Re: [Samba] Password policy doesn't work (pdbedit)
I had the same problem when I set a password policy using pdbedit and tdbsam as the backend... turns out the policy would only apply to new accounts and not existing ones. However if I got the existing users to reset their passwords manually the account policy would kick in. Radek wrote: Hello, I'm using samba 3.0.24 and Debian 4.0. As a password backend I use smbpasswd. I set password policy: Length - 8 signs, Password history - 3, password complexity - script, maximum password age - 30 days The password length and complexity works, but password history and maximum password age doesn't. I tried do the same on test machine (samba 3.2.5) and it works fine (users and settings I took from my working Samba 3.0.24) . What can I do about that? What should I check? Any ideas? Pdbedit shows correct settings but the password must change time is 19 jan 2038 04:14:07 CET Thanks and regards Radek Bojek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Password issue
Hi Running Samba version 3.0.22-13.18 on Suse 10.1 using a tdbsam backend as a PDC. I created a new policy using the pdbedit tool (mim. password length, amount of times a bad password can be entered before getting locked out etc). This policy is working fine apart from one issue. Users must reset their passwords every 90 days. Again this works user is prompted to change password and login and go's ahead and changes it and logs in. The problem is after the user changes his password and logs in any other application in the users profile that uses a password to authenticate seems to loose their password as well...e.g. all our users would have Skype accounts and also be using Outlook as their mail client (not Exchange its a cyrus IMAP setup we are using) after changing their windows login Skype cannot sign in automatically the user needs to re-enter their password and the same goes for any email accounts setup in Outlook, the user is prompted for each account password again. Anybody ever seen this before? I presume this has nothing to do with Samba but something got to do with the way Windows caches passwords? However I have been unable to find anything on how to fix this so I am turning to this list in the hope someone has seen this behaviour before Any help would be appreciated. Cheers Gareth -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC, can't login into WinXP without network connection
John Price wrote: I've setup a Samba PDC (3.0.28a). I can join the domain with a Windows XP sp3 laptop and logon with no problems, but if I try to logon while the laptop is not connected to the network, it will not allow it. The system cannot log you on now because the domain DOMAIN is not available. I have the following policies set on the windows machine: Interactive logon: Number of previous logons to cache (in case domain controller is not available) 10 logons Interactive logon: Require Domain Controller authentication to unlock workstationDisabled I know that there should be a way for windows to cache the logon so that the PDC does not have to be available. Samba config attached. Any help would be appreciated. Do a |pdbedit -Lv username and make sure that the DOMAIN line contains the correct domain name, if it doesn't do the following and it should fix it for you | |pdbedit -i tdbsam -e smbpasswd pdbedit -i smbpasswd -e tdbsam | -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Running a login script
I found the following link very good when setting up my domain http://us1.samba.org/samba/docs/man/Samba-Guide/small.htm Mike Stewart wrote: Thanks Charles, I think you're right, what I'm trying to accomplish is probably better/easier with a Domain Controller. However, I'm surely brain-dead as I've tried to set the box up as a Domain Controller and although my Windows machine will login in to the domain it still won't run the script so I think I must be missing something. Domain Controllers are a completely new thing to me so it's no surprise I'm struggling :-( If anyone has a simple example smb.conf file that does all this and any other hints I'd much appreciate it. Regards Mike... struggling, exhausted, frustrated - Original Message - From: Charles Marcus [EMAIL PROTECTED] To: samba@lists.samba.org Sent: 19 March 2008 20:26:47 o'clock (GMT) Europe/London Subject: Re: [Samba] Running a login script On 3/19/2008, Mike Stewart ([EMAIL PROTECTED]) wrote: I had assumed that the smb.conf entry for logon script = %U.bat was all that would be needed and would pick up the user's name and password as they logged into the server (through a desktop shortcut) and run that script which would map the required drives etc. Basically what we want is to set up all our Win2000 PCs to log into windows as a generic staff member then when they click on the desktop shortcut they are prompted for their server username password and... hey presto all their network drives appear in My Computer. I'm trying real hard to understand why you wouldn't just set the server up as a proper domain controller... it makes stuff like this brain-dead easy... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems with Samba
Are you sure there are no issues with the client machine? [EMAIL PROTECTED] wrote: Hi, I administrate a server (debian etch) on which runs samba, version 3.0.24-6et. Everything worked fine until today. I tried to logon on the server via a clientmachine (win2k, winxp), but i got an error, System cannot logon because domain not reachable. (it is possible to ping the server and to establish a shortcut (to logon) to the server - that works). I have no idea what happens. The logfiles of smbd, nmbd are ok to mind, there is no advise for an error (..startet...becomes_domain_controller etc.). I already tested my sambaconfiguration via testparm, no problems. A simple restart of sambe didn't help too. testparm also shows the right name for the workgroup etc. Does anyone have an idea, where the problem could be? The last changes i did on the server where updates via aptitude. thanks Edgar ___ Jetzt neu! Schützen Sie Ihren PC mit McAfee und WEB.DE. 30 Tage kostenlos testen. http://www.pc-sicherheit.web.de/startseite/?mc=00 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] windows admin == ???
Create a group on your samba box called domainadm or whatever you like, make sure your username is part of this group then map this group to the windows group Domain Admins using this command: net groupmap add rid=512 ntgroup=Domain Admins unixgroup=domainadm type=d You should now be able to log in to a windows box with that username and have full windows admin rights. Vadim Vatlin wrote: Hi there.. How can I create user which will be fully equal windows user Administrator? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Clearing account lockout
The following will reset the flags to the default setting clearing the lock: pdbedit -r -c [] administrator Gaiseric Vandal wrote: I recently am migrating my PDC from NT4 to Samba 3.025. Apparently due to a mismatch between the capitalization of the Windows account and the Unix account (Administrator vs administrator) I managed to lock the account before catching the discrepenacy. # pdbedit -v administrator Unix username:Administrator NT username: Administrator Account Flags:[ULX Bad password count : 5 I reset the bad password count field with the following command pdbedit -z -u administrator However, the account is still locked and I can not clear the lock (X) flag. # pdbedit -v administrator Unix username:Administrator NT username: Administrator Account Flags:[ULX Bad password count : 5 # pdbedit -z -u administrator pdb_update_autolock_flag: Account Administrator administratively locked out with no bad password time. Leaving locked out. # pdbedit -c [UX administrator pdb_update_autolock_flag: Account Administrator administratively locked out with no bad password time. Leaving locked out. Can only set [NDHLX] flags Resetting the lockout duration doesn't help either # pdbedit -P lockout duration -C 5 account policy lockout duration description: Lockout duration in minutes (defa ult: 30, -1 = forever) account policy lockout duration value was: 30 account policy lockout duration value is now: 5 Any ideas? I added a 2nd account to the unix DomainAdmins group (which is mapped to the windows group) but that doesn't seem to give automatically add it to the NT Domain Admins group . This group had been in the Domain Admins group on the NT4 machine. Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] backup samba domain accounts
You need to back up /var/lib/samba as well. Martin Miethe wrote: Hi Newsgroup, I use SAMBA as PDC with MS Terminal Server 2K3. I dont use LDAP. For backing up the domain accounts, I secure /etc/samba on daily base. Yesterday I made a test: I set up a new machine with Samba and copied my backup /etc/samba (1 day old) to the new machine - Samba started just fine. But now, most of the users could not login to the Terminal Server (but some were able to)! The users do not change their password. So it seems Samba and Windows are out of sync (on base of some ID?). I have noticed that Windows now lists some cryptic IDs (S1-1-5-21-12423535) instead of the usernames in the User Managment. When I re-add the domain account to my Windows Server, Windows creates me an empty profile. This is really bad and means I would need to copy all the profiles to the new Folder! How can I simply backup my Domain accounts? I don't really want to set up a BDC and LDAP. I would like to have everything out of the office. If this doesn't work, does anyone know how I can point the profiles in Windows to the new location, without copying them? Just want to be prepared if I would need it one day. Please help...Thanks a lot in advance. best regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Rebuild Samba Server: Do my XP clients need to rejoin domain?
I recently did a similar upgrade, moving from Suse 9.3 to 10.2(the 10.2 was installed on a new machine). I copied over the relevant files (which for me on Suse where /var/lib/samba, /etc/samba, /etc/passwd, /etc/group), configured samba on the new box, shutdown the old samba and started the new samba and I did not have to rejoin any machine to the domain. Aaron Souza wrote: All, I would like to upgrade our Fedora Core 3 Linux server (hosting samba, among other services) to Cent OS 4.4. However, if I reformat the array and install Cent OS 4.4 and copy back all the samba files (and other files), do my Windows XP Clients have to re-join the domain? I ask this because I have 150 machines and going to each one and leaving the domian and rejoining essentially the same domain would be a major time sink. Has anyone recovered a samba server from a fatal crash (or other reason) and had any luck with windows xp clients and not having to go to each client? Samba Version: 3.0.14 Thanks in advance, -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain Admins with Samba 3.024
I am having the same problem on 3.23d, had it working fine with on 3.0.10. The users in the domain admin group can add machines to the network but do not have admin rights on the actual PCs' Neil Jolly wrote: I can't seem to get the Domain Admins group members to be recognisd as administrators on domain member PCs.Running net groupmap list yeilds the following: Domain Admins (S-1-5-21-1288424760-4211430746-2168377316-512) - admin --irrelevant groups omitted-- Running net rpc group members Domain Admins yeilds: RLRMR\administrator RLRMR\root Looging in as administrator on a network connected domain member I get only normal restricted user priviledges. What am I missing here folks? Thanks, -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] I want install samba on debian
Have a look at this: http://us1.samba.org/samba/docs/man/Samba-Guide/simple.html Samantha Bandara wrote: Dear I am very beginners for samba. I want to install samba on Debian. I want maintain file server. We have 50 PCs that are running on WinXP I want connect these PCs to PC it run on Debian . Over IP Range is 192.168.1.0 255.255.255.0 What are the main step to install samba on debian . DNS server is must or not? Can you help me thanks herath Cheap talk? Check out Yahoo! Messenger's low PC-to-Phone call rates. http://voice.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Change existing accounts policy using pdbedit
Hi, Running Samba version 3.0.22-13.18 on Suse 10.1 I have just converted our smbpasswd to a tdbsam passdb backend so I could use the pdbedit tool. I created a new policy using the pdbedit tool and it works fine for new accounts however I am wondering is there any way in applying this policy to existing accounts? Thanks Gareth -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Joining windows client to Samba Domain
Hi I have recently set-up Samba 3.0.10-0.1 on Suse 9.1. All is working fine, I can create users, groups, see my network shares, grant access to them etc. Recently I have tried to set-up the Samba server as a PDC, I have configured the smb.conf and from looking through different tutorials and notes it seems to be correct. However when I try and add a windows client to the domain I get an error in regards to the client being unable to look up the domain name on the wins server. As far as I can make out I have configured the samba server correctly to be a wins server by adding the wins support = Yes to the smb.conf file however for some reason I am still unable to verify the domain name via the client. I do not think this is a client issue as it is able to join a different Samba domain on a different network. Below is my smb.conf file I was hoping someone could help. /[global] workgroup = TEST passwd chat = *New*Password* %n\n*Re-enter*new*password* %n\n *Password*changed* username map = /etc/samba/smbusers syslog = 0 name resolve order = wins bcast hosts add user script = /usr/sbin/useradd -m '%u' delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/usermod -G '%g' '%u' add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody '%u' logon script = scripts\login.bat logon path = logon drive = X: domain logons = Yes preferred master = Yes wins support = Yes [homes] comment = Home Directories valid users = %S read only = No browseable = No [netlogon] comment = Network Logon Service path = /data/%U valid users = %S read only = No [accounts] comment = Accounting Files path = /data/accounts valid users = %G read only = No [finsvcs] comment = Financial Service Files path = /data/finsvcs valid users = %G read only = No/ Can anybody see what I am doing wrong? Thanks in advance, Gareth Cummings -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba