[Samba] Re: Group membership
Ok, the logic goes like this...
If you want to use root for Domain administration purposes it has to be
in the Domain user database.
If it's a Domain user its primary group should be a Domain group.
All Domain groups in Samba are mappings from UNIX groups into SIDs.
If mapping for a particular gid is not present it will be created
automatically using arithmetic approach.
Therefore, if you want your root user to keep its primary gid but to be
associated with a Domain group 'Domain Admins' the best approach will be
to map this Domain group into UNIX group 'root' instead of creating
additional UNIX group 'Domain Admins'.
Another approach will be to use some other user to administer your
Domain and put it into 'admin users' list in smb.conf then you will be
free to choose any primary group for it you like just keep the
consistency between gidNumber and sambaPrimaryGroupSID. All users in the
'admin users' list are forced into been root when they access Samba so
you will have the same control you would have with root.
I don't know why this is not documented... I don't read documentation
that often.. I do know though that Samba team welcomes all suggestions
to make documentation better. If you know which part of the
documentation got you confused - let them know how to make it more clear.
Hope it helps,
Igor
Misty Stanley-Jones wrote:
This doesn't make sense. My root user needs to be gid=0 for all of my UNIX
systems that I have auth'ing against the DB. Will it resolve this if I make
the primaryGroupSID of root to be the one of Domain Admins? This isn't
documented anywhere that I can tell. Thank you for your help, by the way.
On Saturday 16 October 2004 06:16 pm, you wrote:
The trick is in you picking SID by yourself. :o)
sambaPrimaryGroupSID: should always be either explicit mapping of
gidNumber in the groupmap or implicit arithmetic mapping: (gidNumber *
2) + 'rid base' + 1. Your problem is that you have inconsistency in you
root's setup. As a result its primary group 0 gets mapped into RID 1001
which corresponds to engr.
You can do one of the following:
1. change gidNumber of the cn=root to that of the 'Domain Admins' or
2. change the name of gid=0 to be 'Domain Admins' or
3. change mapping 'Domain Admins -> root'
I would also recommend to use arithmetic gidNumber -> SID mapping unless
you are mapping predefined Windows RIDs.
Hope it helps,
Igor
Misty Stanley-Jones wrote:
I am using Samba PDC with OpenLDAP2 and smbldap-tools. As part of my
logon.bat, I call a script called ifmember.exe. This script can list out
the groups a user is a member of. It is reporting that my root user is a
member of the group 'engr.' I don't know if this is a bug with
ifmember.exe or if it's an issue in Samba or in LDAP. Here is some
relevant data:
oink:/etc/smbldap-tools # smbldap-groupshow engr
dn: cn=engr,ou=groups,dc=borkholder,dc=com
cn: engr
gidNumber: 1001
memberUid: pat,chuck,gene,paul,roger,jerry,mike,jose,todd,howard,jb
objectClass: top,posixGroup,sambaGroupMapping
sambaGroupType: 2
sambaSID: S-1-5-21-725326080-1709766072-2910717368-1001
oink:/usr/local/sbin # ./smbldap-usershow root
dn: cn=root,ou=people,dc=borkholder,dc=com
objectClass: account,posixAccount,top,sambaSamAccount
cn: root
uid: root
uidNumber: 0
gidNumber: 0
loginShell: /bin/bash
homeDirectory: /root
displayName: root
sambaPwdCanChange: 1095966471
sambaPwdMustChange: 2147483647
sambaLMPassword: 9B3390AB6FD22782AAD3B435B51404EE
sambaNTPassword: 6F0F56FE06D5EFFDE700A23B9A944678
sambaPasswordHistory:
sambaPwdLastSet: 1095966471
sambaAcctFlags: [U ]
userPassword: {SSHA}KeQmB88xtBT1lxXzLsG30CSVHIPD+VE2
sambaSID: S-1-5-21-725326080-1709766072-2910717368-500
sambaPrimaryGroupSID: S-1-5-21-725326080-1709766072-2910717368-512
oink:/usr/local/sbin # net groupmap list
acct_admin (S-1-5-21-725326080-1709766072-2910717368-1006) -> acct_admin
truss (S-1-5-21-725326080-1709766072-2910717368-1005) -> truss
hr (S-1-5-21-725326080-1709766072-2910717368-1004) -> hr
furniture (S-1-5-21-725326080-1709766072-2910717368-1003) -> furniture
dutch (S-1-5-21-725326080-1709766072-2910717368-1002) -> dutch
Domain Admins (S-1-5-21-725326080-1709766072-2910717368-512) -> Domain
Admins Domain Users (S-1-5-21-725326080-1709766072-2910717368-513) ->
Domain Users Domain Guests (S-1-5-21-725326080-1709766072-2910717368-514)
-> Domain Guests Print Operators (S-1-5-32-550) -> Print Operators
Backup Operators (S-1-5-32-551) -> Backup Operators
Replicators (S-1-5-32-552) -> Replicators
Workgroup Computers (S-1-5-21-725326080-1709766072-2910717368-515) ->
Workgroup Computers
Administrators (S-1-5-32-544) -> Administrators
acct (S-1-5-21-725326080-1709766072-2910717368-1007) -> acct
receptionist (S-1-5-21-725326080-1709766072-2910717368-1008) ->
receptionist engr (S-1-5-21-725326080-1709766072-2910717368-1001) -> engr
Is there anywhere else I can look to see why this command thinks I'm a
mem
[Samba] Re: Group membership
The trick is in you picking SID by yourself. :o)
sambaPrimaryGroupSID: should always be either explicit mapping of
gidNumber in the groupmap or implicit arithmetic mapping: (gidNumber *
2) + 'rid base' + 1. Your problem is that you have inconsistency in you
root's setup. As a result its primary group 0 gets mapped into RID 1001
which corresponds to engr.
You can do one of the following:
1. change gidNumber of the cn=root to that of the 'Domain Admins' or
2. change the name of gid=0 to be 'Domain Admins' or
3. change mapping 'Domain Admins -> root'
I would also recommend to use arithmetic gidNumber -> SID mapping unless
you are mapping predefined Windows RIDs.
Hope it helps,
Igor
Misty Stanley-Jones wrote:
I am using Samba PDC with OpenLDAP2 and smbldap-tools. As part of my
logon.bat, I call a script called ifmember.exe. This script can list out the
groups a user is a member of. It is reporting that my root user is a member
of the group 'engr.' I don't know if this is a bug with ifmember.exe or if
it's an issue in Samba or in LDAP. Here is some relevant data:
oink:/etc/smbldap-tools # smbldap-groupshow engr
dn: cn=engr,ou=groups,dc=borkholder,dc=com
cn: engr
gidNumber: 1001
memberUid: pat,chuck,gene,paul,roger,jerry,mike,jose,todd,howard,jb
objectClass: top,posixGroup,sambaGroupMapping
sambaGroupType: 2
sambaSID: S-1-5-21-725326080-1709766072-2910717368-1001
oink:/usr/local/sbin # ./smbldap-usershow root
dn: cn=root,ou=people,dc=borkholder,dc=com
objectClass: account,posixAccount,top,sambaSamAccount
cn: root
uid: root
uidNumber: 0
gidNumber: 0
loginShell: /bin/bash
homeDirectory: /root
displayName: root
sambaPwdCanChange: 1095966471
sambaPwdMustChange: 2147483647
sambaLMPassword: 9B3390AB6FD22782AAD3B435B51404EE
sambaNTPassword: 6F0F56FE06D5EFFDE700A23B9A944678
sambaPasswordHistory:
sambaPwdLastSet: 1095966471
sambaAcctFlags: [U ]
userPassword: {SSHA}KeQmB88xtBT1lxXzLsG30CSVHIPD+VE2
sambaSID: S-1-5-21-725326080-1709766072-2910717368-500
sambaPrimaryGroupSID: S-1-5-21-725326080-1709766072-2910717368-512
oink:/usr/local/sbin # net groupmap list
acct_admin (S-1-5-21-725326080-1709766072-2910717368-1006) -> acct_admin
truss (S-1-5-21-725326080-1709766072-2910717368-1005) -> truss
hr (S-1-5-21-725326080-1709766072-2910717368-1004) -> hr
furniture (S-1-5-21-725326080-1709766072-2910717368-1003) -> furniture
dutch (S-1-5-21-725326080-1709766072-2910717368-1002) -> dutch
Domain Admins (S-1-5-21-725326080-1709766072-2910717368-512) -> Domain Admins
Domain Users (S-1-5-21-725326080-1709766072-2910717368-513) -> Domain Users
Domain Guests (S-1-5-21-725326080-1709766072-2910717368-514) -> Domain Guests
Print Operators (S-1-5-32-550) -> Print Operators
Backup Operators (S-1-5-32-551) -> Backup Operators
Replicators (S-1-5-32-552) -> Replicators
Workgroup Computers (S-1-5-21-725326080-1709766072-2910717368-515) ->
Workgroup Computers
Administrators (S-1-5-32-544) -> Administrators
acct (S-1-5-21-725326080-1709766072-2910717368-1007) -> acct
receptionist (S-1-5-21-725326080-1709766072-2910717368-1008) -> receptionist
engr (S-1-5-21-725326080-1709766072-2910717368-1001) -> engr
Is there anywhere else I can look to see why this command thinks I'm a member
of the engr group? I'm using nss_ldap on the server for authentication as
well.
Misty
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Errors in Log Watch about forward maps
Patrick Nelson wrote: FC2 with dhcp v3.0.1 I keep getting this error in my log watch and I can not figure out what needs to be fix to stop it. Unable to add forward map from BCSNEL2.psn.com to 10.132.170.198: not a zone: 9 Time(s) Unable to add forward map from BCSNEL1.psn.com to 10.132.170.197: not a zone: 4 Time(s) Anyone understand the problem or any suggestion of where to look? Ooops Sorry wrong list! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: for XP client do I need to have a "machine account"
bill eight wrote: Hi, Ok - win95 systems were on Samba 2.2.x Now, added XP pro systems... added user account on XP desktop AND on samba/linux server and did a "smbpasswd -a" c:\>net use \\ipaddr\share /user:"user" works .. but on the XP system (logged in as that user) I CAN't see the network, even doing an add network places.. (I get no error.. ) question - DO I need to put info about the XP machine into the samba server? If you use 'security = user' than machine (XP system) should become a member of this domain before you will be able to login into domain from this machine. So, yes - you DO need to put info about the XP machine into the Samba server. The good news is that when you join the Domain Samba will put this info for you. It probably doesn't answer what you have actually asked but it's a hint that you maybe need to give more details on what you did, what you expected to see and what you actually saw. :) Hope it helps, Igor -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Errors in Log Watch about forward maps
FC2 with dhcp v3.0.1 I keep getting this error in my log watch and I can not figure out what needs to be fix to stop it. Unable to add forward map from BCSNEL2.psn.com to 10.132.170.198: not a zone: 9 Time(s) Unable to add forward map from BCSNEL1.psn.com to 10.132.170.197: not a zone: 4 Time(s) Anyone understand the problem or any suggestion of where to look? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: ADS valid users can't map share
Greg Adams wrote: Yeah, that solved the problem for valid users. Thanks. However, I now have a different problem. The same kind of logic should apply to the username map, right? But it doesn't seem to. smb.conf: * [global] workgroup = EDSADDDM realm = EDSADDDM.DDM.APM.BPM.EDS.COM server string = Maul Test Server log level = 2 max log size = 100 security = ADS local master = no os level = 0 domain master = no preferred master = no wins server = 199.42.192.103 dns proxy = no encrypt passwords = yes idmap uid = 6-7 idmap gid = 8-9 winbind enum users = yes winbind enum groups = yes winbind separator = + winbind use default domain = no username map = /opt/samba/lib/username.map [space] comment = Space Partition Share path = /space writable = yes browsable = yes * username.map: * !grega = "EDSADDDM+imguser" * If I map the share from my Windows XP client as EDSADDDM\imguser, it doesn't do the mapping. I get the following messages in log.smbd: * [2004/10/14 09:57:39, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. open_sockets_smbd: accept: Software caused connection abort [2004/10/14 09:57:39, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2004/10/14 09:57:40, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [imguser] -> [imguser] -> [EDSADDDM+imguser] succeeded [2004/10/14 09:57:40, 1] smbd/service.c:make_connection_snum(648) mule (199.42.192.45) connect to service space initially as user EDSADDDM+imguser (uid=60001, gid=8) (pid 25694) * and if I create a new file it gets the following ownership/permission: * # ls -l /space/tmp total 0 -rwxr--r-- 1 nobody EDSADDDM+Domain Users 0 Oct 14 09:59 New Text Document.txt * However, if I change username.map to the following and restart Samba: * !grega = "imguser" * The username map does what I think it should... The permissions on the created file are as follows: * # ls -l /space/tmp total 0 -rwxr--r-- 1 gregaeng0 Oct 14 10:01 New Text Document.txt * So... it appears that the username map is not using the domain information. I do believe it should... Could you provide 'log level = 10' from the moment 'EDSADDDM+imguser' logs in and till it creates a file? This should be logs for the '!grega = "EDSADDDM+imguser"' line in the map file. Thanks, Igor -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Problems with samba shares locking in w2k ADS environment.
Have you tried setting 'use sendfile = no' for the share in your smb.conf? Igor Jim Canfield wrote: Greetings, I have a Gentoo Linux machine running samba 3.0.7-r2 It's a member of a win2k ADS domain...all that seems to be working fine. Problem: When I share a directory on the Samba machine ADS members can see it, browse it, and even create directories and small text files. However, if I try to drop anything large or binary, it lock up the win2k client for about 2 minutes then resets. Could this be a socket issue? SMB logs for that client don't show anything odd. Here is my smb.conf: [global] netbios name = TSHTUX socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 idmap uid = 1-2 winbind enum users = yes winbind gid = 1-2 workgroup = TSH os level = 20 winbind enum groups = yes password server = * preferred master = no winbind separator = + max log size = 50 log file = /var/log/samba3/log.%m encrypt passwords = yes dns proxy = no realm = TSH.MYDOMAIN.COM security = ADS wins server = ** wins proxy = no [public] comment = Perl Files path = /public/ read only = no writable = yes -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: PDC and windows xp domain joining - root user does not exist
Ok... Can you try to do the following: 1. remove domain trust account for the machine leaving its /etc/passwd entry as it is. smbpasswd -x vdfbox$ 2. attempt to join your Domain again and collect 'log level = 5' smbd log. Note, that Samba will create machine trust account for you during joining of the Domain. Let me know how it goes Igor Mark Rutherford wrote: Igor, what should I set the loglevel to? they get very big but I have a log here from a few minutes ago when I set it to '10' they are accessible here: http://www.maunzelectronics.com/~mark/samba/log.smbd http://www.maunzelectronics.com/~mark/samba/log.nmbd ive since changed all the names of the servers, just to move away from the 'test', 'test1' confusion if there is anything specific anyone wants to see, I can post it up someplace. also, after changing names around, ect im still getting this infamous 'user does not exist' thanks for the help :) Igor Belyi wrote: Any smbd log you want to share? I'd expect some kind of error in there? :) Igor Mark Rutherford wrote: ok, changed the computers name and added it just as I added 'test' then, deleted the 'test' machine the new machine I called 'mark' and, it was already in a workgroup.. so I rebooted it no change. it still tells me that root is an invalid user so, im back where I started. Anton K. wrote: Mark Rutherford wrote: I am trying to set up a samba PDC, and I have followed many FAQ's and HOWTO's ive found online. all seem to be just about the same.. So, I made a config up (at the end of this email) then I did the following: added users/machines as such: (just trying to get it to work, will spice it up later) useradd test$ passwd -l test$ smbpasswd -a -m test smbpasswd root (entered a password twice...) Now... I went to the windows xp machine, changed some registry settings (windows xp with service pack 2, BTW.) then I attempted to join the domain, entered 'TEST' as the domain, and a prompt came up asking me for the username and password required to join the domain.. entered root and the root password and... it tells me: 'the specified user does not exist' now, thats damned strange... so I create another unix user, and then another samba user.. I call this user 'test' with a password 'test' so, I try to use that, and it tells me access denied... so I can understand that.. I try to enter root with no password, and it tells me the username or password is invalid.. I expected that as well, I guess. im at a loss. I honestly dont know what to do. my thing is, at work we are considering switching off of novell in favor of samba, so I best get to know it im off to a rocky start. I hope that someone on list has an idea. thanks in advance :) here is my smb.conf, mostly copied from examples: [global] workgroup = TEST netbios name = SAMBAPDC server string = Samba %v on %L log level = 1 log file = /var/log/samba/log.%L max log size = 1000 time server = Yes socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 logon script = logon.bat logon path = \\%N\profiles\%u domain logons = Yes os level = 255 preferred master = Yes domain master = Yes [netlogon] path = /home/samba/netlogon browseable = No [profiles] path = /home/samba/profiles read only = No create mask = 0700 directory mask = 0700 browseable = No [data] path = /home/samba/data read only = No create mask = 0750 directory mask = 0750 guest ok = Yes How did you called the machine. It has to be the same like the machine account of cource, probably 'test' in your case. I saw that you called the workgroup the same. My win workstations complain if have machine with same name as domain. Try calling domain test1 and machine test for instance. I also noticed that sometimes a win machine has to be restarted before joining a domain I don't know why. You can also try make a WinXP SP2 a workgroup machine before joining to the domain and test user root and password. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: PDC and windows xp domain joining - root user does not exist
Igor, what should I set the loglevel to? they get very big but I have a log here from a few minutes ago when I set it to '10' they are accessible here: http://www.maunzelectronics.com/~mark/samba/log.smbd http://www.maunzelectronics.com/~mark/samba/log.nmbd ive since changed all the names of the servers, just to move away from the 'test', 'test1' confusion if there is anything specific anyone wants to see, I can post it up someplace. also, after changing names around, ect im still getting this infamous 'user does not exist' thanks for the help :) Igor Belyi wrote: Any smbd log you want to share? I'd expect some kind of error in there? :) Igor Mark Rutherford wrote: ok, changed the computers name and added it just as I added 'test' then, deleted the 'test' machine the new machine I called 'mark' and, it was already in a workgroup.. so I rebooted it no change. it still tells me that root is an invalid user so, im back where I started. Anton K. wrote: Mark Rutherford wrote: I am trying to set up a samba PDC, and I have followed many FAQ's and HOWTO's ive found online. all seem to be just about the same.. So, I made a config up (at the end of this email) then I did the following: added users/machines as such: (just trying to get it to work, will spice it up later) useradd test$ passwd -l test$ smbpasswd -a -m test smbpasswd root (entered a password twice...) Now... I went to the windows xp machine, changed some registry settings (windows xp with service pack 2, BTW.) then I attempted to join the domain, entered 'TEST' as the domain, and a prompt came up asking me for the username and password required to join the domain.. entered root and the root password and... it tells me: 'the specified user does not exist' now, thats damned strange... so I create another unix user, and then another samba user.. I call this user 'test' with a password 'test' so, I try to use that, and it tells me access denied... so I can understand that.. I try to enter root with no password, and it tells me the username or password is invalid.. I expected that as well, I guess. im at a loss. I honestly dont know what to do. my thing is, at work we are considering switching off of novell in favor of samba, so I best get to know it im off to a rocky start. I hope that someone on list has an idea. thanks in advance :) here is my smb.conf, mostly copied from examples: [global] workgroup = TEST netbios name = SAMBAPDC server string = Samba %v on %L log level = 1 log file = /var/log/samba/log.%L max log size = 1000 time server = Yes socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 logon script = logon.bat logon path = \\%N\profiles\%u domain logons = Yes os level = 255 preferred master = Yes domain master = Yes [netlogon] path = /home/samba/netlogon browseable = No [profiles] path = /home/samba/profiles read only = No create mask = 0700 directory mask = 0700 browseable = No [data] path = /home/samba/data read only = No create mask = 0750 directory mask = 0750 guest ok = Yes How did you called the machine. It has to be the same like the machine account of cource, probably 'test' in your case. I saw that you called the workgroup the same. My win workstations complain if have machine with same name as domain. Try calling domain test1 and machine test for instance. I also noticed that sometimes a win machine has to be restarted before joining a domain I don't know why. You can also try make a WinXP SP2 a workgroup machine before joining to the domain and test user root and password. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: PDC and windows xp domain joining - root user does not exist
Any smbd log you want to share? I'd expect some kind of error in there? :) Igor Mark Rutherford wrote: ok, changed the computers name and added it just as I added 'test' then, deleted the 'test' machine the new machine I called 'mark' and, it was already in a workgroup.. so I rebooted it no change. it still tells me that root is an invalid user so, im back where I started. Anton K. wrote: Mark Rutherford wrote: I am trying to set up a samba PDC, and I have followed many FAQ's and HOWTO's ive found online. all seem to be just about the same.. So, I made a config up (at the end of this email) then I did the following: added users/machines as such: (just trying to get it to work, will spice it up later) useradd test$ passwd -l test$ smbpasswd -a -m test smbpasswd root (entered a password twice...) Now... I went to the windows xp machine, changed some registry settings (windows xp with service pack 2, BTW.) then I attempted to join the domain, entered 'TEST' as the domain, and a prompt came up asking me for the username and password required to join the domain.. entered root and the root password and... it tells me: 'the specified user does not exist' now, thats damned strange... so I create another unix user, and then another samba user.. I call this user 'test' with a password 'test' so, I try to use that, and it tells me access denied... so I can understand that.. I try to enter root with no password, and it tells me the username or password is invalid.. I expected that as well, I guess. im at a loss. I honestly dont know what to do. my thing is, at work we are considering switching off of novell in favor of samba, so I best get to know it im off to a rocky start. I hope that someone on list has an idea. thanks in advance :) here is my smb.conf, mostly copied from examples: [global] workgroup = TEST netbios name = SAMBAPDC server string = Samba %v on %L log level = 1 log file = /var/log/samba/log.%L max log size = 1000 time server = Yes socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 logon script = logon.bat logon path = \\%N\profiles\%u domain logons = Yes os level = 255 preferred master = Yes domain master = Yes [netlogon] path = /home/samba/netlogon browseable = No [profiles] path = /home/samba/profiles read only = No create mask = 0700 directory mask = 0700 browseable = No [data] path = /home/samba/data read only = No create mask = 0750 directory mask = 0750 guest ok = Yes How did you called the machine. It has to be the same like the machine account of cource, probably 'test' in your case. I saw that you called the workgroup the same. My win workstations complain if have machine with same name as domain. Try calling domain test1 and machine test for instance. I also noticed that sometimes a win machine has to be restarted before joining a domain I don't know why. You can also try make a WinXP SP2 a workgroup machine before joining to the domain and test user root and password. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC and windows xp domain joining - root user does not exist
ok, changed the computers name and added it just as I added 'test' then, deleted the 'test' machine the new machine I called 'mark' and, it was already in a workgroup.. so I rebooted it no change. it still tells me that root is an invalid user so, im back where I started. Anton K. wrote: Mark Rutherford wrote: I am trying to set up a samba PDC, and I have followed many FAQ's and HOWTO's ive found online. all seem to be just about the same.. So, I made a config up (at the end of this email) then I did the following: added users/machines as such: (just trying to get it to work, will spice it up later) useradd test$ passwd -l test$ smbpasswd -a -m test smbpasswd root (entered a password twice...) Now... I went to the windows xp machine, changed some registry settings (windows xp with service pack 2, BTW.) then I attempted to join the domain, entered 'TEST' as the domain, and a prompt came up asking me for the username and password required to join the domain.. entered root and the root password and... it tells me: 'the specified user does not exist' now, thats damned strange... so I create another unix user, and then another samba user.. I call this user 'test' with a password 'test' so, I try to use that, and it tells me access denied... so I can understand that.. I try to enter root with no password, and it tells me the username or password is invalid.. I expected that as well, I guess. im at a loss. I honestly dont know what to do. my thing is, at work we are considering switching off of novell in favor of samba, so I best get to know it im off to a rocky start. I hope that someone on list has an idea. thanks in advance :) here is my smb.conf, mostly copied from examples: [global] workgroup = TEST netbios name = SAMBAPDC server string = Samba %v on %L log level = 1 log file = /var/log/samba/log.%L max log size = 1000 time server = Yes socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 logon script = logon.bat logon path = \\%N\profiles\%u domain logons = Yes os level = 255 preferred master = Yes domain master = Yes [netlogon] path = /home/samba/netlogon browseable = No [profiles] path = /home/samba/profiles read only = No create mask = 0700 directory mask = 0700 browseable = No [data] path = /home/samba/data read only = No create mask = 0750 directory mask = 0750 guest ok = Yes How did you called the machine. It has to be the same like the machine account of cource, probably 'test' in your case. I saw that you called the workgroup the same. My win workstations complain if have machine with same name as domain. Try calling domain test1 and machine test for instance. I also noticed that sometimes a win machine has to be restarted before joining a domain I don't know why. You can also try make a WinXP SP2 a workgroup machine before joining to the domain and test user root and password. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: page_log: no entries when printing from samba
dear list, On Fri, Oct 15, 2004 at 11:23:05PM -0400, Igor Belyi wrote: > Have you tried to print from the same machine where cups-server runs > without invoking Samba? If it has the same problem - you will need to > ask help on cups list: http://www.cups.org/newsgroups.php no, everything works fine when using cups directly (on the local machine or via ipp from another linux box) i have worked some more on that problem: with one of our printers it works fine! but with the majority of our printers it does not; so it seems to be a ppd-related problem (because that is the only difference i can see). i have found a cups-newsgroup-post which says that "The page log is normally maintained by the pstops filter (that is the only one in a PostScript only configuration that may have an idea of how many pages get printed), bot only if the printer's PPD has no *cupsFilter: "..." entry. In the altter case the filter(s) specified in the PPD are responsible for writing to the page log." that corresponds to my experiences; the only printer i have that works is a kyocera 1020, whose ppd does not have a "cupsFilter"-entry. i might have a conceptual problem with my understanding of how cups works. any concrete suggestion which driver to use for a hp laserjet 4200 e.g.? all ppds for that printer (LaserJet_4200-gimp-print-ijs, LaserJet_4200-Postscript,LaserJet_4200-gimp-print, LaserJet_4200-pxlmono, and LaserJet_4200-hpijs) include a line *cupsFilter:"application/vnd.cups-postscript 0 foomatic-rip". any help would be appreciated, karsten -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Experience on using Samba with XP SP2
CHAN YICK WAI schrieb: Just would like to ask if anyone has experience with Samba with XP SP2, can you share with us? Thanks, Yw Hi, for sure we share : it works read the samba faqs for more info, and/or give us more detailed questions Regards -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Experience on using Samba with XP SP2
Just would like to ask if anyone has experience with Samba with XP SP2, can you share with us? Thanks, Yw -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Two Questions concerning samba - file access times - two instances on one server
Holger Krull wrote: It's more like an ext3 question... NTFS has create, modify, and access timestamps whereas ext3 has change, modify, and access ones. According to my experiments on NTFS: 'create' really never changed. 'modify' changes whenever file is saved. 'access' changes whenever property of the file (Permissions or its name) get changed. reading file does not change any timestamp at least when I read a text file with Notepad.exe. That's strange, because it should do just that, it does here. Are you shure you didn't set NtfsDisableLastAccessUpdate in your registry? Interesting... I've tried to read the same file today and it got access timestamp updated... Probably, there's some caching gets involved - that there some time have to pass before reading will result in access timestamp updated. And no - I don't have it set. Igor -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Stuck on passwords
Hello, I am using SAMBA 3.0.7-2.FC2 on my FC2 box. About a week ago I could not longer get pass the password prompt on my WinXP Pro or Win98SE boxes. I did make a change to my firewall to allow bittorrent. I did not notice that sambas was not working for about 2 days. I changed everything back & still no-go. Below is my config & any help would be greatly appreciated. # Samba config file created using SWAT # from 0.0.0.0 (0.0.0.0) # Date: 2004/10/16 08:57:02 # Global parameters [global] dos charset = CP850 unix charset = UTF-8 display charset = LOCALE workgroup = CONCERT_ATL realm = netbios name = MATRIX1 netbios aliases = netbios scope = server string = Samba 3.0.7-2.FC2 interfaces = 192.168.1.1/24, 192.168.2.1/24 bind interfaces only = No security = USER auth methods = encrypt passwords = Yes update encrypted = No client schannel = Auto server schannel = Auto allow trusted domains = Yes hosts equiv = min passwd length = 5 map to guest = Never null passwords = No obey pam restrictions = No password server = * smb passwd file = /etc/samba/smbpasswd private dir = /etc/samba passdb backend = smbpasswd algorithmic rid base = 1000 root directory = guest account = nobody pam password change = No passwd program = passwd chat = *new*password* %n\n *new*password* %n\n *changed* passwd chat debug = No passwd chat timeout = 2 username map = password level = 0 username level = 0 unix password sync = No restrict anonymous = 0 lanman auth = Yes ntlm auth = Yes client NTLMv2 auth = No client lanman auth = Yes client plaintext auth = Yes preload modules = use kerberos keytab = No log level = 5 syslog = 1 syslog only = No log file = /var/log/samba/matrix1.log max log size = 5000 timestamp logs = Yes debug hires timestamp = No debug pid = No debug uid = No smb ports = 445 139 protocol = NT1 large readwrite = Yes max protocol = NT1 min protocol = CORE read bmpx = No read raw = Yes write raw = Yes disable netbios = No acl compatibility = defer sharing violations = Yes nt pipe support = Yes nt status support = Yes announce version = 4.9 announce as = NT max mux = 50 max xmit = 16644 name resolve order = lmhosts wins host bcast max ttl = 259200 max wins ttl = 518400 min wins ttl = 21600 time server = No unix extensions = Yes use spnego = Yes client signing = auto server signing = No client use spnego = Yes change notify timeout = 60 deadtime = 0 getwd cache = Yes keepalive = 300 kernel change notify = Yes lpq cache time = 10 max smbd processes = 0 paranoid server security = Yes max disk size = 0 max open files = 1 socket options = TCP_NODELAY use mmap = Yes hostname lookups = No name cache timeout = 660 load printers = Yes printcap cache time = 0 printcap name = cups cups server = disable spoolss = No enumports command = addprinter command = deleteprinter command = show add printer wizard = Yes os2 driver map = mangling method = hash2 mangle prefix = 1 stat cache = Yes machine password timeout = 604800 add user script = delete user script = add group script = delete group script = add user to group script = delete user from group script = set primary group script = add machine script = shutdown script = abort shutdown script = logon script = logon path = \\%N\%U\profile logon drive = logon home = \\%N\%U domain logons = No os level = 20 lm announce = Auto lm interval = 60 preferred master = No local master = No domain master = Yes browse list = Yes enhanced browsing = Yes dns proxy = No wins proxy = No wins server = wins support = Yes wins hook = wins partners = kernel oplocks = Yes lock spin count = 3 lock spin time = 10 oplock break wait time = 0 ldap admin dn = ldap delete dn = No ldap filter = (uid=%u) ldap group suffix = ldap idmap suffix = ldap machine suffix = ldap passwd sync = no ld
RE: [Samba] member server and kerberos
hello well i compiled kerberos 1.3.5 from sources, and i got the same results as before. what procedure did you follow ? i understand that you also compiled samba from sources. can you give me a quick porcedure : in what order have you compiled samba kerberos ? with what options passed to configure ? thanx for answering -- thomas constans <[EMAIL PROTECTED]> openDoor.fr -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC and windows xp domain joining - root user does not exist
Mark Rutherford wrote: I am trying to set up a samba PDC, and I have followed many FAQ's and HOWTO's ive found online. all seem to be just about the same.. So, I made a config up (at the end of this email) then I did the following: added users/machines as such: (just trying to get it to work, will spice it up later) useradd test$ passwd -l test$ smbpasswd -a -m test smbpasswd root (entered a password twice...) Now... I went to the windows xp machine, changed some registry settings (windows xp with service pack 2, BTW.) then I attempted to join the domain, entered 'TEST' as the domain, and a prompt came up asking me for the username and password required to join the domain.. entered root and the root password and... it tells me: 'the specified user does not exist' now, thats damned strange... so I create another unix user, and then another samba user.. I call this user 'test' with a password 'test' so, I try to use that, and it tells me access denied... so I can understand that.. I try to enter root with no password, and it tells me the username or password is invalid.. I expected that as well, I guess. im at a loss. I honestly dont know what to do. my thing is, at work we are considering switching off of novell in favor of samba, so I best get to know it im off to a rocky start. I hope that someone on list has an idea. thanks in advance :) here is my smb.conf, mostly copied from examples: [global] workgroup = TEST netbios name = SAMBAPDC server string = Samba %v on %L log level = 1 log file = /var/log/samba/log.%L max log size = 1000 time server = Yes socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 logon script = logon.bat logon path = \\%N\profiles\%u domain logons = Yes os level = 255 preferred master = Yes domain master = Yes [netlogon] path = /home/samba/netlogon browseable = No [profiles] path = /home/samba/profiles read only = No create mask = 0700 directory mask = 0700 browseable = No [data] path = /home/samba/data read only = No create mask = 0750 directory mask = 0750 guest ok = Yes How did you called the machine. It has to be the same like the machine account of cource, probably 'test' in your case. I saw that you called the workgroup the same. My win workstations complain if have machine with same name as domain. Try calling domain test1 and machine test for instance. I also noticed that sometimes a win machine has to be restarted before joining a domain I don't know why. You can also try make a WinXP SP2 a workgroup machine before joining to the domain and test user root and password. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Microsoft CRM (MS CRM) and Samba
Dear Sirs, any suggestion on deploying MS CRM thing ? (according to their web site MS CRM does require AD native mode) Cheers, Ilia Chipitsine P.S. or... hmm.. maybe someone can recommend me another CRM thing which is good with samba/FreeBSD ? (I'm already looking at Compiere) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Two Questions concerning samba - file access times - two instances on one server
It's more like an ext3 question... NTFS has create, modify, and access timestamps whereas ext3 has change, modify, and access ones. According to my experiments on NTFS: 'create' really never changed. 'modify' changes whenever file is saved. 'access' changes whenever property of the file (Permissions or its name) get changed. reading file does not change any timestamp at least when I read a text file with Notepad.exe. That's strange, because it should do just that, it does here. Are you shure you didn't set NtfsDisableLastAccessUpdate in your registry? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] PDC and windows xp domain joining - root user does not exist
I am trying to set up a samba PDC, and I have followed many FAQ's and HOWTO's ive found online. all seem to be just about the same.. So, I made a config up (at the end of this email) then I did the following: added users/machines as such: (just trying to get it to work, will spice it up later) useradd test$ passwd -l test$ smbpasswd -a -m test smbpasswd root (entered a password twice...) Now... I went to the windows xp machine, changed some registry settings (windows xp with service pack 2, BTW.) then I attempted to join the domain, entered 'TEST' as the domain, and a prompt came up asking me for the username and password required to join the domain.. entered root and the root password and... it tells me: 'the specified user does not exist' now, thats damned strange... so I create another unix user, and then another samba user.. I call this user 'test' with a password 'test' so, I try to use that, and it tells me access denied... so I can understand that.. I try to enter root with no password, and it tells me the username or password is invalid.. I expected that as well, I guess. im at a loss. I honestly dont know what to do. my thing is, at work we are considering switching off of novell in favor of samba, so I best get to know it im off to a rocky start. I hope that someone on list has an idea. thanks in advance :) here is my smb.conf, mostly copied from examples: [global] workgroup = TEST netbios name = SAMBAPDC server string = Samba %v on %L log level = 1 log file = /var/log/samba/log.%L max log size = 1000 time server = Yes socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 logon script = logon.bat logon path = \\%N\profiles\%u domain logons = Yes os level = 255 preferred master = Yes domain master = Yes [netlogon] path = /home/samba/netlogon browseable = No [profiles] path = /home/samba/profiles read only = No create mask = 0700 directory mask = 0700 browseable = No [data] path = /home/samba/data read only = No create mask = 0750 directory mask = 0750 guest ok = Yes -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
