Re: [Samba] Help troubleshooting find_domain_master_name_query_fail on SMB v4?
Several things you could try. 1. Set in [global] domain master = yes 2. Use either wins support or wins server, but not both. Based on what you have in interfaces, if this system is to be the wins server, then use wins support = yes and eliminate the wins server parameter. 3. Check for firewall / selinux / apparmor issues. Also it is no longer recommended to use the socket options directive. For a standalone server, you do not need any of the idmap or logon parameters. There are probably other you could eliminate, but these are the most obvious. Dale On 09/07/2013 6:35 PM, d...@sent.com wrote: I'm running smbd -V Version 4.1.0rc2-3.1-3075-SUSE-oS12.3-x86_64 This is a standalone server, and the only SMB/CIFS instance on my LAN. On launch, I see the following find_domain_master_name_query_fail error in logs. I can't track down what I've managed to do wrong; pointers appreciated. == log.nmbd == [2013/09/07 16:21:41, 2] ../source3/nmbd/nmbd_elections.c:42(send_election_dgram) send_election_dgram: Sending election packet for workgroup WORKGROUP on subnet 192.168.1.202 [2013/09/07 16:21:41, 2] ../source3/nmbd/nmbd_elections.c:205(run_elections) run_elections: Won election for workgroup WORKGROUP on subnet 192.168.1.202 [2013/09/07 16:21:41, 2] ../source3/nmbd/nmbd_become_lmb.c:538(become_local_master_browser) become_local_master_browser: Starting to become a master browser for workgroup WORKGROUP on subnet 192.168.1.202 [2013/09/07 16:21:49, 0] ../source3/nmbd/nmbd_become_lmb.c:397(become_local_master_stage2) * Samba name server test is now a local master browser for workgroup WORKGROUP on subnet 192.168.1.202 * [2013/09/07 16:21:49, 0] ../source3/nmbd/nmbd_browsesync.c:354(find_domain_master_name_query_fail) find_domain_master_name_query_fail: Unable to find the Domain Master Browser name WORKGROUP1b for the workgroup WORKGROUP. Unable to sync browse lists in this workgroup. Checking smbclient -N -L test Domain=[WORKGROUP] OS=[Unix] Server=[Samba 4.1.0rc2-3.1-3075-SUSE-oS12.3-x86_64] Sharename Type Comment - --- testSHARE Disk IPC$IPC IPC Service (Samba 4.1.0rc2-3.1-3075-SUSE-oS12.3-x86_64) Domain=[WORKGROUP] OS=[Unix] Server=[Samba 4.1.0rc2-3.1-3075-SUSE-oS12.3-x86_64] Server Comment ---- test Samba 4.1.0rc2-3.1-3075-SUSE-oS12.3-x86_64 WorkgroupMaster ---- WORKGROUP test My smb conf is cat /etc/samba/smb.conf [global] interfaces = 192.168.1.202/255.255.252.0 smb ports = 137 138 139 445 bind interfaces only = yes hosts allow = 192.168.1. 127.0.0.1 localhost hosts deny = all max connections = 5 max xmit = 32767 strict sync = no sync always = no strict locking = no keepalive = 300 wide links = yes getwd cache = yes use sendfile = true netbios name = test workgroup = WORKGROUP *wins support = yes wins server = 192.168.1.202* local master = yes preferred master = yes os level = 65 name resolve order = wins bcast security = user encrypt passwords = yes passdb backend = tdbsam map to guest = Bad User username map = /etc/samba/username_map.conf *idmap config * : backend = tdb2 idmap config * : range = 100-200 logon path = \\%L\profiles\.msprofile logon home = \\%L\%U\.9xprofile logon drive = P:* usershare allow guests = no load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes printcap cache time = 0 log file =
[Samba] Help troubleshooting find_domain_master_name_query_fail on SMB v4?
I'm running smbd -V Version 4.1.0rc2-3.1-3075-SUSE-oS12.3-x86_64 This is a standalone server, and the only SMB/CIFS instance on my LAN. On launch, I see the following find_domain_master_name_query_fail error in logs. I can't track down what I've managed to do wrong; pointers appreciated. == log.nmbd == [2013/09/07 16:21:41, 2] ../source3/nmbd/nmbd_elections.c:42(send_election_dgram) send_election_dgram: Sending election packet for workgroup WORKGROUP on subnet 192.168.1.202 [2013/09/07 16:21:41, 2] ../source3/nmbd/nmbd_elections.c:205(run_elections) run_elections: Won election for workgroup WORKGROUP on subnet 192.168.1.202 [2013/09/07 16:21:41, 2] ../source3/nmbd/nmbd_become_lmb.c:538(become_local_master_browser) become_local_master_browser: Starting to become a master browser for workgroup WORKGROUP on subnet 192.168.1.202 [2013/09/07 16:21:49, 0] ../source3/nmbd/nmbd_become_lmb.c:397(become_local_master_stage2) * Samba name server test is now a local master browser for workgroup WORKGROUP on subnet 192.168.1.202 * [2013/09/07 16:21:49, 0] ../source3/nmbd/nmbd_browsesync.c:354(find_domain_master_name_query_fail) find_domain_master_name_query_fail: Unable to find the Domain Master Browser name WORKGROUP1b for the workgroup WORKGROUP. Unable to sync browse lists in this workgroup. Checking smbclient -N -L test Domain=[WORKGROUP] OS=[Unix] Server=[Samba 4.1.0rc2-3.1-3075-SUSE-oS12.3-x86_64] Sharename Type Comment - --- testSHARE Disk IPC$IPC IPC Service (Samba 4.1.0rc2-3.1-3075-SUSE-oS12.3-x86_64) Domain=[WORKGROUP] OS=[Unix] Server=[Samba 4.1.0rc2-3.1-3075-SUSE-oS12.3-x86_64] Server Comment ---- test Samba 4.1.0rc2-3.1-3075-SUSE-oS12.3-x86_64 WorkgroupMaster ---- WORKGROUP test My smb conf is cat /etc/samba/smb.conf [global] interfaces = 192.168.1.202/255.255.252.0 smb ports = 137 138 139 445 bind interfaces only = yes hosts allow = 192.168.1. 127.0.0.1 localhost hosts deny = all max connections = 5 max xmit = 32767 strict sync = no sync always = no strict locking = no keepalive = 300 wide links = yes getwd cache = yes use sendfile = true netbios name = test workgroup = WORKGROUP wins support = yes wins server = 192.168.1.202 local master = yes preferred master = yes os level = 65 name resolve order = wins bcast security = user encrypt passwords = yes passdb backend = tdbsam map to guest = Bad User username map = /etc/samba/username_map.conf idmap config * : backend = tdb2 idmap config * : range = 100-200 logon path = \\%L\profiles\.msprofile logon home = \\%L\%U\.9xprofile logon drive = P: usershare allow guests = no load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes printcap cache time = 0 log file = /var/log/samba/samba.log.%m log level = 2 max log size = 5000 debug timestamp = yes syslog = 1 syslog only = no socket options = TCP_NODELAY SO_KEEPALIVE SO_RCVBUF=16384 SO_SNDBUF=16384 kernel oplocks = no unix extensions = no [testSHARE] path = /home/testSHARE read only = Yes guest ok = Yes veto files = /*.jpg/ delete veto files = no oplocks = no
Re: [Samba] Help Samba license
On Wed, 2013-07-10 at 11:30 +0800, blue_sky886 wrote: Hi, I want to use library of samba that license is GPLv2 in my program that is proprietary. The source code version of samba is 3.0.6. Is it possible to modify the license to LGPL? Thanks. No, it is not possible. We can only suggest you licence your program under GPL compatible terms. Additionally, all supported Samba versions are now licensed under GPLv3 or later, with only some specific support libraries under other less protective licences. I hope this clarifies things, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help Samba license
On Wed, Jul 10, 2013 at 11:30:35AM +0800, blue_sky886 wrote: Hi, I want to use library of samba that license is GPLv2 in my program that is proprietary. The source code version of samba is 3.0.6. Is it possible to modify the license to LGPL? I'm afraid not. Your only options are to release your own code under a GPLv2 compatible license or to cease using the Samba library with your proprietary code. Regards, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Help Samba license
Hi, I want to use library of samba that license is GPLv2 in my program that is proprietary. The source code version of samba is 3.0.6. Is it possible to modify the license to LGPL? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Help required for samba -3.0.5.1-0
Hello, I am trying to use samba -3.0.5.1-0 to transfer a file to an windows 8 machine but it fails when windows-8 is under work group or domain. Could you please provide help and let me know the reason for transfer failure. Steps followed to transfer the file from linux system (2.4 kernel) to windows 8 system. 1) smbclient -U user name%password -d 3 //windows 8 ip path to shared folder with all permissions command from terminal. result: connection is established, prompt changes to smb. 2)mput file_name. Sometimes 0KB file is transferred or samba transfer fails . Regards, Bharath Kumar.B SASKEN BUSINESS DISCLAIMER: This message may contain confidential, proprietary or legally privileged information. In case you are not the original intended Recipient of the message, you must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message and you are requested to delete it and inform the sender. Any views expressed in this message are those of the individual sender unless otherwise stated. Nothing contained in this message shall be construed as an offer or acceptance of any offer by Sasken Communication Technologies Limited (Sasken) unless sent with that express intent and with due authority of Sasken. Sasken has taken enough precautions to prevent the spread of viruses. However the company accepts no liability for any damage caused by any virus transmitted by this email. Read Disclaimer at http://www.sasken.com/extras/mail_disclaimer.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Help with 'samba-tool dsacl set ...'
I've tried setting default object permissions for the automountMap and automount objects when they're added to my schema but I'm still getting acl errors. I would assume that the 'samba-tool dsacl set' command could help me but I have no clue where to start with syntax and I looked at the python to see if I could find it but to no avail. From using MMC on the windows side I assume I need the following permissions... Authenticated Users: View SYSTEM: Full Domain Admins: Full so without knowing how... samba-tool dsacl set -URL=ldap://sambaserver.mydomain \ --action=allow \ --objectdn='automountMapName=auto.master,DC=MYDOMAIN' \ --trusteedn='CN=Administrator,CN=Users,DC=MYDOMAIN' \ -U Administrator \ --sddl= probably miles away... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Help pls. -- Samba permission question
Hi, All, I'm having a problem with my samba server(v3.6.9) setup. I have a share on the server: #cd / #mkdir managment #chown -R root:managegroup management #chowm -R 2770 management When I test this I found out: the managegroup member can create new file/dir with the correct permission: -rwxrws--- or drwxrws--- BUT, when the client copy a file or dir to the share from his local drive, then some file/dir will have different the permission when it coiped to the Samba share. (for example, drwxrwxr-x) We have both Windows and Ubuntu client. Ubuntu client use cifs.mount to access the Samba share. Here is my smb.conf file. Please help me. All I want is when and file and/or dir end up on the samba share, it should have 770 permission. Thanks. Gao my smb.conf: [global] workgroup = WORKGROUP server string = My File Server interfaces = lo bond0 192.168.1.2/24 hosts allow = 127. 192.168.1. log file = /var/log/samba/log.%m max log size = 1000 security = user passdb backend = tdbsam guest account = nobody map to guest = Bad User wins support = yes dns proxy = no map acl inherit = yes nt acl support = yes load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes create mask = 0770 force security mode = 0770 force create mode = 0770 directory mask = 0770 force directory mode = 0770 [Management] comment = path = /management browsable = yes public = no writable = yes read only = no force group = management valid users = @management -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help pls. -- Samba permission question
If you want the CIFS permissions to be set correctly, use the Samba/CIFS tools to set them (ie. set them from the client. Don't set them using Unix permissions on the server). Your example shows you setting the group to managegroup but your smb.conf forces the group to management. Which is it? The last line in your server commands I believe should be chmod, not chowm. On 12/12/12 12:21 PM, J Gao wrote: Hi, All, I'm having a problem with my samba server(v3.6.9) setup. I have a share on the server: #cd / #mkdir managment #chown -R root:managegroup management #chowm -R 2770 management When I test this I found out: the managegroup member can create new file/dir with the correct permission: -rwxrws--- or drwxrws--- BUT, when the client copy a file or dir to the share from his local drive, then some file/dir will have different the permission when it coiped to the Samba share. (for example, drwxrwxr-x) We have both Windows and Ubuntu client. Ubuntu client use cifs.mount to access the Samba share. Here is my smb.conf file. Please help me. All I want is when and file and/or dir end up on the samba share, it should have 770 permission. Thanks. Gao my smb.conf: [global] workgroup = WORKGROUP server string = My File Server interfaces = lo bond0 192.168.1.2/24 hosts allow = 127. 192.168.1. log file = /var/log/samba/log.%m max log size = 1000 security = user passdb backend = tdbsam guest account = nobody map to guest = Bad User wins support = yes dns proxy = no map acl inherit = yes nt acl support = yes load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes create mask = 0770 force security mode = 0770 force create mode = 0770 directory mask = 0770 force directory mode = 0770 [Management] comment = path = /management browsable = yes public = no writable = yes read only = no force group = management valid users = @management -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help pls. -- Samba permission question
Thank you Gary for the help. On 12-12-12 09:45 AM, Gary Dale wrote: If you want the CIFS permissions to be set correctly, use the Samba/CIFS tools to set them (ie. set them from the client. Don't set them using Unix permissions on the server). I don't know if I'm doing it correct. I'm using a bash script to help user mount the CIFS share like this: sudo mount.cifs //fileserver/management/ ${HOME}/fileserver/management -o user=${USER},password=$userPass,uid=$UID,rw,mand Could you give me an example on using Samba/CIFS tools? Your example shows you setting the group to managegroup but your smb.conf forces the group to management. Which is it? my typo. I want make clear so I change the group name to managegroup. The actual group name it the same managment which I think may cause confusion when I post my question. Sorry. Bets Regards. Gao The last line in your server commands I believe should be chmod, not chowm. On 12/12/12 12:21 PM, J Gao wrote: Hi, All, I'm having a problem with my samba server(v3.6.9) setup. I have a share on the server: #cd / #mkdir managment #chown -R root:managegroup management #chowm -R 2770 management When I test this I found out: the managegroup member can create new file/dir with the correct permission: -rwxrws--- or drwxrws--- BUT, when the client copy a file or dir to the share from his local drive, then some file/dir will have different the permission when it coiped to the Samba share. (for example, drwxrwxr-x) We have both Windows and Ubuntu client. Ubuntu client use cifs.mount to access the Samba share. Here is my smb.conf file. Please help me. All I want is when and file and/or dir end up on the samba share, it should have 770 permission. Thanks. Gao my smb.conf: [global] workgroup = WORKGROUP server string = My File Server interfaces = lo bond0 192.168.1.2/24 hosts allow = 127. 192.168.1. log file = /var/log/samba/log.%m max log size = 1000 security = user passdb backend = tdbsam guest account = nobody map to guest = Bad User wins support = yes dns proxy = no map acl inherit = yes nt acl support = yes load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes create mask = 0770 force security mode = 0770 force create mode = 0770 directory mask = 0770 force directory mode = 0770 [Management] comment = path = /management browsable = yes public = no writable = yes read only = no force group = management valid users = @management -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help pls. -- Samba permission question
On 12/12/12 02:07 PM, J Gao wrote: Thank you Gary for the help. On 12-12-12 09:45 AM, Gary Dale wrote: If you want the CIFS permissions to be set correctly, use the Samba/CIFS tools to set them (ie. set them from the client. Don't set them using Unix permissions on the server). I don't know if I'm doing it correct. I'm using a bash script to help user mount the CIFS share like this: sudo mount.cifs //fileserver/management/ ${HOME}/fileserver/management -o user=${USER},password=$userPass,uid=$UID,rw,mand Could you give me an example on using Samba/CIFS tools? That line mounts the share using the credentials you gave it but that doesn't set the permissions. If you right-click on the share's folder, you should be able to set the CIFS permissions. Your example shows you setting the group to managegroup but your smb.conf forces the group to management. Which is it? my typo. I want make clear so I change the group name to managegroup. The actual group name it the same managment which I think may cause confusion when I post my question. Sorry. Bets Regards. Gao So is your user a member of management? Rather than forcing the group to management, you could just add members to the group. Also, when you set the Unix ownership and permissions too tightly, you may prevent Samba from accessing the share properly. Since the share directories and files are to be accessed only through CIFS/Samba, the Unix permissions can and should be very loose. My shares all have Unix permissions with everyone having rwx access. The last line in your server commands I believe should be chmod, not chowm. On 12/12/12 12:21 PM, J Gao wrote: Hi, All, I'm having a problem with my samba server(v3.6.9) setup. I have a share on the server: #cd / #mkdir managment #chown -R root:managegroup management #chowm -R 2770 management When I test this I found out: the managegroup member can create new file/dir with the correct permission: -rwxrws--- or drwxrws--- BUT, when the client copy a file or dir to the share from his local drive, then some file/dir will have different the permission when it coiped to the Samba share. (for example, drwxrwxr-x) We have both Windows and Ubuntu client. Ubuntu client use cifs.mount to access the Samba share. Here is my smb.conf file. Please help me. All I want is when and file and/or dir end up on the samba share, it should have 770 permission. Thanks. Gao my smb.conf: [global] workgroup = WORKGROUP server string = My File Server interfaces = lo bond0 192.168.1.2/24 hosts allow = 127. 192.168.1. log file = /var/log/samba/log.%m max log size = 1000 security = user passdb backend = tdbsam guest account = nobody map to guest = Bad User wins support = yes dns proxy = no map acl inherit = yes nt acl support = yes load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes create mask = 0770 force security mode = 0770 force create mode = 0770 directory mask = 0770 force directory mode = 0770 [Management] comment = path = /management browsable = yes public = no writable = yes read only = no force group = management valid users = @management -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help pls. -- Samba permission question
On 12-12-12 12:52 PM, Gary Dale wrote: On 12/12/12 02:07 PM, J Gao wrote: Thank you Gary for the help. On 12-12-12 09:45 AM, Gary Dale wrote: If you want the CIFS permissions to be set correctly, use the Samba/CIFS tools to set them (ie. set them from the client. Don't set them using Unix permissions on the server). I don't know if I'm doing it correct. I'm using a bash script to help user mount the CIFS share like this: sudo mount.cifs //fileserver/management/ ${HOME}/fileserver/management -o user=${USER},password=$userPass,uid=$UID,rw,mand Could you give me an example on using Samba/CIFS tools? That line mounts the share using the credentials you gave it but that doesn't set the permissions. If you right-click on the share's folder, you should be able to set the CIFS permissions. OK, right-click in natilus works. But how can I set this up by default. I mean once the share mounted, it will set the correct permission to 770 if the user copy files on the share? I read man page for the cifs.mount but I couldn't figure it out myself. Here are more info: 1. The management group has gid=1018 on the server. 2. Once the share mounted on the Ubuntu client, the share's group ID set to numeric 1018. (there isn't a local gid 1018) 3. When copy a file, for example: -rwxr--r-- 1 gao gao14429 Nov 20 09:56 test to the mounted share, the permission appears to be: -rwxrwxr-- 1 gao 1018 14429 Nov 20 09:56 test And I check it on the Samba server: -rwxrwxr-- 1 gao management 14429 Nov 20 09:56 test So the permission changed to 774, not 770. I think somehow it combined the permission here. Just like you said, I can change it to 770 from the right-click. But I prefer to do it automatically. Please help. Thanks a lot. Gao Your example shows you setting the group to managegroup but your smb.conf forces the group to management. Which is it? my typo. I want make clear so I change the group name to managegroup. The actual group name it the same managment which I think may cause confusion when I post my question. Sorry. Bets Regards. Gao So is your user a member of management? Rather than forcing the group to management, you could just add members to the group. Also, when you set the Unix ownership and permissions too tightly, you may prevent Samba from accessing the share properly. Since the share directories and files are to be accessed only through CIFS/Samba, the Unix permissions can and should be very loose. My shares all have Unix permissions with everyone having rwx access. The last line in your server commands I believe should be chmod, not chowm. On 12/12/12 12:21 PM, J Gao wrote: Hi, All, I'm having a problem with my samba server(v3.6.9) setup. I have a share on the server: #cd / #mkdir managment #chown -R root:managegroup management #chowm -R 2770 management When I test this I found out: the managegroup member can create new file/dir with the correct permission: -rwxrws--- or drwxrws--- BUT, when the client copy a file or dir to the share from his local drive, then some file/dir will have different the permission when it coiped to the Samba share. (for example, drwxrwxr-x) We have both Windows and Ubuntu client. Ubuntu client use cifs.mount to access the Samba share. Here is my smb.conf file. Please help me. All I want is when and file and/or dir end up on the samba share, it should have 770 permission. Thanks. Gao my smb.conf: [global] workgroup = WORKGROUP server string = My File Server interfaces = lo bond0 192.168.1.2/24 hosts allow = 127. 192.168.1. log file = /var/log/samba/log.%m max log size = 1000 security = user passdb backend = tdbsam guest account = nobody map to guest = Bad User wins support = yes dns proxy = no map acl inherit = yes nt acl support = yes load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes create mask = 0770 force security mode = 0770 force create mode = 0770 directory mask = 0770 force directory mode = 0770 [Management] comment = path = /management browsable = yes public = no writable = yes read only = no force group = management valid users = @management -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help pls. -- Samba permission question
On 12/12/12 05:18 PM, J Gao wrote: On 12-12-12 12:52 PM, Gary Dale wrote: On 12/12/12 02:07 PM, J Gao wrote: Thank you Gary for the help. On 12-12-12 09:45 AM, Gary Dale wrote: If you want the CIFS permissions to be set correctly, use the Samba/CIFS tools to set them (ie. set them from the client. Don't set them using Unix permissions on the server). I don't know if I'm doing it correct. I'm using a bash script to help user mount the CIFS share like this: sudo mount.cifs //fileserver/management/ ${HOME}/fileserver/management -o user=${USER},password=$userPass,uid=$UID,rw,mand Could you give me an example on using Samba/CIFS tools? That line mounts the share using the credentials you gave it but that doesn't set the permissions. If you right-click on the share's folder, you should be able to set the CIFS permissions. OK, right-click in natilus works. But how can I set this up by default. I mean once the share mounted, it will set the correct permission to 770 if the user copy files on the share? I read man page for the cifs.mount but I couldn't figure it out myself. Here are more info: 1. The management group has gid=1018 on the server. 2. Once the share mounted on the Ubuntu client, the share's group ID set to numeric 1018. (there isn't a local gid 1018) 3. When copy a file, for example: -rwxr--r-- 1 gao gao14429 Nov 20 09:56 test to the mounted share, the permission appears to be: -rwxrwxr-- 1 gao 1018 14429 Nov 20 09:56 test And I check it on the Samba server: -rwxrwxr-- 1 gao management 14429 Nov 20 09:56 test So the permission changed to 774, not 770. I think somehow it combined the permission here. Just like you said, I can change it to 770 from the right-click. But I prefer to do it automatically. Please help. Thanks a lot. Gao If you have the domain created correctly, the Samba database keeps the CIFS permissions. The Unix permissions aren't needed. Keep in mind that the two sets of permissions are distinct. If you set the CIFS permissions they are remembered. Checking the Unix permissions to see what the CIFS permissions are doesn't work. Having a Unix group called management isn't helpful unless it maps to a CIFS group. For example, most Samba users map the CIFS Domain Users to the Unix users. This is in the Samba documentation. The 1018 simply shows that there is no CIFS group recognized for 1018 (don't forget, you are forcing the group - probably not what you really want to do). You really want to set up a CIFS group called management and add CIFS users to it. Samba maps CIFS users to Unix users if the name is the same. Have you tried using SWAT to manage your users and shares? It makes things easier if you don't have a Windows client to work from. Your example shows you setting the group to managegroup but your smb.conf forces the group to management. Which is it? my typo. I want make clear so I change the group name to managegroup. The actual group name it the same managment which I think may cause confusion when I post my question. Sorry. Bets Regards. Gao So is your user a member of management? Rather than forcing the group to management, you could just add members to the group. Also, when you set the Unix ownership and permissions too tightly, you may prevent Samba from accessing the share properly. Since the share directories and files are to be accessed only through CIFS/Samba, the Unix permissions can and should be very loose. My shares all have Unix permissions with everyone having rwx access. The last line in your server commands I believe should be chmod, not chowm. On 12/12/12 12:21 PM, J Gao wrote: Hi, All, I'm having a problem with my samba server(v3.6.9) setup. I have a share on the server: #cd / #mkdir managment #chown -R root:managegroup management #chowm -R 2770 management When I test this I found out: the managegroup member can create new file/dir with the correct permission: -rwxrws--- or drwxrws--- BUT, when the client copy a file or dir to the share from his local drive, then some file/dir will have different the permission when it coiped to the Samba share. (for example, drwxrwxr-x) We have both Windows and Ubuntu client. Ubuntu client use cifs.mount to access the Samba share. Here is my smb.conf file. Please help me. All I want is when and file and/or dir end up on the samba share, it should have 770 permission. Thanks. Gao my smb.conf: [global] workgroup = WORKGROUP server string = My File Server interfaces = lo bond0 192.168.1.2/24 hosts allow = 127. 192.168.1. log file = /var/log/samba/log.%m max log size = 1000 security = user passdb backend = tdbsam guest account = nobody map to guest = Bad User wins support = yes dns proxy = no map acl inherit = yes nt acl support = yes load printers = no
Re: [Samba] Help pls. -- Samba permission question
On 12-12-12 03:02 PM, Gary Dale wrote: On 12/12/12 05:18 PM, J Gao wrote: On 12-12-12 12:52 PM, Gary Dale wrote: On 12/12/12 02:07 PM, J Gao wrote: Thank you Gary for the help. On 12-12-12 09:45 AM, Gary Dale wrote: If you want the CIFS permissions to be set correctly, use the Samba/CIFS tools to set them (ie. set them from the client. Don't set them using Unix permissions on the server). I don't know if I'm doing it correct. I'm using a bash script to help user mount the CIFS share like this: sudo mount.cifs //fileserver/management/ ${HOME}/fileserver/management -o user=${USER},password=$userPass,uid=$UID,rw,mand Could you give me an example on using Samba/CIFS tools? That line mounts the share using the credentials you gave it but that doesn't set the permissions. If you right-click on the share's folder, you should be able to set the CIFS permissions. OK, right-click in natilus works. But how can I set this up by default. I mean once the share mounted, it will set the correct permission to 770 if the user copy files on the share? I read man page for the cifs.mount but I couldn't figure it out myself. Here are more info: 1. The management group has gid=1018 on the server. 2. Once the share mounted on the Ubuntu client, the share's group ID set to numeric 1018. (there isn't a local gid 1018) 3. When copy a file, for example: -rwxr--r-- 1 gao gao14429 Nov 20 09:56 test to the mounted share, the permission appears to be: -rwxrwxr-- 1 gao 1018 14429 Nov 20 09:56 test And I check it on the Samba server: -rwxrwxr-- 1 gao management 14429 Nov 20 09:56 test So the permission changed to 774, not 770. I think somehow it combined the permission here. Just like you said, I can change it to 770 from the right-click. But I prefer to do it automatically. Please help. Thanks a lot. Gao If you have the domain created correctly, the Samba database keeps the CIFS permissions. The Unix permissions aren't needed. Keep in mind that the two sets of permissions are distinct. If you set the CIFS permissions they are remembered. Checking the Unix permissions to see what the CIFS permissions are doesn't work. Having a Unix group called management isn't helpful unless it maps to a CIFS group. For example, most Samba users map the CIFS Domain Users to the Unix users. This is in the Samba documentation. The 1018 simply shows that there is no CIFS group recognized for 1018 (don't forget, you are forcing the group - probably not what you really want to do). You really want to set up a CIFS group called management and add CIFS users to it. Samba maps CIFS users to Unix users if the name is the same. Have you tried using SWAT to manage your users and shares? It makes things easier if you don't have a Windows client to work from. Looks like I need more reading. I googled for CIFS group and got lots oracle/silaris but not much for linux. WHen you say CIFS group, do you mean a local group on the client PC? Also I quickly installed SWAT and I can't find anywhere about CIFS group. Gao Your example shows you setting the group to managegroup but your smb.conf forces the group to management. Which is it? my typo. I want make clear so I change the group name to managegroup. The actual group name it the same managment which I think may cause confusion when I post my question. Sorry. Bets Regards. Gao So is your user a member of management? Rather than forcing the group to management, you could just add members to the group. Also, when you set the Unix ownership and permissions too tightly, you may prevent Samba from accessing the share properly. Since the share directories and files are to be accessed only through CIFS/Samba, the Unix permissions can and should be very loose. My shares all have Unix permissions with everyone having rwx access. The last line in your server commands I believe should be chmod, not chowm. On 12/12/12 12:21 PM, J Gao wrote: Hi, All, I'm having a problem with my samba server(v3.6.9) setup. I have a share on the server: #cd / #mkdir managment #chown -R root:managegroup management #chowm -R 2770 management When I test this I found out: the managegroup member can create new file/dir with the correct permission: -rwxrws--- or drwxrws--- BUT, when the client copy a file or dir to the share from his local drive, then some file/dir will have different the permission when it coiped to the Samba share. (for example, drwxrwxr-x) We have both Windows and Ubuntu client. Ubuntu client use cifs.mount to access the Samba share. Here is my smb.conf file. Please help me. All I want is when and file and/or dir end up on the samba share, it should have 770 permission. Thanks. Gao my smb.conf: [global] workgroup = WORKGROUP server string = My File Server interfaces = lo bond0 192.168.1.2/24 hosts allow = 127. 192.168.1. log file = /var/log/samba/log.%m max
Re: [Samba] Help pls. -- Samba permission question
On 12/12/12 08:01 PM, J Gao wrote: On 12-12-12 03:02 PM, Gary Dale wrote: On 12/12/12 05:18 PM, J Gao wrote: On 12-12-12 12:52 PM, Gary Dale wrote: On 12/12/12 02:07 PM, J Gao wrote: Thank you Gary for the help. On 12-12-12 09:45 AM, Gary Dale wrote: If you want the CIFS permissions to be set correctly, use the Samba/CIFS tools to set them (ie. set them from the client. Don't set them using Unix permissions on the server). I don't know if I'm doing it correct. I'm using a bash script to help user mount the CIFS share like this: sudo mount.cifs //fileserver/management/ ${HOME}/fileserver/management -o user=${USER},password=$userPass,uid=$UID,rw,mand Could you give me an example on using Samba/CIFS tools? That line mounts the share using the credentials you gave it but that doesn't set the permissions. If you right-click on the share's folder, you should be able to set the CIFS permissions. OK, right-click in natilus works. But how can I set this up by default. I mean once the share mounted, it will set the correct permission to 770 if the user copy files on the share? I read man page for the cifs.mount but I couldn't figure it out myself. Here are more info: 1. The management group has gid=1018 on the server. 2. Once the share mounted on the Ubuntu client, the share's group ID set to numeric 1018. (there isn't a local gid 1018) 3. When copy a file, for example: -rwxr--r-- 1 gao gao14429 Nov 20 09:56 test to the mounted share, the permission appears to be: -rwxrwxr-- 1 gao 1018 14429 Nov 20 09:56 test And I check it on the Samba server: -rwxrwxr-- 1 gao management 14429 Nov 20 09:56 test So the permission changed to 774, not 770. I think somehow it combined the permission here. Just like you said, I can change it to 770 from the right-click. But I prefer to do it automatically. Please help. Thanks a lot. Gao If you have the domain created correctly, the Samba database keeps the CIFS permissions. The Unix permissions aren't needed. Keep in mind that the two sets of permissions are distinct. If you set the CIFS permissions they are remembered. Checking the Unix permissions to see what the CIFS permissions are doesn't work. Having a Unix group called management isn't helpful unless it maps to a CIFS group. For example, most Samba users map the CIFS Domain Users to the Unix users. This is in the Samba documentation. The 1018 simply shows that there is no CIFS group recognized for 1018 (don't forget, you are forcing the group - probably not what you really want to do). You really want to set up a CIFS group called management and add CIFS users to it. Samba maps CIFS users to Unix users if the name is the same. Have you tried using SWAT to manage your users and shares? It makes things easier if you don't have a Windows client to work from. Looks like I need more reading. I googled for CIFS group and got lots oracle/silaris but not much for linux. WHen you say CIFS group, do you mean a local group on the client PC? Also I quickly installed SWAT and I can't find anywhere about CIFS group. Gao That's a Windows Domain group in M$ parlance. The group is recognized on the member server because it comes from the Domain. That's why I used the example of Domain Users as a CIFS group, as distinct from the Unix group users. Windows provides graphical tools for managing groups and users on the Domain Controller, but you can also do it from the command line in Linux. Something like net rpc group ADD groupname should work. Once the group is created, you can populate it with users. The essential point is that the Windows Domain model is different from the Unix security model. When you are using Samba, use Samba and the Windows way of handling things. Don't try to use Unix tools. You're not in Unix-land anymore. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] help
Is this samba 3.x Samba 3.x domains and domain controllers function like Windows NT4 domains. They are not like Windows 200x Active Directory servers and domains. The domain name has to be a simple netbios compatible name. A single name not fqdn. I do not believe that . are a valid character. I think the domain name can not exceed 15 or 15 characters. On 11/15/12 14:38, Hanganu Sergiu wrote: hello i m not speaking very well english i m trying to configure samba .i m using debian as O.S. my problem is : i want to configure a local domain as PDC this is a part of a little example /|workgroup = MIDEARTH|/ /|domain logons = Yes|/ /|domain master = Yes|/ /|security = User |/ /|workgroup = MIDEARTH.MILANO|/ /|domain logons = Yes|/ /|domain master = Yes|/ /|security = User|/ my domain will be MIDEARTH This is working, but if i will change in MIDEARH.MILANO ...is not working when i m trying to connect a xp pro client with the domain name MIDEARTH is working but if i change in MIDEARTH.MILANO like fqnd is not working and i don t understand why.. i m trying to find on google same example but i can t find anything like this.. PLEASE HELP ME THANK YOU -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] help
hello i m not speaking very well english i m trying to configure samba .i m using debian as O.S. my problem is : i want to configure a local domain as PDC this is a part of a little example /|workgroup = MIDEARTH|/ /|domain logons = Yes|/ /|domain master = Yes|/ /|security = User |/ /|workgroup = MIDEARTH.MILANO|/ /|domain logons = Yes|/ /|domain master = Yes|/ /|security = User|/ my domain will be MIDEARTH This is working, but if i will change in MIDEARH.MILANO ...is not working when i m trying to connect a xp pro client with the domain name MIDEARTH is working but if i change in MIDEARTH.MILANO like fqnd is not working and i don t understand why.. i m trying to find on google same example but i can t find anything like this.. PLEASE HELP ME THANK YOU -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] help netlogin and sysvol missing in samba4 on snow leopard OS
All I've installed samba 4 fine and when I run /usr/local/samba/sbin/samba I get a warning Unknown parameter encountered: idmap domains Ignoring unknown parameter idmap domains Unknown parameter encountered: idmap alloc backend Ignoring unknown parameter idmap alloc backend Unknown parameter encountered: display charset Ignoring unknown parameter display charset Unknown parameter encountered: stream support Ignoring unknown parameter stream support Unknown parameter encountered: use kerberos keytab Ignoring unknown parameter use kerberos keytab Unknown parameter encountered: enable disk services Ignoring unknown parameter enable disk services Unknown parameter encountered: enable print services Ignoring unknown parameter enable print services Also when I check the smb.config the netlogon and sysvol are missing Do I add the parameters for both or what ,any guidelines or smb.config template Any ideas? -- Best regards Godfrey -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] help with shadow copy implementation
Hi, Over the past several days I have been trying to get the shadow to work with samba but haven't been successful. Can someone check below config and let me know if I am missing something? We are using Equallogic SAN and iSCSI LUNS to mount volumes. I can cleanly access samba shares on Windows 7 clients but just not shadow copy. I have referred the official how-to but couldn't get it to work. I see these messages in the logs. Any help is deeply appreciated. - What should be value of shadow:snapdir? [2012/10/31 12:20:53.549863, 0] smbd/nttrans.c:2170(call_nt_transact_ioctl) FSCTL_GET_SHADOW_COPY_DATA: connectpath /fs/test-01, failed. [2012/10/31 12:21:13.887198, 0] modules/vfs_shadow_copy2.c:734(shadow_copy2_get_shadow_copy2_data) shadow:snapdir not found for /fs/test-01 in get_shadow_copy_data [2012/10/31 12:21:13.887265, 0] smbd/nttrans.c:2170(call_nt_transact_ioctl) FSCTL_GET_SHADOW_COPY_DATA: connectpath /fs/test-01, failed. == Samba pkgs == samba-3.5.10-116.el6_2.x86_64 samba-common-3.5.10-116.el6_2.x86_64 samba-winbind-clients-3.5.10-116.el6_2.x86_64 samba-client-3.5.10-116.el6_2.x86_64 === df -h == /dev/mapper/eql-0-fs-test015.0G 2.3G 2.5G 48% /fs/test-01 /dev/mapper/eql-2-0+fs-test01 5.0G 2.3G 2.5G 48% /fs/test-01/@GMT-2012.10.26-17.32.42/fs/test-01mailto:/fs/test-01/@GMT-2012.10.26-17.32.42/fs/test-01 (SNAPSHOT-1) /dev/mapper/eql-d-0+fs-test01 5.0G 2.3G 2.5G 48% /fs/test-01/@GMT-2012.10.31-11.52.42/fs/test-01mailto:/fs/test-01/@GMT-2012.10.31-11.52.42/fs/test-01 (SNAPSHOT- 2) ===/etc/samba/smb.conf === [global] workgroup = DOMAIN server string = Samba Server Version %v security = ads realm = DOMAIN.CORP encrypt passwords = yes guest account = nobody map to guest = bad uid log file = /var/log/samba/%m.log domain master = no local master = no preferred master = no os level = 0 load printers = no show add printer wizard = no printable = no printcap name = /dev/null disable spoolss = yes follow symlinks = yes wide links = yes unix extensions = no [test] comment = Test Directories path = /fs/test-01 vfs objects = shadow_copy2 #shadow_copy2: sort = desc #shadow: localtime = yes #shadow: snapdir = /fs/test-01/test #shadow: basedir = /fs/test-01 guest ok = yes writeable = yes map archive = no force create mode = 0660 force directory mode = 2770 inherit owner = yes inherit permissions = yes All feedback is welcome. Thanks! Confidentiality Notice from Laurion Capital Management LP: The information in this message, including any attachment, is confidential and intended for use only by the designated recipient(s) named above. It is the property of Laurion Capital Management LP or its affiliates. If you are not the intended recipient, please return the message to the sender and delete all copies of it, including attachments, from your computer. Unauthorized use, disclosure, dissemination or copying of this message or any part hereof is strictly prohibited. This message is for information purposes only. The information expressed herein may be changed at any time without notice or obligation to update. No warranty is made as to the completeness or accuracy of the information contained in this communication. Any views or opinions presented are those of only the author and do not necessarily represent those of Laurion Capital Management LP or its related entities. This communication is for information purposes only and should not be regarded as an offer, solicitation or recommendation to sell or purchase any security or other financial product. Email transmission cannot be guaranteed to be secure, virus-free or error-free. Therefore, we do not represent that this message is virus-free, complete or accurate and it should not be relied upon as such. Laurion Capital Management LP and its affiliates accept no liability for any damage sustained in connection with the content or transmission of this message. Laurion Capital Management LP and its related entities reserve the right to monitor all e-mail communications through their networks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Help to understand file/parent permissions
Hi guys, i am having a very strange problem that is driving me crazy. I have a very simple samba setup I am using version 3.5.10-0.107.el5 # cat /etc/samba/smb.conf [global] realm = MYDOMAIN.BIZ security = ADS idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 [test] path = /tmp/temp read only = No Inside /tmp/test i have the following tree: # ls -laR /tmp/temp/ /tmp/temp/: total 4 drwxr-xr-x 3 root root 1024 Oct 11 10:35 . drwxrwxrwt 5 root root 1024 Oct 11 10:42 .. drwxr-xr-x 2 myuser root 1024 Oct 11 10:42 someFolder /tmp/temp/someFolder: total 2 drwxr-xr-x 2 myuser root 1024 Oct 11 10:42 . drwxr-xr-x 3 root root 1024 Oct 11 10:35 .. -rw-r--r-- 1 root root0 Oct 11 10:36 someFile I can connect from windows 7 to the share just fine using myuser. So now comes the question: Why myuser can rename someFile if its owned by root:root and permission is -rw-r--r-- ? (Though i can not change its contents). I think this is related to myuser being the owner of the folder itself, but i am not sure because of the behaviour in this other question: Why if i set permission to -rw-r-, now myuser can not rename the file anymore ? []'s Salatiel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Help with setting up cups and printing in samba4 rc1
Help with setting up cups and printing in samba4 rc1 I need help with setting up cups and printing in samba4 rc1 I have added the shares required for samba4 to use printing but the printers do not show up when you browse the share could someone please help me get my printer to show up in the samba4 share? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Help setting up global catalog
Hallo, i've just setup a Samba4 beta7 on a centos 6.3 with bind 9.8.2. I followed the instructions at http://wiki.samba.org/index.php/Samba4/HOWTO It's up and running. But when I add a user on the Windows 7 AD console, I got a message that there is no global catalog. I'm realy sorry, but after some hours googling around, I don't have any idea to solve that problem. Some help would be realy appriciated. Regards Sebastian Mißfeldt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help infomation to build the system as Microsoft Active Directory !
Many of your questions should be answered on www.samba.org and wiki.samba.org Samba4 provides Active Directory functionality. It is free - you don't have to pay for it, but there is the cost of your time. On 07/24/12 08:08, Ha Minh Ai wrote: Dear Mr/Madam, We have wanted to build the system for centralizal management: User account, printer, policy, deploy softwares to client, manage update OS, Single Sign On, I know there have a same system as Micrsoft Active Directory, but we haven't a lot dollars. Please help me to answer some questions as the below: - How is the solution (*OpenLDAP + Samba*) on Ubuntu, RHEL/CentOS or SUSE server ? - How many user can the system support maximum ? - Could i build the system include Primary Domain Controller Server and Additional Domain Controller ? - Does Samba/OpenLDAP has cost-edition for enterprise ? If yes, what is it different from free-edition ? I'm looking forward to supporting from you. Thanks so much Best regards, Aihm -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Help infomation to build the system as Microsoft Active Directory !
Dear Mr/Madam, We have wanted to build the system for centralizal management: User account, printer, policy, deploy softwares to client, manage update OS, Single Sign On, I know there have a same system as Micrsoft Active Directory, but we haven't a lot dollars. Please help me to answer some questions as the below: - How is the solution (*OpenLDAP + Samba*) on Ubuntu, RHEL/CentOS or SUSE server ? - How many user can the system support maximum ? - Could i build the system include Primary Domain Controller Server and Additional Domain Controller ? - Does Samba/OpenLDAP has cost-edition for enterprise ? If yes, what is it different from free-edition ? I'm looking forward to supporting from you. Thanks so much Best regards, Aihm -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba help?
On Thursday 12 July 2012 1:31:06 am Gémes Géza wrote: Hi Miklos, Hello Geza, I stand chastised and apologize. I didn't mean to hijack someone's thread. I also didn't plan to ask for help in Hungarian, and this is just a coincidence. However, if you can help me I'll take whatever I can get, so thank you. My question/problem is that I have no windows background at all and am trying to configure Samba with Active Directory. I also have no access to any windows machines to test my configuration so I don't know if it works. I believe I'm almost there but how do I know if it's really working? SWAT works fine, but Winbindd won't start. infadmnq:/lssrc -g samba Subsystem GroupPID Status smbd samba14221530 active nmbd samba13893726 active winbindd samba inoperative I ran testparm and it comes back clean. infadmnq:/testparm Load smb config files from /usr/lib/smb.conf Processing section [samba_infaQ] Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions [global] workgroup = HUMC security = DOMAIN auth methods = winbind password server = dchumc01, dchumc02 client NTLMv2 auth = Yes syslog = 3 log file = /var/log/samba ldap ssl = no idmap uid = 1-2 idmap gid = 1-2 winbind enum users = Yes winbind enum groups = Yes [samba_infaQ] comment = Share for DBA SAs path = /samba_infaQ I run: smbclient -L '\\fileserver1\DECN_Shared\' -U INFAservice and I get two pages of output starting like this: Sharename Type Comment - --- CHRT_Shared Disk CHRT Departmental Shared Files HEDU_Shared Disk HEDU Departmental Shared Files MREC_Shared Disk MREC Departmental Shared Files PHBL_Shared Disk PHBL Departmental Shared Files PHRM_Shared Disk PHRM Departmental Shared Files SLAB_Shared Disk SLAB Departmental Shared Files SPAS_Shared Disk SPAS Departmental Shared Files SPTY_Shared Disk SPTY Departmental Shared Files WomenChild Disk Kosonok minden sekitsegett!! Miklos First question: What does wbinfo -p, wbinfo -u and wbinfo -g returns? You wrote, that you have to authenticate your users against an AD. Have you joined it (e.g. net ads join -U username_of_an_AD_user_with_the_priviledge_of_joining (for example an administrator))? Regards Geza -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba I've found that I need to do a few things to make Samba work with AD (and, it does for me. I must have 15 server (Linux and *BSD) connected to our network via Win2008R2-based AD). First, I believe you have to get kerberos set up properly on your Linux box. Next, configure nsswitch.conf to use winbind. Then, you must join the box to the domain, just as Geza mentioned. After that, start samba. Finally, you can run the commands that Geza suggested (wbinfo -p, wbinfo -u and wbinfo -g. I'd also suggest getent passwd). These steps are all very well documented, and, are easy to find, but if you have a problem with anything, let us know. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba help?
On Thursday 12 July 2012 1:31:06 am Gémes Géza wrote: Hi Miklos, Hello Geza, I stand chastised and apologize. I didn't mean to hijack someone's thread. I also didn't plan to ask for help in Hungarian, and this is just a coincidence. However, if you can help me I'll take whatever I can get, so thank you. My question/problem is that I have no windows background at all and am trying to configure Samba with Active Directory. I also have no access to any windows machines to test my configuration so I don't know if it works. I believe I'm almost there but how do I know if it's really working? SWAT works fine, but Winbindd won't start. infadmnq:/lssrc -g samba Subsystem GroupPID Status smbd samba14221530 active nmbd samba13893726 active winbindd samba inoperative I ran testparm and it comes back clean. infadmnq:/testparm Load smb config files from /usr/lib/smb.conf Processing section [samba_infaQ] Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions [global] workgroup = HUMC security = DOMAIN auth methods = winbind password server = dchumc01, dchumc02 client NTLMv2 auth = Yes syslog = 3 log file = /var/log/samba ldap ssl = no idmap uid = 1-2 idmap gid = 1-2 winbind enum users = Yes winbind enum groups = Yes [samba_infaQ] comment = Share for DBA SAs path = /samba_infaQ I run: smbclient -L '\\fileserver1\DECN_Shared\' -U INFAservice and I get two pages of output starting like this: Sharename Type Comment - --- CHRT_Shared Disk CHRT Departmental Shared Files HEDU_Shared Disk HEDU Departmental Shared Files MREC_Shared Disk MREC Departmental Shared Files PHBL_Shared Disk PHBL Departmental Shared Files PHRM_Shared Disk PHRM Departmental Shared Files SLAB_Shared Disk SLAB Departmental Shared Files SPAS_Shared Disk SPAS Departmental Shared Files SPTY_Shared Disk SPTY Departmental Shared Files WomenChild Disk Kosonok minden sekitsegett!! Miklos First question: What does wbinfo -p, wbinfo -u and wbinfo -g returns? You wrote, that you have to authenticate your users against an AD. Have you joined it (e.g. net ads join -U username_of_an_AD_user_with_the_priviledge_of_joining (for example an administrator))? Regards Geza -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba I'm reposting this, as I just resubscribed to the list using my new mail addy: I've found that I need to do a few things to make Samba work with AD (and, it does for me. I must have 15 server (Linux and *BSD) connected to our network via Win2008R2-based AD). First, I believe you have to get kerberos set up properly on your Linux box. Next, configure nsswitch.conf to use winbind. Then, you must join the box to the domain, just as Geza mentioned. After that, start samba. Finally, you can run the commands that Geza suggested (wbinfo -p, wbinfo -u and wbinfo -g. I'd also suggest getent passwd). These steps are all very well documented, and, are easy to find, but if you have a problem with anything, let us know. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba help?
Hello everyone, I have just joined this group (discussion board) and would like to know how it works. Can I just put questions out there about my Samba difficulties and hope someone can help me? Sorry to sound naïve, but I do need help with my Samba config and I have spent months, yes months, trying to get what I am told is a simple thing to work, to work for me and I just can't get it. I would love it if I could get some help because I sure do need it. Respectfully waiting for the kindness of strangers.. Miklos -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Randy Rue Sent: Wednesday, July 11, 2012 5:19 PM To: samba@lists.samba.org Subject: Re: [Samba] compiling samba 3.4.8 on CentOS_6.2 Jonathan, I appreciate the help you've given but you and I are having fundamentally different experiences with 3.5. I've tried everything you've suggested, as well as a bunch of conflicting suggestions from others, with no success. I've narrowed the problem down to the idmap -- ad settings in smb.conf and the best information I have right now suggests that something went wonky in the app sometime after 3.4.8. So right now my immediate objective is to get 3.4.8 running and see if the problem still occurs. A particular help would be at least getting some error in syslog or the samba logs to find out why the binary won't start. Randy -Original Message- From: Jonathan Buzzard [mailto:jonat...@buzzard.me.uk] Sent: Wednesday, July 11, 2012 1:29 AM To: Randy Rue Subject: Re: [Samba] compiling samba 3.4.8 on CentOS_6.2 On 11/07/12 00:32, Randy Rue wrote: Hello All. Been trying without avail to make idmap work with my AD so I can get real UID/GID for SSH logins on a CentOS_6 box. Have heard from several sources that idmap has seen some serious changes since 3.5 and decided to roll back from the stock 3.5 that comes with CentOS_6 to 3.4.8. I'd like to see if it has the same problems. Why, it works just fine at least with the packages in CentOS 6.2. I cannot speak for CentOS 6.3 because it is just out, but I very much doubt it has broken it. JAB. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba *** HUMC's Proactive Security and Virus Scanner has scanned this email for malicious content and it is safe to use*** Important news about our email communications. HackensackUMC has implemented secure messaging services. If you need assistance with retrieving a secure email, please send an e-mail to postmas...@hackensackumc.org Confidentiality Notice: This e-mail message and any attachments from HackensackUMC are confidential and for the sole use of the intended recipient. This communication may contain Protected Health Information (PHI). PHI is confidential information that may only be used or disclosed in accordance with applicable law. There are penalties under the law for the improper use or further disclosure of PHI. If you are not the intended recipient of this e-mail or the employee or agent responsible for delivering the communication to the intended recipient, then you may not read, copy, distribute or otherwise use or disclose the information contained in this message. If you received this message in error, please notify us by telephone at 551.996.2000 or by e-mail to postmas...@hackensackumc.org Please indicate that you were not the intended recipient, and confirm that you have deleted the original message. Please do not retransmit the contents of the message. Thank you. HackensackUMC is a nationally recognized healthcare organization offering patients the most comprehensive services, state-of-the-art technologies, and facilities. HackensackUMC has been named one of America's 50 Best Hospitals by HealthGrades for four years in a row. HackensackUMC is the only hospital in New Jersey, New York, and New England to receive this honor. The medical center has also been ranked by U.S. News and World Report's America's Best Hospitals 2010-11 in Geriatrics and Heart Heart Surgery. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba help?
Hi Miklós, Hello everyone, I have just joined this group (discussion board) and would like to know how it works. Can I just put questions out there about my Samba difficulties and hope someone can help me? Sorry to sound naïve, but I do need help with my Samba config and I have spent months, yes months, trying to get what I am told is a simple thing to work, to work for me and I just can't get it. I would love it if I could get some help because I sure do need it. Respectfully waiting for the kindness of strangers.. Miklos First of all please do not hijack other threads! Second tell us your questions/problems! Third if you need help in Hungarian you can contact me (I wouldn't say I'm the source of knowledge, but if I can help I won't refuse) Regards Geza -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba help?
Hi Miklos, Hello Geza, I stand chastised and apologize. I didn't mean to hijack someone's thread. I also didn't plan to ask for help in Hungarian, and this is just a coincidence. However, if you can help me I'll take whatever I can get, so thank you. My question/problem is that I have no windows background at all and am trying to configure Samba with Active Directory. I also have no access to any windows machines to test my configuration so I don't know if it works. I believe I'm almost there but how do I know if it's really working? SWAT works fine, but Winbindd won't start. infadmnq:/lssrc -g samba Subsystem GroupPID Status smbd samba14221530 active nmbd samba13893726 active winbindd samba inoperative I ran testparm and it comes back clean. infadmnq:/testparm Load smb config files from /usr/lib/smb.conf Processing section [samba_infaQ] Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions [global] workgroup = HUMC security = DOMAIN auth methods = winbind password server = dchumc01, dchumc02 client NTLMv2 auth = Yes syslog = 3 log file = /var/log/samba ldap ssl = no idmap uid = 1-2 idmap gid = 1-2 winbind enum users = Yes winbind enum groups = Yes [samba_infaQ] comment = Share for DBA SAs path = /samba_infaQ I run: smbclient -L '\\fileserver1\DECN_Shared\' -U INFAservice and I get two pages of output starting like this: Sharename Type Comment - --- CHRT_Shared Disk CHRT Departmental Shared Files HEDU_Shared Disk HEDU Departmental Shared Files MREC_Shared Disk MREC Departmental Shared Files PHBL_Shared Disk PHBL Departmental Shared Files PHRM_Shared Disk PHRM Departmental Shared Files SLAB_Shared Disk SLAB Departmental Shared Files SPAS_Shared Disk SPAS Departmental Shared Files SPTY_Shared Disk SPTY Departmental Shared Files WomenChild Disk Kosonok minden sekitsegett!! Miklos First question: What does wbinfo -p, wbinfo -u and wbinfo -g returns? You wrote, that you have to authenticate your users against an AD. Have you joined it (e.g. net ads join -U username_of_an_AD_user_with_the_priviledge_of_joining (for example an administrator))? Regards Geza -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help with migration
On Mon, 2012-05-07 at 09:25 -0400, Gaiseric Vandal wrote: You may want to set up a test environment. I have not been able to get NTLMv2 working properly. I believe enabling NTLMv2 should still systems to negotiate ver 2 but that didn't happen- at least I was unable to login from a Windows 2003 client with a samba PDC. NTLMv2 uses better encryption for authenticating the users than NTLM v1 but I am not sure if the actual password itself gets store differently in LDAP.I think the same hash mechanism is used to store the password. Correct, the same NT hash is used. Also Samba 3.0, while out of security support, does support NTLMv2. It is up to clients to choose to use NTLMv2 - the server has always supported it. Upgrading from Samba 3.0 should be painless, but of course testing is advised. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Help with migration
Hello to all, my name is Alejandro and I have a little question to anyone of this list. I´ve created ,6 years ago, an ldap+smb proyect for a big company. Back then, samba (Lenny server) only worked with NT hashes but now (Squeeze server) they want to authenticate with Win7 (ntlm2 protocols) And configurating windows7 to accept old NT hashes is not an exit. I want to update ONLY the smb package from samba (2:3.2.5-4lenny15) to samba (2:3.5.6~dfsg-3squeeze8). PD: I'm using an OLD and modified by myself openldap version so i cant touch it. My question is this: Have someone of you did this kind of migration any time? can you give me advices? i need to know if something could go wrong in the relation with openldap. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help with migration
Hello Alejandro, Probably to check all the details you need to create a build environment, at first. It's the general advice. As for your question, I had samba-3.5 server (upgraded from 3.0.28) which was able to authenticate all windows: from win98 to win7 (domain members). So I think it's possible to do. Actually I cannot recall any problems I had during the upgrade process, except very little ones. I used 'SerNet' samba builds (btw, many thanks to them!) --- wbr, Denis. On Fri, May 4, 2012 at 8:17 PM, Alejandro Iacobelli aiacobe...@khutech.com.ar wrote: Hello to all, my name is Alejandro and I have a little question to anyone of this list. I´ve created ,6 years ago, an ldap+smb proyect for a big company. Back then, samba (Lenny server) only worked with NT hashes but now (Squeeze server) they want to authenticate with Win7 (ntlm2 protocols) And configurating windows7 to accept old NT hashes is not an exit. I want to update ONLY the smb package from samba (2:3.2.5-4lenny15) to samba (2:3.5.6~dfsg-3squeeze8). PD: I'm using an OLD and modified by myself openldap version so i cant touch it. My question is this: Have someone of you did this kind of migration any time? can you give me advices? i need to know if something could go wrong in the relation with openldap. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help with migration
You may want to set up a test environment. I have not been able to get NTLMv2 working properly. I believe enabling NTLMv2 should still systems to negotiate ver 2 but that didn't happen- at least I was unable to login from a Windows 2003 client with a samba PDC. NTLMv2 uses better encryption for authenticating the users than NTLM v1 but I am not sure if the actual password itself gets store differently in LDAP.I think the same hash mechanism is used to store the password. I upgrade from samba 3.0.x to samba 3.4.x. (both with LDAP backend.) I believe some of the issues I found were - the nobody user and nobody group need to be explicitly mapped - some functionality with domain trusts were fixed, others broken - I may have needed to explicitly grant privilegedes to the Domain Administrators group. (But that may have been because I initially mixed up the group mapping for some groups.) At some point joining machines to the domain got a little trickier.I need to make sure that some samba attributes were precreated type: sambaPrimaryGroupSID value:S-1-5-21-XXX-XXX-XXX-515 type: sambaAccountFlags value: [W ] I am not sure if this issue happened with samba 3.4.x or would have happened in 3.1.x, 3.2x or 3.3.x. It may also be a schema checking hiccup on the LDAP server. On 05/07/12 05:54, Denis Fateyev wrote: Hello Alejandro, Probably to check all the details you need to create a build environment, at first. It's the general advice. As for your question, I had samba-3.5 server (upgraded from 3.0.28) which was able to authenticate all windows: from win98 to win7 (domain members). So I think it's possible to do. Actually I cannot recall any problems I had during the upgrade process, except very little ones. I used 'SerNet' samba builds (btw, many thanks to them!) --- wbr, Denis. On Fri, May 4, 2012 at 8:17 PM, Alejandro Iacobelli aiacobe...@khutech.com.ar wrote: Hello to all, my name is Alejandro and I have a little question to anyone of this list. I´ve created ,6 years ago, an ldap+smb proyect for a big company. Back then, samba (Lenny server) only worked with NT hashes but now (Squeeze server) they want to authenticate with Win7 (ntlm2 protocols) And configurating windows7 to accept old NT hashes is not an exit. I want to update ONLY the smb package from samba (2:3.2.5-4lenny15) to samba (2:3.5.6~dfsg-3squeeze8). PD: I'm using an OLD and modified by myself openldap version so i cant touch it. My question is this: Have someone of you did this kind of migration any time? can you give me advices? i need to know if something could go wrong in the relation with openldap. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help Required
On Fri, May 4, 2012 at 6:50 PM, vaibhav srivastava vaibhavcs...@gmail.comwrote: Hi all, Since I want to run Samba without modifying my existing kernel. Please tell me what are the requirements for the same. What are the package list required in kernel before installing samba. thanks in advance. -- Thanks and Regards, Vaibhav Srivastava Email-id: vaibhavcs...@gmail.com -- Thanks and Regards, Vaibhav Srivastava Email-id: vaibhavcs...@gmail.com Mobile no.: 9552543029 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help Required
Have you looked at any of the samba documentation? What OS ? Most linux distros (as well as solaris unix) have a precompiled samba version bundled or available.Normally you don't have to worry about the kernel. On 05/04/12 09:24, vaibhav srivastava wrote: On Fri, May 4, 2012 at 6:50 PM, vaibhav srivastava vaibhavcs...@gmail.comwrote: Hi all, Since I want to run Samba without modifying my existing kernel. Please tell me what are the requirements for the same. What are the package list required in kernel before installing samba. thanks in advance. -- Thanks and Regards, Vaibhav Srivastava Email-id: vaibhavcs...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] help to install samba
Ensure you got the right version and compiler, also, if using a script to install it use the set -x in the script so you can see where it is failing. Suerte, David -Original Message- From: Rocio de los Angeles Ortíz Barrera Sent: Thursday, April 05, 2012 2:09 PM To: sa...@samba.org Cc: samba-techni...@samba.org Subject: help to install samba Hi this is Rocio Ortiz from CONACyT ( Consejo Nacional de Ciencia y Tecnología) My system is HP-UX 11.11 I would to install samba for this system and i just have HP-UX 11.11 (B8725AA_A.02.04.05_HP-UX_B.11.11_32_64.depot) and HP-UX 11.11 (B8725AA_A.02.03.06_HP-UX_B.11.11_32_64.depot) I tried to install thet but after install them, I have error about dependences. somethig like that: * Software selections: B8725AA,r=A.02.04a,a=HP-UX_B.11.11_32/64,v=HP CIFS-Development.CIFS-PRG,r=A.02.04a,a=HP-UX_B.11.11_32/64,v=HP,fr=A.02.04a,fa=HP-UX_B.11.11_32/64 CIFS-Server.CIFS-ADMIN,r=A.02.04a,a=HP-UX_B.11.11_32/64,v=HP,fr=A.02.04a,fa=HP-UX_B.11.11_32/64 CIFS-Server.CIFS-DOC,r=A.02.04a,a=HP-UX_B.11.11_32/64,v=HP,fr=A.02.04a,fa=HP-UX_B.11.11_32/64 CIFS-Server.CIFS-LIB,r=A.02.04a,a=HP-UX_B.11.11_32/64,v=HP,fr=A.02.04a,fa=HP-UX_B.11.11_32/64 CIFS-Server.CIFS-MAN,r=A.02.04a,a=HP-UX_B.11.11_32/64,v=HP,fr=A.02.04a,fa=HP-UX_B.11.11_32/64 CIFS-Server.CIFS-RUN,r=A.02.04a,a=HP-UX_B.11.11_32/64,v=HP,fr=A.02.04a,fa=HP-UX_B.11.11_32/64 CIFS-Server.CIFS-UTIL,r=A.02.04a,a=HP-UX_B.11.11_32/64,v=HP,fr=A.02.04a,fa=HP-UX_B.11.11_32/64 * Beginning Analysis * appsp3:/: 1 check scripts had warnings. * appsp3:/: The software dependencies for 6 products or filesets cannot be resolved. and I dont now why? can you help me?? thanks Regards Rocio Ortiz Barrera Of.Seguridad jr Dirección de Sistemas, Informatica y Telecomunicaciones Consejo Nacional de Ciencia y Tecnología 52 53227700 ext 4005 -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Help with smbpasswd file
Is there a procedure for copying the smbpasswd from an old machine to a new machine (fresh samba build), and have the new machine recognize the old smbpasswd file? Both machines are aix 6.1 and Samba version 3.5.12. I copied all of the .tdb files but that didn't seem to work. The new machine does not seem to know what is in /usr/local/samba/private/smbpasswd. Below is my smb.conf Thanks, bash-4.2# cat smb.conf [global] workgroup = privateworkgroup netbios name = someserver server string = Some Samba Server %v security = user encrypt passwords = yes passdb backend = smbpasswd log file = /LOGS/log.smbd max log size = 20 log level = 2 delete readonly = yes invalid users = root daemon bin sys adm uucp nuucp lpd imnadm ipsec lp snapp inv scout guest account = nobody host msdfs = no max xmit = 65535 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 strict locking = no allocation roundup size = 2097152 use sendfile = true comment = Samba Share path = /export/shares writeable = yes create mask = 0775 directory mask = 0775 security mask = 0770 force security mode = 770 directory security mask = 0770 force directory security mode = 770 force create mode = 0775 force directory mode = 0775 inherit acls = yes [Tshare] #Windows no Unix yes (Execute bit) map archive = no map system = no map hidden = no [Tshares-unix] #Windows no Unix yes (Execute bit) map archive = yes map system = yes map hidden = yes -- Beau Gauthreaux -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help with smbpasswd file
The testparm -v will let you see which smb.conf file is being used and what the settings are. If the default settings for passwd file and private directory are not to your liking you can specify the in the smb.conf file e.g. # testparm -v | grep -i priv Load smb config files from /etc/samba/smb.conf smb passwd file = /var/lib/samba/private/smbpasswd private dir = /var/lib/samba/private On 03/20/12 14:18, Beau Gauthreaux wrote: Is there a procedure for copying the smbpasswd from an old machine to a new machine (fresh samba build), and have the new machine recognize the old smbpasswd file? Both machines are aix 6.1 and Samba version 3.5.12. I copied all of the .tdb files but that didn't seem to work. The new machine does not seem to know what is in /usr/local/samba/private/smbpasswd. Below is my smb.conf Thanks, bash-4.2# cat smb.conf [global] workgroup = privateworkgroup netbios name = someserver server string = Some Samba Server %v security = user encrypt passwords = yes passdb backend = smbpasswd log file = /LOGS/log.smbd max log size = 20 log level = 2 delete readonly = yes invalid users = root daemon bin sys adm uucp nuucp lpd imnadm ipsec lp snapp inv scout guest account = nobody host msdfs = no max xmit = 65535 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 strict locking = no allocation roundup size = 2097152 use sendfile = true comment = Samba Share path = /export/shares writeable = yes create mask = 0775 directory mask = 0775 security mask = 0770 force security mode = 770 directory security mask = 0770 force directory security mode = 770 force create mode = 0775 force directory mode = 0775 inherit acls = yes [Tshare] #Windows no Unix yes (Execute bit) map archive = no map system = no map hidden = no [Tshares-unix] #Windows no Unix yes (Execute bit) map archive = yes map system = yes map hidden = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Help!!!! Gettting samba core dumps
I transferred a Xen vm that was running on centos 5.7 with samba 3.6.3 to a centos 6.2 bare metal server with one E5502 and 16gig of memory. I have been running Centos for 6 years on different servers for 6 years on several different upgrades. This new server has a dual network card in it. I have samba 3.6.3 on it and here is the smb.conf below: [global] workgroup = workwhatever server string = interfaces = eth0 bind interfaces only = Yes username map = /etc/samba/smbusers log file = /var/log/samba/%m name resolve order = wins lmhosts hosts bcast time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 load printers = No os level = 125 preferred master = Yes domain master = Yes wins support = Yes idmap config * : backend = tdb strict locking = No dos filetime resolution = Yes fake directory create times = Yes [home] path = /data/main/home/%u read only = No create mask = 0660 directory mask = 0770 [sbt] path = /data/main/sbt valid users = @sbt read only = No create mask = 0660 directory mask = 0770 [act] path = /data/act valid users = @act read only = No create mask = 0660 directory mask = 0770 [sharedir] path = /data/main/shareddir valid users = @shared read only = No create mask = 0660 directory mask = 0770 [everyuser] path = /data/home valid users = mainuser read only = No create mask = 0660 directory mask = 0770 [graphics] path = /data/main/graphics valid users = @graphics read only = No create mask = 0660 directory mask = 0770 [ghost] path = /data/ghost/%u read only = No create mask = 0660 directory mask = 0770 [ghostdata] path = /data/ghost valid users = mainuser read only = No create mask = 0660 directory mask = 0770 I am getting the below dumps in my messages log. I have cheked and rechecked my dns. This is the only win server on the network. Anyone has any ideas whatsoever. PLEASE!!! Feb 16 00:42:25 mainserver smbd[3513]: From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf Feb 16 00:42:25 mainserver smbd[3513]: [2012/02/16 00:42:25.751443, 0] lib/fault.c:51(fault_report) Feb 16 00:42:25 mainserver smbd[3513]: === Feb 16 00:42:25 mainserver smbd[3513]: [2012/02/16 00:42:25.751487, 0] lib/util.c:1117(smb_panic) Feb 16 00:42:25 mainserver smbd[3513]: PANIC (pid 3513): internal error Feb 16 00:42:25 mainserver smbd[3513]: [2012/02/16 00:42:25.756568, 0] lib/util.c:1221(log_stack_trace) Feb 16 00:42:25 mainserver smbd[3513]: BACKTRACE: 27 stack frames: Feb 16 00:42:25 mainserver smbd[3513]:#0 smbd(log_stack_trace+0x1c) [0x7f8a8f0f276c] Feb 16 00:42:25 mainserver smbd[3513]:#1 smbd(smb_panic+0x55) [0x7f8a8f0f286e] Feb 16 00:42:25 mainserver smbd[3513]:#2 smbd(+0x3e7867) [0x7f8a8f0e4867] Feb 16 00:42:25 mainserver smbd[3513]:#3 /lib64/libc.so.6(+0x3668032900) [0x7f8a8c0b6900] Feb 16 00:42:25 mainserver smbd[3513]:#4 smbd(copy_serverinfo+0x1a) [0x7f8a8f141685] Feb 16 00:42:25 mainserver smbd[3513]:#5 smbd(make_server_info_guest+0x10) [0x7f8a8f141821] Feb 16 00:42:25 mainserver smbd[3513]:#6 smbd(+0x443d89) [0x7f8a8f140d89] Feb 16 00:42:25 mainserver smbd[3513]:#7 smbd(+0x43ed40) [0x7f8a8f13bd40] Feb 16 00:42:25 mainserver smbd[3513]:#8 smbd(+0x44ac42) [0x7f8a8f147c42] Feb 16 00:42:25 mainserver smbd[3513]:#9 smbd(ntlmssp_server_auth+0xb37) [0x7f8a8eed72e0] Feb 16 00:42:25 mainserver smbd[3513]:#10 smbd(ntlmssp_update+0x220) [0x7f8a8eecd8ef] Feb 16 00:42:25 mainserver smbd[3513]:#11 smbd(auth_ntlmssp_update+0x16) [0x7f8a8eecea87] Feb 16 00:42:25 mainserver smbd[3513]:#12 smbd(+0x1377b2) [0x7f8a8ee347b2] Feb 16 00:42:25 mainserver smbd[3513]:#13 smbd(reply_sesssetup_and_X+0x183) [0x7f8a8ee34afe] Feb 16 00:42:25 mainserver smbd[3513]:#14 smbd(+0x16d6a3) [0x7f8a8ee6a6a3] Feb 16 00:42:25 mainserver smbd[3513]:#15 smbd(+0x170c46) [0x7f8a8ee6dc46] Feb 16 00:42:25 mainserver smbd[3513]:#16 smbd(+0x170f0c) [0x7f8a8ee6df0c] Feb 16 00:42:25 mainserver smbd[3513]:#17 smbd(+0x170f4e) [0x7f8a8ee6df4e] Feb 16 00:42:25 mainserver smbd[3513]:#18 smbd(run_events_poll+0x3e1) [0x7f8a8f100a5f] Feb 16 00:42:25 mainserver smbd[3513]:#19 smbd(smbd_process+0xbbf) [0x7f8a8ee6d993] Feb 16 00:42:25 mainserver smbd[3513]:#20 smbd(+0x651904) [0x7f8a8f34e904] Feb 16 00:42:25 mainserver smbd[3513]:#21 smbd(run_events_poll+0x3e1) [0x7f8a8f100a5f] Feb 16 00:42:25 mainserver smbd[3513]:#22 smbd(+0x403e7a) [0x7f8a8f100e7a] Feb 16 00:42:25 mainserver smbd[3513]:#23 smbd(_tevent_loop_once+0x82)
Re: [Samba] Help!!!! Gettting samba core dumps
On 16 February 2012 07:53, Rich rhd...@gmail.com wrote: I transferred a Xen vm that was running on centos 5.7 with samba 3.6.3 to a centos 6.2 bare metal server with one E5502 and 16gig of memory. I have been running Centos for 6 years on different servers for 6 years on several different upgrades. This new server has a dual network card in it. I have samba 3.6.3 on it and here is the smb.conf below: [global] [...] socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 [...] Remove the socket options. It won't fix your crashes, though. I am getting the below dumps in my messages log. I have cheked and rechecked my dns. This is the only win server on the network. Anyone has any ideas whatsoever. PLEASE!!! If there's a samba package with debug symbols, installing that might make more sense of the backtrace. Or if you compiled from source, try compiling with debug symbols enabled. -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help!!!! Gettting samba core dumps
On Thu, Feb 16, 2012 at 08:17:31AM +0200, Michael Wood wrote: On 16 February 2012 07:53, Rich rhd...@gmail.com wrote: I transferred a Xen vm that was running on centos 5.7 with samba 3.6.3 to a centos 6.2 bare metal server with one E5502 and 16gig of memory. I have been running Centos for 6 years on different servers for 6 years on several different upgrades. This new server has a dual network card in it. I have samba 3.6.3 on it and here is the smb.conf below: [global] [...] socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 [...] Remove the socket options. It won't fix your crashes, though. I am getting the below dumps in my messages log. I have cheked and rechecked my dns. This is the only win server on the network. Anyone has any ideas whatsoever. PLEASE!!! If there's a samba package with debug symbols, installing that might make more sense of the backtrace. Or if you compiled from source, try compiling with debug symbols enabled. Also, a debug level 10 log leading to that crash would be very helpful. With best regards, Volker Lendecke -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.sernet.de, mailto:kont...@sernet.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Help adding RHEL 5.x workstation to Win2008R2 DC
We have a Windows 2008 R2 w/Service Pack 1 domain controller and a RHEL 5.7 workstation. Part of the required security settings on the domain controller are: Network Access: Allow anonymous SID/Name translation: Disabled Network access: Do not allow anonymous enumeration of SAM accounts: Enabled Network Access: Do not allow anonymous enumeration of SAM accounts and shares: Enabled We would like to add the RHEL 5.7 workstation to the domain controller for user authentication, thus no local accounts in /etc/passwd. But, due to the security mentioned above, conventional methods of adding the RHEL 5.7 workstation to the domain controller result in failures - I've tried both net ads join and the newer Likewise client, both of which fail. Since the domain controller's settings cannot be changed, what options do I have on the RHEL 5.7 workstation side? Are there other products/methods, outside of net ads join and likewise, that might do the job? Thanks. Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Help - Mounting a Windows computer with two IP addresses
Hi all, I need to mount a Windows share locally on my laptop. However, I cannot do this via sudo mount -t smbfs //host_name/share_name /local_mount because the host_name has two IP addresses with it as shown by nmblookup //host_name. (That is, I try mounting and I'm given this error: mount error(115): Operation now in progress Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) ) One IP address is a static one which the Windows computer uses to connect to another machine. The other IP address is a DHCP-given IP and is the one I need to connect to. I can mount the share if I use sudo mount -t smbfs //dhcp_ip/share_name /local_mount however, this is problematic for obvious reasons since I need the mount to be permanent (eventually going in fstab). My question is: Is there a way to ignore the static IP address when mounting? Further info: I can connect to the Windows machine using smbclient //host_name/share_name and browse just fine. Also, nautilus can browse the remote file system as well. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help - Mounting a Windows computer with two IP addresses
Hi all, I need to mount a Windows share locally on my laptop. However, I cannot do this via sudo mount -t smbfs //host_name/share_name /local_mount because the host_name has two IP addresses with it as shown by nmblookup //host_name. In Windows network adapter settings, disable netbios over tcp/ip for the address you don't want. If you have a WINS server delete the entry for that IP after disabling it. (That is, I try mounting and I'm given this error: mount error(115): Operation now in progress Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) ) One IP address is a static one which the Windows computer uses to connect to another machine. The other IP address is a DHCP-given IP and is the one I need to connect to. I can mount the share if I use sudo mount -t smbfs //dhcp_ip/share_name /local_mount however, this is problematic for obvious reasons since I need the mount to be permanent (eventually going in fstab). My question is: Is there a way to ignore the static IP address when mounting? Further info: I can connect to the Windows machine using smbclient //host_name/share_name and browse just fine. Also, nautilus can browse the remote file system as well. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] help regarding SAMBATORTURE
hello all I am new to this smbtorture and want to use this smbtorture on my local machine as server and run the sample test. Plz help me ASAP. I am using ubuntu10.10 Following steps i performed:: 1) Created a group using groupadd -r ubuntu 2) added following lines in /etc/group ubuntu:user1,user2,user3 3) I have created users using useradd user1 and same for all 3 users 4) smbpasswd -a user 5) chmod -R 775 /srv/samba/share 6) chgrp -R groupname /srv/samba/shares 7) I have added a following lines in smb.conf file [ubuntu] path=/srv/samba/share comment=ubuntu system valid user=user1,user2,user3 public=no writable=yes usershare path = /usr/local/samba/lib/usershares userhares max share = 10 8) restart smbd 9) restart nmbd 10) root@ubuntu:/home/nishant# smbtorture //localhost/srv/samba/share -U user1%nishant -W ubuntu all actually i have doubt how to create a workgroup plz help me in following steps for using samba server as local machine. Plz help me ASAP Regards, Nishant Mungse -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Help needed to debug Samba problem
I have a Samba domain that is having problems. We have a new NetApp file server (FAS2040 running NetApp Release 7.3.4) that keeps dropping its connection to the Samba server. We didn't have this problem with an older NetApp box (FAS250 running NetApp Release 6.5.1R1). I can run tcpdump on the Samba server and see traffic going back and forth between the FAS2040 and the Samba server when the filer tries to connect, but don't know enough about the protocol to decipher the traffic. One thought I had was to move the Samba domain to a newer version of Samba (on a newer server) but I don't know if that will really help. The above means that I have two questions: how to decipher the tcpdump info, and how to migrate existing Samba tdb databases to a new server? Thanks in advance for any pointers! Carl Carl G. Riches Department of Biostatistics University of Washington Seattle, WA 98195-7232 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help needed to debug Samba problem
On Thu, Sep 29, 2011 at 11:59:41AM -0700, Carl G. Riches wrote: I have a Samba domain that is having problems. We have a new NetApp file server (FAS2040 running NetApp Release 7.3.4) that keeps dropping its connection to the Samba server. We didn't have this problem with an older NetApp box (FAS250 running NetApp Release 6.5.1R1). I can run tcpdump on the Samba server and see traffic going back and forth between the FAS2040 and the Samba server when the filer tries to connect, but don't know enough about the protocol to decipher the traffic. One thought I had was to move the Samba domain to a newer version of Samba (on a newer server) but I don't know if that will really help. The above means that I have two questions: how to decipher the tcpdump info, and how to migrate existing Samba tdb databases to a new server? Thanks in advance for any pointers! What does your setup look like ? How are you trying to export files from what to what ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] help.. please.. help!!!
hi , sorry if I bother you ,but I need your help urgently I am installing ubuntu with samba as PDC... but I cant make it could you give me some manual or any documentation about this... I already follow the documentation but when im trying to join a winxp or win7... They can not join to the domain. something about SRV error .. please, i really need your help best regards. carlos from - Colombia -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [HELP] Problem with oplocks break failed
Hi list, i'm have trouble with oplocks break failed for file xxx I'm using samba running in ubuntu natty 11.04 with separate ldap server : :~# dpkg -l | grep samba ii libcrypt-smbhash-perl 0.12-3 generate LM/NT hash of a password for samba ii samba 2:3.5.8~dfsg-1ubuntu2.2 SMB/CIFS file, print, and login server for Unix ii samba-common2:3.5.8~dfsg-1ubuntu2.2 common files used by both the Samba server and client ii samba-common-bin2:3.5.8~dfsg-1ubuntu2.2 common files used by both the Samba server and client ii samba-doc 2:3.5.8~dfsg-1ubuntu2.2Samba documentation My problems is strange, when user open file(office file like excel, word) directly from server it is normal but whe user close that file it is extremely slow. But copy files from and to samba server is normal, just stream office file from server. Only some user have trouble like that, not all of user and some file like that not all of office file. It is very strange for me because just some user(2 user exactly from 100++ user) and some file office if i'm close that it is extremely slow not all office file. Samba log : smbd/oplock.c:322(oplock_timeout_handler) Oplock break failed for file Copy of DOORPRIZE.xls -- replying anyway smb.conf : [global] workgroup = AAA netbios name = SUNKO08 security = user enable privileges = yes server string = %h server encrypt passwords = Yes unix password sync = yes ldap passwd sync = yes passwd program = /usr/sbin/smbldap-passwd -u %u passwd chat = Changing *\nNew password* %n\n *Retype new password* %n\n log level = 0 syslog = 0 log file = /var/log/samba/log.%U max log size = 10 time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = no mangling method = hash2 Dos charset = CP932 Unix charset = UTF-8 logon script = logon.bat logon drive = H: logon home = logon path = domain logons = Yes domain master = Yes os level = 65 preferred master = Yes wins support = yes passdb backend = ldapsam:ldap://sunko02.sunko.local/ ldap admin dn = cn=admin,dc=sunko,dc=local ldap suffix = dc=sunko,dc=local ldap group suffix = ou=groups ldap user suffix = ou=people ldap machine suffix = ou=computer add user script = /usr/sbin/smbldap-useradd -m %u delete user script = /usr/sbin/smbldap-userdel %u add machine script = /usr/sbin/smbldap-useradd -t 0 -w %u add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' admin users = domainadm ldap ssl = no load printers = Yes create mask = 0640 directory mask = 0750 nt acl support = No printing = cups printcap name = cups deadtime = 10 guest account = nobody map to guest = Bad User dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd show add printer wizard = yes preserve case = yes short preserve case = yes case sensitive = no Any idea from my case?..thanks before :-) Best Regards, Aldyth M -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] help with sharing files between windows 7 and linux
Hi list. I am not very experienced with samba, so would really appreciate some help. I am trying to share files between my windows 7 host OS and a linux guest OS being run by vmware workstation as a virtual machine. the linux machine I believe is a version of ubuntu lucid. I was able to share files with no problem between xp and this machine, but just can't get it to work with 7. I am mounting as the super user, I always become root with sudo su before trying to mount. Whenever I try I get the error message permission denied error 13. I have already tried disabling my firewall and antivirus, antispyware technology etc. This hasn't helped. I have tried to mount using the host name of my computer, and its IP address, again no luck. I can't get smbfs to mount my share either, I know that it has been deprecated in favour of samba, but a lot of forums on line seem to suggest its more reliable than samba. thanks so much for any help, Alex. The mount command I am putting in is sudo mount -t cifs //alex/code /mnt/rockbox/code -o guest,rw,iocharset=utf8,noserverino,gid=1000,uid=1000,nounix,file_mode=0777,dir_mode=0777 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] help: id user : non existant user using Active Directory connexion ( NT_STATUS_OBJECT_NAME_NOT_FOUND)
Dear i have connected Samba 3.5.6 with an Active Directory 2008 R2 When i try to get the uid number of an Active Directory user on the linux box: * root@bdc2:~# id angelique id: angelique : utilisateur inexistant (means non existent user) * The winbindd debug claim NT_STATUS_OBJECT_NAME_NOT_FOUND and NT_STATUS_INVALID_PARAMETER but the Active Directry is correcly linked. Where i'm wrong ? *** Winbind debug output : trusted_domains(ads): Searching trusted domain list of TOUZEAU and storing trust flags for domain touzeau.home [2011/08/04 14:23:45.166249, 10] winbindd/winbindd_cache.c:4397(wcache_tdc_add_domain) wcache_tdc_add_domain: Adding domain TOUZEAU (touzeau.home), SID S-1-5-21-3487440176-1554673074-2687830590, flags = 0x1d, attributes = 0x0, type = 0x2 [2011/08/04 14:23:45.166273, 10] winbindd/winbindd_cache.c:4121(add_wbdomain_to_tdc_array) add_wbdomain_to_tdc_array: Found existing record for TOUZEAU [2011/08/04 14:23:45.166284, 10] winbindd/winbindd_cache.c:4206(pack_tdc_domains) pack_tdc_domains: Packing 3 trusted domains [2011/08/04 14:23:45.166298, 10] winbindd/winbindd_cache.c:4225(pack_tdc_domains) pack_tdc_domains: Packing domain BUILTIN () [2011/08/04 14:23:45.166309, 10] winbindd/winbindd_cache.c:4225(pack_tdc_domains) pack_tdc_domains: Packing domain BDC2 () [2011/08/04 14:23:45.166319, 10] winbindd/winbindd_cache.c:4225(pack_tdc_domains) pack_tdc_domains: Packing domain TOUZEAU (touzeau.home) [2011/08/04 14:23:45.166337, 4] winbindd/winbindd_dual.c:1532(fork_domain_child) Finished processing child request 20 [2011/08/04 14:23:45.166347, 10] winbindd/winbindd_dual.c:1548(fork_domain_child) Writing 3560 bytes to parent [2011/08/04 14:23:45.166363, 10] lib/events.c:182(get_timed_events_timeout) timed_events_timeout: 2909/510746 [2011/08/04 14:23:47.371126, 10] winbindd/winbindd.c:593(process_request) process_request: Handling async request 2302:GETPWNAM [2011/08/04 14:23:47.371158, 3] winbindd/winbindd_getpwnam.c:55(winbindd_getpwnam_send) getpwnam angelique [2011/08/04 14:23:47.371187, 10] winbindd/winbindd_cache.c:451(fetch_cache_seqnum) fetch_cache_seqnum: timeout [TOUZEAU][33401 @ 1312460590] [2011/08/04 14:23:47.371200, 3] winbindd/winbindd_ads.c:1206(sequence_number) ads: fetch sequence_number for TOUZEAU [2011/08/04 14:23:47.371210, 10] winbindd/winbindd_ads.c:46(ads_cached_connection) ads_cached_connection [2011/08/04 14:23:47.371220, 7] winbindd/winbindd_ads.c:59(ads_cached_connection) Current tickets expire in 35422 seconds (at 1312496049, time is now 1312460627) [2011/08/04 14:23:47.371726, 5] libads/ldap_utils.c:64(ads_do_search_retry_internal) Search for (objectclass=*) in gave 1 replies [2011/08/04 14:23:47.371770, 10] winbindd/winbindd_cache.c:494(wcache_store_seqnum) wcache_store_seqnum: success [TOUZEAU][33401 @ 1312460627] [2011/08/04 14:23:47.371784, 10] winbindd/winbindd_cache.c:581(refresh_sequence_number) refresh_sequence_number: TOUZEAU seq number is now 33401 [2011/08/04 14:23:47.371799, 10] winbindd/idmap_ad.c:71(ad_idmap_cached_connection_internal) ad_idmap_cached_connection: called for domain 'TOUZEAU' [2011/08/04 14:23:47.371810, 7] winbindd/idmap_ad.c:86(ad_idmap_cached_connection_internal) Current tickets expire in 35451 seconds (at 1312496078, time is now 1312460627) [2011/08/04 14:23:47.380451, 5] libads/ldap_utils.c:64(ads_do_search_retry_internal) Search for (uid=angelique) in dc=TOUZEAU,dc=HOME gave 0 replies [2011/08/04 14:23:47.380476, 5] winbindd/winbindd_cache.c:1206(resolve_alias_to_username) resolve_alias_to_username: backend query returned NT_STATUS_OBJECT_NAME_NOT_FOUND [2011/08/04 14:23:47.380497, 5] winbindd/winbindd_getpwnam.c:68(winbindd_getpwnam_send) Could not parse domain user: angelique [2011/08/04 14:23:47.380515, 5] winbindd/winbindd_getpwnam.c:138(winbindd_getpwnam_recv) Could not convert sid S-0-0: NT_STATUS_INVALID_PARAMETER [2011/08/04 14:23:47.380528, 10] winbindd/winbindd.c:655(wb_request_done) wb_request_done[2302:GETPWNAM]: NT_STATUS_INVALID_PARAMETER [2011/08/04 14:23:47.380552, 10] winbindd/winbindd.c:716(winbind_client_response_written) winbind_client_response_written[2302:GETPWNAM]: deliverd response to client [2011/08/04 14:23:50.163136, 10] lib/events.c:131(run_events) Running timed event rescan_trusted_domains 0x7f88fb21c7c0 [2011/08/04 14:23:50.163284, 4] winbindd/winbindd_dual.c:1524(fork_domain_child) child daemon request 20 [2011/08/04 14:23:50.166642, 10] winbindd/winbindd_dual.c:479(child_process_request) child_process_request: request fn LIST_TRUSTDOM [2011/08/04 14:23:50.16, 3] winbindd/winbindd_misc.c:159(winbindd_dual_list_trusted_domains) [15477]: list trusted domains [2011/08/04 14:23:50.166684, 10] winbindd/winbindd_cache.c:2780(trusted_domains) trusted_domains: [Cached] - doing backend query for info
[Samba] Help! permission denied when accessing folder
Hi all, Running samba 3.5.5 in a Solaris non-global zone. I have created a folder (StudentJobApplications) on a share which I want to make accessible only to members of a Unix group (studempl). I have added myself to the group but when I or other group members try to access the folder via Windows Explorer I get the following: I:\StudentJobApplications is not accessible Access is denied Here are some of the particulars: The folder: # ls -ld /departments/common/StudentJobApplications drwxrwx--- 2 root studemp2 Jul 11 08:34 /departments/common/StudentJobApplications The group (etc/group): studempl::2018:mylogin,otheruserlogin. The share definition in smb.conf: # -- # shared directory for ALL staff # -- [libshare] comment = Library staff shared directory path= /path browseable = yes writeable = yes create mask = 0777 force create mode = 0777 directory mask = 0777 valid users = +group1 +group2 +group3 +group4 +group 5 +group6 +group7 +group8+group17 +studempl invalid users = +circdesk Note: I am a member of one of the groups defined in valid users above. I have not restarted the samba server but I don't think that would be necessary. Actually I would like to set the permissions on the folder to be -rwxrws--- but just being able to access it would be a start. I would appreciate ang comments or suggestions. Thank you. Daulton Theodore Carleton University Library, Systems Department Vmail: (613) 520-2600, ext. 8352 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help! permission denied when accessing folder
Group ownership shows to be studemp, but you are giving share permissions to studempl. Is that a typo, or is that the source of your problem? Dale On 07/11/2011 11:15 AM, Daulton_Theodore wrote: Hi all, Running samba 3.5.5 in a Solaris non-global zone. I have created a folder (StudentJobApplications) on a share which I want to make accessible only to members of a Unix group (studempl). I have added myself to the group but when I or other group members try to access the folder via Windows Explorer I get the following: I:\StudentJobApplications is not accessible Access is denied Here are some of the particulars: The folder: # ls -ld /departments/common/StudentJobApplications drwxrwx--- 2 root studemp2 Jul 11 08:34 /departments/common/StudentJobApplications The group (etc/group): studempl::2018:mylogin,otheruserlogin. The share definition in smb.conf: # -- # shared directory for ALL staff # -- [libshare] comment = Library staff shared directory path= /path browseable = yes writeable = yes create mask = 0777 force create mode = 0777 directory mask = 0777 valid users = +group1 +group2 +group3 +group4 +group 5 +group6 +group7 +group8+group17 +studempl invalid users = +circdesk Note: I am a member of one of the groups defined in valid users above. I have not restarted the samba server but I don't think that would be necessary. Actually I would like to set the permissions on the folder to be -rwxrws--- but just being able to access it would be a start. I would appreciate ang comments or suggestions. Thank you. Daulton Theodore Carleton University Library, Systems Department Vmail: (613) 520-2600, ext. 8352 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help! permission denied when accessing folder
I would guess this is ZFS? I think the problem occurs when samba+zfs interprets unix no rights granted to the world (other) as deny everyone in windows. For example, if you have a with unix perms of 770 - this means on the unix level that the user and group have full permissions, no rights are assigned to other, and therefore if you are the user (owner) or group you have rights, otherwise you don't. The permissions are additive and omitting any permissions for other is not explicitly an access entry. In Samba, this gets interpreted as everyone is denied- and even though windows permissions are generally additive, denies trump allows.The owner of the file can usually go into the advanced windows permissions and clear the deny entries. Root can also reset permissions as follows: chmod -R A- thedirectory chmod -R A=owner@:rwxpdDaARWcCos:allow ?thedirectory chmod -R A+group@:rwxpdDaARWcCos:allow ?thedirectory chmod -R A+someothergroup@:rwxpdDaARWcCos:allow ?thedirectory If you have autofs involved you may want to fix the top level of an autofs directory to allow root to still access it (require for mounting) chmod A+user:nobody:aRc:allow thedirectory ZFS is really great BUT Samba played nicer with UFS.Somewhat ironically, I believe Samba with ZFS tries to more precisely map unix to windows permissions than it did with UFS to Samba. With UFS, some of problem permissions were just ignored in samba. On 07/11/2011 12:15 PM, Daulton_Theodore wrote: Hi all, Running samba 3.5.5 in a Solaris non-global zone. I have created a folder (StudentJobApplications) on a share which I want to make accessible only to members of a Unix group (studempl). I have added myself to the group but when I or other group members try to access the folder via Windows Explorer I get the following: I:\StudentJobApplications is not accessible Access is denied Here are some of the particulars: The folder: # ls -ld /departments/common/StudentJobApplications drwxrwx--- 2 root studemp2 Jul 11 08:34 /departments/common/StudentJobApplications The group (etc/group): studempl::2018:mylogin,otheruserlogin. The share definition in smb.conf: # -- # shared directory for ALL staff # -- [libshare] comment = Library staff shared directory path= /path browseable = yes writeable = yes create mask = 0777 force create mode = 0777 directory mask = 0777 valid users = +group1 +group2 +group3 +group4 +group 5 +group6 +group7 +group8+group17 +studempl invalid users = +circdesk Note: I am a member of one of the groups defined in valid users above. I have not restarted the samba server but I don't think that would be necessary. Actually I would like to set the permissions on the folder to be -rwxrws--- but just being able to access it would be a start. I would appreciate ang comments or suggestions. Thank you. Daulton Theodore Carleton University Library, Systems Department Vmail: (613) 520-2600, ext. 8352 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] help - user password expiration in loop
Hi Dermot, thanks for your reply. here below you have the output, nothing strange to my eyes, but maybe(hopefully) you know more: pdbedit -P bad lockout attempt smbldap_search_domain_info: Searching for:[((objectClass=sambaDomain)(sambaDomainName=XXX))] smbldap_open_connection: connection opened account policy bad lockout attempt description: Lockout users after bad logon attempts (default: 0 = off) account policy bad lockout attempt value is: 0 --- pdbedit -P maximum password age smbldap_search_domain_info: Searching for:[((objectClass=sambaDomain)(sambaDomainName=XXX))] smbldap_open_connection: connection opened account policy maximum password age description: Maximum password age, in seconds (default: -1 = never expire passwords) account policy maximum password age value is: 4294967295 --- pdbedit -P min password length smbldap_search_domain_info: Searching for:[((objectClass=sambaDomain)(sambaDomainName=XXX))] smbldap_open_connection: connection opened account policy min password length description: Minimal password length (default: 5) account policy min password length value is: 5 --- pdbedit -P lockout duration smbldap_search_domain_info: Searching for:[((objectClass=sambaDomain)(sambaDomainName=XXX))] smbldap_open_connection: connection opened account policy lockout duration description: Lockout duration in minutes (default: 30, -1 = forever) account policy lockout duration value is: 30 --- pdbedit -P password history smbldap_search_domain_info: Searching for:[((objectClass=sambaDomain)(sambaDomainName=XXX))] smbldap_open_connection: connection opened account policy password history description: Length of Password History Entries (default: 0 = off) account policy password history value is: 0 pdbedit -P user must logon to change password smbldap_search_domain_info: Searching for:[((objectClass=sambaDomain)(sambaDomainName=XXX))] smbldap_open_connection: connection opened account policy user must logon to change password description: Force Users to logon for password change (default: 0 = off, 2 = on) account policy user must logon to change password value is: 0 - pdbedit -P disconnect time smbldap_search_domain_info: Searching for:[((objectClass=sambaDomain)(sambaDomainName=XXX))] smbldap_open_connection: connection opened account policy disconnect time description: Disconnect Users outside logon hours (default: -1 = off, 0 = on) account policy disconnect time value is: 4294967295 --- pdbedit -P bad lockout attempt smbldap_search_domain_info: Searching for:[((objectClass=sambaDomain)(sambaDomainName=XXX))] smbldap_open_connection: connection opened account policy bad lockout attempt description: Lockout users after bad logon attempts (default: 0 = off) account policy bad lockout attempt value is: 0 -- pdbedit -P minimum password age smbldap_search_domain_info: Searching for:[((objectClass=sambaDomain)(sambaDomainName=XXX))] smbldap_open_connection: connection opened account policy minimum password age description: Minimal password age, in seconds (default: 0 = allow immediate password change) account policy minimum password age value is: 0 --- pdbedit -P reset count minutes smbldap_search_domain_info: Searching for:[((objectClass=sambaDomain)(sambaDomainName=XXX))] smbldap_open_connection: connection opened account policy reset count minutes description: Reset time after lockout in minutes (default: 30) account policy reset count minutes value is: 30 --- then i tried: word age value is: 4294967295 15:38 root@pdc-portavita:~# pdbedit -P maximum password age -C -1 smbldap_search_domain_info: Searching for:[((objectClass=sambaDomain)())] smbldap_open_connection: connection opened account policy maximum password age description: Maximum password age, in seconds (default: -1 = never expire passwords) account policy maximum password age value was: 4294967295 account policy maximum password age value is now: 4294967295 (4294967295 seconds that means 131 years and some days) -- On Mon, 2011-07-04 at 21:21 +0100, Dermot wrote: On 4 July 2011 16:37, Fabio Pardi f.pa...@portavita.eu wrote: nobody to help? I just throwing out ideas here. What is the output from pdbedit -P for all these policies: minimum password age, reset count minutes, disconnect time, user must logon to change password, password history, lockout duration, min password length, maximum password age and bad lockout attempt. Perhaps there are clues there. Dp. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] help - user password expiration in loop
nobody to help? On Fri, 2011-06-24 at 16:56 +0200, Fabio Pardi wrote: Dears, Unfortunately it happened again. Now i see the user has the flags UX, but the system keeps asking for a password change in loop. details about pdbedit -L -v --- Unix username:myuser NT username: myuser Account Flags:[UX ] User SID: S-1-5-21-222803232-3192872370-2452721687-1015 Primary Group SID:S-1-5-21-222803232-3192872370-2452721687-513 Full Name:hers name Home Directory: HomeDir Drive: Logon Script: users/login.bat Profile Path: Domain: mydomain Account desc: Software Developer Workstations: Munged dial: Logon time: 0 Logoff time: never Kickoff time: 0 Password last set:Fri, 24 Jun 2011 16:48:34 CEST Password can change: Fri, 24 Jun 2011 16:48:34 CEST Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FF - On Fri, 2011-06-17 at 16:32 +0200, Fabio Pardi wrote: Thanks a lot Christ, a managed using pdbedit. In facts, many accounts were carrying only the [U], no X (but i clearly remember I changed every user's setting with password never expires from the srvtool graphical tool :s ) Now the only thing i have to do is waiting Thanks a lot for your time, hoping this will permanently do the job. Best Regards Fabio On Thu, 2011-06-16 at 06:52 -0700, Christ Schlacta wrote: use pdbedit or your web-based ldap manager to update the account flags to [UX]. document the previous value before changing the flags. Use smbldap tools to update the expire time. if none of this fixes it, post an ldif if an affected user account, as well as all the info from smbldap-tools about said user. On 6/16/2011 06:39, Fabio Pardi wrote: Hi everybody, I think i need a samba guru to solve this issue, because googling for months did not help and the problem is becoming pressing. I'm facing an annoying problem with samba. In detail, there is something wrong with the password handling. It happens from windows, mac or linux clients. Randomly (probably after $num days), the system asks to the user to change the password. After the user did it, the system keeps asking the same, in a sort of loop. The only option to change it is to manually go on the console and issue the command smbldap-passwd username. My system: ubuntu lucid 32 bit smb.conf cut--- [global] idmap uid = 1000-15000 idmap gid = 1000-15000 workgroup = PORTAVITA netbios name = PSAMBA domain logons = Yes domain master = Yes wins support = true obey pam restrictions = Yes dns proxy = No log level = 2 os level = 35 log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d pam password change = Yes # Allows users on WinXP PCs to change their password when they press Ctrl-Alt-Del unix password sync = no ldap passwd sync = yes passdb backend = ldapsam:ldap://localhost ldap suffix = dc=pdc ldap admin dn = cn=admin,dc=pdc ldap machine suffix = ou=Computers ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap ssl = no add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel %u #those scripts are modified so we can create groups also on the system add group script = /usr/sbin/addgroupldap-system '%g' delete group script = /usr/sbin/delgroupldap-system '%g' add user to group script = /usr/sbin/add-user-to-group-ldap-system '%u' '%g' add user to group script = /usr/sbin/add-user-to-group-ldap-system '%u' '%g' delete user from group script = /usr/sbin/del-user-to-group-ldap-system -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '% u' add machine script = /usr/sbin/smbldap-useradd -w '%u' logon drive = logon home = logon path = logon script = users/login.bat server signing = auto server schannel = Auto nt acl support = yes [homes] comment = Home Directories valid users = %S read only = No browseable = No
Re: [Samba] help - user password expiration in loop
On 4 July 2011 16:37, Fabio Pardi f.pa...@portavita.eu wrote: nobody to help? I just throwing out ideas here. What is the output from pdbedit -P for all these policies: minimum password age, reset count minutes, disconnect time, user must logon to change password, password history, lockout duration, min password length, maximum password age and bad lockout attempt. Perhaps there are clues there. Dp. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] help - user password expiration in loop
Dears, Unfortunately it happened again. Now i see the user has the flags UX, but the system keeps asking for a password change in loop. details about pdbedit -L -v --- Unix username:myuser NT username: myuser Account Flags:[UX ] User SID: S-1-5-21-222803232-3192872370-2452721687-1015 Primary Group SID:S-1-5-21-222803232-3192872370-2452721687-513 Full Name:hers name Home Directory: HomeDir Drive: Logon Script: users/login.bat Profile Path: Domain: mydomain Account desc: Software Developer Workstations: Munged dial: Logon time: 0 Logoff time: never Kickoff time: 0 Password last set:Fri, 24 Jun 2011 16:48:34 CEST Password can change: Fri, 24 Jun 2011 16:48:34 CEST Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FF - On Fri, 2011-06-17 at 16:32 +0200, Fabio Pardi wrote: Thanks a lot Christ, a managed using pdbedit. In facts, many accounts were carrying only the [U], no X (but i clearly remember I changed every user's setting with password never expires from the srvtool graphical tool :s ) Now the only thing i have to do is waiting Thanks a lot for your time, hoping this will permanently do the job. Best Regards Fabio On Thu, 2011-06-16 at 06:52 -0700, Christ Schlacta wrote: use pdbedit or your web-based ldap manager to update the account flags to [UX]. document the previous value before changing the flags. Use smbldap tools to update the expire time. if none of this fixes it, post an ldif if an affected user account, as well as all the info from smbldap-tools about said user. On 6/16/2011 06:39, Fabio Pardi wrote: Hi everybody, I think i need a samba guru to solve this issue, because googling for months did not help and the problem is becoming pressing. I'm facing an annoying problem with samba. In detail, there is something wrong with the password handling. It happens from windows, mac or linux clients. Randomly (probably after $num days), the system asks to the user to change the password. After the user did it, the system keeps asking the same, in a sort of loop. The only option to change it is to manually go on the console and issue the command smbldap-passwd username. My system: ubuntu lucid 32 bit smb.conf cut--- [global] idmap uid = 1000-15000 idmap gid = 1000-15000 workgroup = PORTAVITA netbios name = PSAMBA domain logons = Yes domain master = Yes wins support = true obey pam restrictions = Yes dns proxy = No log level = 2 os level = 35 log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d pam password change = Yes # Allows users on WinXP PCs to change their password when they press Ctrl-Alt-Del unix password sync = no ldap passwd sync = yes passdb backend = ldapsam:ldap://localhost ldap suffix = dc=pdc ldap admin dn = cn=admin,dc=pdc ldap machine suffix = ou=Computers ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap ssl = no add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel %u #those scripts are modified so we can create groups also on the system add group script = /usr/sbin/addgroupldap-system '%g' delete group script = /usr/sbin/delgroupldap-system '%g' add user to group script = /usr/sbin/add-user-to-group-ldap-system '%u' '%g' add user to group script = /usr/sbin/add-user-to-group-ldap-system '%u' '%g' delete user from group script = /usr/sbin/del-user-to-group-ldap-system -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '% u' add machine script = /usr/sbin/smbldap-useradd -w '%u' logon drive = logon home = logon path = logon script = users/login.bat server signing = auto server schannel = Auto nt acl support = yes [homes] comment = Home Directories valid users = %S read only = No browseable = No [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon admin users = root guest ok = Yes browseable = No logon script = login.bat
Re: [Samba] help - user password expiration in loop
Thanks a lot Christ, a managed using pdbedit. In facts, many accounts were carrying only the [U], no X (but i clearly remember I changed every user's setting with password never expires from the srvtool graphical tool :s ) Now the only thing i have to do is waiting Thanks a lot for your time, hoping this will permanently do the job. Best Regards Fabio On Thu, 2011-06-16 at 06:52 -0700, Christ Schlacta wrote: use pdbedit or your web-based ldap manager to update the account flags to [UX]. document the previous value before changing the flags. Use smbldap tools to update the expire time. if none of this fixes it, post an ldif if an affected user account, as well as all the info from smbldap-tools about said user. On 6/16/2011 06:39, Fabio Pardi wrote: Hi everybody, I think i need a samba guru to solve this issue, because googling for months did not help and the problem is becoming pressing. I'm facing an annoying problem with samba. In detail, there is something wrong with the password handling. It happens from windows, mac or linux clients. Randomly (probably after $num days), the system asks to the user to change the password. After the user did it, the system keeps asking the same, in a sort of loop. The only option to change it is to manually go on the console and issue the command smbldap-passwd username. My system: ubuntu lucid 32 bit smb.conf cut--- [global] idmap uid = 1000-15000 idmap gid = 1000-15000 workgroup = PORTAVITA netbios name = PSAMBA domain logons = Yes domain master = Yes wins support = true obey pam restrictions = Yes dns proxy = No log level = 2 os level = 35 log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d pam password change = Yes # Allows users on WinXP PCs to change their password when they press Ctrl-Alt-Del unix password sync = no ldap passwd sync = yes passdb backend = ldapsam:ldap://localhost ldap suffix = dc=pdc ldap admin dn = cn=admin,dc=pdc ldap machine suffix = ou=Computers ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap ssl = no add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel %u #those scripts are modified so we can create groups also on the system add group script = /usr/sbin/addgroupldap-system '%g' delete group script = /usr/sbin/delgroupldap-system '%g' add user to group script = /usr/sbin/add-user-to-group-ldap-system '%u' '%g' add user to group script = /usr/sbin/add-user-to-group-ldap-system '%u' '%g' delete user from group script = /usr/sbin/del-user-to-group-ldap-system -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '% u' add machine script = /usr/sbin/smbldap-useradd -w '%u' logon drive = logon home = logon path = logon script = users/login.bat server signing = auto server schannel = Auto nt acl support = yes [homes] comment = Home Directories valid users = %S read only = No browseable = No [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon admin users = root guest ok = Yes browseable = No logon script = login.bat [Software] comment = Software Folder path = /share/software create mask = 0777 directory mask = 0777 read only = no writable = yes browsable = yes invalid users =guest123 [progr] comment = Prog Folder path = /share/prog create mask = 0777 directory mask = 0777 read only = no writable = yes browsable = yes invalid users =guest123 cut samba version from package is 3.4.7 ldapadd -V ldapadd: @(#) $OpenLDAP: ldapmodify 2.4.21 (Aug 10 2010 17:07:36) $ buildd@rothera:/build/buildd/openldap-2.4.21/debian/build/clients/tools (LDAP library: OpenLDAP 20421) SASL/DIGEST-MD5 authentication started Any help or suggestion is strongly appreciated. Regards, Fabio -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] help - user password expiration in loop
Hi everybody, I think i need a samba guru to solve this issue, because googling for months did not help and the problem is becoming pressing. I'm facing an annoying problem with samba. In detail, there is something wrong with the password handling. It happens from windows, mac or linux clients. Randomly (probably after $num days), the system asks to the user to change the password. After the user did it, the system keeps asking the same, in a sort of loop. The only option to change it is to manually go on the console and issue the command smbldap-passwd username. My system: ubuntu lucid 32 bit smb.conf cut--- [global] idmap uid = 1000-15000 idmap gid = 1000-15000 workgroup = PORTAVITA netbios name = PSAMBA domain logons = Yes domain master = Yes wins support = true obey pam restrictions = Yes dns proxy = No log level = 2 os level = 35 log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d pam password change = Yes # Allows users on WinXP PCs to change their password when they press Ctrl-Alt-Del unix password sync = no ldap passwd sync = yes passdb backend = ldapsam:ldap://localhost ldap suffix = dc=pdc ldap admin dn = cn=admin,dc=pdc ldap machine suffix = ou=Computers ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap ssl = no add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel %u #those scripts are modified so we can create groups also on the system add group script = /usr/sbin/addgroupldap-system '%g' delete group script = /usr/sbin/delgroupldap-system '%g' add user to group script = /usr/sbin/add-user-to-group-ldap-system '%u' '%g' add user to group script = /usr/sbin/add-user-to-group-ldap-system '%u' '%g' delete user from group script = /usr/sbin/del-user-to-group-ldap-system -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '% u' add machine script = /usr/sbin/smbldap-useradd -w '%u' logon drive = logon home = logon path = logon script = users/login.bat server signing = auto server schannel = Auto nt acl support = yes [homes] comment = Home Directories valid users = %S read only = No browseable = No [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon admin users = root guest ok = Yes browseable = No logon script = login.bat [Software] comment = Software Folder path = /share/software create mask = 0777 directory mask = 0777 read only = no writable = yes browsable = yes invalid users =guest123 [progr] comment = Prog Folder path = /share/prog create mask = 0777 directory mask = 0777 read only = no writable = yes browsable = yes invalid users =guest123 cut samba version from package is 3.4.7 ldapadd -V ldapadd: @(#) $OpenLDAP: ldapmodify 2.4.21 (Aug 10 2010 17:07:36) $ buildd@rothera:/build/buildd/openldap-2.4.21/debian/build/clients/tools (LDAP library: OpenLDAP 20421) SASL/DIGEST-MD5 authentication started Any help or suggestion is strongly appreciated. Regards, Fabio -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] help - user password expiration in loop
use pdbedit or your web-based ldap manager to update the account flags to [UX]. document the previous value before changing the flags. Use smbldap tools to update the expire time. if none of this fixes it, post an ldif if an affected user account, as well as all the info from smbldap-tools about said user. On 6/16/2011 06:39, Fabio Pardi wrote: Hi everybody, I think i need a samba guru to solve this issue, because googling for months did not help and the problem is becoming pressing. I'm facing an annoying problem with samba. In detail, there is something wrong with the password handling. It happens from windows, mac or linux clients. Randomly (probably after $num days), the system asks to the user to change the password. After the user did it, the system keeps asking the same, in a sort of loop. The only option to change it is to manually go on the console and issue the command smbldap-passwd username. My system: ubuntu lucid 32 bit smb.conf cut--- [global] idmap uid = 1000-15000 idmap gid = 1000-15000 workgroup = PORTAVITA netbios name = PSAMBA domain logons = Yes domain master = Yes wins support = true obey pam restrictions = Yes dns proxy = No log level = 2 os level = 35 log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d pam password change = Yes # Allows users on WinXP PCs to change their password when they press Ctrl-Alt-Del unix password sync = no ldap passwd sync = yes passdb backend = ldapsam:ldap://localhost ldap suffix = dc=pdc ldap admin dn = cn=admin,dc=pdc ldap machine suffix = ou=Computers ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap ssl = no add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel %u #those scripts are modified so we can create groups also on the system add group script = /usr/sbin/addgroupldap-system '%g' delete group script = /usr/sbin/delgroupldap-system '%g' add user to group script = /usr/sbin/add-user-to-group-ldap-system '%u' '%g' add user to group script = /usr/sbin/add-user-to-group-ldap-system '%u' '%g' delete user from group script = /usr/sbin/del-user-to-group-ldap-system -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '% u' add machine script = /usr/sbin/smbldap-useradd -w '%u' logon drive = logon home = logon path = logon script = users/login.bat server signing = auto server schannel = Auto nt acl support = yes [homes] comment = Home Directories valid users = %S read only = No browseable = No [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon admin users = root guest ok = Yes browseable = No logon script = login.bat [Software] comment = Software Folder path = /share/software create mask = 0777 directory mask = 0777 read only = no writable = yes browsable = yes invalid users =guest123 [progr] comment = Prog Folder path = /share/prog create mask = 0777 directory mask = 0777 read only = no writable = yes browsable = yes invalid users =guest123 cut samba version from package is 3.4.7 ldapadd -V ldapadd: @(#) $OpenLDAP: ldapmodify 2.4.21 (Aug 10 2010 17:07:36) $ buildd@rothera:/build/buildd/openldap-2.4.21/debian/build/clients/tools (LDAP library: OpenLDAP 20421) SASL/DIGEST-MD5 authentication started Any help or suggestion is strongly appreciated. Regards, Fabio -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help: issues about hostname nameserver
Hi, ? if you do :? hostname -f?? = hostname in FQDN hostname -d = only domainname. hostname = the hostname itselve. ? if the command hostname gives the FQDN hostname then set the hostname again with hostname -F /etc/hostname in /etc/hostname there should be the FQDN hostname in like hostname.domain.tld it and reboot your server. ? in this example: host.name.domain.tld? the hostname = host name.domain.tld = subdomain.domain.tld ? thats why i say dot in hostname is not RFC compliant. ? you could set the correct domain search first.?? ( adjust to your own domain name. ) /etc/resolv.conf domain subdomain.domain.tld search subdomain.domain.tld? domain.tld ## if running use own?dns first nameserver 127.0.0.1 ## internet DNS servers nameserver iphere nameserver iphere ? if this file changes every reboot, or if you use dhcp client?for your server. look for /etc/dhcp3/dhclient.conf? ( i use debian for you info, so dhclient.conf can be in other directory ) change it like this. supersede domain-name subdomain.domain.tld; supersede domain-search subdomain.domain.tld? domain.tld; prepend domain-name-servers 127.0.0.1; request subnet-mask, broadcast-address, time-offset, routers, ??? domain-name, domain-name-servers, domain-search, host-name, ??? netbios-name-servers, netbios-scope, interface-mtu, ??? rfc3442-classless-static-routes; this correctes the search order in /etc/resolv.conf ? now resolv.conf should be always correct. ? if this is checks, next part. in samba's smb.conf check if these line exists ? name resolve order = wins host lmhosts bcast dns proxy = yes if you use dns, which i think you do, and also? dhcpserver on your server which i guess also. the you should setup dynamic dns. ( its not that hard to set this up.) ? i guess you problem is the dhcpserver/dns setup. ? check all of the above and report back. ? Best regards, ? Louis ? ? Van: tubocurarine [mailto:tubocurar...@163.com] Verzonden: 2011-04-28 03:04 Aan: L.P.H. van Belle Onderwerp: Re:Re: [Samba] Help: issues about hostname nameserver Thanks for your reply. But both the wikipeida (http://en.wikipedia.org/wiki/Hostname) and documents provided by CentOS (http://www.centos.org/docs/5/html/5.2/Deployment_Guide/s2-sysconfig-network.html) point out that they should be? Fully Qualified Domain Name (FQDN), such as hostname.expample.com. And also, that does not make sense for the 2nd case in the previous mail. What's more, I'm interested in how Samba treat the server's hostname. But I failed to search it through the code. Help, please. Thanks. Tubo. At?2011-04-27?18:41:22 L.P.H.?van?Belle?be...@bazuin.nl?wrote: A?dot?in?hostname?is?not?RFC?compliant, so?change?the?servers?hostname.? Louis -Oorspronkelijk?bericht- Van:?tubocurar...@163.com? [mailto:samba-boun...@lists.samba.org]?Namens?tubocurarine Verzonden:?2011-04-27?12:03 Aan:?samba@lists.samba.org Onderwerp:?[Samba]?Help:?issues?about?hostname??nameserver Dear?developers: I'm?using?Samba-3.5.8?on?Linux?(Gentoo,?amd64)?as?a?file? server,?and?using?some?Windows?based?OSes?as?clinet.?And? something?strange?happened?to?me. Things?went?as?follows: 1.?If?there?was?no?dot?(.)?in?the?hostname?of?server,?then? no?matter?whether?the?DNS?server?(in?/etc/resolv.conf)?was?set? correctly?or?not,?everything?went?fine.?Client?can?access? shares?(provided?server)?normally. 2.?If?there?was?dot?in?hostname?of?server,?and?if?the?DNS? Server?was?set?correctly?(or?just?left?as?blank),?server? worked?normally. 3.?If?there?was?dot?in?hostname?of?server,?and?the?DNS?Server? was?set?incorrectly,?all?client?could?not?connect?to?the? server,?with?a?message?indicated?that?the?address?of?server? could?not?be?accessed. My?friend?and?I?payed?some?time?on?it.?We?found?that?in?the? last?situation,?the?Samba?server?may?spend?a?long?time?to?look? up?the?computer?name?(name?of?server?or?client).?But?before? the?look?up?ends,?the?client?would?treat?this?as?a?timeout. I?don't?know?whether?we?are?right?about?this.?And?if?we?were,? why?everything?goes?fine?in?the?2nd?case? Any?information?will?be?appreciated. Best?regards. Tubo 2011-04-27 --? To?unsubscribe?from?this?list?go?to?the?following?URL?and?read?the instructions:??https://lists.samba.org/mailman/options/samba 2G 3 ! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help: issues about hostname nameserver
Hi, Thanks a lot for your detailed and excellent explanation. Everything goes well now. Best regards. Tubo. At 2011-04-28 14:31:46,L.P.H. van Belle be...@bazuin.nl wrote: Hi, if you do : hostname -f = hostname in FQDN hostname -d = only domainname. hostname = the hostname itselve. if the command hostname gives the FQDN hostname then set the hostname again with hostname -F /etc/hostname in /etc/hostname there should be the FQDN hostname inlike hostname.domain.tldit and reboot your server. in this example: host.name.domain.tld the hostname = host name.domain.tld = subdomain.domain.tld thats why i say dot in hostname is not RFC compliant. you could set the correct domain search first. ( adjust to your own domain name. ) /etc/resolv.conf domain subdomain.domain.tld search subdomain.domain.tld domain.tld ## if running use own dns first nameserver 127.0.0.1 ## internet DNS servers nameserver iphere nameserver iphere if this file changes every reboot, or if you use dhcp client for your server. look for /etc/dhcp3/dhclient.conf ( i use debian for you info, so dhclient.conf can be in other directory ) change it like this. supersede domain-name subdomain.domain.tld; supersede domain-search subdomain.domain.tld domain.tld; prepend domain-name-servers 127.0.0.1; request subnet-mask, broadcast-address, time-offset, routers, domain-name, domain-name-servers, domain-search, host-name, netbios-name-servers, netbios-scope, interface-mtu, rfc3442-classless-static-routes; this correctes the search order in /etc/resolv.conf now resolv.conf should be always correct. if this is checks, next part. in samba's smb.conf check if these line exists name resolve order = wins host lmhosts bcast dns proxy = yes if you use dns, which i think you do, and also dhcpserver on your server which i guess also. the you should setup dynamic dns. ( its not that hard to set this up.) i guess you problem is the dhcpserver/dns setup. check all of the above and report back. Best regards, Louis Van: tubocurarine [mailto:tubocurar...@163.com] Verzonden: 2011-04-28 03:04 Aan: L.P.H. van Belle Onderwerp: Re:Re: [Samba] Help: issues about hostname nameserver Thanks for your reply. But both the wikipeida (http://en.wikipedia.org/wiki/Hostname) and documents provided by CentOS (http://www.centos.org/docs/5/html/5.2/Deployment_Guide/s2-sysconfig-network.html) point out that they should be Fully Qualified Domain Name (FQDN), such ashostname.expample.com. And also, that does not make sense for the 2nd case in the previous mail. What's more, I'm interested in how Samba treat the server's hostname. But I failed to search it through the code. Help, please. Thanks. Tubo. At 2011-04-27 18:41:22,L.P.H. van Belle be...@bazuin.nl wrote: A dot in hostname is not RFC compliant, so change the servers hostname. Louis -Oorspronkelijk bericht- Van: tubocurar...@163.com [mailto:samba-boun...@lists.samba.org] Namens tubocurarine Verzonden: 2011-04-27 12:03 Aan: samba@lists.samba.org Onderwerp: [Samba] Help: issues about hostname nameserver Dear developers: I'm using Samba-3.5.8 on Linux (Gentoo, amd64) as a file server, and using some Windows based OSes as clinet. And something strange happened to me. Things went as follows: 1. If there was no dot (.) in the hostname of server, then no matter whether the DNS server (in /etc/resolv.conf) was set correctly or not, everything went fine. Client can access shares (provided server) normally. 2. If there was dot in hostname of server, and if the DNS Server was set correctly (or just left as blank), server worked normally. 3. If there was dot in hostname of server, and the DNS Server was set incorrectly, all client could not connect to the server, with a message indicated that the address of server could not be accessed. My friend and I payed some time on it. We found that in the last situation, the Samba server may spend a long time to look up the computer name (name of server or client). But before the look up ends, the client would treat this as a timeout. I don't know whether we are right about this. And if we were, why everything goes fine in the 2nd case? Any information will be appreciated. Best regards. Tubo 2011-04-27 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba 体验网易邮箱2G超大附件,轻松发优质大电影、大照片,提速3倍! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Help: issues about hostname nameserver
Dear developers: I'm using Samba-3.5.8 on Linux (Gentoo, amd64) as a file server, and using some Windows based OSes as clinet. And something strange happened to me. Things went as follows: 1. If there was no dot (.) in the hostname of server, then no matter whether the DNS server (in /etc/resolv.conf) was set correctly or not, everything went fine. Client can access shares (provided server) normally. 2. If there was dot in hostname of server, and if the DNS Server was set correctly (or just left as blank), server worked normally. 3. If there was dot in hostname of server, and the DNS Server was set incorrectly, all client could not connect to the server, with a message indicated that the address of server could not be accessed. My friend and I payed some time on it. We found that in the last situation, the Samba server may spend a long time to look up the computer name (name of server or client). But before the look up ends, the client would treat this as a timeout. I don't know whether we are right about this. And if we were, why everything goes fine in the 2nd case? Any information will be appreciated. Best regards. Tubo 2011-04-27 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help: issues about hostname nameserver
A dot in hostname is not RFC compliant, so change the servers hostname. Louis -Oorspronkelijk bericht- Van: tubocurar...@163.com [mailto:samba-boun...@lists.samba.org] Namens tubocurarine Verzonden: 2011-04-27 12:03 Aan: samba@lists.samba.org Onderwerp: [Samba] Help: issues about hostname nameserver Dear developers: I'm using Samba-3.5.8 on Linux (Gentoo, amd64) as a file server, and using some Windows based OSes as clinet. And something strange happened to me. Things went as follows: 1. If there was no dot (.) in the hostname of server, then no matter whether the DNS server (in /etc/resolv.conf) was set correctly or not, everything went fine. Client can access shares (provided server) normally. 2. If there was dot in hostname of server, and if the DNS Server was set correctly (or just left as blank), server worked normally. 3. If there was dot in hostname of server, and the DNS Server was set incorrectly, all client could not connect to the server, with a message indicated that the address of server could not be accessed. My friend and I payed some time on it. We found that in the last situation, the Samba server may spend a long time to look up the computer name (name of server or client). But before the look up ends, the client would treat this as a timeout. I don't know whether we are right about this. And if we were, why everything goes fine in the 2nd case? Any information will be appreciated. Best regards. Tubo 2011-04-27 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help: issues about hostname nameserver
Thanks for your reply. But both the wikipeida (http://en.wikipedia.org/wiki/Hostname) and documents provided by CentOS (http://www.centos.org/docs/5/html/5.2/Deployment_Guide/s2-sysconfig-network.html) point out that they should be Fully Qualified Domain Name (FQDN), such ashostname.expample.com. And also, that does not make sense for the 2nd case in the previous mail. What's more, I'm interested in how Samba treat the server's hostname. But I failed to search it through the code. Help, please. Thanks. Tubo. At 2011-04-27 18:41:22,L.P.H. van Belle be...@bazuin.nl wrote: A dot in hostname is not RFC compliant, so change the servers hostname. Louis -Oorspronkelijk bericht- Van: tubocurar...@163.com [mailto:samba-boun...@lists.samba.org] Namens tubocurarine Verzonden: 2011-04-27 12:03 Aan: samba@lists.samba.org Onderwerp: [Samba] Help: issues about hostname nameserver Dear developers: I'm using Samba-3.5.8 on Linux (Gentoo, amd64) as a file server, and using some Windows based OSes as clinet. And something strange happened to me. Things went as follows: 1. If there was no dot (.) in the hostname of server, then no matter whether the DNS server (in /etc/resolv.conf) was set correctly or not, everything went fine. Client can access shares (provided server) normally. 2. If there was dot in hostname of server, and if the DNS Server was set correctly (or just left as blank), server worked normally. 3. If there was dot in hostname of server, and the DNS Server was set incorrectly, all client could not connect to the server, with a message indicated that the address of server could not be accessed. My friend and I payed some time on it. We found that in the last situation, the Samba server may spend a long time to look up the computer name (name of server or client). But before the look up ends, the client would treat this as a timeout. I don't know whether we are right about this. And if we were, why everything goes fine in the 2nd case? Any information will be appreciated. Best regards. Tubo 2011-04-27 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help: issues about hostname nameserver
Another interest thing: if we use a Linux client to access the shares from server, it connects successfully in all cases. Don't know why. Thanks again. At 2011-04-28 09:06:59,tubocurarine tubocurar...@163.com wrote: Thanks for your reply. But both the wikipeida (http://en.wikipedia.org/wiki/Hostname) and documents provided by CentOS (http://www.centos.org/docs/5/html/5.2/Deployment_Guide/s2-sysconfig-network.html) point out that they should be Fully Qualified Domain Name (FQDN), such ashostname.expample.com. And also, that does not make sense for the 2nd case in the previous mail. What's more, I'm interested in how Samba treat the server's hostname. But I failed to search it through the code. Help, please. Thanks. Tubo. At 2011-04-27 18:41:22,L.P.H. van Belle be...@bazuin.nl wrote: A dot in hostname is not RFC compliant, so change the servers hostname. Louis -Oorspronkelijk bericht- Van: tubocurar...@163.com [mailto:samba-boun...@lists.samba.org] Namens tubocurarine Verzonden: 2011-04-27 12:03 Aan: samba@lists.samba.org Onderwerp: [Samba] Help: issues about hostname nameserver Dear developers: I'm using Samba-3.5.8 on Linux (Gentoo, amd64) as a file server, and using some Windows based OSes as clinet. And something strange happened to me. Things went as follows: 1. If there was no dot (.) in the hostname of server, then no matter whether the DNS server (in /etc/resolv.conf) was set correctly or not, everything went fine. Client can access shares (provided server) normally. 2. If there was dot in hostname of server, and if the DNS Server was set correctly (or just left as blank), server worked normally. 3. If there was dot in hostname of server, and the DNS Server was set incorrectly, all client could not connect to the server, with a message indicated that the address of server could not be accessed. My friend and I payed some time on it. We found that in the last situation, the Samba server may spend a long time to look up the computer name (name of server or client). But before the look up ends, the client would treat this as a timeout. I don't know whether we are right about this. And if we were, why everything goes fine in the 2nd case? Any information will be appreciated. Best regards. Tubo 2011-04-27 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba 体验网易邮箱2G超大附件,轻松发优质大电影、大照片,提速3倍! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Help: TS login authenticating using Machine name of TS instead of user.
Hi All, I've had Samba 3.4.7 setup as a fileserver connected to a Win2K3 domain controller working great for a while now. Roaming profiles work perfectly when logging in from the machines locally. However when I try and login to a WinXP or 2K3 machine via an RDP session (Terminal Services) it is unable to locate the profile. I bumped the logging up and still saw no reason why. When I allowed guests to the shares, I finally saw why it failed. Win2K3 when logging in via TS/RDP is using the Machine Name of the TS to authenticate to Samba. Thus samba is looking for \\samba\profiles\%U incorrectly since %U is the machine name and not the user attempting to login. A bit more background. I have a pre-exec script that is run each time access to a share is requested. Its sole purpose is to create the home and profile folders for people when logging in the first time from /etc/skel. For instance if user toms logs in locally to a Win2K3 machine (name termsrv). \\samba\profiles points to /mnt/filesrv/homes/%U/profile/%a This works great. I also setup a profiles.V2 which points to the same place and the %a takes care of the architecture difference if logging in to a Vista/Win2008/7 machine. The script create the /mnt/file/homes/toms just fine on first logon. Here is where it gets weird, when I login via RDP to the same machine. I see /mnt/file/homes/termsrv_ show up. termsrv_ is certainly not found via the ldap lookup so permissions aren't set and the Win2K3 machine complains it doesn't have access to my roaming profile. So why is the machine name being sent in place of %U only via RDP logins. Is that intended Win2K3 TS behaviour? How can Samba handle this? Thanks! - Tom -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] help needed about SID to UID/GID mapping
Dear all I need some advise with respect to SID/UID/GID mapping. The server runs Samba 3.5.8 as a member of an AD (w2k8) domain. Our UNIX UIDs are taken from the 1000-6 range with about 1 allocated accounts. 99% of user IDs exist in AD with the same name. For that reason we rely on the nss idmap backend which is non-allocating. The problem comes with the group mappings. Several UNIX groups exist on the AD side but with different names. E.g. kizinfraversusAbteilung Infrastrktur so the nss backend cannot map the AD group SIDs to GIDs and vice versa. Is there any way to create a static mapping table for groups? Tried wbinfo --set-gid-mapping gid,sid as well as net groupmap but it didn't work. Replacing the nss backend by tdb allocates new GID/UIDs but how would I make sure that existing ones are mapped correctly given the above mentioned name conflicts. Looking at the manpages I also got the impression that I could use both an non-allocating backend and a allocating as fallback but I also didn't manage to get it working. Any hints are greatly appreciated! Thomas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [HELP] Samba with myob trouble
Take Off [hfs_acc] oplocks = no locking = no level2 oplocks = no -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [HELP] Samba with myob trouble
Hi list, i'm have trouble with MYOB. I'm running samba at debian squeeze and share myob file. If one user access file, it is ok but rouble when multi user access file, myob suddenly terminate and having error like this : *Unable to open lock file ; access privileges may be incorrect or disk may be full * It is my smb.conf : [global] log file = /var/log/samba/log.%m passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . obey pam restrictions = yes encrypt passwords = true passwd program = /usr/bin/passwd %u passdb backend = tdbsam dns proxy = no server string = %h server unix password sync = yes workgroup = HUTANKITA syslog = 0 security = user panic action = /usr/share/samba/panic-action %d max log size = 1000 directory mode = 660 pam password change = yes [hfs_acc] write list = kristina,mini,yudi.prasetyo,meilani.sutanto,@hfs_acc force directory mode = 770 force group = hfs_acc sync always = yes share modes = no oplocks = no delete readonly = yes locking = no writeable = yes path = /opt/share/hfs_acc/files force create mode = 770 revalidate = yes valid users = kristina,mini,yudi.prasetyo,meilani.sutanto,@hfs_acc create mode = 775 directory mode = 775 level2 oplocks = no Any Idea?, thanks before Best Regards, Aldyth M -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help with ADS authentication and Samba
So can anyone help me find where this cache is stored? I can log in from any machine with a username that previously worked, and is therefore cached somewhere on the samba server. However every other account does not work. Thanks B -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Brian O'Mahony Sent: Friday, March 11, 2011 5:26 PM To: samba Subject: Re: [Samba] Help with ADS authentication and Samba After a bit more investigation it seems my issue on the working server is a bit more complex. If I use any of the three usernames that had previously worked, they work in the login prompt. However if I use any other user, it fails to log in. There is obviously a cache of users somewhere, but I cannot find it. Has anyone an idea where this cache is? Regards B -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Brian O'Mahony Sent: Friday, March 11, 2011 5:05 PM To: 'Geoff Winkless'; samba Subject: Re: [Samba] Help with ADS authentication and Samba Geoff, did you do the steps below? Was there anything else required? B -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Geoff Winkless Sent: Friday, March 11, 2011 4:59 PM To: samba Subject: Re: [Samba] Help with ADS authentication and Samba Well I changed the server name and it resolved my problem, so I'm guessing something was left over from the old install. No idea where though, anyone any clue? On 11 March 2011 16:47, Brian O'Mahony brian.omah...@curamsoftware.com wrote: I only installed this server with Base RHEL5.5 last week, got samba working on Monday with ADS. By today (probably yesterday or wed) it was now popping up the login box. When you change the name, what is entailed? Change the name in RHEL. Change the name in DNS (windows server) Rejoin the ads network using net ads join -U Sounds about it. I ran net ads leave first, then changed samba and /etc/hosts and reran kinit too before rejoining, I dunno if that's required. Thanks for the help so far. Not sure how much help I'm being, it's nice to know I'm not the only one. Did you try the testparm thing? Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. If you are not the intended addressee please contact the sender and dispose of this e-mail. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. If you are not the intended addressee please contact the sender and dispose of this e-mail. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. If you are not the intended addressee please contact the sender and dispose of this e-mail. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Help with ADS authentication and Samba
Hi there, just recently joined this list as I seem to be having a little trouble that I am hoping someone can help with. I recently installed a RHEL5.5 server and updated samba to samba3-3.4.11-42.el5.x86_64.rpm. I had never set up samba to authenticate with ADS so I read a little bit and dove right in. The server now works fine, so when I browse to \\machinenamefile:///\\machinename no login box pops up, and I see the shares, and every user in the domain can write to them. So far so good. I then try to replicate this on another server and then the problems started. Here is the procedure I followed: I copied smb.conf, krb5.conf over to the new server from the working copy. Edited nsswitch.conf to add winbind to the end of passwd, group and shadow. I then ran kinit admin. This worked. I than ran kdestroy to destroy the token. [root@rhel5u5live ~]# net ads join -U ictadmin Enter ictadmin's password: Using short domain name -- XXX Joined 'RHEL5U5LIVE' to realm 'xxx.com' [root@rhel5u5live ~]# net ads testjoin Join is OK [root@rhel5u5live ~]# wbinfo -u | grep brian.om XXX/brian.omahony So it seems to be able to look up users etc on the Domain controller. How ever when I browse to \\machinenamefile:///\\machinename a login box pops up. I *know* I must have forgotten something, but cant figure out what. Could someone please help? Thanx b The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. If you are not the intended addressee please contact the sender and dispose of this e-mail. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help with ADS authentication and Samba
2011/3/11 Brian O'Mahony brian.omah...@curamsoftware.com: Hi there, just recently joined this list as I seem to be having a little trouble that I am hoping someone can help with. I recently installed a RHEL5.5 server and updated samba to samba3-3.4.11-42.el5.x86_64.rpm. I had never set up samba to authenticate with ADS so I read a little bit and dove right in. The server now works fine, so when I browse to \\machinenamefile:///\\machinename no login box pops up, and I see the shares, and every user in the domain can write to them. So far so good. I then try to replicate this on another server and then the problems started. Here is the procedure I followed: I copied smb.conf, krb5.conf over to the new server from the working copy. Edited nsswitch.conf to add winbind to the end of passwd, group and shadow. I then ran kinit admin. This worked. I than ran kdestroy to destroy the token. [root@rhel5u5live ~]# net ads join -U ictadmin Enter ictadmin's password: Using short domain name -- XXX Joined 'RHEL5U5LIVE' to realm 'xxx.com' [root@rhel5u5live ~]# net ads testjoin Join is OK [root@rhel5u5live ~]# wbinfo -u | grep brian.om XXX/brian.omahony So it seems to be able to look up users etc on the Domain controller. How ever when I browse to \\machinenamefile:///\\machinename a login box pops up. I *know* I must have forgotten something, but cant figure out what. Welcome to my world. I have exactly the same issue - one server works fine, the other doesn't, even though all the wb tests seem to be fine. Is it an XP client, by any chance? I've narrowed it down to a kerberos issue, I believe. If you run net use \\servername\share /user:XXX/brian.omahony does it work correctly without asking for a password? This seems to be NTLM vs Kerberos auth, but I can't get any further than that. One thing to check, make sure that you have FQDN entries in the server's /etc/hosts (or as reverse entries in DNS) for your dc and the server itself. ie when you do dig -x 192.168.6.10 (the ip address of the server, obviously) from the server, do you get the full domain name or just the hostname? Various pages suggest that might be the cause of the problem, although it doesn't help me. Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help with ADS authentication and Samba
It is XP. When I ran net use \\rhel5u5\tmp /USER:DOMAIN\brian.omahony I get: The password or user name is invalid for \\rhel5u5live\tmp. Enter the password for 'ITDESIGN2\brian.omahony' to connect to 'rhel5u5live': System error 1326 has occurred. Logon failure: unknown user name or bad password. Obviously I entered my windows password when I was prompted. The working server does NOT have entries in the hosts file, and this server DOES. However both can dig the DC successfully. Here is the machine log: [root@rhel5u5live samba]# cat log.soundwave [2011/03/11 13:25:31, 6] param/loadparm.c:7028(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf - /etc/samba/smb.conf last mod_time: Fri Mar 11 13:21:32 2011 [2011/03/11 13:25:31, 5] smbd/reply.c:503(reply_special) init msg_type=0x81 msg_flags=0x0 [2011/03/11 13:25:31, 5] lib/util_sock.c:528(read_fd_with_timeout) read_fd_with_timeout: blocking read. EOF from client. [2011/03/11 13:25:31, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/03/11 13:25:31, 5] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2011/03/11 13:25:31, 5] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/03/11 13:25:31, 5] smbd/uid.c:368(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2011/03/11 13:25:31, 3] smbd/connection.c:31(yield_connection) Yielding connection to [2011/03/11 13:25:31, 3] smbd/connection.c:42(yield_connection) deleting connection record returned NT_STATUS_NOT_FOUND [2011/03/11 13:25:31, 3] smbd/server.c:845(exit_server_common) Server exit (failed to receive smb request) -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Geoff Winkless Sent: Friday, March 11, 2011 11:49 AM To: samba Subject: Re: [Samba] Help with ADS authentication and Samba 2011/3/11 Brian O'Mahony brian.omah...@curamsoftware.com: Hi there, just recently joined this list as I seem to be having a little trouble that I am hoping someone can help with. I recently installed a RHEL5.5 server and updated samba to samba3-3.4.11-42.el5.x86_64.rpm. I had never set up samba to authenticate with ADS so I read a little bit and dove right in. The server now works fine, so when I browse to \\machinenamefile:///\\machinename no login box pops up, and I see the shares, and every user in the domain can write to them. So far so good. I then try to replicate this on another server and then the problems started. Here is the procedure I followed: I copied smb.conf, krb5.conf over to the new server from the working copy. Edited nsswitch.conf to add winbind to the end of passwd, group and shadow. I then ran kinit admin. This worked. I than ran kdestroy to destroy the token. [root@rhel5u5live ~]# net ads join -U ictadmin Enter ictadmin's password: Using short domain name -- XXX Joined 'RHEL5U5LIVE' to realm 'xxx.com' [root@rhel5u5live ~]# net ads testjoin Join is OK [root@rhel5u5live ~]# wbinfo -u | grep brian.om XXX/brian.omahony So it seems to be able to look up users etc on the Domain controller. How ever when I browse to \\machinenamefile:///\\machinename a login box pops up. I *know* I must have forgotten something, but cant figure out what. Welcome to my world. I have exactly the same issue - one server works fine, the other doesn't, even though all the wb tests seem to be fine. Is it an XP client, by any chance? I've narrowed it down to a kerberos issue, I believe. If you run net use \\servername\share /user:XXX/brian.omahony does it work correctly without asking for a password? This seems to be NTLM vs Kerberos auth, but I can't get any further than that. One thing to check, make sure that you have FQDN entries in the server's /etc/hosts (or as reverse entries in DNS) for your dc and the server itself. ie when you do dig -x 192.168.6.10 (the ip address of the server, obviously) from the server, do you get the full domain name or just the hostname? Various pages suggest that might be the cause of the problem, although it doesn't help me. Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. If you are not the intended addressee please contact the sender and dispose of this e-mail. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help with ADS authentication and Samba
On 11 March 2011 13:27, Brian O'Mahony brian.omah...@curamsoftware.com wrote: When I ran net use \\rhel5u5\tmp /USER:DOMAIN\brian.omahony I get: The password or user name is invalid for \\rhel5u5live\tmp. Not the same problem I have then. Shame. I can force the domain and it works. The working server does NOT have entries in the hosts file, and this server DOES. However both can dig the DC successfully. Apologies, I meant dig -x rhel5u5's IP, not that of the DC. dig should return the FQDN, not just rhel5u5. Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help with ADS authentication and Samba
When I dig the RHEL server, it actually returns the DC: 160.16.172.in-addr.arpa. 3600 IN SOA animal.XXX.com. hostmaster.XXX.com. 77337 900 600 86400 3600 The system that is working returns its correct name (ccdubrep.XXX.com) I added the server to the windows DNS table, and the dig now shows correctly. However it is still popping up a login box. -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Geoff Winkless Sent: Friday, March 11, 2011 3:34 PM To: samba Subject: Re: [Samba] Help with ADS authentication and Samba On 11 March 2011 13:27, Brian O'Mahony brian.omah...@curamsoftware.com wrote: When I ran net use \\rhel5u5\tmp /USER:DOMAIN\brian.omahony I get: The password or user name is invalid for \\rhel5u5live\tmp. Not the same problem I have then. Shame. I can force the domain and it works. The working server does NOT have entries in the hosts file, and this server DOES. However both can dig the DC successfully. Apologies, I meant dig -x rhel5u5's IP, not that of the DC. dig should return the FQDN, not just rhel5u5. Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. If you are not the intended addressee please contact the sender and dispose of this e-mail. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help with ADS authentication and Samba
Turns out something else has gone wrong on me. The system that previously worked without a login box, now requires it. I didn't notice this as my machine obviously is cahed. If I put my credentials in (DOMAIN\user and password), it logs in. Still need to fix that The system that has the same confirguration, pops the login box, but I cannot log in using the same credentials. This is starting to boggle me. I don't know why all of a sudden, the first machine is throwing up a login box, and secondly why the second one wont authenticate. B -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Brian O'Mahony Sent: Friday, March 11, 2011 4:02 PM To: samba Subject: Re: [Samba] Help with ADS authentication and Samba When I dig the RHEL server, it actually returns the DC: 160.16.172.in-addr.arpa. 3600 IN SOA animal.XXX.com. hostmaster.XXX.com. 77337 900 600 86400 3600 The system that is working returns its correct name (ccdubrep.XXX.com) I added the server to the windows DNS table, and the dig now shows correctly. However it is still popping up a login box. -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Geoff Winkless Sent: Friday, March 11, 2011 3:34 PM To: samba Subject: Re: [Samba] Help with ADS authentication and Samba On 11 March 2011 13:27, Brian O'Mahony brian.omah...@curamsoftware.com wrote: When I ran net use \\rhel5u5\tmp /USER:DOMAIN\brian.omahony I get: The password or user name is invalid for \\rhel5u5live\tmp. Not the same problem I have then. Shame. I can force the domain and it works. The working server does NOT have entries in the hosts file, and this server DOES. However both can dig the DC successfully. Apologies, I meant dig -x rhel5u5's IP, not that of the DC. dig should return the FQDN, not just rhel5u5. Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. If you are not the intended addressee please contact the sender and dispose of this e-mail. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. If you are not the intended addressee please contact the sender and dispose of this e-mail. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help with ADS authentication and Samba
On 11 March 2011 16:02, Brian O'Mahony brian.omah...@curamsoftware.com wrote: When I dig the RHEL server, it actually returns the DC: 160.16.172.in-addr.arpa. 3600 IN SOA animal.XXX.com. hostmaster.XXX.com. 77337 900 600 86400 3600 The system that is working returns its correct name (ccdubrep.XXX.com) I added the server to the windows DNS table, and the dig now shows correctly. However it is still popping up a login box. Even after restarting both smb and winbind? Then I dunno. I'm beginning to feel like the ADS stuff is a bit like a black art - did you remember to sacrifice a goat and turn three times widdershins before you started? Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help with ADS authentication and Samba
Restarted services. Restarted servers. Recopied smb and krb5 conf files to the server that is not working. I have increased log level to 9 to see what is going on. Black are is right. The fact that one system was working without the login prompt and now doesn't is starting to fry my brains. Especially on a Friday B -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Geoff Winkless Sent: Friday, March 11, 2011 4:22 PM To: samba Subject: Re: [Samba] Help with ADS authentication and Samba On 11 March 2011 16:02, Brian O'Mahony brian.omah...@curamsoftware.com wrote: When I dig the RHEL server, it actually returns the DC: 160.16.172.in-addr.arpa. 3600 IN SOA animal.XXX.com. hostmaster.XXX.com. 77337 900 600 86400 3600 The system that is working returns its correct name (ccdubrep.XXX.com) I added the server to the windows DNS table, and the dig now shows correctly. However it is still popping up a login box. Even after restarting both smb and winbind? Then I dunno. I'm beginning to feel like the ADS stuff is a bit like a black art - did you remember to sacrifice a goat and turn three times widdershins before you started? Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. If you are not the intended addressee please contact the sender and dispose of this e-mail. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help with ADS authentication and Samba
On 11 March 2011 16:06, Brian O'Mahony brian.omah...@curamsoftware.com wrote: Turns out something else has gone wrong on me. The system that previously worked without a login box, now requires it. I didn't notice this as my machine obviously is cahed. If I put my credentials in (DOMAIN\user and password), it logs in. Still need to fix that That sounds more like my problem. If you do the net use command specifying the domain\user does it still ask for password or does it go with it from there? The system that has the same confirguration, pops the login box, but I cannot log in using the same credentials. Are they running the same samba version? Have you run a diff on the output from testparm -v on both boxes? What does wbinfo -k DOMAIN\\brian.omahoney return? (or DOMAIN+brian.omahoney if you're using + as a winbind separator) G -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help with ADS authentication and Samba
Yep that works. Looks like I have the same issue as you on one server, and the other is just hosed. Did yours ever work? Mine worked on Wednesday before I tried to figure out why the second one didn't work, and broke the original in the process. Arg. B -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Geoff Winkless Sent: Friday, March 11, 2011 4:28 PM To: samba Subject: Re: [Samba] Help with ADS authentication and Samba On 11 March 2011 16:06, Brian O'Mahony brian.omah...@curamsoftware.com wrote: Turns out something else has gone wrong on me. The system that previously worked without a login box, now requires it. I didn't notice this as my machine obviously is cahed. If I put my credentials in (DOMAIN\user and password), it logs in. Still need to fix that That sounds more like my problem. If you do the net use command specifying the domain\user does it still ask for password or does it go with it from there? The system that has the same confirguration, pops the login box, but I cannot log in using the same credentials. Are they running the same samba version? Have you run a diff on the output from testparm -v on both boxes? What does wbinfo -k DOMAIN\\brian.omahoney return? (or DOMAIN+brian.omahoney if you're using + as a winbind separator) G -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. If you are not the intended addressee please contact the sender and dispose of this e-mail. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help with ADS authentication and Samba
On 11 March 2011 16:33, Brian O'Mahony brian.omah...@curamsoftware.com wrote: Yep that works. Looks like I have the same issue as you on one server, and the other is just hosed. Did yours ever work? Mine worked on Wednesday before I tried to figure out why the second one didn't work, and broke the original in the process. Mine used to work with identical config before I upgraded it from Redhat 9. I have a feeling it's related to that - perhaps there's a cache of some sort somewhere that remembers the IP/domain name and doesn't like the fact that something about the server (the SID?) has changed. I reset the netbios cache on the XP client but it made no difference. I might try changing the server name and see if it helps. I have no idea where to start looking, unfortunately, so it makes it a bit like looking for a needle in a haystack at midnight. Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help with ADS authentication and Samba
I only installed this server with Base RHEL5.5 last week, got samba working on Monday with ADS. By today (probably yesterday or wed) it was now popping up the login box. When you change the name, what is entailed? Change the name in RHEL. Change the name in DNS (windows server) Rejoin the ads network using net ads join -U Anything else? Thanks for the help so far. B -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Geoff Winkless Sent: Friday, March 11, 2011 4:40 PM To: samba Subject: Re: [Samba] Help with ADS authentication and Samba On 11 March 2011 16:33, Brian O'Mahony brian.omah...@curamsoftware.com wrote: Yep that works. Looks like I have the same issue as you on one server, and the other is just hosed. Did yours ever work? Mine worked on Wednesday before I tried to figure out why the second one didn't work, and broke the original in the process. Mine used to work with identical config before I upgraded it from Redhat 9. I have a feeling it's related to that - perhaps there's a cache of some sort somewhere that remembers the IP/domain name and doesn't like the fact that something about the server (the SID?) has changed. I reset the netbios cache on the XP client but it made no difference. I might try changing the server name and see if it helps. I have no idea where to start looking, unfortunately, so it makes it a bit like looking for a needle in a haystack at midnight. Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. If you are not the intended addressee please contact the sender and dispose of this e-mail. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help with ADS authentication and Samba
Well I changed the server name and it resolved my problem, so I'm guessing something was left over from the old install. No idea where though, anyone any clue? On 11 March 2011 16:47, Brian O'Mahony brian.omah...@curamsoftware.com wrote: I only installed this server with Base RHEL5.5 last week, got samba working on Monday with ADS. By today (probably yesterday or wed) it was now popping up the login box. When you change the name, what is entailed? Change the name in RHEL. Change the name in DNS (windows server) Rejoin the ads network using net ads join -U Sounds about it. I ran net ads leave first, then changed samba and /etc/hosts and reran kinit too before rejoining, I dunno if that's required. Thanks for the help so far. Not sure how much help I'm being, it's nice to know I'm not the only one. Did you try the testparm thing? Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help with ADS authentication and Samba
Geoff, did you do the steps below? Was there anything else required? B -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Geoff Winkless Sent: Friday, March 11, 2011 4:59 PM To: samba Subject: Re: [Samba] Help with ADS authentication and Samba Well I changed the server name and it resolved my problem, so I'm guessing something was left over from the old install. No idea where though, anyone any clue? On 11 March 2011 16:47, Brian O'Mahony brian.omah...@curamsoftware.com wrote: I only installed this server with Base RHEL5.5 last week, got samba working on Monday with ADS. By today (probably yesterday or wed) it was now popping up the login box. When you change the name, what is entailed? Change the name in RHEL. Change the name in DNS (windows server) Rejoin the ads network using net ads join -U Sounds about it. I ran net ads leave first, then changed samba and /etc/hosts and reran kinit too before rejoining, I dunno if that's required. Thanks for the help so far. Not sure how much help I'm being, it's nice to know I'm not the only one. Did you try the testparm thing? Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. If you are not the intended addressee please contact the sender and dispose of this e-mail. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help with ADS authentication and Samba
After a bit more investigation it seems my issue on the working server is a bit more complex. If I use any of the three usernames that had previously worked, they work in the login prompt. However if I use any other user, it fails to log in. There is obviously a cache of users somewhere, but I cannot find it. Has anyone an idea where this cache is? Regards B -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Brian O'Mahony Sent: Friday, March 11, 2011 5:05 PM To: 'Geoff Winkless'; samba Subject: Re: [Samba] Help with ADS authentication and Samba Geoff, did you do the steps below? Was there anything else required? B -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Geoff Winkless Sent: Friday, March 11, 2011 4:59 PM To: samba Subject: Re: [Samba] Help with ADS authentication and Samba Well I changed the server name and it resolved my problem, so I'm guessing something was left over from the old install. No idea where though, anyone any clue? On 11 March 2011 16:47, Brian O'Mahony brian.omah...@curamsoftware.com wrote: I only installed this server with Base RHEL5.5 last week, got samba working on Monday with ADS. By today (probably yesterday or wed) it was now popping up the login box. When you change the name, what is entailed? Change the name in RHEL. Change the name in DNS (windows server) Rejoin the ads network using net ads join -U Sounds about it. I ran net ads leave first, then changed samba and /etc/hosts and reran kinit too before rejoining, I dunno if that's required. Thanks for the help so far. Not sure how much help I'm being, it's nice to know I'm not the only one. Did you try the testparm thing? Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. If you are not the intended addressee please contact the sender and dispose of this e-mail. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. If you are not the intended addressee please contact the sender and dispose of this e-mail. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Help / Suggestions on how to migrate to AD from smbpasswd
Hello, I have an older standalone Samba 3.0.14 system (security = user) with local users and local home directories and shares. This uses another 'legacy' system for adding linux users accounts. I then use the pam plug-in pam_smbpass pam_smbpass.so migrate to create a smbpasswd entry for users. The UID's up to 8765 are currently in use ie: etc/passwd: noni:x:8765:4251::/home/noni:/bin/bash etc/samba/smbpasswd: noni:8765:bla:bla:[U ]:LCT-4D2B7B16: I hope to have the new system Samba 3.5.4 that I am migrating to use AD (security = ads) for samba and ssh via PAM. Will I be able to do this? How do I keep the current users and their UIG / GID active while changing them to authenticate to AD vs local files?All the usernames match between my local accounts and the domain ones. Except for root - how is root login handled? I assume as 'files' is still in the nssswitch.conf that will work. Will the Samba Add Users script work to add new users. I would expect if a used tried to login via ssh without a local account it would not work, but would (and created the home dir) via Samba. I would also set AssumeDefaultDomain . Should I use Likewise Open for this? Thanks in advance. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help / Suggestions on how to migrate to AD from smbpasswd
On Fri, Mar 04, 2011 at 07:11:22PM -0800, David Broome wrote: I have an older standalone Samba 3.0.14 system (security = user) with local users and local home directories and shares. This uses another 'legacy' system for adding linux users accounts. I then use the pam plug-in pam_smbpass pam_smbpass.so migrate to create a smbpasswd entry for users. The UID's up to 8765 are currently in use ie: etc/passwd: noni:x:8765:4251::/home/noni:/bin/bash etc/samba/smbpasswd: noni:8765:bla:bla:[U ]:LCT-4D2B7B16: I hope to have the new system Samba 3.5.4 that I am migrating to use AD (security = ads) for samba and ssh via PAM. Will I be able to do this? Look at net idmap dump / net idmap restore. Volker -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [HELP] Can't browse/see any files
Hi Everybody I got some shares on a winxp sp2 machine, trying to mount them on a ubuntu machine, I can mount successfully but can't see any file in them (empty mount points). This happened after a client system upgrade to ubuntu 10.0.4 from 9.10. I tried also to compile last samba stable version (3.5.6) but i got same results..empty directories. I can't figure out if problem is on Linux or Windows side.. Here some information about my configuration, thank you in advance for any suggestion. root@fisso:~# mount|grep mnt //192.168.1.8/X on /mnt type cifs (rw,mand) root@fisso:~# df -k | grep mnt //192.168.1.8/X 172979884 100924728 72055156 59% /mnt root@fisso:~# ls -laR /mnt /mnt: total 1 drwxr-xr-x 1 root root 0 Feb 27 17:15 . drwxr-xr-x 27 root root 960 Feb 28 02:32 .. SERVER INFO: PORT STATE SERVICE 135/tcp open msrpc 139/tcp open netbios-ssn 445/tcp open microsoft-ds 2869/tcp open unknown Domain=[GOOSE] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager] Sharename Type Comment - --- UtorrentDisk ...(some output omitted) X Disk CLIENT INFO: Ubuntu 10.0.4 LTS Linux fisso 2.6.32-28-generic #55-Ubuntu SMP Mon Jan 10 21:21:01 UTC 2011 i686 GNU/Linux ii samba-common 2:3.4.7~dfsg-1ubuntu3.3 common files used by both the Samba server a ii samba-common-bin 2:3.4.7~dfsg-1ubuntu3.3 common files used by both the Samba server a ii smbfs 2:3.4.7~dfsg-1ubuntu3.3 Samba file system utilities root@fisso:~# modinfo cifs filename: /lib/modules/2.6.32-28-generic/kernel/fs/cifs/cifs.ko version:1.61 srcversion: 144C5A7956082C40177846E depends: vermagic: 2.6.32-28-generic SMP mod_unload modversions 586 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help needed with Windows7 roaming files.
With outlook working you need to redirect your users pst and you need to set up a prf-file for each user. Ex: ;Automatically generated PRF file from the Microsoft Office Customization and Installation Wizard ; ** ; Section 1 - Profile Defaults ; ** [General] Custom=1 ProfileName=test DefaultProfile=Yes OverwriteProfile=Yes ModifyDefaultProfileIfPresent=FALSE ;DefaultStore=Service1 ; ** ; Section 2 - Services in Profile ; ** [Service List] Service1=Personal Folders Service2=Outlook Address Book Service3=Personal Address Book ;*** ; Section 3 - List of internet accounts ;*** [Internet Account List] Account1=IMAP_I_Mail ;*** ; Section 4 - Default values for each service. ;*** [Service1] UniqueService=No Name=Mein persönlicher Ordner PathToPersonalFolders=\\tuepropdc\%USERNAME%\outlook\%USERNAME%.pst --the psts EncryptionType=0x8000 [Service2] [Service3] NameOfPAB=Persönliches Adress Buch Path=\\tuepropdc\%USERNAME%\outlook\%USERNAME%.pab ShowNamesBy=0 .. But you are running exchange. Why do you need another imap and smtp? --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Dennis M Gesendet: Montag, 21. Februar 2011 05:45 An: samba@lists.samba.org Betreff: Re: [Samba] Help needed with Windows7 roaming files. Hi Guys, I've had a check again, looks like roaming profile is already running (sorry about being misleading), strange though no local profile is created (this can be found out when i log in as local admin and go to the User Profile tab in computer properties), and outlook still complains about the data file cannot be accessed and not sending email (we have two email accounts in outlook, the exchange one is fine, only imap/smtp account is not sending. ) on Windows XP before the upgrade everything was fine, just wondering if there's anyone managed to get outlook working with windows7 roaming profile. .profile.V2 looks fine on the server. it was auto-generated by windows7. Thanks again. On Mon, Feb 21, 2011 at 12:30 AM, mr...@freemail.hu mr...@freemail.huwrote: Hi Dennis! Windows 7 uses the same share for roaming profiles as Windows XP, but a different directory. (so, you don't need the profiles.v2 share) The profile directories for Win7 ends with .v2. Try to create a directory with the following name: \\server1\user1\.profile.v2. Perhaps it helps, If doesn't, then here is my config which worked for me: smb.conf: [global] ... logon path = \\smbserver\profiles\%U ... [profiles] path = /opt/samba/profiles writeable = yes browseable = yes read only = no hide unreadable = yes directory mask = 0770 force directory mode = 2770 create mask = 0660 In the profiles share I made two directories for the two profiles: john john.v2 Best regards, mredd -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help needed with Windows7 roaming files.
Thanks Daniel, The legacy IMap (postfix and courier) server exists for historic reasons, we have plans to merge it with the Exchange server sometime this year. until then we will still need to live with it. Can you give more details as in how to activate the prf file for each user? if i understand correctly, this will place the .prf file in the network share, i heard it's not supported by MS prone to errors. Thanks heaps for the great help! On Mon, Feb 21, 2011 at 6:35 PM, Daniel Müller muel...@tropenklinik.dewrote: With outlook working you need to redirect your users pst and you need to set up a prf-file for each user. Ex: ;Automatically generated PRF file from the Microsoft Office Customization and Installation Wizard ; ** ; Section 1 - Profile Defaults ; ** [General] Custom=1 ProfileName=test DefaultProfile=Yes OverwriteProfile=Yes ModifyDefaultProfileIfPresent=FALSE ;DefaultStore=Service1 ; ** ; Section 2 - Services in Profile ; ** [Service List] Service1=Personal Folders Service2=Outlook Address Book Service3=Personal Address Book ;*** ; Section 3 - List of internet accounts ;*** [Internet Account List] Account1=IMAP_I_Mail ;*** ; Section 4 - Default values for each service. ;*** [Service1] UniqueService=No Name=Mein persönlicher Ordner PathToPersonalFolders=\\tuepropdc\%USERNAME%\outlook\%USERNAME%.pst --the psts EncryptionType=0x8000 [Service2] [Service3] NameOfPAB=Persönliches Adress Buch Path=\\tuepropdc\%USERNAME%\outlook\%USERNAME%.pab ShowNamesBy=0 .. But you are running exchange. Why do you need another imap and smtp? --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Dennis M Gesendet: Montag, 21. Februar 2011 05:45 An: samba@lists.samba.org Betreff: Re: [Samba] Help needed with Windows7 roaming files. Hi Guys, I've had a check again, looks like roaming profile is already running (sorry about being misleading), strange though no local profile is created (this can be found out when i log in as local admin and go to the User Profile tab in computer properties), and outlook still complains about the data file cannot be accessed and not sending email (we have two email accounts in outlook, the exchange one is fine, only imap/smtp account is not sending. ) on Windows XP before the upgrade everything was fine, just wondering if there's anyone managed to get outlook working with windows7 roaming profile. .profile.V2 looks fine on the server. it was auto-generated by windows7. Thanks again. On Mon, Feb 21, 2011 at 12:30 AM, mr...@freemail.hu mr...@freemail.huwrote: Hi Dennis! Windows 7 uses the same share for roaming profiles as Windows XP, but a different directory. (so, you don't need the profiles.v2 share) The profile directories for Win7 ends with .v2. Try to create a directory with the following name: \\server1\user1\.profile.v2. Perhaps it helps, If doesn't, then here is my config which worked for me: smb.conf: [global] ... logon path = \\smbserver\profiles\%U ... [profiles] path = /opt/samba/profiles writeable = yes browseable = yes read only = no hide unreadable = yes directory mask = 0770 force directory mode = 2770 create mask = 0660 In the profiles share I made two directories for the two profiles: john john.v2 Best regards, mredd -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help needed with Windows7 roaming files.
Hi Guys, I've had a check again, looks like roaming profile is already running (sorry about being misleading), strange though no local profile is created (this can be found out when i log in as local admin and go to the User Profile tab in computer properties), and outlook still complains about the data file cannot be accessed and not sending email (we have two email accounts in outlook, the exchange one is fine, only imap/smtp account is not sending. ) on Windows XP before the upgrade everything was fine, just wondering if there's anyone managed to get outlook working with windows7 roaming profile. .profile.V2 looks fine on the server. it was auto-generated by windows7. Thanks again. On Mon, Feb 21, 2011 at 12:30 AM, mr...@freemail.hu mr...@freemail.huwrote: Hi Dennis! Windows 7 uses the same share for roaming profiles as Windows XP, but a different directory. (so, you don't need the profiles.v2 share) The profile directories for Win7 ends with .v2. Try to create a directory with the following name: \\server1\user1\.profile.v2. Perhaps it helps, If doesn't, then here is my config which worked for me: smb.conf: [global] ... logon path = \\smbserver\profiles\%U ... [profiles] path = /opt/samba/profiles writeable = yes browseable = yes read only = no hide unreadable = yes directory mask = 0770 force directory mode = 2770 create mask = 0660 In the profiles share I made two directories for the two profiles: john john.v2 Best regards, mredd -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help needed with Windows7 roaming files.
Are you sure it's not a permissions problem? Have the Windows 7 machines been properly added to the domain? Are the user accounts enabled? Sorry, I have no Windows 7 clients to test things on. However, whenever I've had similar problems, it's been an account setup problem, not a Samba configuration issue. On 17/02/11 11:00 PM, Dennis M wrote: Hi all, We've been trying to setup/upgrade a samba PDC (version 3.56) with OpenLDAP as backend and roaming profiles for Windows7 (32bit) Clients. windows7 has no problem with login after applying the reg patches, however, it seems to always load a temporary profile as opposed to roaming one for users, no local profile is created. this has caused Outlook 2010 to function improperly (complains about outlook data cannot be accessed and fail to send any email), if i force profile type to local only in registry then outlook works perfectly, local profile is not an option for us though as a lot of our users change sites/pcs quite often. I've enclosed some related info below; the same config works perfectly with windowsXP clients. Ldap entries (samba related) objectClass: sambaSamAccount sambaSID: S-1-5-21-1209579028-1696229136-1764916649-15754 sambaHomePath: \\server1\user1 sambaProfilePath: \\server1\user1\.profile sambaLogonScript: logon.bat sambaAcctFlags: [UX ] sambaPrimaryGroupSID: S-1-5-21-1209579028-1696229136-1764916649-513 smb.conf [global] logon drive = H: logon home = \\%s\%U [profiles] path = /home browseable = no read only = no profile acls = yes csc policy = disable hide files=/Desktop.ini/Thumbs.db/lost+found store dos attributes = Yes create mask = 0600 directory mask = 0700 [profiles.v2] copy = profiles Any ideas? thanks heaps. Dennis has anybody managed to get Windows 7 (final) to use roaming profiles? Windows 7 is joined to my Samba 3.4.1 domain and always logs me in with a temporary profile. Windows XP works without problems. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help needed with Windows7 roaming files.
Hi all, We've been trying to setup/upgrade a samba PDC (version 3.56) with OpenLDAP as backend and roaming profiles for Windows7 (32bit) Clients. windows7 has no problem with login after applying the reg patches, however, it seems to always load a temporary profile as opposed to roaming one for users, no local profile is created. this has caused Outlook 2010 to function improperly (complains about outlook data cannot be accessed and fail to send any email), if i force profile type to local only in registry then outlook works perfectly, local profile is not an option for us though as a lot of our users change sites/pcs quite often. I've enclosed some related info below; the same config works perfectly with windowsXP clients. Ldap entries (samba related) objectClass: sambaSamAccount sambaSID: S-1-5-21-1209579028-1696229136-1764916649-15754 sambaHomePath: \\server1\user1 sambaProfilePath: \\server1\user1\.profile sambaLogonScript: logon.bat sambaAcctFlags: [UX ] sambaPrimaryGroupSID: S-1-5-21-1209579028-1696229136-1764916649-513 sambaProfilePath: \\oakland\profiles\pcuser description: System User homeDirectory: /home/pcuser sn: pcuser sambaHomePath: \\oakland\open Works fine with XP, Vista and Win7 smb.conf SNIP [Profiles] path=/usr/home/sambashit/Profiles public = yes only guest = no browseable = yes writeable = yes printable = no create mask = 0770 force create mode = 0770 force directory mode = 0770 directory security mask = 0770 level2 oplocks = Yes Security fine grained control using acls set from Administrator account on Windows workstation. smb.conf [global] . logon drive = H: logon home = \\%s\%U [profiles] path = /home browseable = no read only = no profile acls = yes csc policy = disable hide files=/Desktop.ini/Thumbs.db/lost+found store dos attributes = Yes create mask = 0600 directory mask = 0700 [profiles.v2] copy = profiles Any ideas? thanks heaps. Dennis has anybody managed to get Windows 7 (final) to use roaming profiles? Windows 7 is joined to my Samba 3.4.1 domain and always logs me in with a temporary profile. Windows XP works without problems. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Help needed with Windows7 roaming files.
Hi all, We've been trying to setup/upgrade a samba PDC (version 3.56) with OpenLDAP as backend and roaming profiles for Windows7 (32bit) Clients. windows7 has no problem with login after applying the reg patches, however, it seems to always load a temporary profile as opposed to roaming one for users, no local profile is created. this has caused Outlook 2010 to function improperly (complains about outlook data cannot be accessed and fail to send any email), if i force profile type to local only in registry then outlook works perfectly, local profile is not an option for us though as a lot of our users change sites/pcs quite often. I've enclosed some related info below; the same config works perfectly with windowsXP clients. Ldap entries (samba related) objectClass: sambaSamAccount sambaSID: S-1-5-21-1209579028-1696229136-1764916649-15754 sambaHomePath: \\server1\user1 sambaProfilePath: \\server1\user1\.profile sambaLogonScript: logon.bat sambaAcctFlags: [UX ] sambaPrimaryGroupSID: S-1-5-21-1209579028-1696229136-1764916649-513 smb.conf [global] logon drive = H: logon home = \\%s\%U [profiles] path = /home browseable = no read only = no profile acls = yes csc policy = disable hide files=/Desktop.ini/Thumbs.db/lost+found store dos attributes = Yes create mask = 0600 directory mask = 0700 [profiles.v2] copy = profiles Any ideas? thanks heaps. Dennis has anybody managed to get Windows 7 (final) to use roaming profiles? Windows 7 is joined to my Samba 3.4.1 domain and always logs me in with a temporary profile. Windows XP works without problems. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] help migrating from file server to NAS w/ Active Directory
hello, I'm having a problem I hope will be easy for someone to explain to me how to fix. I need to migrate from an old server to a new Cisco Smart Storage NAS, which runs some flavor of linux and is Active Directory aware. Using something like Robocopy from the AD server, or rsync or tar from the file server does not preserve user/group identities or directory date stamps (maybe rsync tar preserves the directory date stamps but robocopy doesn't). The owner defaults to the NAS admin and admin group. There also seems to be a problem with the windows security permissions on the directories/files - under Windows Explorer the permissions are listed as special and the admins can't change them. I set up a file server years ago on CentOs using Samba to serve files to Windows clients. Since then we integrated Active Directory and I had a windows whiz fix up my Samba config to use AD authentication. So the server doesn't really have linux users/groups anymore per se. To add a new user I add them via the AD server then map them in the smb.conf file - create manually a home directory for them and chown it to their username. (not sure how that works since there is no linux user by those usernames). Here is an example: [jimd] path = /home/CN/jimd valid users = CN+jimd writeable = Yes create mask = 0777 directory mask = 0777 browseable = no So the AD user is CN+jimd. One the file server though, the username that shows up on any file created by CN+jimd is actually owned by jimd (no CN+). On the NAS, any file I create with that user is owned by CN+jimd. Not sure if that is part of my problem or not. Groups are similar. [Engineering] writeable = Yes path = /home/data/engineering force group = CN+sengineer ; guest ok = Yes browseable = Yes create mask = 0770 directory mask = 0770 valid users = @CN+sengineer So the thought was to somehow map files/shares on the AD server and move them over in that environment, but having troubles mentioned above - preserving directory time stamps and owner IDs. Seems like I'm missing something really simple. The NAS does have samba and automatically writes a smb.conf file, but I don't believe there is a way to manually edit it other than GUI. Let me know if you need more info to help.. appreciate the read! cheers, JD -- Jim Dory Engineering City of Nome PO Box 281 102 Division St. Nome, AK 99762 907.443.6604 http://www.nomealaska.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] help migrating from file server to NAS w/ Active Directory
Extra info: smbd --version Version 3.0.33-0.19.el4_8.3 Win Server 2003-r2 thx, JD On 2/16/2011 10:49 AM, Jim Dory wrote: hello, I'm having a problem I hope will be easy for someone to explain to me how to fix. I need to migrate from an old server to a new Cisco Smart Storage NAS, which runs some flavor of linux and is Active Directory aware. Using something like Robocopy from the AD server, or rsync or tar from the file server does not preserve user/group identities or directory date stamps (maybe rsync tar preserves the directory date stamps but robocopy doesn't). The owner defaults to the NAS admin and admin group. There also seems to be a problem with the windows security permissions on the directories/files - under Windows Explorer the permissions are listed as special and the admins can't change them. I set up a file server years ago on CentOs using Samba to serve files to Windows clients. Since then we integrated Active Directory and I had a windows whiz fix up my Samba config to use AD authentication. So the server doesn't really have linux users/groups anymore per se. To add a new user I add them via the AD server then map them in the smb.conf file - create manually a home directory for them and chown it to their username. (not sure how that works since there is no linux user by those usernames). Here is an example: [jimd] path = /home/CN/jimd valid users = CN+jimd writeable = Yes create mask = 0777 directory mask = 0777 browseable = no So the AD user is CN+jimd. One the file server though, the username that shows up on any file created by CN+jimd is actually owned by jimd (no CN+). On the NAS, any file I create with that user is owned by CN+jimd. Not sure if that is part of my problem or not. Groups are similar. [Engineering] writeable = Yes path = /home/data/engineering force group = CN+sengineer ; guest ok = Yes browseable = Yes create mask = 0770 directory mask = 0770 valid users = @CN+sengineer So the thought was to somehow map files/shares on the AD server and move them over in that environment, but having troubles mentioned above - preserving directory time stamps and owner IDs. Seems like I'm missing something really simple. The NAS does have samba and automatically writes a smb.conf file, but I don't believe there is a way to manually edit it other than GUI. Let me know if you need more info to help.. appreciate the read! cheers, JD -- Jim Dory Engineering City of Nome PO Box 281 102 Division St. Nome, AK 99762 907.443.6604 http://www.nomealaska.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] help migrating from file server to NAS w/ Active Directory
To boil this down a bit, maybe my problem is that my domain users on the old server are for instance jimd, and on the new NAS they show up as Domain+jimd. Or in this example, CN+jimd. So if I try to move files to the NAS, it doesn't recognize those users (without the prefix CN+) as users. The getent command on the old server has users uids in the 10,000 range. On the NAS, they are in the 30,000 range, even though it got the users from the AD server. So perhaps I need a way to get things to match up? thx, Jim On 2/16/2011 10:49 AM, Jim Dory wrote: hello, I'm having a problem I hope will be easy for someone to explain to me how to fix. I need to migrate from an old server to a new Cisco Smart Storage NAS, which runs some flavor of linux and is Active Directory aware. Using something like Robocopy from the AD server, or rsync or tar from the file server does not preserve user/group identities or directory date stamps (maybe rsync tar preserves the directory date stamps but robocopy doesn't). The owner defaults to the NAS admin and admin group. There also seems to be a problem with the windows security permissions on the directories/files - under Windows Explorer the permissions are listed as special and the admins can't change them. I set up a file server years ago on CentOs using Samba to serve files to Windows clients. Since then we integrated Active Directory and I had a windows whiz fix up my Samba config to use AD authentication. So the server doesn't really have linux users/groups anymore per se. To add a new user I add them via the AD server then map them in the smb.conf file - create manually a home directory for them and chown it to their username. (not sure how that works since there is no linux user by those usernames). Here is an example: [jimd] path = /home/CN/jimd valid users = CN+jimd writeable = Yes create mask = 0777 directory mask = 0777 browseable = no So the AD user is CN+jimd. One the file server though, the username that shows up on any file created by CN+jimd is actually owned by jimd (no CN+). On the NAS, any file I create with that user is owned by CN+jimd. Not sure if that is part of my problem or not. Groups are similar. [Engineering] writeable = Yes path = /home/data/engineering force group = CN+sengineer ; guest ok = Yes browseable = Yes create mask = 0770 directory mask = 0770 valid users = @CN+sengineer So the thought was to somehow map files/shares on the AD server and move them over in that environment, but having troubles mentioned above - preserving directory time stamps and owner IDs. Seems like I'm missing something really simple. The NAS does have samba and automatically writes a smb.conf file, but I don't believe there is a way to manually edit it other than GUI. Let me know if you need more info to help.. appreciate the read! cheers, JD -- Jim Dory Engineering City of Nome PO Box 281 102 Division St. Nome, AK 99762 907.443.6604 http://www.nomealaska.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] help with configuring PAM
Hello, My company has a Windows file server that I attempting to setup a Samba server as an Active Directory domain member to replace. I have migrated one of the shares to the Samba server but am having some problems. I installed Ubuntu Server 10.04.1 LTS on a new server for the sole purpose of replacing the Windows file server. Our domain controller is running Windows Server 2003 SP2. I have set up smb.conf, the client side of Kerberos, Winbind, name service switch, and PAM according to some documentation I read. I believe the problems may be due to an improper PAM configuration, because one of the issues I have is getting prompted to enter my password more than once when I sudo or sign into the console. Another issue is if I do a useradd command to add a strictly local linux user, then run the passwd command to set a password for the local user, I get prompted to enter a current kerberos password. Would anyone that has replaced a Windows file server in an Active Directory environment be willing to share how they did their PAM configuration? Thanks, Brandon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba