[Samba] share folder for each user
hello we have an ldap server and a samba pdc; but our problem is that we don't want to have a roaming profile but we want that each user have his own place on the server that could be accessible every where but not to other users. any help? thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Access Denied to Printers
Hi! Trying to trace down a problem with printer sharing. I don't see anything glaringly obvious with my smb.conf. I am using LDAP and CUPS. Using a Windoze client, accessing a printer I receive the friendly "Access denied, unable to connect". Checking the Samba logs, I find: [2008/11/07 18:26:08, 0] param/loadparm.c:process_usershare_file(8268) process_usershare_file: share name ::{2227a280-3aea-1069-a2de-08002b30309d} contains invalid characters (any of %<>*?|/\+=;:",) [2008/11/07 18:26:08, 0] param/loadparm.c:process_usershare_file(8268) process_usershare_file: share name ::{2227a280-3aea-1069-a2de-08002b30309d} contains invalid characters (any of %<>*?|/\+=;:",) [2008/11/07 18:26:08, 0] smbd/service.c:make_connection(1362) daniel (192.168.0.60) couldn't find service ::{2227a280-3aea-1069-a2de-08002b30309d} I don't HAVE any shares with invalid characters - that I'm aware of. Is it possible there's something hiding in a corrupted tdb file? I've tried deleting ntprinters.tdb without improvement. -- Daniel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Computer disappears from workgroup - why?
I am using a simple workgroup-based Windows network with 4-6 computers. One is a Debian Etch server with Samba 3.0.24-6. The server is the WINS server for the network. I can browse the network fine and access shares on the server at all times. Trouble is, ONE machine (XP Pro SP3) that runs pretty much 24/7 spontaneously disappears from the list after a while. Let's call it //XFILES. This means, no matter from where I browse the network, XFILES is not listed anymore. All other computers are listed fine. I can still access XFILES' shares directly (e.g. "search for computer" finds it) but depending on the client this is not always possible. So I'd really like for the list to be accurate. To give you an example what I did: /etc/init.d/samba stop rm /var/lib/samba/wins.dat rm /var/cache/samba/browse.dat /etc/init.d/samba start I.e. deleting wins.dat and browse.dat and restarting Samba. After the first access of the server's shares from XFILES, smbtree shows the complete network, wins.dat and browse.dat are both created and updated and I see all computers when browsing from anywhere. Then, after a while of waiting, changing nothing on the network, suddenly XFILES goes missing. It is then no longer listed in browse.dat but I had seen it listed in wins.dat so the latter doesn't seem to be relevant. What "brings it back" is when I browse XFILES' shares from XFILES itself, but that is not always possible. My question is: What causes an always-on machine to spontaneously disappear from browse.dat? Is there any way I can debug this? Down below I have attached my relevant smb.conf settings. Kudos to anybody who can shed some light on this. Chris [global] workgroup = MYWORKGROUP announce version = 5.0 server string = smbserver wins support = yes name resolve order = hosts wins bcast lmhosts socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192 domain master = yes preferred master = true winbind enum groups = yes winbind enum users = yes strict locking = no -- View this message in context: http://www.nabble.com/Computer-disappears-from-workgroup---why--tp20387571p20387571.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Construction to access Windows Network and other networks.
Hello, Hello all, I've been working on a construction to make access to networkresources easier, using autofs. The construction permits user access to networkresources like a Samba/Windows server with cifs, FTP servers using curlftpfs and SSH using sshfs (fuse), in one directory created with autofs. I'm sure more services like nfs and ipx are possible, but I did not test that. (in fact there should be a lookup utility, simular to nmblookup or nbtscan and a mount helper, and of course support in the kernel..) The construction creates a directory in your home directory like: /home/sbon/Global Network under which the different networks go: /home/sbon/Global Network/FTP SSH access Windows Network When browsing the Windows Network tree, you're able to select the workgroup, host and share. /home/sbon/Global Network/ Windows Network/ BONONLINE/ ROUTER/ bononline ftp public sbon CWWERKGROEP These shares are mounted when accessed, using cifs. The use of credentials is supported, guest access is the default. Cifs is supporting much more than the kioslaves or the Gnome VFS. For example oplocks, ACL's and inotify, which play an important role in the Windows networks, but I think you already know that... (and: a desktop manager should should not be involved with network services/filesystems) The tree is dynamically created using nbtscan (or nmblookup) and smbclient. Because here mounts are used, the "remote" filesystem is accessible just like it's local. That's something else compared to the "vitual" kioslaves and Gnome VFS. I'm trying to write an article about this topic, which should soon appear in the dutch Linux Magazine. What I'm asking is, are you interested in this construction? I'm very enthousiast about it, and I'm sure it has potential. That's the reason I'm writing this email to you, I've posted about this issue on several places (OpenSuse forums, Fedora maillist, autofs maillist) but no reaction so far. And I do not understand. Like I said, this construction is imho far better than the existing ones! Or not...?? So please let me know what you think of it, positive or negative. At this moment I've stopped developing this futher (documentation/website!), due to lack of interest, but using this construction at home, with one server and one workstation. Look for some information at the website: http://linux.bononline.nl/linux/automountsmbshares/index.php Information there is not ready yet, I'm working on that. You'll get a good impression how it looks like on the screenshots page, of course. If you would like to have a installable example, please let me know. Looking forward to your reply, Stef Bon Voorburg the Netherlands -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Trying to get uid and gid to match and getent to work
[EMAIL PROTECTED] wrote: > > [EMAIL PROTECTED] wrote: > > I am using the following in my smb.conf on samba-3.0.28-0.el5.8 > > > > idmap domains = MYDOMAIN > > idmap config MYDOMAIN:backend= rid > > idmap config MYDOMAIN:base_rid = 998 > > idmap config MYDOMAIN:range = 998 - 4 > > idmap uid = 998-2 > > idmap gid = 998-2 > > template homedir = /home/users/%U > > # template primary group = "Domain Users" > > template shell = /bin/bash > > winbind separator = + > > ; winbind use default domain = Yes > > winbind enum users = yes > > winbind enum groups = yes > > > > The problem was first noticed when we connected to another member server > > and noticed that all of the usernames and groups were different. > > During trouble shooting we noticed that wbinfo was reporting the list of > > users but getent was not check libnss_winbind.so > > We just copied it to every directory we thought it might be looking > > > > /lib/libnss_winbind.so > > /lib64/libnss_winbind.so > > /lib64/libnss_winbind.so.2 > > /lib64/security/pam_winbind.so > > /usr/lib/libnss_winbind.so > > /usr/lib64/libnss_winbind.so > > /usr/lib64/nss/libnss_winbind.so > > /usr/lib64/nss/libnss_winbind.so.2 > > /usr/lib64/pppd/2.4.4/winbind.so > > > > Deleted the /var/cache/samba/winbind_cache.tdb > > and winbindd_idmap.tdb > > > > after restarting winbind and samba the winbindd_idmap.tdp did not reappear. > > and getent was still not working. > > > > Also seeing the following error when restart winbind > > > > Nov 6 11:57:58 localhost winbindd[21350]: [2008/11/06 11:57:58, 0] > > nsswitch/winbindd_cache.c:initialize_winbindd_cache(2230) > > Nov 6 11:57:58 localhost winbindd[21350]: initialize_winbindd_cache: > > clearing cache and re-creating with version number 1 > > Nov 6 11:57:58 localhost winbindd[21351]: [2008/11/06 11:57:58, 0] > > rpc_client/cli_pipe.c:cli_rpc_pipe_open_ntlmssp_internal(2363) > > Nov 6 11:57:58 localhost winbindd[21351]: > > cli_rpc_pipe_open_ntlmssp_internal: cli_rpc_pipe_bind failed with error > > NT_STATUS_NETWORK_ACCESS_DENIED > > > Okay, I was able to get getent to work. > had to go back to ldconfig to get the library files to load the variants of > libnss_winbind. > > So now am trying to get it to allow domain users to login and get the uid's > and gid's to match across servers. > I now have 2 servers reporting different uid's, haven't checked the gid's, but I assume I have the same problem. On system running samba-3.0.10-1.4E.9 MYDOMAIN+user1:*:10115:1:SMB User:/home/users/user1:/bin/bash MYDOMAIN+user2:*:10116:1:SMB User:/home/users/user2:/bin/bash MYDOMAIN+user3:*:10011:1:SMB User:/home/users/user3:/bin/bash MYDOMAIN+user4:*:10008:1:SMB User:/home/users/user4:/bin/bash On system 2 running samba samba3-3.0.32-36 MYDOMAIN+user1:*:12700:1:SMB User:/home/users/user1:/bin/bash MYDOMAIN+user2:*:12702:1:SMB User:/home/users/user2:/bin/bash MYDOMAIN+user3:*:12710:1:SMB User:/home/users/user3:/bin/bash MYDOMAIN+user4:*:12718:1:SMB User:/home/users/user4:/bin/bash -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Trying to get uid and gid to match and getent to work
[EMAIL PROTECTED] wrote: > I am using the following in my smb.conf on samba-3.0.28-0.el5.8 > > idmap domains = MYDOMAIN > idmap config MYDOMAIN:backend= rid > idmap config MYDOMAIN:base_rid = 998 > idmap config MYDOMAIN:range = 998 - 4 > idmap uid = 998-2 > idmap gid = 998-2 > template homedir = /home/users/%U > # template primary group = "Domain Users" > template shell = /bin/bash > winbind separator = + > ; winbind use default domain = Yes > winbind enum users = yes > winbind enum groups = yes > > The problem was first noticed when we connected to another member server and > noticed that all of the usernames and groups were different. > During trouble shooting we noticed that wbinfo was reporting the list of > users but getent was not check libnss_winbind.so > We just copied it to every directory we thought it might be looking > > /lib/libnss_winbind.so > /lib64/libnss_winbind.so > /lib64/libnss_winbind.so.2 > /lib64/security/pam_winbind.so > /usr/lib/libnss_winbind.so > /usr/lib64/libnss_winbind.so > /usr/lib64/nss/libnss_winbind.so > /usr/lib64/nss/libnss_winbind.so.2 > /usr/lib64/pppd/2.4.4/winbind.so > > Deleted the /var/cache/samba/winbind_cache.tdb > and winbindd_idmap.tdb > > after restarting winbind and samba the winbindd_idmap.tdp did not reappear. > and getent was still not working. > > Also seeing the following error when restart winbind > > Nov 6 11:57:58 localhost winbindd[21350]: [2008/11/06 11:57:58, 0] > nsswitch/winbindd_cache.c:initialize_winbindd_cache(2230) > Nov 6 11:57:58 localhost winbindd[21350]: initialize_winbindd_cache: > clearing cache and re-creating with version number 1 > Nov 6 11:57:58 localhost winbindd[21351]: [2008/11/06 11:57:58, 0] > rpc_client/cli_pipe.c:cli_rpc_pipe_open_ntlmssp_internal(2363) > Nov 6 11:57:58 localhost winbindd[21351]: > cli_rpc_pipe_open_ntlmssp_internal: cli_rpc_pipe_bind failed with error > NT_STATUS_NETWORK_ACCESS_DENIED > Okay, I was able to get getent to work. had to go back to ldconfig to get the library files to load the variants of libnss_winbind. So now am trying to get it to allow domain users to login and get the uid's and gid's to match across servers. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] AD howtos: LDAP needed?
Well there is an advantage if you are trying to role your own permissions/policy system. For example at my work (a research institute), we have our own LDAP to store things like who owns a storage area, who is a member of the group etc, so that we could get over the NIS limitation of 16 groups for a user. We also have such things defined as "user has sudo rights on this server", "user can modify mailing lists", groups of groups ("member of this lab gets added to these network shares, these permissions on mailing lists, this billing code for purchases etc), etc. All depends on what you need to do. I guess short answer: if what a windows share can do is sufficient for your needs then yeah just AD (which is a specific implementation of LDAP) is fine for you. On Nov 7, 2008, at 4:06 PM, degbert degbert wrote: My understanding is AD was/is MS's implementation of LDAP. http://en.wikipedia.org/wiki/Active_directory . AD added stuff on top of the base standard to support "group policies". Essentially MS made an LDAP object structure for Windows networks, that obviously, windows clients know what the objects in the LDAP mean and so display them properly in Network Places or whatever. On Nov 7, 2008, at 12:17 PM, degbert degbert wrote: Hello, Sorry for two messages, but I thought it would make more sense to use one message per question. Why do so many (but not all) AD howtos mention LDAP? Without configuring LDAP I can use getent passwd or getent group to see the users in the AD. Is there a benefit to also editing nsswitch to query LDAP? Degbert. So there is no advantage to adding ldap to the mix? Excellent, I hoped that was the answer :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] AD howtos: LDAP needed?
>> My understanding is AD was/is MS's implementation of LDAP. >> http://en.wikipedia.org/wiki/Active_directory . AD added stuff on top of the >> base standard to support "group policies". Essentially MS made an LDAP >> object structure for Windows networks, that obviously, windows clients know >> what the objects in the LDAP mean and so display them properly in Network >> Places or whatever. >> On Nov 7, 2008, at 12:17 PM, degbert degbert wrote: >> >>> Hello, >>> >>> Sorry for two messages, but I thought it would make more sense to use one >>> message per question. >>> >>> Why do so many (but not all) AD howtos mention LDAP? Without configuring >>> LDAP I can use getent passwd or getent group to see the users in the AD. >>> >>> Is there a benefit to also editing nsswitch to query LDAP? >>> >>> Degbert. So there is no advantage to adding ldap to the mix? Excellent, I hoped that was the answer :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Fwd: [Samba] AD howtos: LDAP needed?
Sorry my bad I forgot to reply all. Begin forwarded message: From: Mike Gallamore <[EMAIL PROTECTED]> Date: November 7, 2008 12:35:20 PM GMT+01:00 To: "degbert degbert" <[EMAIL PROTECTED]> Subject: Re: [Samba] AD howtos: LDAP needed? My understanding is AD was/is MS's implementation of LDAP. http://en.wikipedia.org/wiki/Active_directory . AD added stuff on top of the base standard to support "group policies". Essentially MS made an LDAP object structure for Windows networks, that obviously, windows clients know what the objects in the LDAP mean and so display them properly in Network Places or whatever. On Nov 7, 2008, at 12:17 PM, degbert degbert wrote: Hello, Sorry for two messages, but I thought it would make more sense to use one message per question. Why do so many (but not all) AD howtos mention LDAP? Without configuring LDAP I can use getent passwd or getent group to see the users in the AD. Is there a benefit to also editing nsswitch to query LDAP? Degbert. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] AD howtos: LDAP needed?
Hello! Well... I am just a newbie, so I might be wrong (and I'm probably am) but I don't think you need to set up Ldap to autenticate a Linux machine against an Active Directory server. If you want to do the opposite, probably yes (I'm not 100% sure). But since you're using the "getent passwd" command, I assume your Linux machine is the client, right? Then I don't think you need LDAP (but as I said, I'm probably wrong :S ) It should be enough with Samba I found this: http://www.windowsnetworking.com/articles_tutorials/Authenticating-Linux-Active-Directory.html http://www.linuxquestions.org/questions/linux-enterprise-47/linux-clientactive-directory-server-home-directories-403160/ Maybe it can help 2008/11/7 degbert degbert <[EMAIL PROTECTED]>: > Hello, > > Sorry for two messages, but I thought it would make more sense to use one > message per question. > > Why do so many (but not all) AD howtos mention LDAP? Without configuring > LDAP I can use getent passwd or getent group to see the users in the AD. > > Is there a benefit to also editing nsswitch to query LDAP? > > Degbert. > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] AD howtos: LDAP needed?
Hello, Sorry for two messages, but I thought it would make more sense to use one message per question. Why do so many (but not all) AD howtos mention LDAP? Without configuring LDAP I can use getent passwd or getent group to see the users in the AD. Is there a benefit to also editing nsswitch to query LDAP? Degbert. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] how to set samba to force users to log off ??
Hello I have samba PDC with tdbsam backend. I set logon hours by usrmgr.exe utility from 8am to 4pm but I would like to samba force users to log off after 4PM because logon hours doesn't do it. Is There any possibility without restarting smb nmb daemons to force users to log off?? Please reply . Sorry for my English :) Sylwester pod palmami! Egipt już od 1672 zł. Sprawdź nasze propozycje. http://klik.wp.pl/?adr=http%3A%2F%2Fwycieczki.wp.pl&sid=551 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Error: client not found in kerberos database while initializing kadmin interface
Hello, Everything looks like it is working fine. I get no errors, I can use kinit, net ads join works, wbinfo and co. work perfectly. The AD sees the computer added, the dns and reverse dns entries are created. Login via ssh even works with the AD users (but not with SSO). To make that work, I need a keytab, but when I run kadmin, I get the error: "client not found in kerberos database while initializing kadmin interface" How can I troubleshoot this? Degbert (losing hair) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SAMBA with iSCSI and filer ?
Frank Bonnet wrote: Hello Due to the impossibility to use Samba server as PDC fro the filer we plan to build a new SAMBA system that will use a filer throught iSCSI to mount users home directories and shares. I am interrested by feedback of admins that use such configuration in a production environement. Thanks a lot. . I forgot : NetAPP filer. ;-) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Failed to init inotity
Sorry, "Trop de fichiers ouverts" eq "too many files open" The actual values of files in /proc/sys/fs/inotify/* is # cat max_queued_events 16384 # cat max_user_instances 128 # cat max_user_watches 8192 What is the better values ? I suppose that I must change theses values for each boot ? Thanks Stéphane --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 Volker Lendecke <[EMAIL PROTECTED]> a écrit sur 07/11/2008 09:43:22 : > On Fri, Nov 07, 2008 at 09:34:48AM +0100, Stéphane PURNELLE wrote: > > I my log I have sometimes this message : > > smbd/notify_inotify.c:inotify_setup(283) Failed to init inotify - Trop de > > fichiers ouverts : 2661 Time(s) > > > > Informations : > > Samba 3.2.4 (ldap backend and acl support) > > Redhat Enterprise Linux 5.1 (data on XFS FS) > > > > What's means ? > > While I don't speak french I assume that this error message > means something along the lines "too many files open" or so. > If this is the case, you might want to increase the values > in /proc/sys/fs/inotify/* > > Volker > [rattachement "attnl9zq.dat" supprimé par Stéphane PURNELLE/COR/SOPARIND] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Failed to init inotity
On Fri, Nov 07, 2008 at 09:34:48AM +0100, Stéphane PURNELLE wrote: > I my log I have sometimes this message : > smbd/notify_inotify.c:inotify_setup(283) Failed to init inotify - Trop de > fichiers ouverts : 2661 Time(s) > > Informations : > Samba 3.2.4 (ldap backend and acl support) > Redhat Enterprise Linux 5.1 (data on XFS FS) > > What's means ? While I don't speak french I assume that this error message means something along the lines "too many files open" or so. If this is the case, you might want to increase the values in /proc/sys/fs/inotify/* Volker pgpTS5lIJ0E7N.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Failed to init inotity
Hi samba team, I my log I have sometimes this message : smbd/notify_inotify.c:inotify_setup(283) Failed to init inotify - Trop de fichiers ouverts : 2661 Time(s) Informations : Samba 3.2.4 (ldap backend and acl support) Redhat Enterprise Linux 5.1 (data on XFS FS) What's means ? Thanks Stephane Purnelle --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] SAMBA with iSCSI and filer ?
Hello Due to the impossibility to use Samba server as PDC fro the filer we plan to build a new SAMBA system that will use a filer throught iSCSI to mount users home directories and shares. I am interrested by feedback of admins that use such configuration in a production environement. Thanks a lot. . -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba