Re: [Samba] Trouble with restricting access and ads
On Tue, 2008-01-29 at 23:00 -0400, D G Teed wrote: > We are migrating old FreeBSD machines to Redhat EL 5. > > On FreeBSD, we have previously used "valid users =" with sucess. > "valid users" was never a group, but always a list of user names like: > valid users = david joe henry > > Moving to Redhat Enterprise 5, [...] > Please shed some light on this if anyone can. Why people never read release notes ? :-D Since a few samba versions the usernames must be fully qualified In domain FOO with user Bar you set: valid users = FOO\Bar setting just valid users = Bar won't do it. Simo. -- Simo Sorce Samba Team GPL Compliance Officer <[EMAIL PROTECTED]> Senior Software Engineer at Red Hat Inc. <[EMAIL PROTECTED]> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Trouble with restricting access and ads
Check the folder permission, remember the linux file permission are overridden on samba file permission. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Trouble with restricting access and ads
We are migrating old FreeBSD machines to Redhat EL 5. On FreeBSD, we have previously used "valid users =" with sucess. "valid users" was never a group, but always a list of user names like: valid users = david joe henry Moving to Redhat Enterprise 5, I used the system authentication GUI to set up Winbind and Kerberos and pam and nsswitch.conf. We authenticate off AD, and do not make local Unix accounts for the samba share users. I discovered the old "valid users = " configuration from the FreeBSD legacy smb.conf did not allow access, but simply "users = " and a list of accounts worked OK. I tested with my user and it could read/write files on the share. I thought I was done, until I learned that any user authenticating in AD could connect to the published shares Here is my global section (beer used to protect the innocent): [global] workgroup = BEER realm = BEERAD server string = Web Server security = ADS password server = adc1.ad.beer.ca idmap backend = rid:BEER=5000-1 idmap uid = 5000-1 idmap gid = 5000-1 template shell = /bin/bash winbind use default domain = Yes winbind enum users = No winbind enum groups = No ; winbind nested groups = Yes allow trusted domains = No log level = 3 log file = /var/log/samba/%m.log max log size = 50 dns proxy = No winbind use default domain = Yes encrypt passwords = yes [www] comment = web path = /usr/local/www/www guest ok = no valid users = john todd greg alice users = john todd greg alice write list = john todd greg alice writable = yes force user = www force group = www With the above set up, connection to www is not possible. If I comment out the valid users line, then authentication works. If I connect to beer\\www as user donald, which authenticates OK, I can read or write or delete files from the www share. I've spent a full day going through various permutations to the puzzle and cannot find a solution that only lets in the people I want to list. I either get nothing working, or everyone in the domain can connect and write! Please shed some light on this if anyone can. --Donald -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Trusted domain user login
Hello Mr. Carlos, >getent returns the ldap users, groups and paswwords, should getent also return >the NT domain users when they are the same? I think,This will depend on your smb.conf. if you set 'winbind enum users' and 'winbind enum groups' to yes, getent should also display the users. by default, these are set to 'no'. regards, Jay -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: Fw: [Samba] Setting Global printer defaults on standalone server running version samba 3.0.25
Hi Vickie (and others). I think I spoke a bit soon... at least on the global default settings... There are still a few strange things going on... My situation is slightly different from yours (I think). My users don't necessarily have logins on the linux server. I probably should use "security = share" - but with this setting - I couldn't get the driver upload to work. When I reverted to "security = user" (default) the upload worked - but workstations without suitable usernames - couldn't even see the server's shared printers. My solution was to use: "map to guest = Bad Password" (see man smb.conf). [global] log file = /var/log/samba/%m.log load printers = yes smb ports = 139 enable privileges = yes map to guest = Bad Password encrypt passwords = yes allow hosts = 192.168.0. 127. dns proxy = no cups options = raw netbios name = C5 server string = Centos 5 Linux workgroup = aardvarkwg os level = 20 max log size = 50 [printers] comment = All Printers printable = yes path = /var/spool/samba public = yes [print$] comment = Windows Printer Driver Share path = /var/lib/samba/drivers public = yes browseable = yes read only = yes write list = root, @ntadmin, richard, rhc This seems to mostly work - but there are a few things I don't understand: While logged in as a member of "ntadmin", I can upload drivers - and I can open the servers "Printers & Faxes", then right click the Printer, select Properties/advanced/printing defaults - and set the settings. If I go to a workstation which has a login not recognised by the server - I can install the printer and it downloads the drivers fine. The printer works fine. However: On the non admin workstation - the initial printer settings do not match the global defaults, and I can change the local defaults (both the settings - and the defaults). Worse still - I can go to "server properties" and delete "server side" drivers from the server (from the non admin workstation). Interestingly - it doesn't actually seem to delete files from the print$ share - but the driver does disappear from the driver list - even when viewed on an admin worstation. I do get an error if I try to upload drivers from a non-admin workstation - (as I should). It seems like the guest login has nearly all the rights of an "ntdmin' login - but I can't figure out why. I am confident that the username on the non-admin workstation is not a server logon - and certainly not included in ntadmin. Any ideas anyone... Thanks. Richard. Vickie L. Kidder wrote: Richard, It is great to hear that you got printer upload working! I'm glad my response was of some help to you. When you posted your question, I had also been struggling with printer admin issue, and had just gotten it working with some help from the list. Vickie Kidder Information Systems McIlhenny Company 337.373.6126 *Richard Chapman <[EMAIL PROTECTED]>* 01/28/2008 08:26 PM To "Vickie L. Kidder" <[EMAIL PROTECTED]>, Samba List cc Subject Re: Fw: [Samba] printer admin option replacement on stand alone (not domain) print server running version 3.0.25 Hi Vickie I hope you don't mind me contacting you directly - but I wanted to thank you (and otters) for your help with this problem. I have finally got printer driver upload working - after having taken a break from it for a couple of weeks leave Everything went more or less as you said - but I also had some "bad stuff" in my smb.conf - which took a bit of careful weeding to get rid off...:-) I think I have also just figured out how to set a global default "printer Preference" so that my printer prints monochrome by default. This is really wonderful... Thanks Vickie Richard. Vickie L. Kidder wrote: > > I was able to get my print drivers to upload after doing the following. > > 1) Checked that the settings for the printer driver upload directory > were set to allow my account to write to it. > /# ls -l /s01/samba > drwxrwsr-x 3 vlkidder samba 512 Jan 06 21:45 drivers > > 2) Removed the printer admin option from smb.conf file. > These are my current smb.conf settings related to printing. > ; Global Settings for Printers > printing = aix > load printers = yes > printcap name = /etc/printcap > print command = /usr/bin/lpr -P%p -h -r %s > lpq command = enq -e -As -P'%p' > use client driver = no > [printers] >comment = samba printers >path = /var/spool/samba >printable = yes >browseable = no >guest ok = no >public = no >read only = yes >writeable = no > [print$] >comment = samba printer driver upload >path = /s01/samba/drivers >write list = vlkidder >browseable = yes >guest ok = no >read only = yes > > > 3) Ran "net rpc rights grant vlkidder SePrintOperatorPrivilege" to > grant my account "vlkidder" printer admin rights. > I'm not sure why, but w
Re: [Samba] A good read
> > Do you have any recommendations as to what is available to read that > > will take me through the world of Windows networking? > Because Samba, as it is today, mainly emulates a Windows NT4 Server when > used as a PDC it really helps to have that background. > A book I found quite useful back when I worked exclusively with Windows > was Mark Minasi's "Mastering Windows NT Server 4". Amazon has used > copies starting at 1.54 USD. "Guide to MS Windows NT 4.0 Profiles and Policies" http://www.microsoft.com/technet/archive/winntas/maintain/featusability/prof_pol.mspx?pf=true -- Adam Tauno Williams, Network & Systems Administrator Consultant - http://www.whitemiceconsulting.com Developer - http://www.opengroupware.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] A good read
On Tuesday 29 January 2008, Robert Pollard wrote: > Do you have any recommendations as to what is available to read that > will take me through the world of Windows networking? Because Samba, as it is today, mainly emulates a Windows NT4 Server when used as a PDC it really helps to have that background. A book I found quite useful back when I worked exclusively with Windows was Mark Minasi's "Mastering Windows NT Server 4". Amazon has used copies starting at 1.54 USD. -- Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] A good read
have you read Samba 3 by Example? it covers some real world examples, ads joins, etc. i think you'd want to use a PDC w/ roaming profiles. that way you can locate all of your user's data on your server and backup your server instead of a lot of clients. and you'll definitely want a PDC/BDC setup when you have branch offices. for host name lookup use dynamic dns dhcp. there's plenty of howtos on how to set that up too, but I can send you my configs too. Robert Pollard wrote: Hi, I have been reading the older O'Reilly book on Samba. This book explains in general the concept of NetBIOS and some other related areas. Do you have any recommendations as to what is available to read that will take me through the world of Windows networking? I am sitting here reading these messages and see things like "requires a flat namespace to function" or "dfs stub server" or "I then bind Samba domain members using 'net ads join -U domain_admin_login'" and I'm am at a loss as to what they are talking about. I have read up on how to setup Samba as a PDC but I don't know why I would ever want to. Even if I had enough users in our network I still don't believe there would be any purpose for it. I am leaning more towards using using LDAP for authentication. I would also like to use for host name lookup and some other odds and ends. Is there something out there that would take me by the hand and lead me through the decision making process of what to use and when to use it, how to set it up and trouble-shoot it and maybe some other relevant information that would be needed? I want to know more about Windows networking but also how to use the best tools available for what makes sense now and in the future. Thanks, Robert -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Smart card logon
Pau Garcia i Quiles wrote: Quoting "Douglas E. Engert" <[EMAIL PROTECTED]>: Pau Garcia i Quiles wrote: Quoting Asier Baranguán <[EMAIL PROTECTED]>: Hi all Is possible to perform a logon from a XP workstation to a Samba3+LDAP managed domain with a smartcard? I've readed somewhere that this is not possible with Samba3, but /could/ be possible with the Samba4 package. Thanks Although I have never tried it, it should be possible by configuring Samba for PAM authentication (http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/pam.html) and using an appropriate PAM module, such as http://www.opensc-project.org/pam_p11/ Actually what you want is the Kerberos PKINIT and a pam_krb5 that understands PKINIT and can to talk to a PKCS#11. Heimdal Kerberos is part of newer versions of Samba. The Heimdal KDC then accepts the PKINIT and returns Kerberos tickets. This is essentially what Windows AD does today with smart card login. You login to the domain. The OpenSC and many other smart card pam logins only log you into the the local machine, not the domain. Good to know PAM_KRB5 exists and can log into Samba. I have not tried this. In theory it should. I have tried earlier of pam_krb5 with Heimdal clients and OpenSC smart cards to AD. I was thinking of a much simpler solution consisting on chaining two PAM modules: PAM P11 would get the credentials from the Smartcard and PAM Winbind or whatever would check they are valid. The key point is "check they are valid". The Windbind client can not be trusted Only the DC. This is the point of PKINIT, the DC is verifying the credentials. See http://www.eyrie.org/~eagle/software/pam-krb5/ for a pam_krb5 that works with Heimdal and PKINIT. PKINIT http://www.ietf.org/rfc/rfc4557.txt Even if PAM P11 is not ready for Samba use, it shouldn't be too difficult (and take this with a grain of salt, given that PAM is mystic per se :-) to produce a new PAM-Samba-Smartcard by "merging" PAM P11 and one of the PAM modules included in Samba currently (PAM password, PAM Winbind, etc). Pam Windbind probably needs some updates to have it use the Heimdal PKINIT and the PKCS#11. -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Windows Terminal server with samba and HOMEPATH
Hi to all We have moved our users from an NT domain to a samba domain We have changed our terminal server from the NT domain to the samba domain All seems to work fine, but we have found a problem we don't have if we login in the terminal server but in the NT domain. In the terminal the system should create a windows folder under c:\documents and settings\username to store some .ini that an application need to modify for each user. In this way each user can had his own .ini copy When we had the users to log into the terminal server in the NT domain the system was working this way. Now that our users logs into the samba domain all of them share the same .ini into the c:\windows directory. We have examined the environment variables logged in the NT domain and in the SAMBA domain (both cases in a terminal server session), and here is the difference: in the NT domain: HOMEDRIVE = C: HOMEPATH = \Documents and Settings\username HOMESHARE (undefined) if i open a cmd session it starts at c:\Documents and settings\username in the Samba Domain HOMEDRIVE = C: HOMEPATH = Blank HOMESHARE = \\server\username if i open a cmd session it says that the home cannot be defined with UNC naming and it opens at C:\ this is the proble that is causing the users to don't have his own .ini files and chare the ones in c:\Windows We are using windows nt policies provided by the samba server (stored as ntconfig.pol under /var/lib/samba/netlogon). In this policies we had setup some folder redirection (for My Documents and for the Desktop). This folder redirection is working fine in both cases, logged in workstation or in a terminal server session. We have tried to fin a suitable template for terminal server to define this variable, but none seems suitable. Also examining the registry this variables seem to be defined in a volatile branch Anyone has come to this problem? How can i define this variable for each user upon login? thanks -- Un saludo. Carlos Lorenzo Matés. clmates AT mundo-r DOT com signature.asc Description: This is a digitally signed message part. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Trusted domain user login
Hi. El Martes, 29 de Enero de 2008, Thorkil Olesen escribió: > Carlos Lorenzo Matés mundo-r.com> writes: > > I have logged in the samba server as root and tried this > > > > myserver:~ # wbinfo -a clorenzo%myrealpassword > > plaintext password authentication failed > > error code was NT_STATUS_INVALID_HANDLE (0xc008) > > error messsage was: Invalid handle > > Could not authenticate user clorenzo%myrealpassword with plaintext > > password challenge/response password authentication failed > > error code was NT_STATUS_INVALID_HANDLE (0xc008) > > error messsage was: Invalid handle > > Could not authenticate user clorenzo with challenge/response > > Maybe you should try: > > wbinfo -a NTDOMAIN\\clorenzo%myrealpassword This was my first try and it says exactly the same. > > > wbinfo -u and wbinfo -g gets right the list of users and groups from the > > NT domain > > That is a good sign! > > wbinfo is a great tool to examine how winbind sees the world. I spent some > time on an interdomain trust to a W2k3-server, but I think my problem was > different from yours. Have you set up nsswitch.conf? Can you see a user > with getent? We have the very same users groups and passwords in the NT Domain and in the samba Domain, our samba domain uses ldap for storage. Here is our nsswitch.conf # This works: #passwd:ldap compat #group: ldap compat # As does this: passwd: files ldap group: files ldap hosts: files dns wins networks: files dns services: files ldap protocols: files rpc:files ethers: files netmasks: files netgroup: files ldap publickey: files bootparams: files automount: files nis ldap aliases:files ldap passwd_compat: ldap winbind group_compat: ldap winbind shadow: compat #passwd_compat: ldap #group_compat: ldap #shadow: compat getent returns the ldap users, groups and paswwords, should getent also return the NT domain users when they are the same? Thanks -- Un saludo. Carlos Lorenzo Matés. clmates AT mundo-r DOT com signature.asc Description: This is a digitally signed message part. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] core dump after live migrating virtualized environment
Dear Samba- We're using the virtualization application openVZ to run small web services for researchers. Unlike other virtualization software, openVZ uses the host file system for the guest OS; essentially the root file system of the guest is a chrooted subdirectory on the host. When openVZ migrates a guest between two host machines it uses rsync to transfer the files. Unfortunately, this causes samba to panic and not accept any new connections (established connections are OK). In the logs I get " tdb(/var/cache/samba/ntforms.tdb): tdb_reopen: file dev/inode has changed!" . Of course the inode changed, but does it need to panic? Is there a workaround? Centos 5 samba-3.0.25b-1.el5_1.4 [2008/01/22 11:53:46, 0] lib/util_tdb.c:tdb_log(662) tdb(/var/cache/samba/ntforms.tdb): tdb_reopen: file dev/inode has changed! [2008/01/22 11:53:46, 0] smbd/server.c:open_sockets_smbd(572) tdb_reopen_all failed. [2008/01/22 11:53:46, 0] lib/util.c:smb_panic(1654) PANIC (pid 22099): tdb_reopen_all failed. [2008/01/22 11:53:46, 0] lib/util.c:log_stack_trace(1758) BACKTRACE: 6 stack frames: #0 smbd(log_stack_trace+0x1c) [0x55776ffc] #1 smbd(smb_panic+0x43) [0x557770e3] #2 smbd [0x5582ac3a] #3 smbd(main+0x710) [0x5582b370] #4 /lib64/libc.so.6(__libc_start_main+0xf4) [0x2d3818a4] #5 smbd [0x555bbfe9] [2008/01/22 11:53:46, 0] lib/fault.c:dump_core(181) dumping core in /var/log/samba/cores/smbd -- Jeff Blasius / [EMAIL PROTECTED] Phone: (203)432-9940 51 Prospect Rm. 011 High Performance Computing (HPC) UNIX Systems Administrator, Linux Systems Design & Support (LSDS) Yale University Information Technology Services (ITS) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Smart card logon
Pau Garcia i Quiles wrote: Quoting Asier Baranguán <[EMAIL PROTECTED]>: Hi all Is possible to perform a logon from a XP workstation to a Samba3+LDAP managed domain with a smartcard? I've readed somewhere that this is not possible with Samba3, but /could/ be possible with the Samba4 package. Thanks Although I have never tried it, it should be possible by configuring Samba for PAM authentication (http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/pam.html) and using an appropriate PAM module, such as http://www.opensc-project.org/pam_p11/ Actually what you want is the Kerberos PKINIT and a pam_krb5 that understands PKINIT and can to talk to a PKCS#11. Heimdal Kerberos is part of newer versions of Samba. The Heimdal KDC then accepts the PKINIT and returns Kerberos tickets. This is essentially what Windows AD does today with smart card login. You login to the domain. The OpenSC and many other smart card pam logins only log you into the the local machine, not the domain. See http://www.eyrie.org/~eagle/software/pam-krb5/ for a pam_krb5 that works with Heimdal and PKINIT. PKINIT http://www.ietf.org/rfc/rfc4557.txt Even if PAM P11 is not ready for Samba use, it shouldn't be too difficult (and take this with a grain of salt, given that PAM is mystic per se :-) to produce a new PAM-Samba-Smartcard by "merging" PAM P11 and one of the PAM modules included in Samba currently (PAM password, PAM Winbind, etc). Pam Windbind probably needs some updates to have it use the Heimdal PKINIT and the PKCS#11. -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Smart card logon
Quoting "Douglas E. Engert" <[EMAIL PROTECTED]>: Pau Garcia i Quiles wrote: Quoting Asier Baranguán <[EMAIL PROTECTED]>: Hi all Is possible to perform a logon from a XP workstation to a Samba3+LDAP managed domain with a smartcard? I've readed somewhere that this is not possible with Samba3, but /could/ be possible with the Samba4 package. Thanks Although I have never tried it, it should be possible by configuring Samba for PAM authentication (http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/pam.html) and using an appropriate PAM module, such as http://www.opensc-project.org/pam_p11/ Actually what you want is the Kerberos PKINIT and a pam_krb5 that understands PKINIT and can to talk to a PKCS#11. Heimdal Kerberos is part of newer versions of Samba. The Heimdal KDC then accepts the PKINIT and returns Kerberos tickets. This is essentially what Windows AD does today with smart card login. You login to the domain. The OpenSC and many other smart card pam logins only log you into the the local machine, not the domain. Good to know PAM_KRB5 exists and can log into Samba. I was thinking of a much simpler solution consisting on chaining two PAM modules: PAM P11 would get the credentials from the Smartcard and PAM Winbind or whatever would check they are valid. See http://www.eyrie.org/~eagle/software/pam-krb5/ for a pam_krb5 that works with Heimdal and PKINIT. PKINIT http://www.ietf.org/rfc/rfc4557.txt Even if PAM P11 is not ready for Samba use, it shouldn't be too difficult (and take this with a grain of salt, given that PAM is mystic per se :-) to produce a new PAM-Samba-Smartcard by "merging" PAM P11 and one of the PAM modules included in Samba currently (PAM password, PAM Winbind, etc). Pam Windbind probably needs some updates to have it use the Heimdal PKINIT and the PKCS#11. -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 -- Pau Garcia i Quiles http://www.elpauer.org (Due to my workload, I may need 10 days to answer) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Smart card logon
Quoting Asier Baranguán <[EMAIL PROTECTED]>: Hi all Is possible to perform a logon from a XP workstation to a Samba3+LDAP managed domain with a smartcard? I've readed somewhere that this is not possible with Samba3, but /could/ be possible with the Samba4 package. Thanks Although I have never tried it, it should be possible by configuring Samba for PAM authentication (http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/pam.html) and using an appropriate PAM module, such as http://www.opensc-project.org/pam_p11/ Even if PAM P11 is not ready for Samba use, it shouldn't be too difficult (and take this with a grain of salt, given that PAM is mystic per se :-) to produce a new PAM-Samba-Smartcard by "merging" PAM P11 and one of the PAM modules included in Samba currently (PAM password, PAM Winbind, etc). -- Pau Garcia i Quiles http://www.elpauer.org (Due to my workload, I may need 10 days to answer) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] A good read
Hi, I have been reading the older O'Reilly book on Samba. This book explains in general the concept of NetBIOS and some other related areas. Do you have any recommendations as to what is available to read that will take me through the world of Windows networking? I am sitting here reading these messages and see things like "requires a flat namespace to function" or "dfs stub server" or "I then bind Samba domain members using 'net ads join -U domain_admin_login'" and I'm am at a loss as to what they are talking about. I have read up on how to setup Samba as a PDC but I don't know why I would ever want to. Even if I had enough users in our network I still don't believe there would be any purpose for it. I am leaning more towards using using LDAP for authentication. I would also like to use for host name lookup and some other odds and ends. Is there something out there that would take me by the hand and lead me through the decision making process of what to use and when to use it, how to set it up and trouble-shoot it and maybe some other relevant information that would be needed? I want to know more about Windows networking but also how to use the best tools available for what makes sense now and in the future. Thanks, Robert -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba Administrator account for XP
satish patel wrote: Dear all I have install samba + ldap and it is successfully joing the domain but problem is when i login in XP machine with Administrator account of samba i cannot change anything in XP even not system time so is it problem of privileges ?? Get a copy of MS's ifmember.exe and issue it with the /list switch while logged into Windows with a domain account. That will show you which groups you are a member of on the domain and local workstation. Likely you have something amiss in the group mapping area. I cover that sort of thing in my Samba presentation: "Samba 3 PDC for Windows Clients and Samba 3 Book Review" http://www.lueckdatasystems.com/pub/presentations/iccm2007.pdf Start on page 7 of the presentation. I do not use LDAP in this presentation, so the EXACT solution will be different in your case. -- Michael Lueck Lueck Data Systems http://www.lueckdatasystems.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] joining an AD
The error I got "Failed to set servicePrincipalNames. Please ensure that the DNS domain of this server matches the AD domain, Or rejoin with using Domain Admin credentials" seems to point to the way that Kerberos requires a flat namespace to function. SO I would have to make sure the DNS name the server is DOMAIN.COM instead of SUB.DOMAIN.COM, which is going to be a problem. -Original Message- From: Calderon, Willy (NIH/NINDS) [C] Sent: Tue 1/29/2008 9:16 AM To: Philipoff, Andrew; Guillermo Gutierrez; samba@lists.samba.org Subject: RE: [Samba] joining an AD I tried that. I created the machine in the correct OU but this when I try to do this I get various errors: # net ads join -U username username's password: Using short domain name -- DOMAIN Failed to set servicePrincipalNames. Please ensure that the DNS domain of this server matches the AD domain, Or rejoin with using Domain Admin credentials. Deleted account for 'SERVERNAME' in realm 'DOMAIN' Failed to join domain: Constraint violation When I look back in the OU I find that the server has been removed. * * * * Willy Calderon Contractor - LCG Systems Tel: 301 435 1913 -Original Message- From: Philipoff, Andrew [mailto:[EMAIL PROTECTED] Sent: Monday, January 28, 2008 11:00 PM To: Guillermo Gutierrez; Calderon, Willy (NIH/NINDS) [C]; samba@lists.samba.org Subject: RE: [Samba] joining an AD In our AD environment, I pre-create computer records in our AD OU computers container via a Windows system using the Active Directory Users and Computers console. I then bind Samba domain members using "net ads join -U domain_admin_login". Andrew Philipoff Programmer Analyst Information Technology Services Department of Medicine University of California, San Francisco Phone: 415-476-1344 Help Desk: 415-476-6827 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Guillermo Gutierrez Sent: Monday, January 28, 2008 5:59 PM To: Calderon, Willy (NIH/NINDS) [C]; samba@lists.samba.org Subject: RE: [Samba] joining an AD You may just have to join it to the domain and then move it manually into the OU through windows. Unless you upgrade to a newer version of samba that supports that feature. -Original Message- From: Calderon, Willy (NIH/NINDS) [C] [mailto:[EMAIL PROTECTED] Sent: Monday, January 28, 2008 5:15 PM To: Guillermo Gutierrez; samba@lists.samba.org Subject: RE: [Samba] joining an AD Thanks for this. The problem appears to be that I can't create the workstation in the OU. I can use my same credentials to log into the AD and create a workstation in that OU through Windows but not through Linux. # net help ads join net ads join [options] Valid options: createupn[=UPN]Set the userPrincipalName attribute during the join. The deault UPN is in the form host/[EMAIL PROTECTED] createcomputer=OU Precreate the computer account in a specific OU. The OU string read from top to bottom without RDNs and delimited by a '/'. E.g. "createcomputer=Computers/Servers/Unix" NB: A backslash '\' is used as escape at multiple levels and may need to be doubled or even quadrupled. It is not used as a separator So when I try # net ads join createcomputer="Servers/Windows/Computers/AD" -U willy%password Failed to pre-create the machine object in OU createcomputers=Servers/Windows/Computers/AD. [2008/01/28 20:15:30, 1] utils/net_ads.c:net_ads_join(1533) error calling net_precreate_machine_acct: No such object Failed to join domain: No such object [2008/01/28 20:15:30, 2] utils/net.c:main(1032) return code = -1 * * * * Willy Calderon Contractor - LCG Systems Unix Systems Administrator Bldg. 10, NIH/NINDS Tel: 301 435 1913 -Original Message- From: Calderon, Willy (NIH/NINDS) [C] Sent: Mon 1/28/2008 7:58 PM To: Guillermo Gutierrez; samba@lists.samba.org Subject: RE: [Samba] joining an AD Thanks. I keep getting this error every time I log in now with the options you've given below [2008/01/28 19:49:22, 4] libads/sasl.c:ads_sasl_bind(521) Found SASL mechanism GSS-SPNEGO [2008/01/28 19:49:22, 3] libads/sasl.c:ads_sasl_spnego_bind(213) ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2 [2008/01/28 19:49:22, 3] libads/sasl.c:ads_sasl_spnego_bind(213) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 [2008/01/28 19:49:22, 3] libads/sasl.c:ads_sasl_spnego_bind(213) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3 [2008/01/28 19:49:22, 3] libads/sasl.c:ads_sasl_spnego_bind(213) ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10 [2008/01/28 19:49:22, 3] libads/sasl.c:ads_sasl_spnego_bind(222) ads_sasl_spnego_bind: got server principal name = [EMAIL PROTECTED] [2008/01/28 19:49:22, 4] libsmb/clikrb5.c:ads_krb5_mk_req(610) ads_krb5_mk_req: Advancing clock by 63 seconds to cope with clock skew [2008/01/28 19:49:22, 3] libsmb/clikrb5.c:ads_cl
[Samba] explorer.exe MSDFS problems
Hello all, We've had to roll out a dfs stub server to cope with a migration, and we've noticed that explorer.exe will fail whenever a UNC path that traverses the graft point is pasted into the address bar. Start-Run works fine, ie7 works fine, For example, \\server1\share\graft is a dfs redirect to: \\server2\share\fun and under that server2 path is the directory structure: a/b/c/d Pasting the UNC path \\server1\graft\a\b\c into the explorer.exe address bar causes: Windows cannot find '\\server1\graft\a\b\c' Check the spelling and try again. However, pasting \\server1\graft into the explorer address bar, and navigating through works as expected. As noted above, Start-Run works as expected, ie7 works as expected. It's obviously some different handling in explorer.exe, is anyone aware of either a samba fix/patch (oh please) or a registry fix for explorer? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Smart card logon
Hi all Is possible to perform a logon from a XP workstation to a Samba3+LDAP managed domain with a smartcard? I've readed somewhere that this is not possible with Samba3, but /could/ be possible with the Samba4 package. Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Trusted domain user login
Carlos Lorenzo Matés mundo-r.com> writes: > I have logged in the samba server as root and tried this > > myserver:~ # wbinfo -a clorenzo%myrealpassword > plaintext password authentication failed > error code was NT_STATUS_INVALID_HANDLE (0xc008) > error messsage was: Invalid handle > Could not authenticate user clorenzo%myrealpassword with plaintext password > challenge/response password authentication failed > error code was NT_STATUS_INVALID_HANDLE (0xc008) > error messsage was: Invalid handle > Could not authenticate user clorenzo with challenge/response Maybe you should try: wbinfo -a NTDOMAIN\\clorenzo%myrealpassword > wbinfo -u and wbinfo -g gets right the list of users and groups from the NT > domain That is a good sign! wbinfo is a great tool to examine how winbind sees the world. I spent some time on an interdomain trust to a W2k3-server, but I think my problem was different from yours. Have you set up nsswitch.conf? Can you see a user with getent? -- Thorkil Olesen, Denmark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Strange issue with share visibility
On Jan 29, 2008 11:12 AM, Moss, Patricia <[EMAIL PROTECTED]> wrote: > > > > > I commented out the password line and uncommented the passdb line. It was > set as follows: > >passdb backend = smbpasswd > > > > I stopped and restarted samba and then tried the smbclient command; > > > > pasun05/# /usr/sfw/bin/smbclient -L pasun05 -U dmadmin > > > Password: > > > > session setup failed: NT_STATUS_LOGON_FAILURE > > > > Here are the last few lines in the log file: > > [2008/01/29 11:10:27, 1] auth/auth_server.c:(363) > > password server * rejected the password > > [2008/01/29 11:10:27, 2] auth/auth.c:(317) > > check_ntlm_password: Authentication for user [dmadmin] -> [dmadmin] > FAILED with error NT_STATUS_WRONG_PASSWORD > > [2008/01/29 11:10:27, 2] smbd/server.c:(614) > > Closing connections > Did you run smbpasswd -a dmadmin on the samba box? John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Fwd: [Samba] Strange issue with share visibility
On Jan 29, 2008 10:08 AM, Moss, Patricia <[EMAIL PROTECTED]> wrote: > I'm not sure if that would have an affect on anything else that is > accessible on the server. There is only one way to find out. Is it > just a matter of changing my smb.conf to reflect the Unix server as my > password server? > > Pati Get rid of the password server line and then uncomment the passdb backend line in your smb.conf file. Then you need to add the user on the samba server depending on how you have you linux accounts setup you may only need to do the smbpasswd step to add the user. http://www.samba.netfirms.com/addusers.htm#adduser John -- John M. Drescher -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Windows share modes and Linux file locking, flock & fcntl
> In particular I am looking at a machine running Linux exporting its > local filesystem using Samba, with a Windows client accessing the > file share. If I use byte range locking (fcntl() on Linux, LockFile() > on Windows) things work as expected, and applications using the > file system locally and remotely see the locks set by the other. > However, if a program on the Windows client opens a file with a > share mode that denies access to other processes, I can't seem to > detect this in a local Linux process, either with fcntl() or with flock(). > I included the test programs I used below. I have seen references > that this should be possible > (http://lists.samba.org/archive/samba/2004-February/080455.html > last paragraph) but I may be misunderstanding things. There seems to be a library for accessing Samba's database of share modes in the Samba source tree (for version 3.0.28). The relevant files are ./bin/libsmbsharemodes.so ./bin/libsmbsharemodes.a ./include/smb_share_modes.h ./libsmb/smb_share_modes.c ./libsmb/smb_share_modes.o On the other hand, it doesn't appear to be possible to use local system calls to detect share modes because their semantics are too different from file locks, see threads below. http://lists.samba.org/archive/samba/2007-March/subject.html#130305 http://lists.samba.org/archive/samba-technical/2005-February/thread.html#39425 Peter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Mac Machines taking over Master Browser
On Jan 28, 2008 2:26 PM, JJB <[EMAIL PROTECTED]> wrote: > For some reason the Macintosh machines on our LAN have started taking > over as master browser without actually providing. Mostly these are > Leopard machines, and one Tiger machine. We had OS Level set to 255 and > that does not seem to make a difference. > > [2008/01/16 11:14:27, 0] > nmbd/nmbd_browsesync.c:get_domain_master_name_node_status_fail(486) > get_domain_master_name_node_status_fail: > Doing a node status request to the domain master browser at IP > 192.168.1.153 failed. > Cannot get workgroup name. > > > 192.168.1.153 is an iMac running leopard. We are running a samba file > server that should be responding as our master browser and was until the > new machines came on the LAN. > > - Joel > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > Just a knee-jerk reaction, how are you doing network name resolution on the samba box? Also, do these Macs have machine accounts on the samba server, and netbios enabled? I don't know anything about Macs and their derived BSD network stack, forgive me ignorance if this does not apply. Finally, can you find the master browser election results in your logs? You might be able to just reboot the Macs, which should make them lose the election due to lower uptime. -- Peace and Blessings, -Scott. "Of course, that's just my opinion; I could be wrong" -Dennis Miller -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem accessing Samba shares simultaneously by multipleusers
One suggestion of the top of my head is Subversion. I believe it supports file locking for simultaneous development. What little I read about it a while back it would allow you to control the locking. It's main purpose is version control which is needed as well if you have multiple developers. HTH, Robert - Original Message - From: "Pradipta Chakraborty" <[EMAIL PROTECTED]> To: Sent: Tuesday, January 29, 2008 4:53 AM Subject: [Samba] Problem accessing Samba shares simultaneously by multipleusers Hello All! I am using Samba Version 2.2.7a on a RedHat linux 9 box.Some .php files are stored on the Samba server and Users are accessing these files from windows system.They are using EditPlus to work on these .php files.Problem is that when more than one users are accessing the same file,they are unable to perform write operation on the file.E.g suppose user A has opened a file with RW priviledge,user A is working on that file.If at the same time User B is opening the same file , the file appears to him as RO,he is unable to write/save the file. But our requirement is that multiple users will be accessing the same file at the same time & will perform read/write/save simultaneously.It should not happened that if one user is perform write/save action on a file,other users will be denied to perform write/save operation on the same file.How to do that? Please help me in this regard.IT is required immediately and it is very urgent for ur project.Please help me. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Strange issue with share visibility
On Jan 29, 2008 10:01 AM, Moss, Patricia <[EMAIL PROTECTED]> wrote: > I am not. I know I am going to run into a roadblock when I request that > user on the PC server. Is there any other way to gain access to the > shares? > Is there any reason why you can not have your CentOS box be its own password server? I mean you create the samba users on that box instead. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Strange issue with share visibility
On Jan 29, 2008 9:52 AM, Moss, Patricia <[EMAIL PROTECTED]> wrote: > I am confused by samba side versus Unix side. > The account is created on the Linux server but is not a PC account on > our company domain. > All users that use this account have the password for it. > You need to create a samba user account on stant05 for this user. Are you using ldap? John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Weird reproduceable delta after power failure - PDC
On Jan 25, 2008 11:16 AM, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > Hello List, > > i am using Ubuntu Server 6.06 with the smbldap installer script from > majen.net/smbldap/ > I am using VMWare to run my test systems (Ubuntu server and Windows > Domain Clients) > > After producing a power supply failure (stopping my Ubuntu and windows > client by the stop button in vmware) and starting them up again i can > see a delta in my ldap database: > > > > Before Power failure: > -- > uidNumber: 1 > sambaSID: S-1-5-21-2308582080-1758763575-3976210704-21000 > sambaPwdCanChange: 1201212116 > sambaNTPassword: C880093E1682DA079892FF7FF2AEA911 > sambaPwdLastSet: 1201212116 > > After Power failure: > -- > uidNumber: 10005 > sambaSID: S-1-5-21-2308582080-1758763575-3976210704-21010 > sambaPwdCanChange: 1201260229 > sambaNTPassword: 2446CE7E7D8B196756E40E80B5EC3A13 > sambaPwdLastSet: 1201260229 > > > > I did not manually change those properties and i wonder who or why they > changed. > > The result is that my windows client can not log into the domain > anymore. I have to remove it fro the domain and add it again. > > Has anyone an idea why this is _automatically_ happening? > Do you need more infos? > > Thanks, Mario > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > What file system (journaled?), were you using RAID, and was the VMWare disk zeroed out before you used it? It could be silent data corruption (although I doubt it), a bug in VMWare, or any number of other nasty things that happen when power is pulled with an unflushed buffer. The extra layer of complexity that a hypervisor adds to the mix is potentially substantial, IMHO. If the file system is journaled, can you get your boot log and see if any of the transactions were replayed on fsck during boot? Sorry for the dupe, I forgot to CC the mailing list! -- Peace and Blessings, -Scott. "Of course, that's just my opinion; I could be wrong" -Dennis Miller -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Strange issue with share visibility
> I have one more question for you. If the users only want 1 specific account > to access the shares, how do I handle that? This is actually on a different > server now. This server is running Solaris 10. > I am a little confused at what you are looking for. I mean does this one account already exist in the PDC (samba side not unix)? Can every user have the password and username for this account? John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] joining an AD
I tried that. I created the machine in the correct OU but this when I try to do this I get various errors: # net ads join -U username username's password: Using short domain name -- DOMAIN Failed to set servicePrincipalNames. Please ensure that the DNS domain of this server matches the AD domain, Or rejoin with using Domain Admin credentials. Deleted account for 'SERVERNAME' in realm 'DOMAIN' Failed to join domain: Constraint violation When I look back in the OU I find that the server has been removed. * * * * Willy Calderon Contractor - LCG Systems Tel: 301 435 1913 -Original Message- From: Philipoff, Andrew [mailto:[EMAIL PROTECTED] Sent: Monday, January 28, 2008 11:00 PM To: Guillermo Gutierrez; Calderon, Willy (NIH/NINDS) [C]; samba@lists.samba.org Subject: RE: [Samba] joining an AD In our AD environment, I pre-create computer records in our AD OU computers container via a Windows system using the Active Directory Users and Computers console. I then bind Samba domain members using "net ads join -U domain_admin_login". Andrew Philipoff Programmer Analyst Information Technology Services Department of Medicine University of California, San Francisco Phone: 415-476-1344 Help Desk: 415-476-6827 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Guillermo Gutierrez Sent: Monday, January 28, 2008 5:59 PM To: Calderon, Willy (NIH/NINDS) [C]; samba@lists.samba.org Subject: RE: [Samba] joining an AD You may just have to join it to the domain and then move it manually into the OU through windows. Unless you upgrade to a newer version of samba that supports that feature. -Original Message- From: Calderon, Willy (NIH/NINDS) [C] [mailto:[EMAIL PROTECTED] Sent: Monday, January 28, 2008 5:15 PM To: Guillermo Gutierrez; samba@lists.samba.org Subject: RE: [Samba] joining an AD Thanks for this. The problem appears to be that I can't create the workstation in the OU. I can use my same credentials to log into the AD and create a workstation in that OU through Windows but not through Linux. # net help ads join net ads join [options] Valid options: createupn[=UPN]Set the userPrincipalName attribute during the join. The deault UPN is in the form host/[EMAIL PROTECTED] createcomputer=OU Precreate the computer account in a specific OU. The OU string read from top to bottom without RDNs and delimited by a '/'. E.g. "createcomputer=Computers/Servers/Unix" NB: A backslash '\' is used as escape at multiple levels and may need to be doubled or even quadrupled. It is not used as a separator So when I try # net ads join createcomputer="Servers/Windows/Computers/AD" -U willy%password Failed to pre-create the machine object in OU createcomputers=Servers/Windows/Computers/AD. [2008/01/28 20:15:30, 1] utils/net_ads.c:net_ads_join(1533) error calling net_precreate_machine_acct: No such object Failed to join domain: No such object [2008/01/28 20:15:30, 2] utils/net.c:main(1032) return code = -1 * * * * Willy Calderon Contractor - LCG Systems Unix Systems Administrator Bldg. 10, NIH/NINDS Tel: 301 435 1913 -Original Message- From: Calderon, Willy (NIH/NINDS) [C] Sent: Mon 1/28/2008 7:58 PM To: Guillermo Gutierrez; samba@lists.samba.org Subject: RE: [Samba] joining an AD Thanks. I keep getting this error every time I log in now with the options you've given below [2008/01/28 19:49:22, 4] libads/sasl.c:ads_sasl_bind(521) Found SASL mechanism GSS-SPNEGO [2008/01/28 19:49:22, 3] libads/sasl.c:ads_sasl_spnego_bind(213) ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2 [2008/01/28 19:49:22, 3] libads/sasl.c:ads_sasl_spnego_bind(213) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 [2008/01/28 19:49:22, 3] libads/sasl.c:ads_sasl_spnego_bind(213) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3 [2008/01/28 19:49:22, 3] libads/sasl.c:ads_sasl_spnego_bind(213) ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10 [2008/01/28 19:49:22, 3] libads/sasl.c:ads_sasl_spnego_bind(222) ads_sasl_spnego_bind: got server principal name = [EMAIL PROTECTED] [2008/01/28 19:49:22, 4] libsmb/clikrb5.c:ads_krb5_mk_req(610) ads_krb5_mk_req: Advancing clock by 63 seconds to cope with clock skew [2008/01/28 19:49:22, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(528) ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration Tue, 29 Jan 2008 05:50:25 EST Bad option: SEVERN Failed to join domain: Invalid parameter [2008/01/28 19:49:22, 2] utils/net.c:main(1032) return code = -1 * * * * Willy Calderon Contractor - LCG Systems Unix Systems Administrator Bldg. 10, NIH/NINDS Tel: 301 435 1913 -Original Message- From: Guillermo Gutierrez [mailto:[EMAIL PROTECTED] Sent: Mon 1/28/2008 4:57 PM To: Calderon, Willy (NIH/NINDS) [C]; samba@lists.samba.org Subject: RE: [Samba] joining an AD
Re: [Samba] Strange issue with share visibility
On Jan 29, 2008 8:40 AM, Moss, Patricia <[EMAIL PROTECTED]> wrote: > I don't know if I worded that correctly. > What I'm trying to say is that there are going to be Unix users, that > don't have PDC accounts that will need to access these shares. Is that > possible? > I believe you need accounts on the PDC. You can use smbusers to map each unix username to a samba username on the PDC if needed. I have all my unix and windows users authenticated via LDAP. Samba and pam are both using ldap for the passwords and accounts. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Strange issue with share visibility
On Jan 29, 2008 8:35 AM, Moss, Patricia <[EMAIL PROTECTED]> wrote: > Honestly, I don't believe so. > Is there a way to test using the root account, or any other non-PDC > account? > Use the -U parameter to smbclinet to specify a valid user. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Strange issue with share visibility
> [EMAIL PROTECTED] samba]# smbclient -L stalinux02 > > Password: > > session setup failed: NT_STATUS_LOGON_FAILURE > > Is root a valid user in your PDC? John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Strange issue with share visibility
I am running Samba, version 3.0.25b-1.el5_1.4 , on a Linux box running CentOS version 5. My smb.conf is as follows: # #=== Global Settings = [global] # workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH workgroup = FCGNET # server string is the equivalent of the NT Description field server string = Samba Server # Security mode. Defines in which mode Samba will operate. Possible # values are share, user, server, domain and ads. Most people will want # user level security. See the Samba-HOWTO-Collection for details. # security = user security = server # This option is important for security. It allows you to restrict # connections to machines which are on your local network. The # following example restricts access to two C class networks and # the "loopback" interface. For more examples of the syntax see # the smb.conf man page #; hosts allow = 192.168.1. 192.168.2. 127. # If you want to automatically load your printer list rather # than setting them up individually then you'll need this # load printers = yes # you may wish to override the location of the printcap file #; printcap name = /etc/printcap # on SystemV system setting printcap name to lpstat should allow # you to automatically obtain a printer list from the SystemV spool # system #; printcap name = lpstat # It should not be necessary to specify the print system type unless # it is non-standard. Currently supported print systems include: # bsd, cups, sysv, plp, lprng, aix, hpux, qnx #; printing = cups # This option tells cups that the data has already been rasterized #cups options = raw # Uncomment this if you want a guest account, you must add this to /etc/passwd # otherwise the user "nobody" is used #; guest account = pcguest guest account = nobody # this tells Samba to use a separate log file for each machine # that connects log file = /var/log/samba/%m.log log level = 3 # Put a capping on the size of the log files (in Kb). max log size = 50 # Use password server option only with security = server # The argument list may include: # password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name] # or to auto-locate the domain controller/s # password server = * password server = stant05 #; password server = # Use the realm option only with security = ads # Specifies the Active Directory realm the host is part of #; realm = MY_REALM # Backend to store user information in. New installations should # use either tdbsam or ldapsam. smbpasswd is available for backwards # compatibility. tdbsam requires no further configuration. #; passdb backend = tdbsam ; passdb backend = smbpasswd # Using the following line enables you to customise your configuration # on a per machine basis. The %m gets replaced with the netbios name # of the machine that is connecting. # Note: Consider carefully the location in the configuration file of # this line. The included file is read at that point. ; include = /usr/local/samba/lib/smb.conf.%m # Configure Samba to use multiple interfaces # If you have multiple network interfaces then you must list them # here. See the man page for details. #; interfaces = 192.168.12.2/24 192.168.13.2/24 # Browser Control Options: # set local master to no if you don't want Samba to become a master # browser on your network. Otherwise the normal election rules apply local master = yes # OS Level determines the precedence of this server in master browser # elections. The default value should be reasonable #; os level = 33 os level = 20 # Domain Master specifies Samba to be the Domain Master Browser. This # allows Samba to collate browse lists between subnets. Don't use this # if you already have a Windows NT domain controller doing this job #; domain master = yes domain master = no # Preferred Master causes Samba to force a local browser election on startup # and gives it a slightly higher chance of winning the election #; preferred master = yes preferred master = no # Enable this if you want Samba to be a domain logon server for # Windows95 workstations. #; domain logons = yes domain logons = no # if you enable domain logons then you may want a per-machine or # per user logon script # run a specific logon batch file per workstation (machine) #; logon script = %m.bat # run a specific logon batch file per username #; logon script = %U.bat # Where to store roving profiles (only for Win95 and WinNT) #%L substitutes for this servers netbios name, %U is username #You must uncomment the [Profiles] share below #; logon path = \\%L\Profiles\%U # Windows Internet Name Serving Support Section: # WINS Support - Tells the NMBD component of Samba to enable it's WINS Server #; wins support = yes wins su
Re: [Samba] Problem accessing Samba shares simultaneously by multiple users
why would you want 2 people in the same file at the same time doing RW thats asking for data curruption. for the sound of it you would be better using subversion Original Message Subject: [Samba] Problem accessing Samba shares simultaneously by multiple users (29-Jan-2008 10:55) From:[EMAIL PROTECTED] To: [EMAIL PROTECTED] > Hello All! > I am using Samba Version 2.2.7a on a RedHat linux 9 box.Some .php files are > stored on the Samba server and Users are accessing these files from windows > system.They are using EditPlus to work on these .php files.Problem is that > when more than one users are accessing the same file,they are unable to > perform write operation on the file.E.g suppose user A has opened a file > with RW priviledge,user A is working on that file.If at the same time User > B > is opening the same file , the file appears to him as RO,he is unable to > write/save the file. > But our requirement is that multiple users will be accessing the same file > at the same time & will perform read/write/save simultaneously.It should > not > happened that if one user is perform write/save action on a file,other > users > will be denied to perform write/save operation on the same file.How to do > that? > Please help me in this regard.IT is required immediately and it is very > urgent for ur project.Please help me. > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > > To: samba@lists.samba.org To: [EMAIL PROTECTED] Cc: samba@lists.samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smaba + ldap + privilages
Dear all I have smb+ ldap setup not everything is fine but i want to assign some right to perticuler Group so they can change TCP/IP properties and change system time and do some other right Is it possible to give some privilages to normal users ??? $ cat ~/satish/url.txt http://www.linuxbug.org _ - Why delete messages? Unlimited storage is just a click away. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem accessing Samba shares simultaneously by multiple users
Hello All! I am using Samba Version 2.2.7a on a RedHat linux 9 box.Some .php files are stored on the Samba server and Users are accessing these files from windows system.They are using EditPlus to work on these .php files.Problem is that when more than one users are accessing the same file,they are unable to perform write operation on the file.E.g suppose user A has opened a file with RW priviledge,user A is working on that file.If at the same time User B is opening the same file , the file appears to him as RO,he is unable to write/save the file. But our requirement is that multiple users will be accessing the same file at the same time & will perform read/write/save simultaneously.It should not happened that if one user is perform write/save action on a file,other users will be denied to perform write/save operation on the same file.How to do that? Please help me in this regard.IT is required immediately and it is very urgent for ur project.Please help me. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
