Re: [Samba] Id Mapping from SFU 3.5
On Tue, 2005-11-08 at 11:50 +0100, Dan Am wrote: > Hello, > our task is to get Samba to us the same Mapping as SFU is using in AD. > 1. In 3.0.21pre1 we set > > idmap uid = 5-10 > idmap gid = 5-10 > idmap backend = AD > winbind separator = = > > but mapping a drive from Win2003 Server fails with: > > "nsswitch/winbindd_user.c:winbindd_getpwnam(161) > user "our_user" dows not exist" > > Are we missing something ? > > 2. We succeeded with 3.0.9 by setting > > winbind enable local accounts = yes > > and pulling in the AD Users via nss_ldap directly. > But this parameter has been removed in current versions. > Why ? Are there any contraindications for the parameter ? You were actually looking for 'winbind trusted domains only = yes'. I'm not sure entirely of the impact of using nss_ldap instead of winbindd, but this at least is the right way to do it. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] how to migrate to samba-ldap transparently?
On Fri, 2005-11-11 at 14:57 -0500, Pablo Chamorro C. wrote: > > If you have 2 domains and a number of Windows computers attached to both > > domains and you want to consolidate into one domain, there really is > > little choice but to join the Windows computers to the one remaining > > domain as there is no simpler way to change the SID of the machine to > > the other. > > ok, I was thinking that to change the SID on the PDC or on the Windows PCs > is possible, or I am wrong? of course you can change the SID on the PDC but that isn't gonna work for the computers that are already joined to the domain that still have the old SID > Perhaps is not just a matter of having the > same SID? Even I haven't found a way to migrate a windows profile using > some windows utility from one domain to other. I wonder what is used when > you have to migrate one hundred or one thousand users? The other day I > found one commercial extra non windows software (I tried a demo and it > couldn't detect my PDC, that it costed around 2 USD per windows client). samba documentation has information about migrating user profiles in the excellent How-To. Microsoft has lots of documentation about migrating user profiles. There is likely to be some 3rd party utilities to do that as well. I have no experience with them. > > > If you have user profiles that need to be saved/migrated from one domain > > to the other, see the samba documentation for a comprehensive discussion > > on migrating user profiles. > > thank you, I'm gonna read the docs in more detail > > > Thus, this never was an LDAP question but if you are talking about the > > openldap mail list, they are very provincial that the discussions on > > that list are specifically about their software and not about > > integration. If you want mailing lists where ldap integration is > > appropriate, you might want to check ldap@umich.edu [1] and ldap-interop > > [2] > > ok, your help is the help that the openldap administrator should have > given me, that is too bad for the openldap advocacy, isn't it? not everyone knows about the other mail lists for ldap and those lists aren't openldap specific. I'm not going to get involved with your frustration with openldap and the consultant you brought in to help you with it. My feeling is that if you are going to commit to using LDAP, you really need to understand it before you marry it to your everyday functionality because you aren't going to be able to fix it when it breaks until you understand it. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba smbd version 2.2.12 HP CIFS Server A.01.11.04 does hang if start in a HP serviceguard configuration
On Fri, 2005-11-11 at 17:05 -0500, David Collier-Brown wrote: > Can we diagnose this to any useful degree? We certainly can. secrets.tdb is *not supported* on NFS. Not only must locking be coherent, mmap must be as well. When I say 'not supported', I mean 'well known to break'. Just don't do it. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] STATUS_OBJECT_NAME_INVALID error
Hi, I tried to access a file share on a Windows 2003 server that has around 150 other directories. It didn't succeed, the tcp dump indicates that the server returns STATUS_OBJECT_NAME_INVALID error for the trans2 request (FIND_NEXT2). I can successfully access other directories on the server that has fewer directories. My samba client is version 2.2.7. I would appreciate if some one could help resolving this issue. Thanks Ravi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Migrating same domain
This weekend, we're replacing a customer's Windows 2003 server with a Samba box. They lost their Windows media and we can't reset the administrator password, so we can't even login to the server to examine anyway, to reset that passwd perhaps this works for you: http://home.eunet.no/~pnordahl/ntpasswd/bootdisk.html Given this scenario, are we best off creating a new domain? It would be nice if we could migrate the oild domain so it's transparent to the users. If it's not possible, would it be if we had admin access to the this is the same question that I have for everybody, e.g. if I want to upgrade my linux/samba server can I do it transparently? thanks, Pablo Chamorro C. -- Tel: +57 (2) 7314752/3222/2595 - Fax: +57 (2) 7310514 Carrera 31 #18-07 Parque Infantil - PO Box 1795 - Pasto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] how to migrate to samba-ldap transparently?
If you have 2 domains and a number of Windows computers attached to both domains and you want to consolidate into one domain, there really is little choice but to join the Windows computers to the one remaining domain as there is no simpler way to change the SID of the machine to the other. ok, I was thinking that to change the SID on the PDC or on the Windows PCs is possible, or I am wrong? Perhaps is not just a matter of having the same SID? Even I haven't found a way to migrate a windows profile using some windows utility from one domain to other. I wonder what is used when you have to migrate one hundred or one thousand users? The other day I found one commercial extra non windows software (I tried a demo and it couldn't detect my PDC, that it costed around 2 USD per windows client). If you have user profiles that need to be saved/migrated from one domain to the other, see the samba documentation for a comprehensive discussion on migrating user profiles. thank you, I'm gonna read the docs in more detail Thus, this never was an LDAP question but if you are talking about the openldap mail list, they are very provincial that the discussions on that list are specifically about their software and not about integration. If you want mailing lists where ldap integration is appropriate, you might want to check ldap@umich.edu [1] and ldap-interop [2] ok, your help is the help that the openldap administrator should have given me, that is too bad for the openldap advocacy, isn't it? thanks for all, Pablo Chamorro C. Craig [1] LDAP UMICH http://listserver.itd.umich.edu/cgi-bin/lyris.pl?enter=ldap&text_mode=0% 20 [2] LDAP-interop mailing list [EMAIL PROTECTED] http://lists.fini.net/mailman/listinfo/ldap-interop -- Tel: +57 (2) 7314752/3222/2595 - Fax: +57 (2) 7310514 Carrera 31 #18-07 Parque Infantil - PO Box 1795 - Pasto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] ADS Problems
I am having a problem with Version 3.0.13-1.1-SUSE and ADS. For one thing I am trying NOT to compile from source, or using an unstable branch of the source to get ADS authentication working for Samba. I have joined the machine to the domain, I am able to view users with getent passwd and wbinfo -u. I can view users within containers etc, but I cannot authenticate any of them. I am recieving an error of check_ntlm_password: Authentication for user [testuser] -> [testuser] FAILED with error NT_STATUS_WRONG_PASSWORD. Let me give a brief explanation of the AD. I have two OU's. OU=authenticated,DC=domain,DC=com CN=users,DC=domain,DC=com I am able to view users from OU=authenticated, but not from CN=users (the default in MS 2000 AD). Is there a reason for this? The reason why I ask is I would like to authenticate the users in that container as well as the users in the OU=authenticated. On a lighter note, where can I get an updated SuSE RPM for Samba? -- Jason Gerfen "My girlfriend threated to leave me if I went boarding... I will miss her." ~ DIATRIBE aka FBITKK -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Slow Access Database on Samba
Dave Williams wrote: Dear All, We have an access database running on a Samba share (Samba version 3.0.10-1.4E) with a gigabit connection to the network. The front end of the databases are on the client machines with linked tables stored in a separate mdb file on the linux server. For some reason the database runs very slowly when it is set up in this way. I tested copying a 10 MB file onto the samba share and it was instant which leads me to believe that this is not a networking issue but tweak needed to the smb.conf file. I have also run the database with the back end stored on a Windows Peer in the network - it runs much faster than on the linux setup. Here is the current Global setting in smb.conf. I would be very grateful if anyone can help; [global] workgroup = ACE server string = Ace New Server passdb backend = tdbsam username map = /etc/samba/smbusers wins support = Yes local master = yes preferred master = yes wins support = yes socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096 oplocks = no Dave Williams Have a look at: http://drouillard.ca/Tips&Tricks/Samba/Oplocks.htm -- Regards -- Gerald Drouillard Technology Architect Drouillard & Associates, Inc. http://www.Drouillard.ca -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba is blocking logins
Hello My samba is acting like a PDC, but suddenly all logins are blocks, and I recive the messenge: "The password is wronge or the access to server are deny", even if I change the passwd to 123 Please, someone know this bug? Thanks "A vida é uma pedra de amolar: desgasta-nos ou afia-nos, conforme o metal de que somos feitos." ___ Gesendet von Yahoo! Mail - Jetzt mit 1GB Speicher kostenlos - Hier anmelden: http://mail.yahoo.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba smbd version 2.2.12 HP CIFS Server A.01.11.04 does hang if start in a HP serviceguard configuration
Belgardt, Wolfgang wrote:
Hello all,
can somebody say me if it is supported to locate the secrets.tbd on a NFS
share, please?
I have smbd version 2.2.12 based HP CIFS Server A.01.11.04 in HP ServiceGuard
Configuration.
If the secrets.tbd is on a local path samba smbd start and run fine, but when
secrets.tbd file is locate in
a path which is a NFS share smbd hangs.
I have traced the samba startup with tusc.
Here are the last line:
...
...
..
1126617678.351198 [9241] write(6, "m a x c o n n e c t i o n ".., 34) = 34
1126617678.351357 [9241] getrlimit64(RLIMIT_NOFILE, 0x7f7f0ca0) = 0
1126617678.351488 [9241] setrlimit64(RLIMIT_NOFILE, 0x7f7f0ca0) = 0
1126617678.351596 [9241] setrlimit64(RLIMIT_NOFILE, 0x7f7f0ca0) = 0
1126617678.351677 [9241] getrlimit64(RLIMIT_NOFILE, 0x7f7f0ca0) = 0
1126617678.352612 [9241] open("/disks/usrd20/samba/secrets.tdb",
O_RDWR|O_CREAT|O_LARGEFILE, 0600) = 8
1126617678.352778 [9241] sched_yield() ... = 0
1126617692.906166 [9241] fcntl(8, 0xa, 2139034384) ... [sleeping]
Thanks in advance
Regards
Wolfgang
_
Wolfgang Belgardt
Systemberater Corporate Account Services
Technology Solution Group
Hewlett-Packard GmbH
Berliner Str. 111
D-40880 Ratingen
Phone: +49 (0)2102 90-8469
Fax: +49 (0)2102 90-6300
Mobil: +49 (0) 171 3357 256
E-mail: [EMAIL PROTECTED]
http://www.hp.com/de
_
- Registrieren Sie sich im ITRC und eröffnen und monitoren Sie Ihre Cases online.
- Informationen zu dem Case können Sie mir auch gerne per eMail senden.
- Besuchen Sie das IT Resource Center und die Foren
- HP Software Depot
- Handbücher/Dokumentationen
- Instant Support Enterprise Edition (ISEE) bietet Fernüberwachung, Diagnose + Fehlersuche
_
Hewlett-Packard GmbH, Herrenberger Str. 140, 71034 Böblingen
Geschäftsführer: Hans Ulrich Holdenried (Vorsitzender), Edgar Aschenbrenner, Heiko Meyer, Ernst Reichart,
Matthias Schmidt, Regine Stachelhaus, Stephan Wippermann
Vorsitzender des Aufsichtsrats: Jörg Menno Harms
Sitz der Gesellschaft: Böblingen, Amtsgericht Böblingen HRB 4081
Wolfgang - I am out of the office until Tuesday. Can you look at the
log.smbd and see if there is a locking error? (64bit vs 32bit , or
something).
I am cc-ing this to samba - that's where it should go (not technical).
Thanks,
Eric Roseme
Hewlett-Packard
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba domain vs linux network security
We use AFS/Kerberos/LDAP to provide home directories to our Linux/ Unix/OSX users, our Windows users connect into our Samba domain. Samba has pretty good AFS support for gatewaying SMB <-> AFS requests, at a minor weakening of filesystem security. I'm hoping Samba4 will allow me to use Kerberos all the way through. The biggest downside to the AFS/Kerberos/LDAP/Samba setup is complexity, each service is a pain to setup by itself, getting them working together nearly involved human sacrifice. But the system has been working for about a year with 99.99% uptime. A big thanks to all the Samba developers! Derek On Nov 10, 2005, at 8:27 AM, mourik jan c heupink wrote: You have several options. First, there are steps that you can take to improve NFS security somewhat, such as restricting it to particular IP addresses (although IP addresses can be spoofed). Second, you can use NFSv4, which supports proper authentication. Third, you can use an alternative means of sharing drives to Linux. I've actually been using SMB to access my Linux server's drives from my Linux client, to avoid setting up a separate file-sharing service. Several other options exist - including SSHFS (for more of a quick-and-dirty approach), AFS, and Coda, but I don't have experience with any of them. Thanks very much for the feedback. since nfs4 is NOT included in sles9 (apparently because it's acl code is not yet stable..?) I will take look at the two alternatives you mention. The feedback was very much appreciated. Mourik Jan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Can't become connected user?
Probably a stupid question, but I cannot even start troubleshooting until I buy a clue. What does "Can't become connected user? mean? It shows up fairly often. Aside from happening when I try to access a share, there's no pattern that I can see. 6 11:34:40 badlands smbd[20524]: [2005/11/06 11:34:40, 0] smbd/service.c:make_connection_snum(577) Nov 6 11:34:40 badlands smbd[20524]: Can't become connected user! Thanks! Mike- -- Mornings: Evolution in action. Only the grumpy will survive. -- Please note - Due to the intense volume of spam, we have installed site-wide spam filters at catherders.com. If email from you bounces, try non-HTML, non-encoded, non-attachments. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] windows printing
Hello, I have Windows XP connecting to samba/cups printers One printer is giving me grief. A message that recurs in the log is "print_queue_update: failed to store MSG_PENDING flag" Linux printing is fine. I can't even print onto that printer and other printers are OK Samba Version 3.0.14a-2 Can anyone help me with this? Excerpts from smb.conf [global] workgroup = APSS server string = APSS Samba passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *new*password* %n\n *successfully* unix password sync = Yes log level = 1 logon script = netlogon.bat logon drive = H: domain logons = Yes os level = 255 domain master = Yes wins support = Yes ldap ssl = no load printers = yes printing = cups printcap = cups [printers] comment = APSS Printers path = /var/spool/samba browseable = no public = yes guest ok = yes writable = no printable = yes printer admin = root use client driver = yes # lpq command = /usr/bin/lpq -P%p lprm command = -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: What file gets corrupted in Samba when perms stop working correctly?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael Lueck wrote: | Gerald (Jerry) Carter wrote: | |> File Access checks is done by the OS. There is no |> associated tdb for file system perms. | | Say Jerry, I didn't catch where you were going with that. I am | suspecting share level access issues, not file level. Currently | I have not gotten into ACL's and all of that fun. | "write list = @mygroupname" etc... is how they should be | able to write. ok. I know you have gotten this resiolved by starting with a clean server, but this is for the archives There are several layers of access control. You always get the most restrictive set. Think of them as filters that you have to successfully pass through (similar to PAM). There are two places of share access control. The first is the share ACL stored in share_info.tdb (for now) and defaults to Everyone (Full Control). The second layer is the read/write list, read only, et.al. in smb.conf. Then once you get to the file system, the OS says yes or now based on the on-disk permissions and your current uid/gids list. Hope this helps. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDdMVUIR7qMdg1EfYRAm3+AKDTRdO8ffdllNMf6+UIoVWD6imO7gCg1M8I QZDo0JMbSTCfVXJtxCrQHjo= =sVFy -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Homes on different server...
On Fri, 2005-11-11 at 09:35 -0500, Olivier Houde wrote: > Jonas Jochum wrote: > > >Am Friday 11 November 2005 15:15 schrieb Olivier Houde: > > > > > >>Hi list > >>is there any way to specify on wich server a user's home is ? Let me > >>explain myself... I have a Samba3 PDC here at the head office using > >>LDAP as an authentication backend. We have offices in other cities and > >>we would like them to be on the same domain. All those offices are > >>linked using VPNs. I have no problem to configure LDAP and Samba to work > >>together. The problem is that i want all those offices to be completely > >>independant in case the VPN link goes down. For that, i need to split > >>all my user's home between the BDCs and the PDC (depending in wich > >>office the user is working), if want the users to still have an access > >>to their home and profiles. I have an LDAP master here and a LDAP slave > >>in each office. How can i tell samba that depending on the user, its > >>home is on a different server ? Can i use LDAP for that ? If it's > >>possible, how can i do that ? Should i use an other solution ? Trusted > >>domain instead ? > >> > >>Thanks > >>Olivier Houde > >> > >> > > > >Have a look at the LDAP attributes sambaHomePath and sambaProfilePath. > > > >Regards, > > Jonas Jochum > > > > > I did, but they are linked to the LDAP attribute : Home Directory That > attribute leads directly to the location of the home directory on the > server. In my case, i wrote \\servername\ohoude as Samba home path and > \\servername\ohoude\.msprofile in samba profile path. It works because > my home directory is on the LDAP master at /home/ohoude. But what if i > need to have my home directory on another server than the master ldap ? all relevant information snipped but this is result from querying my ldap server for my settings. sambaProfilePath: \\srv1\profiles\craig sambaLogonScript: logon.bat sambaHomePath: \\srv1\homes\craig sambaHomeDrive: h: As you can see, I could change the sambaProfilePath and sambaHomePath to be located on any valid share on the network. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Migrating same domain
On Fri, 2005-11-11 at 08:38 -0600, Gerald (Jerry) Carter wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Antony Gelberg wrote: > | While I'm on the subject, is there any way to ease pain of > | Exchange -> Maildir migration? Current thinking is boot > | Windows server, have both Exchange and Maildir configured > | in Outlook, and drag the folders. What if we can't get > | the Exchange box to boot? > > I use fetchmail+procmail. Grab the mail from exchange > via IMAP and use procmail for local delivery to $HOME/Maildir/ imapsync is a very effective tool to transfer email, subscriptions, imap flags from one imap server to another. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] how to migrate to samba-ldap transparently?
On Fri, 2005-11-11 at 07:46 -0500, Pablo Chamorro C. wrote: > >> Somebody of you know if this process can be made transparently without > >> rejoin every PC to the domain? how?. We have disabled the roaming profiles > >> option. We have some 100 clients/users. > > > > Nowhere do you say what type of system is currently the PDC and that > > probably matters. > > Is a samba 3.0.5-2 one under RH 9.0. This domain was built from scratch, > without any NT to Samba migration. Now we are changing the local > authentication for one based on openldap. > > The person who is leading the migration says that when a windows machine > is joined a password in the field "sambaNTPassword" is created and the > rejoin process is required in order to register that password in openldap. > That's what I understand. > > But, e.g. we have another PDC with FC4 and samba 3.0.15, so the question > was in general, but if there is an especific answer it is worthful for us. > > I tried to post this query to the openldap list but the administrator > clasified my email as 'off topic'! Actually, the passdb you use is not of consequence to this issue. A machine account on a Windows domain is somewhat like a user account in that there is an SID and a password that are readily understood by both the machine joined to the domain and the domain controller(s). That password is going to be stored on the domain controller in whichever form of passdb a samba DC is using. Each domain would necessarily have a different SID and that SID affects all systems and users. If you have 2 domains and a number of Windows computers attached to both domains and you want to consolidate into one domain, there really is little choice but to join the Windows computers to the one remaining domain as there is no simpler way to change the SID of the machine to the other. If you have user profiles that need to be saved/migrated from one domain to the other, see the samba documentation for a comprehensive discussion on migrating user profiles. Thus, this never was an LDAP question but if you are talking about the openldap mail list, they are very provincial that the discussions on that list are specifically about their software and not about integration. If you want mailing lists where ldap integration is appropriate, you might want to check ldap@umich.edu [1] and ldap-interop [2] Craig [1] LDAP UMICH http://listserver.itd.umich.edu/cgi-bin/lyris.pl?enter=ldap&text_mode=0% 20 [2] LDAP-interop mailing list [EMAIL PROTECTED] http://lists.fini.net/mailman/listinfo/ldap-interop -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Migrating same domain
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Antony Gelberg wrote: | Given this scenario, are we best off creating a new | domain? It would be nice if we could migrate the | oild domain so it's transparent to the users. If | it's not possible, would it be if we had admin | access to the existing Server? If the domain is mixed mode, the net rpc vampire should work. But if it's a native domain, other than some pwdump2 black magic and incense, a new domain is stil easiest in small environments. Best of luck over the weekend :-) | While I'm on the subject, is there any way to ease pain of | Exchange -> Maildir migration? Current thinking is boot | Windows server, have both Exchange and Maildir configured | in Outlook, and drag the folders. What if we can't get | the Exchange box to boot? I use fetchmail+procmail. Grab the mail from exchange via IMAP and use procmail for local delivery to $HOME/Maildir/ cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc "There's an anonymous coward in all of us." --anonymous -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDdK0BIR7qMdg1EfYRAtX7AKDxjzxoeMN06aNSzABxj+NjIKZXWgCcDvjF 11hXdNaJcO+Ibgy+wD7TWrg= =Vv+R -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Homes on different server...
Jonas Jochum wrote: Am Friday 11 November 2005 15:15 schrieb Olivier Houde: Hi list is there any way to specify on wich server a user's home is ? Let me explain myself... I have a Samba3 PDC here at the head office using LDAP as an authentication backend. We have offices in other cities and we would like them to be on the same domain. All those offices are linked using VPNs. I have no problem to configure LDAP and Samba to work together. The problem is that i want all those offices to be completely independant in case the VPN link goes down. For that, i need to split all my user's home between the BDCs and the PDC (depending in wich office the user is working), if want the users to still have an access to their home and profiles. I have an LDAP master here and a LDAP slave in each office. How can i tell samba that depending on the user, its home is on a different server ? Can i use LDAP for that ? If it's possible, how can i do that ? Should i use an other solution ? Trusted domain instead ? Thanks Olivier Houde Have a look at the LDAP attributes sambaHomePath and sambaProfilePath. Regards, Jonas Jochum I did, but they are linked to the LDAP attribute : Home Directory That attribute leads directly to the location of the home directory on the server. In my case, i wrote \\servername\ohoude as Samba home path and \\servername\ohoude\.msprofile in samba profile path. It works because my home directory is on the LDAP master at /home/ohoude. But what if i need to have my home directory on another server than the master ldap ? thank Olivier Houde -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Homes on different server...
Am Friday 11 November 2005 15:15 schrieb Olivier Houde: > Hi list > is there any way to specify on wich server a user's home is ? Let me > explain myself... I have a Samba3 PDC here at the head office using > LDAP as an authentication backend. We have offices in other cities and > we would like them to be on the same domain. All those offices are > linked using VPNs. I have no problem to configure LDAP and Samba to work > together. The problem is that i want all those offices to be completely > independant in case the VPN link goes down. For that, i need to split > all my user's home between the BDCs and the PDC (depending in wich > office the user is working), if want the users to still have an access > to their home and profiles. I have an LDAP master here and a LDAP slave > in each office. How can i tell samba that depending on the user, its > home is on a different server ? Can i use LDAP for that ? If it's > possible, how can i do that ? Should i use an other solution ? Trusted > domain instead ? > > Thanks > Olivier Houde Have a look at the LDAP attributes sambaHomePath and sambaProfilePath. Regards, Jonas Jochum -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Homes on different server...
Hi list is there any way to specify on wich server a user's home is ? Let me explain myself... I have a Samba3 PDC here at the head office using LDAP as an authentication backend. We have offices in other cities and we would like them to be on the same domain. All those offices are linked using VPNs. I have no problem to configure LDAP and Samba to work together. The problem is that i want all those offices to be completely independant in case the VPN link goes down. For that, i need to split all my user's home between the BDCs and the PDC (depending in wich office the user is working), if want the users to still have an access to their home and profiles. I have an LDAP master here and a LDAP slave in each office. How can i tell samba that depending on the user, its home is on a different server ? Can i use LDAP for that ? If it's possible, how can i do that ? Should i use an other solution ? Trusted domain instead ? Thanks Olivier Houde -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] wbinfo and 3.0.21pre1
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Lionel Déruaz wrote: > we are facing issue to check the membership of some users in AD > groups (for winbind). > > When using the script wbinfo_group.pl, we had not the same result > for the same couple "user group", if we lauch the script > several times. > > We've noticed in particular that the wbinfo -r command > sometimes sends back the list of group, but the next sends > backs nothing (again, while using the same couple "user group") > > Can anyone have a idea ? Nope. But I'll need a lot more information. Probably a level 10 debug log from winbindd and your smb.conf to comment at all. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDdKDVIR7qMdg1EfYRApAjAJ9n4I2iYw7CxqfncxScHTGv1LU2NACgoWPW 6D7bIrL7sFi8yr9RdwlLzMc= =nKE1 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Linux Primary Domain Controller Authentication
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Craig White wrote: > this was one of the primary reasons that I proposed having a > samba wiki to dispel some of these legendary misinformations. > > another thought was where to deflect people who ask about > 'the endpoint has disconnected' messages in logs. > > one other thought was a samba troubleshooting checklist... So do you have a favorite wiki? We've looked at twiki (written in python) before. Do you have a recommendation? cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDdJ+7IR7qMdg1EfYRApIUAKCHuOrU7XbnZt4fs+BmvKsfi7bbXQCgmDoH pyQYQwALXDGKWjZXSpKO8e8= =89vb -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Migrating same domain
This weekend, we're replacing a customer's Windows 2003 server with a Samba box. They lost their Windows media and we can't reset the administrator password, so we can't even login to the server to examine it. The best we can do is to boot Knoppix and copy the filesystem onto an external USB drive, to recover their files. We're not sure how we will recover their Exchange mail yet. The box boots properly about 1 in 20 times. Given this scenario, are we best off creating a new domain? It would be nice if we could migrate the oild domain so it's transparent to the users. If it's not possible, would it be if we had admin access to the existing Server? While I'm on the subject, is there any way to ease pain of Exchange -> Maildir migration? Current thinking is boot Windows server, have both Exchange and Maildir configured in Outlook, and drag the folders. What if we can't get the Exchange box to boot? -- Wayforth - the alternative Blackberry solution. http://www.wayforth.co.uk -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] how to migrate to samba-ldap transparently?
Somebody of you know if this process can be made transparently without rejoin every PC to the domain? how?. We have disabled the roaming profiles option. We have some 100 clients/users. Nowhere do you say what type of system is currently the PDC and that probably matters. Is a samba 3.0.5-2 one under RH 9.0. This domain was built from scratch, without any NT to Samba migration. Now we are changing the local authentication for one based on openldap. The person who is leading the migration says that when a windows machine is joined a password in the field "sambaNTPassword" is created and the rejoin process is required in order to register that password in openldap. That's what I understand. But, e.g. we have another PDC with FC4 and samba 3.0.15, so the question was in general, but if there is an especific answer it is worthful for us. I tried to post this query to the openldap list but the administrator clasified my email as 'off topic'! Thank you very much, Pablo Chamorro C. Craig -- Tel: +57 (2) 7314752/3222/2595 - Fax: +57 (2) 7310514 Carrera 31 #18-07 Parque Infantil - PO Box 1795 - Pasto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Win NT 4.0, browsing does't work
Hi. There are Samba 3.0.20b and 'local master = yes'. If I use WInXP or Win98, I can browse network. All is Ok. But I am getting an error "The server is not configured for transactions" when I try to browse network with Windows NT 4.0. I can connect to some PC on network by `\\PCNAME' command. But can't browse network! Could somebody help me? Thank you. samba's PC NT log: [2005/11/09 13:23:30, 10] lib/util.c:dump_data(2053) [000] 4D 00 00 5C 00 5C 00 4B 00 45 00 4E 00 5C 00 49 M..\.\.D .E.N.\.I [010] 00 50 00 43 00 24 00 00 00 49 50 43 00 .P.C.$.. .IPC. [2005/11/09 13:23:30, 3] smbd/process.c:switch_message(900) switch message SMBtconX (pid 4909) conn 0x0 [2005/11/09 13:23:30, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/09 13:23:30, 5] auth/auth_util.c:debug_nt_user_token(452) NT user token: (NULL) [2005/11/09 13:23:30, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2005/11/09 13:23:30, 5] smbd/uid.c:change_to_root_user(319) change_to_root_user: now uid=(0,0) gid=(0,0) [2005/11/09 13:23:30, 4] smbd/reply.c:reply_tcon_and_X(618) Client requested device type [\] for share [] [2005/11/09 13:23:30, 7] param/loadparm.c:lp_servicenumber(4226) lp_servicenumber: couldn't find [2005/11/09 13:23:30, 10] lib/username.c:Get_Pwnam_alloc(307) Get_Pwnam: empty username! [2005/11/09 13:23:30, 3] smbd/service.c:find_service(151) checking for home directory gave (NULL) [2005/11/09 13:23:30, 3] smbd/service.c:find_service(161) checking whether is a valid printer name... [2005/11/09 13:23:30, 3] smbd/service.c:find_service(171) is not a valid printer name [2005/11/09 13:23:30, 3] smbd/service.c:find_service(208) find_service() failed to find service [2005/11/09 13:23:30, 0] smbd/service.c:make_connection(798) zhack (192.168.0.69) couldn't find service [2005/11/09 13:23:30, 3] smbd/error.c:error_packet(147) error packet at smbd/reply.c(626) cmd=117 (SMBtconX) NT_STATUS_BAD_NETWORK_NAME -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] vfs problem
Hi list, we are running a samba pdc version 3.0.20pre2-1 on sles 8. we are using 2 vfs objects (vscan-clamav and recycle). with vscan-clamav enabled the deleted files on a samba share are not added to recycle directory. When i remove the vscan entry the recycle object works fine. May we only use 1 vfs object with samba? Thanks for help and best regards __ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Windows client and kerberos without ADS
Hello all, I am doing some tests for an SSO for our Windows workstations using Kerberos without ADS. So far, Windows client can obtain the ticket from the Heimdal KDC and it's possible to login to SSH servers using Vintela Putty. I am now trying to use the Kerberos credentials to access Samba shares. I can mount the shares using my Kerberos tickets from a Linux and I see the service ticket for cifs/FQDN but it doesn't work from Windows. When connecting to a share I can see that the negotiation phase offers Kerberos 5, MS Kerberos and NTLM. The Linux client choose Kerberos but Windows choose NTLM and prompt for a login/password. Is there a way to remove the NTLM from the nego phase on the Samba side or to force Windows to try Kerberos first on the client side ? Config: Debian unstable Heimdal 0.6.3 with the host/FQDN and cifs/FQDN principals in the db Samba 3.0.20b-2 with security = users use kerberos keytab = yes Thanks ! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Linux Primary Domain Controller Authentication
Hi Cynthia, I am not sure if you tried this yet, but you may want to check your local server security policy on the server and verify that you are accepting lanmanger based authentication and that SMB signing is turned off. Regards, Jose Medeiros MCP+I, MCSE, NT4 MCT www.ntea.net www.sfntug.org www.tvnug.org - On 11/5/05, Cynthia Jeness <[EMAIL PROTECTED]> wrote: > I have setup my Linux server as a Primary Domain Controller using Samba > 3. All other computers on the network run various versions of Windows > from 95 to XP. All computers are able to join my Samba domain and the > user computers can log onto the network. However, if they try to > access a file resource on one of the Windows 2003 file servers, the > authentication fails with System Error 1789. The Windows 2003 file > server did successfully join my domain.I am not running Winbindd > primarily because it was not part of the Samba packaging provided by > Suse. Is it necessary to run Winbindd in order to have the Windows > 2003 servers validate? > > Any suggestions would be greatly appreciated. > > Cynthia Jeness > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
