RE: [Samba] Roaming Profiles Load Very Slowly

[L.P.H. van Belle]

Also try to set you nic fixed speeds.

and your profile is 1.1. MB ?? thats very very small.
a normal profile is about 10-25 Mb.

Louis

>-Oorspronkelijk bericht-
>Van: [EMAIL PROTECTED] 
>[mailto:[EMAIL PROTECTED] Namens Greg Koch
>Verzonden: dinsdag 27 mei 2008 17:40
>Aan: Adam Williams
>CC: samba@lists.samba.org
>Onderwerp: Re: [Samba] Roaming Profiles Load Very Slowly
>
>The profiles are 1.1MB (Just the default files and a few other 
>things to 
>test with).  The server is 1000MB and the clients are 100MB.  This is 
>why it has baffled me so much!
>
>Adam Williams wrote:
>> how big are the profiles?  what speeds are the NICs in the 
>server and 
>> client PCs operating at?
>>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/listinfo/samba
>   

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: printer drivers - Add Printer Wizard disabled

[Michael Lueck]

Oh, one other note... You will have to log on to the domain as a userid with 
Printer Admin permissions.

For some reason after re-reading the OP's question, I am not certain they are 
doing that.

--
Michael Lueck
Lueck Data Systems
http://www.lueckdatasystems.com/

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: printer drivers - Add Printer Wizard disabled

[Michael Lueck]

Michael Heydon wrote:

 From the smb.conf man page:
 printer admin (S)


Correct. I cover printing via CUPS / Samba from Windows clients in my 
presentation:

Samba 3 PDC for Windows Clients and Samba 3 Book Review
http://www.lueckdatasystems.com/pub/presentations/iccm2007.pdf
PDF page 21

Samba, as far as I know, does not automatically make Domain Admins 
"SePrintOperatorPrivilege's", so I specifically link Domain Admins to 
SePrintOperatorPrivilege.

Note: Also it is necessary to have the [print$] share set up properly as a 
repository for the drivers to be uploaded to.

--
Michael Lueck
Lueck Data Systems
http://www.lueckdatasystems.com/

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Can Samba send DNS updates?

[David Disseldorp]

On Tue, 27 May 2008 13:47:44 -0400
Ryan Novosielski <[EMAIL PROTECTED]> wrote:

> Doesn't this depend on your DNS server, or are we talking about Samba
> being a member of an AD forest?

Yes, I was assuming the Windows 2k3 AD domain controller was also acting
as DNS server.

Cheers, Dave
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] printer drivers - Add Printer Wizard disabled

[Michael Heydon]

Joshua Swink wrote:

* Add the name of the user as "printer admin = username" in smb.conf.
However, testparm told me that "printer admin" was deprecated. Also it
didn't work.

  

From the smb.conf man page:

 printer admin (S)
 ...
This  parameter  has been marked deprecated in favor of 
using the
SePrintOperatorPrivilege and individual print  security  
descrip-

tors. It will be removed in a future release.

You can use the "net" command to grant SePrintOperatorPrivilege to your 
user.




*Michael Heydon - IT Administrator *
[EMAIL PROTECTED] 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] printer drivers - Add Printer Wizard disabled

[Lukasz Szybalski]

On Tue, May 27, 2008 at 6:55 PM, Joshua Swink <[EMAIL PROTECTED]> wrote:
> I'm following along in the guide, trying to make printer drivers
> available from Samba. But when I right-click on a printer in Windows
> XP and select the "properties" tab, it's disabled:
>
> http://tinypic.com/usermedia.php?uo=BMeeHijW2w%2FyTvDsjpQbEQ%3D%3D
>
> So how do I enable this so the client can upload the drivers? So far I
> have tried:
>
> * Add the name of the user as "printer admin = username" in smb.conf.
> However, testparm told me that "printer admin" was deprecated. Also it
> didn't work.
> * I wasn't sure if I was connected as a guest, so disabled all "guest
> ok = yes" settings. However, this didn't prompt Windows to pop up a
> login dialog and the printer wizard remains disabled.
>
>
> Here is the output of smbstatus. It shows the machine I was connected
> from. smb.conf contains "printer admin = pmoose" in the [print$]
> section, yet I still can't upload the driver.
>
> ==CUT===
> [EMAIL PROTECTED]:/etc/samba# smbstatus
>
> Samba version 3.0.28a
> PID Username  Group Machine
> ---
>
> Service  pid machine   Connected at
> ---
> IPC$ 16232   pmoose1   Tue May 27 23:38:06 2008
>
> No locked files
> ==CUT===
>

as a temorary workaround try using:

force user = myusername

myusername should be somebody that has privillages to write to samba
driver directory..

Lucas
http://www.lucasmanual.com/mywiki/SambaDomainController
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] printer drivers - Add Printer Wizard disabled

[Joshua Swink]

I'm following along in the guide, trying to make printer drivers
available from Samba. But when I right-click on a printer in Windows
XP and select the "properties" tab, it's disabled:

http://tinypic.com/usermedia.php?uo=BMeeHijW2w%2FyTvDsjpQbEQ%3D%3D

So how do I enable this so the client can upload the drivers? So far I
have tried:

* Add the name of the user as "printer admin = username" in smb.conf.
However, testparm told me that "printer admin" was deprecated. Also it
didn't work.
* I wasn't sure if I was connected as a guest, so disabled all "guest
ok = yes" settings. However, this didn't prompt Windows to pop up a
login dialog and the printer wizard remains disabled.


Here is the output of smbstatus. It shows the machine I was connected
from. smb.conf contains "printer admin = pmoose" in the [print$]
section, yet I still can't upload the driver.

==CUT===
[EMAIL PROTECTED]:/etc/samba# smbstatus

Samba version 3.0.28a
PID Username  Group Machine
---

Service  pid machine   Connected at
---
IPC$ 16232   pmoose1   Tue May 27 23:38:06 2008

No locked files
==CUT===

Thanks for any assistance.

Josh
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Airing Dirty Laundry

[Avery Payne]

On Tue, 27 May 2008 17:40:41 -0500, John H Terpstra wrote:

> Instead of posting an unreadable smb.conf file, please be kind to the
> people who want to help you.  You could send the output of: testparm -s
> 
> Testparm will output only those parameters that are set at non-default
> value and presents it in a much more readable format. Try it, you will
> see what we mean.

Was going to do that originally (sigh).  I'll have to tend to it 
tomorrow.  It takes time to "sanitize" the output.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Roaming Profiles Load Very Slowly

[Gar Nelson]

Greg, this is old, but I found it quite useful. 
http://www.css.taylor.edu/~nehresma/samba.html


We've had two problems with roaming profiles. The first is that staff 
members store all kinds of stuff in their profile. The above document, 
about halfway down, "Profile changes" helped out here greatly.


The second problem that we had was Windows XP offline file 
synchronization. You can find that in Start -> All Programs -> 
Accessories -> Synchronization.  Our systems defaulted to turning it on. 
Manually going in and turning it all off (use the "setup" button too, 
more stuff there) made a dramatic difference.


Good Luck.
Gar

Greg Koch wrote:

Hi!

Looking for a bit of help!

I have been using Linux for a while as a hobby, and can get around it 
pretty quickly.  I have created a Gentoo Samba server and set it as 
PDC with roaming profiles (there are several other services running on 
the server as well).  I can login with my XP machines and the profile 
is downloaded to the machine but it is VERY VERY VERY slow.  After a 
login is started, there is a blank blue screen (~4min), then the 
dialog that says "Loading your personal settings..."(~7min), and 
another that says "Applying your personal settings..."(~6min).  The 
whole login process takes ~15 minutes with any user.  The server is 
running an AMD64 2GHz and the client is AMD Athlon 1.32GHz.  I have 
used these clients on a Windows 2003 Server with AD and roaming 
profiles before and it didn't take anywhere near this amount of time 
(usually logon was <1Min).All network drives are mapped properly (home 
and other shares through login.bat) Logoff seems to only take ~30sec 
and IS storing the information to the server correctly.


I have searched and searched through Samba docs and Google, and I just 
can't find anyone that has a viable solution for me.


Does anyone have a suggestion or solution?

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Fwd: [Samba] Transferring Local User Profiles When Joining Domain

[Juan Asensio Sánchez]

-- Forwarded message --
From: Juan Asensio Sánchez <[EMAIL PROTECTED]>
Date: 2008/5/28
Subject: Re: [Samba] Transferring Local User Profiles When Joining Domain
To: [EMAIL PROTECTED]


See last quention on http://mds.mandriva.org/wiki/MdsFaq

Regards.

2008/5/27 John H Terpstra <[EMAIL PROTECTED]>:
> On Tuesday 27 May 2008 02:29:35 pm Leandro Tracchia wrote:
>> i have about a dozen users who i would like to join to the samba domain
>> (pdc). how can i preserve their existing local windows xp user profiles
>> when they join the domain??? this is a big issue because i want my users to
>> experience this migration as easy as possible and not notice anything
>> different.
>
> Migrate the profiles to your Samba domain using the tools Microsoft provides.
>
> 1. Log onto the PC that has the profile.
> 2. Join the Samba domain.
> 3. Log onto the PC as the domain administrator (root, or whatever you have
> called this account)
> 4. Click: Start
> 5. Right-click on My Computer, select Properties, select Advanced, select User
> Profiles
> 6. click on the user profile you wish to migrate
> 7. Click on CopyTo, and follow the prompts.
>
> Make sure you give the new domain user account full access control to the
> profile before you copy it to the Samba PDC profile share.
>
> Not very difficult is it?
>
> - John T.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Setting up PDC w/ LDAP

[Daniel L. Miller]

OK, payment in advance: :-) :-) :-)

Wait a minute, let me change currencies

   _.-'-._
 .'  _ _  '.
/   (o)   (o)   \
   | |
   |  \   /  |
\  '.   .'  /
 '.  `'---'`  .'
   '-._.-'


   _.-'-._
 .'  _ _  '.
/   (o)   (o)   \
   | |
   |  \   /  |
\  '.   .'  /
 '.  `'---'`  .'
   '-._.-'


   _.-'-._
 .'  _ _  '.
/   (o)   (o)   \
   | |
   |  \   /  |
\  '.   .'  /
 '.  `'---'`  .'
   '-._.-'


John H Terpstra wrote:


Something I haven't seen in print yet - so I'll ask the question.  WHEN
is the appropriate time to use winbind with PDC's and BDC's?  



Winbind is needed when you have domain member servers, and to deal with SIDs 
for users of trusted foreign domains. Winbind is essential for interdomain 
trust handling.


If all your clients are domain members, and you never get clients from trusted 
domains on the network, you do not need winbind.  You can operate without it 
without loss of service, but you will not have use of BUILTIN groups (these 
are created and managed by winbind.


  

Almost there.  Really

Do I NEED those builtin groups for anything?  Do I WANT those builtin 
groups for anything (besides avoiding those nuisance error messages in 
my samba logs)?


If a couple clients are non-domain members (laptops that periodically 
plug-in) - but still no trusted domains involved - is there any need for 
winbind?
First: Do NOT use a domain name that has a '.' in it.  That has unexpected 
name resolution consequences.  A Samab smb.conf workgroup= parameter should 
not have a dot in it.


  
Ok...now that I've setup everything (again, for the nth time), do I need 
to reconfigure the server and every client?  Or just rename it on the 
server and the change will automagically propagate?


And beyond updating my srv records, will this have other DNS consequences?

idmap domains = AMFESLAN.LOCAL
idmap alloc backend = ldap
winbind enum users = Yes
winbind enum groups = Yes
idmap alloc config:range = 1-2
idmap alloc config:ldap_url = ldap://127.0.0.1
idmap alloc config:ldap_base_dn = ou=idmap,dc=amfeslan,dc=local
idmap config AMFESLAN.LOCAL:range = 1-2
idmap config AMFESLAN.LOCAL:ldap_url = ldap://127.0.0.1
idmap config AMFESLAN.LOCAL:ldap_base_dn =
ou=idmap,dc=amfeslan,dc=local
idmap config AMFESLAN.LOCAL:backend = ldap
idmap config AMFESLAN.LOCAL:default = yes



IDMAP is used to allocate unique UID/GID's for users from a trusted domain so 
they can access resources in our domain.  IDMAP is also used to create 
BUILTIN groups.
  

Ok...that part I get.  What I don't get -
1.  Is the above config (other than the domain name) correct?
2.  How does this config differ from my original one - since the docs 
say the previous version should have worked?


--
Daniel
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Airing Dirty Laundry

[John H Terpstra]

On Tuesday 27 May 2008 04:46:45 pm Avery Payne wrote:
>>...
>
> Yes, it's a mess, yes it needs some work - but that's why I'm posting it
> here, eh?

Instead of posting an unreadable smb.conf file, please be kind to the people 
who want to help you.  You could send the output of: testparm -s

Testparm will output only those parameters that are set at non-default value 
and presents it in a much more readable format. Try it, you will seee what we 
mean.

- John T.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Airing Dirty Laundry

[Avery Payne]

On Sat, 24 May 2008 01:00:31 +0200, Udo Rader wrote:


> 
> BTW, providing your smb.conf or actually the output of testparm would be
>  a good start point to get better feedback on what goes wrong with your
> installation.
> 
> - --
> Udo Rader
> http://www.bestsolution.at

Please note that this has had names changed to protect the guilty and 
confuse the innocent.  I have also heavily bowlderized any mention of
vendors into formats suitable for public display.  Settings have been
left intact, and the entire shebang is of course behind a firewall so
I have no fear in exposing networking names.

The references can easily be inferred and for those who are not in
the know, you can visit www.centos.org and determine for yourself what
Prominent North American Enterprise Linux Vendor refers to. :D

Please forgive the cut-n-paste verbosity but at the time there was 
considerable pressure and emphasis on documenting why each setting was
used, why the GUI wasn't used (which was a sore point with some staff) and
who-set-what, hence the repeated mention of GUI options not being 
available, etc.  And yes, there are a few sections that "repeat" - I 
noticed that and will be cleaning that up as we head towards implementing 
recommendations.  After getting my public flogging^W^W^W^Wreceiving 
constructive critism, I'll be looking forward to implementing ACL 
inheritance and other settings that are sorely missing.

Yes, it's a mess, yes it needs some work - but that's why I'm posting it 
here, eh?


#= Global Settings ===

[global]

# --- Network Related Options 
-
#
# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
#
# server string is the equivalent of the NT Description field
#
# netbios name can be used to specify a server name not tied to the 
hostname
#
# Interfaces lets you configure Samba to use multiple interfaces
# If you have multiple network interfaces then you can list the ones
# you want to listen on (never omit localhost)
#
# Hosts Allow/Hosts Deny lets you restrict who can connect, and you can
# specifiy it as a per share option as well
#
workgroup = PDX
; --- 2007-12-08 reset the server string to shorten its description and 
bring it in line with other porthole servers.
; --- This string can be set in the Prominent North American Enterprise 
Linux Vendor GUI.
server string = %L
netbios name = SRV2210
interfaces = lo eth0 eth1
; --- 2007-12-08 added standard options that increase performance (refer 
to the Offical Samba 3.2 documentation
; --- at samba.org).  DO NOT REMOVE THE SO_RCVBUF SETTING OR CHANGE IT, 
IT IS PART OF A FIX TO THE ISSUE SURROUNDING
; --- DELAYED WRITES FOR MACROSQUISH PORTHOLE CLIENTS.  YOU HAVE BEEN 
WARNED!
; --- This is NOT a standard Prominent North American Enterprise Linux 
Vendor GUI option (it doesn't exist).
socket options = TCP_NODELAY SO_KEEPALIVE IPTOS_LOWDELAY 
SO_RCVBUF=8192 SO_SNDBUF=16738

; --- 2008-01-16 added "keepalive" option 
keepalive = 30

; --- 2008-01-22 added "deadtime" option; zero means it will never 
disconnect
; --- a client.
deadtime = 0
getwd cache = yes
# --- Logging Options 
-
#
# Log File let you specify where to put logs and how to split them up.
#
# Max Log Size let you specify the max size log files should reach

log file = /var/log/samba.log

# logs split per machine
;   log file = /var/log/samba/%m.log

; Level 0 = ???
; Level 1 = Share Access recorded
; Level 2 = File Access recorded
; Level 3 = File Locking
; Level 4 = High-level SMB protocol actvity
log level = 1
# max 50KB per log file, then rotate
;   max log size = 50

# --- Security Model Options 
#
# Scurity can be set to user, share(deprecated) or server(deprecated)
#
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.

security = ads
passdb backend = tdbsam

# --- Domain Controller Options 

#
# Security must be set to user for domain controllers
#
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
#
# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a MacroSquish Porthole NT domain controller doing 
this job
#
# Domain Logons let Samba be a domain logon server for MacroSquish 
Porthole workstations.
#
# Logon Scrpit let yuou specify a script to be run at login time on the 
client
# You need to provide it in a share called NETLOGON
#
# Logon Path let you sp

Re: [Samba] samba, ads, winbind and active directory

[David Molina Cuevas]

Do you not get any result for a 'getent passwd', and yes for 'wbinfo -u' ?
I think I had the same problem before, I'll try to remember it.

David Molina


On Tue, May 27, 2008 at 3:25 PM, Jason Gerfen <[EMAIL PROTECTED]>
wrote:

> I can enumerate users and groups from the domain but I cannot authenticate
> the users.
>
> Any help?
>
> --
> Jas
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Procedure to rebuild a Samba PDC?

[Adam Williams]

move all of the .tdb files, and /etc/samba/* and everything in 
/var/lib/samba/*  and of course any data you have.  write down the SID 
of the old server (net getlocalsid, net getdomainsid) and set the new 
server to the same SID with net setlocalsid


Michael Lueck wrote:

Greetings-

Is there anywhere documented the correct process / procedure to go 
through when rebuilding a PDC on a new system (hardware refresh)?


It will a move from Debian Sarge with the 3.0.26a packages from 
samba.org to Ubuntu Server 8.04, and I think the stock Samba packages 
for now.


Thanks!



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Setting up PDC w/ LDAP

[Daniel L. Miller]

John H Terpstra wrote:

On Tuesday 27 May 2008 02:22:15 pm Daniel L. Miller wrote:
  

I've almost got it.  I swear I've almost got it (and I've been doing a
lot of swearing lately).



Swearing does not help much. :-)

  

It does too!  I haven't broken a single keyboard!

I re-built my PDC, starting from scratch.  I'm not using the editposix
extensions anymore - I'm using the smbldap tools as shown (I think) in
the Samba by Example.



Now that is a really good guide. (Biased opinion of course!) It is a pity that 
this book is a little out of date.  Someone really should contribute updates 
to it I guess.
  
I'd be delighted to - but at the moment it'd be the blind leading the 
totally clueless.

I really really thought I did everything right.  Obviously I was wrong.



Ah, you mean you have been learning to swim. A good start to using Samba.
  
Unfortunately I still splash far too much without making efficient 
forward progress.  I can go sideways really good though!

First question:  under this configuration, do I need winbind at all?



That depends!  You can probably get away without winbind.  If you do need it, 
you should update the configuration since winbindd has changed since Samba 
3.0.20 - the version the book was last updated for.
  
Something I haven't seen in print yet - so I'll ask the question.  WHEN 
is the appropriate time to use winbind with PDC's and BDC's?  If the 
only (intended) purpose is for member servers and joining Windows 
NT/2000+ domains - please say so.  The 3.2 Using Samba says "...in the 
majority of cases |winbind| is of primary interest for use with domain 
member servers (DMSs) and domain member clients (DMCs)." - but that's 
not quite the same as, "In an exclusively Samba server environment, with 
a common LDAP backend (replicated or single), winbind offers no 
additional features and in fact can cause problems.  Do NOT use winbind 
in such a configuration."

If the answer is yes, second question:
wbinfo -t   yields   checking the trust secret via RPC calls succeeded
wbinfo -u   yields   Error looking up domain users



It is no longer possible to use wbinfo on the PDC itself. See Samba Bugzilla 
bug no. 5453.


  

I should also mention that I can't add the built-in or local groups
using net.



Correct. For that you will need the new winbind configuration syntax - you are 
running 3.0.28 aren't you?  See man idmap_ldap, or man idmap_tdb.
  
Now I'm more confused.  I'm reviewing those pages - and while I do see 
some other parameters, they say in their absence they will default to 
using the ones I've specified.  I don't see what I'm missing.  I've 
revised to show:


   idmap domains = AMFESLAN.LOCAL
   idmap alloc backend = ldap
   winbind enum users = Yes
   winbind enum groups = Yes
   idmap alloc config:range = 1-2
   idmap alloc config:ldap_url = ldap://127.0.0.1
   idmap alloc config:ldap_base_dn = ou=idmap,dc=amfeslan,dc=local
   idmap config AMFESLAN.LOCAL:range = 1-2
   idmap config AMFESLAN.LOCAL:ldap_url = ldap://127.0.0.1
   idmap config AMFESLAN.LOCAL:ldap_base_dn = 
ou=idmap,dc=amfeslan,dc=local

   idmap config AMFESLAN.LOCAL:backend = ldap
   idmap config AMFESLAN.LOCAL:default = yes

Functionality and error messages remain the same.

I hope that helps.
  
Helps a lot - but I'm needy and greedy and would still appreciate more 
of your insight.



--
Daniel
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Setting up PDC w/ LDAP

[Adam Williams]

no you don't need winbind, i'm using LDAP + samba + NSS_LDAP.

paste your net command and the error(s) its giving.

Daniel L. Miller wrote:
I've almost got it.  I swear I've almost got it (and I've been doing a 
lot of swearing lately).


I re-built my PDC, starting from scratch.  I'm not using the editposix 
extensions anymore - I'm using the smbldap tools as shown (I think) in 
the Samba by Example.


I really really thought I did everything right.  Obviously I was wrong.

What works - all my workstations and logins.  Add/create users, join 
workstations to domain.  Just about everything.


The last little item - winbind.

I suppose I need to give some vitals:
Samba 3.0.28a.
Samba PDC - no Windows servers, no BDC's, no member servers.
Linux and Windows XP workstations.
OpenLDAP backend with combined Unix and Windows users (using 
LDAP-Account Manager).


First question:  under this configuration, do I need winbind at all?

If the answer is yes, second question:
wbinfo -t   yields   checking the trust secret via RPC calls succeeded
wbinfo -u   yields   Error looking up domain users

The logfile log.wb-AMFESLAN.LOCAL has
[2008/05/27 12:17:40, 1] 
rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(625)
 cli_pipe_validate_current_pdu: RPC fault code 
DCERPC_FAULT_OP_RNG_ERROR received from remote machine BUBBA pipe 
\lsarpc fnum 0x7169!


logfile log.winbindd-idmap has
[2008/05/27 12:17:40, 1] nsswitch/idmap.c:idmap_init(377)
 Initializing idmap domains
[2008/05/27 12:17:40, 0] nsswitch/idmap.c:idmap_init(388)
 idmap_init: Ignoring domain AMFESLAN.LOCAL

I should also mention that I can't add the built-in or local groups 
using net.


partial output of testparm:
Processing section "[printers]"

Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions

[global]
   workgroup = AMFESLAN.LOCAL
   realm = AMFESLAN.LOCAL
   server string = %h server (Samba, Ubuntu)
   map to guest = Bad User
   obey pam restrictions = Yes
   passdb backend = ldapsam:ldap://localhost
   pam password change = Yes
   passwd program = /usr/sbin/smbldap-passwd -u %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n 
*Retype\snew\s*\spassword:* %n\n *all*authentication*tokens*updated*

   username map = /etc/samba/smbusers
   unix password sync = Yes
   syslog = 0
   log file = /var/log/samba/log.%m
   max log size = 1000
   time server = Yes
   socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=20480 
SO_SNDBUF=20480

   add user script = /usr/sbin/smbldap-useradd -m "%u"
   delete user script = /usr/sbin/smbldap-userdel "%u"
   add group script = /usr/sbin/smbldap-groupadd -p "%g"
   delete group script = /usr/sbin/smbldap-groupdel "%g"
   add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
   delete user from group script = /usr/sbin/smbldap-groupmod -x 
"%u" "%g"

   set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
   add machine script = /usr/sbin/smbldap-useradd -w "%u"
   logon script = logon.cmd
   logon path = \\%L\profiles\%U\%a
   logon drive = U:
   logon home =
   domain logons = Yes
   os level = 64
   preferred master = Yes
   domain master = Yes
   wins support = Yes
   ldap admin dn = "cn=admin,dc=amfeslan,dc=local"
   ldap delete dn = Yes
   ldap group suffix = ou=groups
   ldap idmap suffix = ou=idmap
   ldap machine suffix = ou=machines,ou=users
   ldap passwd sync = Yes
   ldap suffix = dc=amfeslan,dc=local
   ldap ssl = no
   ldap user suffix = ou=users
   panic action = /usr/share/samba/panic-action %d
   idmap backend = ldap:ldap://127.0.0.1
   idmap uid = 1-2
   idmap gid = 1-2
   winbind enum users = Yes
   winbind enum groups = Yes
   ea support = Yes
   profile acls = Yes
   veto oplock files = /*.QBW/*.qbw/*.MDB/*.mdb/
   dos filemode = Yes

[printers]
   comment = All Printers
   path = /var/spool/samba
   create mask = 0700
   guest ok = Yes
   printable = Yes
   browseable = No



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] home driectory mapping --drive letter Z:

[John H Terpstra]

On Tuesday 27 May 2008 02:35:28 pm Christopher Perry wrote:
> I think it's great that samba maps the home directory for the user when
> they login, but where does hte letter Z come from?
>
> I'd like to set this to another letter. (?) is it possible?
>
>
> Thanks,
> c

Please check: man smb.conf

Search for "logon drive"

- John T.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Transferring Local User Profiles When Joining Domain

[John H Terpstra]

On Tuesday 27 May 2008 02:29:35 pm Leandro Tracchia wrote:
> i have about a dozen users who i would like to join to the samba domain
> (pdc). how can i preserve their existing local windows xp user profiles
> when they join the domain??? this is a big issue because i want my users to
> experience this migration as easy as possible and not notice anything
> different.

Migrate the profiles to your Samba domain using the tools Microsoft provides.

1. Log onto the PC that has the profile.  
2. Join the Samba domain.  
3. Log onto the PC as the domain administrator (root, or whatever you have 
called this account)
4. Click: Start
5. Right-click on My Computer, select Properties, select Advanced, select User 
Profiles
6. click on the user profile you wish to migrate
7. Click on CopyTo, and follow the prompts.

Make sure you give the new domain user account full access control to the 
profile before you copy it to the Samba PDC profile share.

Not very difficult is it?

- John T.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] home driectory mapping --drive letter Z:

[Christopher Perry]

I think it's great that samba maps the home directory for the user when 
they login, but where does hte letter Z come from?


I'd like to set this to another letter. (?) is it possible?


Thanks,
c
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Transferring Local User Profiles When Joining Domain

[Leandro Tracchia]

i have about a dozen users who i would like to join to the samba domain
(pdc). how can i preserve their existing local windows xp user profiles when
they join the domain??? this is a big issue because i want my users to
experience this migration as easy as possible and not notice anything
different.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Samba 3.0.25b on centos 5.1 a lot of signal 11 very unstable!!!

[John Mazza]

I've found that if I delete anything from a roaming profile on the client-side, 
I need to delete the server-side 
copy entirely, then log out to save a new roaming profile.  



On Tue, 27 May 2008 18:29:34 + (UTC), Avery Payne wrote:

>On Tue, 26 Feb 2008 22:12:53 -0800, Alberto Moreno wrote:


>> 
>> The only problem is this new server, i read about some changes
>> with samba 3.0.25b and oldest version, since we add this server to the
>> domain we had been having problems, we enable the roaming profile to our
>> windows clients, but some times the server doesn't update the user
>> profile, on other situations we lost the profile, example firefox
>> settings, or if  the user update some excel file next day appear with no
>> changes.

>Roaming profiles are just problematic, even on native Windows servers.  I 
>have seen several roaming profiles implode on WinXP client boxes.  I've 
>also seen bad behavior with Win2k client/server setups as well.  Symptoms 
>include the client creating new profiles, ignoring existing profiles, or 
>dialogs indicating profile corruption.

>> 
>>We have almost 3GB of core dumps since we setup samba inside
>> winbind folder, look this is my smb.conf file:

>[ lots of stuff snipped out ]


>> > lib/fault.c:dump_core(181) dumping core in /var/log/samba/cores/
>winbindd

>[ even more stuff snipped out]

>> [0x645c97] #19 winbindd [0x6443f2] #20 winbindd [0x615368] #21
>> winbindd(main+0x94d) [0x615dbd] #22 /lib/libc.so.6(__
>> libc_start_main+0xdc) [0x21fdec] #23 winbindd [0x614061] : 13 Time(s)


>> --
>> 
>> Hope this info give some point to start debugging this problem, does
>> someone see what is causing the problem? Thanks all for your time, if u
>> need more info please let me know, thanks!!!

>I'm no Samba or programming expert, but that last line looks like a libc 
>segfault.  Sig 11 errors a long time ago used to implicate RAM issues, 
>usually due to bad contacts or faulty RAM chips.This may sound silly 
>but try powering down the machine, unseating and reseating all of your 
>RAM.  If it continues, try reducing the RAM and see if the issue goes 
>away (due to a bad RAM stick).  Just my .02 cents.


>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/listinfo/samba


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Setting up PDC w/ LDAP

[Daniel L. Miller]

I've almost got it.  I swear I've almost got it (and I've been doing a 
lot of swearing lately).


I re-built my PDC, starting from scratch.  I'm not using the editposix 
extensions anymore - I'm using the smbldap tools as shown (I think) in 
the Samba by Example.


I really really thought I did everything right.  Obviously I was wrong.

What works - all my workstations and logins.  Add/create users, join 
workstations to domain.  Just about everything.


The last little item - winbind.

I suppose I need to give some vitals:
Samba 3.0.28a.
Samba PDC - no Windows servers, no BDC's, no member servers.
Linux and Windows XP workstations.
OpenLDAP backend with combined Unix and Windows users (using 
LDAP-Account Manager).


First question:  under this configuration, do I need winbind at all?

If the answer is yes, second question:
wbinfo -t   yields   checking the trust secret via RPC calls succeeded
wbinfo -u   yields   Error looking up domain users

The logfile log.wb-AMFESLAN.LOCAL has
[2008/05/27 12:17:40, 1] 
rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(625)
 cli_pipe_validate_current_pdu: RPC fault code 
DCERPC_FAULT_OP_RNG_ERROR received from remote machine BUBBA pipe 
\lsarpc fnum 0x7169!


logfile log.winbindd-idmap has
[2008/05/27 12:17:40, 1] nsswitch/idmap.c:idmap_init(377)
 Initializing idmap domains
[2008/05/27 12:17:40, 0] nsswitch/idmap.c:idmap_init(388)
 idmap_init: Ignoring domain AMFESLAN.LOCAL

I should also mention that I can't add the built-in or local groups 
using net.


partial output of testparm:
Processing section "[printers]"

Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions

[global]
   workgroup = AMFESLAN.LOCAL
   realm = AMFESLAN.LOCAL
   server string = %h server (Samba, Ubuntu)
   map to guest = Bad User
   obey pam restrictions = Yes
   passdb backend = ldapsam:ldap://localhost
   pam password change = Yes
   passwd program = /usr/sbin/smbldap-passwd -u %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n 
*Retype\snew\s*\spassword:* %n\n *all*authentication*tokens*updated*

   username map = /etc/samba/smbusers
   unix password sync = Yes
   syslog = 0
   log file = /var/log/samba/log.%m
   max log size = 1000
   time server = Yes
   socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=20480 
SO_SNDBUF=20480

   add user script = /usr/sbin/smbldap-useradd -m "%u"
   delete user script = /usr/sbin/smbldap-userdel "%u"
   add group script = /usr/sbin/smbldap-groupadd -p "%g"
   delete group script = /usr/sbin/smbldap-groupdel "%g"
   add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
   delete user from group script = /usr/sbin/smbldap-groupmod -x 
"%u" "%g"

   set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
   add machine script = /usr/sbin/smbldap-useradd -w "%u"
   logon script = logon.cmd
   logon path = \\%L\profiles\%U\%a
   logon drive = U:
   logon home =
   domain logons = Yes
   os level = 64
   preferred master = Yes
   domain master = Yes
   wins support = Yes
   ldap admin dn = "cn=admin,dc=amfeslan,dc=local"
   ldap delete dn = Yes
   ldap group suffix = ou=groups
   ldap idmap suffix = ou=idmap
   ldap machine suffix = ou=machines,ou=users
   ldap passwd sync = Yes
   ldap suffix = dc=amfeslan,dc=local
   ldap ssl = no
   ldap user suffix = ou=users
   panic action = /usr/share/samba/panic-action %d
   idmap backend = ldap:ldap://127.0.0.1
   idmap uid = 1-2
   idmap gid = 1-2
   winbind enum users = Yes
   winbind enum groups = Yes
   ea support = Yes
   profile acls = Yes
   veto oplock files = /*.QBW/*.qbw/*.MDB/*.mdb/
   dos filemode = Yes

[printers]
   comment = All Printers
   path = /var/spool/samba
   create mask = 0700
   guest ok = Yes
   printable = Yes
   browseable = No

--
Daniel
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] mount shares with path

[Helmut Hullen]

Hallo, Armin,

Du (armin.fuerst) meintest am 27.05.08:

> I need to mount a share I don't have direct access to only to one
> subdirectory. I have no problems mounting other shares on the same
> windows server with the same permissions.
> I can mount the volume through gnome "Connect to Server...", but I
> need it on the filesystem.

> What is working:
> smbmount //server1/share1 /mnt -o -fstype=cifs
> -noperm,credentials=/etc/auto.smb.server1

> What is not working:
> smbmount //server1/share2/dir1 /mnt -o -fstype=cifs
> -noperm,credentials=/etc/auto.smb.server1

What shows

smbclient -N -L server1

Does it show the share "share/dir1"? It shouldn't ...

Viele Gruesse!
Helmut
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem installing Printer-Drivers (solved)

[Jeremy Allison]

On Tue, May 27, 2008 at 12:14:13PM +0200, Johannes Weberhofer, Weberhofer GmbH 
wrote:
> This is just a information in case somebody runs into the same issue:
> 
> I was unable to upload drivers to a samba-server (3.0.28a and 3.0.29) via 
> the windows add printer wizard. The driver files started uploading, then 
> processing stopped saying the driver is not compatible to windows xp.
> 
> In the logs the following message popped up. However some files could be 
> copied:
> 
> [2008/05/27 10:30:09, 0] 
> printing/nt_printing.c:move_driver_to_download_area(1920)
>   move_driver_to_download_area: Unable to rename [W32X86/HPBHEALR.DLL] to 
>   [W32X86/3/HPBHEALR.DLL]

Can you get me a debug level 10 log of this please ? It's a crash
bug within Samba and I *hate* that :-).

Thanks,

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Samba 3.0.25b on centos 5.1 a lot of signal 11 very unstable!!!

[Avery Payne]

On Tue, 26 Feb 2008 22:12:53 -0800, Alberto Moreno wrote:


> 
> The only problem is this new server, i read about some changes
> with samba 3.0.25b and oldest version, since we add this server to the
> domain we had been having problems, we enable the roaming profile to our
> windows clients, but some times the server doesn't update the user
> profile, on other situations we lost the profile, example firefox
> settings, or if  the user update some excel file next day appear with no
> changes.

Roaming profiles are just problematic, even on native Windows servers.  I 
have seen several roaming profiles implode on WinXP client boxes.  I've 
also seen bad behavior with Win2k client/server setups as well.  Symptoms 
include the client creating new profiles, ignoring existing profiles, or 
dialogs indicating profile corruption.

> 
>We have almost 3GB of core dumps since we setup samba inside
> winbind folder, look this is my smb.conf file:

[ lots of stuff snipped out ]


> > lib/fault.c:dump_core(181) dumping core in /var/log/samba/cores/
winbindd

[ even more stuff snipped out]

> [0x645c97] #19 winbindd [0x6443f2] #20 winbindd [0x615368] #21
> winbindd(main+0x94d) [0x615dbd] #22 /lib/libc.so.6(__
> libc_start_main+0xdc) [0x21fdec] #23 winbindd [0x614061] : 13 Time(s)


> --
> 
> Hope this info give some point to start debugging this problem, does
> someone see what is causing the problem? Thanks all for your time, if u
> need more info please let me know, thanks!!!

I'm no Samba or programming expert, but that last line looks like a libc 
segfault.  Sig 11 errors a long time ago used to implicate RAM issues, 
usually due to bad contacts or faulty RAM chips.This may sound silly 
but try powering down the machine, unseating and reseating all of your 
RAM.  If it continues, try reducing the RAM and see if the issue goes 
away (due to a bad RAM stick).  Just my .02 cents.


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] netlogon script from a trusted domain controller is not executed

[Peter Slickers]

I'm running a samba 3.0.28a server as a primary domain controller
which is trusting another domain. The foreign or trusted domain
is hosted on a Windows NT4-SP6 system.

On a domain member computer (Windows XP-SP2) the netlogon script of a
user (who is registered with the NT4 domain) is not executed, if the
the workstation is joined to the samba domain. If I join the
workstation back to the NT4 domain, the netlogon script
executes automatically as intended.

I have tested several variants and at this point I would like to
know if samba supports redirection of netlogon scipts at all.
--
Peter Slickers

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Can Samba send DNS updates?

[Ryan Novosielski]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

David Disseldorp wrote:
> On Tue, 27 May 2008 01:11:05 -0400
> vr <[EMAIL PROTECTED]> wrote:
> 
>> I'd like to have my Samba client update their Windows DNS during Samba 
>> startup/shutdown like a typical Windows pc would do... Is this possible 
>> and what is the magic tweak?
> 
> First off, ensure Samba is built with the "--with-dnsupdate" configure
> option.
> 
> If all is well, joining an AD domain (with "net ads join") or doing a
> "net ads dns register" should both cause a DNS update.
> 
> Cheers, Dave

Doesn't this depend on your DNS server, or are we talking about Samba
being a member of an AD forest?

- --
  _  _ _  _ ___  _  _  _
 |Y#| |  | |\/| |  \ |\ |  | |Ryan Novosielski - Systems Programmer II
 |$&| |__| |  | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922)
 \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIPElAmb+gadEcsb4RAgc4AJ4luc5BMxtjnbHPsxwp+gc+Ua2XFQCggKPS
DbMpjNx6H44P+8Z99hMUZh4=
=PZMa
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbldap_open: cannot access LDAP when not root..

[johnh]

Thanks Dale,

Yes, i tried those things.

I now have it working, but the answer was to not use the version of Samba 
that comes with Fedora 9 (3.2.0pre3, I think)

I compiled 3.0.29 myself, then re-installed all the tdbs and LDAP stuff 
from the old server, then fired up that version, and all was well.

BTW - to get 3.0.29 to compile on Fedora 9, I had to comment out some 
lines starting on line 37 or oplock_linux.c to remove the capget/capset 
stuff.In case anyone needs it, here's a patch:

-8<- PUT THIS IN samba-3.0.29/source/smbd, save it as 
Fedora9-patch1.diff and run 'patch -p0 < Fedora9-patch1.diff -8<-
--- oplock_linux.c-orig 2008-05-27 13:17:16.0 -0400
+++ oplock_linux.c  2008-05-27 13:17:29.0 -0400
@@ -34,11 +34,11 @@
uint32 inheritable;
 } data;

-extern int capget(struct cap_user_header * hdrp,
+/* extern int capget(struct cap_user_header * hdrp,
  struct cap_user_data * datap);
 extern int capset(struct cap_user_header * hdrp,
  const struct cap_user_data * datap);
-
+*/
 static SIG_ATOMIC_T signals_received;
 #define FD_PENDING_SIZE 100
 static SIG_ATOMIC_T fd_pending_array[FD_PENDING_SIZE];
-8<-

-John




Dale Schroeder <[EMAIL PROTECTED]> 
05/27/2008 01:10 PM

To
[EMAIL PROTECTED]
cc

Subject
Re: [Samba] smbldap_open: cannot access LDAP when not root..






John,

You may have already done this, but ==>

The only thing I can think of is rerunning "smbpasswd -w".

There's also mention of file permission changes here:

http://www.archivum.info/linux.samba/2006-02/msg00037.html

Good luck,
Dale



[EMAIL PROTECTED] wrote:
> Greetings list,
>
> I just upgraded my main file server, and copied over a dump of my LDAP 
> database, samba conf files, tdbs, etc.
>
> Everything fired up OK and runs, except:
>
> -Some users (perhaps 5 or 6 out of 125) can't log in, getting the 
"domain 
> unavailable" message
> -I can't rejoin them to the domain - the process appears to succeed, but 

> doesn't
> -One of the machine accounts that doesn't work is my main print server 
:(
>
> The only log error I get is:
>
> [2008/05/27 10:21:43,  0] lib/smbldap.c:smbldap_open(1005)
>   smbldap_open: cannot access LDAP when not root..
>
> This occurs periodically in EVERY log file, even for working 
workstations.
>
> I have re-done granting rights to root/Administrator.  I've 
double-checked 
> everything I can think of, to no avail.
>
> Ideas would be greatly appreciated.
>
> Thanks,
>
> -John
>
>
> 


-- 
This e-mail is intended only for the named person or entity to which it
is addressed and contains valuable business information that is
privileged, confidential and/or otherwise protected from disclosure.
Dissemination, distribution or copying of this e-mail or the information
herein by anyone other than the intended recipient, or an employee, or
agent responsible for delivering the message to the intended recipient,
is strictly prohibited.  All contents are the copyright property of the
sender.  If you are not the intended recipient, you are nevertheless
bound to respect the sender's worldwide legal rights.  We require that
unintended recipients delete the e-mail and destroy all electronic
copies in their system, retaining no copies in any media.  If you have
received this e-mail in error, please immediately notify us by calling
our Help Desk at (603) 433-1143, or e-mail to [EMAIL PROTECTED]
We appreciate your cooperation.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba conncet ldap via socket

[Peter Slickers]

maike wrote:

Hi people, how i connect samba and ldap via socket?

Att,
Maiquel



The following setting works fine for me on a Debian testing system
and with openLDAP:

[globals]
passdb backend = ldapsam:ldapi://

I do not have to specify the name of the socket file, since
the LDAP server and the LDAP client library are both using the
same default settings. This condition holds true if the server and
the client library have been compiled from the same source and
with the same configuration.

Furthermore, you have to ensure that slapd opens a socket
at all. This is not enabled by default.

I had to add the following to /etc/defaults/slapd:

  SLAPD_SERVICES="ldap:/// ldapi:///"


The value of SLAPD_SERVICES is passed to slapd as a command-line
option by the demon startup script.
--
Peter Slickers
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Incorrect/incomplete group information when authenticating against AD

[Keith Edmunds]

Summary: a Samba server authenticating against AD can only
retrieve some, not all, groups that users belong to.

I have a Linux server "oldsys" (all version info given
below) making files available via Samba and authenticating
against Windows AD. This works without problems.

We want to migrate the data, and thus the Samba
configuration, to a new server "newsys". This has been done,
with the smb.conf file being copied from oldsys to newsys. I
have joined newsys to the AD tree. "wbinfo -t", "wbinfo -u"
and "wbinfo -g" give the expected results.

The group information for a given user is incomplete on
newsys. Here's the output from each system for one user:

oldsys # id Tiger 
uid=10353(tiger) gid=10001(Domain Users)
groups=10001(Domain Users),10008(Domain
Admins),10004(Services),10012(Compbio),10016(Admin),10020(Techserv),
10023(Inkjet),10024(Sysadmin),10063(IFRpan),10048(qcall)

newsys # id Tiger
uid=10004(tiger) gid=1(domain users) groups=1(domain users)

Not only is the newsys group list much shorter, but also the
"Domain Users" group is a different gid and the user has a
different uid. There is no user "Tiger" in the passwd
database on either Linux server, so the response is
apparently coming from the AD tree.

One other anomaly: a "getent passwd" on the old system lists
all the /etc/passwd entries as well as the AD users; the
same command on the new system lists only the /etc/passwd
users. An "egrep '(^passwd|^group|^shadow)'
/etc/nsswitch.conf" produces the same results on each
system:

passwd: files winbind
shadow: files
group:  files winbind

I'm at a loss to understand why the group information (and
the "getent passwd" list) are different on the two systems,
and I'd welcome any pointers.

Versions:
oldsys # smbd -V
Version 3.0.21a
oldsys # cat /etc/redhat-release
Red Hat Linux release 9 (Shrike)

newsys # smbd -V
Version 3.0.24
newsys # cat /etc/debian_version
4.0

Thanks for any ideas,
Keith

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba