, 11/07/2010 4:28 PM Am Sonntag 11 Juli 2010 18:32:34 schrieb t...@tms3.com: Having some issues with: samba_dnsupdate Specifically: /usr/bin/nsupdate: cannot specify -gor -o, program not linked with GSS API Library I've looked through the script, and cannot find these options called. If anyone can point me to where they're called I'd appreciate it. Cheers, TMS III nsupdate is (usually) part of the nameserver bind (named) package. At least named itself writes the build-in compile options to the (kernel) system logfile - after being started. If you don't see the build option --with-gssapi Yes quite, but there are issue with bind and gssapi on FreeBSD, and if I could find out in the scripts where the options are called and turn them off, I could work forward from there in debubbing. your bind build is missing some needed features. Cheers, Günter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] WG: Cross subnet browsing + OpenVPN
--- Original message --- Subject: [Samba] WG: Cross subnet browsing + OpenVPN From: Daniel Müller muel...@tropenklinik.de To: samba@lists.samba.org Date: Sunday, 11/07/2010 11:39 PM Hi, Robert Schetterer is right. You will succeed in the end with tap bridging. Bridiging does netbios reach trough. You will achieve it either way. The TYPE of VPN is not relevant. There was a discussion a while back regarding SE Linux and netbios. I would check those settings. I did this with two XP-Clients 2 Nics build at each a bridge: Both the remote and the local Clients must be in the same subnet. My openvpn.conf: Client or server dev tap dev-node TAB proto udp remote 1194 resolv-retry infinite ca C:\\ca.crt cert C:\\client1.crt key C:\\client1.key ns-cert-type server verb 6 # Silence repeating messages script-security 2 comp-lzo tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 persist-tun persist-key route-delay 10 On CENTOS look here: http://csmorley.spaces.live.com/blog/cns!990C0A249621766!184.entry Greetings --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: http://www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Robert Schetterer Gesendet: Freitag, 9. Juli 2010 17:26 An: t...@tms3.com Cc: samba@lists.samba.org Betreff: Re: [Samba] Cross subnet browsing + OpenVPN Am 09.07.2010 14:42, schrieb t...@tms3.com: --- Original message --- *Subject:* Re: [Samba] Cross subnet browsing + OpenVPN *From:* Robert Schetterer rob...@schetterer.org *To:* samba@lists.samba.org *Date:* Friday, 09/07/2010 3:05 AM Am 09.07.2010 11:37, schrieb Julian Pilfold-Bagwell: Sorry about the delay, family emergency to deal with. browse sync shares the info across them. I tried putting the specific IP addresses of the local master browsers into the browse sync but it still doesn't seem to spread everything across all the subnets. you should use tap interfaces with openvpn This is a matter of network design, and has nothing to do whatsoever with the issue at hand. Further: i used samba with subnet browsing years ago it dont worked with tun interfaces, it must have been tab interfaces additional right samba setup times may changed, samba and openvpn changed but simply try it does not cost anything my setup was bdc--internalnet--firewall--(tunnel)--firewall--internalnet--pdc i had samba on the firewalls to bind to tab tunnel interfaces as wins proxy the pdc was the wins server, bdc as wins proxy and directed browsing to pdc, all clients did got well configured parameters per dhcp additional there was a working dns which matched dynamicly wins anyway times may change , and there are better solutions now but this one worked stable an robust read samba faqs wins and subnet browsing etc good luck Server configuration file *dev tun ifconfig 10.8.0.1 10.8.0.2 secret static.key* Client configuration file *remote myremote.mydomain dev tun ifconfig 10.8.0.2 10.8.0.1 secret static.key* From: http://openvpn.net/index.php/open-source/documentation/miscellaneous/78-stat ic-key-mini-howto.html Which makes for a nice network to network setup for two locations connected via a wan link. Why not shift the discussion to weather we should use IPSEC and racoon instead of OpenVPN, or perhaps we should scrap all that and argue that he should be using Cisco vpn gateways altogether? GUH! ** From what I understand, the remote announce tells the WINS server to broadcast across the remote subnets and remote On 06/07/10 13:50, t...@tms3.com wrote: SNIP Hi All, I'm having a problem with cross subnet browsing and name resolution across an openvpn tunnel. i've found quite a few people who've had the same on mail lists but none of their fixes have worked. The spec of the setups at both ends of the tunnel are as follows: remote announce = 192.168.2.255/NEWDOM 192.168.1.255/NEWDOM remote browse sync = 192.168.1.255 192.168.2.255 This looks odd to me. remote announce = wins server ip/DOMNAME remote browse sync = wins server ip NEEDED in both smb.conf wins server = wins server ip Can't remember default for this setting so enhanced browsing = Yes in both smb.conf DHCP should point clients to headoffice for WINS. WINS proxy is not useful. OS - CentOS 5.5 Samba Version 3.5.4 OpenVPN Version 2.0.9-1 Each server is configured in gateway mode with two NICS, one to the lan and the other to a modem/router. The first machine, HEADOFFICE, has an internal IP address of 192.168.0.1
Re: [Samba] two PDCs
--- Original message --- Subject: Re: [Samba] two PDCs From: Scott Grizzard sc...@scottgrizzard.com To: Tamás Pisch pisc...@gmail.com Cc: samba@lists.samba.org Date: Monday, 12/07/2010 12:38 AM Of course, my users only visited each others' offices occasionally. If you have tons of movement between the offices, a one-domain solution may be forced upon you... Unfortunately, a lot of users are roaming users (teachers with laptop, and users). My plan is that I will set up separate profile shares on both side, but at least they can use their own username and even change their password. So, I would like to try the multi-PDC scenario with master and slave LDAP server, but I worry about a little. It makes very little sense to have multiple PDC's, and only adds to both administrative and user confusion IMHO. Give the present workings of OpenLDAP, just pick a replication strategy the makes sense and use a single domain. I've built and run a single domain on a 15 node VPN with multi-master OpenLDAP backend, and it is remarkably resilient. How are you intending to keep roaming profiles in sync (the files on the server, not the stuff in LDAP)? Are you going to use rsync? Unless users jump from office to office, why bother. I would set road warriors with local profiles and and sync their stuff in a manner appropriate to there schedules/primary location. Scott Grizzard sc...@scottgrizzard.com http://www.ScottGrizzard.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 and DNS
--- Original message --- Subject: [Samba] Samba4 and DNS From: Alex Waite awa...@mcw.edu To: samba@lists.samba.org samba@lists.samba.org Date: Monday, 12/07/2010 4:56 AM Hey Everyone, I've been reading through the Samba4 docs, but I am a bit confused, so please forgive me if I have missed anything obvious. I am trying to setup Samba4 as a Domain Controller for our department. We do not control our DNS; that is done through campus IT. All of our workstations (soon to be members of the domain) already have entries in campus DNS. If I were to submit the contents of the /usr/local/samba/private/dns/ folder (generated by Samba4's provision step) to Campus IT, would that work? Would I be missing out on anything by not running my own DNS server? I've read about the dynamic changes made to DNS by Samba4, but I don't know if I need that if my clients already would have entries in DNS. Talk to DNS admins. Ask them if you can run a master DNS for your domain, and then use campus DNS as a the forwarder. Thank you for your time; I appreciate it. ---Alex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] security = SHARE
I also encounter this problem that the user security mode work fine, but on share security level, it always return NT_STATUS_WRONG_PASSWORD. Is SHARE on samba 3.4 deprecated ? Can anybody give some advice? user = share is like Windoze95/98 type file share. Thanks. -- View this message in context: http://old.nabble.com/security-%3D-SHARE-tp29102498p29114421.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 FreBSD
Having some issues with: samba_dnsupdate Specifically: /usr/bin/nsupdate: cannot specify -gor -o, program not linked with GSS API Library I've looked through the script, and cannot find these options called. If anyone can point me to where they're called I'd appreciate it. Cheers, TMS III -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 FreBSD
--- Original message --- Subject: Re: [Samba] Samba4 FreBSD From: Günter Kukkukk li...@kukkukk.com To: samba@lists.samba.org Date: Sunday, 11/07/2010 4:28 PM Am Sonntag 11 Juli 2010 18:32:34 schrieb t...@tms3.com: Having some issues with: samba_dnsupdate Specifically: /usr/bin/nsupdate: cannot specify -gor -o, program not linked with GSS API Library I've looked through the script, and cannot find these options called. If anyone can point me to where they're called I'd appreciate it. Cheers, TMS III nsupdate is (usually) part of the nameserver bind (named) package. At least named itself writes the build-in compile options to the (kernel) system logfile - after being started. If you don't see the build option --with-gssapi Yes, but there's a bit of snag with gssapi and bind on FreeBSD, so I want to stop the call and work forward as I try to debug things. your bind build is missing some needed features. Cheers, Günter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] smbcquotas tells me that quotas are not enabled
I think you're right in that quotas aren't enabled on the NAS itself and there doesn't appear to be any way of doing so. If I'm to do this, I may have to invent some way of enforcing quotas for the remote machine at the client. That NAS runs on Linux. A few minutes of googling just now reveals there are OS hacks for it. You might go that route. But before I get elbow deep in Perl code, I want to try putting a quota on one of the Samba shares. Is that possible? I wish I had an answer for you. I just don't have enough experience with quotas. You may just have to experiment with it unless/until someone else posts a solution. -- Stan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Cross subnet browsing + OpenVPN
--- Original message --- Subject: Re: [Samba] Cross subnet browsing + OpenVPN From: Robert Schetterer rob...@schetterer.org To: samba@lists.samba.org Date: Friday, 09/07/2010 3:05 AM Am 09.07.2010 11:37, schrieb Julian Pilfold-Bagwell: Sorry about the delay, family emergency to deal with. browse sync shares the info across them. I tried putting the specific IP addresses of the local master browsers into the browse sync but it still doesn't seem to spread everything across all the subnets. you should use tap interfaces with openvpn This is a matter of network design, and has nothing to do whatsoever with the issue at hand. Further: Server configuration file dev tun ifconfig 10.8.0.1 10.8.0.2 secret static.keyClient configuration file remote myremote.mydomain dev tun ifconfig 10.8.0.2 10.8.0.1 secret static.key From: http://openvpn.net/index.php/open-source/documentation/miscellaneous/78-static-key-mini-howto.html Which makes for a nice network to network setup for two locations connected via a wan link. Why not shift the discussion to weather we should use IPSEC and racoon instead of OpenVPN, or perhaps we should scrap all that and argue that he should be using Cisco vpn gateways altogether? GUH! From what I understand, the remote announce tells the WINS server to broadcast across the remote subnets and remote On 06/07/10 13:50, t...@tms3.com wrote: SNIP Hi All, I'm having a problem with cross subnet browsing and name resolution across an openvpn tunnel. i've found quite a few people who've had the same on mail lists but none of their fixes have worked. The spec of the setups at both ends of the tunnel are as follows: remote announce = 192.168.2.255/NEWDOM 192.168.1.255/NEWDOM remote browse sync = 192.168.1.255 192.168.2.255 This looks odd to me. remote announce = wins server ip/DOMNAME remote browse sync = wins server ip NEEDED in both smb.conf wins server = wins server ip Can't remember default for this setting so enhanced browsing = Yes in both smb.conf DHCP should point clients to headoffice for WINS. WINS proxy is not useful. OS - CentOS 5.5 Samba Version 3.5.4 OpenVPN Version 2.0.9-1 Each server is configured in gateway mode with two NICS, one to the lan and the other to a modem/router. The first machine, HEADOFFICE, has an internal IP address of 192.168.0.1 and an external of 192.168.10.4. The second machine, REMOTE1, has an internal address of 192.168.1.254 and an external of 192.168.20.4. On openVPN, I have configured client to client and routes and iroutes to allow machines on each network to ping machines at the other end as well as the server IP's. So far so good and I can ping any machine on either subnet from anywhere and get a reply. The servers are configured as Samba servers with the HEADOFFICE machine working as a PDC, DMC and WINS server and the REMOTE1 machine configured as a BDC and WINS proxy. In order to maintain logon facilities in the event of broadband failure, I have replicated the LDAP server from HEADOFFICE to REMOTE1 and updates and password changes propogate successfully from one site to the other. If I try to access HEADOFFICE from REMOTE1 and REMOTE1's subnet it works perfectly but trying to access REMOTE1 from HEADOFFICE and its subnet fails on name resolution while entering \\192.168.1.254\ brings up Windows Explorer and a list of shares. I've included the remote browse entries in smb.conf on the PDC and have WINS Proxying set up on the BDC but I can't get it to push REMOTE1's IP back to the WINS server. Port scanning the internal IP of each machine from the oher end of the tunnel returns a full set of open ports for the services I'm using but no IP. If anyone can spot what I'm doing wrong I'd be grateful. Thanks. smb.conf - HEADOFFICE ### Included 2nd subnet for second remote site in browse sync [ global] workgroup = NEWDOM netbios name = HEADOFFICE security = user enable privileges = yes interfaces = 192.168.0.1 127.0.0.1 # hosts allow = 192.168.0.0/255.255.255.0 192.168.1.0/255.255.255.0 194.168.2.0/255.255.255.0 127.0.0.1 remote announce = 192.168.2.255/NEWDOM 192.168.1.255/NEWDOM remote browse sync = 192.168.1.255 192.168.2.255 wins support = yes name resolve order = wins hosts bcast username map = /etc/samba/smbusers server string = Samba Server %v encrypt passwords = Yes ldap ssl = no unix password sync = yes ldap passwd sync = no passwd program = /usr/sbin/smbldap-passwd -u %u passwd chat = Changing *\nNew password* %n\n *Retype
Re: [Samba] Regarding S4 and libnss_winbind.so
The wiki suggests to build it out of source3/ which is what samba5x is based on. So you can install it from there. Yeah, reread that after posting, but the build for source3 fails round about the kerberos build: 81rc2# pwd /usr/ports/distfiles/samba-master/source3 81rc2# gmake Using CFLAGS = -g -DDEBUG_PASSWORD -DDEVELOPER -g -Wall -Wshadow -Wpointer-arith -Wcast-align -Wwrite-strings -Wdeclaration-after-statement -Werror-implicit-function-declaration -I. -I/usr/ports/distfiles/samba-master/source3 -I/usr/ports/distfiles/samba-master/source3/../lib/iniparser/src -Iinclude -I./include -I. -I. -I./../lib/replace -I./../lib/tevent -I./libaddns -I./librpc -I./.. -I../lib/tdb/include -DHAVE_CONFIG_H -I/usr/local/include -DLDAP_DEPRECATED -I/usr/ports/distfiles/samba-master/source3/lib -I.. -I../source4 -D_SAMBA_BUILD_=3 -D_SAMBA_BUILD_=3 PICFLAG= -fPIC -DPIC LIBS = -liconv LDFLAGS= -pie -Wl,-z,relro -Wl,--as-needed -L./bin -L/usr/local/lib DYNEXP = -Wl,--export-dynamic LDSHFLAGS = -fPIC -DPIC -shared -Wl,-z,relro -Wl,--as-needed -L./bin -L/usr/local/lib -lc -Wl,-z,defs SHLIBEXT = so SONAMEFLAG = -Wl,-soname, Compiling libsmb/clikrb5.c libsmb/clikrb5.c:1653:2: error: #error UNKNOWN_KRB5_ENCTYPE_TO_STRING_FUNCTION libsmb/clikrb5.c: In function 'smb_krb5_enctype_to_string': libsmb/clikrb5.c:1655: warning: control reaches end of non-void function libsmb/clikrb5.c: In function 'smb_krb5_principal_get_realm': libsmb/clikrb5.c:2262: warning: return discards qualifiers from pointer target type The following command failed: gcc -g -DDEBUG_PASSWORD -DDEVELOPER -g -Wall -Wshadow -Wpointer-arith -Wcast-align -Wwrite-strings -Wdeclaration-after-statement -Werror-implicit-function-declaration -I. -I/usr/ports/distfiles/samba-master/source3 -I/usr/ports/distfiles/samba-master/source3/../lib/iniparser/src -Iinclude -I./include -I. -I. -I./../lib/replace -I./../lib/tevent -I./libaddns -I./librpc -I./.. -I../lib/tdb/include -DHAVE_CONFIG_H -I/usr/local/include -DLDAP_DEPRECATED -I/usr/ports/distfiles/samba-master/source3/lib -I.. -I../source4 -D_SAMBA_BUILD_=3 -D_SAMBA_BUILD_=3 -fPIC -DPIC -c libsmb/clikrb5.c -o libsmb/clikrb5.o gmake: *** [libsmb/clikrb5.o] Error 1 Further, I cannot find this library file on a Samba3.4.8 machine FreeBSD8.0 system where winbindd and nss are working splendidly: zaphod# find / -name libnss_winbind.so -print zaphod# So, just curious what I should be looking for. Cheers, TMS III On Thu, Jul 8, 2010 at 11:33 PM, t...@tms3.com wrote: Apparently this didn't/doesn't build on FreeBSD by default...or is it doesn't build at all. If it is buildable, what should I do to build it, as without it...see wiki: http://wiki.samba.org/index.php/Samba4/Winbind -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] two PDCs
On Friday 09/07/2010 at 4:36 am, Tamás Pisch wrote: Hello, I have a PDC with master ldap backend and a BDC with slave ldap backend (both are SaMBa 3.2 on Debian Lenny). I want to install an additional SaMBa server on an another site (on Debian Squeeze). The two sites is connected with VPN (on not so reliable ADSL lines). I read an interesting network scenario in the Samba Guide chapter 6: theoretically it is possible to install one PDC on both site, with the same domain, server name, and SID. I like this idea, but: is there anyone who tried that, have experience with it? No, but your best option is to simply use LDAP replication and install an LDAP server on the remote location server. This way, auth traffic on the remote is always local (saving bandwidth) and is available regardless of the link being up or down. Do the same with DNS, and you'll be quite happy with the results as will your users. Thank you, in advance. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] two PDCs
SNIP I think the multi-master replication sort-of defeats the purpose of the PDC in the remote office - multi-master replication means the information must be sent to both servers anyway. If I recall correctly, I think Chapter 6 refers to running BDC's in each remote office, and only one PDC... I played with this once, and I got it working by setting up a PDC and BDC in the main office, a BDC (not PDC) in the remote office, and using LDAP's new multi-master replication to keep everything in sync. Throw in your DNS database, and It works, it's cool, but I think it was so not worth the effort (unless you have nothing better to do with your 20% time). I spent a whole lot of time making sure the configs were perfect for the mult-master replication. I found it quite simple. But I had a rather extensive use of NTLM auth stuff going on as well. The thing that threw the monkey-wrench is DNS and DHCP...I ended up putting all the DHCP information into the LDAP as well, with defined IP addresses for every MAC, because DHCPd updates the DNS when a new user requests an IP address. Since I put a DHCP server on both sides of the VPN, I needed multi-master replication for the DNS information so the computers could find each other. In the end, I dumped the MAC addresses from my hardware catalog into the LDAP, and preassigned all the IP's to reduce the number of writes to the LDAP server. Well, I'll just say there are many ways to skin a cat, and leave it at that. I found it is much easier to set up two separate domains and have them trust each other, using different branches of the same LDAP tree. Then, let one server write to one branch, the other server write to the other branch, and do multi-master replication between them. That way, there is no worrying about simultaneous updates or any of that jazz. Not as cool...or as elegant, but it made my life easier by isolating problems. I did the same for the DNS information, setting up separate zones for each physical office. Since the information was in the same tree, it was much easier to configure mail servers and other services needing directory information, and since I did not delegate the branches, the mail server (only in the main office) did not need to read off my remote directories over VPN. Of course, my users only visited each others' offices occasionally. If you have tons of movement between the offices, a one-domain solution may be forced upon you... On Fri, Jul 9, 2010 at 8:58 AM, t...@tms3.com wrote: On Friday 09/07/2010 at 4:36 am, Tamás Pisch wrote: Hello, I have a PDC with master ldap backend and a BDC with slave ldap backend (both are SaMBa 3.2 on Debian Lenny). I want to install an additional SaMBa server on an another site (on Debian Squeeze). The two sites is connected with VPN (on not so reliable ADSL lines). I read an interesting network scenario in the Samba Guide chapter 6: theoretically it is possible to install one PDC on both site, with the same domain, server name, and SID. I like this idea, but: is there anyone who tried that, have experience with it? No, but your best option is to simply use LDAP replication and install an LDAP server on the remote location server. This way, auth traffic on the remote is always local (saving bandwidth) and is available regardless of the link being up or down. Do the same with DNS, and you'll be quite happy with the results as will your users. Thank you, in advance. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Scott Grizzard sc...@scottgrizzard.com http://www.ScottGrizzard.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] two PDCs
How did you get it working like that so quickly? This site has an EXCELLENT primer on it: http://www.zytrax.com/books/ldap/ch7/ As well, openldap's site http://www.openldap.org/ If you only have 2 ldap servers, you can use the simpler master slave setup as well. It's just that if you start needing more ldap servers, you'd need to reconfigure again. Did you get it working with two primary domain controllers? No. This is not recommended, and I don't play in production environments...much. Never tried it in the lab either. (As opposed to one PDC and two BDC's?) How did you manage to resolve the DNS update issue? Honestly, I have no idea what DNS problems the other responder had. The only DNS issues I had was making the W2k3 domain play nice with bind9 and vis-a-versa. Further, if you want locked IP's for workstations via mac, there are many ways of doing this. dhcpd.conf for instance. But to each his own. Updates are sent to the master DNS, if it's unavailable no update, so if you're forcing new IPs from dhcp every reboot, or every xxx seconds then, during wan outages you might have issues, I suppose. Depends on how badly you need name service resolution of client workstations. On Fri, Jul 9, 2010 at 12:58 PM, t...@tms3.com wrote: SNIP I think the multi-master replication sort-of defeats the purpose of the PDC in the remote office - multi-master replication means the information must be sent to both servers anyway. If I recall correctly, I think Chapter 6 refers to running BDC's in each remote office, and only one PDC... I played with this once, and I got it working by setting up a PDC and BDC in the main office, a BDC (not PDC) in the remote office, and using LDAP's new multi-master replication to keep everything in sync. Throw in your DNS database, and It works, it's cool, but I think it was so not worth the effort (unless you have nothing better to do with your 20% time). I spent a whole lot of time making sure the configs were perfect for the mult-master replication. I found it quite simple. But I had a rather extensive use of NTLM auth stuff going on as well. The thing that threw the monkey-wrench is DNS and DHCP...I ended up putting all the DHCP information into the LDAP as well, with defined IP addresses for every MAC, because DHCPd updates the DNS when a new user requests an IP address. Since I put a DHCP server on both sides of the VPN, I needed multi-master replication for the DNS information so the computers could find each other. In the end, I dumped the MAC addresses from my hardware catalog into the LDAP, and preassigned all the IP's to reduce the number of writes to the LDAP server. Well, I'll just say there are many ways to skin a cat, and leave it at that. I found it is much easier to set up two separate domains and have them trust each other, using different branches of the same LDAP tree. Then, let one server write to one branch, the other server write to the other branch, and do multi-master replication between them. That way, there is no worrying about simultaneous updates or any of that jazz. Not as cool...or as elegant, but it made my life easier by isolating problems. I did the same for the DNS information, setting up separate zones for each physical office. Since the information was in the same tree, it was much easier to configure mail servers and other services needing directory information, and since I did not delegate the branches, the mail server (only in the main office) did not need to read off my remote directories over VPN. Of course, my users only visited each others' offices occasionally. If you have tons of movement between the offices, a one-domain solution may be forced upon you... On Fri, Jul 9, 2010 at 8:58 AM, t...@tms3.com wrote: On Friday 09/07/2010 at 4:36 am, Tamás Pisch wrote: Hello, I have a PDC with master ldap backend and a BDC with slave ldap backend (both are SaMBa 3.2 on Debian Lenny). I want to install an additional SaMBa server on an another site (on Debian Squeeze). The two sites is connected with VPN (on not so reliable ADSL lines). I read an interesting network scenario in the Samba Guide chapter 6: theoretically it is possible to install one PDC on both site, with the same domain, server name, and SID. I like this idea, but: is there anyone who tried that, have experience with it? No, but your best option is to simply use LDAP replication and install an LDAP server on the remote location server. This way, auth traffic on the remote is always local (saving bandwidth) and is available regardless of the link being up or down. Do the same with DNS, and you'll be quite happy with the results as will your users. Thank you, in advance. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read
Re: [Samba] group permissions not setting correctly.
On Samba 3.5.4, I have a share that should be writable by all in the Domain Users group. When I write to the share, the permission mode is correct but the data doesn't have the correct group and instead lists the username as the group. Do you have: pam_ldap/nss_ldap .conf setup correctly (They may be the same file depending on Linux OS. Ubuntu server uses same file.)? nsswitch.conf set up correctly? I tried using force group but the share stopped being accessible after a restart so I removed it. It doesn't seem like this is standard behavior so I'm not sure what could be causing it. Relevant smb.conf info: [global] workgroup = domain netbios name = fs server string = domauin FS passdb backend = ldapsam:ldap://127.0.0.1 printcap name = cups printing = cups security = user log level = 3 name resolve order = wins bcast hosts ldap ssl = off ldap admin dn = cn=root,dc=domain,dc=com ldap suffix = dc=domain,dc=com ldap user suffix = ou=Users ldap group suffix = ou=Group ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Computers ldap delete dn = Yes add user script = /usr/sbin/smbldap-useradd -m %u add machine script = /usr/sbin/smbldap-useradd -w %u add group script = /usr/sbin/smbldap-groupadd -p %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u delete user script = /usr/sbin/smbldap-userdel %u delete group script = /usr/sbin/smbldap-groupdel %g logon path = \\%L\profiles\%U logon drive = H: logon home = \\%L\%U #logon script = %U.bat logon script = logon.bat domain master = Yes domain logons = Yes os level = 35 preferred master = Yes idmap uid = 15000-2 idmap gid = 15000-2 passwd program = /usr/bin/passwd '%u' unix password sync = yes passwd chat = *New UNIX password* %n\n *Retype new UNIX password* %n\n *updated successfully* enable privileges = yes username map = /etc/samba/smbusers wins support = yes [public] path = /data/public create mask = 0775 create mode = 0775 directory mask = 0775 guest ok = no browseable = Yes writable = yes write list = @Domain Users -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] File owner SID instead of name showing for one user
Hello, I recently migrated all data and user accounts from our old Samba file server to a new (Samba 3.4.0 on Unbuntu 9.10) one. Everything is working fine except that there is one user whose SID is showing in the Owner column of Windows Explorer instead of the user name. It's not a big problem, but the user is uncomfortable with it and I'd like to know why it's happening and how to fix it. Check for duplicate UID's somewhere. Any help would be much appreciated. Thanks. Greg -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] File owner SID instead of name showing for one user
Also make sure that SID returned by wbinfo -n DOMAIN\name matches the name returned bywbinfo -s SID command. Yeah...but that's a real puzzler, isn't it? Why the is the nsswitch/winbindd process getting a SID as a value for uid? I've seen it briefly when some process is lagging out. But I can't ever recall such a state being permanentOdd...something's nagging me about this, can't put my finger on it. On 07/08/2010 01:45 PM, t...@tms3.com wrote: Hello, I recently migrated all data and user accounts from our old Samba file server to a new (Samba 3.4.0 on Unbuntu 9.10) one. Everything is working fine except that there is one user whose SID is showing in the Owner column of Windows Explorer instead of the user name. It's not a big problem, but the user is uncomfortable with it and I'd like to know why it's happening and how to fix it. Check for duplicate UID's somewhere. Any help would be much appreciated. Thanks. Greg -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] File owner SID instead of name showing for one user
--- Original message --- Subject: Re: [Samba] File owner SID instead of name showing for one user From: Gregory A. Cain g...@gregorycain.net To: samba@lists.samba.org Date: Thursday, 08/07/2010 11:38 AM Thank you - wbinfo -s (user sid) returns Could not lookup sid (user sid) But all other SID lookups are good (well at least a test smattering of them)? How do I fix this? Thanks again. On 7/8/2010 10:56 AM, Gaiseric Vandal wrote: Also make sure that SID returned by wbinfo -n DOMAIN\name matches the name returned by wbinfo -s SID command. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] File owner SID instead of name showing for one user
On 07/08/2010 03:10 PM, Gregory A. Cain wrote: Exactly. I checked 4 or 5 other users - no problems. Also did a spot-check of files belonging to other users in Windows Explorer. It appears this is the only user with the problem. I checked for duplicate UID's and found none. Using ls -l on the server returns the correct user name and UID for the files. OK, Greg, let me get this straight: 1. From a server terminal ls -l shows correct info. 2. Only in Windows exploderer the SID instead of name? 3. I forget...Samba domain or samba joined to AD domain? On 7/8/2010 12:01 PM, t...@tms3.com wrote: wbinfo -s (user sid) returns Could not lookup sid (user sid) But all other SID lookups are good (well at least a test smattering of them)? What does pdbedit -Lv theuser show? It should show the user's SID. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Regarding S4 and libnss_winbind.so
Apparently this didn't/doesn't build on FreeBSD by default...or is it doesn't build at all. If it is buildable, what should I do to build it, as without it...see wiki: http://wiki.samba.org/index.php/Samba4/Winbind Cheers, TMS III -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] One account can access samba, another can't.
My wife and I each have our own workstation dual-booting WinXP and Gentoo Linux. We also have a third which runs Gentoo all the time. I wanted to set up samba on the third box and provide some extra storage space for both our Windows installs. It worked for a few days, then all of a sudden it stopped letting my account (michael) in while still letting my wife's account (amy) use the share. Here's my /etc/samba/smb.conf: carter samba # cat /etc/samba/smb.conf [global] workgroup = MYGROUP security = user encrypt passwords = yes guest account = guest wins support = yes local master = yes os level = 99 domain master = yes preferred master = yes hosts allow = 192.168.1. 127. interfaces = eth0 log level = 1 [tmp] path=/tmp writeable=yes [homes] path=/samba/michael valid users=michael writable=yes path=/samba/amy valid users=amy writeable=yes Erm, the [homes] isn't an outline heading. It is a share name. It is unique, and has a unique path. You probably want to use an auto login for homes such that a user connects to \\sever\share\%U where the share in smb.conf would be say [homes] path = /samba valid users = michael, amy writeable = yes Then setting up the sub directories michael and amy under /samba and, since this is a nice simple setup chmod -R 700 /samba/michael (and amy) chown -R michael ./samba/michael You get the point. Check man smb.conf for options on setting up home directory shares. Cheers, TMS III Here's smbusers:carter samba # cat /etc/samba/smbusers # $Header: /var/cvsroot/gentoo-x86/net-fs/samba/files/3.4/smbusers,v 1.1 2010/02/26 20:11:18 patrick Exp $ # Syntax: # Unix_name = SMB_name1 SMB_name2 ... root = Administrator admin nobody = guest pcguest smbguest michael = michael amy = amy (I hope I got the syntax right.) carter / # ls -l . . . drwxr-xr-x 4 nobody nobody30 Jul 8 10:13 samba . . . carter / # ls -l /samba total 0 drwx-- 4 amy users 39 Jul 8 10:13 amy drwxr-xr-x 5 michael users 58 Jun 24 00:11 michael Here I log in with amy: carter samba # su - amy a...@carter ~ $ smbclient //carter/homes Enter amy's password: Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.4.6] smb: \ ls . D0 Thu Jul 8 10:13:42 2010 .. D0 Thu Jul 8 10:13:49 2010 backup D0 Fri Jun 25 20:34:15 2010 Program Files D0 Thu Jul 8 10:13:42 2010 59608 blocks of size 16777216. 58564 blocks available smb: \ and then with mcarter samba # su - michael mich...@carter ~ $ smbclient //carter/homes Enter michael's password: Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.4.6] tree connect failed: NT_STATUS_ACCESS_DENIED mich...@carter ~ $ Here's the contents of my log files: carter samba # cat log.nmbd [2010/07/08 14:32:45, 0] nmbd/nmbd.c:854(main) nmbd version 3.4.6 started. Copyright Andrew Tridgell and the Samba Team 1992-2009 [2010/07/08 14:32:45, 0] nmbd/asyncdns.c:155(start_async_dns) started asyncdns process 21024 [2010/07/08 14:32:45, 0] nmbd/nmbd_become_dmb.c:337(become_domain_master_browser_wins) become_domain_master_browser_wins: Attempting to become domain master browser on workgroup MYGROUP, subnet UNICAST_SUBNET. [2010/07/08 14:32:45, 0] nmbd/nmbd_become_dmb.c:351(become_domain_master_browser_wins) become_domain_master_browser_wins: querying WINS server from IP 192.168.1.2 for domain master browser name MYGROUP1b on workgroup MYGROUP [2010/07/08 14:32:51, 0] nmbd/nmbd_become_dmb.c:110(become_domain_master_stage2) * Samba server CARTER is now a domain master browser for workgroup MYGROUP on subnet UNICAST_SUBNET * [2010/07/08 14:32:51, 0] nmbd/nmbd_become_dmb.c:292(become_domain_master_browser_bcast) become_domain_master_browser_bcast: Attempting to become domain master browser on workgroup MYGROUP on subnet 192.168.1.2 [2010/07/08 14:32:51, 0] nmbd/nmbd_become_dmb.c:305(become_domain_master_browser_bcast) become_domain_master_browser_bcast: querying subnet 192.168.1.2 for domain master browser on workgroup MYGROUP [2010/07/08 14:32:59, 0] nmbd/nmbd_become_dmb.c:110(become_domain_master_stage2) * Samba server CARTER is now a domain master browser for workgroup MYGROUP on subnet 192.168.1.2 * [2010/07/08 14:33:07, 0] nmbd/nmbd_become_lmb.c:395(become_local_master_stage2) * Samba name server CARTER is now a local master browser for workgroup MYGROUP on subnet 192.168.1.2 * carter samba # cat log.smbd [2010/07/08 14:24:52, 0] smbd/server.c:1073(main) smbd version 3.4.6 started. Copyright Andrew Tridgell and the Samba Team 1992-2009 [2010/07/08 14:24:52, 0] printing/print_cups.c:103(cups_connect) Unable to connect to CUPS server /var/run/cups/cups.sock:631 - No such file or directory [2010/07/08 14:24:52, 0] printing/print_cups.c:103(cups_connect) Unable to connect to
Re: [Samba] One account can access samba, another can't.
SNIP mich...@carter ~ $ smbclient //carter/homes/michael Yep. You need to use the home path stuff. Alternatively you could, just to make it very easy #Share for michael [MICHEAL] path = /samba/michael (etc.) #Share for amy [AMY] path = /samba/amy (etc.) Then the mount from cifs, or windoze is \\server-name\michael or \\sever-name\amy Enter michael's password: Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.4.6] tree connect failed: NT_STATUS_BAD_NETWORK_NAME mich...@carter ~ $ exit logout carter ~ # su - amy a...@carter ~ $ smbclient //carter/homes/amy Enter amy's password: Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.4.6] tree connect failed: NT_STATUS_BAD_NETWORK_NAME a...@carter ~ $ exit logout and here's the log: carter ~ # cat /var/log/samba/log.smbd [2010/07/08 14:24:52, 0] smbd/server.c:1073(main) smbd version 3.4.6 started. Copyright Andrew Tridgell and the Samba Team 1992-2009 [2010/07/08 14:24:52, 0] printing/print_cups.c:103(cups_connect) Unable to connect to CUPS server /var/run/cups/cups.sock:631 - No such file or directory [2010/07/08 14:24:52, 0] printing/print_cups.c:103(cups_connect) Unable to connect to CUPS server /var/run/cups/cups.sock:631 - No such file or directory [2010/07/08 14:24:52, 0] smbd/server.c:457(smbd_open_one_socket) smbd_open_once_socket: open_socket_in: Address already in use [2010/07/08 14:24:52, 0] smbd/server.c:457(smbd_open_one_socket) smbd_open_once_socket: open_socket_in: Address already in use [2010/07/08 14:32:44, 0] smbd/server.c:1073(main) smbd version 3.4.6 started. Copyright Andrew Tridgell and the Samba Team 1992-2009 [2010/07/08 14:32:45, 0] printing/print_cups.c:103(cups_connect) Unable to connect to CUPS server /var/run/cups/cups.sock:631 - No such file or directory [2010/07/08 14:32:45, 0] printing/print_cups.c:103(cups_connect) Unable to connect to CUPS server /var/run/cups/cups.sock:631 - No such file or directory [2010/07/08 14:32:45, 0] smbd/server.c:457(smbd_open_one_socket) smbd_open_once_socket: open_socket_in: Address already in use [2010/07/08 14:32:45, 0] smbd/server.c:457(smbd_open_one_socket) smbd_open_once_socket: open_socket_in: Address already in use [2010/07/08 14:33:32, 0] lib/util_sock.c:1564(matchname) matchname: host name/address mismatch: :::192.168.1.2 != carter.espersunited.com [2010/07/08 14:33:32, 0] lib/util_sock.c:1685(get_peer_name) Matchname failed on carter.espersunited.com :::192.168.1.2 [2010/07/08 14:33:32, 1] smbd/service.c:1063(make_connection_snum) carter (:::192.168.1.2) connect to service amy initially as user amy (uid=1001, gid=100) (pid 21335) [2010/07/08 14:34:13, 1] smbd/service.c:1240(close_cnum) carter (:::192.168.1.2) closed connection to service amy [2010/07/08 14:34:26, 0] lib/util_sock.c:1564(matchname) matchname: host name/address mismatch: :::192.168.1.2 != carter.espersunited.com [2010/07/08 14:34:26, 0] lib/util_sock.c:1685(get_peer_name) Matchname failed on carter.espersunited.com :::192.168.1.2 [2010/07/08 14:34:26, 1] smbd/service.c:676(make_connection_snum) create_connection_server_info failed: NT_STATUS_ACCESS_DENIED [2010/07/08 14:43:10, 0] smbd/server.c:1073(main) smbd version 3.4.6 started. Copyright Andrew Tridgell and the Samba Team 1992-2009 [2010/07/08 14:43:10, 0] printing/print_cups.c:103(cups_connect) Unable to connect to CUPS server /var/run/cups/cups.sock:631 - No such file or directory [2010/07/08 14:43:10, 0] printing/print_cups.c:103(cups_connect) Unable to connect to CUPS server /var/run/cups/cups.sock:631 - No such file or directory [2010/07/08 14:43:10, 0] smbd/server.c:457(smbd_open_one_socket) smbd_open_once_socket: open_socket_in: Address already in use [2010/07/08 14:43:10, 0] smbd/server.c:457(smbd_open_one_socket) smbd_open_once_socket: open_socket_in: Address already in use [2010/07/08 20:35:51, 0] smbd/server.c:1073(main) smbd version 3.4.6 started. Copyright Andrew Tridgell and the Samba Team 1992-2009 [2010/07/08 20:35:51, 0] printing/print_cups.c:103(cups_connect) Unable to connect to CUPS server /var/run/cups/cups.sock:631 - No such file or directory [2010/07/08 20:35:51, 0] printing/print_cups.c:103(cups_connect) Unable to connect to CUPS server /var/run/cups/cups.sock:631 - No such file or directory [2010/07/08 20:35:51, 0] smbd/server.c:457(smbd_open_one_socket) smbd_open_once_socket: open_socket_in: Address already in use [2010/07/08 20:35:51, 0] smbd/server.c:457(smbd_open_one_socket) smbd_open_once_socket: open_socket_in: Address already in use [2010/07/08 20:36:09, 0] lib/util_sock.c:1564(matchname) matchname: host name/address mismatch: :::192.168.1.2 != carter.espersunited.com [2010/07/08 20:36:09, 0] lib/util_sock.c:1685(get_peer_name) Matchname failed on carter.espersunited.com :::192.168.1.2 [2010/07/08 20:36:09, 0] smbd/service.c:1202(make_connection) carter
Re: [Samba] domain change
--- Original message --- Subject: [Samba] domain change From: Pascal pascal.legr...@univ-orleans.fr To: samba@lists.samba.org Date: Wednesday, 07/07/2010 4:23 AM i've got a problem about a windows xp station : i change this machine from a domain to another, but when the user, wich use this machine, connect on it he lost his parameters and data (cause of the different sid). is there an easy way to make this user keep his parameters and data ? Yes, before leaving the domain, log in as user and use file and settings transfer wizard to store profile data...Start-All Programs- Accessories-System tools-File and Settings Transfer Wizard. Save data to local hard drive or net share. Log into New Dom with correct user account and import transfer wizard data. thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem After Upgrade - NT_STATUS_FILE_IS_A_DIRECTORY
I'm running Samba 3.4.7 on Ubuntu 10.04. This is a recent upgrade and we've starting experience a sporadic problem after this upgrade. When users are browsing through Windows Explorer they sometimes run across folders that appear as unassociated files. This requires the user to click the 'Refresh' button in Windows Explorer to properly see the folders. The files and folders are hosted on our Ubuntu server and shared with Samba and accessed on the Windows clients through various mapped network drives. The files on the Ubuntu server shared through Samba are actually MOUNTED onto the Ubuntu server from a Windows XP server that is hosting the files locally. This is truly a bad idea. That XP share should be mounted by the workstations just like the server shares. Move the data to the server, or use the XP box as a server to directly serve those who need the data on it. Cheers, TMS III These mounted files and folders are what is giving the users trouble in seeing folders correctly. We have other files hosted locally on the Ubuntu server and shared through Samba, but these are NOT giving us problems when browsing them through Windows Explorer. The only files that are giving us this problem are the mounted files. I've noticed that every time I come across a list of folders in Windows Explorers that look like unassociated files, I get the following error messages in /var/log/samba/log.smbd : --- error packet at smbd/nttrans.c(563) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_PATH_NOT_FOUND [2010/07/06 15:56:24, 3] smbd/process.c:1459(process_smb) [2010/07/06 15:56:24, 3] smbd/error.c:60(error_packet_set) error packet at smbd/nttrans.c(563) cmd=162 (SMBntcreateX) NT_STATUS_FILE_IS_A_DIRECTORY --- The mounting of the files is done through /etc/fstab with CIFS as the mount type. The only solution I can think of would be to move the mounted files to the Ubuntu server so they are hosted locally. Like I said, we are already doing this with some directories, and we are not experiencing a problem browsing through those. If anyone has any ideas I would be glad to know. Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem After Upgrade - NT_STATUS_FILE_IS_A_DIRECTORY
SNIP This is truly a bad idea. That XP share should be mounted by the workstations just like the server shares. Move the data to the server, or use the XP box as a server to directly serve those who need the data on it. Cheers, TMS III Why is this a bad idea? We've been running this setup for a few years now and its been working fine until we upgraded. The XP box only allows 10 user limit for shares, so that's why we mounted it to the Ubuntu server and shared it with Samba instead of having to pay for Windows Server license. The problem with simply moving the files over to the Ubuntu server is that the files on the XP box are stored on a RAID array that comes with a controller card whose driver is really only designed to be run on Windows, not Linux. Is this a *real* RAID controller or a 'fake' (BIOS/Software/MB) RAID controller? If it is a real controller are you sure there is no Linux driver for it? (Esp. since you are using Ubuntu!) If it is a software/BIOS/MB RAID controller the performance is going to be really bad -- these controllers are really only meant for home systems and not really for true servers. I'd have to setup mdadm on Ubuntu, which I've done before and was not impressed. The Windows RAID system we have is much more easier to maintain. Oh, you mean you have to actually use your keyboard? How dreadfull... Do you mean to say that the files local to the Ubuntu *server* are not on a RAID array? I don't want to get off topic here, I just want to know why Samba is giving me trouble browsing these mounted directories. This sort of 'game' (mounting files from one 'server' on another server and then re-exporting them), is not *specific* to Samba. See what happens when you try to NFS export file systems mounted as nfs file systems (although I expect nfsd/mountd would refuse to let you do that in the first place). There are several problems: It tends to confuse the server(s). File serving software (Samba, NFSD, etc.) really expect the data they are serving to be local (yes, using a NAS or something like that is a little different) and are written to optimal to work that way. It causes lots of network traffic: every I/O operation causes two batches of network traffic and implies two sets of network channels: one set between the machine with the physical disks (the XP box) and the 'server' (the Ubuntu box), and a *second* set of network channels between the 'server' (the Ubuntu box) and the final client(s) (the client MS-Windows machine(s)). If this is on one physical network (if the 'server' (the Ubuntu box) only has one NIC), then the you have lots of network collisions, which means your network thoughput will truely suck (eg network timeouts, dropped/lost packets, etc.). I expect that 'before' you 'got by' by luck. What might be happening now is that some fix to Samba is biting you or maybe you are getting network I/O errors (timeouts?) because of what I described in the paragraph above. What you are doing is not really going to work in the long term. You either need to: 1) Buy a real, supported RAID card for the Ubuntu system. 2) Live with mdadm 3) Pay for licenses for the XP system. Couldn't agree more. One more item is that the CIFS share to the XP box is the user that mounted the file system on Ubuntu. Bah! Just ugly all around. -- Robert Heller -- 978-544-6933 Deepwoods Software-- Download the Model Railroad System http://www.deepsoft.com/ -- Binaries for Linux and MS-Windows hel...@deepsoft.com -- http://www.deepsoft.com/ModelRailroadSystem/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] YeeFreakingHa!
Samba4 latest on FreeBSD8.1RC2 built and running as a joined DC: 81rc2# pwd /usr/local/samba/sbin 81rc2# ps -ax | grep samba 92436 ?? Ss 0:00.24 ./samba 92437 ?? S 0:00.01 ./samba 92438 ?? I 0:00.04 ./samba 92439 ?? S 0:00.01 ./samba 92440 ?? S 0:00.00 ./samba 92441 ?? S 0:00.00 ./samba 92442 ?? S 0:00.00 ./samba 92443 ?? S 0:00.01 ./samba 92444 ?? S 0:00.89 ./samba 92445 ?? S 0:00.00 ./samba 92446 ?? S 0:00.00 ./samba 92447 ?? I 0:00.10 ./samba 92448 ?? I 0:00.02 ./samba 93215 0 R+ 0:00.00 grep samba 81rc2# uname -a FreeBSD 81rc2.tms3.com 8.1-RC2 FreeBSD 8.1-RC2 #0: Wed Jul 7 06:59:46 PDT 2010 t...@81rc2.tms3.com:/usr/obj/usr/src/sys/IPFAST amd64 81rc2# netstat -an Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) tcp4 0 0 192.168.64.51.445 192.168.64.123.59566 ESTABLISHED Nice work team!!! Now there are some errors. 81RC2 is the FreeBSD81RC2 box and T3 is an Ubuntu server 10.4 samba4 box: Working from BSD box: 81rc2# ./net drs kcc -Uadministrator 81rc2.tms3.com Password for [TMS3\administrator]: dos charset 'CP850' unavailable - using ASCII Default-First-Site-Name Current Site Options: (none) Consistency check on 81rc2.tms3.com successful. 81rc2# ./net drs kcc -Uadministrator T3.tms3.com Password for [TMS3\administrator]: dos charset 'CP850' unavailable - using ASCII Default-First-Site-Name Current Site Options: (none) Consistency check on T3.tms3.com successful. Not so much: 81rc2# ./net drs showrepl 81rc2 dos charset 'CP850' unavailable - using ASCII Password for [administra...@tms3.com]: Default-First-Site-Name\81RC2 DSA Options: (none) Site Options: (none) DSA object GUID: 4ec570a8-85c1-4328-b6fa-57882281e3a8 DSA invocationID: c3ed7e55-f889-4c28-9582-da12f824d892 INBOUND NEIGHBORS DsReplicaGetInfo failed - NT_STATUS_RPC_PROTOCOL_ERROR. DsReplicaGetInfo() failed for DRSUAPI_DS_REPLICA_INFO_KCC_DSA_CONNECT_FAILURES. return code = -1 Sorta kinda working...I think: 81rc2# ./net drs showrepl T3 dos charset 'CP850' unavailable - using ASCII Default-First-Site-Name\T3 DSA Options: 0x0001 Site Options: (none) DSA object GUID: fdaf2ed0-3630-41ba-96a6-554f0316bf75 DSA invocationID: 5b89c863-f8b0-4310-907d-20e978c9fd98 INBOUND NEIGHBORS DC=tms3,DC=com Default-First-Site-Name\DEATHKNIGHT via RPC DSA object GUID: 58bfc826-cd9f-445d-b6e5-ab7314ba0671 Last attempt @ Wed Jul 7 20:59:24 2010 PDT was successful. 0 consecutive failure(s). Last success @ Wed Jul 7 20:59:24 2010 PDT DC=tms3,DC=com Default-First-Site-Name\EOWYN via RPC DSA object GUID: af29c79c-57dc-40f3-bed1-95c3adda4cc8 Last attempt @ Wed Jul 7 20:59:24 2010 PDT was successful. 0 consecutive failure(s). Last success @ Wed Jul 7 20:59:24 2010 PDT DC=tms3,DC=com Default-First-Site-Name\WWW via RPC DSA object GUID: 0e787088-a072-4f35-9738-d343201f71a2 Last attempt @ NTTIME(0) was successful. 0 consecutive failure(s). Last success @ NTTIME(0) DC=tms3,DC=com Default-First-Site-Name\81RC2 via RPC DSA object GUID: 4ec570a8-85c1-4328-b6fa-57882281e3a8 Last attempt @ NTTIME(0) was successful. 0 consecutive failure(s). Last success @ NTTIME(0) CN=Schema,CN=Configuration,DC=tms3,DC=com Default-First-Site-Name\DEATHKNIGHT via RPC DSA object GUID: 58bfc826-cd9f-445d-b6e5-ab7314ba0671 Last attempt @ Wed Jul 7 20:59:24 2010 PDT was successful. 0 consecutive failure(s). Last success @ Wed Jul 7 20:59:24 2010 PDT CN=Schema,CN=Configuration,DC=tms3,DC=com Default-First-Site-Name\EOWYN via RPC DSA object GUID: af29c79c-57dc-40f3-bed1-95c3adda4cc8 Last attempt @ Wed Jul 7 20:59:25 2010 PDT was successful. 0 consecutive failure(s). Last success @ Wed Jul 7 20:59:25 2010 PDT CN=Schema,CN=Configuration,DC=tms3,DC=com Default-First-Site-Name\WWW via RPC DSA object GUID: 0e787088-a072-4f35-9738-d343201f71a2 Last attempt @ NTTIME(0) was successful. 0 consecutive failure(s). Last success @ NTTIME(0) CN=Schema,CN=Configuration,DC=tms3,DC=com Default-First-Site-Name\81RC2 via RPC DSA object GUID: 4ec570a8-85c1-4328-b6fa-57882281e3a8 Last attempt @ NTTIME(0) was successful. 0 consecutive failure(s). Last success @ NTTIME(0) CN=Configuration,DC=tms3,DC=com Default-First-Site-Name\DEATHKNIGHT via RPC DSA object GUID: 58bfc826-cd9f-445d-b6e5-ab7314ba0671
Re: [Samba] net ads testjoin
SNIP Is there anyone who can help with this question? prism# net ads testjoin Join is OK That's about it. Pretty simple. Regards, Khaled 2010/4/30 Khaled Blah khaled.b...@googlemail.com: Can anyone give me any hints please? I've read the man pages for smb.conf and for net and then I read the manual about the net command. Still, I don't know what testjoin actually does or tries to do. Regards, Khaled 2010/4/26 Khaled Blah khaled.b...@googlemail.com: I hope bumping is not frowned upon in this list :) cheers, Khaled 2010/4/24 Khaled Blah khaled.b...@googlemail.com: Hello all, I am new to this list and hopefully I am at the right place. Firstly, thanks to everyone involved in this project. You do a great job! Now, I use net to join Windows AD domains and was wondering where I can find out more information on what happens during a net ads testjoin. The information I found on the documentation pages of net or smb.conf on the website did not say much about it. I have noticed that a testjoin will ask for a password when the domain membership is not valid and it'll ignore kerberos tickets. Is there something I am missing here? I am grateful to any insight you guys could give me! Regards, Khaled -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Cross subnet browsing + OpenVPN
SNIP Hi All, I'm having a problem with cross subnet browsing and name resolution across an openvpn tunnel. i've found quite a few people who've had the same on mail lists but none of their fixes have worked. The spec of the setups at both ends of the tunnel are as follows: remote announce = 192.168.2.255/NEWDOM 192.168.1.255/NEWDOM remote browse sync = 192.168.1.255 192.168.2.255 This looks odd to me. remote announce = wins server ip/DOMNAME remote browse sync = wins server ip NEEDED in both smb.conf wins server = wins server ip Can't remember default for this setting so enhanced browsing = Yes in both smb.conf DHCP should point clients to headoffice for WINS. WINS proxy is not useful. OS - CentOS 5.5 Samba Version 3.5.4 OpenVPN Version 2.0.9-1 Each server is configured in gateway mode with two NICS, one to the lan and the other to a modem/router. The first machine, HEADOFFICE, has an internal IP address of 192.168.0.1 and an external of 192.168.10.4. The second machine, REMOTE1, has an internal address of 192.168.1.254 and an external of 192.168.20.4. On openVPN, I have configured client to client and routes and iroutes to allow machines on each network to ping machines at the other end as well as the server IP's. So far so good and I can ping any machine on either subnet from anywhere and get a reply. The servers are configured as Samba servers with the HEADOFFICE machine working as a PDC, DMC and WINS server and the REMOTE1 machine configured as a BDC and WINS proxy. In order to maintain logon facilities in the event of broadband failure, I have replicated the LDAP server from HEADOFFICE to REMOTE1 and updates and password changes propogate successfully from one site to the other. If I try to access HEADOFFICE from REMOTE1 and REMOTE1's subnet it works perfectly but trying to access REMOTE1 from HEADOFFICE and its subnet fails on name resolution while entering \\192.168.1.254\ brings up Windows Explorer and a list of shares. I've included the remote browse entries in smb.conf on the PDC and have WINS Proxying set up on the BDC but I can't get it to push REMOTE1's IP back to the WINS server. Port scanning the internal IP of each machine from the oher end of the tunnel returns a full set of open ports for the services I'm using but no IP. If anyone can spot what I'm doing wrong I'd be grateful. Thanks. smb.conf - HEADOFFICE ### Included 2nd subnet for second remote site in browse sync [ global] workgroup = NEWDOM netbios name = HEADOFFICE security = user enable privileges = yes interfaces = 192.168.0.1 127.0.0.1 # hosts allow = 192.168.0.0/255.255.255.0 192.168.1.0/255.255.255.0 194.168.2.0/255.255.255.0 127.0.0.1 remote announce = 192.168.2.255/NEWDOM 192.168.1.255/NEWDOM remote browse sync = 192.168.1.255 192.168.2.255 wins support = yes name resolve order = wins hosts bcast username map = /etc/samba/smbusers server string = Samba Server %v encrypt passwords = Yes ldap ssl = no unix password sync = yes ldap passwd sync = no passwd program = /usr/sbin/smbldap-passwd -u %u passwd chat = Changing *\nNew password* %n\n *Retype new password* %n\n #public = yes #browseable = yes #lm announce = yes #browse list = yes #auto services = yes log level = 3 syslog = 0 log file = /var/log/samba/log.%U max log size = 10 time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 mangling method = hash2 Dos charset = 850 Unix charset = ISO8859-1 local master = Yes domain logons = Yes domain master = Yes os level = 65 preferred master = Yes wins support = yes passdb backend = ldapsam:ldap://127.0.0.1 ldap admin dn = cn=Manager,dc=newdom,dc=ldm ldap suffix = dc=newdom,dc=ldm ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap idmap suffix = ou=Idmap add user script = /usr/sbin/smbldap-useradd -m %u ldap delete dn = Yes delete user script = /usr/sbin/smbldap-userdel %u add machine script = /usr/sbin/smbldap-useradd -t 0 -w %u add group script = /usr/sbin/smbldap-groupadd -p %g #delete group script