Re: [Samba] Samba on FreeBSD 7.0
On Friday 13 June 2008 20:40, white list wrote: > Hello ALL, > does any body know the options to enable when installing samba from ports > collection? It depends what you intend to do with samba. A good start could be the first part of "samba 3 by example" http://us1.samba.org/samba/docs/man/Samba-Guide/ExNetworks.html 6 implementations are described so that you can choose the closest to your needs; after that the options become clearer. If it is just for testing samba without a particular goal in mind yet, I guess you probably can enable everything. The other way round would be compiling with no options and when you're stuck with something you can't do, recompile with the correct option(s). You chould check LDAPif you want to store users and machines in LDAP ADS if you want your samba server joined to a windows AD domain CUPSif you want a print server WINBIND if windows will store users who will ues your samba server ACL_SUPPORT if you want windows-type ACLs etc... HTH Thierry -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Configuring a samba server with two NICs
On Fri, Jun 13, 2008 at 4:59 PM, Fabio <[EMAIL PROTECTED]> wrote: >> FWIW, there was just a discussion on the Dell Server list trying to use a >> crossover between two recent Dell servers. >> It DIDN'T work. >> A normal network cable did. >> Seems that some modern cards a suppose to auto-configure, but in this case >> it didn't work with a crossover. >> >> http://article.gmane.org/gmane.linux.hardware.dell.poweredge/32995 >> >> >> Can you at least PING it? >> Dennis > > Sorry, I forgot to answer this. > > If I configure samba to listen only on eth0 (my laptop connected via a > crossover cable), then I can access the shared dir. > > If that matters, I also configured ip masquerading so that from the laptop > I can access the internet via the desktop. > Are you trying to access samba on the laptop using the ipaddress of the samba server? John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Configuring a samba server with two NICs
> FWIW, there was just a discussion on the Dell Server list trying to use a > crossover between two recent Dell servers. > It DIDN'T work. > A normal network cable did. > Seems that some modern cards a suppose to auto-configure, but in this case > it didn't work with a crossover. > > http://article.gmane.org/gmane.linux.hardware.dell.poweredge/32995 > > > Can you at least PING it? > Dennis Sorry, I forgot to answer this. If I configure samba to listen only on eth0 (my laptop connected via a crossover cable), then I can access the shared dir. If that matters, I also configured ip masquerading so that from the laptop I can access the internet via the desktop. Fabio -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Configuring a samba server with two NICs
>> FWIW, there was just a discussion on the Dell Server list trying to use a >> crossover between two recent Dell servers. >> It DIDN'T work. >> A normal network cable did. >> Seems that some modern cards a suppose to auto-configure, but in this case >> it didn't work with a crossover. >> > All gigabit devices auto crossover so no crossover is necessary if > both sides are gigabit. I am not sure this is the problem though. It > looks like ipv4 forwarding needs to be turned on on the machine that > has 2 nics. None of the 2 nics is a gigabit... :-(( > However I may be wrong as I was a little confused with the > discussion of the two networks and their purpose. Maybe I didn't explain well myself, sorry. My principal aim is simply to share the same directory over the two networs: everything else is unessential. They can also be invisible to each other. What I got with my config is that my shared dir is accessible on eth1 (where I just allow 3 IPs), but it is not on eth0 (my laptop). Thanks Fabi Thanks Fabio -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Configuring a samba server with two NICs
> > FWIW, there was just a discussion on the Dell Server list trying to use a > crossover between two recent Dell servers. > It DIDN'T work. > A normal network cable did. > Seems that some modern cards a suppose to auto-configure, but in this case > it didn't work with a crossover. > All gigabit devices auto crossover so no crossover is necessary if both sides are gigabit. I am not sure this is the problem though. It looks like ipv4 forwarding needs to be turned on on the machine that has 2 nics. However I may be wrong as I was a little confused with the discussion of the two networks and their purpose. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba4, multi-domain Forest and Unix ID mapping
Charlie wrote: When you say "forest" are you referring to a user authentication database implementing multiple linked lists that do not share a common root? First, thank you for responding. I must also say I have been out of Windows land for some time. I last really messed with Windows Networking around NT 4.0. By Forest, I mean: "At the top of the structure is the Forest - the collection of every object, its attributes, and rules (attribute syntax) in the AD. The forest holds one or more transitive, trust-linked Trees. A tree holds one or more Domains and domain trees, again linked in a transitive trust hierarchy. Domains are identified by their DNS name structure, the namespace." (http://en.wikipedia.org/wiki/Active_Directory#Forests.2C_trees.2C_and_domains) So, I am looking for something like: family1.example.com (uids=1000.1999, for example) family2.example.com (uids=2000.2999) family3.example.com (uids=3000.3999) family4.example.com (uids=4000.4999) family5.example.com (uids=5000.5999) family6.example.com (uids=6000.6999) Where each is a separate domain that trusts the other, and is within one forest/tree. Also, they must use something like idmap_ldap (or the equivalent) in Samba4 and that mapping must be valid and usable so that people in each domain can log in on boxes in the other domains as Linux and Windows users and share files and printers without uid collisions or other such problems. The only exception is root (uid=0) as each family may or may not want root to be shared. Again, I am using the family example as it fits even the business cases. I am hoping that Linux users can login doing something like windows ([EMAIL PROTECTED] or domain\user). Samba 3 & 4 do indeed incorporate "idmapping" which works pretty much as you describe. The command syntax has grown a lot recently and has not yet been fully documented, but I'd say it's quite powerful. If you can get your interdomain trusts set up right I think you can do what you want, but it's probably going to be dependent on how well you can control access to your directory backend. Well, I once read that, at least at one point, idmap didn't work in this setup. I was wondering if it has changed (as I can no longer find the reference). Also, yes, these will all be Samba based domains (Active Directory style). All clients will likely be Vista Business or Ultimate. You haven't specified what directory backend you are running... Microsoft AD? Novell eDirectory? OpenLDAP? Sun? IBM? Fedora DS? There are lots... --Charlie Well, Samba 4 so, if it has an internal (I think that has been abandoned, but not certain) then that, OpenLDAP or Fedora DS will be the backend. I am leaning toward Fedora DS, but I am not certain and will accept suggestions. I hope this corrects and clarifies my question enough that I can get an accurate response. This is a forward looking query and I am only interested in Samba 4 as it must be Active Directory and Windows server free. Thank you, Trever Adams On Wed, Jun 11, 2008 at 3:33 AM, Trever L. Adams <[EMAIL PROTECTED]> wrote: Good day, I wasn't sure whether this should go to the user list or the samba-technical list. I chose here based on the descriptions of the list. Forgive me if my understanding of the naming is inaccurate. It is my understanding that Samba3 (and I believe 4, as well) has a very powerful SID<->UID mapping mechanism which will auto create the UID in a range. This is what I mean by Unix ID mapping. I have read that this as of yet won't work in a forest, even if the organization is only one organization. I am hoping this isn't true. I am beginning to look at Samba4 for future implementations within organizations I do work for. However, it appears I will need multiple domain in one forest functionality. Is this implemented or at least planned? If it is implemented/planned is it possible to do the automatic Unix ID mapping per above? If it is all one domain, is it possible to do this if all the domain controllers/active directory machines are Samba 4? Basically, can each domain have its own UID mapping setup and they will work in the forest IF, and ONLY IF, the UID mapping doesn't overlap? The exact mechanism my questions may bring into mind may be bad. Here is the situation, explained in the context of an extended family network: Each family has its own domain (Windows and DNS), policies, etc. Each has its own file servers, mail domains (DNS), etc. Each may share file and printers with other families. This needs to work in Windows and Linux. However, here is the killer, root access to Linux machines is not shared across domains. Nor should Windows system/net/domain admin abilities. However, guests from other families (within the extended family) need to be able to view the shared files as well as login (without administrative privileges) on computers in the other domains (think visiting family). To do this, auto SID<->UID maps are a must. Domain
RE: [Samba] Configuring a samba server with two NICs
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > On Behalf Of Fabio > Sent: Friday, June 13, 2008 3:22 AM > To: samba@lists.samba.org > Subject: [Samba] Configuring a samba server with two NICs FWIW, there was just a discussion on the Dell Server list trying to use a crossover between two recent Dell servers. It DIDN'T work. A normal network cable did. Seems that some modern cards a suppose to auto-configure, but in this case it didn't work with a crossover. http://article.gmane.org/gmane.linux.hardware.dell.poweredge/32995 Can you at least PING it? Dennis -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba on FreeBSD 7.0
Hello ALL, does any body know the options to enable when installing samba from ports collection? cd /usr/ports/net/samba3 make config shows a list of options such as LDAP or ADS support. can anybody help? Thanks in advance! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Switching form NT PDC to AD
I set up a test machine running Red Hat 5.2 and samba version 3.0.28. We have a unix server sharing out a file system. The windows users accessed the file system via Samba and as they all had unix accounts they were just mapped to their UNIX id. As long as we had groups with the same name, the groups were mapped as well. Since going to AD, we would like to do the same thing, but it appears that the groups aren't mapping. When I first set it up I had the nsswitch.conf file configured with files compat winbind. This seemed to be working fine, but the mapping was going to a new id when we wanted them to get their unix id, so I swithced the nsswitch.conf file to just files and compat. Things seemed to be working until I tried to access a directory owened by someone else and it wouldn't let me in even though we were in the same group. It seems like group mapping isn't taking place. I tested it from the linux side and everything worked as expected. If you need any additional information let me know. We are on a private network so I have to retype anything you wish to see. Thanks for your help. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Configuring a samba server with two NICs
Hi all, I am trying hard to configure samba, but I can not achieve my goals. Other than standard man pages, I have seen also many posts/documents samba with multiple nics, but I couldn' find any relevant to me. So, please, let me explain my settings and what I am looking to set up. First of all, my desktop runs ubuntu 8.04 with samba 3.0.28a On the pc I have 2 nics, eth0 and eth1. eth1 has address 10.80.2.121 eth0 has address 192.168.23.1 The network on eth1 is a company network, with many windows/unix pcs on it and a wins server at the address 192.167.219.2. The network on eth0 is a small private network, in the sense that I attach to it only my laptop with a crossed cable and I use the desktop to share network and services with the laptop. The laptop is an eeepc900 with its Xandros default distribution and samba 3.0.24-6, with the default smb.conf (I include at the end of the message the result of cat smb.conf | egrep -v "^(#|;| *$)" on the eeepc) I want to share a directory (/media/matematica/libri) and I want that it is possible to have (free but readonly) access to it only from a bunch of trusted pcs: the one attached at eth0 (192.168.23.) and two on the eth1 (10.80.2.196 10.80.2.72), plus myself (10.80.2.121) Finally, at least on the eth1 network, I want to be part of the workgroup "DOCENTI". Summing this up, I wrote the following smb.conf on my desktop: [global] wins server = 192.167.219.2 domain master = no local master = no workgroup = DOCENTI server string = Stumbo hosts deny = ALL hosts allow = 192.168.23. 10.80.2.121 10.80.2.196 10.80.2.72 127.0.0.1 security = share [libri] guest ok = yes path = /media/matematica/libri read only = yes It works partially, in the sense that all is ok on eth1: I am part of the workgroup DOCENTI, the trusted pcs can access the shared dir, whereas all others can't (I would also like to be invisible to the others, but I don't think this is possible...) On the other hand, from the laptop side I can't see my desktop: what should I do in order to see the shared dir also from the laptop? Thanks a lot for your help Fabio -- cat smb.conf | egrep -v "^(#|;| *$)" [global] include = /etc/opt/xandros/xandrosncs/run/samba_wins workgroup = WORKGROUP server string = %h server (Asus Eee PC) dns proxy = no name resolve order = lmhosts host wins bcast log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d security = share encrypt passwords = true passdb backend = tdbsam ldap delete dn = yes obey pam restrictions = yes invalid users = root map to guest = Bad User passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* . client use spnego = no load printers = no printing = cups printcap name = cups socket options = TCP_NODELAY dos filetimes = yes display charset = UTF8 unix charset = UTF8 unix extensions = no --- the included file in smb.conf contains wins server = 192.167.219.2 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] How to map an AD group to an existing unix group/gid
I have a unix group that owns some files on a share, and I'd like to set up a group mapping so that an Active directory group (with an exising mapping in winbind from earlier use) gets access to these files via a mapping. I've been fooling around with net groupmap add, and haven't been able to get this set up. The group Domain Users has an existing mapping to gid 10004, which winbind allocated at some point in the past I have a group testgroup, with gid=134 I've tried the following: net groupmap add sid=S-...-513 unixgroup=testgroup ntgroup="DOMAIN+Domain Users" which gives the following for a net groupmap list: DOMAIN+Domain Users (S-...-513) -> testgroup and net groupmap add sid=S-...-513 unixgroup=134 which gives this when I do a net groupmap list: 134 (S-...-513) -> DOMAIN+domain users For both of these, when I view the properties of a file owned by testgroup, the group owner shows up as Domain Users, with both read and write permissions. For both of these, wbinfo shows the following: wbinfo --group-info="DOMAIN+domain users" DOMAIN+domain users:x:134 So far, so good, right? However, for both of these, when I try to access a file owned by testgroup, I'm denied access. If I create a file in a directory when logged in as a domain user, it gets created with gid 10004, that's fine. nscd is disabled, nsswitch.conf contains group: files winbind, OS is Solaris 10 update 4, samba is 3.0.25a, as shipped with S10u4. Any ideas on this? Thanks, ~Eric -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba auth against imap?
I had a VP in our company ask today if it was possible to use the same id's and passwords as our mail server. Now if it was LDA based, no problem. But I was just curious if there was some sort of authentication method to authenticate samba shares against an IMAP server? I have seen a few other pieces of software use imap authentication. I have security concerns over this method, but just wanted to see if it was even possible. I have been google searching, but no real answers yet. Thanks in advance,. dnk -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.30 and 3.2.0rc2 packages for all (SUSE) Linux products
RPM package installation sources of Samba 3.0.30 (STABLE) for SUSE Linux projects are available at ftp.suse.com/pub/projects/samba/STABLE/ At ftp.suse.com/pub/projects/samba/TESTING/ you find the same for the upcoming 3.2.0 release. This is currently a release candidate (rc) 2 and is not intended for production environments. Supported SUSE Linux based products are at the moment SUSE Linux 10.1, 10.2, 10.3, 11.0, SLES 9, SUSE Linux Enterprise (SLE) Desktop and Server 10, and factory (i.e. the currently developed product). For some architectures - like ia64, ppc, s390(x) - you find a limited releases subset. The same STABLE and TESTING package installation sources are also available at http://download.Samba.org/samba/ftp/Binary_Packages/SuSE/ Please use a mirror close to your site. A list of Samba.org mirrors is available at http://Samba.org/ There choose a mirror at the right top of the page. There are also a bunch of SUSE mirrors. A list of mirror sites is available at http://en.opensuse.org/Mirrors_Released_Version To support easier collaboration Samba packages are also provided by the openSUSE Build Service (OBS). Cf. http://en.opensuse.org/Build_Service/ and http://download.opensuse.org/repositories/network:/samba:/STABLE/ or http://download.opensuse.org/repositories/network:/samba:/TESTING/ The OBS supports an easy approach to create binary packages for CentOS, Fedora, Mandriva, RedHat Enterprise (RHEL), SUSE Linux Enterprise (SLE), and openSUSE. Access is possible by https://build.openSUSE.org/ or a subversion like sommand line tool named OpenSUSE build service command-line (osc). Bindings to perl are available too. See http://en.opensuse.org/Build_Service/CLI If you encounter any problem with these packages please don't blame the Samba Team. Instead file a bug to https://bugzilla.Samba.org/, pick product Samba 3.x, then select 'component' Packaging and set 'assign to' to samba-maintainers at suse dot de. Or use http://bugzilla.Novell.com/ with the same assignee instead. For general information about Samba as part of SUSE Linux based products see http://en.openSUSE.org/Samba For reporting bugs and how to collect advanced debugging information see http://en.openSUSE.org/Bugs/Samba Our customers, our products, our responsibility. Have a lot of fun... Lars - for the Novell Samba Team -- Lars Müller [ˈlaː(r)z ˈmʏlɐ] Samba Team SUSE Linux, Maxfeldstraße 5, 90409 Nürnberg, Germany pgp7eMBKYrLiD.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Multiple Samba Instances: Is it possible to share *.tdb files?
Hi again, in the official Howto Collection at § "Binary Format" is mentioned that many different samba processes read and write on the same *.tdb files at the same time: http://de5.samba.org/samba/docs/man/Samba-HOWTO-Collection/CUPS-printing.html#id424705 So if there are different instances of samba on one machine, do they really need *.tdb files on their own? Or can they share one common set of files? Regards Christian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Inherited ACLs can not be removed
Hi, I have more information about the problem: a) It does not have to do anything with inheritance b) adding ACLs works c) removing ACLs does not work (with a 'real' Windows client) I did the following test: - access rights: drwxrws--- 2 crunchy Share Admins 1024 2008-05-23 21:45 /shares/finanzen/ - add r-x rights for Domain Users with a Windows XP Client (logged in as crunchy) -> works - remove access rights for Domain Users -> does not work I repeated the test with smbcacls: - smbcacls -U crunchy -a ACL:Domain\ Users:ALLOWED/2/READ //qamaster/finanzen / - smbcacls -U crunchy //qamaster/finanzen / Password: REVISION:1 OWNER:UNIVENTION+crunchy GROUP:UNIVENTION+Share Admins ACL:UNIVENTION+crunchy:ALLOWED/0/FULL ACL:UNIVENTION+Domain Users:ALLOWED/0/READ ACL:UNIVENTION+Share Admins:ALLOWED/0/FULL ACL:+Everyone:ALLOWED/0/FULL - smbcacls -U crunchy -D ACL:Domain\ Users:ALLOWED/0/READ //qamaster/finanzen / Password: - smbcacls -U crunchy //qamaster/finanzen / Password: REVISION:1 OWNER:UNIVENTION+crunchy GROUP:UNIVENTION+Share Admins ACL:UNIVENTION+crunchy:ALLOWED/0/FULL ACL:UNIVENTION+Share Admins:ALLOWED/0/FULL ACL:+Everyone:ALLOWED/0/FULL With smbcacls it works, but not with the Windows XP Client. BTW I'm using samba version 3.0.26a any idea? regards Andreas -- Andreas Büsching <[EMAIL PROTECTED]> fon: +49 421 22 232- 0 EntwicklungLinux for Your Business Univention GmbHhttp://www.univention.de/ fax: +49 421 22 232-99 signature.asc Description: This is a digitally signed message part. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] HomeDir with machinenname
Hello. I have a Folder /shares/Public/ which is shared. The Account "general" should have a separate HomeDir below /shares/Public/general depending on the machine name. So I set the attribute homeDirectory in LDAP to /shares/Public/general/%m (i also tried %M). But when I log on at PC01, the HomeDir is not mounted, because %m/%M was not resolved to the machinename: > /shares/Public/general/10.1.0.17' does not exist or permission denied when > connecting to [general] Error was No such file or directory I use %m for the logfile name too, where it is mapped to the machine name (not the IP). Any idea what could went wrong and how else I can get the needed setup? Currently we use 3.0.22 and can't upgrade because of different problems with trusted domains in our setup. Regards Marc Muehlfeld -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
