Re: [Samba] need good tdbsam reference
John H Terpstra - Samba Team wrote: MargoAndTodd wrote: Hi All, Can someone point me to a good reference on how to configure "tdbsam" ? Many thanks, -T In your smb.conf [global] passdb backend = tdbsam Done! It's in my example in Chapter 3 of Samba3-ByExample. The default is: passdb backend = smbpasswd So how do you find the default settings? a) smb.conf has jsut the following: [global] comment = Something b) Execute: testparm -sv | less _OR_ Check the man page for smb.conf: man smb.conf Then type: "/passdb backend" I keep feeling like I am missing something. Like 1) how do I populate passdb.tdb with my old smbpasswd and 2) where is passdb.tdb located, so I can back it up? Many thanks, -T -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] need good tdbsam reference
MargoAndTodd wrote: 1) how do I populate passdb.tdb with my old smbpasswd and 2) where is passdb.tdb located, so I can back it up? To answer question #2: /etc/samba/passdb.tdb And it is full of "B"'s. See no sign of a user name. It appeared after I had my first successful user log in as a domain member (the user did not exist on the Virtual XP machine). Still do not know how to populate the darned thing (question 1)! -T -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] need good tdbsam reference
MargoAndTodd wrote: I keep feeling like I am missing something. Like This too: I think I failed to set up the database that winbindd and wins wants to read. /var/log/messages: Mar 27 22:12:03 rn1 winbindd[6580]: [2009/03/27 22:12:03, 0] nsswitch/idmap.c:idmap_alloc_init(820) Mar 27 22:12:03 rn1 winbindd[6580]: ERROR: Initialization failed for alloc backend, deferred! and Mar 27 22:12:03 rn1 nss_wins[6589]: [2009/03/27 22:12:03, 0] auth/auth_util.c:create_builtin_administrators(792) Mar 27 22:12:03 rn1 nss_wins[6589]: create_builtin_administrators: Failed to create Administrators -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] need good tdbsam reference
MargoAndTodd wrote: I keep feeling like I am missing something. Like This too: I think I failed to set up the database that winbindd and wins wants to read. /var/log/messages: Mar 27 22:12:03 rn1 winbindd[6580]: [2009/03/27 22:12:03, 0] nsswitch/idmap.c:idmap_alloc_init(820) Mar 27 22:12:03 rn1 winbindd[6580]: ERROR: Initialization failed for alloc backend, deferred! and Mar 27 22:12:03 rn1 nss_wins[6589]: [2009/03/27 22:12:03, 0] auth/auth_util.c:create_builtin_administrators(792) Mar 27 22:12:03 rn1 nss_wins[6589]: create_builtin_administrators: Failed to create Administrators -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] need good tdbsam reference
John H Terpstra - Samba Team wrote: MargoAndTodd wrote: Hi All, Can someone point me to a good reference on how to configure "tdbsam" ? Many thanks, -T In your smb.conf [global] passdb backend = tdbsam Done! It's in my example in Chapter 3 of Samba3-ByExample. The default is: passdb backend = smbpasswd So how do you find the default settings? a) smb.conf has jsut the following: [global] comment = Something b) Execute: testparm -sv | less _OR_ Check the man page for smb.conf: man smb.conf Then type: "/passdb backend" I keep feeling like I am missing something. Like 1) how do I populate passdb.tdb with my old smbpasswd and 2) where is passdb.tdb located, so I can back it up? Many thanks, -T -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] What are these failed to create errors?
Hi All, What does these error message mean: Mar 27 22:38:44 rn1 nss_wins[7195]: create_builtin_administrators: Failed to create Administrators Mar 27 22:38:44 rn1 nss_wins[7195]: create_builtin_users: Failed to create Users Many thanks, -T -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Understanding ldap auth credentials
> out fine - just change your passwords via Samba or use the standard > change-password extended operation [LDAP] with the smbk5 module and they > will all be updated simultaneously. Could you elaborate on the smbk5 module and how it relates to ldappasswd? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] need good tdbsam reference
Hi All, Can someone point me to a good reference on how to configure "tdbsam" ? Many thanks, -T -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Automatic & Permanent Disconnect of WinXP Clients
Adam Tauno Williams wrote: >> I'd like to enable my Samba server, either by the correct choice of standard >> configuration > parameters or by custom script, to permanently log off and disconnect WinXP > clients that have > been "inactive" for a specified period of time. >> >From my travels around the Web, I've seen this basic question asked by >> >others, but no > solutions have materialized. > > This is a domain policy issue and has nothing to do (specifically) with > Samba. Configure your ntconfig.pol file appropriately via POLEDIT. > >> The "deadtime" and "keepalive" parameters seem intended to enhance Samba > server performance, not permanently log off users. > > Correct. Disconnect != Logoff. One of the problems in dealing with forced disconnection of idle clients is that often the client has actually dropped the connection without telling the server. As Adam has said, this is a client behavioral problem, and not something the server can do much about. Adam's suggestion is one answer. The other way is to create a default network user profile that already has auto-disconnection policies set. Both of these are outside of the scope of samba-specific issues. Suggest you refer to the Microsoft Knowledge Base for Windows NT4 for information regarding profiles and profile policies. Cheers, John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Automatic & Permanent Disconnect of WinXP Clients
>I'd like to enable my Samba server, either by the correct choice of standard >configuration parameters or by custom script, to permanently log off and disconnect WinXP clients that have been "inactive" for a specified period of time. >>From my travels around the Web, I've seen this basic question asked by >>others, but no solutions have materialized. This is a domain policy issue and has nothing to do (specifically) with Samba. Configure your ntconfig.pol file appropriately via POLEDIT. >The "deadtime" and "keepalive" parameters seem intended to enhance Samba server performance, not permanently log off users. Correct. Disconnect != Logoff. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] PDC / BDC in a Samba Domain Controller.
>> but to have there shares accesseable you should hve the same shares >> on PDC and BDC. Write a script when you log on or off to rsync the files of >> the users. How do you reliably capture logoff events? >I thought slurpd was deprecated years ago when openldap-2.3 came out. It is (was). Current setups use syncrepl, and recent versions support multimaster and mirror-mode. >http://www.openldap.org/doc/admin24/replication.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Automatic & Permanent Disconnect of WinXP Clients
Hello, I'd like to enable my Samba server, either by the correct choice of standard configuration parameters or by custom script, to permanently log off and disconnect WinXP clients that have been "inactive" for a specified period of time. >From my travels around the Web, I've seen this basic question asked by others, >but no solutions have materialized. The "deadtime" and "keepalive" parameters seem intended to enhance Samba server performance, not permanently log off users. The "auto-reconnect" capabilities of WinXP clients, among other factors, also appear to contribute to keeping Samba connections open. Anyone know of a sure-fire solution? Thanks. Jon -- == Jon Ruth, Ph.D. Manager, FlexMatters Accelerator LCI, Kent State University 1425 University Esplanade P.O. Box 5190 Kent, OH 44242-0001 U.S.A. == -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re: open_directory: unable to create *. Error was NT_STATUS_OBJECT_NAME_COLLISION
*bump* Nobody has any ideas? On Tue, Jan 20, 2009 at 4:49 PM, fbc wrote: > I'm terribly sorry I forgot to mention the most vital stuff, I'm on the > latest rpm build (for FC8): > Fedora 8: kernel 2.6.23.1-42.fc8 > samba-swat-3.0.33-0.fc8 > samba-client-3.0.33-0.fc8 > samba-common-3.0.33-0.fc8 > samba-3.0.33-0.fc8 > > > On Tue, Jan 20, 2009 at 3:44 PM, fbc wrote: > >> Hi, I'm having problems moving/renaming files as a member of. I tried to >> move "test.txt" from "\\files\public\" to "\\files\public\OfficeWork". >> Here's the error I get in windows: >> *Cannot move test: access is denied. >> Make sure the disk is not full or write-protected and that the file is not >> currently in use.* >> Here's the error log: >> *[2009/01/20 15:10:34, 2] smbd/open.c:open_directory(2092) >> open_directory: unable to create OfficeWork. Error was >> NT_STATUS_OBJECT_NAME_COLLISION* >> >> List of permissions in my \\files\public\ directory (ls -al): >> drwxrwx--- 9 officeuser1 local_office 4096 2009-01-20 15:14 >> OfficeWork >> -rwxrwx--- 1 officeuser1 local_office0 2009-01-20 15:28 >> test.txt >> >> The relavent part of my smb.conf: >> *[global] >> workgroup = OFFICE >> netbios aliases = FILES >> server string = Samba Server v%v >> security = DOMAIN >> passdb backend = tdbsam >> passwd program = /usr/bin/passwd %u >> passwd chat = *Enter\snew\sUNIX\spassword:* %n\n >> *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* . >> passwd chat debug = Yes >> username map = /etc/samba/smbusers >> unix password sync = Yes >> log level = 2 >> syslog = 0 >> log file = /var/log/samba/log.%m >> max log size = 50 >> printcap name = CUPS >> add user script = /usr/sbin/useradd -m '%u' -g users -G users >> delete user script = /usr/sbin/userdel -r %u >> add group script = /usr/sbin/groupadd %g >> delete group script = /usr/sbin/groupdel %g >> add user to group script = /usr/sbin/usernod -G %g %u >> add machine script = /usr/sbin/useradd -s /bin/false/ -d >> /var/lib/nobody %u >> logon script = %U.bat >> logon path = \\%L\profiles\%U\%a >> logon drive = H: >> domain logons = Yes >> os level = 255 >> preferred master = Yes >> domain master = Yes >> wins support = Yes >> ldap ssl = no >> idmap uid = 15000-2 >> idmap gid = 15000-2 >> template shell = /bin/bash >> profile acls = Yes >> cups options = raw >> socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 >> SO_RCVBUF=8192 >> time server = yes >> hide dot files = yes >> invalid users = bin deamon sys man postfix mail ftp >> admin users = george.alexander >> smb ports = 445 >> vfs object = audit >> domain admin group = @smbadmin >> domain admin users = root >> >> [public] >> comment = files >> path = /home/samba/envision_files >> valid users = @local_office >> write list = @local_office >> writable = Yes >> create mask = 0770 >> directory mask = 0770 >> public = No* >> >> Here's the user's line in /etc/passwd: >> *officeuser1:x:503:502::/home/officeuser1:/bin/bash* >> >> Here's the local_office group's line from /etc/group: >> *local_office:x:502:* >> >> I've also tried specifying the comma separated usernames after "502:", >> with no better results. >> >> Both files are 770, owned by my group (local_office), and my group is in >> the "write list" for the share, so what the heck is going on? >> I've also tried increasing the log level, but that seems to give me even >> fewer details about what's going on. >> Anybody have any ideas? Where should I start!? Thanks! >> -guth >> > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba/LDAP Backend: Error NT_STATUS_CONNECTION_REFUSED
the answers follow the questions below: did you run testparm -s and look for errors in smb.conf? --- Yes, I ran this a 1000 times. The answer: run it 1,001 times- There was a problem with wins wins support = yes wins server = 10.0.0.14 I kept wins server as that was in a sample at samba.org: http://wiki.samba.org/index.php/1.0._Configuring_Samba#1.1._smb.conf_PDC testparm -s now executes without error. Loaded services file OK. Server role: ROLE_DOMAIN_PDC === you don't need these two lines in smb.conf anymore: passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* . since you are using ldap and have ldap passwd sync = yes --- This I found in the walk-through for combining samba/zimbra. I'm a bit novice so I ran with it: http://wiki.zimbra.com/index.php?title=UNIX_and_Windows_Accounts_in_Zimbra_LDAP_and_Zimbra_Admin_UI#Configuring_Samba I'll try to create a few new users without these lines. === also, your ldap admin dn is wrong. what is it in your slapd.conf file? it should be something like ldap admin dn = cn=Manager,dc=zmail,dc=ptest,dc=us --- Actually this is correct for the zimbra implementation of openldap. I don't agree with getting so far away from a 'normal' OpenLDAP config but they must have run into a snag along the way that necessitated this change. === did you do smbpasswd -w --- Yes. It worked as expected. === The error still persists. # service smb status smbd dead but pid file exists nmbd (pid 31030) is running... It only stays on for a few minutes after you start it, then dies. There is nothing dropped in any log. This makes me think that whatever it is - is fatal; for the life of me I can't imagine what would cause that. T --- awill...@mdah.state.ms.us wrote: From: Adam Williams To: todd_...@ssiresults.com CC: samba@lists.samba.org Subject: Re: [Samba] Samba/LDAP Backend: Error NT_STATUS_CONNECTION_REFUSED Date: Fri, 27 Mar 2009 08:43:24 -0500 did you run testparm -s and look for errors in smb.conf? you don't need these two lines in smb.conf anymore: passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* . since you are using ldap and have ldap passwd sync = yes also, your ldap admin dn is wrong. what is it in your slapd.conf file? it should be something like ldap admin dn = cn=Manager,dc=zmail,dc=ptest,dc=us did you do smbpasswd -w Todd E Thomas wrote: > When I run this command I am not prompted for a password, I just get the > below error. > > # smbclient -U root //zmail/homes > Error connecting to 10.0.0.14 (Connection refused) > Connection to zmail failed (Error NT_STATUS_CONNECTION_REFUSED) > --- > Now for the back story: > CentOS v5.2 with Samba v3.0.28-1.el5_2.1 and Zimbra 5.0.11_GA on x86_64 > hardware. > > I'm attempting to connect samba (PDC) with zimbra's included openldap. > everything appeared to work correctly on an individual basis (samba, zimbra, > openldap) and openldap appears to be working correctly via ldapsearch. > > Once I ran authconfig things went a little crazy for samba. I think it's not > able to communicate with ldap and I'm not sure what tools and methods there > are for a procedural verification of their intercommunication. > > Is there such a resource? > > As a result, there are a few errors. The one above and one other; smbd keeps > dying on me. As I am a novice I'm not sure if these things are related or > not. The conf is below. > > # service smb status > smbd dead but pid file exists > nmbd (pid 9072) is running... > > > Thanks in advance, > > Todd E Thomas > === > The host is zmail = 10.0.0.14 > --- > [global] > netbios name = zmail > workgroup = OFFICE > security = user > server string = Palladium %v > wins support = yes > dns proxy = no > name resolve order = wins hosts lmhosts bcast > wins server = 10.0.0.14 > log file = /var/log/samba/log.%m > log level = 6 > max log size = 1000 > syslog only = no > syslog = 0 > panic action = /usr/share/samba/panic-action %d > enable privileges = yes > encrypt passwords = yes > ## Use ldap for auth > ldap passwd sync = yes > passdb backend = ldapsam:ldaps://zmail.ptest.us/ > # ldap port = 636 > ldap admin dn = "cn=config" > ldap suffix = dc=ptest,dc=us > ldap group suffix = ou=groups > ldap user suffix = ou=people > ldap machine suffix = ou=machines > obey pam restrictions = no > passwd program = /usr/bin/passwd %u > passwd chat = *Enter\snew\sUNIX\spassword:* %n\n > *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* . > domain master = yes > domain logons = yes > os level = 33 > preferred master = yes > local master = yes > logon path = \\zmail.ptest.us\%U\profile > logon home = \\zmail.ptest.us\%U > add user script = /usr/sbin/adduser --quiet --disabled-password --geco
Fwd: [Samba] PDC / BDC in a Samba Domain Controller.
-- Forwarded message -- Sorry John. I made a mistake. I am not using rsync. I am using syncrepl. It works very well in multimaster mode. Do you know if is possible that the BDC can write in the LDAP data base? Juan Pablo Michelino -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Unable to add machine accounts
I have the exact same problem as this guy: http://lists.samba.org/archive/samba/2006-September/125699.html He describes it much better and in much more detail than I could, so I'll let him speak for me. Unfortunately, I don't have the same solution. nss_ldap is configured properly, and things like 'getent passwd' and 'id machine-acct$' show the machine accounts as expected: % getent passwd | grep stpierre stpierre:x:2273:4000:Christopher St Pierre:/home/faculty/stpierre:/bin/zsh stpierre-pc$:*:1944:1000:Computer:/dev/null:/bin/false % id stpierre-pc$ uid=1944(stpierre-pc$) gid=1000 groups=1000 Unfortunately, "fix nss_ldap" is about the only suggestion I could find on this problem on Google. Any other suggestions? Thanks! I'm running samba 3.0.33 on RHEL 5. /etc/ldap.conf (nss_ldap.conf on other distros): uri ldap://ldap.nebrwesleyan.edu base o=NebrWesleyan.edu,o=isp timelimit 30 bind_timelimit 30 bind_policy soft nss_initgroups_ignoreusers root,ldap ssl start_tls tls_checkpeer no The [global] section of smb.conf: [global] server string = Huxley workgroup = NWU_HUXLEY netbios name = Huxley log level = 1 log file = /var/log/samba/%U.%m.log max log size = 102400 add machine script = /usr/sbin/smbldap-useradd -t 10 -w '%m' bind interfaces only = true interfaces = 10.1.1.44 logon path = logon home = logon drive = socket options = TCP_NODELAY SO_RCVBUF=65536 SO_SNDBUF=65536 SO_KEEPALIVE max smbd processes = 0 encrypt passwords = yes domain logons = yes domain master = yes local master = yes preferred master = yes security = user os level = 33 wins server = 10.9.1.12 admin users = +ntadmin passdb backend = ldapsam:ldap://ldap.nebrwesleyan.edu ldap suffix = o=nebrwesleyan.edu,o=isp ldap machine suffix = ou=People ldap user suffix = ou=People ldap group suffix = ou=Groups ldap admin dn = cn=directory manager ldap ssl = off idmap uid = 1-2 idmap gid = 1-2 blocking locks = no unix extensions = no include = /etc/samba/%U.inc Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
RE: [Samba] failed to join domain error
> > >> -Original Message- >> From: >> samba-bounces+james_zuelow=ci.juneau.ak...@lists.samba.org >> [mailto:samba-bounces+james_zuelow=ci.juneau.ak...@lists.samba >> .org] On Behalf Of Benedict simon >> Sent: Friday, 27 March, 2009 05:06 >> To: samba@lists.samba.org >> Subject: [Samba] failed to join domain error >> >> Dear All, >> >> I have succesfully managed to have my kerberos configured n working >> without error when i say >> >> kinit Administrator >> and after entering password i get the # prompt >> so its works fine >> > >> >> now i configured /etc/samba/smb.conf but when i try to join >> my Win2003 ADS >> domain server >> >> net ads join -U Administrator >> Administrator's password: >> [2009/03/26 21:58:05, 0] utils/net_ads.c:ads_startup_int(286) >> ads_connect: No logon servers >> Failed to join domain: No logon servers >> > >> >> thnks and Regards >> >> Simon >> >> >> -- >> Network ADMIN >> - >> KUWAIT MUNICIPALITY: > > I just had a host do this recently, using Samba 3.2.5-4 Debian. DNS was > working fine, kerberos was working fine, but for some reason net ads > join didn't want to work. > > I resolved it by putting an entry for a domain controller into > /etc/hosts. > > After that net ads join worked fine. > > James ZuelowCBJ MIS (907)586-0236 > Network Specialist...Registered Linux User No. 186591 > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > Thanks and really apprecite your quick reply by the way i do have a entry in my hosts file 172.16.2.227BALADIA.LOCAL also the realm was different from my krb5.conf file i think since i was jus tryin options so now the realm i have corrected and my realm in smb.conf n krb5.conf is the same also when i run net ads info it gives me -- Failed to get server's current time! LDAP server: 172.16.2.227 LDAP server name: kmun.baladia.local Realm: BALADIA.LOCAL Bind Path: dc=BALADIA,dc=LOCAL LDAP port: 389 Server time: Thu, 01 Jan 1970 03:00:00 AST KDC server: 172.16.2.227 Server time offset: 0 again i mention my AD win2003 server domain is BALADIA.LOCAL computer name is kmun ip ===> 172.16.2.227 apprecite if you could help me with somne suggestions thanks once again regards simon -- Network ADMIN - KUWAIT MUNICIPALITY: -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
RE: [Samba] failed to join domain error
> -Original Message- > From: > samba-bounces+james_zuelow=ci.juneau.ak...@lists.samba.org > [mailto:samba-bounces+james_zuelow=ci.juneau.ak...@lists.samba > .org] On Behalf Of Benedict simon > Sent: Friday, 27 March, 2009 05:06 > To: samba@lists.samba.org > Subject: [Samba] failed to join domain error > > Dear All, > > I have succesfully managed to have my kerberos configured n working > without error when i say > > kinit Administrator > and after entering password i get the # prompt > so its works fine > > > now i configured /etc/samba/smb.conf but when i try to join > my Win2003 ADS > domain server > > net ads join -U Administrator > Administrator's password: > [2009/03/26 21:58:05, 0] utils/net_ads.c:ads_startup_int(286) > ads_connect: No logon servers > Failed to join domain: No logon servers > > > thnks and Regards > > Simon > > > -- > Network ADMIN > - > KUWAIT MUNICIPALITY: I just had a host do this recently, using Samba 3.2.5-4 Debian. DNS was working fine, kerberos was working fine, but for some reason net ads join didn't want to work. I resolved it by putting an entry for a domain controller into /etc/hosts. After that net ads join worked fine. James ZuelowCBJ MIS (907)586-0236 Network Specialist...Registered Linux User No. 186591 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Multiple daemon log files.
On Fri, Mar 27, 2009 at 03:32:18PM +, G.W. Haywood wrote: > > The testparm utility reports no errors in smb.conf. I have the line > > log file = /var/log/samba/log.%m > > in smb.conf which I took to mean logs for machines will be written in > the /var/log/samba directory, but not logs for the daemons. To put my > mind at rest, should I also expect the daemon logs (or parts of them??) > to be written there too, or is this a bug, or might this be a symptom > of my ill-advised tinkering? Ill advised thinking :-). All logs will we written in that directory. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Error loading module '/usr/lib/samba/pdb/tbdsam.so'
On Fri, Mar 27, 2009 at 10:44:29AM -0500, Bob Wooden wrote: > When I attempt "pdbedit -i smbpasswd -e tbdsam" I get the following > result: "No builtin backend found, trying to load pluginError > loading module '/usr/lib/samba/pdb/tbdsam.so': > /usr/lib/samba/pdb/tbdsam.so: cannot open shared object file: No such > file or directory No builtin nor plugin backend for tdbsam found > Unable to initialize tbdsam." You're certain you don't mean "tdbsam" instead of "tbdsam" (note the swap of "db" vs "bd")? Volker pgpn5RBg01e4G.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Error loading module '/usr/lib/samba/pdb/tbdsam.so'
Brief history, originally setup as Ubuntu 7.10. Upgraded to 8.04.1LTS, Samba 3.0.28 and has latest updates installed as of this morning. Currently Samba is configured to use smbpasswd for passdb backend. As tdbsam has become the peferred backend, would like to migrate to tdbsam. When I attempt "pdbedit -i smbpasswd -e tbdsam" I get the following result: "No builtin backend found, trying to load pluginError loading module '/usr/lib/samba/pdb/tbdsam.so': /usr/lib/samba/pdb/tbdsam.so: cannot open shared object file: No such file or directory No builtin nor plugin backend for tdbsam found Unable to initialize tbdsam." The directory /usr/lib/samba contains only vfs directory. So, indeed there is nothing to open there. I tried to "locate" tdbsam.so but Ubuntu returns no location, so I do not believe it appears to be loaded. How do I fix this issue so I can migrate? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Multiple daemon log files.
Hi there, Been around Linux a while, new to Samba, know nothing about Windows. Installed Samba on vanilla Debian Lenny, the package manager gave me Samba 3.2.5, and it didn't work. Searching revealed that there are problems with that release so I tried a source install. Never did like Debian-out-of-date-and-patched-to-hell stuff anyway. The source install default locations are everywhere different from Debian, and I think that the two installations may have interfered with each other. I've used the package manager to remove the Debian-supplied version, but I don't know if that's been entirely successful. Following the docs to test the installation (which still doesn't work but I'm not going to worry you with that for the moment, it's why I'm trawling the logs:) I find that when I start Samba, TWO log files are created for smbd and winbindd, one each in /usr/local/samba/var and in /var/log/samba. The pairs of files contain different information. For example one will contain the announcement of the daemon starting, then apparently the logging switches to the other file e.g.: /usr/local/samba/var/log.smbd -- [2009/03/27 15:06:32, 0] smbd/server.c:main(1256) smbd version 3.3.2 started. Copyright Andrew Tridgell and the Samba Team 1992-2009 [2009/03/27 15:06:32, 2] lib/tallocmsg.c:register_msg_pool_usage(106) Registered MSG_REQ_POOL_USAGE [2009/03/27 15:06:32, 2] lib/dmallocmsg.c:register_dmalloc_msgs(77) Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED -- /var/log/log.smbd -- [2009/03/27 15:06:32, 2] param/loadparm.c:do_section(7474) Processing section "[REB]" [2009/03/27 15:06:32, 2] param/loadparm.c:do_section(7474) Processing section "[Design]" [2009/03/27 15:06:32, 2] param/loadparm.c:do_section(7474) Processing section "[Archive]" [2009/03/27 15:06:32, 2] param/loadparm.c:do_section(7474) Processing section "[homes]" [2009/03/27 15:06:32, 2] param/loadparm.c:do_section(7474) Processing section "[printers]" [2009/03/27 15:06:32, 2] param/loadparm.c:do_section(7474) Processing section "[print$]" [2009/03/27 15:06:32, 2] lib/interface.c:add_interface(340) added interface eth0 ip=fe80::20c:6eff:fe2d:b1c6%eth0 bcast=fe80:::::%eth0 netmask=::::: [2009/03/27 15:06:32, 2] lib/interface.c:add_interface(340) added interface eth0 ip=192.168.0.250 bcast=192.168.0.255 netmask=255.255.255.0 [2009/03/27 15:06:32, 2] lib/interface.c:add_interface(340) added interface lo ip=::1 bcast=::1 netmask=::::::: [2009/03/27 15:06:32, 2] lib/interface.c:add_interface(340) added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0 [2009/03/27 15:06:32, 2] libsmb/namequery.c:name_query(778) Got a positive name query response from 192.168.0.10 ( 192.168.0.10 ) [2009/03/27 15:06:48, 2] smbd/server.c:open_sockets_smbd(593) waiting for a connection -- The testparm utility reports no errors in smb.conf. I have the line log file = /var/log/samba/log.%m in smb.conf which I took to mean logs for machines will be written in the /var/log/samba directory, but not logs for the daemons. To put my mind at rest, should I also expect the daemon logs (or parts of them??) to be written there too, or is this a bug, or might this be a symptom of my ill-advised tinkering? -- 73, Ged. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] PDC / BDC in a Samba Domain Controller.
> I am not using slurp. I am using rsync to syncronize all data base. > I need to know if the BDC can write his local LDAP data base. If it is OK, I > think that the domain go to work well, regardless if the conection betwen > PDC and BDC is broken or not. > Can your help me? > Tanks. > I would use syncrepl instead. With openldap 2.4 both ldap servers can be masters in multimaster mode. http://www.openldap.org/doc/admin24/replication.html John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] PDC / BDC in a Samba Domain Controller.
Thanks Daniel and John. I am not using slurp. I am using rsync to syncronize all data base. I need to know if the BDC can write his local LDAP data base. If it is OK, I think that the domain go to work well, regardless if the conection betwen PDC and BDC is broken or not. Can your help me? Tanks. Juan Pablo Michelino John Drescher escribió: On Fri, Mar 27, 2009 at 5:24 AM, Daniel Müller wrote: Your PDC and BDC must have the same SID, Your BDCs ldap database should be a copy of Your PDCs. Also the BDC should be a slave to the PDCs ldap. So every change in Your PDcs database should change on your BDC. This is quite simple with slurpd. If the PDC now stops the BDC will take over. The users are able to logg in, but to have there shares accesseable you should hve the same shares on PDC and BDC. Write a script when you log on or off to rsync the files of the users. I thought slurpd was deprecated years ago when openldap-2.3 came out. http://www.openldap.org/doc/admin24/replication.html John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba/LDAP Backend: Error NT_STATUS_CONNECTION_REFUSED
did you run testparm -s and look for errors in smb.conf? you don't need these two lines in smb.conf anymore: passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* . since you are using ldap and have ldap passwd sync = yes also, your ldap admin dn is wrong. what is it in your slapd.conf file? it should be something like ldap admin dn = cn=Manager,dc=zmail,dc=ptest,dc=us did you do smbpasswd -w Todd E Thomas wrote: When I run this command I am not prompted for a password, I just get the below error. # smbclient -U root //zmail/homes Error connecting to 10.0.0.14 (Connection refused) Connection to zmail failed (Error NT_STATUS_CONNECTION_REFUSED) --- Now for the back story: CentOS v5.2 with Samba v3.0.28-1.el5_2.1 and Zimbra 5.0.11_GA on x86_64 hardware. I'm attempting to connect samba (PDC) with zimbra's included openldap. everything appeared to work correctly on an individual basis (samba, zimbra, openldap) and openldap appears to be working correctly via ldapsearch. Once I ran authconfig things went a little crazy for samba. I think it's not able to communicate with ldap and I'm not sure what tools and methods there are for a procedural verification of their intercommunication. Is there such a resource? As a result, there are a few errors. The one above and one other; smbd keeps dying on me. As I am a novice I'm not sure if these things are related or not. The conf is below. # service smb status smbd dead but pid file exists nmbd (pid 9072) is running... Thanks in advance, Todd E Thomas === The host is zmail = 10.0.0.14 --- [global] netbios name = zmail workgroup = OFFICE security = user server string = Palladium %v wins support = yes dns proxy = no name resolve order = wins hosts lmhosts bcast wins server = 10.0.0.14 log file = /var/log/samba/log.%m log level = 6 max log size = 1000 syslog only = no syslog = 0 panic action = /usr/share/samba/panic-action %d enable privileges = yes encrypt passwords = yes ## Use ldap for auth ldap passwd sync = yes passdb backend = ldapsam:ldaps://zmail.ptest.us/ # ldap port = 636 ldap admin dn = "cn=config" ldap suffix = dc=ptest,dc=us ldap group suffix = ou=groups ldap user suffix = ou=people ldap machine suffix = ou=machines obey pam restrictions = no passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* . domain master = yes domain logons = yes os level = 33 preferred master = yes local master = yes logon path = \\zmail.ptest.us\%U\profile logon home = \\zmail.ptest.us\%U add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u add machine script = /usr/sbin/adduser --shell /bin/false --disabled-password --quiet --gecos "machine account" --force-badname %u socket options = TCP_NODELAY [homes] comment = Home Directories browseable = yes read only = No valid users = %S [netlogon] comment = Network Logon Service path = /export/netlogon read only = yes write list = +ntadmin locking = no === -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] failed to join domain error
Dear All,
I have succesfully managed to have my kerberos configured n working
without error when i say
kinit Administrator
and after entering password i get the # prompt
so its works fine
my krb5.conf
--
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = BALADIA.LOCAL
dns_lookup_kdc = false
dns_lookup_realm = false
[realms]
BALADIA.LOCAL = {
default_domain = baladia.local
kdc = xx.xx.xx.xx:88
admin_server = xx.xx.xx.xx:749
kdc = KMUN
}
[domain_realm]
baladia.local = BALADIA.LOCAL
klist shows
icket cache: FILE:/tmp/krb5cc_0
Default principal: administra...@baladia.local
Valid starting ExpiresService principal
03/26/09 11:33:04 03/26/09 21:33:18 krbtgt/baladia.lo...@baladia.local
renew until 03/27/09 11:33:04
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
now i configured /etc/samba/smb.conf but when i try to join my Win2003 ADS
domain server
net ads join -U Administrator
Administrator's password:
[2009/03/26 21:58:05, 0] utils/net_ads.c:ads_startup_int(286)
ads_connect: No logon servers
Failed to join domain: No logon servers
after googling and tryin various options in /etc/samba/smb.conf file here
is the latest smb.conf file
-
[global]
#--authconfig--start-line--
# Generated by authconfig on 2009/03/26 12:50:28
# DO NOT EDIT THIS SECTION (delimited by --start-line--/--end-line--)
# Any modification may be deleted or altered by authconfig in future
workgroup = BALADIA.LOCAL
; password server = kmun.baladia.local
password server = 172.16.2.227
realm = KMUN.BALADIA.LOCAL
security = ads
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
winbind separator = +
template shell = /bin/bash
winbind use default domain = true
winbind offline logon = false
encrypt passwords = yes
log level = 3
#--authconfig--end-line--
encrypt passwords = yes
dns proxy = no
server string = Samba Server Version %v
os level = 20
client use spnego = no
server signing = auto
--
where i could be goin wrong
i would be thankful and really apprecite your advice for any setting in my
smb.conf file
Is there anything else to check.
really once again apprecite your help and advice
when i run testparam it gives no errors
output of testparm is
--
[r...@testproxy ~]# testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[printers]"
Loaded services file OK.
'winbind separator = +' might cause problems with group membership.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions
[global]
workgroup = BALADIA.LOCAL
realm = KMUN.BALADIA.LOCAL
server string = Samba Server Version %v
security = ADS
password server = 172.16.2.227
log level = 3
server signing = auto
client use spnego = No
preferred master = No
dns proxy = No
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/bash
winbind separator = +
winbind use default domain = Yes
[homes]
comment = Home Directories
read only = No
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
thnks and Regards
Simon
--
Network ADMIN
-
KUWAIT MUNICIPALITY:
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] PDC / BDC in a Samba Domain Controller.
On Fri, Mar 27, 2009 at 5:24 AM, Daniel Müller wrote: > Your PDC and BDC must have the same SID, > Your BDCs ldap database should be a copy of Your PDCs. Also the BDC should > be a slave to the PDCs ldap. So every change in Your > PDcs database should change on your BDC. This is quite simple with slurpd. > If the PDC now stops the BDC will take over. The users are able to logg in, > but to have there shares accesseable you should hve the same shares > on PDC and BDC. Write a script when you log on or off to rsync the files of > the users. > I thought slurpd was deprecated years ago when openldap-2.3 came out. http://www.openldap.org/doc/admin24/replication.html John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [Release Planning 3.3] Samba 3.3.3 planned for April 1
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hey folks, Samba 3.3.3 is planned for Wednesday, April 1. The Wiki [1] has been updated accordingly. [1] http://wiki.samba.org/index.php/Release_Planning_for_Samba_3.3 Cheers, Karolin - -- Samba http://www.samba.org SerNet http://www.sernet.de sambaXP http://www.sambaxp.org -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAknMvUcACgkQKGi9fisXk1FpiwCdG8a+mjGcspweBWpzJNPNUfIt K/QAniEqfzM3DZ3/1MgKTwi0ugig/1ZK =Nej+ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [Release Planning 3.2] Samba 3.2.9 planned for March 31
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hey folks, The next Samba 3.2 maintenance release (3.2.9) is planned for Tuesday, March 31. The Wiki [1] has been updated accordingly. [1] http://wiki.samba.org/index.php/Release_Planning_for_Samba_3.2 Cheers, Karolin - -- Samba http://www.samba.org SerNet http://www.sernet.de sambaXP http://www.sambaxp.org -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAknMvE8ACgkQKGi9fisXk1EW/QCfT40qZL6MvdxFC/VklQOYzw7n CS0Ani7jNnG3zj2BFQks9TWjTKL0s/Gt =sNXf -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
RE: [Samba] Upgrade to 3.3.2
Works like a charm, thanks. -Original Message- From: Volker Lendecke [mailto:volker.lende...@sernet.de] Sent: March 27, 2009 7:05 AM To: Dave Beach Cc: samba@lists.samba.org Subject: Re: [Samba] Upgrade to 3.3.2 On Fri, Mar 27, 2009 at 06:52:38AM -0400, Dave Beach wrote: > I'm upgrading from 3.0.25b to 3.3.2. The package configures and makes > with no errors, but on restarting smbd or nmbd I get an "error while > loading shared libraries: libtalloc.so.1: cannot open shared object > file: no such file or directory". > > Both libtalloc.so and libtalloc.so.1 are in /usr/local/samba/lib, and > appear to be the same files as in the 3.3.2 package. Samba appears to > properly install in /usr/local/samba. Please set the LD_LIBRARY_PATH variable so that it includes /usr/local/samba/lib. Depending on your platform, you might alternatively add /usr/local/samba/lib to /etc/ld.so.conf and re-run ldconfig. Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Upgrade to 3.3.2
On Fri, Mar 27, 2009 at 06:52:38AM -0400, Dave Beach wrote: > I'm upgrading from 3.0.25b to 3.3.2. The package configures and makes with > no errors, but on restarting smbd or nmbd I get an "error while loading > shared libraries: libtalloc.so.1: cannot open shared object file: no such > file or directory". > > Both libtalloc.so and libtalloc.so.1 are in /usr/local/samba/lib, and appear > to be the same files as in the 3.3.2 package. Samba appears to properly > install in /usr/local/samba. Please set the LD_LIBRARY_PATH variable so that it includes /usr/local/samba/lib. Depending on your platform, you might alternatively add /usr/local/samba/lib to /etc/ld.so.conf and re-run ldconfig. Volker pgpi9ncpvXwWk.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Upgrade to 3.3.2
Hello list! I'm upgrading from 3.0.25b to 3.3.2. The package configures and makes with no errors, but on restarting smbd or nmbd I get an "error while loading shared libraries: libtalloc.so.1: cannot open shared object file: no such file or directory". Both libtalloc.so and libtalloc.so.1 are in /usr/local/samba/lib, and appear to be the same files as in the 3.3.2 package. Samba appears to properly install in /usr/local/samba. Any help would be greatly appreciated. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] PDC / BDC in a Samba Domain Controller.
Your PDC and BDC must have the same SID, Your BDCs ldap database should be a copy of Your PDCs. Also the BDC should be a slave to the PDCs ldap. So every change in Your PDcs database should change on your BDC. This is quite simple with slurpd. If the PDC now stops the BDC will take over. The users are able to logg in, but to have there shares accesseable you should hve the same shares on PDC and BDC. Write a script when you log on or off to rsync the files of the users. Greetings Daniel On Thu, 26 Mar 2009 11:15:34 -0300, Juan Pablo Michelino wrote: > Hello > I makeing a Domain Controller with Samba (v3.0.33) and LDAP (v2.4). > I will install a PDC in the headquarter and a BDC in the subsidiary of > the company that I work. > The PDC and the BDC will have his own LDAP data base. > I just install the PDC without problems and my next step is to install > the BDC. > I configured the LDAP that work in multi master mode. I made some test > and the LDAP works well. > I need to know if the BDC can write in his local data base. > In other side: Can the BDC acts as PDC when the conection betwen both > servers is broken? I need that the users that works in the subsidiary > can log in and make changes in his profiles (e.g. change his password > and so on) including when the conection with the headquarter is lost. > Below I copy the BDC's smb.conf > Can anyone help me? Thanks. > > # > admin users = manager @"Domain Admins" @administradores > ntlm auth = yes > netbios name = PDC_Rosario > workgroup = SECCO > lanman auth = no > winbind trusted domains only = yes > encrypt passwords = yes > winbind use default domain = yes > server string = BDC > domain logons = yes > > # --- Network Related Options - > > hosts allow = 10.20.0.0/16 10.18.0.0/16 localhost > > # --- Logging Options - > > max log size = 500 > log file = /var/log/samba/%m.log > > # - LDAP Options -- > > ldap passwd sync = yes > ldap admin dn = cn=manager,dc=secco,dc=com,dc=ar > ldap user suffix = ou=People > ldap group suffix = ou=Groups > ldap machine suffix = ou=Computers > ldap suffix = dc=secco,dc=com,dc=ar > > # --- Standalone Server Options --- > > security = user > passdb backend = ldapsam:ldap://127.0.0.1 > > # --- Domain Members Options --- > # --- Domain Controller Options --- > > logon script = login.bat > add machine script = /usr/sbin/smbldap-useradd -w "%u" > delete user script = /usr/sbin/smbldap-userdel "%u" > add group script = /usr/sbin/smbldap-groupadd -p "%g" > add user script = /usr/sbin/smbldap-useradd -m "%u" > > # --- Browser Control Options - > >local master = yes >os level = 65 >domain master = no >preferred master = yes > > #- Name Resolution > >wins support = yes >name resolve order = wins lmhosts bcast > > # --- Printing Options > > # --- Filesystem Options -- > > #== Share Definitions = > > [homes] > > comment = Home Directories > browseable = no > writable = no > root preexec = /etc/samba/mk_sambadir "/home/%u" "%u" "%g" > write list = %S manager > valid users = SECCO\%S SECCO\manager > inherit permissions = yes > force user = %S > force group = @administradores > directory mask = 0700 > create mask = 0700 > > [netlogon] > comment = Network Logon Service > browseable = yes > path = /home/netlogon > guest ok = yes > writable = no > valid users = SECCO\manager %U > write list = llattan > > [shares] > comment = Carpeta del grupo Sistemas > path = /home2/sistemas > valid users = @shares @administradores > browseable = yes > writable = no > write list = @shares_w @administradores > inherit permissions = yes > force user = %U > force group = share > > > # > > > -- > Juan Pablo Michelino -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
