[Samba] Well hells bells

[tms3]

I just found out about the preconfigured packages for pfsense

And got Asterisk 10 running on FreeBSD...

Strange world we live in.

TMS III



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help - Mounting a Windows computer with two IP addresses

[tms3]

Hi all,

I need to mount a Windows share locally on my laptop. However, I 
cannot

do this via

sudo mount -t smbfs //host_name/share_name /local_mount

because the host_name has two IP addresses with it as shown by 
nmblookup

//host_name.


In Windows network adapter settings, disable  netbios over tcp/ip for 
the address you don't want. If you have a WINS server delete the entry 
for that IP after disabling it.




(That is, I try mounting and I'm given this error:
mount error(115): Operation now in progress
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) )

One IP address is a static one which the Windows computer uses to
connect to another machine. The other IP address is a DHCP-given IP 
and

is the one I need to connect to. I can mount the share if I use

sudo mount -t smbfs //dhcp_ip/share_name /local_mount

however, this is problematic for obvious reasons since I need the 
mount

to be permanent (eventually going in fstab).

My question is: Is there a way to ignore the static IP address when
mounting?

Further info: I can connect to the Windows machine using smbclient
//host_name/share_name and browse just fine. Also, nautilus can browse
the remote file system as well.

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Fw: PDC/wins on multiple networks

[tms3]

Hi,


The pc that runs the samba server is my own property, it also dubs as 
router and dhcp server. I assign WINS server to the clients by dhcp 
using dnsmasq. I do not need or want to setup a domain. I just want to 
share files between the two networks using windows neighborhood and a 
workgroup, just like the clients would have been connected in the same 
network.


I have deleted the remote anounce thingy but the error is the same: 
The network path could not be found


WINS needs to be set up correctly.




Maybe something has to do with the firewall? can you tell me which 
ports to open and their direction ?


Ports 137, 138, 139, and 445 should be sufficient.





--


..  Microsoft broke the Volkswagen world record: Volkswagen only made 
22 million bugs!



..  It is time for us to stand and cheer for the doer, the achiever, 
the one who recognizes the challenge and does something about it.

-Vince Lombardi


..  Everybody can learn how to make kids, but not everyone can raise 
them right!




From: Daniel Müller muel...@tropenklinik.de
To: Gala Dragos gala_dra...@yahoo.com
Cc: samba list samba@lists.samba.org
Sent: Thursday, March 24, 2011 11:24 PM
Subject: Re: [Samba] PDC/wins on multiple networks

Hi,
you have a (Samba)domain server and it is your wins?
You just to have an entry in your win xp clients wins-server:
YourSambaWinsServer.Enable Netbios over TCP
..
That is all. No: remote announce = 192.168.5.255/WORKGROUP
192.168.7.255/WORKGROUP
This is working for me with 3 subnets.

On Thu, 24 Mar 2011 13:25:41 -0700 (PDT), Gala Dragos
gala_dra...@yahoo.com wrote:


Hi to everyone on the mailing list.

I have two networks at home, apart from the internet. One is the wired
network, LAN, and the other is the wireless network, WLAN. They need 
to

be separated, not bridged, because of hardware issues.

I am trying to setup inter-networking browsing on these networks, pc's

on


LAN should see and browse pc's on WLAN

and viceversa.



After reading the manual I have enabled wins server master and wins

proxy


in samba configuration. However I can only see the pc's from the other
network, but I cannot
browse them, windows returns an error like network path could not be
found.

The samba server runs on my router box, together with the firewall
(managed through shorewall) and dnsmasq for dhcp/dns.


Below is my global smb.conf part.

[global]
server
 string = Samba Server
interfaces = eth1, lo, wlan0
bind interfaces only = Yes
security = SHARE
log file = /var/log/samba/%m.log


max log size = 50


announce as = NT Workstation
os level = 99
lm interval = 10
preferred master = Yes
domain master = Yes
wins proxy = Yes
wins support = Yes
remote announce = 192.168.5.255/WORKGROUP
 192.168.7.255/WORKGROUP
create mask = 0666
case sensitive = No
preserve case = No
short preserve

case = No


hide special files = Yes
map hidden = Yes
store dos attributes = Yes
Thanks.




--




.  Microsoft broke the Volkswagen world record: Volkswagen only made 
22

million bugs!


.  It is time for us to stand and cheer for the doer, the achiever, 
the

one who recognizes the challenge and does something about it.
-Vince Lombardi


.  Everybody can learn how to make kids, but not everyone can raise 
them

right!




--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] qmail schema

[tms3]

Hallo all,

I need help right now, i've installed samba PDC and i think it work's, 
i can add

and remove users and groups.
I need to include qmail.schema on my slapd.conf, so i have copied 
qmail.schema
file on /etc/openldap/schema/ but when i restart ldap service always 
failed,

this is the error message on /var/log/message :

Mar 24 16:18:52 x slapd[2144]: slapd shutdown: waiting for 0
operations/tasks to finish
Mar 24 16:18:52 x slapd[2144]: slapd stopped.
Mar 24 16:18:55 x slapd[3982]: @(#) $OpenLDAP: slapd 2.4.21 (Jul  
5 2010

13:34:44)
$#012#011abuild@build24:/usr/src/packages/BUILD/openldap-2.4.21/servers/slapd
Mar 24 16:18:55 x slapd[3982]: /etc/openldap/schema/qmail.schema: 
line 19:


You have a problem with your db def's at line 19 in qmail.schema. 
That's where you need to look.



unknown directive # outside backend info and database definitions.
Mar 24 16:18:55 x slapd[3982]: slapd stopped.
Mar 24 16:18:55 x slapd[3982]: connections_destroy: nothing to 
destroy.


This is installed on my server :
- openSUSE 11.3
- samba-3.5.4-4.1.i586
- openldap2-2.4.21-9.1.i586

This is my slapd.conf :

#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/samba3.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/phpQLAdmin.schema
include /etc/openldap/schema/qmail.schema

pidfile /var/run/slapd/slapd.pid
argsfile/var/run/slapd/slapd.args

# Load dynamic backend modules:
modulepath  /usr/lib/openldap/modules
# moduleloadback_bdb.la
# moduleloadback_hdb.la
# moduleloadback_ldap.la

access to *
 by * read

###
# BDB database definitions
###

databasebdb
suffix  dc=x,dc=xxx
checkpoint  10245
cachesize   4
rootdn  cn=Manager,dc=x,dc=xxx
rootpw  x
directory   /var/lib/ldap
index   objectClass eq
index   cn,sn,uid   pres,sub,eq
#index   mail,accountStatus  eq
#index   mailHost,mailMessageStore   sub,eq
#index   mailQuotaSize   eq
index   userPasswordeq
index   uidNumber   eq
index   gidNumber   eq
index   memberUid   eq
index   givenname   eq
index   sambaSIDeq
index   sambaPrimaryGroupSIDeq
index   sambaDomainName eq
index   default sub

Please give a suggest for this problem.

Thx,
Dee dee



--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba4 domain trust to windows 2003 domain

[tms3]

Hi,
i have installed Samba4 ALPHA 15 on debian/ubuntu how to described in
http://wiki.samba.org/index.php/Samba4/HOWTO
all ok
i created a domain and i have join pc and member server, etc.. etc...

Now i want trust my test domain with a existent windows AD domain, is
possible?
exist an HOWTO that described this procedure?


AFAIK that functionality does not exist yet.




thanks.



--
Zanon Luca
write me at luca.zanon[at]gmail.com
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba PDC adding new user, profile dir is not created

[tms3]

You should show us enough information for us to re-produce such as




all content of smb.conf and related settings:

In my lab, profile dir is successfully created. My env is...

- Debian lenny (hostname is lenny5) + self-compiled Samba 3.5.6
- my smb.conf and shares

---
[global]
   workgroup = SAMBA
   domain logons = yes
   add machine script = useradd %u
   map to guest = bad user

   logon path = \\lenny5\profiles\%U

[homes]
   writeable = yes
   browseable = no

[profiles]
   path = /var/lib/samba/shares/profiles
   guest ok = yes
   browseable = no
   create mask = 0600
   directory mask = 0700
   writeable = yes
---

# ls -lR /var/lib/samba
/var/lib/samba/:
total 4
drwxr-xr-x 6 root root 4096 2011-03-15 20:48 shares

/var/lib/samba/shares:
total 16
drwxrwxrwx 6 root root 4096 2011-03-17 01:07 profiles

- Created a user:

# useradd -d /var/home/test01 test01
# smbpasswd -a test01
# pdbedit -v test01
...
Profile Path: \\lenny5\profiles\test01
...


- When I logon as test01 from Windows XP workstation which is already
   joined to the SAMBA domain and logoff, profiles are created 
like:


# ls -lR /var/lib/samba
total 4
drwxr-xr-x 6 root root 4096 2011-03-15 20:48 shares

/var/lib/samba/shares:
total 16
drwxrwxrwx 6 root root 4096 2011-03-17 01:07 profiles

/var/lib/samba/shares/profiles:
total 16
drwx-- 13 test01 test01 4096 2011-03-17 01:08 test01

/var/lib/samba/shares/profiles/test01:
total 568
drwx-- 3 test01 test01   4096 2010-10-11 01:10 Start Menu
drwx-- 2 test01 test01   4096 2010-10-11 01:10 Desktop
drwx-- 4 test01 test01   4096 2011-03-17 01:08 Application Data
drwx-- 2 test01 test01   4096 2010-10-11 01:18 Cookies
drwx-- 3 test01 test01   4096 2011-03-17 01:08 Favorites
drwx-- 4 test01 test01   4096 2011-03-17 01:08 My Documents
drwx-- 2 test01 test01   4096 2010-10-11 01:10 NetHood
-rw--- 1 test01 test01 524288 2011-03-17 01:08 NTUSER.DAT
-rw--- 1 test01 test01   1024 2011-03-17 01:08 ntuser.dat.LOG
-rw--- 1 test01 test01270 2011-03-17 01:08 ntuser.ini
...

---
TAKAHASHI Motonobumo...@monyo.com

smb.conf

[global]
   printing = bsd
   netbios name = PDC
   server string = PDC (%h)
   workgroup = workgroup
   interfaces = eth0,lo
   security = user
   encrypt passwords = true
   passdb backend = tdbsam
   obey pam restrictions = yes
   unix password sync = yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
   local master = yes
   preferred master = yes
   os level = 200
   domain master = yes
   domain logons = yes
   add user script = /usr/sbin/useradd -m '%u' -g ntusers -G 
ntusers -s

/bin/false
   delete user script = /usr/sbin/userdel -r '%u'
   add group script = /usr/sbin/groupadd '%g'
   delete group script = /usr/sbin/groupdel '%g'
   delete group script = /usr/sbin/groupdel '%g'
   add user to group script = /usr/sbin/usermod -G '%g' '%u'
   add machine script = /usr/sbin/useradd -s /bin/false -d
/var/lib/nobody '%u' -g machines
   logon path = \\%L\profile\%U
   logon drive = h:
   logon script = %U.bat
   profile acls = yes
   hide files = /desktop.ini/ntuser.ini/NTUSER.*/Thumbs.db/
   wins support = no
   log file = /var/log/samba/log.%m
   max log size = 1000
   syslog = 0
   log level = 12
   panic action = /usr/share/samba/panic-action %d
   use sendfile = yes


Where is your profile path?

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Debian Lenny 5.04 and DMS in Windows 2000 Native Domain +Forest with Samba 3.2.5

[tms3]

Hello All,

I have been struggling with this for a long, long time.  I came here
looking for answers.  So, I have a VM running Debian Lenny.  I install
the apt package samba, which installs 3.2.5.  I work in a large
university with an extensive Active Directory environment, both forest
and domain running in Win2k native mode.  There is a NetApp filer 
which

houses all our admin files, scripts, and installers.  Nothing really
special.  The computer, FILESERVER, is in the child domain of the
forest, whose root domain is DOMAIN.FOREST.UNIVERSITY.TLD.  The root 
domain is FOREST.UNIVERSITY.TLD.  Now, can I mount this without 
joining the domain?  I have tried reading the documentation, and I 
think this is


It's quite unclear what you are trying to accomplish. What are your 
goals/purposes with this VM?



telling me no.



Use of raw SMB over TCP/IP (No NetBIOS layer) can be done only with 
Active Directory domains. Samba is not an Active Directory domain 
controller: ergo, it is not possible to run Samba as a domain 
controller and at the same time not use NetBIOS. Where Samba is used 
as an Active Directory domain member server (DMS) it is possible to 
configure Samba to not use NetBIOS over TCP/IP. A Samba DMS can 
integrate fully into an Active Directory domain, however, if NetBIOS 
over TCP/IP is disabled, it is necessary to manually create 
appropriate DNS entries for the Samba DMS because they will not be 
automatically generated either by Samba, or by the ADS environment.  
[0]


So if I do not need to join this Debian VM to the domain, what is the 
proper config and/or command structure?  I have toyed with disable 
netbios = yes and security = ads, but it still does now work well.


When I run smbclient, I can pull up a connection just fine, browse 
files, and even upload.




smbclient -L  fileserver.domain.forest.university.tld\\PubShare0 
-W DOMAIN.FOREST.UNIVERSITY.TLD -U my_ad_account


However, mounting it never, ever works.  It mentions NBT being 
disabled when getting a share list, among all the shares listed.




Domain=[DOMAIN] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager]
Sharename   Type  Comment
-     ---
IPC$IPC   Remote IPC
ETC$Disk  Remote Administration
C$  Disk  Remote Administration
Data$   Disk   	PubShare0   Disk   	PubShare1  
 Disk   	PubShare2   Disk   	PubShare3   Disk   
	PubShare5   Disk   	PubShare5   Disk   Connection to 
fileserver.domain.forest.university.tld failed (Error 
NT_STATUS_CONNECTION_REFUSED)

NetBIOS over TCP disabled -- no workgroup available


When I mount, I envitably get an IO error.



BACC-UTIL-VM:/home/me# whoami
root
BACC-UTIL-VM:/home/me# smbmount 
//fileserver.domain.forest.university.tld/PubShare0 
/mnt/fileserver/pubshare0/ --verbose -o 
domain=DOMAIN.FOREST.UNIVERSITY.TLD,user=my_ad_account
Password:   mount.cifs kernel mount options: 
unc=//fileserver.domain.forest.university.tld\share,ip=10.XXX.XX.XX,ver=1,domain=GEORGETOWN.MEI.GEORGETOWN.EDU,user=ajs67,pass=mount 
error 5 = Input/output error

Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)
BACC-UTIL-VM:/home/me#


Why is this?  Will it go away if and when I join the domain?  The IP 
address is accurate and their are proper DNS entries.  None of the 
variations I try work.  As someone clued me in on IRC, NBT is probably 
the culprit here, so I want to better understand the underlying 
principle, and then figure out the correct config for the future.  
Sorry for the outrageously long email, but I love my Linux and hate my 
Windows.  This will make my transition much, much easier.




Best,
_AJS


[0]http://samba.org/samba/docs/man/Samba-HOWTO-Collection/NetworkBrowsing.html#id2580798






--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] problem with samba 3.5.6 try to join W2K8

[tms3]

hi,
   I trying to join a samba 3.5.6 (debian) on a domain W2K8 without
kerberos followin the wiki page
(http://wiki.samba.org/index.php/Samba__Active_Directory)
using net ads join

ads implies kerberos




i've got this error Failed to join domain: failed to
join domain 'MYDOMAIN.COM' over rpc: NT_STATUS_NOT_SUPPORTED

conf in /etc/smb.conf
 workgroup = MYDOMAIN

   server string = %h server
# allow trusted domains = no
   realm =   MYDOMAIN.COM
   password server = mntphone001.mydomain.com
 preferred master = no
   security = ADS
   encrypt passwords = yes
   log level = 5
   log file = /var/log/samba/%m
   max log size = 50
   printcap name = cups
   printing = cups
   winbind enum users = Yes
   winbind enum groups = Yes
   winbind use default domain = Yes
   winbind nested groups = Yes
   winbind separator = +
   idmap uid = 2000-2
   idmap gid = 2000-2
 client use spnego = yes
 ;template primary group = Domain Users
   template shell = /bin/bash
   auth methods = winbind


log i have when i do
net ads join  -Umylogin%passwd -S mntphone001.mydomain.com -d 2
 rlimit_max: rlimit_max (1024) below minimum Windows limit (16384)
[2011/03/02 13:24:00.801641,  2] lib/interface.c:340(add_interface)
 added interface eth0 ip=fe80::213:72ff:fe56:6db6%eth0
bcast=fe80:::::%eth0 netmask=:::::
[2011/03/02 13:24:00.801787,  2] lib/interface.c:340(add_interface)
 added interface eth0 ip=172.23.36.4 bcast=172.23.36.255
netmask=255.255.255.0
[2011/03/02 13:24:00.802018,  1] 
libnet/libnet_join.c:1947(libnet_Join)

 libnet_Join:
 libnet_JoinCtx: struct libnet_JoinCtx
 in: struct libnet_JoinCtx
 dc_name  : 
'mntphone001.mydomain.com'

 machine_name : 'MNTSLX001'
 domain_name  : *
 domain_name  : 
'MYDOMAIN.COM'

 account_ou   : NULL
 admin_account: 'mylogin'
 admin_password   : *
 machine_password : NULL
 join_flags   : 0x0023 
(35)
   0: 
WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS
   0: 
WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
   0: 
WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
   0: 
WKSSVC_JOIN_FLAGS_DEFER_SPN
   0: 
WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
   0: 
WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
   1: 
WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
   0: 
WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
   0: 
WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
   1: 
WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
   1: 
WKSSVC_JOIN_FLAGS_JOIN_TYPE

 os_version   : NULL
 os_name  : NULL
 create_upn   : 0x00 (0)
 upn  : NULL
 modify_config: 0x00 (0)
 ads  : NULL
 debug: 0x01 (1)
 use_kerberos : 0x00 (0)
 secure_channel_type  : SEC_CHAN_WKSTA 
(2)
[2011/03/02 13:24:00.814776,  1] 
libnet/libnet_join.c:1978(libnet_Join)

 libnet_Join:
 libnet_JoinCtx: struct libnet_JoinCtx
 out: struct libnet_JoinCtx
 account_name : NULL
 netbios_domain_name  : 'MYDOMAIN'
 dns_domain_name  : 'mydomain.com'
 forest_name  : 'root.com'
 dn   : NULL
 domain_sid   : *
 domain_sid   :
S-1-5-21-796845957-790525478-725345543
 modified_config  : 0x00 (0)
 error_string : 'failed to 
join domain

'MYDOMAIN.COM' over rpc: NT_STATUS_NOT_SUPPORTED'
 domain_is_ad : 0x01 (1)
 result   : 
WERR_NOT_SUPPORTED

[2011/03/02 13:24:00.815116,  2] utils/net.c:916(main)
 return code = -1
Failed to 

Re: [Samba] Settings ACLS from Windows via member server

[tms3]

SNIP




2) With a non-AD environment, should our samba member servers run
winbind?  My understanding is not, but this could be part of the 
problem.


If you want to set ACLs of domain users and groups, you have to run 
winbindd

regardless of  AD env. or not.


I've done acls just using nss_ldap.




# You can set ACLs of server local users and groups without running 
winbindd.


---
TAKAHASHI Motonobu mo...@samba.gr.jp
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Settings ACLS from Windows via member server

[tms3]

X-SpamDetect-Info: - End ASpam results -




If you want to set ACLs of domain users and groups, you have to run 
winbindd

regardless of  AD env. or not.

# You can set ACLs of server local users and groups without running 
winbindd.


Hmm... I was working from:

http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html#id2604553

I have NSS setup to resolve via LDAP, which contains all of the
appropriate user/group information that samba should need.  The second
heading on this page, Winbind is not used; users and groups resolved
via NSS seemed to read as though I didn't actually need winbind.  My
concern here is that winbind appears to be necessary to create unix
users for non-existent Windows NT domain users.  This isn't our 
case...

ever user available in the Windows NT domain (managed by the samba
PDC/BDC) exist in LDAP and, therefore, unix as well.


Do you have acls set on the file system for the member servers? 
Winbind is for authentication purposes, not files system acls.




Regardless... I enable winbind and the behavior is the same.  Once
winbind is started, I can query most users (wbinfo -u) and groups
(wbinfo -g).  For some reason, some groups don't show.  We have many
groups and users, so I haven't checked them all, but a spot check
suggests there are some missing.

Mark

--
--
I'd rather be burning carbohydrates than hydrocarbons
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Settings ACLS from Windows via member server

[tms3]

Do you have acls set on the file system for the member servers? 
Winbind is

for authentication purposes, not files system acls.


Without winbind I did not get users names in the ACLs tab under
windwows? Do you get these?


I don't currently have any S3 servers to check...




John


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Settings ACLS from Windows via member server

[tms3]

John,

It would help the list to understand WHY you believe that winbind is 
NOT

needed by the PDC/BDC, and WHY it is needed on member servers.


Winbind, as the name suggests, does authentication for the unix 
server. Of course the manual has a very good write up of it:


Winbind unifies UNIX and Windows NT account management by  allowing a 
UNIX box to become a full member of an NT domain. Once  this is done, 
the UNIX box will see NT users and groups as if  they were 
“native” UNIX users and groups, allowing the NT domain  to be used 
in much the same manner that NIS+ is used within  UNIX-only 
environments...
Additionally, Winbind provides an authentication service that hooks 
into the PAM system  to provide authentication via an NT domain to any 
PAM-enabled  applications. This capability solves the problem of 
synchronizing  passwords between systems, since all passwords are 
stored in a single  location (on the domain controller).


http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html




While subscribers keep explaining what they believe, and keep giving
advice based on their belief system, rather than on well reasoned 
fact,

confusion will continue to exist and complaints regarding Samba
documentation will continue also.

Are you willing to take a brave step to explain your reasoning?

Cheers,
John T.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] making BDC samba + ldap server

[tms3]

Hi

Thanks, this howto for me its better. I have other doubt, syncrepl 
needs to be installed or comes integrated with slapd daemon?


It is all part of the openldap suite.




And to transfer all shared samba folders and profile content, when 
it's the better moment? I understand when samba is down or when is up?


Depends on the permissions. However, so long as ALL the files to be 
transferred belong to users in LDAP then, with nss_ldap properly 
configured, any copy that preserves permissions should be fine.




Thanks and Best Regards


2011/2/20 t...@tms3.com







Now you are on to copy your slapd.conf and ldap.conf to your new 
machine:

Ex: scp slapd.conf root@2machine:/etc/openldap

---HOw I can make this If slurpd is 
deprecated? The guide


http://blog.suretecsystems.com/archives/129-Replacing-Slurpd-using-OpenLDAP-2.4.html

not's easy to understand, not exist other howto more simple?

Here is another guide. The first link is quite comprehensive.
http://www.zytrax.com/books/ldap/ch7/

The entire online manual is a good read. I highly recommend it.








Now important I do the trick with slurpd. There are many other 
ways but this

is easy.
Slurpd should be installed on your Master an only there.
So go in to the slapd.conf on your master and put a few lines in 
it at the

end.
Be carefull all tabs must fit exact as this example:

replica uri=ldap://IPOFYOUR2MACHINE:389
binddn=cn=youradmin,dc=your,dc=ldap
 suffix=dc=yourc,dc=ldap
 bindmethod=simple
 credentials=securepassword

I understand the part of backup slapd only works with the service 
stopped?


Well Im grateful for all your time :-)

Thanks and Best Regards






2011/2/18 t...@tms3.com







In my hint I think your samba PDC/Ldap is cuurently working well!
First of all install a second machine with the samba and ldap.
Do not start samba, do not start ldap.
The ldap database should be nearly empty ex:/var/lib/ldap

Now copy your smb.conf to your new machine ex: scp 
root@2machine:/etc/samba

Edit the smb.conf to your needs and adjust it to be a bdc:
domain master=NO
domain logons=YES
Make a testparm it should succed like this:
testparm
Load smb config files from /etc/samba/smb.conf
Processing section [netlogon]
WARNING: The share modes option is deprecated
Processing section [sysvol]
WARNING: The share modes option is deprecated
Processing section [homes]
Processing section [profiles]
Processing section [alles]
Processing section [printers]
Processing section [print$]
Loaded services file OK.
Server role: ROLE_DOMAIN_BDC  you are a 
BDC

Press enter to see a dump of your service definitions


Yes very nice!





Now you are on to copy your slapd.conf and ldap.conf to your new 
machine:

Ex: scp slapd.conf root@2machine:/etc/openldap

Now important I do the trick with slurpd.
Sorry, but Slurpd is depricated and no longer available in Openldap 
since 2.3

http://www.openldap.org/doc/admin24/replication.html#Replacing%20Slurpd

Here is nice overview of the way LDAP currently works:

http://blog.suretecsystems.com/archives/129-Replacing-Slurpd-using-OpenLDAP-2.4.html

Once you have sync-repl set up on the current master, and a proper 
slapd.conf and ldap.conf file on the new machine, start ldap, then


smbpasswd -w ldap-master-passwd
net rpc join -Uadministrator domain name

Done.








--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] making BDC samba + ldap server

[tms3]

Hi

Ok, and how I config nss_ldap? When I copy all database is included?


Well, the easiest way, for Samba use, is to simply cp your ldap.conf 
file for the ldap client application to nss_ldap.conf--cp ldap.conf 
nss_ldap.conf (this can be a bit confusing, as openldap uses a file 
called ldap.conf for configuring the ldap client as well as a file 
called ldap.conf for configuring basic ldap server process.  The 
server file is generally contained in the directory where 
configuration files are kept in a subdirectory called openldap along 
with files like slapd.conf and is generally a small file witch looks 
something like this:


#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

BASEdc=mydomain,dc=com
URI ldapi://%2fvar%2frun%2fopenldap%2fldapi 
ldap://192.168.64.2:389

# TLS_CACERT /usr/local/etc/openldap/cacert.pem

#SIZELIMIT  12
#TIMELIMIT  15
#DEREF  never

whereas the ldap.conf for the client is rather lengthy and contains 
quite a bit of information for contacting the ldap server, how the dit 
should be searched, etc.)


And, no, nss_ldap.conf has nothing to do with the ldap server. 
nss_ldap.conf can be used to contact an external ldap server, just as 
the ldap.conf for the ldap client application can/


Sorry for the newbie questions, If any time comes to barcelona contact 
me, you has a beer paid (Daniel too)  :-)


Well, now that's quite a generous offer. Much appreciated.




Thanks and Best Regards


2011/2/20 t...@tms3.com







Hi

Thanks, this howto for me its better. I have other doubt, syncrepl 
needs to be installed or comes integrated with slapd daemon?


It is all part of the openldap suite.





And to transfer all shared samba folders and profile content, when 
it's the better moment? I understand when samba is down or when is up?


Depends on the permissions. However, so long as ALL the files to be 
transferred belong to users in LDAP then, with nss_ldap properly 
configured, any copy that preserves permissions should be fine.








Thanks and Best Regards


2011/2/20 t...@tms3.com







Now you are on to copy your slapd.conf and ldap.conf to your new 
machine:

Ex: scp slapd.conf root@2machine:/etc/openldap

---HOw I can make this If slurpd is 
deprecated? The guide


http://blog.suretecsystems.com/archives/129-Replacing-Slurpd-using-OpenLDAP-2.4.html

not's easy to understand, not exist other howto more simple?

Here is another guide. The first link is quite comprehensive.
http://www.zytrax.com/books/ldap/ch7/

The entire online manual is a good read. I highly recommend it.








Now important I do the trick with slurpd. There are many other 
ways but this

is easy.
Slurpd should be installed on your Master an only there.
So go in to the slapd.conf on your master and put a few lines in 
it at the

end.
Be carefull all tabs must fit exact as this example:

replica uri=ldap://IPOFYOUR2MACHINE:389
binddn=cn=youradmin,dc=your,dc=ldap
 suffix=dc=yourc,dc=ldap
 bindmethod=simple
 credentials=securepassword

I understand the part of backup slapd only works with the service 
stopped?


Well Im grateful for all your time :-)

Thanks and Best Regards






2011/2/18 t...@tms3.com







In my hint I think your samba PDC/Ldap is cuurently working well!
First of all install a second machine with the samba and ldap.
Do not start samba, do not start ldap.
The ldap database should be nearly empty ex:/var/lib/ldap

Now copy your smb.conf to your new machine ex: scp 
root@2machine:/etc/samba

Edit the smb.conf to your needs and adjust it to be a bdc:
domain master=NO
domain logons=YES
Make a testparm it should succed like this:
testparm
Load smb config files from /etc/samba/smb.conf
Processing section [netlogon]
WARNING: The share modes option is deprecated
Processing section [sysvol]
WARNING: The share modes option is deprecated
Processing section [homes]
Processing section [profiles]
Processing section [alles]
Processing section [printers]
Processing section [print$]
Loaded services file OK.
Server role: ROLE_DOMAIN_BDC  you are a 
BDC

Press enter to see a dump of your service definitions


Yes very nice!





Now you are on to copy your slapd.conf and ldap.conf to your new 
machine:

Ex: scp slapd.conf root@2machine:/etc/openldap

Now important I do the trick with slurpd.
Sorry, but Slurpd is depricated and no longer available in Openldap 
since 2.3

http://www.openldap.org/doc/admin24/replication.html#Replacing%20Slurpd

Here is nice overview of the way LDAP currently works:

http://blog.suretecsystems.com/archives/129-Replacing-Slurpd-using-OpenLDAP-2.4.html

Once you have sync-repl set up on the current master, and a proper 
slapd.conf and ldap.conf file on the new machine, start ldap, then


smbpasswd -w ldap-master-passwd
net rpc join -Uadministrator domain name

Done.












--
To unsubscribe from this list go to the following

Re: [Samba] making BDC samba + ldap server

[tms3]

Now you are on to copy your slapd.conf and ldap.conf to your new 
machine:

Ex: scp slapd.conf root@2machine:/etc/openldap

---HOw I can make this If slurpd is 
deprecated? The guide


http://blog.suretecsystems.com/archives/129-Replacing-Slurpd-using-OpenLDAP-2.4.html

not's easy to understand, not exist other howto more simple?

Here is another guide. The first link is quite comprehensive.
http://www.zytrax.com/books/ldap/ch7/

The entire online manual is a good read. I highly recommend it.





Now important I do the trick with slurpd. There are many other 
ways but this

is easy.
Slurpd should be installed on your Master an only there.
So go in to the slapd.conf on your master and put a few lines in 
it at the

end.
Be carefull all tabs must fit exact as this example:

replica uri=ldap://IPOFYOUR2MACHINE:389
binddn=cn=youradmin,dc=your,dc=ldap
 suffix=dc=yourc,dc=ldap
 bindmethod=simple
 credentials=securepassword

I understand the part of backup slapd only works with the service 
stopped?


Well Im grateful for all your time :-)

Thanks and Best Regards






2011/2/18 t...@tms3.com







In my hint I think your samba PDC/Ldap is cuurently working well!
First of all install a second machine with the samba and ldap.
Do not start samba, do not start ldap.
The ldap database should be nearly empty ex:/var/lib/ldap

Now copy your smb.conf to your new machine ex: scp 
root@2machine:/etc/samba

Edit the smb.conf to your needs and adjust it to be a bdc:
domain master=NO
domain logons=YES
Make a testparm it should succed like this:
testparm
Load smb config files from /etc/samba/smb.conf
Processing section [netlogon]
WARNING: The share modes option is deprecated
Processing section [sysvol]
WARNING: The share modes option is deprecated
Processing section [homes]
Processing section [profiles]
Processing section [alles]
Processing section [printers]
Processing section [print$]
Loaded services file OK.
Server role: ROLE_DOMAIN_BDC  you are a 
BDC

Press enter to see a dump of your service definitions


Yes very nice!





Now you are on to copy your slapd.conf and ldap.conf to your new 
machine:

Ex: scp slapd.conf root@2machine:/etc/openldap

Now important I do the trick with slurpd.
Sorry, but Slurpd is depricated and no longer available in Openldap 
since 2.3

http://www.openldap.org/doc/admin24/replication.html#Replacing%20Slurpd

Here is nice overview of the way LDAP currently works:

http://blog.suretecsystems.com/archives/129-Replacing-Slurpd-using-OpenLDAP-2.4.html

Once you have sync-repl set up on the current master, and a proper 
slapd.conf and ldap.conf file on the new machine, start ldap, then


smbpasswd -w ldap-master-passwd
net rpc join -Uadministrator domain name

Done.




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] making BDC samba + ldap server

[tms3]

In my hint I think your samba PDC/Ldap is cuurently working well!
First of all install a second machine with the samba and ldap.
Do not start samba, do not start ldap.
The ldap database should be nearly empty ex:/var/lib/ldap

Now copy your smb.conf to your new machine ex: scp 
root@2machine:/etc/samba

Edit the smb.conf to your needs and adjust it to be a bdc:
domain master=NO
domain logons=YES
Make a testparm it should succed like this:
testparm
Load smb config files from /etc/samba/smb.conf
Processing section [netlogon]
WARNING: The share modes option is deprecated
Processing section [sysvol]
WARNING: The share modes option is deprecated
Processing section [homes]
Processing section [profiles]
Processing section [alles]
Processing section [printers]
Processing section [print$]
Loaded services file OK.
Server role: ROLE_DOMAIN_BDC  you are a 
BDC

Press enter to see a dump of your service definitions


Yes very nice!




Now you are on to copy your slapd.conf and ldap.conf to your new 
machine:

Ex: scp slapd.conf root@2machine:/etc/openldap

Now important I do the trick with slurpd.
Sorry, but Slurpd is depricated and no longer available in Openldap 
since 2.3

http://www.openldap.org/doc/admin24/replication.html#Replacing%20Slurpd

Here is nice overview of the way LDAP currently works:

http://blog.suretecsystems.com/archives/129-Replacing-Slurpd-using-OpenLDAP-2.4.html

Once you have sync-repl set up on the current master, and a proper 
slapd.conf and ldap.conf file on the new machine, start ldap, then


smbpasswd -w ldap-master-passwd
net rpc join -Uadministrator domain name

Done.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Help needed with Windows7 roaming files.

[tms3]

Hi all,

We've been trying to setup/upgrade a samba PDC (version 3.56) with 
OpenLDAP
as backend and roaming profiles for Windows7 (32bit) Clients. windows7 
has

no problem
with login after applying the reg patches,  however, it seems to 
always load
a temporary profile as opposed to roaming one for users,  no local 
profile

is created.
this has caused Outlook 2010 to function improperly (complains about 
outlook
data cannot be accessed and fail to send any email),  if i force 
profile

type
to local only in registry then outlook works perfectly,  local profile 
is
not an option for us though as a lot of our users change sites/pcs 
quite

often.

I've enclosed some related info below;  the same config works 
perfectly with

windowsXP clients.

Ldap entries (samba related)

objectClass: sambaSamAccount
sambaSID: S-1-5-21-1209579028-1696229136-1764916649-15754
sambaHomePath: \\server1\user1
sambaProfilePath: \\server1\user1\.profile
sambaLogonScript: logon.bat
sambaAcctFlags: [UX ]
sambaPrimaryGroupSID: S-1-5-21-1209579028-1696229136-1764916649-513


sambaProfilePath: \\oakland\profiles\pcuser
description: System User
homeDirectory: /home/pcuser
sn: pcuser
sambaHomePath: \\oakland\open

Works fine with XP, Vista and Win7

smb.conf

SNIP

[Profiles]
 path=/usr/home/sambashit/Profiles
 public = yes
  only guest = no
  browseable = yes
  writeable = yes
  printable = no
  create mask = 0770
  force create mode = 0770
  force directory mode = 0770
  directory security mask = 0770
  level2 oplocks = Yes

Security fine grained control using acls set from Administrator 
account on Windows workstation.





smb.conf

[global]
.
logon drive = H:
logon home = \\%s\%U

[profiles]
   path = /home
   browseable = no
   read only = no
   profile acls = yes
   csc policy = disable
   hide files=/Desktop.ini/Thumbs.db/lost+found
   store dos attributes = Yes
   create mask = 0600
   directory mask = 0700

[profiles.v2]
copy = profiles


Any ideas?   thanks heaps.


Dennis




has anybody managed to get Windows 7 (final) to use roaming profiles?
Windows


7 is joined to my Samba 3.4.1 domain and always logs me in with a

temporary


profile. Windows XP works without problems.
--

To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] making BDC samba + ldap server

[tms3]

I've never attempted, but here it is:

http://wiki.samba.org/index.php/Replicated_Failover_Domain_Controller_and_file_server_using_LDAP


Follow the LDAP stuff in the above article as a template. The 
smbldap_tools is a good idea too. The rest of the samba stuff is right 
out of the samba manual. Nothing real tricky in BDC v. PDC in 
smb.conf.





On 02/17/2011 3:19 PM, marcos gonzalez wrote:


Hi guys

Im looking to config a BDC server for the high traffic supported 
inside the

primary server. I never configured a BDC server inside ubuntu 9.04 and
OpenLdap and Im very lost. Looking for internet I found howtos for 
PDCs
server but not for BDC. Anyone can help me more? Im making a clean 
install
and I don't know how to create same users than PDC for samba and how 
to make

a slave ldap inside.

Any help will be appreciated

Thanks :-)
--

To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] I can't connect to a Samba resource

[tms3]

Dear, I'll appreciate your help because I can't connect to a samba
resource. Here are the details:

Samba Server: Centos 5.5 with samba and samba-common packages
Content of smb.conf:
[global]
workgroup = somisa
server string = Test server
log file = /var/log/samba/%m.log
security = user
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
[share]
comment = recordings
path = /var/recorder
browseable = yes
writable = yes
public = yes
read only = no

#adduser jelo
#passwd jelo (1234)
#smbpasswd -a jelo (1234, same as Unix account)
#/etc/init.d/smb restart

I'm now in my Windows Desktop, connected to a domain called somisa,
the same as the samba workgroup with user jelo with pass rata89012
(not 1234 as the samba pass).

After that from into Windows explorer I connect to unit W:

\\samba_server\share

with user: jelo and pass: 1234

I can see the resource but  I get an error telling me that the ACCESS
IS DENIED to W:


ls -la  /var/recorder
What's it show?




and this is the log:

[2011/02/16 16:22:16, 1] smbd/service.c:make_connection_snum(1077)
   2000-96 (10.11.4.22) connect to service share initially as user 
jelo

(uid=500, gid=500) (pid 20468)



What can I do ??? I have this problem from a lot of days ago :(

Thanks in advance !!!

JeLo
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] I can't connect to a Samba resource

[tms3]

Dear, thanks for your help.I've logged into a Windows domain with
user: jelo and pass: rata89012.

My desktop is Windows XP SP2.

In samba server the shared resource is /var/recorder with this rigths:

drwxr-xr-x  2 root root  4096 feb 16 14:56 recorder


For starters try

chown -R jelo:Domain\ Users recorder

or at least

chown -R jelo recorder

See if that helps.




The Unix local user is jelo with pass 1234, and then I execute:
smbpasswd -a jelo with pass 1234, as I told before.

A pair of months ago in other LAN, in the same scenario I could log in
XXX domain and I could conect to a samba resource with YYY workgroup
(YYY is different from XXX), but here I can't at all.

So please what do you recommend to change for my current scenario ???

Thanks again,

JeLo

On Wed, Feb 16, 2011 at 4:41 PM, Philippe LeCavalier
supp...@plecavalier.com wrote:


Excerpts from J. L. Cabral's message of Wed Feb 16 14:25:40 -0500 
2011:

[...]


Samba Server: Centos 5.5 with samba and samba-common packages
Content of smb.conf:
[global]
workgroup = somisa

[...]


[share]
comment = recordings
path = /var/recorder
browseable = yes
writable = yes
public = yes
read only = no

#adduser jelo
#passwd jelo (1234)
#smbpasswd -a jelo (1234, same as Unix account)
#/etc/init.d/smb restart

I'm now in my Windows Desktop, connected to a domain called somisa,
the same as the samba workgroup with user jelo with pass rata89012
(not 1234 as the samba pass).


Have you joined the domain?


After that from into Windows explorer I connect to unit W:

\\samba_server\share

with user: jelo and pass: 1234

this is the source of your issues. See [1] for the why and how.


I can see the resource but  I get an error telling me that the ACCESS
IS DENIED to W:

and this is the log:

[2011/02/16 16:22:16, 1] smbd/service.c:make_connection_snum(1077)
  2000-96 (10.11.4.22) connect to service share initially as user jelo
(uid=500, gid=500) (pid 20468)



What can I do ??? I have this problem from a lot of days ago :(

ref.
[1]
You'll have problems like that if your account credentials aren't 
identical.

By logging in to the domain you're creating a link using a certain set
of credentials. Then by issuing \\samba_server\share and providing a
different set you're working against a longtime/well known limitation
that windows cannot connect to the same network resource using 
different

credentials...Is the Win 7 Pro by any chance?

It's not impossible but will likely lead to problems if
your not experienced in doing so.


Thanks in advance !!!

JeLo


--
Thanks,
Phil



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba4 and iptables

[tms3]

Hello tms3 and list-members,

many thanks for your help. I spend a lot of time to configure my 
firewall.


I opened all here 
http://technet.microsoft.com/en-us/library/dd772723%28WS.10%29.aspx 
listed ports, but at the first time without success. I don't know 
why, but the port 1024
That's a DCOM port. I wouldn't have thought that one was necessary. 
Maybe a question as to why on technical is in order.



seems to be very important. I found this port step by step with 
less and less port-ranges.


After I had opened this port I was able to logon the domain.

netstat give me following result:

...
tcp0  0 0.0.0.0:464 0.0.0.0:*  
 LISTEN  1361/samba

...
tcp0  0 192.168.0.1:53 0.0.0.0:*   
LISTEN  1183/named

...
tcp0  0 0.0.0.0:88  0.0.0.0:*  
 LISTEN  1361/samba

...
tcp0  0 127.0.0.1:953   0.0.0.0:*  
 LISTEN  1183/named
tcp0  0 0.0.0.0:636 0.0.0.0:*  
 LISTEN  1356/samba
tcp0  0 0.0.0.0:445 0.0.0.0:*  
 LISTEN  1343/samba

...
tcp0  0 0.0.0.0:10240.0.0.0:*  
 LISTEN  1346/samba
tcp0  0 0.0.0.0:32680.0.0.0:*  
 LISTEN  1356/samba
tcp0  0 0.0.0.0:389 0.0.0.0:*  
 LISTEN  1356/samba
tcp0  0 0.0.0.0:135 0.0.0.0:*  
 LISTEN  1346/samba
tcp0  0 0.0.0.0:139 0.0.0.0:*  
 LISTEN  1343/samba


I tested this with one winxp-client and tomorrow I will start a test   
  with more clients.



I hope this will somebody help to make the server a litte bit more 
secured.



Regards

Bert




Am 10.02.2011 15:53, schrieb t...@tms3.com:






Hello everybody,

I have a running an installation of Samba4 as AD. All is working   
  fine,
but when I start the firewall, the clients have problems to 
login.


By my firewall-rules from the past, I had opened the ports 
137:139 and

445 for samba and new for bind the port 53.


Kerberos is on port 88

LDAP is on 339 636

Here is a list of AD port requirements and their uses.

http://technet.microsoft.com/en-us/library/dd772723%28WS.10%29.aspx






The clients (WinXP) seems to have problems to read and write 
from/to the
home directories. Maybe samba4 need additional or other ports to   
  working

fine?

Here my current iptables-rules:

IPTABLES=/sbin/iptables

#Bind
$IPTABLES -A INPUT -p tcp --dport 53 -m state --state 
NEW,ESTABLISHED -j

ACCEPT;
$IPTABLES -A OUTPUT -p tcp --sport 53 -m state --state 
ESTABLISHED -j

ACCEPT;

$IPTABLES -A INPUT -p udp --dport 53 -m state --state 
NEW,ESTABLISHED -j

ACCEPT;
$IPTABLES -A OUTPUT -p udp --sport 53 -m state --state 
ESTABLISHED -j

ACCEPT;

#Samba
$IPTABLES -A INPUT -p udp --dport 137:139 -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT;
$IPTABLES -A OUTPUT -p udp --sport 137:139 -m state --state
ESTABLISHED,RELATED -j ACCEPT;

$IPTABLES -A INPUT -p tcp --dport 137:139 -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT;
$IPTABLES -A OUTPUT -p tcp --sport 137:139 -m state --state
ESTABLISHED,RELATED -j ACCEPT;

$IPTABLES -A INPUT -p udp --dport 445 -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT;
$IPTABLES -A OUTPUT -p udp --sport 445 -m state --state
ESTABLISHED,RELATED -j ACCEPT;

$IPTABLES -A INPUT -p tcp --dport 445 -m state --state
ESTABLISHED,RELATED -j ACCEPT;
$IPTABLES -A OUTPUT -p tcp --sport 445 -m state --state
ESTABLISHED,RELATED -j ACCEPT;


iptables --list

ACCEPT tcp -- anywhere anywhere tcp
spt:domain state ESTABLISHED
ACCEPT udp -- anywhere anywhere udp
spt:domain state ESTABLISHED
ACCEPT udp -- anywhere anywhere udp
spts:netbios-ns:netbios-ssn state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp
spts:netbios-ns:netbios-ssn state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere udp
spt:microsoft-ds state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp
spt:microsoft-ds state RELATED,ESTABLISHED


Note! I have the profiles configured with server-copies from the
home-directorys! That's the reason for the necessary
read-/write-possibility. When I login with a client, so the 
client look

for the server-home-directory. When a client logout, the client
synchronizes the local-home-directory to the ad-server. Without
 the
running firewall on the AD it's work perfect. With the runnig 
firewall I
get the message on login, that the client can't read the 
home-directory
and when I logout, that the client can't synchronize the 
home-directory.

The domain-login is always successful.

Thanks in advance!

Bert





--
To unsubscribe from this list go to the following URL and read 
the

instructions: https

Re: [Samba] Lost my Samba PDC, trying to rebuild

[tms3]

The problem comes with users.   The users were user.HOME in 'Documents
and Settings'.  But so far on the one computer I have tried with the 
one

user I have on that computer, it is creating a new profile for
user.HDA.  What controls the profile directory on the computer (btw, 
the
OS is XP)?  What do I need to do for it to use the profile of 
user.HOME?


Disconnect the workstations from the network. Log in with the old 
domain user account. Run the file and programs transfer wizard 
(Start-All-Programs- Accessories...IIRC) and save the profile transfer 
locally. Log in with new domain user and import the saved profile.





--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Lost my Samba PDC, trying to rebuild

[tms3]

--- Original message ---
Subject: Re: [Samba] Lost my Samba PDC, trying to rebuild
From: Robert Moskowitz r...@htt-consult.com
To: t...@tms3.com
Cc: samba@lists.samba.org
Date: Sunday, 13/02/2011  9:39 PM


On 02/13/2011 11:42 PM, t...@tms3.com wrote:






The problem comes with users. The users were user.HOME in 
'Documents
and Settings'. But so far on the one computer I have tried with
 the one

user I have on that computer, it is creating a new profile for
user.HDA. What controls the profile directory on the computer 
(btw, the
OS is XP)? What do I need to do for it to use the profile of 
user.HOME?


Disconnect the workstations from the network. Log in with the 
old domain user account. Run the file and programs transfer 
wizard (Start-All-Programs- Accessories...IIRC) and save the 
profile transfer locally. Log in with new domain user and import   
  the saved profile.


I disconnected the ethernet.  I am logging in as the user for domain   
  HOME.  I get the error:
Hmmm...you need to do a reboot without network connectivity on the 
Windows box. The passwords are cached locally.




The system cannot log you on now because the domain HOME is not 
available.


Before all this, if I did not have network connectivity, I could 
still log in locally.  Hmmm, let's try disconnecting the server 
instead...  No dice as the server is also the DHCP server.


 Next let's stop smb and nmb on the server, but leave it 
connected  Just took longer, but still no login.


So now why is it requiring the domain to be present to log in.  No 
local log in?


So I restarted the services and got logged in.

If I log in locally as administrator, is there anyway to copy 
another user's files and settings?










--
To unsubscribe from this list go to the following URL and read 
the

instructions: https://lists.samba.org/mailman/options/samba






--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Problem with trust relationship

[tms3]

--- Original message ---
Subject: Re: [Samba] Problem with trust relationship
From: Leonardo Carneiro chesterma...@gmail.com
To: samba@lists.samba.org
Date: Thursday, 10/02/2011  2:46 AM

On Wed, Feb 9, 2011 at 4:36 PM,  t...@tms3.com wrote:




Hi John and others,

Tks for the feedback. I tried the configs you showed to me and
unfortunally did not work. Also, there is a [small] number of windows
xp and vista getting the same problem too. Any new ideas?

You need to re add the systems back to the domain after the trust
expires. The registry entries are to prevent the expiration not to fix
an already expired trust.

The easy way to test is to use the Windoze network wizard and keep the 
name
the same. If the join works and on reboot the trust works then it is 
most

definately the machine pass issue.


John
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba




I tried both the sambaRefuseMachinePwdChange = 1 in LDAP and the
test in the network wizard. The wizard fails with a RPC error message.


Hmmm. Details?

This is begining to smell of browsing issues. Do you have a WINS 
server?



The setting in ldap had no effect. In fact, almost all machines are
having this issue now, but it seems to be occasional. Once in a while,
someone just logs in OK. It happens that the error is now happening on
every windows machine, not just the the ones with windows 7. =S
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba4 and iptables

[tms3]

Hello everybody,

I have a running an installation of Samba4 as AD. All is working fine,
but when I start the firewall, the clients have problems to login.

By my firewall-rules from the past, I had opened the ports 137:139 and
445 for samba and new for bind the port 53.


Kerberos is on port 88

LDAP is on 339 636

Here is a list of AD port requirements and their uses.

http://technet.microsoft.com/en-us/library/dd772723%28WS.10%29.aspx






The clients (WinXP) seems to have problems to read and write from/to 
the
home directories. Maybe samba4 need additional or other ports to 
working

fine?

Here my current iptables-rules:

IPTABLES=/sbin/iptables

#Bind
$IPTABLES -A INPUT -p tcp --dport 53 -m state --state NEW,ESTABLISHED 
-j

ACCEPT;
$IPTABLES -A OUTPUT -p tcp --sport 53 -m state --state ESTABLISHED -j
ACCEPT;

$IPTABLES -A INPUT -p udp --dport 53 -m state --state NEW,ESTABLISHED 
-j

ACCEPT;
$IPTABLES -A OUTPUT -p udp --sport 53 -m state --state ESTABLISHED -j
ACCEPT;

#Samba
$IPTABLES -A INPUT -p udp --dport 137:139 -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT;
$IPTABLES -A OUTPUT -p udp --sport 137:139 -m state --state
ESTABLISHED,RELATED -j ACCEPT;

$IPTABLES -A INPUT -p tcp --dport 137:139 -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT;
$IPTABLES -A OUTPUT -p tcp --sport 137:139 -m state --state
ESTABLISHED,RELATED -j ACCEPT;

$IPTABLES -A INPUT -p udp --dport 445 -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT;
$IPTABLES -A OUTPUT -p udp --sport 445 -m state --state
ESTABLISHED,RELATED -j ACCEPT;

$IPTABLES -A INPUT -p tcp --dport 445 -m state --state
ESTABLISHED,RELATED -j ACCEPT;
$IPTABLES -A OUTPUT -p tcp --sport 445 -m state --state
ESTABLISHED,RELATED -j ACCEPT;


iptables --list

ACCEPT tcp  --  anywhere anywheretcp
spt:domain state ESTABLISHED
ACCEPT udp  --  anywhere anywhereudp
spt:domain state ESTABLISHED
ACCEPT udp  --  anywhere anywhereudp
spts:netbios-ns:netbios-ssn state RELATED,ESTABLISHED
ACCEPT tcp  --  anywhere anywheretcp
spts:netbios-ns:netbios-ssn state RELATED,ESTABLISHED
ACCEPT udp  --  anywhere anywhereudp
spt:microsoft-ds state RELATED,ESTABLISHED
ACCEPT tcp  --  anywhere anywheretcp
spt:microsoft-ds state RELATED,ESTABLISHED


Note! I have the profiles configured with server-copies from the
home-directorys! That's the reason for the necessary
read-/write-possibility. When I login with a client, so the client 
look

for the server-home-directory. When a client logout, the client
synchronizes the local-home-directory to the ad-server. Without the
running firewall on the AD it's work perfect. With the runnig firewall 
I
get the message on login, that the client can't read the 
home-directory
and when I logout, that the client can't synchronize the 
home-directory.

The domain-login is always successful.

Thanks in advance!

Bert





--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Problem with trust relationship

[tms3]

Hi John and others,

Tks for the feedback. I tried the configs you showed to me and
unfortunally did not work. Also, there is a [small] number of windows
xp and vista getting the same problem too. Any new ideas?


You need to re add the systems back to the domain after the trust
expires. The registry entries are to prevent the expiration not to fix
an already expired trust.


The easy way to test is to use the Windoze network wizard and keep the 
name the same. If the join works and on reboot the trust works then it 
is most definately the machine pass issue.




John
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba4 LDAP Timeout - Wrong IP?

[tms3]

I am trying to join a samba4 server to an existing Windows SBS 2003 
domain
as a DC.  I've compiled samba4 from git and am following the howto.  
On what
is essentially the first step, I get a failed to connect error with 
an
ldap:// url, and the message NT_STATUS_IO_TIMEOUT.  In reviewing an 
strace,

it looks to me like it might be trying to connect to the wrong IP.

The command I'm using is: # strace -o ~/samba-join.log bin/samba-tool 
join

ba-cam.local DC -Uadministrator --realm=ba-cam.local -d10 
~/samba-tool.log

I've put pastes up of the -d10 output of samba-tool, and the strace.

samba-tool output: http://pastey.net/145858
strace log: http://pastey.net/145857

Note that it appears to correctly find the IP of the PDC 
(192.168.14.253),

but in the strace on lines 5486 and 5496, it's talking about a
192.167.14.253, which will of course time out.


That addy has to be a DNS entry. Look there.




Am I doing something wrong?  Is this a bug?  Is there a way around 
this?


Thanks,

-Andrew
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Freebsd pdc

[tms3]

--- Original message ---


I was just wondering how many people out there are using FreeBSD as a
pdc.

Yep. Built lots of them. With ldap backends.

I see a few guides on the net mostly followed by a load of posts


of problems people encounter. Is it like most things that once you
have done it once you can soon set up a machine at the drop of hat as
you encounter and remedy any problems. I have a few customers at the
moment one of who requires a pdc with roaming profiles. I use bsd and
samba all the time for normal file sharing and never have problems. I
try and avoid windows servers due to costs and licensing but a pdc
would be new for me.
Any opinions welcome

Thanks
Terry
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Seperate BIND server for Samba 4

[tms3]

Hello!

I've set up samba 4 with great success since alpha12, but i've always 
used a

locally installed version of BIND.

Is it possible to use a seperate BIND server instead? I'd like to not 
run BIND

on my file server.


Yes. That's how I set up mine.




I have not seen any instructions to this effect, so perhaps someone 
would please

point me in the
correct direction?

Thank You Very Much!!

++AMARU



--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Managing win7 machines..

[tms3]

Ok, i get it...   so both options are horror...

so basically i have to use samba4 for the policies and all.
and use samba3 on a different machine for the network browsing and
printing.
must be do-able

just 1 question, can i use samba3 for the masterbrowser/wins and make 
samba4
use that.. (as for as i know the network browse support isn't ready 
for

samba4)


Yes




Cheers, and thanx..

Collen



On 21-1-2011 8:48, Daniel Müller wrote:


No ntconfig.pol anymore. You may use kixtart or other tools. Or
Registry-files. But be aware
Some registry-things can only be done by administrator and no one 
else. If

you have the most win 7 clients
It is better to switch over to samba4. You can then manage your group
policies with Microsoft tools on the fly.
With things that samba4 does not support at this moment use a samba 3 
domain

member.

Good Luck
Daniel

---
EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: muel...@tropenklinik.de
Internet: http://www.tropenklinik.de
---

-Ursprüngliche Nachricht-
Von: samba-boun...@lists.samba.org 
[mailto:samba-boun...@lists.samba.org] Im

Auftrag von Collen Blijenberg
Gesendet: Freitag, 21. Januar 2011 08:35
An: samba@lists.samba.org
Betreff: Re: [Samba] Managing win7 machines..

I did that, but that doesn't make win7 obey  the ntconfig.pol (nt4 
policies)


as far as i know win7 can't handle these policies, so i think
i need an other way to apply policies to win7.

thx. Collen.

On 20-1-2011 17:17, Wagg, Dave wrote:


I don't know about version 3 but have you made the following changes 
to

the


Control Panel à Admin Tools à Local Security Policy  à Local 
Policies  à

Security options


Change the Network Security: LAN Manager authentication level to Send 
LM

NTLM responses


Remove 128 bit encryption on the following 2 items as well:

Network security: Minimum session security for NTLM SSP based CLIENTS  
and


Network security: Minimum session security for NTLM SSP based SERVERS




-Original Message-
From: samba-boun...@lists.samba.org 
[mailto:samba-boun...@lists.samba.org]

On Behalf Of Collen Blijenberg


Sent: Thursday, January 20, 2011 10:42 AM
To: samba@lists.samba.org
Subject: [Samba] Managing win7 machines..


I'm curious how others manage their windows 7 machines
on a samba 3.x.x domain ..

especial the part of policies and scripts.

i got the win7 running in the samba domain, but i'm
stuck in the policies part.. and i don't want to use nitrobit for 
this.


how do other users do this.. ?!

thx, Collen

--

To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Windows 7/Samba unable to log in via name, works by IP

[tms3]

Hi,

I'm hoping someone can help with this.  We have a 3.3.8 Samba server, 
on
Centos 5.5 64, security DOMAIN, works beautifully with XP.  When 
windows

7 systems attempt to log in via \\NAME, the login window just
continually repeats, but they can login successfully when using 
\\IP_ADDRESS


Samba log shows the below in response to windows 7 login attempts.
[2011/01/25 10:08:26,  0] lib/util_sock.c:get_peer_addr_internal(1676)
 getpeername failed. Error was Transport endpoint is not connected
 read_socket_with_timeout: client 0.0.0.0 read error = Connection
reset by peer.


Try this registry change in Win7

HKLM\System\CCS\Services\LanmanWorkstation\Parameters
DWORD  DomainCompatibilityMode = 1
DWORD  DNSNameResolutionRequired = 0



smb.conf
[global]
 workgroup = DOMAIN
 realm = DOMAIN.COM
 server string = andromeda
 security = DOMAIN
 password server = PASSWORD_JP
 log file = /var/log/samba/samba.log
 max log size = 250
 socket options = TCP_NODELAY SO_RCVBUF=8192 
SO_SNDBUF=8192

 local master = No
 domain master = No
 dns proxy = No
 wins server = WINS_SERVER
 ldap ssl = No
 idmap uid = 16777216-33554431
 idmap gid = 16777216-33554431
 create mask = 0666
 directory mask = 0777
 # disable cups printing to stop log spam
 printcap name = /etc/printcap
 smb ports = 445 139
 client lanman auth = yes
 client ntlmv2 auth = yes
 lanman auth = yes
 ntlm auth = yes
 hide files = /lost+found/,.*/

 template shell = /bin/false
 winbind use default domain = yes

So far, we've tried:
 smb ports = 139
 changing windows 7 Network security settings (LAN Manager
authentication level and Minimum session security)
 added the auth lines to the smb.conf
 valid users = %S

The domain controllers are 2 x Windows Server 2000 and 1 x Windows
Server 2008.  Could that be part of the problem?  We will be replacing
the Windows Server 2000 systems shortly, but would like to fix this
sooner if possible.

Any ideas?

Thanks,
Jay

--
Jeremiah Coleman
Systems Administrator
C  C Technologies
337-735-3741
Extension 3421
jay.cole...@cctechnol.com


--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Trouble installing SWAT on a Samba 4 Alpha 13 build onUbuntu Server

[tms3]

I am not sure how to use Microsoft AD tools to create shares and then 
set
those shares permissable to certain AD groups. For example, I need to 
create
a share called Finance and only the people in Finance can read/write 
to
it. I was hoping to use SWAT to help in creation and management of 
those

shares.


vi smb.conf (or your favorite text editor)

add

[finance]

...various parameter...
valid users = @finance

or

write list = @finance
read list = @finance




I have been using AD tools to manage the domain and GPO's but I am not 
sure

how to use them to create shares.

You can see swat for samba4 here: 
https://github.com/rvelhote/GSoC-SWAT


On Mon, Jan 24, 2011 at 5:03 AM, Daniel Müller 
muel...@tropenklinik.dewrote:




I thought swat is no longer working!!Just use Microsoft ads tools and 
you

are up and running.

---
EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: muel...@tropenklinik.de
Internet: http://www.tropenklinik.de
---

-Ursprüngliche Nachricht-
Von: samba-boun...@lists.samba.org 
[mailto:samba-boun...@lists.samba.org]

Im
Auftrag von Lynn Dixon
Gesendet: Sonntag, 23. Januar 2011 06:39
An: samba@lists.samba.org
Betreff: [Samba] Trouble installing SWAT on a Samba 4 Alpha 13 build 
on

Ubuntu Server

Hello all,
I have setup a complete domain using Samba 4 on my Ubuntu server 32 
bit

machine.  I am using the Alpha 13 build (it was actually in the Ubuntu
Repos). I am trying to setup swat to make it easier to manage shares.  
I
have followed the instructions at 
https://github.com/rvelhote/GSoC-SWATbut

I am having a few problems.

When I run ./run I get the following errors:
jenfab@dc:~/GSoC-SWAT$ sudo ./run
Starting subprocess with file monitor
Traceback (most recent call last):
   File /usr/local/bin/paster, line 9, in module
   load_entry_point('PasteScript==1.7.3', 'console_scripts', 
'paster')()
   File /usr/lib/pymodules/python2.6/paste/script/command.py, line 
84, in

run
   invoke(command, command_name, options, args[1:])
   File /usr/lib/pymodules/python2.6/paste/script/command.py, line 
123, in

invoke
   exit_code = runner.run(args)
   File /usr/lib/pymodules/python2.6/paste/script/command.py, line 
218, in

run
   result = self.command()
   File /usr/lib/pymodules/python2.6/paste/script/serve.py, line 
276, in

command
   relative_to=base, global_conf=vars)
   File /usr/lib/pymodules/python2.6/paste/script/serve.py, line 
313, in

loadapp
   **kw)
   File /usr/lib/pymodules/python2.6/paste/deploy/loadwsgi.py, line 
204, in

loadapp
   return loadobj(APP, uri, name=name, **kw)
   File /usr/lib/pymodules/python2.6/paste/deploy/loadwsgi.py, line 
224, in

loadobj
   global_conf=global_conf)
   File /usr/lib/pymodules/python2.6/paste/deploy/loadwsgi.py, line 
248, in

loadcontext
   global_conf=global_conf)
   File /usr/lib/pymodules/python2.6/paste/deploy/loadwsgi.py, line 
278, in

_loadconfig
   return loader.get_context(object_type, name, global_conf)
   File /usr/lib/pymodules/python2.6/paste/deploy/loadwsgi.py, line 
409, in

get_context
   section)
   File /usr/lib/pymodules/python2.6/paste/deploy/loadwsgi.py, line 
431, in

_context_from_use
   object_type, name=use, global_conf=global_conf)
   File /usr/lib/pymodules/python2.6/paste/deploy/loadwsgi.py, line 
361, in

get_context
   global_conf=global_conf)
   File /usr/lib/pymodules/python2.6/paste/deploy/loadwsgi.py, line 
248, in

loadcontext
   global_conf=global_conf)
   File /usr/lib/pymodules/python2.6/paste/deploy/loadwsgi.py, line 
285, in

_loadegg
   return loader.get_context(object_type, name, global_conf)
   File /usr/lib/pymodules/python2.6/paste/deploy/loadwsgi.py, line 
561, in

get_context
   object_type, name=name)
   File /usr/lib/pymodules/python2.6/paste/deploy/loadwsgi.py, line 
587, in

find_egg_entry_point
   possible.append((entry.load(), protocol, entry.name))
   File /usr/lib/python2.6/dist-packages/pkg_resources.py, line 
1954, in

load
   entry = __import__(self.module_name, globals(),globals(), 
['__name__'])

ImportError: No module named swat.config.middleware


Any suggestions as to where to go from here?
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--

To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Trouble installing SWAT on a Samba 4 Alpha 13 buildonUbuntu Server

[tms3]

But when I click apply, the jenfab\finance group dissappears from the 
list and the changes never save.


What OS are you using? If Linux then make sure share file system is 
xattrs capable and enable it in /etc/fstab (I believe).  If not you 
can use:


posix:eadb = /usr/local/samba/private/eadb.tdb

in global. This does NOT scale well.




I have tried giving 777 perms on the actual directory on my ubuntu box 
to troubleshoot, but had same results.  I have also verified that ACL 
package has been installed on my Ubuntu machine. What user:group do I 
need to have the actual directory on the ubuntu machine set to?  Any 
other things I should try?



On Mon, Jan 24, 2011 at 11:02 AM, Taylor, Jonn 
jo...@taylortelephone.com wrote:



Go to advanced when changing ACL's.

Jonn



On 01/24/2011 09:48 AM, Lynn Dixon wrote:
That was the first thing that I had tried.  I created   a share 
using smb.conf, then restarted samba.
I can see the share, and navigate down into it from windows.  If I 
  create a folder and then rick click from a windows machine and do
   security, I can add groups, but when I try to save, the changes 
  just disappear.


What is the best way to manage ACL's on the share from a windows   
machine?


Sorry for all the questions, this is my first venture into a Samba 
  4 AD environment.  I have used Samba 2/3 i on a workgroup in the 
  past and used different security schemes.



On Mon, Jan 24, 2011 at 10:37 AM, Taylor, Jonn 
jo...@taylortelephone.com wrote:



This is all you need.

 [test]
  path = /data/test
  read only = no

Then use windows to set the acl's.

Jonn

http://wiki.samba.org/index.php/Samba4/HOWTO


On 01/24/2011 09:24 AM, Lynn Dixon wrote:
 Thanks. I tried both paramaters in my smb.conf but I   
got errors when I tried

 both:
  
 jenfab@dc:~$ sudo /etc/init.d/samba4 restart
  * Stopping Samba 4 daemon samba
 [ OK ]
  * Starting Samba 4 daemon
 samba  
Unknown parameter

 encountered: valid users
 Ignoring unknown parameter valid users
  
  [

 OK ]
 jenfab@dc:~$ sudo nano /etc/samba/smb.conf
 jenfab@dc:~$ sudo /etc/init.d/samba4 restart
  * Stopping Samba 4 daemon samba 
  [

 OK ]
  * Starting Samba 4 daemon
 samba  
Unknown parameter

 encountered: write list
 Ignoring unknown parameter write list
 Unknown parameter encountered: read list
 Ignoring unknown parameter read list
  
  [

 OK ]


 On Mon, Jan 24, 2011 at 9:52 AM, t...@tms3.com   
wrote:



 I am not sure how to use Microsoft AD tools to   create 
shares and then set
 those shares permissable to certain AD groups.   For 
example, I need to

 create
 a share called Finance and only the people in   
Finance can read/write to
 it. I was hoping to use SWAT to help in creation   and 
management of those

 shares.

 vi smb.conf (or your favorite text editor)

 add

 [finance]

 ...various parameter...
 valid users = @finance

 or

 write list = @finance
 read list = @finance



 I have been using AD tools to manage the domain   and 
GPO's but I am not sure

 how to use them to create shares.

 You can see swat for samba4 here: 
https://github.com/rvelhote/GSoC-SWAT


 On Mon, Jan 24, 2011 at 5:03 AM, Daniel Müller   
muel...@tropenklinik.de

 wrote:
 I thought swat is no longer working!!Just use   
Microsoft ads tools and you

 are up and running.

 ---
 EDV Daniel Müller

 Leitung EDV
 Tropenklinik Paul-Lechler-Krankenhaus
 Paul-Lechler-Str. 24
 72076 Tübingen

 Tel.: 07071/206-463, Fax: 07071/206-499
 eMail: muel...@tropenklinik.de
 Internet: http://www.tropenklinik.de

 ---

 -Ursprüngliche Nachricht-
 Von: samba-boun...@lists.samba.org 
[mailto:samba-boun...@lists.samba.org]

 Im
 Auftrag von Lynn Dixon
 Gesendet: Sonntag, 23. Januar 2011 06:39
 An: samba@lists.samba.org
 Betreff: [Samba] Trouble installing SWAT on a   Samba 4 
Alpha 13 build on

 Ubuntu Server

 Hello all,
 I have setup a complete domain using Samba 4 on   my 
Ubuntu server 32 bit
  machine. I am using the Alpha 13 build (it was   
actually in the Ubuntu
 Repos). I am trying to setup swat to make it   easier 
to manage shares. I
 have followed the instructions at 
https://github.com/rvelhote/GSoC-SWATbut

 I am having a few problems.

 When I run ./run I get the following errors:
 jenfab@dc:~/GSoC-SWAT$ sudo ./run
 Starting subprocess with file monitor
 Traceback (most recent call last):
File

Re: [Samba] Shutting down WinXP Pro instance

[tms3]

--- Original message ---
Subject: Re: [Samba] Shutting down WinXP Pro instance
From: Michael Wood esiot...@gmail.com
To: Joe Tseng joe_ts...@hotmail.com
Cc: samba@lists.samba.org
Date: Monday, 24/01/2011 10:51 PM

Hi

On 25 January 2011 02:54, Joe Tseng joe_ts...@hotmail.com wrote:



Recently I set up a PDC (Fedora 12 - I'm using this for a specific 
reason) using Samba 3.4.9 and OpenLDAP 2.4.19; I named my domain 
ATHOME.  I am trying to figure out how to shut down WinXP Pro remotely 
and I'm not having any luck.  Up to this point I have tried the 
following:


 - I used ATHOME\root which is the admin acct I used to join XP to my 
domain.  I added ATHOME\root to my workstation's Administrators group.


 - I've disabled simple file sharing on WinXP.

 - I've disabled the WinXP firewall.

My results are the following:

[root@server0 openldap]# net rpc shutdown -d -I 10.1.0.154 -U root


Hmmm. Do you have good NetBIOS browsing or WINS? I've noticed that 
these calls by IP address have a tendency to fail, but by NetBIOS name 
succeed.





[2011/01/24 19:50:34,  0] lib/debug.c:451(debug_parse_params)
 debug_parse_params: unrecognized debug class name or format [-I]


You are using incorrect syntax for the debug option.

Try net rpc shutdown -d 10 -I 10.1.0.154 -U root and maybe that will
show you what the problem is.  (i.e. you need a number after -d.)

--
Michael Wood esiot...@gmail.com
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] store profiles on a third server

[tms3]

--- Original message ---
Subject: [Samba] store profiles on a third server
From: André Rodier andre.rod...@red2.co.uk
To: samba@lists.samba.org
Date: Sunday, 23/01/2011  9:08 AM

X-SpamDetect-Info: - Start ASpam results ---
X-SpamDetect-Info: This message may be spam. This message BODY has 
been altered to show you the spam information
X-SpamDetect: ***: 3.8 sd=3.8  [96]12%-6.0(Accept Orbs) 
[212]87%5.6(!46,60) [129]44%-0.0(from_return_nomatch) 
[27]46%-0.0(X-LangGuess:English) [sig=2] [nnot=1,nis=0,0.0]

X-SpamDetect-Info: - End ASpam results -

hello all,

I am building a network system using Samba 3.5 on Debian Squeeze and
Windows 2003 workstations.

I have properly configured my samba PDC, and that's working correctly. 
I

am using an external LDAP to store the credentials.

I also wanted to use roaming profiles, and I have properly configured
this. That's working well for me, using Windows 2003 work stations.

I'll soon have both my PDC and my BDC. The profiles are actually 
stored

on the PDC server.

However, I'd like to store the profiles on a third server. I know this
is possible but I want to know were I can find a proper documentation 
or

tutorial to do this.


In LDAP there is a storage location:

sambaProfilePath: \\server name or IP addy\Profiles share 
name\username


If you are using smbldap-tools, this can be set in smbldap.conf here:

##
#
# SAMBA Configuration
#
##

# The UNC path to home drives location (%U username substitution)
# Just set it to a null string if you want to use the smb.conf 'logon 
home'

# directive and/or disable roaming profiles
# Ex: userSmbHome=\\PDC-SMB3\%U
userSmbHome=\\HomeShare\DirectoryShare

# The UNC path to profiles locations (%U username substitution)
# Just set it to a null string if you want to use the smb.conf 'logon 
path'

# directive and/or disable roaming profiles
# Ex: userProfile=\\camarillo\profiles\%U
userProfile=\\ProfileShare\ProfileShare\%U

For existing users, copy the profiles to the new server (or not, 
really, as they will be re-written at logoff) and set permissions. 
Edit the ldap settings in your current DIT.




Here my questions to start

- I probably have to install samba on this third server,

If you're using a *nix server, that would be best.


neither as PDC
or BDC,

Why would you NOT have it be a BDC?  I would.


but Do I have to use special parameters ?







- Should I use again NSS and LDAP on this third server for the
authentication credentials database ?


It should authenticate of the domain, yes. As I said making it a BDC 
would be best.





André.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Multiple domains issue

[tms3]

I encountered a strange problem recently when changing the IP of my
Samba server.  We are in the process of moving from an ancient NT4
domain to an AD domain.  We did a full migration of all the users, and
up until Friday, our AD users were able to access the Samba server
(which is still on the NT domain) with full permissions, etc.

On Friday for reasons completely unrelated, we had to change the IP of
the Samba server.  When we brought it up on the new IP, it gave an 
error

bringing up the Samba daemons.  I was rushed and didn't pay to much
attention to the error, but instead took the easy route of removing
Samba from the NT domain, and re-joining.

That got the Samba daemons up and running and we mostly had no 
problem,
except now the AD users aren't allowed to access their home 
directories.


Home directories in a trusted domain is probably a bad idea, and 
likely has some permission issues. It might be best to join the samba 
server to the AD domain instead.




The AD and NT domains have a mutual trust relationship, and all SSIDs
for the users on both domains are the same.  As I said, prior to 
Friday,

these users were able to access.

I'm not entirely sure how Samba handles multiple domains, etc. and I
have no idea how to even begin to trouble shoot this problem.  Any
suggestions would be welcome.

-Ron
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] store profiles on a third server

[tms3]

I have had it this way for 5+ years at work. My PDC and BDCs
exist as openvz and lvm virtual machines that I can move to
any server. Neither of these contain any file shares.


Can this be done if not using LDAP?



I do not know. I believe it would be more difficult without LDAP
however. We have used ldap with samba from the start since we migrated
a windows 2000 domain over to samba.


In a multi server environment it is advisable to use LDAP.











I know this is
possible but I want to know were I can find a proper

documentation or


tutorial to do this.



Any pointers on where to find examples?


Not really. I just put a few concepts that I was using together over
the years. Also I have not looked for examples in a very long time.

John
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba hangs the boot on Gentoo.

[tms3]

Hello,

Today I came across with the problem with booting my Gentoo system.
Yesterday I installed samba and when I turned on my notebook today it 
stops

booting at starting up the samba daemon. It goes until:




* samba - start: smbd ...


I had some difficulties a few years back with Samba/LDAP nssldap, 
pam_ldap and pam. The system would hang for some 10 minutes at 
startup. The problem was that nssldap defaults to  bind_policy hard, 
and as nssldap fired before the ldap server started (from the nssldap 
conf file):

# Reconnect policy: hard (default) will retry connecting to
# the software with exponential backoff, soft will fail
# immediately.

changing the value to
bind_policy soft

rectified the situation.












... and then freezes ... Maybe the problem is somehow related to my 
Wi-Fi
connection on notebook and Samba is looking for Internet connection 
and
waiting for it to be established? Maybe you can give any advice on how 
to

boot to my system without loading samba and uninstalling it?



Do an interactive boot. Press I when it asks you to do in the boot
process. Then do not start the samba daemon.

John
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Problems with a trust relation between samba and sambadifferent subnet

[tms3]

My friends I want to make to domains running samba+ldap to share
resources, I want to create a trust relation in two directions. Both
domains have wins enable but are on different subnet.


MUST use the same WINS server for trusts to work. Why have two 
domains?




Domain Name: DOM1Netbios Name = DOM1PDC 192.168.50.0/24
Domain Name: DOM2Netbios Name = DOM2PDC 192.168.40.0/24

Both networks are separate, each one with his own switch, a FW is what
help me they can communicate.

OS: Centos 5.5
Samba 3.3.x.

First, I follow the instructions from the bible of samba and say that
I need to create the Interdomain account on each network:

smbldap-useradd -a -i DOMAIN-NAME

Done.

smbldap-usershow I have the I flag on each account.

I have enable the ports in my fw to communicate both domainsm done.

Now went I run the command:

net rpc trustdom establish DOM1   on PDC DOM2 I got the error

net rpc trustdom establish DOM1  running on PDC DOM2

[2011/01/21 07:17:16,  0] 
libsmb/namequery.c:internal_resolve_name(1609)

   resolve_name: unknown name switch type lmhost
[2011/01/21 07:17:16,  0] utils/net_rpc.c:rpc_trustdom_establish(5565)
   Couldn't find domain controller for domain DOM1

Some search pages point me that in this case I need to setup the file
lmhosts to make this happen because no service is helping my PDC to
reach the other end, I read the MS KB where it say how to setup a
LMHOSTS and have this
on my PDC DOM2:

127.0.0.1 localhost
192.168.50.3 DOM1   \0x1b #PRE
192.168.50.3 DOM1PDC #PRE #DOM:DOM1

on DOM1 I have

192.168.40.3 DOM2   \0x1b #PRE
192.168.40.3 DOM2PDC #PRE #DOM:DOM2

In samba smb.conf I have:

hosts allow = 192.168.40. 192.168.50. 127.
name resolve order = wins hosts bcast lmhost

nsswitch have the line:

hosts:  files wins dns

I try again and in DOM1 PDC:

net rpc trustdom establish DOM2

[2011/01/21 07:22:13,  0] 
libsmb/namequery.c:internal_resolve_name(1609)

   resolve_name: unknown name switch type lmhost
[2011/01/21 07:22:13,  0] utils/net_rpc.c:rpc_trustdom_establish(5565)
   Couldn't find domain controller for domain DOM2

There is something I forget to setup or what I'm doing wrong, hope
some could give some tips and point my errors, I will appreciated,
thanks!!!

--
LIving the dream...
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Problems with a trust relation between samba andsambadifferent subnet

[tms3]

Two domains.

Well this is a test systems.

But my current production system are separate by a P2P link. What u 
recommend?


Location A -- PDC Wins Server

+LDAP server



Location B -- BDC


+LDAP server

smb.conf to point to local ldap servers.



?

Them, u say 1 wins to rule them all  I have to work with this.

Thanks!!!

--
LIving the dream...
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Problems with a trust relation between sambaandsambadifferent subnet

[tms3]

--- Original message ---
Subject: Re: [Samba] Problems with a trust relation between 
sambaandsambadifferent subnet

From: Alberto Moreno ports...@gmail.com
To: samba@lists.samba.org
Date: Friday, 21/01/2011  3:32 PM

On Fri, Jan 21, 2011 at 3:20 PM,  t...@tms3.com wrote:





Two domains.

Well this is a test systems.

But my current production system are separate by a P2P link. What u
recommend?

Location A -- PDC Wins Server

+LDAP server

Location B -- BDC

+LDAP server

smb.conf to point to local ldap servers.

?

Them, u say 1 wins to rule them all  I have to work with this.

Thanks!!!

--
LIving the dream...
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba




U suggest to build a PDC+Ldap and the other end BDC+Ldap and setup the
replica of ldap right?


Yes. Multimaster-syn-repl is my choice.




The only issue is that, we already have 2 domains, I need to delete
one and just work with one, but what about the SID of the clients that
will lose there PDC, this will be a issue, because I will have to add
them to the domain again right?


Yes. That's a bit messy. If you have a large number of users, that 
might be a serious problem.




I'm correct? This thread is giving me a lot of tips to try :-), thanks 
guys!!!



--
LIving the dream...
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] How to minimize authentication traffic

[tms3]

--- Original message ---
Subject: [Samba] How to minimize authentication traffic
From: Andreas Grabner andr...@vianova.cc
To: samba@lists.samba.org
Date: Tuesday, 18/01/2011  8:28 AM

Hi,

i have to set up a new server far away from home.
At the central i have a Win 2008 native AD server with a samba AD
member. Now i have to install a new server at an other location with a 
1
Mbit/s connection. I don't know yet how reliable the connection will 
be.


The users faraway should not need to manual authenticate to
fileservers in the Central.

What would you recommend? I thought about an new domain with domain
trusts. Or should i make it just an AD member (what happens if the AD
Server is not reachable?)

I think an other setup i have done years before (PDC -LDAP -[P|B]DC)
will not work with AD.
If you don't need exchange you could try a Samba4 AD joined server and 
local DNS. Depending on the size of the sattelite location YMMV. For a 
large critical production environment, your best bet at this time 
would of course be another M$ server.




Any suggestions?

Thanks
Andreas

--
Andreas Grabner
+43 676 840 775 101
andr...@vianova.cc

Via Nova Mediendesign GmbH
Augasse 24
A- 7400 oberwart
+4333 52 / 32 860
http://www.vianova.cc

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] trust relation between 2 networks firewall issues!!!

[tms3]

Hi.

I have 2 separate networks.

Net-A 192.168.50.0/24
Net-B 172.16.2.0/16

I have 1 Samba PDC+LDAP on each site.

I want to create a trust relation between both networks, what ports do
I have to open in my fw to make this works?


137, 138, 139, 389. For secure LDAP 636. For modern smb 445.



thanks!!!

Centos 5.5 Samba 3x.

--
LIving the dream...
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] MS Access

[tms3]

I need to have a server built and ready to install by this weekend, 
and I'm
trying to decide whether to use the customer's copy of Windows 2000 
Server,


Seriously?
http://blogs.technet.com/b/windowsserver/archive/2010/01/14/windows-2000-server-approaching-end-of-life.aspx



or Ubuntu or Centos. I think Ubuntu would have a newer version of 
samba.


One can always build from source.




The problem is, for this one server, about 20 users hammer MS Access
databases all day, and samba seems to have had issues with Access in 
the

past. Is that still the case?


Access has issues. What version? Most problems seem to boil down to 
file perms. I rarely had problems with Access files on FreeBSD/Samba 
platforms.




The old server is dying, and they own Windows 2000 Server so it won't 
cost

them $$ to continue using the OS,
You'd best check the licensing. They most certainly don't own W2K 
server.


but it cannot take advantage of newer
hardware/technologies, so its slower.

Thanks for any info...


--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba PDC

[tms3]

2011/1/14 TAKAHASHI Motonobu mo...@monyo.com:




2011/1/13 Robert Fitzpatrick li...@webtent.net:




If your Samba's version is 3.3.2 - 3.3.4, then the additional settings
below are needed:

   HKLM\System\CCS\Services\Netlogon\Parameters
   DWORD  RequireSignOrSeal = 0
   DWORD  RequireStrongKey = 0



I am using Samba 3.5.6 and the registry entries above are as you show
currently.


As I mentioned,

-
If your Samba's version is 3.3.5 - and the registries above are set,
remove them and try again.
-

You must set these 2 entries below:

-
   HKLM\System\CCS\Services\LanmanWorkstation\Parameters
   DWORD  DomainCompatibilityMode = 1
   DWORD  DNSNameResolutionRequired = 0
-

You must not set these 2 entries below:

-
   DWORD  RequireSignOrSeal = 0
   DWORD  RequireStrongKey = 0
-

In my knowledge, your error messages:

[2011/01/13 09:24:48.031223,  0]
rpc_server/srv_netlog_nt.c:714(_netr_ServerAuthenticate3)
 _netr_ServerAuthenticate3: netlogon_creds_server_check failed.
Rejecting auth request from client COLUMBUS-LAPTOP machine account
COLUMBUS-LAPTOP$

occurs if you do not correctly set these 4 entries.
If you still have problem, I recommend to examine with simple settings
(not to use LDAP) like:

-
[global]
  workgroup = WEBTENT
 domain logons = yes
 add machine script = useradd %u

[homes]
 writeable = yes
 browseable = no
-

If your Windows 7 can join to Samba domain with the settings above, at
least you could know that
Windows 7 registries are correctly set.


Sorry, under FreeBSD, use

-
   add machine script = /usr/sbin/pw useradd %u


For smbldap-tools
add machine script = /usr/local/sbin/smbldap-useradd -W '%u'



-

instead of

-
   add machine script = useradd %u
-

---
TAKAHASHI Motonobu mo...@samba.gr.jp
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Cannot list shares on a host

[tms3]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hello,
   linux 2.6.34.7-0.7-desktop x86_64
   smbclient 3.5.4-5.1.2-2426-SUSE-SL11.3

   I issue this command:
smbclient -L SMA-STN14L -U jmoe

   I get:
Connection to SMA-STN14L failed (Error NT_STATUS_BAD_NETWORK_NAME)


is that name in DNS?  How about WINS? What if you use ip addy instead 
of NetBIOS machine name?




   In smb.conf [globals] section:
workgroup = SOHNEN-MOE
netbios name = SMA-STN14L

   Adding the -I option made no difference.
   The firewall port is open.
   There is nothing in /var/log/messages.
   There is nothing in /var/log/samba/log.*.

   So, what's the message about a bad name?

- --
James Moe
moe dot james at sohnen-moe dot com
520.743.3936
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk0vavcACgkQzTcr8Prq0ZNSYACeP94q7ydYsQkYHB8wwvIx5gdT
8u8An13z19s3MgUeOjpwhyhPWtZS6mAi
=2a+T
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] can connect to 2 samba servers by name but to one by IPonly

[tms3]

Adding pdc1 to the hosts file (c:\windows\system32\drivers\etc\hosts) 
did
not make a difference.  After adding pdc1 to lmhosts,  net use 
\\pdc1 did
work.  So in the case of pdc1 one, the name is being resolved as a 
netbios

name (i.e. via lmhosts) not a tcp/ip type name (i.e. via dns or hosts)

But then why does net use work with all the other windows or samba
servers?  As  far as I can tell, DNS is the only method by which the 
names

are being resolved.

I did notice that nbtstat -c shows the following


What does nbtstat -r show?




SonicWALL VPN Connection:
Node IpAddress: [x.x.x.x.] Scope Id: []

   NetBIOS Remote Cache Name Table

   Name  Type   Host AddressLife [sec]
   
   BDC1  20  UNIQUE  x.x.x.x.10522
   BDC2  20  UNIQUE  x.x.x.x.11560
   SOMEMACHINE   20  UNIQUE  x.x.x.x.12597



PDC1 is not in cache-  which I guess makes sense since it is 
explicitly

listed in lmhosts.


The nbtstat -r command only shows machine on my home network, 
nothing on
the corporate network, so this really does indicate that there is no 
netbios

broadcasts going on crossing the VPN link.


Thanks




-Original Message-
From: TAKAHASHI Motonobu [mailto:mo...@monyo.com]
Sent: Thursday, January 06, 2011 8:09 AM
To: gaiseric.van...@gmail.com
Cc: samba@lists.samba.org
Subject: Re: [Samba] can connect to 2 samba servers by name but to one 
by IP

only

2011/1/6 Gaiseric Vandal gaiseric.van...@gmail.com:


In fact this seems to work for any samba or windows
machine on the network EXCEPT the Samba 3.4.x PDC. It seems to 
work

for


Win 2003 machines, Samba 3.4.x member servers, XP machines, etc.


To analyze the problem, first put the entry for PDC1 into both LMHOSTS 
and

hosts files and try: net use \\pdc1.

If you still meet the 67 error, something other than name resolution 
will

cause
this problem. Look at the Samba log and network capture.



My understanding is that XP (and Win 2000/2003) machines are smart

enough


to use DNS look ups to resolve a windows netbios name to IP in the 
case
that legacy (archaic) Netbios name resolution (WINS, lmhosts, 
broadcast)

methods don't work.


NetBIOS name whose prefix is only #20 ,#00 (and #1C in some case) can
be resolved
by DNS.

---
TAKAHASHI Motonobu mo...@samba.gr.jp

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba PDC

[tms3]

On 1/12/2011 11:18 AM, TAKAHASHI Motonobu wrote:


2011/1/13 Robert Fitzpatrickli...@webtent.net:


OK, I am trying to setup my first Samba PDC on a FreeBSD 8.1 host. 
When I
try to become a member of 'webtent.org' on my Windows 7 Ultimate to 
the PDC,

I get the following error...



DNS was successfully queried for the service location (SRV) resource
record used to locate a domain controller for domain webtent.org:

(snip)


Anyone know what I am or could be doing wrong? Thanks for any help!


Read at:
http://wiki.samba.org/index.php/Windows7

And remember Samba 3 PDC is compatible with Windows NT Server, not 
with

Active Directory.



Thanks, I was able to join the domain, but when trying to logon, I get
another error...



the trust relationship between this workstation and the primary domain 
failed


What can cause this? I have the computer name in LDAP, it was created
when I joined the domain.


I found that a properly configured WINS server solved many of these 
problems for me with Samba3.x/LDAP and Win7.




--Robert

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Reestablishing trust with PDC

[tms3]

you haven't tried experimenting with backing up and restoring the 
samba

password cache.  look in /var/*/samba and /var/*/*/samba for files
related to the password cache to backup and restore.


If you use LDAP this problem goes away.  If you're using tdb's then 
moving the tdb's and using the same Samba revision should do it...IIRC




On 1/10/2011 10:45, Devon Crouse wrote:


I often change configurations in a home server environment, and have 
scripts

to back up all config files etc. - on a fresh OS install I can quickly
restore function of all the services I'm running.

I'm using version 3.4.7 as a PDC on Ubuntu with 4 Windows 7 clients.  
I can
restore smb.conf which gets the file shares and server configuration 
back,
but I lose the trust relationship with the clients and I can't figure 
out

how to get it back (short of completely clearing all the profiles and
dropping/adding to the domain.)  I'm making the following assumptions:

 - There must be some sort of signature for the Samba/OS 
installation that

changes
 - This signature must be recorded in Windows somewhere for it to 
validate

the relationship (like known_hosts)

I've tried the following in just about every order you can imagine:

 - Modifying/removing the profile registry entries in Windows
 - Removing/restoring the user directory in Windows
 - Removing/restoring the profile.v2 directory in Ubuntu
 - Experimenting with various local policy settings in Windows
 - Re-adding client to the domain
 - Using smbpasswd to recreate the users

There must be something I can backup/change to retain/reestablish the 
trust

relationship without having to scrap all the user profiles?  Thanks in
advance - all my reading so far has been of little help.



--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Domain trust between a Samba PDC domain and W2K ADdomain

[tms3]

SNIP


Hi people.

I'm working on a trust relation between Samba 3.3.X and Windows 2003
AD mixed mode.

I have read the doc about this but for some reason wont work, my
PDC+LDAP is working but I still cannot make this 2 servers share
users.
In my experience, it is fairly straightforward to get AD users trusted 
by the Samba controlled Domain, although granualar file permissions 
are tricky at best.  In the opposite direction, this is quite 
difficult, unless the AD domain is in the very old now, mixed mode.




Could u please give me the process u use to create the relation
between win2k3(in/out) and  samba?

I will appreciated, thanks!!!

--
LIving the dream...
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] A device attached to the system is not functioning -When adding a computer to the domain

[tms3]

On Monday 03/01/2011 at 4:58 am, Chris Beach  wrote:
I wanted to send this out a 2nd (and last) time.. I got suggestions 
not to
use BLAH.COM and to use BLAH instead for my domain name, however I 
don't

think that's causing my problem as it's been this way for 6 years?

Then  you have done no research regarding NetBIOS names.

NetBIOS
Restictions
Characters
Unicode characters, numbers, white space, symbols: ! @ # $ % ^  ' ) ( 
. - _ { } ~


See chart top of page:

http://technet.microsoft.com/en-us/library/cc959336.aspx

Machine trusts MUST be able to resolve NetBIOS names.  The preferred 
method is via WINS.  Misconfigured NetBIOS names will make this, shall 
we say, difficult.


Any way I
still can't add machines to my domain and am fairly panicked (this is
production, 140~ users).

Any other suggestions?

Thank you.

On Thu, Dec 30, 2010 at 1:35 PM, Chris Beach chr...@pintys.com 
wrote:




Hi all,

I just setup a Samba 3.3.14, with an ldap back-end.

I migrated the ldap back end and samba shares from my old samba 
server.
I've found when adding a machine (WinXP) to the domain, I get the 
following

error on XP:

The following error occurred attempting to join the domain Blah.com:
A device attached to the system is not functioning.

in my /var/log/messages I have:

Dec 30 09:40:24 hap smbd[29379]: [2010/12/30 09:40:24, 0]
passdb/pdb_get_set.cdb_get_group_sid(210)
Dec 30 09:40:24 hap smbd[29379]: pdb_get_group_sid: Failed to find 
Unix

account for OAKRND02$

repeated about 6 times.

My smb.conf looks like this for the scripts to run:

* add machine script = /usr/sbin/smbldap-useradd -w %u
add user script = /usr/sbin/smbldap-useradd -m -a %u
delete user script = /usr/sbin/smbldap-userdel -r %u
add group script = /usr/sbin/smbldap-groupadd -p %g
delete group script = /usr/sbin/smbldap-groupdel %g
add user to group script = /usr/sbin/smbldap-groupmod -m %u %g
delete user from group script = /usr/sbin/smbldap-groupmod -x %u 
%g

set primary group script = /usr/sbin/smbldap-usermod -g %g %u

ldap passwd sync = yes
passwd program = /usr/sbin/smbldap-passwd %u
passwd chat = Changing password for*\nNew password* %n\n *Retype 
new

password* %n\n*

When I do an LDAP search, I see there is an entry in LDAP for it the
machine, so some of the add machine script must have worked:

ldapsearch -b dc=mydomain,dc=com -x (uid=oakrnd01$)

# OAKRND01$, Computers, mydomain, com
dn: uid=OAKRND01$,ou=Computers,dc=pintys,dc=com
uid: OAKRND01$
sambaSID: S-1-5-21-3318375643-2463009161-75282-41448
sambaPrimaryGroupSID: S-1-5-21-3318375643-2463009161-75282-515
sambaAcctFlags: [W ]
objectClass: sambaSamAccount
objectClass: account
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
sambaPwdCanChange: 1291378566
sambaPwdMustChange: 1299154566
sambaNTPassword: EED67D5B90ED8B5C2C168FB90DC4D313
sambaPwdLastSet: 1291378566

Also, I get results in pdbedit:

[r...@happiness ~]# pdbedit -v oakrnd01$
Unix username:OAKRND01$
NT username:  OAKRND01$
Account Flags:[W  ]
User SID: S-1-5-21-3318375643-2463009161-75282-41448
*pdb_get_group_sid: Failed to find Unix account for OAKRND01$*
*Primary Group SID:(NULL SID)*
Full Name:
Home Directory:
HomeDir Drive:
Logon Script: logon.exe
Profile Path:
Domain:   MYDOMAIN.COM
Account desc:
Workstations:
Munged dial:
Logon time:   0
Logoff time:  never
Kickoff time: never
Password last set:Fri, 03 Dec 2010 06:16:06 CST
Password can change:  Fri, 03 Dec 2010 06:16:06 CST
Password must change: Thu, 03 Mar 2011 06:16:06 CST
Last bad password   : 0
Bad password count  : 0
Logon hours : FF

Also:

/usr/sbin/smbldap-useradd -w OAKRND02
failed to add entry: Unexpected EOF at /usr/sbin//smbldap_tools.pm 
line

616.

And then my slapd dies out (crashes)... this same behaviour happens 
when

trying to use USRMGR.exe to add a new user (but doing it manually via
smbldap DOES work for adding a new user).

What's most annoying is I tested joining a Windows 7 machine to the 
domain
before I went live with this server, and it was successful, so I've no 
clue

why this isn't working now

Any help I can get it REALLY APPRECIATED, right now I've got a PC I 
can't

get on the domain, so a user how can't work.





--
Chris Beach
IT Analyst
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Remote connection to Samba service doesn't work

[tms3]

No, it's not.
And as I've said I'm already using Samba shares from a two different
servers on my Windows 7. I've already tried to change Windows settings
via local policies and registry. No effect. Windows says it can't find
the specified network name, smbclient on cygwin can't even open a
connection. Just like there's a magical firewall blocking just the
samba. There is no single log with my ip in it.
Is there any simple way to test the connection itself? By telnet or
sending just one packet, perhaps?
You can try the host yourself, it's revik.one.pl, ip 88.198.15.203.


OK
prism# nbtscan -v 88.198.15.203
Doing NBT name scan for addresses from 88.198.15.203


NetBIOS Name Table for Host 88.198.15.203:

Incomplete packet, 227 bytes long.
Name Service  Type

REVIK00 UNIQUE
REVIK03 UNIQUE
REVIK20 UNIQUE

__MSBROWSE__  01  GROUP
WORKGROUP1d UNIQUE
WORKGROUP1e  GROUP
WORKGROUP00  GROUP

Adapter address: 00-00-00-00-00-00


I would probably lock that down if I were you.





Samba is currently up and running. Even a successful connection try
would tell something.

On Mon, Jan 3, 2011 at 10:01 AM, Daniel Müller 
muel...@tropenklinik.de

wrote:



Windows XP should work on the fly! Isn't it???
For Windows 7 you got to hack the registry. All entries HKLM.
You find the enties: google Windows 7 samba




On Fri, 31 Dec 2010 14:03:05 +0100, Mateusz Szymaniec
revan...@gmail.com
wrote:


Hi.
I've got a nasty problem with Samba. Basically, I can't connect to my
Samba service from a home laptop (running Windows 7). I guess that on
this side everything is fine, I'm using my corporate Samba shares via
VPN, I've been using Samba on my previous server and it was running
OK. I've asked my buddy living nearby to connect and it didn't work
for him, as well as for 15 other people across living my country. The
weirdest thing is, that there are actually people that are able to
connect. They were using both Windows XP and 7 and I can't really tell
why. I see their connections in logs, but I can't really tell a
difference between my and theirs setup.
I've tried to use default Debian Etch 2.x Samba, 3.x backports
version, compiled 3.x from sources, even reinstalled operating system
on the server. I've used default config, copied one from my previous
server, wrote it from stretch server times. Every single time it was
possible to connect locally (smbclient -L localhost). On the client
side, I've tried using default Windows 7 (and XP) smb/cifs
implementation and cygwin's smbclient.
My server ISP tells that they don't block anything and it's the first
time someone has reported problem like this. My iptables are clean at
the moment.
Currently I'm using v. 3.2.5 with default config with one share and
added user by smbpasswd.

revik:~# smbclient localhost\\test
Enter root's password:
Domain=[REVIK] OS=[Unix] Server=[Samba 3.2.5]
smb: \ ls
 .   D0  Fri Dec 31 13:57:25

2010


 ..  D0  Fri Dec 31 13:57:16

2010


 testfile 0  Fri Dec 31 13:57:25

2010



   35201 blocks of size 8388608. 33290 blocks available
I don't really can think of any single idea how to make it work or
where the problem actually lies.
I'd appreciate any help, thanks.


--

To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Need a little help with Samba 3.5.5 on FreeNAS 7.2.5543

[tms3]

--- Original message ---
Subject: Re: [Samba] Need a little help with Samba 3.5.5 on FreeNAS 
7.2.5543

From: Steve B stev...@gmail.com
To: samba@lists.samba.org
Date: Sunday, 02/01/2011  5:29 PM

Ok, I've worked through a few different items but am still coming up 
zero.

The Audiotron
From Turtle Beach



IMPORTANT NOTE:
If you are using a NAS (Network Attached Storage) device please do 
NOT

use this Firmware. The last known good version for NAS device Support
was: 3.1.1. Sorry about this.

http://www.turtlebeach.com/support/index.php?View=entryEntryID=114116399

Since the last update was 2004, I wonder what it's CIFS client is as 
well...oh well, the above might be a start.



appears to be case insensitive (or at least how it talks to
Samba). I tried the file in all upper, all lower and even mixed case. 
I

still get the same error. If I delete the file, no error, but no file
either. Additionally all the MP3 files are in mixed case and it 
appears to
recognize all of them without trouble. Filename length also appears to 
not
be an issue. I tried 8.3 format, ie 
radiotr.txt/RADIOTR.TXT/RadioIO.txt and
came up with the same results. It appears to see the file is present 
but
acts like it cannot read it saying no stations found. In addition 
all of

the MP3 files are in mixed case and have longer than 8.3 file names.

On Mon, Dec 20, 2010 at 3:57 AM, Michael Wood esiot...@gmail.com 
wrote:




On 20 December 2010 04:16, Steve B stev...@gmail.com wrote:


1. Not sure what you mean by remote the file. I can open and read 
the

file

I believe he meant remove.  I think he was just wondering if you got
a different error with the file missing, which would prove that
Audiotron was actually accessing the file.  If you got the same
symptoms, then it's possible that Audiotron was not actually
finding/reading the file at all.



in any editor, but the Audiotron performs some sort of read function 
on

the


file that tells it there are X number of radio stations defined in the

file.


The file is basically an XML file.


--
Michael Wood esiot...@gmail.com

--

To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] A device attached to the system is not functioning - Whenadding a computer to the domain

[tms3]

--- Original message ---
Subject: [Samba] A device attached to the system is not functioning - 
Whenadding a computer to the domain

From: Chris Beach chr...@pintys.com
To: samba@lists.samba.org
Date: Thursday, 30/12/2010 10:42 AM

Hi all,

I just setup a Samba 3.3.14, with an ldap back-end.

I migrated the ldap back end and samba shares from my old samba 
server. I've
found when adding a machine (WinXP) to the domain, I get the following 
error

on XP:

The following error occurred attempting to join the domain Blah.com:
Blah.com---a . in a NETBios domain name is VERY bad.  Rename it 
BLAH.



A device attached to the system is not functioning.

in my /var/log/messages I have:

Dec 30 09:40:24 hap smbd[29379]: [2010/12/30 09:40:24, 0]
passdb/pdb_get_set.cdb_get_group_sid(210)
Dec 30 09:40:24 hap smbd[29379]: pdb_get_group_sid: Failed to find 
Unix

account for OAKRND02$

repeated about 6 times.

My smb.conf looks like this for the scripts to run:

* add machine script = /usr/sbin/smbldap-useradd -w %u
add user script = /usr/sbin/smbldap-useradd -m -a %u
delete user script = /usr/sbin/smbldap-userdel -r %u
add group script = /usr/sbin/smbldap-groupadd -p %g
delete group script = /usr/sbin/smbldap-groupdel %g
add user to group script = /usr/sbin/smbldap-groupmod -m %u %g
delete user from group script = /usr/sbin/smbldap-groupmod -x %u 
%g

set primary group script = /usr/sbin/smbldap-usermod -g %g %u

ldap passwd sync = yes
passwd program = /usr/sbin/smbldap-passwd %u
passwd chat = Changing password for*\nNew password* %n\n *Retype 
new

password* %n\n*

When I do an LDAP search, I see there is an entry in LDAP for it the
machine, so some of the add machine script must have worked:

ldapsearch -b dc=mydomain,dc=com -x (uid=oakrnd01$)

# OAKRND01$, Computers, mydomain, com
dn: uid=OAKRND01$,ou=Computers,dc=pintys,dc=com
uid: OAKRND01$
sambaSID: S-1-5-21-3318375643-2463009161-75282-41448
sambaPrimaryGroupSID: S-1-5-21-3318375643-2463009161-75282-515
sambaAcctFlags: [W ]
objectClass: sambaSamAccount
objectClass: account
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
sambaPwdCanChange: 1291378566
sambaPwdMustChange: 1299154566
sambaNTPassword: EED67D5B90ED8B5C2C168FB90DC4D313
sambaPwdLastSet: 1291378566

Also, I get results in pdbedit:

[r...@happiness ~]# pdbedit -v oakrnd01$
Unix username:OAKRND01$
NT username:  OAKRND01$
Account Flags:[W  ]
User SID: S-1-5-21-3318375643-2463009161-75282-41448
*pdb_get_group_sid: Failed to find Unix account for OAKRND01$*
*Primary Group SID:(NULL SID)*
Full Name:
Home Directory:
HomeDir Drive:
Logon Script: logon.exe
Profile Path:
Domain:   MYDOMAIN.COM
Account desc:
Workstations:
Munged dial:
Logon time:   0
Logoff time:  never
Kickoff time: never
Password last set:Fri, 03 Dec 2010 06:16:06 CST
Password can change:  Fri, 03 Dec 2010 06:16:06 CST
Password must change: Thu, 03 Mar 2011 06:16:06 CST
Last bad password   : 0
Bad password count  : 0
Logon hours : FF

Also:

/usr/sbin/smbldap-useradd -w OAKRND02
failed to add entry: Unexpected EOF at /usr/sbin//smbldap_tools.pm 
line 616.


And then my slapd dies out (crashes)... this same behaviour happens 
when

trying to use USRMGR.exe to add a new user (but doing it manually via
smbldap DOES work for adding a new user).

What's most annoying is I tested joining a Windows 7 machine to the 
domain
before I went live with this server, and it was successful, so I've no 
clue

why this isn't working now

Any help I can get it REALLY APPRECIATED, right now I've got a PC I 
can't

get on the domain, so a user how can't work.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Need Help Getting Windows XP To Use Samba Properly

[tms3]

Everyone,

Both the Microsoft Network Monitor (sniffer) and Nbtstat -r shows 
that Windows XP is not acknowledging the broadcast packets from the 
Samba box,

Well, that's an interesting statement...

So, XP spouts a request to the WINS server, it responds and the packet 
is dropped?


Or is XP NOT sending a request at all???


which keeps XP from being able to browse the server because no master 
browser is being recognized.  If the Computer Browser service was 
enabled in XP,


Widows 2000, however, acknowledges them just fine, even with Comptuer 
Browser disabled, and all is well.


Any suggestions?  If you folks help me figure this out, you'll be 
heroes, because I have come across a lot of help requests all over the 
internet that go way back many years for this very same problem, few 
solutions, and none of them resulting in a solution that works for me.


Bob


-Original Message-
From: t...@tms3.com [mailto:t...@tms3.com]
Sent: Tuesday, December 28, 2010 3:48 PM
To: Hodges, Robert CTR USAF AFMC 520 SMXS/MXDEC
Cc: Chris Smith; samba@lists.samba.org
Subject: Re: [Samba] Need Help Getting Windows XP To Use Samba 
Properly






Excellent information, thank you.

Unfortunately, none of it solved my problem.


Start sniffing the machine as you do a Network Neighborhood search.  
You might also check and see just where and how lookups are being done 
for NETBios from an XP box command terminal


nbtstat -r

which will tell you how lookups are being done.  Might lead you to a 
culprit.





I see a lot of The specified network name is no longer available 
error messages all over the internet from Linux users, and none of the 
very few solutions I have come across have worked for me.


Anybody else able to chime in and take a guess as why my XP box is 
having a problem talking to my Solaris/Samba box? Again, Win2K has no 
problems talking to the Samba box - it's just XP.


Refresh: This error happens when you try to browse using My Network 
Places in the desktop. Mapping works fine, access works fine. 
Browsing is what fails in XP. I need this to work or I'm looking at a 
huge and expensive documentation change effort that few would 
understand.


Still desperate for help on this. This problem happens with WinXP 
right out of the box, we have nothing weird installed.


Help!



-Original Message-
From: Chris Smith [mailto:smb...@chrissmith.org]
Sent: Tuesday, December 28, 2010 12:45 PM
To: Hodges, Robert CTR USAF AFMC 520 SMXS/MXDEC
Cc: John Drescher; samba@lists.samba.org
Subject: Re: [Samba] Need Help Getting Windows XP To Use Samba 
Properly


On Tue, Dec 28, 2010 at 2:23 PM, Hodges, Robert CTR USAF AFMC 520
SMXS/MXDEC robert.hodges@hill.af.mil wrote:


Other details:  I do not use a DNS server, I use the hosts file in XP.



Yes, but NetBIOS desires the lmhosts file. See my ancient (but still
valid) scribblings here:
http://realcomputerguy.com/networksetup.htm#hosts

Chris
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba



--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Need Help Getting Windows XP To Use Samba Properly

[tms3]

Jeremy,

This makes sense, I'll try it.  Excellent idea.

I'm new to Samba, so how do I get it to run in debug mode and do the
logging option you mentioned?


log level = 10 in smb.conf.

Covered in the man page.  man smb.conf




Sorry to sound so juvenile, my experience with Samba is in reverse -
getting Linux boxes to use Windows servers.

Bob



-Original Message-
From: Jeremy Allison [mailto:j...@samba.org]
Sent: Wednesday, December 29, 2010 10:33 AM
To: Hodges, Robert CTR USAF AFMC 520 SMXS/MXDEC
Cc: t...@tms3.com; samba@lists.samba.org
Subject: Re: [Samba] Need Help Getting Windows XP To Use Samba 
Properly


On Wed, Dec 29, 2010 at 10:22:46AM -0700, Hodges, Robert CTR USAF AFMC
520 SMXS/MXDEC wrote:


TMS3,

Thanks for joining in, really appreciate it.

I'm trying to keep it all straight, I'm relatively new to Samba (but

learning quickly).



What I now know:

1.  Sniffer on XP box reveals that XP does see the broadcasts from

Samba.



2.  The Microsoft support tool/command Browstat status shows that XP

does recognize Samba as the server (if Computer Browser service
disabled, otherwise XP may/may not elect itself as the master -
unpredictable), but also shows that XP is unable to pull down the 
browse

list form the Samba box.

This is the key. Separate out the logs by incoming client name,
run smbd at debug level 10 and then look in the log.xp client name
to see if it's trying to fetch the browse list, and if so why
it goes wrong.

Jeremy.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Domain Member Server not showing domain users/groups andnot honoring domain user accounts

[tms3]

I've got a domain member server configured as such:

Load smb config files from /etc/samba/smb.conf
Processing section [videos]
Processing section [music]
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
[global]
 workgroup = TEMPEST
 server string = Media Server (%h) (Livingroom 
Television)

 security = DOMAIN



From the Official How To:


Example ConfigurationSamba as a Domain Member Server
This method involves addition of the following parameters in the 
smb.conf file:

security = domainworkgroup = MIDEARTH
In order for this method to work, the Samba server needs to join the 
MS Windows NT security domain. This is done as follows:


http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ServerType.html#id2559628

Use of this mode of authentication requires there to be a standard 
UNIX account for each user in order to assign a UID once the account 
has been authenticated by the Windows domain controller. This account 
can be blocked to prevent logons by clients other than MS Windows 
through means such as setting an invalid shell in the /etc/passwd 
entry. The best way to allocate an invalid shell to a user account is 
to set the shell to the file /bin/false. Domain controllers can be 
located anywhere that is convenient. The best advice is to have a BDC 
on every physical network segment, and if the PDC is on a remote 
network segment the use of WINS (see Network Browsing for more 
information) is almost essential.
An alternative to assigning UIDs to Windows users on a Samba member 
server is presented in Winbind, Winbind: Use of Domain Accounts.




Also see:


http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html#domain-member-server




 map to guest = Bad User
 syslog = 0
 log file = /var/log/samba/log.%m
 max log size = 1000
 dns proxy = No
 wins server = density.aarcane.info
 usershare allow guests = Yes
 panic action = /usr/share/samba/panic-action %d

[videos]
 comment = Rebirth local Videos
 path = /media/local/videos
 write list = @rebirth
 force group = videos
 create mask = 0664
 force create mode = 0664
 directory mask = 0775
 force directory mode = 0775

[music]
 comment = Rebirth local Music
 path = /media/local/music
 write list = @rebirth
 force group = music
 create mask = 0664
 force create mode = 0664
 directory mask = 0775
 force directory mode = 0775

The server is not honoring domain accounts (the PDC honors domain
accounts and shows owners/groups as domain users without issue), but
this one is saying Unknown username or bad password when trying to
browse to it, and when you specify your domain username and password
manually in the prompt, it shows files and groups as REBIRTH/username 
or

UNIX-GROUP/groupname instead of as domain users and groups.

below I've stopped the server, cleared out the old log files, and
restarted smbd (and nmbd) and double-clicked on rebirth in the windows 
7

network pane.

ikari (10.0.0.241) is the client I'm using.

aarc...@rebirth:/var/log/samba$ ls
cores  log.10.0.0.241  log.ikari  log.nmbd  log.smbd
aarc...@rebirth:/var/log/samba$ cat log.10.0.0.241
aarc...@rebirth:/var/log/samba$ cat log.ikari
[2010/12/29 16:04:30.647903,  0] 
lib/util_sock.c:474(read_fd_with_timeout)

[2010/12/29 16:04:30.648046,  0]
lib/util_sock.c:1432(get_peer_addr_internal)
 getpeername failed. Error was Transport endpoint is not connected
 read_fd_with_timeout: client 0.0.0.0 read error = Connection 
reset by

peer.
aarc...@rebirth:/var/log/samba$ cat log.nmbd
[2010/12/29 16:03:44,  0] nmbd/nmbd.c:857(main)
 nmbd version 3.5.4 started.
 Copyright Andrew Tridgell and the Samba Team 1992-2010
aarc...@rebirth:/var/log/samba$ cat log.smbd
[2010/12/29 16:03:41,  0] smbd/server.c:1123(main)
 smbd version 3.5.4 started.
 Copyright Andrew Tridgell and the Samba Team 1992-2010
[2010/12/29 16:03:41.923307,  0] 
printing/print_cups.c:108(cups_connect)
 Unable to connect to CUPS server localhost:631 - Connection 
refused
[2010/12/29 16:03:41.928781,  0] 
printing/print_cups.c:108(cups_connect)
 Unable to connect to CUPS server localhost:631 - Connection 
refused

[2010/12/29 16:03:41.929413,  0] smbd/server.c:1169(main)
 standard input is not a socket, assuming -D option
aarc...@rebirth:/var/log/samba$


--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Need Help Getting Windows XP To Use Samba Properly

[tms3]

Excellent information, thank you.

Unfortunately, none of it solved my problem.


Start sniffing the machine as you do a Network Neighborhood search.  
You might also check and see just where and how lookups are being done 
for NETBios from an XP box command terminal


nbtstat -r

which will tell you how lookups are being done.  Might lead you to a 
culprit.




I see a lot of The specified network name is no longer available 
error messages all over the internet from Linux users, and none of the 
very few solutions I have come across have worked for me.


Anybody else able to chime in and take a guess as why my XP box is 
having a problem talking to my Solaris/Samba box?  Again, Win2K has no 
problems talking to the Samba box - it's just XP.


Refresh:  This error happens when you try to browse using My Network 
Places in the desktop.  Mapping works fine, access works fine.  
Browsing is what fails in XP.  I need this to work or I'm looking at a 
huge and expensive documentation change effort that few would 
understand.


Still desperate for help on this.  This problem happens with WinXP 
right out of the box, we have nothing weird installed.


Help!



-Original Message-
From: Chris Smith [mailto:smb...@chrissmith.org]
Sent: Tuesday, December 28, 2010 12:45 PM
To: Hodges, Robert CTR USAF AFMC 520 SMXS/MXDEC
Cc: John Drescher; samba@lists.samba.org
Subject: Re: [Samba] Need Help Getting Windows XP To Use Samba 
Properly


On Tue, Dec 28, 2010 at 2:23 PM, Hodges, Robert CTR USAF AFMC 520
SMXS/MXDEC robert.hodges@hill.af.mil wrote:


Other details:  I do not use a DNS server, I use the hosts file in XP.


Yes, but NetBIOS desires the lmhosts file. See my ancient (but still
valid) scribblings here:
http://realcomputerguy.com/networksetup.htm#hosts

Chris
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Multinetwork environment without WINS server

[tms3]

Is there any way to use samba as pdc in multinetwork environment 
without

WINS server? In this case (without wins), how will computers find pdc?
--


Sure...LMHosts files on all the workstations.  Kinda messy.  You could 
allow the NETBios traffic to run wild on your network...with local 
workstations becoming local browse masters. All kinda messy.  WINS was 
the first attempt to really deal with this problem.  It works well 
enough with samba as a WINS server.  If you have any old Windows 
server around, it might be easier to do, especially if you have 2 of 
them and want to distribute load a bit and have replication.


Guess it really depends on how big your network is.






To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] name resolution: dns name different to windows machinename

[tms3]

--- Original message ---
Subject: Re: [Samba] name resolution: dns name different to windows 
machinename

From: Gaiseric Vandal gaiseric.van...@gmail.com
To: samba@lists.samba.org
Date: Monday, 20/12/2010  5:15 PM

I am not sure how you would have a DNS server assign random names.  
But if
you aren't going to have the correct entries for the XP machine in 
DNS, then

you probably should not have any DNS entries for those machines.XP
machines can register their hostnames directly in DNS (if the DNS 
server
supports it.)  In general I don't think workstations machines need to 
be in

DNS at all since (unless you have shared folders or printers.)
It's certainly easier when a help desk request comes in to ask the 
user for the machine name label, then try and get the machines IP 
addy. rdp://acct1  rdp://lab7 rdp://eng21 rdp://admin5


soo

But yeah, WinXP and up have no problem doing this.  dhcp can be a big 
help as well.


I general
DISABLE dynamic updates in DNS and don't have DNS assignments/static 
IP's

for most XP machines.



-Original Message-
From: samba-boun...@lists.samba.org 
[mailto:samba-boun...@lists.samba.org]

On Behalf Of Marcus
Sent: Monday, December 20, 2010 5:17 AM
To: samba@lists.samba.org
Subject: [Samba] name resolution: dns name different to windows 
machine name


Hi,

we are running a samba domain controller as master with activated 
WINS.

The machine name of each WinXP client is set manually during the
installation initial process. Each client is using the WINS server of
our domain controller. The WinXP clients are getting their IP by a
global DNS Server, which sets the DNS and reverse DNS entry 
identically

to the windos machine name.
Now the administrator of the DNS server is planning to change the DNS
and reverse DNS concept in the way that the DNS and reverse DNS entry
will be not identically to the windows machine name any more. The 
WinXP

clients will get a generic, randomly set DNS/reverse DNS entry.
Does this have any effects for functionality of my samba domain
controller and/or the WinXP clients?

Thanks,
Marcus


--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba4 smb.conf questions

[tms3]

--- Original message ---
Subject: Re: [Samba] Samba4 smb.conf questions
From: Michael Wood esiot...@gmail.com
To: Ben Cone bc...@wwhfb.com
Cc: samba@lists.samba.org
Date: Saturday, 11/12/2010 11:37 PM

Hi

On 8 December 2010 19:28, Ben Cone bc...@wwhfb.com wrote:


I am trying to find a good guide for setting up the smb.conf and can't 
seem

to find anything.

Here's what I have been trying to do and it hasn't been working 
correctly.

 We had a Windows Server 2003 DC.  I had to upgrade it because of some
problems we were having and upgraded to Windows Server 2008 R2.  After 
that,
my Samba 3 with Winbind file server quit authenticating to the AD 
domain and
try as I might I couldn't get it to work.  This is largely because 
even
though we have a perfectly good DC, all of our workstations are just 
in a
giant workgroup (and management just won't give in and let me change 
it).
 After playing with Likewise and samba for a bit I gave up that bag 
and
thought I would give Samba4 a try.  So far I am really liking what I 
am
seeing.  I realize that we are still in beta land, but what we have so 
far
may just work for what I want to do.  I have been trying to find a 
good
guide to configure the smb.conf file but haven't really found 
anything.


Well, why don't you let us know what it is you are trying to do?







I believe it's currently best to have a Samba 3 member server joined
to the Samba 4 domain for file serving rather than doing the file
serving from Samba 4.  Of course I don't really see how joining Samba
4 to the domain will help get Samba 3 working :)

Perhaps you should provide more details on what is going wrong with
Samba 3 - Win2k8r2.



By the way, successful install on ubuntu 10.04 x64 server that 
formally had

samba 3 and winbind on it that were installed from aptitude.


Do you mean that you installed Samba 4 from the Ubuntu repositories?
If so, rather install from Git or perhaps Alpha 14 as per the Samba 4
HOWTO.



Any help would be appreciated.


The samba-technical mailing list is currently the best place to ask
about issues with samba 4.

--
Michael Wood esiot...@gmail.com
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] libsunacl--for FreeBSD

[tms3]

Anyone know if there's a configure option for Samba4 to take advantage 
of this. Would like to NOT use eadb.  Thoughts?


Cheers,



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Windows 7 connect to FreeBSD samba

[tms3]

On Tuesday 10/08/2010 at 1:54 pm, dan dylan  wrote:
I'm having trouble connecting my windows 7 machine to my Samba server 
that i
set up on a FreeBSD VM. The FreeBSD version is 7.2 and the samba 
version is

3.

I followed the directions here
http://www.mrp3.com/windows-to-unix-samba.html to set it up as a 
domain
controller exactly.. except for adding the samba_dns_update script 
because i

didn't find it being asked for in the config file.

The name of my Windows computer is Pushkin-PC so like it says in the 
script
I added it using adduser and put it under the machines group. I added 
it as
Pushkin-PC$ though.. as the site showed. then I did smbpasswd -a 
Pushkin-PC$

which also made me make a password.

Then the script said to finalize it by doing the command smbpasswd -m
Pushkin-PC$ .. but when I executed that command i got the errors:

Failed to set password for user Pushkin-PC$.
Failed to modify password entry for user Pushkin-PC$.

I couldn't figure out why...

Here's my config file.. all the uncommented parts:

server string = WORKGROUP
server string = Samba Server
security = user
hosts allow = 192.168.1 192.168.2 127.
load printers = yes
printing = cups
log file = /var/log/samba/log.%m
max log size = 50
passdb backend = tdbsam
include = /usr/local/etc/smb.conf.%m
local master = yes
os level = 33
domain master = yes
preferred master = auto
domain logons = yes
logon path = \\%L\Profiles\%U
wins support = yes
dns proxy = no
add user script = /usr/local/sbin/smb-add-user %u
add group script = /usr/local/sbin/smb-add-group %g
add machine script = /usr/local/sbin/smb-add-machine %u
add user to group script = /usr/local/sbin/smb-add-user-group %u %g
delete user script = /usr/local/sbin/smb-rm-user %u
delete user from group script = /usr/local/sbin/smb-rm-user-group %u 
%g

delete group script = /usr/local/sbin/smb-rm-group %g


Where did these scripts come from?




[homes]
comment = Home Directories
browseable = no
writeable = yes

[netlogon]
comment = Network Logon Service
path = /usr/local/lib/samba/netlogon
guest ok = yes
writeable = no
share modes = no

[profiles]
path = /usr/local/lib/samba/profiles
browseable = no
guest ok = yes

[printers]
comment =All Pringers
path = /var/spool/samba
browseable = no
guest ok = no
writeable = no
printable = yes


anyways, when try to connect my windows pc (Pushin-PC) to samba.. i do 
the

following command:

\\192.168.198.137\Pushkin-PC$

the ip is the freebsd's ip running samba.

and I get the following error: The network path was not found.

Help?
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba4 net vampire

[tms3]

Can't even figure this one out.
zaphod# ./net vampire tms3.com -Uadministrator --realm=tms3.com
dos charset 'CP850' unavailable - using ASCII
Password for [TMS3.COM\administrator]:
Traceback (most recent call last):
 File 
/usr/local/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py, 
line 99, in _run

   return self.run(*args, **kwargs)
 File 
/usr/local/samba/lib/python2.6/site-packages/samba/netcmd/vampire.py, 
line 51, in run
   (domain_name, domain_sid) = net.vampire(domain=domain, 
target_dir=target_dir)
RuntimeError: samr_OpenDomain for 
[S-1-5-21-1524245422-3281793581-2119328624] failed: 
NT_STATUS_NO_SUCH_DOMAIN


Everything in DNS, WINS, etc is functional.  W2K3, W2K8, 
Ubuntu10.4Server Samba4 latest GIT, FreeBSD 8.1x64Release latest Git 
all joined and functional.  Anyone got a guess?


Cheers,



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Multiple Workgroups and Subnets

[tms3]

Short answer:  Use 1 WINS server.





--- Original message ---
Subject: [Samba] Multiple Workgroups and Subnets
From: Tawanda Kavayi tawa...@earth.co.zw
To: samba@lists.samba.org
Date: Tuesday, 27/07/2010  2:01 PM

Hi,

I am configuring a network with two subnets with a different workgroup
in each subnet. My aim is to have users being able to view and access
shares on both workgroups. I have a Samba server in each
subnet/workgroup, configured as both the domain and local master for
each workgroup. Each server is also the WINS server for its subnet. 
The

setup is like this:

Subnet1:
network - 192.168.10.0/24
server IP - 192.168.10.254
workgroup - Group1

Subnet2:
network - 192.168.20.0/24
server IP - 192.168.20.254
workgroup - Group2

The two servers are configured identically, except for the information
above, so the smb.conf for the Group1 server looks like this:

[global]
   workgroup = GROUP1
   netbios name = GROUP1_SRV
   domain master = yes
   local master = yes
   preferred master = yes
   os level = 65
   smb ports = 139
   dns proxy = no
   socket options = TCP_NODELAY SO_RCVBUF=8192 
SO_SNDBUF=8192

   wins support = yes
   name resolve order = wins lmhosts bcast host
   interfaces = lo eth0 192.168.10.254/24 127.0.0.1/8
   bind interfaces only = yes
   remote announce = 192.168.20.254/GROUP1
   remote browse sync = 192.168.20.254
   hosts allow = 127. 192.168.10. 192.168.20.

The problem is that a machine in Group1 can see all the machines in 
it's

workgoup, plus the network for Group2 appears in network neighborhood,
but the machines and shares in Group2 do not.

To troubleshoot, I ran smbtree with debug level 5. What I picked out
from all the output was:

Cannot find master browser for workgroup GROUP2

How can I resolve this?


Tawanda


--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Odd random roaming profile issues

[tms3]

When windows login fails, often windows gives a path error.  My 
suspicion is that some rougue data with incompatible perms has gotten 
into the local users profile.  I've seen it happen, but I'll be damned 
if I can remember the cause.






--- Original message ---
Subject: [Samba] Odd random roaming profile issues
From: Donny Brooks dbro...@mdah.state.ms.us
To: samba@lists.samba.org
Date: Monday, 26/07/2010  2:05 PM

We are currently using samba and openLDAP to enable our users to have
roaming profiles on our domain network. We have one primary domain
controller and 7 home servers at the various locations that serve 
the
profiles and such. The problem is that randomly various users are 
unable

to load their profile and windows just gives them a temporary profile.
This mostly happens on vista machines but is not limited to that as it
has happened on XP also. What is odd is the user can login as 
themselves
on another machine just fine and other users can usually log in on 
the
first users pc just fine. We have tried the standard checking log 
files,

remove/reinstall pc into domain/ldap, remove/reinstall user into
domain/ldap, etc but nothing seems to work. What we usually end up 
doing

is reinstalling the users OS and programs. I know there has to be a
better way to do this. Is there anything I may be missing here? Any
pointers are more than welcome.

Donny B.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] SMB2 and Samba4

[tms3]

Can't recall, but is SMB2 on by default in Samba4?

Cheers,



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Cannot browse domain user list with 3.5.4

[tms3]

Does anyone have any idea about this  problem ? I can't migrate 
because of

it .
Thanks in advance .


What's your database backend.





Hi,

I am using Samba as a Domain Controler without AD nor LDAP. Everything 
works

fine for a long time with samba 3.3.2.
I am trying to upgrade to the latest samba release 3.5.4 .

Here is the procedure I followed :
   - download, configure , and make samba 3.5.4
   - stop the samba daemon (3.3.2 )
   - backup the /usr/local/samba tree where samba 3.3.2 is 
installed

   - make install , (in the same location as 3.3.2 )
   - restart the samba daemon (3.5.4)

After doing some tests, everything seems to work ok.
Except that :
- when trying to use usrmgr.exe as a Domain Admin , I can't connect to 
the

domain , I got the message : do you want to select another domain to
administer
- when I try to list the domain users (for adding Permissions to share 
a
folder, or adding a domain user in a local group), I only see the 
domain

groups, no domain users.

Is it a known issue ?
Does it have something to do with Domain Admin rights ?

Please help !

Thanks in advance

Henri


--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] undefined reference to `_talloc_free'

[tms3]

Interesting.  Just a wee bit more info, like version, OS version, 
perhaps a config file, some log info.






--- Original message ---
Subject: [Samba] undefined reference to `_talloc_free'
From: Service Mouse mo...@servicemouse.com
To: samba@lists.samba.org
Date: Saturday, 24/07/2010  6:39 PM

i get this error trying to install samba on freebsd
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Intermittent file rename problem with Vista, works with XP.

[tms3]

--- Original message ---
Subject: [Samba] Intermittent file rename problem with Vista, works 
with XP.

From: Massner, Keith kmass...@mgmresorts.com
To: samba@lists.samba.org
Date: Friday, 23/07/2010  2:44 PM

So...   It's been driving me nuts.  I get intermittent permission 
denied

errors when I try to rename a folder.  T

I do something like the following (the number of steps to cause the
failure varies):
Rename folder1 to folder2 works
Rename folder2 to folder1 works
Rename folder1 to folder2 nope

Bouncing smb on the Linux server temporarily corrects things
I suspect it's a broken oplock.  Get a failed name change and do an 
smbstatus on the server.  Compare the locked file PIDs to the machine 
names and see if something is getting stuck.



.  Out of
frustration, I tried an XP machine, and can't get it to break, so
SOMETHING with Vista, I guess.

What I'm trying to do is have a wide open share. Permissions are set 
on

the files and directories as specified below, all files belong to
keith:keith.  The files were initially created through Linux.  No
extended atrributed are set.

Operating system is CentOS 5.5,  Samba is 3.5.4.

[global]
   log file = /var/log/samba/%m.log
; Take this out once you figure this crap out.
   log level = 3
   netbios name = marvin
   usershare owner only = false
   null passwords = yes
   server string = Samba Server Version %v (%h)
   security = SHARE
   encrypt passwords = Yes
   username map = /etc/samba/smbusers
   max log size = 50
   preferred master = Yes
;   acl check permissions = No
   guest ok = Yes
   guest only = Yes
;   nt acl support = No
   cups options = raw

[SharedMedia]
   path = /storage1/SharedMedia
   force user = keith
   force group = keith
   read only = No
;   acl group control = Yes
   force create mode = 0666
   force directory mode = 6777
   directory security mask = 6777
   force unknown acl user = Yes
   map readonly = permissions

Anyone have any thoughts?
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] File sharing and subnets

[tms3]

SNIP



Samba is installed on the server (192.168.0.1/24), and smbclient is
available on the client (192.168.1.1/24), connected thru a gateway.


If you cannot connect to the server via IP addy, such as

\\192.168.0.1\share

then, it is very likely ports 137, 138, 139, and 445 are blocked 
(certainly 139 and 445 are).  Resolve this first.




the problem is that i can't connect to the server from another subnet
via samba.

here is smb.conf from the server (taken from the o'reilly book 'using
samba'):

[global]
netbios name = server
workgroup = GARDEN
wins support = yes
dns proxy = yes
[test]
comment = For testing only, please
path = /export/tmp
read only = no

server side:
[r...@server etc]# ping client
PING client (192.168.1.1) 56(84) bytes of data.
64 bytes from client (192.168.1.1): icmp_seq=1 ttl=63 time=0.924 ms

[r...@server etc]# smbclient -L server -N
Anonymous login successful
Domain=[GARDEN] OS=[Unix] Server=[Samba 3.0.37]

Sharename   Type  Comment
-     ---
testDisk  For testing only, please
IPC$IPC   IPC Service (Samba 3.0.37)
...

[r...@server etc]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source   destination

Chain FORWARD (policy ACCEPT)
target prot opt source   destination

Chain OUTPUT (policy ACCEPT)
target prot opt source   destination

client side:
[r...@client]# ping server
PING server (192.168.0.1) 56(84) bytes of data.
64 bytes from server (192.168.0.1): icmp_seq=1 ttl=63 time=0.497 ms

[r...@client]# smbclient -L server -N
Connection to hercule failed (Error NT_STATUS_UNSUCCESSFUL)

when i connect from another client (located on the server's subnet, ie
192.168.0.2/24), it works:

-bash-3.2$ smbclient -L server -N
Anonymous login successful
Domain=[GARDEN] OS=[Unix] Server=[Samba 3.0.37]

Sharename   Type  Comment
-     ---
testDisk  For testing only, please
IPC$IPC   IPC Service (Samba 3.0.37)
...

To resume my problem, i can not connect to a samba server from a 
client

located on another subnet.
Thank for your help.

Julien

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] two PDCs

[tms3]

About multi-master replication. Scott wrote that he had to deal with 
it a
lot, so he didn't recommended that. But, I need one domain, because a 
lot of

users uses both site. So, I have the following options:
1. PDCs on each site, with the same domain, as chapter 6 describes.


Look, I'm not sure if my emails are getting through or not, but drop 
this multi PDC thing.  It's just more complexity.


You need some sort of LDAP replication because you want authentication 
done locally.  Multi-master is more difficult to set up, but more 
flexible. There are other schemes.  I had some 16 servers setup this 
way and had very few difficulties.  It is quite resilient and 
reliable.  Here is a good primer:


http://www.zytrax.com/books/ldap/ch7/



 a. Master LDAP server in the HQ, and slave in the branch site, 
according

to the SaMBa guide.
 b. Branch site uses master LDAP server too. It looks tepmting, 
but

difficult/dangerous to me.
2. PDC on the HQ, BDC on the branch site
 a. branch site uses slave LDAP server.
 b. Branch site uses master LDAP server too.
In 1/a and 2/a, the VPN outage could be problem. Am I right?
No, the b's are the problem if the VPN is down.  They're calling the 
master which is at the other end of the VPN.  The a's have a slave 
copy.  All is good, unless they need to write to LDAP.  How much LDAP 
writing goes on in the branch?


As i know, only
PDC writes to the LDAP database. Is that true?
No.  If you're using smbldap-tools, the ldap calls are made via 
smbldap_bind.conf.  So with multi-master this whole dual PDC thing is 
fairly useless.  See, Multi-master...all are writable.


Question:

1.  Which office writes to LDAP?
2.  Who does the writing?
3.  Is there likely to be a mutually exclusive write, at approximately 
the same instant, during a VPN outage?





Because in case of VPN
outage, this situation has the same drawback.
So, my main problem is the unreliable ADSL line. Can we live with 
slave

server in the branch office?


Yes, using Replication refreshOnly or Replication refreshAndPersist.  
You can truly go apeshit with this stuff, making only pieces of the 
DIT available to branches.  Very nifty once you get it down.








How are you intending to keep roaming profiles in sync (the files on
the server, not the stuff in LDAP)? Are you going to use rsync?

Unless users jump from office to office, why bother.  I would set road
warriors with local profiles and and sync their stuff in a manner
appropriate to there schedules/primary location.



Students will have that problem, but they have to bow to it.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Problem mapping Samba shares in Windows

[tms3]

Hi,

In our company we are currently running a Samba server and Windows XP 
clients.
At the moment we are having problems with mapping Samba shares in 
Windows.


Shares are being mapped through a windows startup script, which 
executes net use (with the option persistent:no) command.
For most users this works most of the time, nevertheless it often 
fails, the exect reason for this isn't clear yet.


When this happens, the samba server prompts for username and password 
on executing the mapping script again (after logging on).
This should not be nessecary since the user already is already logged 
on at that moment.


Just a shot in the dark, but I'd check to make sure contact to the 
server is actually being made during login.  Doesn't seem like it.




After rebooting serveral times without making any changes, the script 
does work and all drives are mapped correctly.


What could be the cause of this problem?


Thanks in advance,

Sincerely,

Inaki



--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba4 FreBSD

[tms3]

--- Original message ---
Subject: Re: [Samba] Samba4 FreBSD
From: Günter Kukkukk li...@kukkukk.com
To: samba@lists.samba.org
Date: Sunday, 11/07/2010  4:28 PM

Am Sonntag 11 Juli 2010 18:32:34 schrieb t...@tms3.com:


Having some issues with:

samba_dnsupdate

Specifically:

/usr/bin/nsupdate: cannot specify -gor -o, program not linked with
GSS API Library

I've looked through the script, and cannot find these options called.
If anyone can point me to where they're called I'd appreciate it.

Cheers,

TMS III






nsupdate is (usually) part of the nameserver bind (named) package.

At least named itself writes the build-in compile options to the 
(kernel)

system logfile - after being started.

If you don't see the build option
   --with-gssapi


Yes quite, but there are issue with bind and gssapi on FreeBSD, and if 
I could find out in the scripts where the options are called and turn 
them off, I could work forward from there in debubbing.




your bind build is missing some needed features.

Cheers, Günter
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] WG: Cross subnet browsing + OpenVPN

[tms3]

--- Original message ---
Subject: [Samba] WG:  Cross subnet browsing + OpenVPN
From: Daniel Müller muel...@tropenklinik.de
To: samba@lists.samba.org
Date: Sunday, 11/07/2010 11:39 PM

Hi,
Robert Schetterer is right. You will succeed in the end with tap 
bridging.

Bridiging does netbios reach trough.


You will achieve it either way.  The TYPE of VPN is not relevant.  
There was a discussion a while back regarding SE Linux and netbios.  I 
would check those settings.



I did this  with two XP-Clients 2 Nics build at each a bridge:
Both the remote and the local Clients must be in the same subnet.

My openvpn.conf:


Client or server

dev tap
dev-node TAB
proto udp

remote  1194

resolv-retry infinite

ca C:\\ca.crt
cert C:\\client1.crt
key C:\\client1.key
ns-cert-type server
verb 6

# Silence repeating messages
script-security 2
comp-lzo
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-tun
persist-key
route-delay 10


On CENTOS look here:
http://csmorley.spaces.live.com/blog/cns!990C0A249621766!184.entry

Greetings




---
EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: muel...@tropenklinik.de
Internet: http://www.tropenklinik.de
---
-Ursprüngliche Nachricht-
Von: samba-boun...@lists.samba.org 
[mailto:samba-boun...@lists.samba.org] Im

Auftrag von Robert Schetterer
Gesendet: Freitag, 9. Juli 2010 17:26
An: t...@tms3.com
Cc: samba@lists.samba.org
Betreff: Re: [Samba] Cross subnet browsing + OpenVPN

Am 09.07.2010 14:42, schrieb t...@tms3.com:







--- Original message ---
*Subject:* Re: [Samba] Cross subnet browsing + OpenVPN
*From:* Robert Schetterer rob...@schetterer.org
*To:* samba@lists.samba.org
*Date:* Friday, 09/07/2010 3:05 AM

Am 09.07.2010 11:37, schrieb Julian Pilfold-Bagwell:


Sorry about the delay, family emergency to deal with.
browse sync shares the info across them. I tried putting the specific
IP addresses of the local master browsers into the browse sync but it
still doesn't seem to spread everything across all the subnets.


you should use tap interfaces with openvpn

This is a matter of network design, and has nothing to do whatsoever
with the issue at hand.  Further:


i used samba with subnet browsing years ago
it dont worked with tun interfaces, it must have been tab interfaces
additional right samba setup
times may changed, samba and openvpn changed
but simply try it does not cost anything


my setup was


bdc--internalnet--firewall--(tunnel)--firewall--internalnet--pdc

i had samba on the firewalls to bind to tab tunnel interfaces
as wins proxy
the pdc was the wins server, bdc as wins proxy and directed browsing 
to

pdc, all clients did got well configured parameters per dhcp
additional there was a working dns which matched dynamicly wins

anyway times may change , and there are better solutions now
but this one worked stable an robust

read samba faqs wins and subnet browsing etc


good luck







 Server configuration file

 *dev tun
 ifconfig 10.8.0.1 10.8.0.2
 secret static.key*


 Client configuration file

 *remote myremote.mydomain
 dev tun
 ifconfig 10.8.0.2 10.8.0.1
 secret static.key*


From:



http://openvpn.net/index.php/open-source/documentation/miscellaneous/78-stat
ic-key-mini-howto.html



Which makes for a nice network to network setup for two locations
connected via a wan link.

Why not shift the discussion to weather we should use IPSEC and racoon
instead of OpenVPN, or perhaps we should scrap all that and argue that
he should be using Cisco vpn gateways altogether?

GUH!

 **










From what I understand, the remote announce tells the WINS server to
broadcast across the remote subnets and remote

On 06/07/10 13:50, t...@tms3.com wrote:




SNIP



Hi All,

I'm having a problem with cross subnet browsing and name resolution
across
an openvpn tunnel. i've found quite a few people who've had the same

on










mail lists but none of their fixes have worked. The spec of the
setups at
both ends of the tunnel are as follows:
   remote announce = 192.168.2.255/NEWDOM 
192.168.1.255/NEWDOM
 remote browse sync = 192.168.1.255 
192.168.2.255


This looks odd to me.

remote announce = wins server ip/DOMNAME
remote browse sync = wins server ip

NEEDED in both smb.conf

wins server = wins server ip

Can't remember default for this setting so

enhanced browsing = Yes

in both smb.conf


DHCP should point clients to headoffice for WINS. WINS proxy is not
useful.




OS - CentOS 5.5
Samba Version 3.5.4
OpenVPN Version 2.0.9-1

Each server is configured in gateway mode with two NICS, one to the

lan










and the other to a modem/router. The first machine, HEADOFFICE, has an
internal IP address of
192.168.0.1

Re: [Samba] two PDCs

[tms3]

--- Original message ---
Subject: Re: [Samba] two PDCs
From: Scott Grizzard sc...@scottgrizzard.com
To: Tamás Pisch pisc...@gmail.com
Cc: samba@lists.samba.org
Date: Monday, 12/07/2010 12:38 AM



Of course, my users only visited each others' offices occasionally.


If you have tons of movement between the offices, a one-domain
solution may be forced upon you...

Unfortunately, a lot of users are roaming users (teachers with laptop, 
and
users). My plan is that I will set up separate profile shares on both 
side,
but at least they can use their own username and even change their 
password.
So, I would like to try the multi-PDC scenario with master and slave 
LDAP

server, but I worry about a little.


It makes very little sense to have multiple PDC's, and only adds to 
both administrative and user confusion IMHO.  Give the present 
workings of OpenLDAP, just pick a replication strategy the makes sense 
and use a single domain.   I've built and run a single domain on a 15 
node VPN with multi-master OpenLDAP backend, and it is remarkably 
resilient.








How are you intending to keep roaming profiles in sync (the files on
the server, not the stuff in LDAP)?  Are you going to use rsync?


Unless users jump from office to office, why bother.  I would set road 
warriors with local profiles and and sync their stuff in a manner 
appropriate to there schedules/primary location.





Scott Grizzard
sc...@scottgrizzard.com
http://www.ScottGrizzard.com
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba4 and DNS

[tms3]

--- Original message ---
Subject: [Samba] Samba4 and DNS
From: Alex Waite awa...@mcw.edu
To: samba@lists.samba.org samba@lists.samba.org
Date: Monday, 12/07/2010  4:56 AM

Hey Everyone,
 I've been reading through the Samba4 docs, but I am a bit 
confused,

so please forgive me if I have missed anything obvious.
 I am trying to setup Samba4 as a Domain Controller for our
department.  We do not control our DNS; that is done through campus 
IT.

   All of our workstations (soon to be members of the domain) already
have entries in campus DNS.  If I were to submit the contents of the
/usr/local/samba/private/dns/ folder (generated by Samba4's provision
step) to Campus IT, would that work?  Would I be missing out on 
anything

by not running my own DNS server?
 I've read about the dynamic changes made to DNS by Samba4, 
but I
don't know if I need that if my clients already would have entries in 
DNS.


Talk to DNS admins.  Ask them if you can run a master DNS for your 
domain, and then use campus DNS as  a the forwarder.



 Thank you for your time; I appreciate it.

---Alex
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] security = SHARE

[tms3]

I also encounter this problem that
the user security mode work fine, but on  share security level,
it always return NT_STATUS_WRONG_PASSWORD.

Is SHARE on samba 3.4 deprecated ?
Can anybody give some advice?


user = share is like Windoze95/98 type file share.




Thanks.
--
View this message in context: 
http://old.nabble.com/security-%3D-SHARE-tp29102498p29114421.html

Sent from the Samba - General mailing list archive at Nabble.com.

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba4 FreBSD

[tms3]

Having some issues with:

samba_dnsupdate

Specifically:

/usr/bin/nsupdate: cannot specify -gor -o, program not linked with 
GSS API Library


I've looked through the script, and cannot find these options called.  
If anyone can point me to where they're called I'd appreciate it.


Cheers,

TMS III



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba4 FreBSD

[tms3]

--- Original message ---
Subject: Re: [Samba] Samba4 FreBSD
From: Günter Kukkukk li...@kukkukk.com
To: samba@lists.samba.org
Date: Sunday, 11/07/2010  4:28 PM

Am Sonntag 11 Juli 2010 18:32:34 schrieb t...@tms3.com:


Having some issues with:

samba_dnsupdate

Specifically:

/usr/bin/nsupdate: cannot specify -gor -o, program not linked with
GSS API Library

I've looked through the script, and cannot find these options called.
If anyone can point me to where they're called I'd appreciate it.

Cheers,

TMS III






nsupdate is (usually) part of the nameserver bind (named) package.

At least named itself writes the build-in compile options to the 
(kernel)

system logfile - after being started.

If you don't see the build option
   --with-gssapi


Yes, but there's a bit of snag with gssapi and bind on FreeBSD, so I 
want to stop the call and work forward as I try to debug things.




your bind build is missing some needed features.

Cheers, Günter
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] smbcquotas tells me that quotas are not enabled

[tms3]

I think you're right in that quotas aren't enabled on the NAS itself 
and there
doesn't appear to be any way of doing so.  If I'm to do this, I may 
have to
invent some way of enforcing quotas for the remote machine at the 
client.
That NAS runs on Linux.  A few minutes of googling just now reveals 
there are OS hacks for it.  You might go that route.






But before I get elbow deep in Perl code, I want to try putting a 
quota on one

of the Samba shares.  Is that possible?


I wish I had an answer for you.  I just don't have enough experience 
with
quotas.  You may just have to experiment with it unless/until someone 
else

posts a solution.

--
Stan
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Cross subnet browsing + OpenVPN

[tms3]

--- Original message ---
Subject: Re: [Samba] Cross subnet browsing + OpenVPN
From: Robert Schetterer rob...@schetterer.org
To: samba@lists.samba.org
Date: Friday, 09/07/2010  3:05 AM

Am 09.07.2010 11:37, schrieb Julian Pilfold-Bagwell:


Sorry about the delay, family emergency to deal with.
browse sync shares the info across them.  I tried putting the specific
IP addresses of the local master browsers into the browse sync but it
still doesn't seem to spread everything across all the subnets.


you should use tap interfaces with openvpn


This is a matter of network design, and has nothing to do whatsoever 
with the issue at hand.  Further:


Server configuration file


dev tun
ifconfig 10.8.0.1 10.8.0.2
secret static.keyClient configuration file

remote myremote.mydomain
dev tun
ifconfig 10.8.0.2 10.8.0.1
secret static.key

From:

http://openvpn.net/index.php/open-source/documentation/miscellaneous/78-static-key-mini-howto.html

Which makes for a nice network to network setup for two locations 
connected via a wan link.


Why not shift the discussion to weather we should use IPSEC and racoon 
instead of OpenVPN, or perhaps we should scrap all that and argue that 
he should be using Cisco vpn gateways altogether?


GUH!












From what I understand, the remote announce tells the WINS server to
broadcast across the remote subnets and remote

On 06/07/10 13:50, t...@tms3.com wrote:




SNIP



Hi All,

I'm having a problem with cross subnet browsing and name resolution
across
an openvpn tunnel. i've found quite a few people who've had the same 
on

mail lists but none of their fixes have worked. The spec of the
setups at
both ends of the tunnel are as follows:
   remote announce = 192.168.2.255/NEWDOM 
192.168.1.255/NEWDOM

 remote browse sync = 192.168.1.255 192.168.2.255

This looks odd to me.

remote announce = wins server ip/DOMNAME
remote browse sync = wins server ip

NEEDED in both smb.conf

wins server = wins server ip

Can't remember default for this setting so

enhanced browsing = Yes

in both smb.conf


DHCP should point clients to headoffice for WINS.  WINS proxy is not
useful.




OS - CentOS 5.5
Samba Version 3.5.4
OpenVPN Version 2.0.9-1

Each server is configured in gateway mode with two NICS, one to the 
lan

and the other to a modem/router. The first machine, HEADOFFICE, has an
internal IP address of
192.168.0.1 and an external of 192.168.10.4. The second machine,
REMOTE1,
has an internal address of 192.168.1.254 and an external of
192.168.20.4.

On openVPN, I have configured client to client and routes and iroutes 
to
allow machines on each network to ping machines at the other end as 
well

as the server IP's.
So far so good and I can ping any machine on either subnet from 
anywhere

and get a reply. The servers are configured as Samba servers with the
HEADOFFICE machine working as a PDC, DMC and WINS server and the 
REMOTE1
   machine configured as a BDC and WINS proxy. In order to 
maintain

logon
facilities in the event of broadband failure,
I have replicated the LDAP server from HEADOFFICE to REMOTE1 and 
updates
and password changes propogate successfully from one site to the 
other.


If I try to access HEADOFFICE from REMOTE1 and REMOTE1's subnet it 
works

perfectly but trying to access REMOTE1 from HEADOFFICE and its subnet
fails on name resolution while
entering \\192.168.1.254\ brings up Windows Explorer and a list of
shares.

I've included the remote browse entries in smb.conf on the PDC and 
have
WINS Proxying set up on the BDC but I can't get it to push REMOTE1's 
IP

back to the WINS server.
Port scanning the internal IP of each machine from the oher end of the
tunnel returns a full set of open ports for the services I'm using
but no
IP.

If anyone can spot what I'm doing wrong I'd be grateful.

Thanks.

 smb.conf - HEADOFFICE 
### Included 2nd subnet for second remote site in browse sync

[ global]
 workgroup = NEWDOM
 netbios name = HEADOFFICE
 security = user
 enable privileges = yes
 interfaces = 192.168.0.1 127.0.0.1
# hosts allow = 192.168.0.0/255.255.255.0 192.168.1.0/255.255.255.0
194.168.2.0/255.255.255.0 127.0.0.1
 remote announce = 192.168.2.255/NEWDOM 
192.168.1.255/NEWDOM

 remote browse sync = 192.168.1.255 192.168.2.255
 wins support = yes
 name resolve order = wins hosts bcast
 username map = /etc/samba/smbusers
 server string = Samba Server %v
 encrypt passwords = Yes
 ldap ssl = no
 unix password sync = yes
 ldap passwd sync = no
 passwd program = /usr/sbin/smbldap-passwd -u %u
 passwd chat = Changing *\nNew password* %n\n 
*Retype

Re: [Samba] Regarding S4 and libnss_winbind.so

[tms3]

The wiki suggests to build it out of source3/ which is what samba5x is
based on. So you can install it from there.


Yeah, reread that after posting, but the build for source3 fails round 
about the kerberos build:


81rc2# pwd
/usr/ports/distfiles/samba-master/source3
81rc2# gmake
Using CFLAGS = -g -DDEBUG_PASSWORD -DDEVELOPER -g -Wall -Wshadow 
-Wpointer-arith -Wcast-align -Wwrite-strings 
-Wdeclaration-after-statement -Werror-implicit-function-declaration 
-I. -I/usr/ports/distfiles/samba-master/source3 
-I/usr/ports/distfiles/samba-master/source3/../lib/iniparser/src 
-Iinclude -I./include  -I. -I. -I./../lib/replace -I./../lib/tevent 
-I./libaddns -I./librpc -I./.. -I../lib/tdb/include -DHAVE_CONFIG_H  
-I/usr/local/include -DLDAP_DEPRECATED  
-I/usr/ports/distfiles/samba-master/source3/lib -I.. -I../source4 
-D_SAMBA_BUILD_=3 -D_SAMBA_BUILD_=3

 PICFLAG= -fPIC -DPIC
 LIBS   = -liconv
 LDFLAGS= -pie -Wl,-z,relro -Wl,--as-needed -L./bin 
-L/usr/local/lib

 DYNEXP = -Wl,--export-dynamic
 LDSHFLAGS  = -fPIC -DPIC -shared -Wl,-z,relro -Wl,--as-needed 
-L./bin -L/usr/local/lib -lc -Wl,-z,defs

 SHLIBEXT   = so
 SONAMEFLAG = -Wl,-soname,
Compiling libsmb/clikrb5.c
libsmb/clikrb5.c:1653:2: error: #error 
UNKNOWN_KRB5_ENCTYPE_TO_STRING_FUNCTION

libsmb/clikrb5.c: In function 'smb_krb5_enctype_to_string':
libsmb/clikrb5.c:1655: warning: control reaches end of non-void 
function

libsmb/clikrb5.c: In function 'smb_krb5_principal_get_realm':
libsmb/clikrb5.c:2262: warning: return discards qualifiers from 
pointer target type

The following command failed:
gcc -g -DDEBUG_PASSWORD -DDEVELOPER -g -Wall -Wshadow -Wpointer-arith 
-Wcast-align -Wwrite-strings -Wdeclaration-after-statement 
-Werror-implicit-function-declaration -I. 
-I/usr/ports/distfiles/samba-master/source3 
-I/usr/ports/distfiles/samba-master/source3/../lib/iniparser/src 
-Iinclude -I./include  -I. -I. -I./../lib/replace -I./../lib/tevent 
-I./libaddns -I./librpc -I./.. -I../lib/tdb/include -DHAVE_CONFIG_H  
-I/usr/local/include -DLDAP_DEPRECATED  
-I/usr/ports/distfiles/samba-master/source3/lib -I.. -I../source4 
-D_SAMBA_BUILD_=3 -D_SAMBA_BUILD_=3 -fPIC -DPIC -c libsmb/clikrb5.c -o 
libsmb/clikrb5.o

gmake: *** [libsmb/clikrb5.o] Error 1

Further, I cannot find this library file on a Samba3.4.8 machine 
FreeBSD8.0 system where winbindd and nss are working splendidly:


zaphod# find / -name libnss_winbind.so -print
zaphod#

So, just curious what I should be looking for.

Cheers,

TMS III




On Thu, Jul 8, 2010 at 11:33 PM,  t...@tms3.com wrote:


Apparently this didn't/doesn't build on FreeBSD by default...or is it
doesn't build at all.

If it is buildable, what should I do to build it, as without it...see 
wiki:


http://wiki.samba.org/index.php/Samba4/Winbind




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] two PDCs

[tms3]

On Friday 09/07/2010 at 4:36 am, Tamás Pisch  wrote:

Hello,

I have a PDC with master ldap backend and a BDC with slave ldap 
backend
(both are SaMBa 3.2 on Debian Lenny). I want to install an additional 
SaMBa
server on an another site (on Debian Squeeze). The two sites is 
connected
with VPN (on not so reliable ADSL lines). I read an interesting 
network

scenario in the Samba Guide chapter 6: theoretically it is possible to
install one PDC on both site, with the same domain, server name, and 
SID. I
like this idea, but: is there anyone who tried that, have experience 
with

it?


No, but your best option is to simply use LDAP replication and install 
an LDAP server on the remote location server.  This way, auth traffic 
on the remote is always local (saving bandwidth) and is available 
regardless of the link being up or down.  Do the same with DNS, and 
you'll be quite happy with the results as will your users.




Thank you, in advance.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] two PDCs

[tms3]

SNIP

I think the multi-master replication sort-of defeats the purpose of
the PDC in the remote office - multi-master replication means the
information must be sent to both servers anyway.  If I recall
correctly, I think Chapter 6 refers to running BDC's in each remote
office, and only one PDC...

I played with this once, and I got it working by setting up a PDC and
BDC in the main office, a BDC (not PDC) in the remote office, and
using LDAP's new multi-master replication to keep everything in sync.
Throw in your DNS database, and It works, it's cool, but I think it
was so not worth the effort (unless you have nothing better to do with
your 20% time).  I spent a whole lot of time making sure the configs
were perfect for the mult-master replication.


I found it quite simple. But I had a rather extensive use of NTLM auth 
stuff going on as well.




The thing that threw the monkey-wrench is DNS and DHCP...I ended up
putting all the DHCP information into the LDAP as well, with defined
IP addresses for every MAC, because DHCPd updates the DNS when a new
user requests an IP address.  Since I put a DHCP server on both sides
of the VPN, I needed multi-master replication for the DNS information
so the computers could find each other.  In the end, I dumped the MAC
addresses from my hardware catalog into the LDAP, and preassigned all
the IP's to reduce the number of writes to the LDAP server.


Well, I'll just say there are many ways to skin a cat, and leave it at 
that.





I found it is much easier to set up two separate domains and have them
trust each other, using different branches of the same LDAP tree.
Then, let one server write to one branch, the other server write to
the other branch, and do multi-master replication between them.  That
way, there is no worrying about simultaneous updates or any of that
jazz.  Not as cool...or as elegant, but it made my life easier by
isolating problems.  I did the same for the DNS information, setting
up separate zones for each physical office.  Since the information was
in the same tree, it was much easier to configure mail servers and
other services needing directory information, and since I did not
delegate the branches, the mail server (only in the main office) did
not need to read off my remote directories over VPN.

Of course, my users only visited each others' offices occasionally.
If you have tons of movement between the offices, a one-domain
solution may be forced upon you...



On Fri, Jul 9, 2010 at 8:58 AM,  t...@tms3.com wrote:












On Friday 09/07/2010 at 4:36 am, Tamás Pisch  wrote:



Hello,

I have a PDC with master ldap backend and a BDC with slave ldap 
backend

(both are SaMBa 3.2 on Debian Lenny). I want to install an additional
SaMBa
server on an another site (on Debian Squeeze). The two sites is 
connected
with VPN (on not so reliable ADSL lines). I read an interesting 
network

scenario in the Samba Guide chapter 6: theoretically it is possible to
install one PDC on both site, with the same domain, server name, and 
SID.

I
like this idea, but: is there anyone who tried that, have experience 
with

it?


No, but your best option is to simply use LDAP replication and install 
an
LDAP server on the remote location server.  This way, auth traffic on 
the
remote is always local (saving bandwidth) and is available regardless 
of the
link being up or down.  Do the same with DNS, and you'll be quite 
happy with

the results as will your users.





Thank you, in advance.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba




--

Scott Grizzard
sc...@scottgrizzard.com
http://www.ScottGrizzard.com


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] two PDCs

[tms3]

How did you get it working like that so quickly?

This site has an EXCELLENT primer on it:

http://www.zytrax.com/books/ldap/ch7/

As well, openldap's site

http://www.openldap.org/

If you only have 2 ldap servers, you can use the simpler master slave 
setup as well.  It's just that if you start needing more ldap servers, 
you'd need to reconfigure again.




Did you get it
working with two primary domain controllers?
No.  This is not recommended, and I don't play in production 
environments...much.  Never tried it in the lab either.


(As opposed to one PDC
and two BDC's?)

How did you manage to resolve the DNS update issue?


Honestly, I have no idea what DNS problems the other responder had.  
The only DNS issues I had was making the W2k3 domain play nice with 
bind9 and vis-a-versa. Further, if you want locked IP's for 
workstations via mac, there are many ways of doing this.  dhcpd.conf 
for instance.  But to each his own.  Updates are sent to the master 
DNS, if it's unavailable no update, so if you're forcing new IPs from 
dhcp every reboot, or every xxx seconds then, during wan outages you 
might have issues, I suppose.  Depends on how badly you need name 
service resolution of client workstations.




On Fri, Jul 9, 2010 at 12:58 PM,  t...@tms3.com wrote:









SNIP

I think the multi-master replication sort-of defeats the purpose of
the PDC in the remote office - multi-master replication means the
information must be sent to both servers anyway.  If I recall
correctly, I think Chapter 6 refers to running BDC's in each remote
office, and only one PDC...

I played with this once, and I got it working by setting up a PDC and
BDC in the main office, a BDC (not PDC) in the remote office, and
using LDAP's new multi-master replication to keep everything in sync.
Throw in your DNS database, and It works, it's cool, but I think it
was so not worth the effort (unless you have nothing better to do with
your 20% time).  I spent a whole lot of time making sure the configs
were perfect for the mult-master replication.


I found it quite simple. But I had a rather extensive use of NTLM auth 
stuff

going on as well.





The thing that threw the monkey-wrench is DNS and DHCP...I ended up
putting all the DHCP information into the LDAP as well, with defined
IP addresses for every MAC, because DHCPd updates the DNS when a new
user requests an IP address.  Since I put a DHCP server on both sides
of the VPN, I needed multi-master replication for the DNS information
so the computers could find each other.  In the end, I dumped the MAC
addresses from my hardware catalog into the LDAP, and preassigned all
the IP's to reduce the number of writes to the LDAP server.


Well, I'll just say there are many ways to skin a cat, and leave it at 
that.






I found it is much easier to set up two separate domains and have them
trust each other, using different branches of the same LDAP tree.
Then, let one server write to one branch, the other server write to
the other branch, and do multi-master replication between them.  That
way, there is no worrying about simultaneous updates or any of that
jazz.  Not as cool...or as elegant, but it made my life easier by
isolating problems.  I did the same for the DNS information, setting
up separate zones for each physical office.  Since the information was
in the same tree, it was much easier to configure mail servers and
other services needing directory information, and since I did not
delegate the branches, the mail server (only in the main office) did
not need to read off my remote directories over VPN.

Of course, my users only visited each others' offices occasionally.
If you have tons of movement between the offices, a one-domain
solution may be forced upon you...



On Fri, Jul 9, 2010 at 8:58 AM,  t...@tms3.com wrote:














On Friday 09/07/2010 at 4:36 am, Tamás Pisch  wrote:




Hello,

I have a PDC with master ldap backend and a BDC with slave ldap 
backend

(both are SaMBa 3.2 on Debian Lenny). I want to install an additional
SaMBa
server on an another site (on Debian Squeeze). The two sites is
connected
with VPN (on not so reliable ADSL lines). I read an interesting 
network

scenario in the Samba Guide chapter 6: theoretically it is possible to
install one PDC on both site, with the same domain, server name, and
SID.
I
like this idea, but: is there anyone who tried that, have experience
with
it?


No, but your best option is to simply use LDAP replication and install
an
LDAP server on the remote location server.  This way, auth traffic on
the
remote is always local (saving bandwidth) and is available regardless 
of

the
link being up or down.  Do the same with DNS, and you'll be quite 
happy

with
the results as will your users.






Thank you, in advance.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba




--
To unsubscribe from this list go to the following URL and read

Re: [Samba] group permissions not setting correctly.

[tms3]

On Samba 3.5.4, I have a share that should be writable by all in the 
Domain
Users group.  When I write to the share, the permission mode is 
correct but
the data doesn't have the correct group and instead lists the username 
as

the group.

Do you have:

pam_ldap/nss_ldap .conf setup correctly (They may be the same file 
depending on Linux OS.  Ubuntu server uses same file.)?


nsswitch.conf set up correctly?


I tried using force group but the share stopped being
accessible after a restart so I removed it.  It doesn't seem like this 
is

standard behavior so I'm not sure what could be causing it.

Relevant smb.conf info:

[global]
workgroup = domain
netbios name = fs
server string = domauin FS
passdb backend = ldapsam:ldap://127.0.0.1
printcap name = cups
printing = cups
security = user
log level = 3
name resolve order = wins bcast hosts

ldap ssl = off
ldap admin dn = cn=root,dc=domain,dc=com
ldap suffix = dc=domain,dc=com
ldap user suffix = ou=Users
ldap group suffix = ou=Group
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers

ldap delete dn = Yes
add user script = /usr/sbin/smbldap-useradd -m %u
add machine script = /usr/sbin/smbldap-useradd -w %u
add group script = /usr/sbin/smbldap-groupadd -p %g
add user to group script = /usr/sbin/smbldap-groupmod -m %u %g
delete user from group script = /usr/sbin/smbldap-groupmod -x %u 
%g

set primary group script = /usr/sbin/smbldap-usermod -g %g %u
delete user script = /usr/sbin/smbldap-userdel %u
delete group script = /usr/sbin/smbldap-groupdel %g
logon path = \\%L\profiles\%U
logon drive = H:
logon home = \\%L\%U
#logon script = %U.bat
logon script = logon.bat

domain master = Yes
domain logons = Yes
os level = 35
preferred master = Yes

idmap uid = 15000-2
idmap gid = 15000-2

passwd program = /usr/bin/passwd '%u'
unix password sync = yes
passwd chat = *New UNIX password* %n\n *Retype new UNIX password* 
%n\n

*updated successfully*
enable privileges = yes
username map = /etc/samba/smbusers
wins support = yes

[public]
path = /data/public
create mask = 0775
create mode = 0775
directory mask = 0775
guest ok = no
browseable = Yes
writable = yes
write list = @Domain Users
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] File owner SID instead of name showing for one user

[tms3]

Hello,

I recently migrated all data and user accounts from our old Samba file
server to a new (Samba 3.4.0 on Unbuntu 9.10) one. Everything is 
working

fine except that there is one user whose SID is showing in the Owner
column of Windows Explorer instead of the user name.

It's not a big problem, but the user is uncomfortable with it and I'd
like to know why it's happening and how to fix it.


Check for duplicate UID's somewhere.




Any help would be much appreciated.

Thanks.

Greg
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] File owner SID instead of name showing for one user

[tms3]

Also make sure that SID returned by wbinfo -n DOMAIN\name matches 
the

name returned bywbinfo -s SID command.


Yeah...but that's a real puzzler, isn't it?  Why the is the 
nsswitch/winbindd process getting a SID as a  value for uid?  I've 
seen it briefly when some process is lagging out.  But I can't ever 
recall such a state being permanentOdd...something's nagging me 
about this, can't put my finger on it.




On 07/08/2010 01:45 PM, t...@tms3.com wrote:








Hello,

I recently migrated all data and user accounts from our old Samba file
server to a new (Samba 3.4.0 on Unbuntu 9.10) one. Everything is 
working

fine except that there is one user whose SID is showing in the Owner
column of Windows Explorer instead of the user name.

It's not a big problem, but the user is uncomfortable with it and I'd
like to know why it's happening and how to fix it.


Check for duplicate UID's somewhere.





Any help would be much appreciated.

Thanks.

Greg
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba




--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] File owner SID instead of name showing for one user

[tms3]

--- Original message ---
Subject: Re: [Samba] File owner SID instead of name showing for one 
user

From: Gregory A. Cain g...@gregorycain.net
To: samba@lists.samba.org
Date: Thursday, 08/07/2010 11:38 AM

Thank you -

wbinfo -s (user sid) returns Could not lookup sid (user sid)


But all other SID lookups are good (well at least a test smattering of 
them)?




How do I fix this?

Thanks again.



On 7/8/2010 10:56 AM, Gaiseric Vandal wrote:


Also make sure that SID returned by wbinfo -n DOMAIN\name matches 
the

name returned by wbinfo -s SID command.


--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] File owner SID instead of name showing for one user

[tms3]

On 07/08/2010 03:10 PM, Gregory A. Cain wrote:


Exactly.  I checked 4 or 5 other users - no problems.  Also did a
spot-check of files belonging to other users in Windows Explorer.  It
appears this is the only user with the problem.

I checked for duplicate UID's and found none.  Using ls -l on the
server returns the correct user name and UID for the files.


OK, Greg, let me get this straight:

1.  From a server terminal ls -l shows correct info.

2.  Only in Windows exploderer the SID instead of name?

3.  I forget...Samba domain or samba joined to AD domain?






On 7/8/2010 12:01 PM, t...@tms3.com wrote:






wbinfo -s (user sid) returns Could not lookup sid (user sid)


But all other SID lookups are good (well at least a test smattering of
them)?







What does pdbedit -Lv theuser show?  It should show the user's SID.


--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Regarding S4 and libnss_winbind.so

[tms3]

Apparently this didn't/doesn't build on FreeBSD by default...or is it 
doesn't build at all.


If it is buildable, what should I do to build it, as without it...see 
wiki:


http://wiki.samba.org/index.php/Samba4/Winbind

Cheers,

TMS III



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] One account can access samba, another can't.

[tms3]

My wife and I each have our own workstation dual-booting WinXP and
Gentoo Linux.  We also have a third which runs Gentoo all the time.  I
wanted to set up samba on the third box and provide some extra storage
space for both our Windows installs.  It worked for a few days, then 
all

of a sudden it stopped letting my account (michael) in while still
letting my wife's account (amy) use the share.  Here's
my /etc/samba/smb.conf:

carter samba # cat /etc/samba/smb.conf
[global]
workgroup = MYGROUP
security = user
encrypt passwords = yes
guest account = guest
wins support = yes
local master = yes
os level = 99
domain master = yes
preferred master = yes
hosts allow = 192.168.1. 127.
interfaces = eth0
log level = 1
[tmp]
path=/tmp
writeable=yes

[homes]
path=/samba/michael
valid users=michael
writable=yes

path=/samba/amy
valid users=amy
writeable=yes


Erm, the [homes] isn't an outline heading.  It is a share name.  It is 
unique, and has a unique path.  You probably want to use an auto login 
for homes such that a user connects to


\\sever\share\%U

where the share in smb.conf would be say

[homes]
 path = /samba
 valid users = michael, amy
 writeable = yes

Then setting up the sub directories michael and amy under /samba and, 
since this is a nice simple setup


chmod -R 700 /samba/michael (and amy)
chown -R michael ./samba/michael

You get the point.  Check

man smb.conf

for options on setting up home directory shares.

Cheers,

TMS III





Here's smbusers:carter samba # cat /etc/samba/smbusers
# $Header: /var/cvsroot/gentoo-x86/net-fs/samba/files/3.4/smbusers,v 
1.1

2010/02/26 20:11:18 patrick Exp $

# Syntax:
#   Unix_name = SMB_name1 SMB_name2 ...

root = Administrator admin
nobody = guest pcguest smbguest
michael = michael
amy = amy

(I hope I got the syntax right.)
carter / # ls -l
.
.
.
drwxr-xr-x   4 nobody  nobody30 Jul  8 10:13 samba
.
.
.
carter / # ls -l /samba
total 0
drwx-- 4 amy users 39 Jul  8 10:13 amy
drwxr-xr-x 5 michael users 58 Jun 24 00:11 michael

Here I log in with amy:
carter samba # su - amy
a...@carter ~ $ smbclient //carter/homes
Enter amy's password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.4.6]
smb: \ ls
   .   D0  Thu Jul  8 10:13:42
2010
   ..  D0  Thu Jul  8 10:13:49
2010
   backup  D0  Fri Jun 25 20:34:15
2010
   Program Files   D0  Thu Jul  8 10:13:42
2010

59608 blocks of size 16777216. 58564 blocks available
smb: \

and then with mcarter samba # su - michael
mich...@carter ~ $ smbclient //carter/homes
Enter michael's password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.4.6]
tree connect failed: NT_STATUS_ACCESS_DENIED
mich...@carter ~ $



Here's the contents of my log files:

carter samba # cat log.nmbd
[2010/07/08 14:32:45,  0] nmbd/nmbd.c:854(main)
   nmbd version 3.4.6 started.
   Copyright Andrew Tridgell and the Samba Team 1992-2009
[2010/07/08 14:32:45,  0] nmbd/asyncdns.c:155(start_async_dns)
   started asyncdns process 21024
[2010/07/08 14:32:45,  0]
nmbd/nmbd_become_dmb.c:337(become_domain_master_browser_wins)
   become_domain_master_browser_wins:
   Attempting to become domain master browser on workgroup MYGROUP,
subnet UNICAST_SUBNET.
[2010/07/08 14:32:45,  0]
nmbd/nmbd_become_dmb.c:351(become_domain_master_browser_wins)
   become_domain_master_browser_wins: querying WINS server from IP
192.168.1.2 for domain master browser name MYGROUP1b on workgroup
MYGROUP
[2010/07/08 14:32:51,  0]
nmbd/nmbd_become_dmb.c:110(become_domain_master_stage2)
   *

   Samba server CARTER is now a domain master browser for workgroup
MYGROUP on subnet UNICAST_SUBNET

   *
[2010/07/08 14:32:51,  0]
nmbd/nmbd_become_dmb.c:292(become_domain_master_browser_bcast)
   become_domain_master_browser_bcast:
   Attempting to become domain master browser on workgroup MYGROUP on
subnet 192.168.1.2
[2010/07/08 14:32:51,  0]
nmbd/nmbd_become_dmb.c:305(become_domain_master_browser_bcast)
   become_domain_master_browser_bcast: querying subnet 192.168.1.2 for
domain master browser on workgroup MYGROUP
[2010/07/08 14:32:59,  0]
nmbd/nmbd_become_dmb.c:110(become_domain_master_stage2)
   *

   Samba server CARTER is now a domain master browser for workgroup
MYGROUP on subnet 192.168.1.2

   *
[2010/07/08 14:33:07,  0]
nmbd/nmbd_become_lmb.c:395(become_local_master_stage2)
   *

   Samba name server CARTER is now a local master browser for 
workgroup

MYGROUP on subnet 192.168.1.2

   *

carter samba # cat log.smbd
[2010/07/08 14:24:52,  0] smbd/server.c:1073(main)
   smbd version 3.4.6 started.
   Copyright Andrew Tridgell and the Samba Team 1992-2009
[2010/07/08 14:24:52,  0] printing/print_cups.c:103(cups_connect)
   Unable to connect to CUPS server /var/run/cups/cups.sock:631 - No 
such

file or directory
[2010/07/08 14:24:52,  0] printing/print_cups.c:103(cups_connect)
   Unable to connect to 

Re: [Samba] One account can access samba, another can't.

[tms3]

SNIP


mich...@carter ~ $ smbclient //carter/homes/michael


Yep.  You need to use the home path stuff.

Alternatively you could, just to make it very easy

#Share for michael
[MICHEAL]

path = /samba/michael (etc.)

#Share for amy
[AMY]

path = /samba/amy (etc.)

Then the mount from cifs, or windoze is

\\server-name\michael or \\sever-name\amy



Enter michael's password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.4.6]
tree connect failed: NT_STATUS_BAD_NETWORK_NAME
mich...@carter ~ $ exit
logout

carter ~ # su - amy
a...@carter ~ $ smbclient //carter/homes/amy
Enter amy's password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.4.6]
tree connect failed: NT_STATUS_BAD_NETWORK_NAME
a...@carter ~ $ exit
logout

and here's the log:
carter ~ # cat /var/log/samba/log.smbd
[2010/07/08 14:24:52,  0] smbd/server.c:1073(main)
   smbd version 3.4.6 started.
   Copyright Andrew Tridgell and the Samba Team 1992-2009
[2010/07/08 14:24:52,  0] printing/print_cups.c:103(cups_connect)
   Unable to connect to CUPS server /var/run/cups/cups.sock:631 - No 
such

file or directory
[2010/07/08 14:24:52,  0] printing/print_cups.c:103(cups_connect)
   Unable to connect to CUPS server /var/run/cups/cups.sock:631 - No 
such

file or directory
[2010/07/08 14:24:52,  0] smbd/server.c:457(smbd_open_one_socket)
   smbd_open_once_socket: open_socket_in: Address already in use
[2010/07/08 14:24:52,  0] smbd/server.c:457(smbd_open_one_socket)
   smbd_open_once_socket: open_socket_in: Address already in use
[2010/07/08 14:32:44,  0] smbd/server.c:1073(main)
   smbd version 3.4.6 started.
   Copyright Andrew Tridgell and the Samba Team 1992-2009
[2010/07/08 14:32:45,  0] printing/print_cups.c:103(cups_connect)
   Unable to connect to CUPS server /var/run/cups/cups.sock:631 - No 
such

file or directory
[2010/07/08 14:32:45,  0] printing/print_cups.c:103(cups_connect)
   Unable to connect to CUPS server /var/run/cups/cups.sock:631 - No 
such

file or directory
[2010/07/08 14:32:45,  0] smbd/server.c:457(smbd_open_one_socket)
   smbd_open_once_socket: open_socket_in: Address already in use
[2010/07/08 14:32:45,  0] smbd/server.c:457(smbd_open_one_socket)
   smbd_open_once_socket: open_socket_in: Address already in use
[2010/07/08 14:33:32,  0] lib/util_sock.c:1564(matchname)
   matchname: host name/address mismatch: :::192.168.1.2 !=
carter.espersunited.com
[2010/07/08 14:33:32,  0] lib/util_sock.c:1685(get_peer_name)
   Matchname failed on carter.espersunited.com :::192.168.1.2
[2010/07/08 14:33:32,  1] smbd/service.c:1063(make_connection_snum)
   carter (:::192.168.1.2) connect to service amy initially as 
user

amy (uid=1001, gid=100) (pid 21335)
[2010/07/08 14:34:13,  1] smbd/service.c:1240(close_cnum)
   carter (:::192.168.1.2) closed connection to service amy
[2010/07/08 14:34:26,  0] lib/util_sock.c:1564(matchname)
   matchname: host name/address mismatch: :::192.168.1.2 !=
carter.espersunited.com
[2010/07/08 14:34:26,  0] lib/util_sock.c:1685(get_peer_name)
   Matchname failed on carter.espersunited.com :::192.168.1.2
[2010/07/08 14:34:26,  1] smbd/service.c:676(make_connection_snum)
   create_connection_server_info failed: NT_STATUS_ACCESS_DENIED
[2010/07/08 14:43:10,  0] smbd/server.c:1073(main)
   smbd version 3.4.6 started.
   Copyright Andrew Tridgell and the Samba Team 1992-2009
[2010/07/08 14:43:10,  0] printing/print_cups.c:103(cups_connect)
   Unable to connect to CUPS server /var/run/cups/cups.sock:631 - No 
such

file or directory
[2010/07/08 14:43:10,  0] printing/print_cups.c:103(cups_connect)
   Unable to connect to CUPS server /var/run/cups/cups.sock:631 - No 
such

file or directory
[2010/07/08 14:43:10,  0] smbd/server.c:457(smbd_open_one_socket)
   smbd_open_once_socket: open_socket_in: Address already in use
[2010/07/08 14:43:10,  0] smbd/server.c:457(smbd_open_one_socket)
   smbd_open_once_socket: open_socket_in: Address already in use
[2010/07/08 20:35:51,  0] smbd/server.c:1073(main)
   smbd version 3.4.6 started.
   Copyright Andrew Tridgell and the Samba Team 1992-2009
[2010/07/08 20:35:51,  0] printing/print_cups.c:103(cups_connect)
   Unable to connect to CUPS server /var/run/cups/cups.sock:631 - No 
such

file or directory
[2010/07/08 20:35:51,  0] printing/print_cups.c:103(cups_connect)
   Unable to connect to CUPS server /var/run/cups/cups.sock:631 - No 
such

file or directory
[2010/07/08 20:35:51,  0] smbd/server.c:457(smbd_open_one_socket)
   smbd_open_once_socket: open_socket_in: Address already in use
[2010/07/08 20:35:51,  0] smbd/server.c:457(smbd_open_one_socket)
   smbd_open_once_socket: open_socket_in: Address already in use
[2010/07/08 20:36:09,  0] lib/util_sock.c:1564(matchname)
   matchname: host name/address mismatch: :::192.168.1.2 !=
carter.espersunited.com
[2010/07/08 20:36:09,  0] lib/util_sock.c:1685(get_peer_name)
   Matchname failed on carter.espersunited.com :::192.168.1.2
[2010/07/08 20:36:09,  0] smbd/service.c:1202(make_connection)
   carter 

Re: [Samba] domain change

[tms3]

--- Original message ---
Subject: [Samba] domain change
From: Pascal pascal.legr...@univ-orleans.fr
To: samba@lists.samba.org
Date: Wednesday, 07/07/2010  4:23 AM

i've got a problem about a windows xp station :

i change this machine from a domain to another, but when the user, 
wich

use this machine, connect on it he lost his parameters and data (cause
of the different sid).
is there an easy way to make this user keep his parameters and data ?


Yes, before leaving the domain, log in as user and use file and 
settings transfer wizard to store profile data...Start-All Programs- 
Accessories-System tools-File and Settings Transfer Wizard.  Save data 
to local hard drive or net share.  Log into New Dom with correct user 
account and import transfer wizard data.




thanks


--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Problem After Upgrade - NT_STATUS_FILE_IS_A_DIRECTORY

[tms3]

I'm running Samba 3.4.7 on Ubuntu 10.04. This is a recent upgrade and 
we've starting experience a sporadic problem after this upgrade.


When users are browsing through Windows Explorer they sometimes run 
across folders that appear as unassociated files. This requires the 
user to click the 'Refresh' button in Windows Explorer to properly see 
the folders. The files and folders are hosted on our Ubuntu server and 
shared with Samba and accessed on the Windows clients through various 
mapped network drives.


The files on the Ubuntu server shared through Samba are actually 
MOUNTED onto the Ubuntu server from a Windows XP server that is 
hosting the files locally.
This is truly a bad idea.  That XP share should be mounted by the 
workstations just like the server shares.  Move the data to the 
server, or use the XP box as a server to directly serve those who need 
the data on it.


Cheers,

TMS III

These mounted files and folders are what is giving the users trouble 
in seeing folders correctly. We have other files hosted locally on the 
Ubuntu server and shared through Samba, but these are NOT giving us 
problems when browsing them through Windows Explorer. The only files 
that are giving us this problem are the mounted files.


I've noticed that every time I come across a list of folders in 
Windows Explorers that look like unassociated files, I get the 
following error messages in /var/log/samba/log.smbd :


---

   error packet at smbd/nttrans.c(563) cmd=162 (SMBntcreateX) 
NT_STATUS_OBJECT_PATH_NOT_FOUND

[2010/07/06 15:56:24,  3] smbd/process.c:1459(process_smb)

[2010/07/06 15:56:24,  3] smbd/error.c:60(error_packet_set)
   error packet at smbd/nttrans.c(563) cmd=162 (SMBntcreateX) 
NT_STATUS_FILE_IS_A_DIRECTORY


---

The mounting of the files is done through /etc/fstab with CIFS as the 
mount type.


The only solution I can think of would be to move the mounted files to 
the Ubuntu server so they are hosted locally. Like I said, we are 
already doing this with some directories, and we are not experiencing 
a problem browsing through those.


If anyone has any ideas I would be glad to know. Thanks.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Problem After Upgrade - NT_STATUS_FILE_IS_A_DIRECTORY

[tms3]

SNIP





This is truly a bad idea. That XP share should be
mounted by the workstations just like the server
shares. Move the data to the server, or use the XP box
as a server to directly serve those who need the data
on it.

Cheers,

TMS III



Why is this a bad idea? We've been running this setup
for a few years now and its been working fine until we
upgraded. The XP box only allows 10 user limit for
shares, so that's why we mounted it to the Ubuntu
server and shared it with Samba instead of having to
pay for Windows Server license.

The problem with simply moving the files over to the
Ubuntu server is that the files on the XP box are
stored on a RAID array that comes with a controller
card whose driver is really only designed to be run on
Windows, not Linux.


Is this a *real* RAID controller or a 'fake' (BIOS/Software/MB) RAID
controller?  If it is a real controller are you sure there is no Linux
driver for it?  (Esp. since you are using Ubuntu!) If it is a
software/BIOS/MB RAID controller the performance is going to be really
bad -- these controllers are really only meant for home systems and 
not

really for true servers.




I'd have to setup mdadm on Ubuntu, which I've done
before and was not impressed. The Windows RAID system
we have is much more easier to maintain.


Oh, you mean you have to actually use your keyboard? How dreadfull...

Do you mean to say that the files local to the Ubuntu *server* are not 
on

a RAID array?




I don't want to get off topic here, I just want to
know why Samba is giving me trouble browsing these
mounted directories.


This sort of 'game' (mounting files from one 'server' on another 
server

and then re-exporting them), is not *specific* to Samba.  See what
happens when you try to NFS export file systems mounted as nfs file
systems (although I expect nfsd/mountd would refuse to let you do that
in the first place).

There are several problems:

It tends to confuse the server(s).  File serving software (Samba, 
NFSD,
etc.) really expect the data they are serving to be local (yes, using 
a

NAS or something like that is a little different) and are written to
optimal to work that way.

It causes lots of network traffic: every I/O operation causes two
batches of network traffic and implies two sets of network channels: 
one

set between the machine with the physical disks (the XP box) and the
'server' (the Ubuntu box), and a *second* set of network channels
between the 'server' (the Ubuntu box) and the final client(s) (the
client MS-Windows machine(s)).  If this is on one physical network (if
the 'server' (the Ubuntu box) only has one NIC), then the you have 
lots

of network collisions, which means your network thoughput will truely
suck (eg network timeouts, dropped/lost packets, etc.).

I expect that 'before' you 'got by' by luck.  What might be happening
now is that some fix to Samba is biting you or maybe you are getting
network I/O errors (timeouts?) because of what I described in the
paragraph above.

What you are doing is not really going to work in the long term.  You
either need to:

1) Buy a real, supported RAID card for the Ubuntu system.
2) Live with mdadm
3) Pay for licenses for the XP system.


Couldn't agree more.  One more item is that the CIFS share to the XP 
box is the user that mounted the file system on Ubuntu.  Bah!  Just 
ugly all around.





--
Robert Heller -- 978-544-6933
Deepwoods Software-- Download the Model Railroad System
http://www.deepsoft.com/ -- Binaries for Linux and MS-Windows
hel...@deepsoft.com   -- 
http://www.deepsoft.com/ModelRailroadSystem/




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] YeeFreakingHa!

[tms3]

Samba4 latest on FreeBSD8.1RC2 built and running as a joined DC:

81rc2# pwd
/usr/local/samba/sbin
81rc2# ps -ax | grep samba
92436  ??  Ss 0:00.24 ./samba
92437  ??  S  0:00.01 ./samba
92438  ??  I  0:00.04 ./samba
92439  ??  S  0:00.01 ./samba
92440  ??  S  0:00.00 ./samba
92441  ??  S  0:00.00 ./samba
92442  ??  S  0:00.00 ./samba
92443  ??  S  0:00.01 ./samba
92444  ??  S  0:00.89 ./samba
92445  ??  S  0:00.00 ./samba
92446  ??  S  0:00.00 ./samba
92447  ??  I  0:00.10 ./samba
92448  ??  I  0:00.02 ./samba
93215   0  R+ 0:00.00 grep samba
81rc2# uname -a
FreeBSD 81rc2.tms3.com 8.1-RC2 FreeBSD 8.1-RC2 #0: Wed Jul  7 06:59:46 
PDT 2010 t...@81rc2.tms3.com:/usr/obj/usr/src/sys/IPFAST  amd64


81rc2# netstat -an
Active Internet connections (including servers)
Proto Recv-Q Send-Q  Local Address  Foreign Address   
(state)
tcp4   0  0 192.168.64.51.445  192.168.64.123.59566   
ESTABLISHED


Nice work team!!!

Now there are some errors.  81RC2 is the FreeBSD81RC2 box and T3 is an 
Ubuntu server 10.4 samba4 box:


Working from BSD box:

81rc2# ./net drs kcc -Uadministrator 81rc2.tms3.com
Password for [TMS3\administrator]:
dos charset 'CP850' unavailable - using ASCII
Default-First-Site-Name
Current Site Options: (none)
Consistency check on 81rc2.tms3.com successful.

81rc2# ./net drs kcc -Uadministrator T3.tms3.com
Password for [TMS3\administrator]:
dos charset 'CP850' unavailable - using ASCII
Default-First-Site-Name
Current Site Options: (none)
Consistency check on T3.tms3.com successful.

Not so much:

81rc2# ./net drs showrepl 81rc2
dos charset 'CP850' unavailable - using ASCII
Password for [administra...@tms3.com]:
Default-First-Site-Name\81RC2
DSA Options: (none)
Site Options: (none)
DSA object GUID: 4ec570a8-85c1-4328-b6fa-57882281e3a8
DSA invocationID: c3ed7e55-f889-4c28-9582-da12f824d892

 INBOUND NEIGHBORS 
DsReplicaGetInfo failed - NT_STATUS_RPC_PROTOCOL_ERROR.
DsReplicaGetInfo() failed for 
DRSUAPI_DS_REPLICA_INFO_KCC_DSA_CONNECT_FAILURES.

return code = -1

Sorta kinda working...I think:

81rc2# ./net drs showrepl T3
dos charset 'CP850' unavailable - using ASCII
Default-First-Site-Name\T3
DSA Options: 0x0001
Site Options: (none)
DSA object GUID: fdaf2ed0-3630-41ba-96a6-554f0316bf75
DSA invocationID: 5b89c863-f8b0-4310-907d-20e978c9fd98

 INBOUND NEIGHBORS 

DC=tms3,DC=com
   Default-First-Site-Name\DEATHKNIGHT via RPC
   DSA object GUID: 58bfc826-cd9f-445d-b6e5-ab7314ba0671
   Last attempt @ Wed Jul  7 20:59:24 2010 PDT was 
successful.

   0 consecutive failure(s).
   Last success @ Wed Jul  7 20:59:24 2010 PDT

DC=tms3,DC=com
   Default-First-Site-Name\EOWYN via RPC
   DSA object GUID: af29c79c-57dc-40f3-bed1-95c3adda4cc8
   Last attempt @ Wed Jul  7 20:59:24 2010 PDT was 
successful.

   0 consecutive failure(s).
   Last success @ Wed Jul  7 20:59:24 2010 PDT

DC=tms3,DC=com
   Default-First-Site-Name\WWW via RPC
   DSA object GUID: 0e787088-a072-4f35-9738-d343201f71a2
   Last attempt @ NTTIME(0) was successful.
   0 consecutive failure(s).
   Last success @ NTTIME(0)

DC=tms3,DC=com
   Default-First-Site-Name\81RC2 via RPC
   DSA object GUID: 4ec570a8-85c1-4328-b6fa-57882281e3a8
   Last attempt @ NTTIME(0) was successful.
   0 consecutive failure(s).
   Last success @ NTTIME(0)

CN=Schema,CN=Configuration,DC=tms3,DC=com
   Default-First-Site-Name\DEATHKNIGHT via RPC
   DSA object GUID: 58bfc826-cd9f-445d-b6e5-ab7314ba0671
   Last attempt @ Wed Jul  7 20:59:24 2010 PDT was 
successful.

   0 consecutive failure(s).
   Last success @ Wed Jul  7 20:59:24 2010 PDT

CN=Schema,CN=Configuration,DC=tms3,DC=com
   Default-First-Site-Name\EOWYN via RPC
   DSA object GUID: af29c79c-57dc-40f3-bed1-95c3adda4cc8
   Last attempt @ Wed Jul  7 20:59:25 2010 PDT was 
successful.

   0 consecutive failure(s).
   Last success @ Wed Jul  7 20:59:25 2010 PDT

CN=Schema,CN=Configuration,DC=tms3,DC=com
   Default-First-Site-Name\WWW via RPC
   DSA object GUID: 0e787088-a072-4f35-9738-d343201f71a2
   Last attempt @ NTTIME(0) was successful.
   0 consecutive failure(s).
   Last success @ NTTIME(0)

CN=Schema,CN=Configuration,DC=tms3,DC=com
   Default-First-Site-Name\81RC2 via RPC
   DSA object GUID: 4ec570a8-85c1-4328-b6fa-57882281e3a8
   Last attempt @ NTTIME(0) was successful.
   0 consecutive failure(s).
   Last success @ NTTIME(0)

CN=Configuration,DC=tms3,DC=com
   Default-First-Site-Name\DEATHKNIGHT via RPC
   DSA object GUID: 58bfc826-cd9f-445d-b6e5-ab7314ba0671

Re: [Samba] net ads testjoin

[tms3]

SNIP

Is there anyone who can help with this question?


prism# net ads testjoin
Join is OK

That's about it.  Pretty simple.




Regards,
Khaled

2010/4/30 Khaled Blah khaled.b...@googlemail.com:


Can anyone give me any hints please? I've read the man pages for
smb.conf and for net and then I read the manual about the net
command. Still, I don't know what testjoin actually does or tries to
do.

Regards,
Khaled

2010/4/26 Khaled Blah khaled.b...@googlemail.com:


I hope bumping is not frowned upon in this list :)

cheers,
Khaled

2010/4/24 Khaled Blah khaled.b...@googlemail.com:


Hello all,

I am new to this list and hopefully I am at the right place. Firstly,
thanks to everyone involved in this project. You do a great job!

Now, I use net to join Windows AD domains and was wondering where I
can find out more information on what happens during a net ads
testjoin. The information I found on the documentation pages of net
or smb.conf on the website did not say much about it. I have noticed
that a testjoin will ask for a password when the domain membership
is not valid and it'll ignore kerberos tickets. Is there something I
am missing here?

I am grateful to any insight you guys could give me!

Regards,
Khaled





--

To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Cross subnet browsing + OpenVPN

[tms3]

SNIP



Hi All,

I'm having a problem with cross subnet browsing and name resolution 
across
an openvpn tunnel. i've found quite a few people who've had the same 
on
mail lists but none of their fixes have worked. The spec of the setups 
at

both ends of the tunnel are as follows:


remote announce = 192.168.2.255/NEWDOM 
192.168.1.255/NEWDOM

 remote browse sync = 192.168.1.255 192.168.2.255

This looks odd to me.

remote announce = wins server ip/DOMNAME
remote browse sync = wins server ip

NEEDED in both smb.conf

wins server = wins server ip

Can't remember default for this setting so

enhanced browsing = Yes

in both smb.conf


DHCP should point clients to headoffice for WINS.  WINS proxy is not 
useful.




OS - CentOS 5.5
Samba Version 3.5.4
OpenVPN Version 2.0.9-1

Each server is configured in gateway mode with two NICS, one to the 
lan
and the other to a modem/router.  The first machine, HEADOFFICE, has 
an

internal IP address of
192.168.0.1 and an external of 192.168.10.4.  The second machine, 
REMOTE1,
has an internal address of 192.168.1.254 and an external of 
192.168.20.4.


On openVPN, I have configured client to client and routes and iroutes 
to
allow machines on each network to ping machines at the other end as 
well

as the server IP's.
So far so good and I can ping any machine on either subnet from 
anywhere

and get a reply.  The servers are configured as Samba servers with the
HEADOFFICE machine working as a PDC, DMC and WINS server and the 
REMOTE1
   machine configured as a BDC and WINS proxy.  In order to maintain 
logon

facilities in the event of broadband failure,
I have replicated the LDAP server from HEADOFFICE to REMOTE1 and 
updates
and password changes propogate successfully from one site to the 
other.


If I try to access HEADOFFICE from REMOTE1 and REMOTE1's subnet it 
works

perfectly but trying to access REMOTE1 from HEADOFFICE and its subnet
fails on name resolution while
entering \\192.168.1.254\  brings up Windows Explorer and a list of 
shares.


I've included the remote browse entries in smb.conf on the PDC and 
have
WINS Proxying set up on the BDC but I can't get it to push REMOTE1's 
IP

back to the WINS server.
Port scanning the internal IP of each machine from the oher end of the
tunnel returns a full set of open ports for the services I'm using but 
no

IP.

If anyone can spot what I'm doing wrong I'd be grateful.

Thanks.

 smb.conf - HEADOFFICE
###  Included 2nd subnet for second remote site in browse sync

[ global]
 workgroup = NEWDOM
 netbios name = HEADOFFICE
 security = user
 enable privileges = yes
 interfaces = 192.168.0.1 127.0.0.1
#   hosts allow = 192.168.0.0/255.255.255.0 
192.168.1.0/255.255.255.0

194.168.2.0/255.255.255.0 127.0.0.1
 remote announce = 192.168.2.255/NEWDOM 
192.168.1.255/NEWDOM

 remote browse sync = 192.168.1.255 192.168.2.255
 wins support = yes
 name resolve order = wins hosts bcast
 username map = /etc/samba/smbusers
 server string = Samba Server %v
 encrypt passwords = Yes
 ldap ssl = no
 unix password sync = yes
 ldap passwd sync = no
 passwd program = /usr/sbin/smbldap-passwd -u %u
 passwd chat = Changing *\nNew password* %n\n 
*Retype new

password* %n\n

#public = yes
#browseable = yes
#lm announce = yes
#browse list = yes
#auto services = yes

 log level = 3
 syslog = 0
 log file = /var/log/samba/log.%U
 max log size = 10
 time server = Yes
 socket options = TCP_NODELAY SO_RCVBUF=8192 
SO_SNDBUF=8192

 mangling method = hash2
 Dos charset = 850
 Unix charset = ISO8859-1

 local master = Yes
 domain logons = Yes
 domain master = Yes
 os level = 65
 preferred master = Yes
 wins support = yes

 passdb backend = ldapsam:ldap://127.0.0.1
 ldap admin dn = cn=Manager,dc=newdom,dc=ldm
 ldap suffix = dc=newdom,dc=ldm
 ldap group suffix = ou=Groups
 ldap user suffix = ou=Users
 ldap machine suffix = ou=Computers
 ldap idmap suffix = ou=Idmap

 add user script = /usr/sbin/smbldap-useradd -m %u
 ldap delete dn = Yes
 delete user script = /usr/sbin/smbldap-userdel %u
 add machine script = /usr/sbin/smbldap-useradd -t 0 
-w %u

 add group script = /usr/sbin/smbldap-groupadd -p %g
 #delete group script