Re: [Samba] Re: Samba Question
On Wednesday 20 April 2005 10:39, David Michaels wrote: > Worth noting: The 3.0.x recommendation regarding nscd is that you /do > not run it at all/. Though I think that might only apply when you're > using winbindd, you might want to take a look at your nscd process to > see if it's notably busy. It was on our server, taking up half of one > of the CPUs. Very bad. So I turned nscd off. The recommendation not to run nscd applies only when winbind is running. - John T. > > --Dragon > > Gerry Maddock wrote: > >Got it working. I had to restart nscd service. Nscd was not reflecting the > >group entries. > > > >>Ok, it seems to be an LDAP problem. for some reason linux isnt reading > >> the ldap groups, even though /etc/nsswitch.conf states groups = files > >> ldap Here is my problem: > >> > >>I ran smbldap-groupadd TEST to create the group test. I then ran: > >>smbldap-groupmod -m gerrym,briang TEST to add gerrym (me) and briang to > >>that group. I next created a test linux directory called TESTDIR to check > >>permisions. I changed the ownership to briang.TEST TESTDR (chown > >>briang.TEST ./TESTDIR). I then changed directory permisions to 770 (user > >>and group have read,write,and execute). I then logged in as my self > >>(gerrym) and tried to access that directory and I am unable to. The > >>directory permisions should allow me in w/full control as I am in the > >>group TEST. I run getent group|grep TEST and verify I am a member of that > >>group and I am. I then checked /etc/nsswitch.conf and it shows: > >>group: files ldap > >> > >>Just wondering why it will not let me in that directory if permisions are > >>right? I used IDEALX's smb-ldap script 1.2. Any help or suggestions would > >>be > >>appreciated. THANKS! > >> > >>>I have a share access question for you. I have been running Samba 2.2.7 > >>>as > >>>a PDC on my RH7.2 box for several years now. I just setup a new PDC > >>>running Samba 3.0.10 on a FC3 box. I used to control read-write acces to > >>>shares via samba like: > >>>[TRData] > >>>path = /tr/TRData > >>>valid users = administrator,@IT,@fl,@tx,@eu,@ca,@ny,@wa,@uk > >>>write list = administrator,@IT,@FLTR > >>>force group = FLTR > >>>read only = no > >>>create mask = 0777 > >>>directory mask = 0777 > >>> > >>>That would work fine when I was running Samba 2.2.7, but now it doesnt > >>>work with Samba 3.0.10. What can I enter to my new smb.conf (3.0.10) to > >>>get the shares to behave like they did when I ran 2.2.7? > >>> > >>>Thanks in advance!!! -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Samba Question
Worth noting: The 3.0.x recommendation regarding nscd is that you /do not run it at all/. Though I think that might only apply when you're using winbindd, you might want to take a look at your nscd process to see if it's notably busy. It was on our server, taking up half of one of the CPUs. Very bad. So I turned nscd off. --Dragon Gerry Maddock wrote: Got it working. I had to restart nscd service. Nscd was not reflecting the group entries. Ok, it seems to be an LDAP problem. for some reason linux isnt reading the ldap groups, even though /etc/nsswitch.conf states groups = files ldap Here is my problem: I ran smbldap-groupadd TEST to create the group test. I then ran: smbldap-groupmod -m gerrym,briang TEST to add gerrym (me) and briang to that group. I next created a test linux directory called TESTDIR to check permisions. I changed the ownership to briang.TEST TESTDR (chown briang.TEST ./TESTDIR). I then changed directory permisions to 770 (user and group have read,write,and execute). I then logged in as my self (gerrym) and tried to access that directory and I am unable to. The directory permisions should allow me in w/full control as I am in the group TEST. I run getent group|grep TEST and verify I am a member of that group and I am. I then checked /etc/nsswitch.conf and it shows: group: files ldap Just wondering why it will not let me in that directory if permisions are right? I used IDEALX's smb-ldap script 1.2. Any help or suggestions would be appreciated. THANKS! I have a share access question for you. I have been running Samba 2.2.7 as a PDC on my RH7.2 box for several years now. I just setup a new PDC running Samba 3.0.10 on a FC3 box. I used to control read-write acces to shares via samba like: [TRData] path = /tr/TRData valid users = administrator,@IT,@fl,@tx,@eu,@ca,@ny,@wa,@uk write list = administrator,@IT,@FLTR force group = FLTR read only = no create mask = 0777 directory mask = 0777 That would work fine when I was running Samba 2.2.7, but now it doesnt work with Samba 3.0.10. What can I enter to my new smb.conf (3.0.10) to get the shares to behave like they did when I ran 2.2.7? Thanks in advance!!! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba Question
Got it working. I had to restart nscd service. Nscd was not reflecting the group entries. > Ok, it seems to be an LDAP problem. for some reason linux isnt reading the > ldap groups, even though /etc/nsswitch.conf states groups = files ldap > Here is my problem: > > I ran smbldap-groupadd TEST to create the group test. I then ran: > smbldap-groupmod -m gerrym,briang TEST to add gerrym (me) and briang to > that group. I next created a test linux directory called TESTDIR to check > permisions. I changed the ownership to briang.TEST TESTDR (chown > briang.TEST ./TESTDIR). I then changed directory permisions to 770 (user > and group have read,write,and execute). I then logged in as my self > (gerrym) and tried to access that directory and I am unable to. The > directory permisions should allow me in w/full control as I am in the > group TEST. I run getent group|grep TEST and verify I am a member of that > group and I am. I then checked /etc/nsswitch.conf and it shows: > group: files ldap > > Just wondering why it will not let me in that directory if permisions are > right? I used IDEALX's smb-ldap script 1.2. Any help or suggestions would > be > appreciated. THANKS! > >> I have a share access question for you. I have been running Samba 2.2.7 >> as >> a PDC on my RH7.2 box for several years now. I just setup a new PDC >> running Samba 3.0.10 on a FC3 box. I used to control read-write acces to >> shares via samba like: >> [TRData] >> path = /tr/TRData >> valid users = administrator,@IT,@fl,@tx,@eu,@ca,@ny,@wa,@uk >> write list = administrator,@IT,@FLTR >> force group = FLTR >> read only = no >> create mask = 0777 >> directory mask = 0777 >> >> That would work fine when I was running Samba 2.2.7, but now it doesnt >> work with Samba 3.0.10. What can I enter to my new smb.conf (3.0.10) to >> get the shares to behave like they did when I ran 2.2.7? >> >> Thanks in advance!!! >> >> >> > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba Question
Ok, it seems to be an LDAP problem. for some reason linux isnt reading the ldap groups, even though /etc/nsswitch.conf states groups = files ldap Here is my problem: I ran smbldap-groupadd TEST to create the group test. I then ran: smbldap-groupmod -m gerrym,briang TEST to add gerrym (me) and briang to that group. I next created a test linux directory called TESTDIR to check permisions. I changed the ownership to briang.TEST TESTDR (chown briang.TEST ./TESTDIR). I then changed directory permisions to 770 (user and group have read,write,and execute). I then logged in as my self (gerrym) and tried to access that directory and I am unable to. The directory permisions should allow me in w/full control as I am in the group TEST. I run getent group|grep TEST and verify I am a member of that group and I am. I then checked /etc/nsswitch.conf and it shows: group: files ldap Just wondering why it will not let me in that directory if permisions are right? I used IDEALX's smb-ldap script 1.2. Any help or suggestions would be appreciated. THANKS! > I have a share access question for you. I have been running Samba 2.2.7 as > a PDC on my RH7.2 box for several years now. I just setup a new PDC > running Samba 3.0.10 on a FC3 box. I used to control read-write acces to > shares via samba like: > [TRData] > path = /tr/TRData > valid users = administrator,@IT,@fl,@tx,@eu,@ca,@ny,@wa,@uk > write list = administrator,@IT,@FLTR > force group = FLTR > read only = no > create mask = 0777 > directory mask = 0777 > > That would work fine when I was running Samba 2.2.7, but now it doesnt > work with Samba 3.0.10. What can I enter to my new smb.conf (3.0.10) to > get the shares to behave like they did when I ran 2.2.7? > > Thanks in advance!!! > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba Question
This is not a SAMBA isssue but a workstation issue. Chances are, Windows is trying to connect as whatever user you are logged into the machine as. Example, if you log in to the machine as user 1, windows sends user1 as it's authentication information with each communication. If you have one SMB connection to a computer as user1, Windows will not allow you to make another SMB connection as user2 until the first is disconnected. If you want to specify that WIndows is to connect with a different username in the case of mapping a drive, try: net use \\server\share /user: Once again, this will not work if you are already have a drive or printer mapped to that server as another user. This will not work on 9x or ME. Your only option on 9x is to reboot and log in as a different user. Also, for future reference, please always include your server os, client os, samba version, smb.conf file, any other pertinent information, and a subject that gives some clue to what your problem may be. Since you are posting to a SAMBA group, we know that you have a problem with SAMBA. For this, "Can only connect as one user" or something of that nature would be appropriate. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba Question
[EMAIL PROTECTED] wrote: I'm doing some research and I'd like to know if there is anyone who has deployed samba as a PDC with more than 50 clients with roaming profiles enabled. Looking to do something similar and I would like to know hardware configs I should choose. Samba runs on different h/w. I would really recommend you to download src or RPM and start testing it. Regards, Norman Zhang -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba Question
I'm using FreeBSD 4.8 so software install will be quite different and rather trivial. My first step involved making sure the DC's were in /etc/hosts with shortname entries. Next I installed openldap22, then heimdal-kerberos (found some post about this being the better/preferred version). When I installed krb5 I made sure to include with-ldap as a config option (this was the real solution). Finally I installed Samba 3.0b3 and it worked. The crazy part was when I forgot to add the config flag for krb5, ADS support was compiled in, but the krb5 keys didn't work right. So all the'net ads lookup' stuff worked, but I couldn't get the right creds to join the domain. The krb5 recompile solved it. If you need more info, just ask. Thanks, Will > I read your post, and the error messages you were getting on the 'net > join' command are pretty much the exact thing I'm getting. > > Can you please elaborate on what you did to fix it? What > version/dist. of kerberos, what flags to compile it? > > I'm using SuSE 8.2 professional, samba 3.0 b3, and have been trying > the MIT version of kerberos (1.3.1). > -- Will Froning Unix Sys. Admin. [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba Question w/ RH 7.3 and Windows
--- Scott Wrosch <[EMAIL PROTECTED]> wrote: > A question I'm sure has been answered before, but > I'm > still relatively new to Samba, and having just > moved, > have not been able to locate any of my Samba > reference > materials. > > Anyways, I'm running a small Samba server at work > using RedHat Linux 7.3. I did not set up Samba > during > the RedHat installation, but rather downloaded it > and > installed it afterwards. > > Anyways, the network uses a Windows 2000 Server as > the > PDC. And we have various groups set up in the > server. > What I want to do is set up a share that can be > accessible only by the members of a specific group > that's already created in the Active Directory > setup. > Can this be done? It should be possible using Winbind if your 2000 server is running in mixed mode. Follow the directions here: http://us6.samba.org/samba/docs/Samba-HOWTO-Collection.html#WINBIND I installed RedHat 7.3 and used the samba rpm downloaded from a samba FTP site. I had to add winbind to the nsswitch.conf, then I added the winbind settings to smb.conf, and then I started the winbind service. That was about it. I tested it with getent group, which showed all of our NT groups. Good. Then I could run this: chown -R 'DOMAIN\USER'.'DOMAIN\GROUP' /share/point find /share/point -type d -printf "\"%p\"\n" | xargs chmod 770 # Isn't there a better way to do this??? find /share/point -type f -printf "\"%p\"\n" | xargs chmod 660 We implemented ACLs into the kernel and Samba but despite the claims of the authors, we're not sure if they are stable (we might be having other problems, though, and are trying to track them down). ACLs allow you to add more than one NT global group to a file. Good luck, /dev/idal __ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba