Re: [Samba] Samba memory usage - how big is it?
On Thu, Nov 13, 2008 at 02:00:06PM +0700, FC Mario Patty wrote: > I'd upgraded samba to v3.0.32 last Sunday before our samba server started to > hang. Every day we have to restart our server 2-3 times (today I just > restart it once). I can see via System Monitor that 33 of our users each > (pid) consume 13.6Mb (average) of memory. Our server only have 1Gb of RAM > but usually it runs very well (except that we've already moved solidworks > engineer to work with our samba server now). With the 'top' command I can > see the total usage of memory come near to 1Gb. Is it normal that we have to > add more RAM or maybe I can do something to tune it to run more fluently. > Thank you very much. No, that sounds like a memleak. 13.6MB is way too much, I would expect more like 3-5MB. First shot: Can you issue a smbcontrol pool-usage where is the process ID of such a large smbd, and send the output? Thanks, Volker pgpCf8ivFbxRw.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba memory usage - how big is it?
Hi, I'd upgraded samba to v3.0.32 last Sunday before our samba server started to hang. Every day we have to restart our server 2-3 times (today I just restart it once). I can see via System Monitor that 33 of our users each (pid) consume 13.6Mb (average) of memory. Our server only have 1Gb of RAM but usually it runs very well (except that we've already moved solidworks engineer to work with our samba server now). With the 'top' command I can see the total usage of memory come near to 1Gb. Is it normal that we have to add more RAM or maybe I can do something to tune it to run more fluently. Thank you very much. Regards, -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] OpenLDAP integration
Btw, an 'smbldap-useradd -m' won't create samba user but an 'smbldap-useradd -a' would (or you can add -m here too). Please correct me if I was wrong with this. Regards, -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] OpenLDAP integration
Have you stored the password for cn=admin in secrets.tdb? # smbpasswd -w put_your_ldap_admin_password_here Last week I tried to get a new samba server to authenticate to my PDC (samba+openLDAP) and after digging for two days I found out that the only part I missing was the above line. Stupid me. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] OPLOCK break timeout
Thank you Volker for sharing this information. > -Original Message- > From: Volker Lendecke [mailto:[EMAIL PROTECTED] > Sent: Tuesday, November 11, 2008 2:05 PM > To: Sudheer Kurichiyath > Cc: 'samba@lists.samba.org' > Subject: Re: [Samba] OPLOCK break timeout > > On Tue, Nov 11, 2008 at 12:25:16AM -0800, Sudheer Kurichiyath wrote: > > Please let me know the timeout value for samba and > Windows servers > > if a client does not respond to a oplock break request. Is this > > something that can be configured? > > Samba has it at 30 seconds fixed, not configurable. I would > guess this is modeled after Windows. In Samba, it's the > constant OPLOCK_BREAK_TIMEOUT in local.h. > > Volker > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: how to access my Windows Vista user folder from GNU Linux
On Wed November 12 2008 08:33, Seb wrote: > Any feedback please? > > > > On Tue, 11 Nov 2008 09:19:38 -0600, > > Seb <[EMAIL PROTECTED]> wrote: > > Hi, I have no problems whatsoever accessing and using my GNU Linux > > user directory from Windows Vista, but the reverse is not true. My > > /etc/samba/smb.conf has this (via testparm -s): > > > > ~$ testparm -s /etc/samba/smb.conf Load smb config files from > > /etc/samba/smb.conf Processing section "[homes]" Processing section > > "[printers]" Processing section "[print$]" Loaded services file OK. > > Server role: ROLE_DOMAIN_PDC [global] server string = %h server obey > > pam restrictions = Yes passdb backend = tdbsam pam password change = > > Yes passwd program = /usr/bin/passwd %u passwd chat = > > *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *p > > assword\supdated\ssuccessfully* . unix password sync = Yes syslog = 0 > > log file = /var/log/samba/log.%m max log size = 1000 domain logons = > > Yes dns proxy = No panic action = /usr/share/samba/panic-action %d > > > > [homes] comment = Home Directories valid users = %S read only = No > > create mask = 0700 directory mask = 0700 browseable = No > > > > [printers] comment = All Printers path = /var/spool/samba create mask > > = 0700 guest ok = Yes printable = Yes browseable = No > > > > [print$] comment = Printer Drivers path = /var/lib/samba/printers > > > > I'm a KDE user, so I go to Network folders, click on the machine > > running Windows. A folder "C$" shows up, and then clicking on it > > tells me that "The file or folder smb://machine/C$ does not exist. > > However, it asks me for a user name and password at other times, so > > the behaviour is not consistent. Any advice on what needs to be done > > would be appreciated. Thanks. > > > > > > Cheers, > > > > -- Seb > > > > -- To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/listinfo/samba > > -- > Seb Seb; Be aware that KDE 4.0 seems to have a bug in regards to browsing Windows shares. If you are using 4.0, try 4.1 or the more stable 3.5. -- Paul "We have met the enemy and he is us"; Pogo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba authentication PAM/LDAP
On Wed, Nov 12, 2008 at 03:41:12PM -0700, Christian McHugh wrote: > > On Wed, Nov 12, 2008 at 03:53:51PM -0500, Lenny Shovsky wrote: > > > Can Samba authenticate directly ( through pam_ldap ? ) via LDAP, which > > > only has Unix uids & password hashes ? Thank you. > > > > No. You need to store the NT hashes somewhere, either in > > LDAP or in another passdb backend. > > What about the nss winbind backend? Couldn't you setup nss_ldap and pam_ldap, > and still run a samba server with the nss winbind backend? Sure. But someone in the end must have the NT hashes. In the case of winbind it's a domain controller. Volker pgph8M1dD8659.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba authentication PAM/LDAP
> On Wed, Nov 12, 2008 at 03:53:51PM -0500, Lenny Shovsky wrote: > > Can Samba authenticate directly ( through pam_ldap ? ) via LDAP, which > > only has Unix uids & password hashes ? Thank you. > > No. You need to store the NT hashes somewhere, either in > LDAP or in another passdb backend. What about the nss winbind backend? Couldn't you setup nss_ldap and pam_ldap, and still run a samba server with the nss winbind backend? If anyone has any tips for doing this I'd really like to know. Thanks, Christian McHugh -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba authentication PAM/LDAP
On Wed, Nov 12, 2008 at 03:53:51PM -0500, Lenny Shovsky wrote: > Can Samba authenticate directly ( through pam_ldap ? ) via LDAP, which > only has Unix uids & password hashes ? Thank you. No. You need to store the NT hashes somewhere, either in LDAP or in another passdb backend. Volker pgpkGAbCyRdIG.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba authentication PAM/LDAP
Can Samba authenticate directly ( through pam_ldap ? ) via LDAP, which only has Unix uids & password hashes ? Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] file monitoring in samba
Inotifywait is not a statistical tool. It produces a real-time log of filesystem changes that includes the path to the file and the events that were triggered (file was opened, read, changed, deleted, etc.) -- Eric Robinson Disclaimer - November 12, 2008 This email and any files transmitted with it are confidential and intended solely for [EMAIL PROTECTED] If you are not the named addressee you should not disseminate, distribute, copy or alter this email. Any views or opinions presented in this email are solely those of the author and might not represent those of . Warning: Although has taken reasonable precautions to ensure no viruses are present in this email, the company cannot accept responsibility for any loss or damage arising from the use of this email or attachments. This disclaimer was added by Policy Patrol: http://www.policypatrol.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] file monitoring in samba
"Robinson wrote: > > I believe that smbstatus does show realtime file access > > Even so, you have the problem of tracking filesystem changes that occur > in other ways, such as scp, ftp, rsync, or local copying. > I agree, and I went to the web site for Inotifywatch. But this seems to be more of a statistical tool, or that's what I see from the examples. Which in an of itself is powerful tool and thanks for making me awayre of it. But the next big question that is going to be asked is who did it. I'll look some more at it and see if it can answer that question, if it can with very little overhead, then this would almost be a mandatory tool on most enterprise systems. > -- > Eric Robinson > > > > > > Disclaimer - November 12, 2008 > This email and any files transmitted with it are confidential and intended > solely for [EMAIL PROTECTED],[EMAIL PROTECTED] If you are not the named > addressee you should not disseminate, distribute, copy or alter this email. > Any views or opinions presented in this email are solely those of the author > and might not represent those of . Warning: Although has taken reasonable > precautions to ensure no viruses are present in this email, the company > cannot accept responsibility for any loss or damage arising from the use of > this email or attachments. > This disclaimer was added by Policy Patrol: http://www.policypatrol.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] file monitoring in samba
Nelson Serafica wrote: Does anyone know how can I monitor files that was being open and access in the samba directory? If this was not possible, is there third party apps that can help me do what I want? The vfs:audit module may do what you need: http://samba.org/samba/docs/man/Samba-HOWTO-Collection/VFS.html -- tkb -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Two problems with Samba in AD realm
On Wednesday 12 November 2008 19:23:52 Guillaume Rousse wrote: > Hello list. > > I recently moved to an AD environment. I'm still keeping a samba servers > to make my cups-managed printers available to windows users, rather than > duplicating configuration with a Windows print service. But I'm facing > two problems, probably due to the way we manage AD. > > First, all my host belong to a Unix-managed DNS domain > (msr-inria.inria.fr), not to the windows-managed one corresponding to > the AD realm (msr-inria.idf). It means resolving their IP address result > in foo.msr-inria.inria.fr, not in foo.msr-inria.idf. The Unix DNS is a > secondary server for the foo.msr-inria.idf, meaning SRV record lookup > still works. But all CIFS kerberos authentication attempt for the host > unqualified, or realm-qualified fails: I can't use \\foo, nor > \\foo.msr-inria.idf, only \\foo.msr-inria.inria.fr > > I know this is probably due to kerberos DNS-based hostname > canonicalisation, and not samba-specific (it also occurs with netapp > filers), but I initially understood it with my samba server. Is there > anything I could do there to make user's life easier ? > seems very complicated to me. Maybe you could use only one DNS system with differents dns zones (something like msr-inria.inria.fr for your general domain and windows.msr-inria.inria.fr for the AD part) all managed with bind ? This is what we have here and this allow a box to know is actual name without any kind of schizophrenia. if you need foo to be resolve as foo.msr-inria.inria.fr, you could have foo.msr-inria.inria.fr CNAME foo.windows.msr-inria.inria.fr foo.windows.msr-inria.inria.fr A x.x.x.x x.x.x.x PTR foo.windows.msr-inria.inria.fr (...) > > There is a user mapping option in samba, but it is primary meant for > mapping Windows users to Unix users, whereas I'd need there to map > Windows unqualified users to kerberos-realm users, instead of ad-realm > users. Is this possible someway ? I'm not sure to understand exactly your problem but I think that samba can't use a non-AD-kerberos-realm. If there is a way, i'm very interesting, though. -- Pascal Levy Ingénieur réseaux & ressources informatiques Bibliothèque InterUniversitaire Sainte Geneviève tél. : (33) 1 44 41 97 53 Bibliothèque InterUniversitaire de Langues Orientales tél. : (33) 1 44 77 95 00 [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Two problems with Samba in AD realm
Hello list. I recently moved to an AD environment. I'm still keeping a samba servers to make my cups-managed printers available to windows users, rather than duplicating configuration with a Windows print service. But I'm facing two problems, probably due to the way we manage AD. First, all my host belong to a Unix-managed DNS domain (msr-inria.inria.fr), not to the windows-managed one corresponding to the AD realm (msr-inria.idf). It means resolving their IP address result in foo.msr-inria.inria.fr, not in foo.msr-inria.idf. The Unix DNS is a secondary server for the foo.msr-inria.idf, meaning SRV record lookup still works. But all CIFS kerberos authentication attempt for the host unqualified, or realm-qualified fails: I can't use \\foo, nor \\foo.msr-inria.idf, only \\foo.msr-inria.inria.fr I know this is probably due to kerberos DNS-based hostname canonicalisation, and not samba-specific (it also occurs with netapp filers), but I initially understood it with my samba server. Is there anything I could do there to make user's life easier ? Second, when kerberos autentication fails, my samba server (and I guess, any CIFS server) fallbacks into password-based autentication. But there is an issue with the way we manage users account. We sync our unix ldap account into AD, meaning each 'bar' user exists in LDAP as 'MSR-INRIA.IDF\bar', but with a random password, and we authenticate them through their Unix-managed kerberos account 'MSR-INRIA.INRIA.FR\bar'. It means trying to authenticate them as 'MSR-INRIA.IDF\bar' won't work, and I get those error messages: [2008/11/12 18:47:32, 0] auth/auth_domain.c:domain_client_validate(260) domain_client_validate: unable to validate password for user rousse in domain MSR-INRIA to Domain controller CONCORDE.MSR-INRIA.IDF. Error was NT_STATUS_WRONG_PASSWORD. [2008/11/12 18:47:32, 0] auth/auth_domain.c:domain_client_validate(260) domain_client_validate: unable to validate password for user rousse in domain MSR-INRIA to Domain controller CONCORDE.MSR-INRIA.IDF. Error was NT_STATUS_WRONG_PASSWORD. [2008/11/12 18:47:32, 0] auth/auth_domain.c:domain_client_validate(260) domain_client_validate: unable to validate password for user rousse in domain MSR-INRIA to Domain controller CONCORDE.MSR-INRIA.IDF. Error was NT_STATUS_WRONG_PASSWORD. (I guess the windows client cached my credentials when I initially logged in). There is a user mapping option in samba, but it is primary meant for mapping Windows users to Unix users, whereas I'd need there to map Windows unqualified users to kerberos-realm users, instead of ad-realm users. Is this possible someway ? -- Guillaume Rousse Service des Moyens Informatiques INRIA Saclay - Ile de France Tel: 01 69 35 69 62 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] file monitoring in samba
> I believe that smbstatus does show realtime file access Even so, you have the problem of tracking filesystem changes that occur in other ways, such as scp, ftp, rsync, or local copying. -- Eric Robinson Disclaimer - November 12, 2008 This email and any files transmitted with it are confidential and intended solely for [EMAIL PROTECTED],[EMAIL PROTECTED] If you are not the named addressee you should not disseminate, distribute, copy or alter this email. Any views or opinions presented in this email are solely those of the author and might not represent those of . Warning: Although has taken reasonable precautions to ensure no viruses are present in this email, the company cannot accept responsibility for any loss or damage arising from the use of this email or attachments. This disclaimer was added by Policy Patrol: http://www.policypatrol.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] file monitoring in samba
"Robinson wrote: > > > smbstatus will give you this information. > > I don't think smbstatus shows realtime filesystem activity. Beyond that, > it definitely would not show changes to the filesystem that occur from > other processes besides samba. Perhaps I misunderstood, but I thought > Nelson wanted to watch a directory for changes. To be thorough, that > must include changes that occur in other ways, such as a user just > copying a file into the directory locally. > > -- > Eric Robinson > I believe that smbstatus does show realtime file access, but does not show a history of file access. I have been interested in this for awhile and I thing that audit comes closest to showing a history. The last time I tried to work with audit it only showed information for the last session. And the problem with both is that if someone connects and downloads copies of say a whole directory it doesn't show that. > > Disclaimer - November 12, 2008 > This email and any files transmitted with it are confidential and intended > solely for [EMAIL PROTECTED] If you are not the named addressee you should > not disseminate, distribute, copy or alter this email. Any views or opinions > presented in this email are solely those of the author and might not > represent those of . Warning: Although has taken reasonable precautions to > ensure no viruses are present in this email, the company cannot accept > responsibility for any loss or damage arising from the use of this email or > attachments. > This disclaimer was added by Policy Patrol: http://www.policypatrol.com/ > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] file monitoring in samba
> smbstatus will give you this information. I don't think smbstatus shows realtime filesystem activity. Beyond that, it definitely would not show changes to the filesystem that occur from other processes besides samba. Perhaps I misunderstood, but I thought Nelson wanted to watch a directory for changes. To be thorough, that must include changes that occur in other ways, such as a user just copying a file into the directory locally. -- Eric Robinson Disclaimer - November 12, 2008 This email and any files transmitted with it are confidential and intended solely for [EMAIL PROTECTED] If you are not the named addressee you should not disseminate, distribute, copy or alter this email. Any views or opinions presented in this email are solely those of the author and might not represent those of . Warning: Although has taken reasonable precautions to ensure no viruses are present in this email, the company cannot accept responsibility for any loss or damage arising from the use of this email or attachments. This disclaimer was added by Policy Patrol: http://www.policypatrol.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] file monitoring in samba
On Wed, Nov 12, 2008 at 10:34:23PM +0800, Nelson Serafica wrote: > Does anyone know how can I monitor files that was being open and access in > the samba directory? If this was not possible, is there third party apps > that can help me do what I want? smbstatus will give you this information. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] AD Member server and local UNIX groups
On Wed, Nov 12, 2008 at 11:19:22AM -0500, Robert M. Martel - CSU wrote: > So, is what I want to do even possible? If it is not, how do others > work around group membership issues - I can't be the only person running > a samba server where they are not permitted to alter the AD setup. I > can list AD users one at a time on the 'valid users' entry, but that > will get cumbersome pretty quickly. It is possible: You will have to add winbind-style local groups. Look at "net sam createlocalgroup", "net samm addmem" and "net sam delmem". Volker pgpeXg5B6Xi6R.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] AD Member server and local UNIX groups
Greetings, I hope someone can tell me if what I want to do is possible with Samba or not. I have been searching for info and found a number of people with similar problems, but not an answer. I have a Samba server (3.2.4) running on a Solaris 10 machine which is a member server in Active Directory (AD). I am using winbind. The AD users can access the samba server shares and UNIX services. I want to control access to some samba shares by putting a group name in a 'valid users' entry for the share (as I have done in the past when we had a samba-based PDC.) Our AD system is strictly HANDS-OFF, I cannot make any changes to it, cannot add groups, cannot change group memberships. It is run by a different department. So I cannot create my groups on the AD server. I had thought I could add AD users as members to the local UNIX groups on the samba server and use those group names on my "valid users" lines in smb.conf. When I tried that what I mostly see is the following in the logs: smblog.client: User CSUNET\martel-test not in 'valid users' smblog.client: User CSUNET\1001362 not in 'valid users' So, is what I want to do even possible? If it is not, how do others work around group membership issues - I can't be the only person running a samba server where they are not permitted to alter the AD setup. I can list AD users one at a time on the 'valid users' entry, but that will get cumbersome pretty quickly. Thanks in advance Bob Martel -- *** Bob Martel,System Administrator I met someone who looks a lot like you Levin College of Urban Affairs She does the things you do Cleveland State University But she is an IBM (216) 687-2214 [EMAIL PROTECTED]-Jeff Lynne *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Bizarre - How did windows user setfacl for a file??
> Listmates, > > In 8 years, since 2.02 (I think), I have never seen this ... You never know, this may be a desired feature. The question is, why is this a bad thing? I am not much of a Windows user and thus I really have to wonder why the ACL's create an issue. This is just a question from me to get some insight into the implications of ACL's delivered to the world via Samba. Also, you did not tell us if the underlying fs was ext3fs or ufs or zfs or what. Dennis -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] OpenLDAP integration
Brad Nielsen wrote:
I've followed the OpenLDAP + SAMBA Domain Controller tutorial
step-by-step: http://ubuntuforums.org/showthread.php?t=640760
And after long hours, and enless googling, I've yet to find a solution.
LDAP works great
SAMBA works great.
But the intergration between them don't work.
Here is the samba log:
root:/etc# tail /var/log/samba/log.smbd
smbd version 3.0.28a started.
Copyright Andrew Tridgell and the Samba Team 1992-2008
[2008/11/10 22:11:32, 0] auth/auth_util.c:create_builtin_administrators(792)
create_builtin_administrators: Failed to create Administrators
[2008/11/10 22:11:32, 0] auth/auth_util.c:create_builtin_users(758)
create_builtin_users: Failed to create Users
[2008/11/10 22:11:47, 0] auth/auth_util.c:create_builtin_administrators(792)
create_builtin_administrators: Failed to create Administrators
[2008/11/10 22:11:47, 0] auth/auth_util.c:create_builtin_users(758)
create_builtin_users: Failed to create Users
I've tried to "net groupmap" the group's, but they've already been
mapped, and still no luck.
I'm running Ubuntu 8.04, samba version 3.0.28a-1ubuntu4.5
When i try to access the share from the local machine with smbclient, I get:
root:/etc# smbclient //hostname/Storage -U ricky
Password:
session setup failed: NT_STATUS_LOGON_FAILURE
(Note: I renamed "hostname" with the original hostname, i don't want
to post any internal info.)
And if I do a ldapsearch, it brings up all of the right information.
My LDAP configuration in the smb.conf looks like this:
passdb backend = ldapsam:ldap://localhost/
ldap admin dn = cn=admin,dc=domain,dc=com
ldap user suffix = ou=Users
ldap suffix = dc=domain,dc=com
ldap idmap suffix = ou=Users
ldap passwd sync = Yes
ldap delete dn = Yes
ldap machine suffix = ou=Computers
ldap group suffix = ou=Groups
(Note: I renamed "domain com" with the original domain, I don't want
to post any internal info.)
I've double, triple, quad triple, and had someone else look at it, and
we are not seeing what could be going wrong.
If there is anyone who can shine some light on this, it'd be greatly
appreciated!
Thanks!
- Bradley
Looks like you are hitting the same stone-wall I encountered couple days
ago.
Try creating a user using -m and not -a
This is what I use:
smbldap-useradd -c "${fname} ${lname}" -M ${email} -N ${fname} -S
${lname} -A 1 -a -D H: -E allusers.bat -m -d "/data/home/${uid}" ${uid}
Let me know if that fixes it, because I did 'a lot' trying to get this
going and I am still not 100% convinced that this is the solution that
does it all...
Regards
Peter
--
Peter Van den Wildenbergh
Owner & Principal I.T. Consultant
meta-logica
13 Cimarron Meadows Close
Okotoks AB T1S 1T5
SREC office
E-mail : [EMAIL PROTECTED]
Phone : 403.984.9591 (ext. 591)
meta-logica office
E-mail : [EMAIL PROTECTED]
Web: www.meta-logica.com
Phone : (403) 478-META [6382]
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Domain Admin isn't admin any more
Hi! We are using Samba 3.0.22 PDC and 2 Samba 3.0.28 BDC with ldapsam based backend. Since about one week, the domain admin (admin) has no admin rights on the XP/2003 machines any more and I don't have an idea why. Can somebody please help me? Some tests and configurations: # id admin uid=0(root) gid=0(root) Gruppen=0(root),998(ldapadmin) # net groupmap list Domain Admins (S-1-5-21-8915387-1074272342-1703228666-512) -> ldapadmin Domain Users (S-1-5-21-8915387-1074272342-1703228666-513) -> ldapuser # ldapsearch -x uid=admin # extended LDIF # # LDAPv3 # base <> with scope subtree # filter: uid=admin # requesting: ALL # # Admin, Users, xxx.ac.at dn: uid=Admin,ou=Users,dc=,dc=ac.at objectClass: account objectClass: posixAccount objectClass: shadowAccount objectClass: sambaSamAccount sambaPwdMustChange: 2147483647 sambaLogoffTime: 0 sambaLogonTime: 0 sambaKickoffTime: 0 description: sambaDomainName: XX_XXX uid: Admin cn: Admin displayName: Admin sambaSID: S-1-5-21-1992494304-3358384209-1871445459-1000 uidNumber: 0 homeDirectory: /root loginShell: /bin/false shadowLastChange: 12529 sambaLogonScript: ver_nsc.cmd gidNumber: 0 sambaPrimaryGroupSID: S-1-5-21-1992494304-3358384209-1871445459-512 sambaProfilePath: //XX.XX.XX.XX/profiles/Admin sambaPwdCanChange: 1156912744 sambaPasswordHistory: sambaPwdLastSet: 1156912744 sambaAcctFlags: [U ] # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 cat /etc/samba/smb.conf [global] # NAME SETTINGS netbios name = x server string = x workgroup = x # SECURITY SETTINGS os level = 255 preferred master = yes domain master = yes local master = yes domain logons = yes security = user encrypt passwords = yes # min passwd length = 6 announce version = 7 announce as = NT admin users = @"Domain Admins",admin,Admin # PRINTER SETTINGS printing = BSD load printers = No disable spoolss = Yes show add printer wizard = No # LDAP SETTINGS ldap admin dn="uid=Admin,ou=Users,dc=xx,dc=ac.at" # ldap ssl = start_tls ldap ssl = no passdb backend = ldapsam ldap delete dn = no ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap machine suffix = ou=Clients ldap suffix = dc=xxx,dc=ac.at # ldap filter = (&(uid=%u)(objectclass=sambaSamAccount)) ldap passwd sync = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Session key
I am using "NTLM 0.12" dialect. I always see session key field as 0. Could any one tell me the scenario where server sends session key to client. Thanks and Regards Gourav -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] file monitoring in samba
Slight correction. The program is called inotifywait and it is parts of the inotify-tools package. -- Eric Robinson Disclaimer - November 12, 2008 This email and any files transmitted with it are confidential and intended solely for Nelson Serafica,[EMAIL PROTECTED] If you are not the named addressee you should not disseminate, distribute, copy or alter this email. Any views or opinions presented in this email are solely those of the author and might not represent those of . Warning: Although has taken reasonable precautions to ensure no viruses are present in this email, the company cannot accept responsibility for any loss or damage arising from the use of this email or attachments. This disclaimer was added by Policy Patrol: http://www.policypatrol.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] file monitoring in samba
Any kernel newer than 2.6.13 has a built in API called inotify that can alert userspace apps of changes to the filesystem. The program for doing that is called inotify-tools. You can specify what directories you want to watch and what events you want to watch for (create, read, write, rename, move, close, etc.). -- Eric Robinson -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nelson Serafica Sent: Wednesday, November 12, 2008 6:34 AM To: samba@lists.samba.org Subject: [Samba] file monitoring in samba Does anyone know how can I monitor files that was being open and access in the samba directory? If this was not possible, is there third party apps that can help me do what I want? -- Nelson Serafica http://nelsontux.blogspot.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Disclaimer - November 12, 2008 This email and any files transmitted with it are confidential and intended solely for Nelson Serafica,[EMAIL PROTECTED] If you are not the named addressee you should not disseminate, distribute, copy or alter this email. Any views or opinions presented in this email are solely those of the author and might not represent those of . Warning: Although has taken reasonable precautions to ensure no viruses are present in this email, the company cannot accept responsibility for any loss or damage arising from the use of this email or attachments. This disclaimer was added by Policy Patrol: http://www.policypatrol.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] file monitoring in samba
Does anyone know how can I monitor files that was being open and access in the samba directory? If this was not possible, is there third party apps that can help me do what I want? -- Nelson Serafica http://nelsontux.blogspot.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: how to access my Windows Vista user folder from GNU Linux
Any feedback please? On Tue, 11 Nov 2008 09:19:38 -0600, Seb <[EMAIL PROTECTED]> wrote: > Hi, I have no problems whatsoever accessing and using my GNU Linux > user directory from Windows Vista, but the reverse is not true. My > /etc/samba/smb.conf has this (via testparm -s): > ~$ testparm -s /etc/samba/smb.conf Load smb config files from > /etc/samba/smb.conf Processing section "[homes]" Processing section > "[printers]" Processing section "[print$]" Loaded services file OK. > Server role: ROLE_DOMAIN_PDC [global] server string = %h server obey > pam restrictions = Yes passdb backend = tdbsam pam password change = > Yes passwd program = /usr/bin/passwd %u passwd chat = > *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *p > assword\supdated\ssuccessfully* . unix password sync = Yes syslog = 0 > log file = /var/log/samba/log.%m max log size = 1000 domain logons = > Yes dns proxy = No panic action = /usr/share/samba/panic-action %d > [homes] comment = Home Directories valid users = %S read only = No > create mask = 0700 directory mask = 0700 browseable = No > [printers] comment = All Printers path = /var/spool/samba create mask > = 0700 guest ok = Yes printable = Yes browseable = No > [print$] comment = Printer Drivers path = /var/lib/samba/printers > I'm a KDE user, so I go to Network folders, click on the machine > running Windows. A folder "C$" shows up, and then clicking on it > tells me that "The file or folder smb://machine/C$ does not exist. > However, it asks me for a user name and password at other times, so > the behaviour is not consistent. Any advice on what needs to be done > would be appreciated. Thanks. > Cheers, > -- Seb > -- To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba -- Seb -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
samba@lists.samba.org
To manager users on the Samba/LDAP use the smbldap-tools scripts. read more on the https://gna.org/projects/smbldap-tools/ Reggards, -- iarly Selbir ( Ski0s ) On Wed, Nov 12, 2008 at 12:38 PM, Jean Frontin <[EMAIL PROTECTED]> wrote: > Hello, > > I am running a samba 3.0.32 under fedora core 9. > I only try to authenticate users against a ldap server. Of course this > server knows the encrypted password as microsoft does. I entered the ldap > password using smbpasswd to query into the ldap. After this, I just obtain a > message like "you don't have rights to ...". > > What errors do I make ??? > > Any ideas will be appreciated > > Many thanks for your help > > -- > Jean Frontin > System team > I R I T > Université Paul-Sabatier > 118, rte de Narbonne > 31062 Toulouse cedex 9 > France > tel (33)(0)5 61 55 63 03 > mail [EMAIL PROTECTED] > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Vista - Profile - Local
On 11/12/2008, lmhelp ([EMAIL PROTECTED]) wrote: >> As soon as you unjoin/rejoin a new domain, XP will >> create a username.NEWDOMAIN profile on your laptop. > Apparently it is what Vista is doing... > A c:\Users\lmhelp. is being created. Which is precisely the way it is designed to work... Again - as far as I know, there is NO way to allow a machine to use the same profile for two different domains - unless, as Alex pointed out, the other domain is trusted, but you'll still only be joined to one domain. One possibility would be to make sure that the other domain has a user account created that is identical to the other one, but you will have to manually keep the passwords in sync - meaning, if you change your password on your main machin, you'll have to chage the password for that account on the other domain account to be the same. > I have found a little thing: > I have added: > - a DWORD value > - in "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System" > - with name "LocalProfile" > - and value 1 (to say "Only allow local user profiles"). > I actually it works: I find again my previous profile. > > > But now, I want my "ProfileImagePath" key to be set to the unique > local profile I want to use: "c:\Users\lmhelp" > > Simply changing the value: > "HKEY_LOCAL_MACHINE -> SOFTWARE -> Microsoft -> Windows NT > -> CurrentVersion -> ProfileList -> ProfileImagaPath" > from "c:\Users\lmhelp." > to "c:\Users\lmhelp" > doesn't work. > I cannot log in as "\lmhelp" again after > that change. I would strongly urge you not to muck around with these registry settings unless you really know what you are doing... Here is a thread that discusses how user profiles are created that may be of some help, http://tiny.pl/s86h -- Best regards, Charles -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Vista - Profile - Local
On 11/12/2008, lmhelp ([EMAIL PROTECTED]) wrote: > I can tell you it is possible with XP. No, it isn't... what you describe below is NOT logging onto two different DOMAINS, it is using a domain profile, but NOT a ROAMING profile. > I can log on my computer: > as "\lmhelp" > as well as "\lmelp" > using exactly the same profile located at > "C:\Documents and Settings\lmhelp". > It is very convenient. > But to do so, one has to edit the registry. All you have to do is have XP (or Vista) set up to allow the use of cached domain credentials... this will allow someone to log onto, for example, a laptop that is joined to a domain, when it is not physically connected to the domain, using the domain profile, whether it is a roaming or local profile. See: http://support.microsoft.com/kb/q172931/ I know of no way to use the same profile for different DOMAINS, but would be most happy to learn of a way to do so (that isn't some kind of ugly hack)... -- Best regards, Charles -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Vista - Profile - Local
> > I can tell you it is possible with XP. > > I can log on my computer: > > as "\lmhelp" > > as well as "\lmelp" > > using exactly the same profile located at "C:\Documents and > > Settings\lmhelp". > > It is very convenient. > > But to do so, one has to edit the registry. > > I don't understand how that's possible. Your machine cannot be logging > on to the other domain, so the only way this is possible so far as I > know is if the two domains you're logging on to trust each other? I just re-read that. OK, so in your example you're using the same profile to log on to your local machine, and the domain. That's quite different from using the profile to log on to a second domain too. Whatever you've managed to make XP do, I'm pretty sure it isn't a Microsoft-supported configuration - unless someone else here knows better? Alex -- Alex Harrington - Network Development Manager Longhill High School t: 01273 391672 e: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
samba@lists.samba.org
Hello, I am running a samba 3.0.32 under fedora core 9. I only try to authenticate users against a ldap server. Of course this server knows the encrypted password as microsoft does. I entered the ldap password using smbpasswd to query into the ldap. After this, I just obtain a message like "you don't have rights to ...". What errors do I make ??? Any ideas will be appreciated Many thanks for your help -- Jean Frontin System team I R I T Université Paul-Sabatier 118, rte de Narbonne 31062 Toulouse cedex 9 France tel (33)(0)5 61 55 63 03 mail [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Vista - Profile - Local
> - > > It's not possible so far as I know. > - > > I can tell you it is possible with XP. > I can log on my computer: > as "\lmhelp" > as well as "\lmelp" > using exactly the same profile located at "C:\Documents and > Settings\lmhelp". > It is very convenient. > But to do so, one has to edit the registry. I don't understand how that's possible. Your machine cannot be logging on to the other domain, so the only way this is possible so far as I know is if the two domains you're logging on to trust each other? Alex -- Alex Harrington - Network Development Manager Longhill High School t: 01273 391672 e: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Vista - Profile - Local
Thank you for your answer Alex. - > It's not possible so far as I know. - I can tell you it is possible with XP. I can log on my computer: as "\lmhelp" as well as "\lmelp" using exactly the same profile located at "C:\Documents and Settings\lmhelp". It is very convenient. But to do so, one has to edit the registry. - > As soon as you unjoin/rejoin a new domain, XP will > create a username.NEWDOMAIN profile on your laptop. - Apparently it is what Vista is doing... A c:\Users\lmhelp. is being created. - > The closest I can suggest is to have the laptop in > a workgroup, and just map drives as required? - I am not sure I understand that. NEW: I have found a little thing: I have added: - a DWORD value - in "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System" - with name "LocalProfile" - and value 1 (to say "Only allow local user profiles"). I actually it works: I find again my previous profile. But now, I want my "ProfileImagePath" key to be set to the unique local profile I want to use: "c:\Users\lmhelp" Simply changing the value: "HKEY_LOCAL_MACHINE -> SOFTWARE -> Microsoft -> Windows NT -> CurrentVersion -> ProfileList -> ProfileImagaPath" from "c:\Users\lmhelp." to "c:\Users\lmhelp" doesn't work. I cannot log in as "\lmhelp" again after that change. Thanks in advance for your help. -- Lmhelp -- View this message in context: http://www.nabble.com/Vista---Profile---Local-tp20416486p20459254.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] OpenLDAP integration
Check if the users are stored on the samba database. # pdbedit -L or #pdbedit -Lv user_test Reggards, -- iarly Selbir ( Ski0s ) On Tue, Nov 11, 2008 at 8:37 PM, Brad Nielsen <[EMAIL PROTECTED]>wrote: > Hey Larly, > > I've got users and group's... > > I've used this command to create the user: > smbldap-useradd -a -m -M ricky -c "Richard M" ricky > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Vista - Profile - Local
> Has anyone ever got the same problem as I: > - having a LAPTOP running VISTA, > - being the ONLY user of that laptop, > - having to log SOMETIMES on a given Samba domain, SOMETIMES > on another, > - wanting to use always the SAME PROFILE whichever the login may be, > - wanting that profile to be LOCAL. It's not possible so far as I know. A domain profile, local or otherwise, is specific to that domain. As soon as you unjoin/rejoin a new domain, XP will create a username.NEWDOMAIN profile on your laptop. The closest I can suggest is to have the laptop in a workgroup, and just map drives as required? Alex -- Alex Harrington - Network Development Manager Longhill High School t: 01273 391672 e: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Vista - Profile - Local
Hi, I really do not manage to find "a kind of" "Windows Vista Registry Reference" to know what are the possible values and meanings of the keys which can be found in a Windows profile... like "State", "CentralProfile" or "ProfileImagePath" for instance. I suspect that "they" hide that kind of information. Has anyone ever got the same problem as I: - having a LAPTOP running VISTA, - being the ONLY user of that laptop, - having to log SOMETIMES on a given Samba domain, SOMETIMES on another, - wanting to use always the SAME PROFILE whichever the login may be, - wanting that profile to be LOCAL. I am a bit desperate. Thanks in advance for any help, any advice, any clue, any intuition, ... -- Lmhelp -- View this message in context: http://www.nabble.com/Vista---Profile---Local-tp20416486p20458341.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: autodesk / autocad write problems
Il 11-11-2008 22:49, Tom Vier ha scritto: Anyone else have problems using autodesk products to save files to a samba share? No problems here. My users do it daily using AutoCAD 2007 on WinXP and Samba 3.0.24 on Debian Etch. -- Ciao, Marco. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Linux pdc and win2k8 client
I've 2 hosts (A and B) with centos 5.2 running as pdc and bdc on my subnet using ldap as beckend to store object. I've successfully connect 2 windows 2k8 (C and D) machines to the domain, but when i try to start cluster configuration i get an error on cluster validation because the host doesn't reach information about the organization unit of node C and D. The object OU exists on ldap and the user i use to do the cluster is authorized to read/create object on ldap serrver. Any hints? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba, Solaris, Windows 2008 - Kerberos Guess Realm Wrong?
On Wed, 5 Nov 2008, Paul Sobey wrote: I've just built Samba 3.2.4 on Solaris 10, with ADS support. Domain join to a Windows 2008 domain works perfectly, having pre-created the servername in the appropriate OU. In my winbind logs, I see the following (domain name obfuscated): [2008/11/05 11:28:06, 2] libsmb/cliconnect.c:cli_session_setup_kerberos(619) Doing kerberos session setup [2008/11/05 11:28:06, 1] libsmb/clikrb5.c:ads_krb5_mk_req(680) ads_krb5_mk_req: krb5_get_credentials failed for [EMAIL PROTECTED] (Cannot resolve network address for KDC in requested realm) [2008/11/05 11:28:06, 1] libsmb/cliconnect.c:cli_session_setup_kerberos(626) cli_session_setup_kerberos: spnego_gen_negTokenTarg failed: Cannot resolve network address for KDC in requested realm The realm is guessed wrongly - only the short name of the domain, rather than the fully qualified realm name, as specified in krb5.conf. My AD full name is foo.bar.com, short name FOO. My question is - when guessing the principal for the target DC, why does Samba guess 'FOO', rather than 'FOO.BAR.COM'? I have a Linux machine joined to the same domain running 3.0.28 which correctly guesses the realm. Not sure whether this helps diagnose, but I just upgraded my Linux desktop to Samba 3.2.4 and now get exactly the same error - winbind is refusing to authenticate me at all. In my pam.conf I have krb5_auth set to try and make winbind authenticate my via kerberos. How can I troubleshoot this? It seems Samba 3.2.4 gets the Kerberos realm wrong when authenticating against Windows 2008. I thought it was a Solaris issue before but it seems to be OS independent. Is anybody else seeing it? Cheers, Paul -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba spawning excessive smbd processes.
Jeremy Allison wrote: On Mon, Nov 10, 2008 at 08:51:46AM +0100, Marco van Putten wrote: Corrupt tdb file. Are you storing the tdb files on reiserfs? If yes, move them to something more robust like ext3. If you're not using reiserfs, this sounds like flaky hardware somewhere. Volker Thanks Volker. The tdb file is on a ext3 filesystem. The disks themselves are 2 80GB SATA disks (hardware raid 1) in a HP DL320. To make sure I'm going to give them an extra check-up today. Almost certainly a bad tdb file. Try using tdbbdump to see if it gets into an infinite loop. Jeremy. All disks are OK as far as I could tell. Unfortunately the server was rebooted yesterday so all tbd files are fresh now. I did a tdbdump on the files I could get out the backup from the day before the reboot. But they didn't go into a loop. So we'll have to wait now until the system goes into problems again. This usually takes a day or 2. Bye, Marco. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
