Re: [Samba] SAMBA install on IRIX 6.5
On 3/24/06, McDougald, James D. (Contr) <[EMAIL PROTECTED]> wrote: > I am having problems with Samba on IRIX 6.5 authenticating via Active > Directory. Installing the tardist of 3.0.21c did not give me > kerberos/ldap/adc capabilities even though Kerberos and LDAP were > prereq's. With OpenLDAP and Kerberos5 installed, my configure fails. I > am trying this: > > ./configure --libdir=/usr/lib --includedir=/usr/include > --prefix=/usr/samba --with-ldap --with-ads --with-krb5=/usr/local > --with-quotas --with-acl-support > > checking for LDAP support... yes > checking ldap.h usability... yes > checking ldap.h presence... yes > checking for ldap.h... yes > checking lber.h usability... yes > checking lber.h presence... yes > checking for lber.h... yes > checking for ber_scanf in -llber... no > checking for ldap_init in -lldap... no > checking for ldap_set_rebind_proc... no > checking whether ldap_set_rebind_proc takes 3 arguments... 3 > configure: error: libldap is needed for LDAP support > > mma-riss01 53# ls -la /usr/include/*ldap* > -rw-r--r--1 root sys39901 Mar 23 07:13 > /usr/include/ldap.h > -rw-r--r--1 root sys 9136 Mar 23 07:13 > /usr/include/ldap_cdefs.h > -rw-r--r--1 root sys 2056 Mar 23 07:13 > /usr/include/ldap_features.h > -rw-r--r--1 root sys 9462 Mar 23 07:13 > /usr/include/ldap_schema.h > -rw-r--r--1 root sys 3549 Mar 23 07:13 > /usr/include/ldap_utf8.h > > > mma-riss01 54# ls -la /usr/lib/*ldap* > lrwxr-xr-x1 root sys 29 Mar 23 09:15 > /usr/lib/libldap.a -> /usr/freeware/lib32/libldap.a > lrwxr-xr-x1 root sys 30 Mar 23 09:15 > /usr/lib/libldap.so -> /usr/freeware/lib32/libldap.so > lrwxr-xr-x1 root sys 32 Mar 23 09:15 > /usr/lib/libldap.so.3 -> /usr/freeware/lib32/libldap.so.3 > lrwxr-xr-x1 root sys 31 Mar 23 09:15 > /usr/lib/libldap_r.a -> /usr/freeware/lib32/libldap_r.a > lrwxr-xr-x1 root sys 32 Mar 23 09:15 > /usr/lib/libldap_r.so -> /usr/freeware/lib32/libldap_r.so > lrwxr-xr-x1 root sys 34 Mar 23 09:15 > /usr/lib/libldap_r.so.3 -> /usr/freeware/lib32/libldap_r.so.3 > > And I even tried to use the environment variable : > LD_LIBRARY=/usr/lib:/usr/include > > Any Suggestions? Use IRIX 6.5.22 or later. From 6.5.22 onwards, kerberos, openldap and openssl were bundled with the base OS. I've never attempted to build against the Freeware versions. -- James Peach | [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Smbd hanging
Hi I too have the same problem of smbd processes getting spawned. i gets sometimes to 200 above process and all the users are unable access my samba server. below is my descript of the problem # Hi all I have a samba 3.0.21c with openldap 2.3.19, with another linux system having samba 3.0.21c acting as domain member server. (file server) all my client access the file server shares extensively. about 100 users access the file server at time, this is making things very slow, on the file server about 180 smbd process are getting created. on the file server i have 1gb of RAM with 2Gb of swap space, it occupies all the 1gb but never access swap space. The share that they access is of 40gb of data The access to the file server becomes so slow that all my client systems get hanged (clients system windows 2k professional) The server architecture of my file server IBM 226 series xeon server with 1gb ram and 73Gb hard disk. on the file server when we do smbclient //filesrv/share -U root%redhat it says server did not respond after 2 milliseconds. what could be the problem is it that i need to upgrage the RAM, or plese suggest or can we do any changes share defination of smb.conf of my file server so that access becomes quick. the following is my smb.conf of domain member server ( file server) ### [global] unix charset = LOCALE workgroup = msdpl.com netbios name = prjsrv01 server string = Project Server 1 printcap name = /etc/printcap load printers = yes cups options = raw log level = 2 log file = /usr/local/samba-3c/var/%U.%m.log syslog = 0 max log size = 100 smb ports = 139 security = domain username map = /usr/local/samba-3c/lib/smbusers socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 name resolve order = wins bcasts hosts wins server = 192.168.129.20 dns proxy = no ldap server = 192.168.129.20 ldap suffix = dc=msdpl,dc=com ldap machine suffix = ou=Computers ldap user suffix = ou=People ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap admin dn = cn=manager,dc=msdpl,dc=com ldap ssl = no ldap timeout = 50 acl check permissions = Yes template shell = /bin/false winbind use default domain = no inherit permissions = yes inherit acls = yes nt acl support = yes hide dot files = yes ###Share Definations [homes] comment = Home Directories valid users = %S browseable = no writable = yes veto files = /.bash_history/.bash_logout/.bash_profile/.bashrc/.canna/.emacs/.gtkrc/.kde/.viminfo/.xemacs/.zshrc/ hide dot files = yes [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes [projects] comment = All Projects path = /projects browseable = no guest ok = no writeable = yes printable = no veto files = desktop.ini/lost+found/.Trash-root/*.sh/*.scr/.recycle/ create mode = 2700 force create mode = 0700 force directory mode = 0700 inherit permissions = yes inherit acls = yes vfs objects = recycle [datalib] comment = DataLib path = /datalib browseable = no writeable = yes vfs objects = recycle veto files = lost+found inherit permissions = yes inherit acls = yes veto files = desktop.ini/lost+found/.Trash-root/*.sh/*.scr/.recycle/ [softdumps$] Comment = Soft Dumps Path = /dumps/softdumps browseable = no writeable = yes inherit permissions = yes inherit acls = yes veto files = lost+found/.Trash-root/*.sh/*.scr/.recycle/ write list = @nns, root, @codesec vfs objects = recycle [dumps] Comment = Dumps Path = /dumps/dumps browseable = yes inherit permissions = yes inherit acls = yes vfs objects = recycle veto files = desktop.ini/lost+found/.Trash-root/*.sh/*.scr/.recycle/ [hdrive$] path = /home browseable = no public = no writable = yes create mask = 0765 veto files = desktop.ini valid users = kr1233, root force create mode = 0770 force directory mode = 0770 inherit permissions = yes inherit acls = yes hide dot files = yes ### Regards Niranjan On 3/24/06, Matt Lung <[EMAIL PROTECTED]> wrote: > > Problem > > SMBD processes spawn out of control until the Samba stops responding. > Restarting the service does not clear the processes. Only a reboot of > the server will bring it back to a usable state. > > This server is home to our postgres databases, Access front ends, and > Production Files (excel, word...). It is a samba domain member server. > We have multiple Samba file servers here but this server is the only one > that exhibits this behavior. All servers are running the same samba > version and OS version. It has been happening for months now and is not > oc
[Samba] Join Server 2003 to Samba PDC
I am trying to find out how I can join a Windows Server 2003 computer to the existing Samba PDC. Can anyone point me to a location that I might be able to find this information? Aaron -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] winbind error: rpc_pipe_bind failed
Hi folks, I want to set up an samba printserver with cups. after configuering and starting the deamons I found this entry´s in my winbind logs: 1. log.wb-servername - [2006/03/21 18:15:01, 3] nsswitch/winbindd_async.c:winbindd_dual_lookupname(695) [10919]: lookupname PRINTBAK+root --- what does it mean? is this an error, or is this ok? 2. log.wb-BUILTIN --- [2006/03/21 17:15:15, 0] nsswitch/winbindd_dual.c:child_read_request(49) Got invalid request length: 0 [2006/03/21 18:09:38, 3] nsswitch/winbindd_async.c:winbindd_dual_getsidaliases(847) [10919]: getsidaliases --- what does it mean? is this an error, or is this ok? 3. log.wb-DOMAIN.COM --- [2006/03/23 18:20:40, 0] rpc_client/cli_pipe.c:cli_rpc_open_noauth(1700) rpc_pipe_bind failed --- what does this error mean. I´ve never found any useful information about this with google!!! 4. log.wb-PRINTBAK --- [2006/03/23 18:15:01, 3] nsswitch/winbindd_async.c:winbindd_dual_lookupname(695) [ 5125]: lookupname PRINTBAK+root what does it mean? is this an error, or is this ok? 5. log.winbindd [2006/03/23 18:20:39, 1] nsswitch/winbindd.c:main(935) winbindd version 3.0.20-4-SUSE started. Copyright The Samba Team 2000-2004 This is ok. 6. log.winbindd-idmap [2006/03/21 12:27:50, 0] nsswitch/winbindd_dual.c:child_read_request(49) Got invalid request length: 0 what does it mean? is this an error, or is this ok? I´m using SuSE OpenSource 10.0 - samba 3.0.20 - samba-client 3.0.20 - samba-winbind 3.0.20 My smb.conf: [global] workgroup = DOMAIN.COM netbios name = PRINTSERVER domain master = No security = domain password server = SERVERPWD printing = cups printcap name = cups printcap cache time = 60 cups options = raw wins proxy = No wins server = 192.168.1.xxx load printers = Yes log level = 1 winbind separator = + idmap uid = 1-2 idmap gid = 1-2 winbind enum users = Yes winbind enum groups = Yes [printers] comment = All Printers path = /var/tmp printable = Yes guest ok = No browseable = No read only = No [print$] comment = Printer Drivers path = /var/lib/samba/drivers write list = @ntadmin root force group = ntadmin create mask = 0664 directory mask = 0775 Especially the error in log.wb-DOMAIN.COM makes me nervous. I want to terminate every error, before move this server in productive environment. After installing a Printer on a XP-Client I get "Access Denied" as Status Message. But printing is possible and without errors. How can solve this? If answer, please in reference to the praticular logfile. I hope someone has any ideas. Thanks. Manfred -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] SAMBA install on IRIX 6.5
I am having problems with Samba on IRIX 6.5 authenticating via Active Directory. Installing the tardist of 3.0.21c did not give me kerberos/ldap/adc capabilities even though Kerberos and LDAP were prereq's. With OpenLDAP and Kerberos5 installed, my configure fails. I am trying this: ./configure --libdir=/usr/lib --includedir=/usr/include --prefix=/usr/samba --with-ldap --with-ads --with-krb5=/usr/local --with-quotas --with-acl-support checking for LDAP support... yes checking ldap.h usability... yes checking ldap.h presence... yes checking for ldap.h... yes checking lber.h usability... yes checking lber.h presence... yes checking for lber.h... yes checking for ber_scanf in -llber... no checking for ldap_init in -lldap... no checking for ldap_set_rebind_proc... no checking whether ldap_set_rebind_proc takes 3 arguments... 3 configure: error: libldap is needed for LDAP support mma-riss01 53# ls -la /usr/include/*ldap* -rw-r--r--1 root sys39901 Mar 23 07:13 /usr/include/ldap.h -rw-r--r--1 root sys 9136 Mar 23 07:13 /usr/include/ldap_cdefs.h -rw-r--r--1 root sys 2056 Mar 23 07:13 /usr/include/ldap_features.h -rw-r--r--1 root sys 9462 Mar 23 07:13 /usr/include/ldap_schema.h -rw-r--r--1 root sys 3549 Mar 23 07:13 /usr/include/ldap_utf8.h mma-riss01 54# ls -la /usr/lib/*ldap* lrwxr-xr-x1 root sys 29 Mar 23 09:15 /usr/lib/libldap.a -> /usr/freeware/lib32/libldap.a lrwxr-xr-x1 root sys 30 Mar 23 09:15 /usr/lib/libldap.so -> /usr/freeware/lib32/libldap.so lrwxr-xr-x1 root sys 32 Mar 23 09:15 /usr/lib/libldap.so.3 -> /usr/freeware/lib32/libldap.so.3 lrwxr-xr-x1 root sys 31 Mar 23 09:15 /usr/lib/libldap_r.a -> /usr/freeware/lib32/libldap_r.a lrwxr-xr-x1 root sys 32 Mar 23 09:15 /usr/lib/libldap_r.so -> /usr/freeware/lib32/libldap_r.so lrwxr-xr-x1 root sys 34 Mar 23 09:15 /usr/lib/libldap_r.so.3 -> /usr/freeware/lib32/libldap_r.so.3 And I even tried to use the environment variable : LD_LIBRARY=/usr/lib:/usr/include Any Suggestions? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] MS Word doesnt set attribute bits on share
Hi Ben I have the same problem with MS Word and Samba. Did you find a solution? Best regards Bernhard Diethelm -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem creating Samba Admin account
On Thu, 2006-03-23 at 13:19 -0800, Mont Rothstein wrote: > I am trying to create a Samba Admin account in FDS as per the final steps of > http://directory.fedora.redhat.com/wiki/Howto:Samba > > I've asked about this on the FDS mailing list with no luck, I am hoping > someone here will be able to help me. > > I've created a file with contents: > > Administrator:x:0:0:Samba Admin:/root:/bin/bash > > > I then ran: > > /usr/share/openldap/migration/migrate_passwd.pl /tmp/sambaAdmin > > /tmp/sambaAdmin.ldif > > > but when I get to converting the ldif to ldap via: > > /opt/fedora-ds/slapd-/ldif2ldap "cn=Directory manager" > password /tmp/sambaAdmin.ldif > > > I get the following error: > > adding new entry uid=Administrator,ou=People,dc=forayadams,dc=foray,dc=com > ldap_add: Object class violation > ldap_add: additional info: unknown object class "kerberosSecurityObject" > > As far as I know I haven't enabled kerberos anywhere. Does anyone know what > I need to do to resolve this? wrong list - not a samba question... but if you actually post that question to an LDAP list...you might actually want to show the contents of /tmp/sambaAdmin.ldif my wild guess is that you have an objectclass within that file that isn't supported by your setup. Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] ACL's being mysteriously removed from files/folders
Every now and again, I have users complain that they cannot write into a folder, or that files are read-only. Each time, the ACL's for a directory are empty, or some/all of the entries are missing, but the parent of that folder/file has a complete default ACL list. Curiously, a disabled user account appears in the ACL list. In nearly all cases, the directory causing the problem is owned by a laptop user - I've only seen one instance of a folder being owned by a desktop user. Following the most recent incident, I've found that the disabled account gets added when the ACL's are modified from the 'Security' tab from the file/folder properties sheet in Windows. However, the missing ACL entries are puzzling - I haven't been able to reproduce the problem yet. Has anyone body else experienced this, or have any idea's whats going on? (It's been happening since 3.0.13 (or so)) (No logs with this at present, and I've just switched on extd_audit today) Thanks, Andi Athlon XP 1.4Ghz 1.5GB RAM Suse 9.0 Samba 3.0.21 (SUSE RPM) + LDAP backend Disk usage ~40% -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: Client login delays - especially after reboot
> Subject: [Samba] Re: Client login delays - especially after reboot > > Hi > > >Have you posted any of your findings and/or configs? If not, start > >there. If you have, please reference them in another post. > my original post of the problem > > http://lists.samba.org/archive/samba/2006-March/119173.html > > >What exactly have you done to troubleshoot this so far? > >e.g.: > >* have you reproduced the problem consistently? > yes. the problem is ongoing since the new server was > installed. (previously no delays) > > >* do any hosts NOT have problems? What is different between them? > all hosts affected > > >* have you sniffed the wire and looked at the traffic? > No..can't get ethreal working so far and not sure what i'd be > looking for. > > >* have you set debug level looked in the logs for any clues? > I've now upped the log level to 4 and found somthing strange > with wins. see log below. make sure wins server is set correctly in smb.conf make sure nmbd is running. try # pstree -Gpua | more to see your process tree lmhosts files are a PITA - don't use them. set the WINS server address on the clients (TCP/IP-->Advanced button-->WINS tab in the NIC settings) > > >* have you ruled out name resolution issues? (WINS and/or dns) > name resolution works, don't have problems with nmblookup or > smbclient queries but not sure about wins, see log below. > > master:~ # nmblookup -B cad2 '*' > added interface ip=192.168.0.1 bcast=192.168.0.255 nmask=255.255.255.0 > not adding duplicate interface 192.168.0.1 > Socket opened. > querying * on 192.168.0.3 > nmb packet from 192.168.0.3(137) header: id=19215 > opcode=Query(0) response=Yes > header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=Yes > header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 > answers: nmb_name=*<00> rr_type=32 rr_class=1 ttl=30 > answers 0 char .. hex 8000C0A80003 > Got a positive name query response from 192.168.0.3 ( 192.168.0.3 ) > 192.168.0.3 *<00> > > > master:~ # smbclient //master/TMP > added interface ip=192.168.0.1 bcast=192.168.0.255 nmask=255.255.255.0 > not adding duplicate interface 192.168.0.1 > Client started (version 3.0.12-5-SUSE). > resolve_wins: Attempting wins lookup for name master<0x20> > wins_srv_is_dead: 192.168.0.1 is alive > wins_srv_is_dead: 192.168.0.1 is alive > resolve_wins: using WINS server 192.168.0.1 and tag '*' > wins_srv_is_dead: 192.168.0.1 is alive > Marking wins server 192.168.0.1 dead for 600 seconds from > source 192.168.0.1 > resolve_lmhosts: Attempting lmhosts lookup for name master<0x20> > getlmhostsent: lmhost entry: 127.0.0.1 localhost > getlmhostsent: lmhost entry: 192.168.0.1 master.x.com master > getlmhostsent: lmhost entry: 192.168.0.2 cad1.x.com cad1 > getlmhostsent: lmhost entry: 192.168.0.3 cad2.x.com cad2 > getlmhostsent: lmhost entry: 192.168.0.4 director.x.com director > getlmhostsent: lmhost entry: 192.168.0.7 accounts.x.com accounts > getlmhostsent: lmhost entry: 192.168.0.8 office.x.com office > resolve_hosts: Attempting host lookup for name master<0x20> > Connecting to 192.168.0.1 at port 445 > session request ok > Serverzone is 0 > > note! there is a short delay (5 sec) between wins query and > resolution of lmhosts > > If I repeat the query after a few seconds i get:- > > added interface ip=192.168.0.1 bcast=192.168.0.255 nmask=255.255.255.0 > not adding duplicate interface 192.168.0.1 > Client started (version 3.0.12-5-SUSE). > Connecting to 192.168.0.1 at port 445 > session request ok > Serverzone is 0 > > If I wait 10mins I get the first one again. > > does this mean wins is going to sleep or something? does Bind > provide wins or something else? > where do I go from here?. > > Regards > > Nigel > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Can't Browse to XP workstation
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > On Behalf Of Yang Xiao > Sent: Wednesday, March 22, 2006 12:21 PM > To: Samba List > Subject: [Samba] Can't Browse to XP workstation > > Hi all, > I'm running Samba 3/FC4 as NT 4 DC with LDAP/winbind, > everything's fine > except a single XP workstation is not listed in the network > neighborehood > and I can't browse to the machine 's admin shares either, > I've tried to > remove and rejoin the machine to the domain, it joined fine, > but I still > can't browse to it, checked wins setting is correct also, any ideas? > > Thanks! > > - Yang > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > check fw settings on XP client. check file and print setting is checked in NIC config dialog. check server service is running on XP client. -C -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC/Windows BDC domain sync
James F. Hranicky wrote: On Thursday 23 March 2006 13:09, Doug VanLeuven wrote: Hi James, Would you mind letting us know what product requires to be installed on a domain controller? I, for one, would like to shy away from ever evaluating their product. Desktop Authority: http://downloads.cybis.co.uk/scriptlogic/Desktop_Authority_7_Release_Notes.pdf E-Policy Orchestrator https://delta.ist.utl.pt/bin_software/ePO_36_InstallationGuide_EN.pdf Unless I'm mistaken, these both require running on a domain controller of some kind. Hi Jim, Actually, both strongly recommend -not- installing on a domain controller. I can see where it used to be a requirement, but they advise member servers now. Desktop Authority page 2 and ePolicy page 6. Scriptlogic supports NT40 domains and should work on a 2000SP2 or greater member server. ePolicy just states it needs to be installed on windows 2000SP3 or later including 2003 Web server (which would never be a PDC). They just want a trust relationship with the PDC although I don't see whether or not NT style PDC is supported. I'd check with the vendors, but you may be able to accommodate samba3 as a NT40 style PDC with both those products. If ePolicy is tightly integrated to AD, I don't think that will be supported till samba4. Regards, Doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Fwd: Re: [Samba] Migrate NT domain 4 to samba
I tried "net lookup dc" and samba PDC did not show.
The NT machine we have has been shut down and not functional
anymore. Right now, we only have one linux box with gentoo running samba
and we want it to be the PDC.
Thanks,
-Ivan
X-Original-To: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Subject: Re: [Samba] Migrate NT domain 4 to samba
To: Ivan Ordonez <[EMAIL PROTECTED]>
X-Mailer: Lotus Notes Release 6.0.2CF1 June 9, 2003
From: Donald W Watson <[EMAIL PROTECTED]>
Date: Thu, 23 Mar 2006 15:50:43 -0800
X-MIMETrack: Serialize by Router on D03NM124/03/M/IBM(Release 6.53HF752 |
November 15, 2005) at
03/23/2006 16:50:48
X-Virus-Scanned: amavisd-new at nature.berkeley.edu
Ivan,
The smb.conf looks fine, nearly identical to mine except I don't have the
entry for "netbios name". If "rock" is the name of your samba server this
shouldn't make difference.
As an experiment, have you tried to see if the PDC is visible from another
Unix box by using either "net lookup dc" or "nmblookup" (nmbd must be
running)? This will help isolate the problem to either the samba PDC
itself or something configured on the NT machine.
Sincerely, Don Watson
Linux Technology and Solutions; Beaverton, OR
503-578-4861/TL: 775-4861; [EMAIL PROTECTED]
Inactive hide details for Ivan Ordonez <[EMAIL PROTECTED]
Ivan Ordonez <[EMAIL PROTECTED]>
Ivan Ordonez <[EMAIL PROTECTED]>
03/23/2006 03:34 PM
[]
To
Donald W Watson/Beaverton/[EMAIL PROTECTED]
[]
cc
samba@lists.samba.org
[]
Subject
Re: [Samba] Migrate NT domain 4 to samba
Hi,
We were finally able to run "net rpc vampire" command. We created a brand
new smb.conf and add some user scripts.
We shut down our NT machine and make samba the PDC. I have created the
machine name in samba and created a samba root account as well. When I try
to join one machine, PDC is not found. Somehow, the samba PDC does not
know that he is supposed to be a domain controller now that the NT is down.
Anything I need to check or change on my smb.conf?
workgroup = mydomain
netbios name = rock
server string = Samba Server %v
interfaces = eth0
map to guest = Bad User
log file = /var/log/samba/log.%m
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
printcap name = cups
dns proxy = No
os level = 65
passdb expand explicit = no
passdb backend=tdbsam
security = user
local master = yes
domain master = yes
preferred master = yes
domain logons = yes
password server = pc1
encrypt passwords = yes
# Scripts for file (passwd, smbpasswd) backend:
add user script = /usr/sbin/useradd -s /bin/false '%u'
#delete user script = /usr/sbin/userdel '%s'
add user to group script = /usr/bin/gpasswd -a '%u' '%g'
#delete user from group script = /usr/bin/gpasswd -d '%u' '%g'
set primary group script = /usr/sbin/usermod -g '%g' '%u'
add group script = /usr/sbin/groupadd %g && getent group '%g'|awk -F:
'{print $3}'
#delete group script = /usr/sbin/groupdel '%g'
add machine script = /usr/sbin/useradd -d /dev/null -g machines -c
'Machine Account' -s /bin/false -M '%u'
Thanks,
-Ivan
At 07:34 AM 3/23/2006, Donald W Watson wrote:
Ivan,
I noticed when I did this with the old documentation I had to be very
careful reading the chapter and discovering all the necessary
instructions. I also noticed that the old documentation states that with
ldapsam you should not start samba until after the "net rpc vampire" call,
but with tdbsam it states you should start samba before the "net rpc
vampire" call.
In the new documentation it looks much simpler (
http://us1.samba.org/samba/docs/Samba-HOWTO-Collection.pdf), chapter 35:
In smb.conf, domain master = no (you already have this). In smb.conf,
passdbbackend = tdbsam (you already have this). Samba must not be running.
net rpc join -S -U Administrator%
net rpc vampire -S -U Administrator%
pdbedit -L should now show all the new users.
Maybe this will help.
Sincerely, Don Watson Linux Technology and Solutions; Beaverton, OR
503-578-4861/TL: 775-4861; [EMAIL PROTECTED]
Inactive hide details for Ivan Ordonez <[EMAIL PROTECTED]
Ivan Ordonez <[EMAIL PROTECTED]>
Ivan Ordonez <[EMAIL PROTECTED]> Sent by:
[EMAIL PROTECTED] 03/22/2006 11:54 AM
[]
To
samba@lists.samba.org
[]
cc
[]
Subject
[Samba] Migrate NT domain 4 to samba I have been following the Chapter 9
on Samba -3 by example book on "How to Migrate NT 4 domain to samba 3" and
not having any luck at all. Somehow the vampire command will not work and
give me an error:
Fetching DOMAIN database Failed to fetch domain database:
NT_STATUS_ACCESS_DENIED
What I want to accomplish is to remove Windows NT 4.0 server as PDC and
make Samba our Primary Domain Controller.
Also, I'm not sure if I have tdbsam setup correctly. How do you set it up
correctly? is there a command I should run or should I just edit smb.conf
file and add tdbsam? please see below for my smb.conf configuration.
# Global parameters [global]workgroup = MyDomainnetbios
name = rock
Re: [Samba] Migrate NT domain 4 to samba
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Joining Samba to ADS 2003
Hello,I am new to samba and I am trying to set it up to be a member server of my ADS Domain. I keep getting the same error whenever I do this. At the point where I have logged in and type "net ads join " I get the error:libads/ldap.c:ads_join_realm(1640)ads_add_machine_acct (my_server_name): Type or value existsads_join_realm: Type or value existsI am running Fedora Core 3 with the latest version of samba. It appears to say that my server has already been joined but I cannot find it anywhere in AD. I have synched time with my DC, and I know that I can "talk" to AD because I can authenticate and when I do a "net ads info" I get all the correct information regarding my ADS. I have tried googling the problem and found several people that experienced this same problem but have yet to find a solution. Any help is greatly appreciated.Thank you,Adam KatulakSupport AnalystF.C. Tucker Company, Inc.(317) [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Migrate NT domain 4 to samba
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba LDAP rootpw error
> I was following the howto below (originally posted on this list as BIG > Samba howto for debian only.) to see if I could get my not-quite-working > Samba 3.0.14a (debian) server fully working and able to handle my Linux > logins too. The problem I'm having with my Samba setup is that I can't > change user passwords except through Swat. Users can't change them from > their machines using the Windows password change - but they are notified > to change them by when they expire. > > Anyway, my attempts to follow the howto hit a roadblock at "3 LDAP > Server configuration". Neither slapindex nor slapd will run. It looks > like it doesn't like something about my root password, but I'm not sure > what it wants (I'm no expert on LDAP). :) > > Slapindex complains "bad configuration file". Slapd gives the more > detailed: >line 65 (rootpw ***) >/etc/ldap/slapd.conf: line 65: rootpw can only be set when rootdn is > under suffix > > I've attached my slapd.conf file if that is of any assistance. Any help > will be greatly appreciated. > > > Louis van Belle wrote: > [..snip..] humm well looking at the config file the first thing that i notice is this ... # The base of your directory in database #1 suffix "dc=rahim-dale,dc=org" rootdn"cn=admin,dc=toronto,dc=ontario,dc=ca" your root dn isn't in the base of your ldap tree, this should probuly be something like ... suffix "dc=rahim-dale,dc=org" rootdn"cn=admin,dc=rahim-dale,dc=org" try it n let us know what happens :). HTH Matt. >> >> > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba LDAP rootpw error
I was following the howto below (originally posted on this list as BIG Samba howto for debian only.) to see if I could get my not-quite-working Samba 3.0.14a (debian) server fully working and able to handle my Linux logins too. The problem I'm having with my Samba setup is that I can't change user passwords except through Swat. Users can't change them from their machines using the Windows password change - but they are notified to change them by when they expire. Anyway, my attempts to follow the howto hit a roadblock at "3 LDAP Server configuration". Neither slapindex nor slapd will run. It looks like it doesn't like something about my root password, but I'm not sure what it wants (I'm no expert on LDAP). :) Slapindex complains "bad configuration file". Slapd gives the more detailed: line 65 (rootpw ***) /etc/ldap/slapd.conf: line 65: rootpw can only be set when rootdn is under suffix I've attached my slapd.conf file if that is of any assistance. Any help will be greatly appreciated. Louis van Belle wrote: Hi everybody, I made a pretty complete howto for samba on debian servers. This howto covers samba + ldap + cups + recycle bin + samba-vscan + phpldapadmin + ACL + Extended Attributes. this howto is also based on the idealx howto If you do this setup, you should be able to use the NT4 Usermanager, setup Point en Print Printing. set rights from explorer etc. other nice tools is ldapadmin ( ldapadmin.sf.net ) a must check it out. We will use a Debian Sarge as setup. If you never used Debian before, you can follow this how-to (http://www.howtoforge.com/perfect_setup_debian_sarge ) , please read the comment below the pages first, this can save you time and problems or install Debian without any software packaged, we will install them later when needed. Checking the kernel of compile your own kernel if needed. I try to give a complete solution for this how-to, this is because lots of people where asking the same things on the samba list and lots of people make the same mistakes. This is my company's running setup. I run this on a P866, 512 Ram, Scsi Raid 1 ( 15rpms 73 Gb ) , with 50 users 25 printers which do about 150.000 prints a month. I thank my company to let me make this document. Please if you have improvements, comments, send them to me. Louis van Belle INDEX Page nr. 1 Checking the kernel or compile your own kernel3 1.1 Preparing apt configuration3 1.2 Preparing the kernel3 1.3 setup the /etc/fstab3 1.4 final touch, lilo (or grub) 3 2 Pre-installation of the debian packages 4 2.1 Samba and Ldap 4 2.2 basic rights setup for samba4 2.3 why this rights setup. 4 3 LDAP Server configuration 5 4 installation/configuration libnss, libpam (-ldap) 7 5 Samba and smbldap-tools Configuration 8 5.1 smbldap-tools installation/configuration8 5.2 setting up samba base config8 5.3 Configuring smbldap.conf9 5.4 set the samba ldap admin password 9 5.5 Samba PRIVILEGES Setup 10 6 CUPS - Printer software 11 6.1 Setup Cups 11 6.2 Setup Cups PDF Printer. - Creating a PDF Printer11 7 Configuring phpldapadmin 12 7.1 installation of phpldapadmin ( and apache ) 12 8.0 On-Access virus scanning on samba (samba-clamav)13 8.1 Installing ClamAV 13 8.2 get the sources ( samba & samba-vscan ) 13 9.0 Recycle bin on samba14 9.1 Recycle bin configuration 14 Appendix 1 (complex samba-access.conf ) SETUP WITH DSA USERS15 Appendix 2 APT 16 2.1 APT HOWTO 16 2.2 Files from /etc/apt 17 2.2.1 /etc/apt/apt.conf 17 2.2.2 /etc/apt/preferences 17 1 Checking the kernel or compile your own kernel 1.1 Preparing apt configuration for this go check out my apt howto. if you apt config is setup rights, follow the steps below. ncurses interface for compiling the kernel apt-get install libncurses5-dev get the kernel source apt-get install kernel-source-2.6.8 kernel-package installer right kernel and activate EXT2/3 + Extended attributes and setup CIFS kernel support to in kernel. 1.2 Preparing the kernel apt-get install kernel-source-2.6.8 kernel-package fakeroot libc6-dev libncurses5-dev cd /usr/src tar -jxf kernel-source-2.6.8.tar.bz2 ln -s /usr/src/linux /usr/src/kernel-source-2.6.8 cp /boot/config-2.6.8-2-* /usr/src/linux/.config cd linux make menuconfig - File systems - Ext2/3 + extended options also File systems - Miscellaneous filesystems - CramFS and File systems - Network File Systems - CIFS support + extended Attributes now create the kernel and install it. fakeroot make-kpkg --append-to-kernel=-mykernel --initrd kernel_image This create a file kernel-image-2.6.8.custom.1.0_i386.deb under /us
[Samba] Samba integration with AD
I know this question has been posed over and over (and over) again, but I'm at my wit's end. I've dug into the Samba docs, Gentoo specific docs, and PAM docs, and Googled the heck out of it... In any event, I'm running Gentoo 2006.0 (just built) running kernel 2.6.15 and Samba 3.0.21b. I'm 'trying' to set up a simple file server with SSO capabilities to a 2K AD domain. So far, the Samba/Winbind side seems great. I am able to map shares to windows workstations based on the windows uid/gid without a hiccup. The wbinfo [-u|-g] and gentent [passwd|group] commands work great. # wbinfo -u someuser someotheruser yetanotheruser # wbinfo -g | more Domain Guests Domain Users Schema Admins # getent passwd someuser:x:15007:10011::/home/UNICITY/someuser:/bin/bash someotheruser:x:15008:10011::/home/UNICITY/someotheruser:/bin/bash yetanotheruser:x:15009:10011::/home/UNICITY/yetanotheruser:/bin/bash # getent group Domain Guests:x:10020: Domain Users:x:10011: Schema Admins:x:10015: Kinit doesn't work quite right: # kinit Password for [EMAIL PROTECTED]: (Works) # kinit -k kinit(v5): Client not found in Kerberos database while getting initial credentials (Obviously doesn't) The biggest issue appears to be with PAM. Local and ssh logins using AD_DOMAIN accounts. Neither work and fail without notification to the user, but the following appears in the logs: Mar 23 16:08:42 32gs sshd(pam_unix)[8586]: check pass; user unknown Mar 23 16:08:42 32gs sshd(pam_unix)[8586]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=x.x.x.x Mar 23 16:08:44 32gs sshd[8581]: error: PAM: Authentication failure for testuser from x.x.x.x # testparm Load smb config files from /etc/samba/smb.conf Processing section "[share]" Loaded services file OK. WARNING: passdb expand explicit = yes is deprecated 'winbind separator = +' might cause problems with group membership. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions [global] workgroup = AD_DOMAIN realm = AD_DOMAIN.FQDN netbios name = MACHINENAME server string = MACHINENAME interfaces = x.x.x.x, 127. bind interfaces only = Yes security = ADS log level = 5 log file = /var/log/samba/log.%m max log size = 50 name resolve order = hosts wins bcast socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 load printers = No os level = 5 preferred master = No local master = No domain master = No dns proxy = No wins server = 10.10.57.124 ldap ssl = no idmap uid = 1-2 idmap gid = 1-2 template shell = /bin/bash winbind separator = + winbind use default domain = Yes hosts allow = x.x.x.x, 127. [share] comment = SHARE path = /mnt/share invalid users = root valid users = "@AD_DOMAIN+Domain Users" read only = No create mask = 0777 directory mask = 0777 # cat /etc/pam.d/login #%PAM-1.0 auth required /lib/security/pam_securetty.so auth sufficient /lib/security/pam_winbind.so auth sufficient /lib/security/pam_unix.so use_first_pass auth required /lib/security/pam_stack.so service=system-auth auth required /lib/security/pam_nologin.so accountsufficient /lib/security/pam_winbind.so accountrequired /lib/security/pam_stack.so service=system-auth password required /lib/security/pam_stack.so service=system-auth sessionrequired /lib/security/pam_stack.so service=system-auth sessionoptional /lib/security/pam_console.so # cat /etc/pam.d/samba #%PAM-1.0 authrequired /lib/security/pam_stack.so service=system-auth account required /lib/security/pam_stack.so service=system-auth # cat /etc/pam.d/sshd #%PAM-1.0 auth include system-auth auth required pam_shells.so auth required pam_nologin.so accountinclude system-auth password include system-auth sessioninclude system-auth Anything else? Brian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Smbd hanging
Problem SMBD processes spawn out of control until the Samba stops responding. Restarting the service does not clear the processes. Only a reboot of the server will bring it back to a usable state. This server is home to our postgres databases, Access front ends, and Production Files (excel, word...). It is a samba domain member server. We have multiple Samba file servers here but this server is the only one that exhibits this behavior. All servers are running the same samba version and OS version. It has been happening for months now and is not occurring at regular intervals. Please see the info below. I'd like to stop this from occurring so any and all help would be welcome with open arms. Site Info Samba Version: samba-3.0.20b-1 OS: Fedora Core 3 Kernel: kernel-2.6.12-1.1381_FC3 Log Info - There were not errors from the day the server crashed, but there was one 3 days prior. See snip... [2006/03/20 15:14:05, 0] lib/util.c:smb_panic2(1548) PANIC: internal error [2006/03/20 15:14:05, 0] lib/util.c:smb_panic2(1556) BACKTRACE: 22 stack frames: #0 smbd(smb_panic2+0x8a) [0xb7e4fe03] #1 smbd(smb_panic+0x19) [0xb7e50037] #2 smbd [0xb7e3bef1] #3 [0xb7c76420] #4 smbd(cli_start_connection+0x37e) [0xb7d32427] #5 smbd(cli_full_connection+0x6a) [0xb7d32573] #6 smbd(enumerate_domain_trusts+0x145) [0xb7e9a45a] #7 smbd(update_trustdom_cache+0xdd) [0xb7e99f3b] #8 smbd(is_trusted_domain+0x65) [0xb7e94519] #9 smbd(make_user_info_map+0x163) [0xb7e94761] #10 smbd [0xb7e95367] #11 smbd [0xb7d5870f] #12 smbd(ntlmssp_update+0x143) [0xb7d57c41] #13 smbd(auth_ntlmssp_update+0x44) [0xb7e95726] #14 smbd [0xb7cefaba] #15 smbd(reply_sesssetup_and_X+0x4f1) [0xb7cf1069] #16 smbd [0xb7d1cfa3] #17 smbd(process_smb+0x19b) [0xb7d1d3c8] #18 smbd(smbd_process+0x13a) [0xb7d1e26d] #19 smbd(main+0x91e) [0xb7ed8455] #20 /lib/tls/libc.so.6(__libc_start_main+0xd3) [0xb78b1e23] #21 smbd [0xb7cb4e41] Smb.conf --- # Global parameters [global] workgroup = XXX server string = Samba Server security = DOMAIN log file = /var/log/samba/log max log size = 10 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = No ldap ssl = no log level = 3 load printers = No kernel oplocks = Yes deadtime = 15 printing = lprng printcap cache time = 0 machine password timeout = 0 [homes] comment = Home Directories read only = No browseable = No available = No #[printers] # comment = All Printers # path = /var/spool/samba # printable = Yes # browseable = No [public_app] comment = Public Data Repository path = /var/local/group_shares/public_data read only = No create mask = 02775 force create mode = 02775 directory mask = 02775 force directory mode = 02775 [prod_control] comment = Production Control Repository path = /var/local/group_shares/prod_control read only = No create mask = 02775 force create mode = 02775 directory mask = 02775 force directory mode = 02775 -- Matt Lung Midwest Tool & Die, Corp. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem creating Samba Admin account
I am trying to create a Samba Admin account in FDS as per the final steps of http://directory.fedora.redhat.com/wiki/Howto:Samba I've asked about this on the FDS mailing list with no luck, I am hoping someone here will be able to help me. I've created a file with contents: Administrator:x:0:0:Samba Admin:/root:/bin/bash I then ran: /usr/share/openldap/migration/migrate_passwd.pl /tmp/sambaAdmin > /tmp/sambaAdmin.ldif but when I get to converting the ldif to ldap via: /opt/fedora-ds/slapd-/ldif2ldap "cn=Directory manager" password /tmp/sambaAdmin.ldif I get the following error: adding new entry uid=Administrator,ou=People,dc=forayadams,dc=foray,dc=com ldap_add: Object class violation ldap_add: additional info: unknown object class "kerberosSecurityObject" As far as I know I haven't enabled kerberos anywhere. Does anyone know what I need to do to resolve this? Thanks, -Mont -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] files cannot be copied
I had Samba working beautifully the first time I tried to use it. Now I am getting this message whenever I try to copy files from a shared folder on my wife's windows XP computer to my Ubuntu Linux computer: "smb://*.mp3" cannot be copied because you do not have permissions to read it. This is the same folder I was copying from before. Can someone help me trouble shoot this? Thanks, Ryan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC/Windows BDC domain sync
On Thursday 23 March 2006 13:09, Doug VanLeuven wrote: > Hi James, > Would you mind letting us know what product requires to be installed > on a domain controller? I, for one, would like to shy away from ever > evaluating their product. Desktop Authority: http://downloads.cybis.co.uk/scriptlogic/Desktop_Authority_7_Release_Notes.pdf E-Policy Orchestrator https://delta.ist.utl.pt/bin_software/ePO_36_InstallationGuide_EN.pdf Unless I'm mistaken, these both require running on a domain controller of some kind. Jim -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Cups + Samba weird printing problem
Hello everybody!, I'm having a weird problem related to printing from an M$ client to a Samba printer and after a time searching in the net I didn't find any clue The situation is this, I've got a Samba 3.0.14a running on Slackware 10.1 server with cups 1.1.23, on both the raw printing option has been enable. The clients workstationt are, in most cases, Win2000/Win XP. The users need to logon into the domain in order to access the shared services and pr inters. There is no problem printing from any linux / unix machine on a given printer but, in a few ocassions the priting from a Win client falls randomly. This mean that, sometimes the print job is never printed, or a page or two is printed. In most cases the origins of the print job are MS Office suite (currently we use Office 2003 and XP) in particular excell and word are leading the ranking, a few times the problem was reported with .pdf documents. There's nothing in the logs, as far as I've been looking, that may give me any idea of where the problem is. Have you had this problem ? Any ideas ? Thanks in advance. Diego. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] trustdom question
After successfully setting up a trusting relationship between two linux domains, it is quite a long time (5 minutes+) before I can make a connection from the trusted domain to the trusting domain. I have experimented with "lm announce = yes" and setting "lm interval" to a very small number, but monitoring network activity with ethereal seems to indicate that setting lm interval to a very small number does not increase the frequency of announcements. Is there a way I can shorten the time it takes to make a successful connection, or even force an immediate announcement? Sincerely,Don Watson Linux Technology and Solutions; Beaverton, OR 503-578-4861/TL: 775-4861; [EMAIL PROTECTED] To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC/Windows BDC domain sync
James F. Hranicky wrote: I have everything in place to move to a Samba/Heimdal/OpenLDAP auth database and have just discovered that some of the Windows products we use are required to run on a domain controller. Since domain sync doesn't work between Samba and NT4 it looks like I'm stuck: either ditch all the software we run on domain controllers, stay with our current 2-auth-db system, or move at least our Windows machines to AD, none of which I want to do. I appears that XAD 2.0 may be able to do what I want, and I'm checking on it's availablity, but I was wondering if anyone has any bright ideas for getting the Samba PDC to do what I want. Right now it looks like the best thing to do is to hack up a sync tool for WinNT <-> OpenLDAP to keep the passwords in sync. Hi James, Would you mind letting us know what product requires to be installed on a domain controller? I, for one, would like to shy away from ever evaluating their product. Regards, Doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] need help running samba 3.0.11 with security=domain
> I am having problems getting security=domain to work properly with > Samba 3.0.11 (this seems to be the recommended configuration for the > application which I use - ClearCase) > > We are running on a Solaris 10 server. > > We created a machine account for the server and then ran the command > to join the domain : > net rpc join -S domain_controller -U user%pass > Joined domain BP1. > > The fact that we got the "joined domain" message looked encouraging. > > I thought that this would update /usr/local/samba/private/secrets.tdb > - but the timestamp of this file didn't change. Is this normal ? Maybe > it is because we can now access the samba share from a client PC. > However - it takes too long (around 15 seconds). Occasionally it fails > altogether. If we set "password server" to "*" rather than hard coding > a domain controller then it fails every time with access denied > errors. > > If we switch to security=server it works OK. > > The smb.conf file contains the following > > [global] > workgroup = BP1 > security = DOMAIN > password server = bp1xeudc042.bp1.ad.bp.com > username map = /usr/local/samba/lib/username.map > lm announce = No > preferred master = No > local master = No > domain master = No > kernel oplocks = No > ldap ssl = no > invalid users = root, bin, daemon, adm, sync, shutdown, halt, > mail, news, uucp > create mask = 0775 > directory mask = 0775 > case sensitive = No > oplocks = No > include = /usr/local/samba/lib/smb.conf.%m > dos filemode = Yes > > [export] > comment = ClearCase VOBs > path = /export > read only = No > level2 oplocks = No > > > The log file contains the following : > added interface ip=149.184.200.182 bcast=149.184.200.255 > nmask=255.255.255.0 > [2006/03/23 16:41:53, 2] lib/interface.c:add_interface(79) > added interface ip=149.184.200.181 bcast=149.184.200.255 > nmask=255.255.255.0 > [2006/03/23 16:41:53, 2] lib/interface.c:add_interface(79) > added interface ip=149.184.200.27 bcast=149.184.200.255 > nmask=255.255.255.0 > [2006/03/23 16:41:53, 2] lib/interface.c:add_interface(79) > added interface ip=172.28.17.231 bcast=172.28.17.255 > nmask=255.255.255.0 > [2006/03/23 16:41:57, 3] > libsmb/trusts_util.c:enumerate_domain_trusts(149) > enumerate_domain_trusts: can't locate a DC for domain BP1 > [2006/03/23 16:41:57, 3] auth/auth.c:check_ntlm_password(219) > check_ntlm_password: Checking password for unmapped user > [EMAIL PROTECTED] > 1LSTL211684] with the new password interface > [2006/03/23 16:41:57, 3] auth/auth.c:check_ntlm_password(222) > check_ntlm_password: mapped user is: > [EMAIL PROTECTED] > [2006/03/23 16:41:57, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 > [2006/03/23 16:41:57, 3] smbd/uid.c:push_conn_ctx(365) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 > [2006/03/23 16:41:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 > [2006/03/23 16:41:57, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 > [2006/03/23 16:42:01, 2] auth/auth.c:check_ntlm_password(312) > check_ntlm_password: Authentication for user [WHITAKAN] -> > [WHITAKAN] FAILED > with error NT_STATUS_NO_LOGON_SERVERS > [2006/03/23 16:42:01, 3] smbd/process.c:timeout_processing(1334) > timeout_processing: End of file from client (client has > disconnected). > ... > ... > [2006/03/23 16:42:01, 2] lib/interface.c:add_interface(79) > added interface ip=172.28.17.231 bcast=172.28.17.255 > nmask=255.255.255.0 > [2006/03/23 16:42:05, 3] > libsmb/trusts_util.c:enumerate_domain_trusts(149) > enumerate_domain_trusts: can't locate a DC for domain BP1 > [2006/03/23 16:42:05, 3] auth/auth.c:check_ntlm_password(219) > check_ntlm_password: Checking password for unmapped user > [EMAIL PROTECTED] > 1LSTL211684] with the new password interface > [2006/03/23 16:42:05, 3] auth/auth.c:check_ntlm_password(222) > check_ntlm_password: mapped user is: > [EMAIL PROTECTED] > [2006/03/23 16:42:05, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 > [2006/03/23 16:42:05, 3] smbd/uid.c:push_conn_ctx(365) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 > [2006/03/23 16:42:05, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 > [2006/03/23 16:42:05, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 > [2006/03/23 16:42:05, 3] libsmb/namequery_dc.c:rpc_dc_name(145) > rpc_dc_name: Returning DC BP1XEUDC042 (149.184.209.253) for domain > BP1 > [2006/03/23 16:42:05, 3] > libsmb/cliconnect.c:cli_start_connection(1389) > Connecting to host=BP1XEUDC042 > [2006/03/23 16:42:05, 3] lib/util_sock.c:open_socket_out(752) > Connecting to 149.184.209.253 at port 445 > [2006/03/23 16:42:06, 3] smbd/sec_ctx.c:push_sec_ctx(
[Samba] Passwords
Hi, I'm using OpenSuse 10.0 with Samba, using local /etc/passwd and not ldap. I would like to know whether it is possible to create users/passwords in smbpasswd and not in the /etc/passwd?? Is it possible to have SAMBA to authenticate only based on users & passwords in smbpasswd . Thanks and rgds. Otto. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba PDC/Windows BDC domain sync
I have everything in place to move to a Samba/Heimdal/OpenLDAP auth database and have just discovered that some of the Windows products we use are required to run on a domain controller. Since domain sync doesn't work between Samba and NT4 it looks like I'm stuck: either ditch all the software we run on domain controllers, stay with our current 2-auth-db system, or move at least our Windows machines to AD, none of which I want to do. I appears that XAD 2.0 may be able to do what I want, and I'm checking on it's availablity, but I was wondering if anyone has any bright ideas for getting the Samba PDC to do what I want. Right now it looks like the best thing to do is to hack up a sync tool for WinNT <-> OpenLDAP to keep the passwords in sync. Thanks for any information, -- | Jim Hranicky, Senior SysAdmin UF/CISE Department | | E314D CSE BuildingPhone (352) 392-1499 | | [EMAIL PROTECTED] http://www.cise.ufl.edu/~jfh | -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE : [Samba] CHANGING PRIMARY GROUP
Hi Michael, Apparently, the pdbedit tool is only available for local users. My problem is for users from the trusted domain. The primary group for these users is defined on the PDC of the NT4 domain, and apparently, I couldn't change it on the winbind database. The way I have found is to change the mode to 777 on the shared directory to allow trusted domain users to access it. Another way is to use usermap, but the administration isn't so easy because I need to create all the users of the trusted domain in the usermap file. Best Regards. Patrick -Message d'origine- De : Michael Billerbeck [mailto:[EMAIL PROTECTED] Envoyé : jeudi 23 mars 2006 12:15 À : Patrick AUDON Cc : samba@lists.samba.org Objet : re: [Samba] CHANGING PRIMARY GROUP Hi Patrick, [EMAIL PROTECTED] schrieb am 23.03.2006 11:30:10: > Hi to all, > > > > I have a samba acting as a PDC with 'passdb backend=smbpasswd'. My version > of samba is 3.0.14a on linux Debian 2.6.8. > First of all: if I read correctly it's better to use at least the password backend tdbsam (trivial database sam) in this context. That's what I have read in the How-To or by-Example. > > I have defined an interdomain trusted connection with a NT4 domain. > > > > I can see the trusted accounts and groups, and add them to local group with > the 'net rpc group.' command. > > > > My problem is when I want to allow one user from this trusted domain to > access to a share. The group seen by samba and sent to unix is the primary > group which is the domain account group. > > I want to change this primary group, but I haven't seen tools for that. > > > > Could you help me ? > You can change the primary group RID or SID by using pdbedit: pdbedit -r -G or pdbedit -r -G If the parameter after the G-option (-G) doesn't start with 'S-' pdbedit assumes you passed an RID because SIDs start with S-1-5... example: pdbedit -r michael -G 513 513 ist the well-known RID for users windows environments. cheers, Michael -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.21b binaries on AIX 5.2 ML7 fails to join ADS domain
Seems your server doesnt have Kerberos configured correctly, u need to ensure you can successfully run "kinit Administrator" before a join to AD will work. Have a look in the how to, cheers Andy. [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 23/03/2006 09:56 To: samba@lists.samba.org cc: Subject:[Samba] Samba 3.0.21b binaries on AIX 5.2 ML7 fails to join ADS domain After installing Samba3.0.21b, on AIX 5.2 ML7 I get the following error trying to join a domain, can anyone offer any advice? Thanks Mark [wmsprod2:root]/usr/local/samba> testparm Load smb config files from /opt/Samba/3.0.21b/lib/smb.conf Loaded services file OK. WARNING: passdb expand explicit = yes is deprecated Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions [global] workgroup = CORP realm = CORPAD1.CORP.YW.KELDA security = ADS log level = 3 log file = /usr/local/samba/lib/log.%m ldap ssl = no [wmsprod2:root]/usr/local/samba> net ads info LDAP server: 10.44.9.65 LDAP server name: corpad3 Realm: CORP.YW.KELDA Bind Path: dc=CORP,dc=YW,dc=KELDA LDAP port: 389 Server time: Wed, 22 Mar 2006 15:09:47 GMT KDC server: 10.44.9.65 Server time offset: 127 [wmsprod2:root]/usr/local/samba> net ads join -U Administrator% -d 3 [2006/03/22 15:11:02, 3] param/loadparm.c:lp_load(4202) lp_load: refreshing parameters [2006/03/22 15:11:02, 3] param/loadparm.c:init_globals(1385) Initialising global parameters [2006/03/22 15:11:02, 3] param/params.c:pm_process(574) params.c:pm_process() - Processing configuration file "/opt/Samba/3.0.21 b/lib/smb.conf" [2006/03/22 15:11:02, 3] param/loadparm.c:do_section(3657) Processing section "[global]" [2006/03/22 15:11:02, 2] lib/interface.c:add_interface(81) added interface ip=10.44.8.222 bcast=10.44.15.255 nmask=255.255.248.0 [2006/03/22 15:11:02, 3] libads/ldap.c:ads_connect(288) Connected to LDAP server 10.44.9.65 [2006/03/22 15:11:02, 3] libads/ldap.c:ads_server_info(2542) got ldap server name [EMAIL PROTECTED], using bind path: dc=CORP,dc=YW,dc=KELDA [2006/03/22 15:11:02, 3] libads/sasl.c:ads_sasl_spnego_bind(210) ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2 [2006/03/22 15:11:02, 3] libads/sasl.c:ads_sasl_spnego_bind(210) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 [2006/03/22 15:11:02, 3] libads/sasl.c:ads_sasl_spnego_bind(210) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3 [2006/03/22 15:11:02, 3] libads/sasl.c:ads_sasl_spnego_bind(210) ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10 [2006/03/22 15:11:02, 3] libads/sasl.c:ads_sasl_spnego_bind(219) ads_sasl_spnego_bind: got server principal name [EMAIL PROTECTED] [2006/03/22 15:11:02, 3] libsmb/clikrb5.c:ads_krb5_mk_req(479) ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found) [2006/03/22 15:11:02, 0] libads/kerberos.c:ads_kinit_password(164) kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot resolve network address for KDC in requested realm [2006/03/22 15:11:02, 0] utils/net_ads.c:ads_startup(191) ads_connect: Cannot resolve network address for KDC in requested realm [2006/03/22 15:11:02, 2] utils/net.c:main(878) return code = -1 Find out how to protect your home from frost this winter at www.yorkshirewater.com YORKSHIRE WATER - WINNER OF THE UTILITY OF THE YEAR AWARD 2004 AND 2005 The information in this e-mail is confidential and may also be legally privileged. The contents are intended for recipient only and are subject to the legal notice available at http://www.keldagroup.com/email.htm Yorkshire Water Services Limited Registered Office Western House Halifax Road Bradford BD6 2SZ Registered in England and Wales No 2366682 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
re: [Samba] CHANGING PRIMARY GROUP
Hi Patrick, [EMAIL PROTECTED] schrieb am 23.03.2006 11:30:10: > Hi to all, > > > > I have a samba acting as a PDC with 'passdb backend=smbpasswd'. My version > of samba is 3.0.14a on linux Debian 2.6.8. > First of all: if I read correctly it's better to use at least the password backend tdbsam (trivial database sam) in this context. That's what I have read in the How-To or by-Example. > > I have defined an interdomain trusted connection with a NT4 domain. > > > > I can see the trusted accounts and groups, and add them to local group with > the 'net rpc group.' command. > > > > My problem is when I want to allow one user from this trusted domain to > access to a share. The group seen by samba and sent to unix is the primary > group which is the domain account group. > > I want to change this primary group, but I haven't seen tools for that. > > > > Could you help me ? > You can change the primary group RID or SID by using pdbedit: pdbedit -r -G or pdbedit -r -G If the parameter after the G-option (-G) doesn't start with 'S-' pdbedit assumes you passed an RID because SIDs start with S-1-5... example: pdbedit -r michael -G 513 513 ist the well-known RID for users windows environments. cheers, Michael -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] squid + external_acl_type + wbinfo_group.pl, Help needed
Hi All, i was trying to configure proxy server, which will authenticate only for the users in group called "internet" that's in my Windows2003 ADS previously i configured my proxy server for all users in my domain and it was working well i think, i have some problem using external_acl_typel Please Help Following is my present squid configuration squid-2.5.STABLE6-3.4E.11 = auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 30 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes external_acl_type nt_group ttl=0 concurrency=5 %LOGIN /usr/lib/squid/wbinfo_group.pl acl unrestrictedusers external nt_group internet http_access allow unrestrictedusers == samba-3.0.21c-1 [global] workgroup = DNA server string = Samba Server log level = 3 log file = /var/log/samba/samba.log max log size = 1024 security = ads encrypt passwords = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = no #=== Share Definitions ===# password server = 172.16.20.200 realm = DNA.COM idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/bash template homedir = /home/%D/%U allow trusted domains = no idmap backend = idmap_rid:DNA=16777216-33554431 winbind use default domain = yes = Operating System Red Hat Enterprise Linux ES (2.6.9-22.ELsmp) with this configuration its asking for authentication, but even if we provide correct username and password its not authenticating Thank You In Advance jerrynikky. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] CHANGING PRIMARY GROUP
Hi to all, I have a samba acting as a PDC with 'passdb backend=smbpasswd'. My version of samba is 3.0.14a on linux Debian 2.6.8. I have defined an interdomain trusted connection with a NT4 domain. I can see the trusted accounts and groups, and add them to local group with the 'net rpc group.' command. My problem is when I want to allow one user from this trusted domain to access to a share. The group seen by samba and sent to unix is the primary group which is the domain account group. I want to change this primary group, but I haven't seen tools for that. Could you help me ? Thanks for your help. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.21b binaries on AIX 5.2 ML7 fails to join ADS domain
After installing Samba3.0.21b, on AIX 5.2 ML7 I get the following error trying to join a domain, can anyone offer any advice? Thanks Mark [wmsprod2:root]/usr/local/samba> testparm Load smb config files from /opt/Samba/3.0.21b/lib/smb.conf Loaded services file OK. WARNING: passdb expand explicit = yes is deprecated Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions [global] workgroup = CORP realm = CORPAD1.CORP.YW.KELDA security = ADS log level = 3 log file = /usr/local/samba/lib/log.%m ldap ssl = no [wmsprod2:root]/usr/local/samba> net ads info LDAP server: 10.44.9.65 LDAP server name: corpad3 Realm: CORP.YW.KELDA Bind Path: dc=CORP,dc=YW,dc=KELDA LDAP port: 389 Server time: Wed, 22 Mar 2006 15:09:47 GMT KDC server: 10.44.9.65 Server time offset: 127 [wmsprod2:root]/usr/local/samba> net ads join -U Administrator% -d 3 [2006/03/22 15:11:02, 3] param/loadparm.c:lp_load(4202) lp_load: refreshing parameters [2006/03/22 15:11:02, 3] param/loadparm.c:init_globals(1385) Initialising global parameters [2006/03/22 15:11:02, 3] param/params.c:pm_process(574) params.c:pm_process() - Processing configuration file "/opt/Samba/3.0.21 b/lib/smb.conf" [2006/03/22 15:11:02, 3] param/loadparm.c:do_section(3657) Processing section "[global]" [2006/03/22 15:11:02, 2] lib/interface.c:add_interface(81) added interface ip=10.44.8.222 bcast=10.44.15.255 nmask=255.255.248.0 [2006/03/22 15:11:02, 3] libads/ldap.c:ads_connect(288) Connected to LDAP server 10.44.9.65 [2006/03/22 15:11:02, 3] libads/ldap.c:ads_server_info(2542) got ldap server name [EMAIL PROTECTED], using bind path: dc=CORP,dc=YW,dc=KELDA [2006/03/22 15:11:02, 3] libads/sasl.c:ads_sasl_spnego_bind(210) ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2 [2006/03/22 15:11:02, 3] libads/sasl.c:ads_sasl_spnego_bind(210) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 [2006/03/22 15:11:02, 3] libads/sasl.c:ads_sasl_spnego_bind(210) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3 [2006/03/22 15:11:02, 3] libads/sasl.c:ads_sasl_spnego_bind(210) ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10 [2006/03/22 15:11:02, 3] libads/sasl.c:ads_sasl_spnego_bind(219) ads_sasl_spnego_bind: got server principal name [EMAIL PROTECTED] [2006/03/22 15:11:02, 3] libsmb/clikrb5.c:ads_krb5_mk_req(479) ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found) [2006/03/22 15:11:02, 0] libads/kerberos.c:ads_kinit_password(164) kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot resolve network address for KDC in requested realm [2006/03/22 15:11:02, 0] utils/net_ads.c:ads_startup(191) ads_connect: Cannot resolve network address for KDC in requested realm [2006/03/22 15:11:02, 2] utils/net.c:main(878) return code = -1 Find out how to protect your home from frost this winter at www.yorkshirewater.com YORKSHIRE WATER - WINNER OF THE UTILITY OF THE YEAR AWARD 2004 AND 2005 The information in this e-mail is confidential and may also be legally privileged. The contents are intended for recipient only and are subject to the legal notice available at http://www.keldagroup.com/email.htm Yorkshire Water Services Limited Registered Office Western House Halifax Road Bradford BD6 2SZ Registered in England and Wales No 2366682 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
