Re: [Samba] How to samba ldap and ssl
Le 04/08/2011 08:04, Ander Punnar a écrit : in debian. Since slapd is compiled with GnuTLS in Debian, you will run into problems (I did): http://www.openldap.org/lists/openldap-devel/200802/msg00072.html I recompiled Debian openldap source package with openssl. # apt-get build-dep openldap # apt-get source openldap # apt-get install libssl-dev cd to openldap source dir edit debian/configure.options find --with-tls, and change it to --with-tls=openssl. # dpkg-buildpackage -us -uc And then you need self-signed certs and two lines in your slapd.conf. Note: I haven't actually installed recompiled packages yet, so I don't know if it helps. But if you try it, please let me know :) I have installed SAMBA + OpenLDAP + TLS successfully with the debian packages. There is no need to rebuild openldap from scratch. My config : Debian Queeze amd64 OpenLDAP: slapd 2.4.23 (Jun 15 2011 13:31:57) Samba v3.5.6 OpenSSL 0.9.8o 01 Jun 2010 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba + LDAP + SMBLDAP-Tools + Roaming Profiles
First of all, there is a problem between your samba conf and the output of pdbedit : your server netbios name is defined in your smb.conf as 'BDC' and your workgroup/domain as 'workgroup' whereas the pdbedit output indicates that the profile is stored on '\\pdc...' and that the user is defined on the domain 'BDC'. Setting those correctly to the same values should help. Le 02/08/2011 13:08, J. Echter a écrit : Am 25.07.2011 14:38, schrieb J. Echter: Am 22.07.2011 17:48, schrieb TAKAHASHI Motonobu: From: J. Echterj.ech...@elektro-mayer-echter.de Date: Thu, 21 Jul 2011 08:51:25 +0200 Am 20.07.2011 18:08, schrieb TAKAHASHI Motonobu: hi, tried all your hints. still now profiles found... H... My testing environment is available at ftp://ftp.ring.gr.jp/pub/net/samba-jp/vmware_player_images/sambapdc-squeeze-20110713.zip In this environment, 1) # chmod 1777 /var/lib/samba/shares/profiles 2) changing hide files and profiles acls same as yours 3) # pdbedit -p \\sambapdc\profiles\username username 4) Logging on as the user, roaming profiles is successfully created. I'm using ldapsam:editposix instead of smbldap-tools, so this may not help you... --- TAKAHASHI Motonobumo...@samba.gr.jp Hi, there's something wrong with my config... the successful logins are only able because the users are already there as local unix accounts. i created a new user 'test' and this one can't even login. something with nsswitch seems configured wrong, imho. i get an error like 'no unix account found'. i will post the details about that later, i have to wait till i can switch the smb.conf again. cheers juergen. hi, i'm back :) but still the old problem. i have my tdbsam server running, i set up another samba server, without domain logons. i added a user 'test' to my ldap db. i added this user on the main pdc with smbldap-useradd sudo pdbedit -v test on my new test machine tells me: Unix username: test NT username: test Account Flags: [U ] User SID: S-1-5-21-3842863818-2180709222-141296495-3166 Primary Group SID: (NULL SID) Full Name: test Home Directory: \\pdc\test HomeDir Drive: H: Logon Script: test.bat Profile Path: \\pdc\profiles\test Domain: BDC Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: never Kickoff time: never Password last set: Fr, 22 Jul 2011 23:33:55 CEST Password can change: Fr, 22 Jul 2011 23:33:55 CEST Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FF i wonder because my domain is called workgroup, not bdc. BDC is the name of the machine, not the domain. if im using this user to logon, it isn't found. phpldapadmin also shows a line like: sambaDomainName=BDC http://192.168.0.200/phpldapadmin/cmd.php?cmd=template_engineserver_id=1dn=sambaDomainName%3DBDC%2Cdc%3Dworkgroup%2Cdc%3Dlocal sambaDomainName=workgroup http://192.168.0.200/phpldapadmin/cmd.php?cmd=template_engineserver_id=1dn=sambaDomainName%3Dworkgroup%2Cdc%3Dworkgroup%2Cdc%3Dlocal here's the conf of my testing smb machine: [global] domain master = no domain logons = no passdb backend = ldapsam:ldap://mule idmap backend = ldap:ldap://mule idmap uid = 1-15000 idmap gid = 1-15000 ldap suffix = dc=workgroup,dc=local ldap user suffix = ou=smb-usr ldap group suffix = ou=groups ldap machine suffix = ou=computers ldap idmap suffix = ou=idmap ldap admin dn = cn=admin,dc=workgroup,dc=local ldap ssl = no ldap passwd sync = yes printing = bsd netbios name = BDC server string = BDC (%h) workgroup = workgroup interfaces = eth0,lo security = user encrypt passwords = true map to guest = bad user guest account = nobody logon path = \\pdc\profile\%U logon script = %U.bat logon drive = H: panic action = /usr/share/samba/panic-action %d my smbldap config is the following: sambaDomain=workgroup suffix=dc=workgroup,dc=local userProfile=\\pdc\profiles\%U nsswitch.conf: passwd: files ldap shadow: files ldap group: files ldap hosts: files wins dns networks: files dns protocols: db files services: db files ethers: db files rpc: db files netgroup: nis i hope somebody can tell me whats going on. i'm completely lost since a while :) thanks a nice day to all. juergen. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba + LDAP + SMBLDAP-Tools + Roaming Profiles
Le 02/08/2011 14:22, J. Echter a écrit : Am 02.08.2011 14:06, schrieb Julien Celle: pdbedit output indicates that the profile is stored on '\\pdc...' and that the user is defined on the domain 'BDC'. oh i forgot, profiles are on \\pdc. cheers. Hi, There may be a problem trying to access your profiles on \\pdc while authenticating against \\bdc. Your users try to access a share without giving your PDC credentials it can validate. Try moving your profile for your user test to \\bdc\profile... You could also post your whole smb.conf for your BDC. Cheers, Julien. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Shares and ACLs
Hi, One weird thing (or maybe it is normal) : I have a Samba 3.5.6 on Debian Squeeze 64 bits acting as a PDC that is working perfectly fine. I have a share containing a directory with special acls on an ext3 partition mounted with 'acl,user_xattr' options. When I copy a file (or a directory) to that directory, default acls are correctly applied to the file. If instead I move the same file (or dir), the default acls are not applied. Is this normal behaviour or did I misconfigured something ? Thanks, Julien -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [SOLVED] Windows 7 client not mounting 'HOME' share.
Le 26/07/2011 20:40, Miguel Medalha a écrit : On 2011-07-26 19:31, Miguel Medalha wrote: Workstations successfully registered with the PDC, users can login, profiles are found and updated, network shares are all mounted during login (logon script = %G.bat) except for the home directory of the user. I met the same problem more than once and I found that I have to remove the corresponding entries from the LDAP database (sambaHomePath and sambaHomeDrive attributes). If these attributes are set, the user does not connect to his home service. The homedir needs to be only in smb.conf. I must add that, according to documentation, the home directory LDAP attributes need only to be set for a particular user if they differ from the general setting. Quoting from The Official Samba 3.5 HOWTO: « 11.4.4.8 LDAP Special Attributes for sambaSamAccounts The sambaSamAccount ObjectClass is composed of the attributes shown in next tables: Part A, and Part B. The majority of these parameters are only used when Samba is acting as a PDC of a domain (refer to Domain Control, for details on how to configure Samba as a PDC). The following four attributes are only stored with the sambaSamAccount entry if the values are non-default values: • sambaHomePath • sambaLogonScript • sambaProfilePath • sambaHomeDrive These attributes are only stored with the sambaSamAccount entry if the values are non-default values. For example, assume MORIA has now been configured as a PDC and that logon home = \\%L\%u was defined in its smb.conf file. When a user named ‘becky’ logs on to the domain, the logon home string is expanded to \\MORIA\becky. If the smbHome attribute exists in the entry ‘uid=becky,ou=People,dc=samba,dc=org’, this value is used. However, if this attribute does not exist, then the value of the logon home parameter is used in its place. Samba will only write the attribute value to the directory entry if the value is something other than the default (e.g., \\MOBY\becky). » I agree and this is my case. None of these parameters is present in my user's LDAP entry. Yet, my user has to mount his homedir himself. I finally found the solution : it appears that the logon home parameter should be set to the following value : logon home = \\%L\%U instead of the one I was using : logon home = \\%L\homes\%U I don't really understand why. Anybody could explain ? Thanks for your help. JC -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Windows 7 client not mounting 'HOME' share.
Hi, I'm running a samba server (3.5.6 on Debian Squeeze 64 bits) as a PDC with Windows 7 64 bits clients. Workstations successfully registered with the PDC, users can login, profiles are found and updated, network shares are all mounted during login (logon script = %G.bat) except for the home directory of the user. Yet, if I try to manually add it to windows (net use Z: /HOME), it succeeds without complaining. I don't really understand where the problem comes from. Anyone ? Thanks, Julien. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 client not mounting 'HOME' share.
Le 26/07/2011 18:32, Dennis Dryden a écrit : Hi, What do your logon scripts look like? Dennis On Tue, Jul 26, 2011 at 11:15 AM, Julien Cellejulien.ce...@sivalex.comwrote: Hi, I'm running a samba server (3.5.6 on Debian Squeeze 64 bits) as a PDC with Windows 7 64 bits clients. Workstations successfully registered with the PDC, users can login, profiles are found and updated, network shares are all mounted during login (logon script = %G.bat) except for the home directory of the user. Yet, if I try to manually add it to windows (net use Z: /HOME), it succeeds without complaining. I don't really understand where the problem comes from. Anyone ? Thanks, Julien. Hi, HOME share is 'homes' and path is '/home/%U'. I tried it with '/home/%u', no difference. I also have difficulties running scripts at startup: if I do not modify the 'EnableLinkedConnections' registry setting to '1', scripts in netlogon share are not run. In fact, If I only modify registry setting as suggested in http://wiki.samba.org/index.php/Windows7, I can join the domain, a user can login, but shares are not automatically mounted. Manually calling the script in \\myserver\netlogon works. Manually calling 'net use Z: /HOME' works. Scripts are of the type %G.bat. Typical script is : @echo off net use Y: \\mypdc\theshare They used to work perfectly with Windows XP clients. Here is my smb.conf : [global] dos charset = 850 unix charset = UTF8 display charset = UTF8 workgroup = MYDOMAIN server string = %h server netbios name = mypdc interfaces = lo, eth0 bind interfaces only = Yes domain logons = Yes os level = 20 preferred master = Yes domain master = Yes local master = Yes security = user dns proxy = No wins support = Yes passdb backend = ldapsam:ldap://ldapserver.domain.local/ client NTLMv2 auth = Yes #log level = 3 #debug timestamp = yes log file = /var/log/samba/log.%m max log size = 1000 name resolve order = wins lmhosts host bcast time server = Yes #socket options = TCP_NODELAY IPTOS_LOWDELAY SO_REUSEADDR IPTOS_THROUGHPUT SO_RCVBUF=32768 SO_SNDBUF=32768 socket options = TCP_NODELAY SO_RCVBUF=32768 SO_SNDBUF=32768 #socket options = TCP_NODELAY IPTOS_LOWDELAY SO_REUSEADDR IPTOS_THROUGHPUT SO_RCVBUF=8192 SO_SNDBUF=8192 case sensitive = auto default case = lower preserve case = yes short preserve case = yes ldap ssl = start tls ldap passwd sync = Yes ldap admin dn = cn=admin,dc=domain,dc=local ldap delete dn = Yes ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap idmap suffix = ou=Users ldap machine suffix = ou=Computers ldap suffix = dc=sivalex,dc=local add user script = /usr/sbin/smbldap-useradd -m %u delete user script = /usr/sbin/smbldap-userdel %u add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u add machine script = /usr/sbin/smbldap-useradd -w %u logon path = \\%L\profiles\%U logon drive = Z: logon home = \\%L\homes\%U logon script = %G.bat panic action = /usr/share/samba/panic-action %d winbind use default domain = Yes winbind trusted domains only = Yes hosts allow = 127.0.0.1 192.168. hide unreadable = Yes [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon write list = Administrator writable = No guest ok = Yes browseable = No [profiles] comment = Users profiles path = /profiles create mask = 0700 directory mask = 0700 browseable = No writable = yes profile acls = yes [profiles.V2] copy = profiles [homes] comment = Home Directories path = /home/%u valid users = %u create mask = 0700 directory mask = 0700 browseable = No writable = yes [Theshare] comment = Documents for the share path = /mnt/theshare read only = No dos filemode = yes create mask = 0770 directory mask = 0770 map acl inherit = Yes inherit acls = Yes csc policy = disable dos filemode = Yes inherit owner = Yes hide special files = Yes map archive = No admin users = @Domain Admins force unknown acl user = Yes veto files = /.VFSTrash/ vfs objects = recycle recycle:repository = .VFSTrash
Re: [Samba] Windows 7 client not mounting 'HOME' share.
# pdbedit -v jcelle ... Home Directory: \\svl1001\homes\jcelle ... Homedir is correctly set. And windows knows it (or at least it knows where to find the information): `net use Z: /HOME`without specifying where to find the share is working. This is really driving me nuts. Le 26/07/2011 19:17, TAKAHASHI Motonobu a écrit : Please show the result of pdbedit -v a-user HomeDir Drive: is correctly set? From: Julien Cellejulien.ce...@sivalex.com Date: Tue, 26 Jul 2011 18:59:26 +0200 (logon script = %G.bat) except for the home directory of the user. Yet, if I try to manually add it to windows (net use Z: /HOME), it succeeds without complaining. I don't really understand where the problem comes from. Anyone ? --- TAKAHASHI Motonobumo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba