[Samba] Query related to samba-3.2.6 and Last Access Time stamp.
Hi, I've installed samba-3.2.6 libraries on my linux box. >From the linux machine, I've transfered/copied some files from a share on >windows machine. This operation has changed the 'last access date' of the files(which I've copied) on the windows machine. I want to avoid this and I do not have administrator permission of the windows machine. Is there any client side setting that I can change to avoid the updation of 'last access date' on the server? thanks in advance -Kishore -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4:login works, but domain not found afterwards
On Sun, 2009-03-22 at 15:00 +0100, robert rottermann wrote: > Hi there, > I am trying to work trough the samba4 tutorial. > > What I did so far downloading samba, and updating it afterwards with git pull. > > I did compile and install samba 4, and added the base user database with > ./setup/provision. > I can start samba 4 and and use smbclient //localhost/test -Uadministrator%XXX > which puts me at the smb: \> prompt. > > I did *not* configure the Step 8 (Optional): Configure Server-side DNS > as I could not convince named to work with the suggested > tkey-gssapi-credential "DNS/redcor.home"; > tkey-domain "REDCOR.HOME"; > entries in options. > > on the windows xp I could join the domain REDCOR.HOME and log into the domain > as > administrator. > however the logingin in is *very* slow (some minutes), and afterwards all > attempts to deal with the domain end in a "domain not found" error. Is there any network traffic during the slow login? Have you performed the rest of the DNS configuration (if not the tkey stuff)? Thanks, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 Alpha 7 Authentication issue
On Mon, 2009-03-09 at 20:16 +, Matthew Holder wrote: > Dear All, > > I am attempting to setup a DC using Samba 4 Alpha 7 as a learning > tool. Eventually where I work will want a DC setup, and I can learn > the skills needed using the alpha code. > > I have tried following the howto guide included with the source on the > following setups: > > 3xvirtual machines using VMware. > 1xphysical hardware using Ubuntu 8.10 > > Each setup has stumbled at the same step: > > After compiling and installing alpha 7, I provision the system and > then proceed to loading samba4, and testing, by using smbclient to > view the [test] share I created as instructed. > > The problem I find is that whenever I enter > > ./smbclient //localhost/test -Uadministrator%PASSWORD > > the command never stops running. If I enter the incorrect password on > purpose, then an error is shown (NT_STATUS_LOGON_FAILURE). Using a > different username shows the following error > (NT_STATUS_LOGON_FAILURE). > > I have tried using a simple password, a long password containing > uppercase, lowercase, numbers and also a password with other > characters in. Is this spinning on the client or the server? Is there network traffic at the time? Can you debug the client or server (whichever appears to be doing the work) and get a backtrace? Thanks, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4.0 alpha releases in production environments
On Mon, 2009-03-09 at 09:00 -0400, Eric Feldhusen wrote: > Just curious, is anyone using Samba 4.0 alpha releases in a production > environment and how is it working for you? > > I run an environment of about 500+ Windows XP on a Netware environment > and have considerable Samba 3.0 experience, but I'd like to use GPO's to > control and clean up a lot of previous tech support problems. The next alpha release should be much more suitable for a large deployment, because we will support the full schema out of the box, and have fixed some nasty issues around UID switching. Look out for it before SambaXP this year. I have one (secret) production site, where things seem to have been working pretty well. Using the patched NTPd is critical, as otherwise the clients can't keep good time sync. For an installation of that size, it will be important to use the OpenLDAP backend to enable replication. Naturally, testing will be the biggest task, as while I will do what I can to help our production sites, I can't do everything. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4: programmatic account creation via LDAP (unicodePwd)
On Tue, 2009-02-24 at 23:44 -0600, James R. Leu wrote:
> Hello,
>
> I've started working with samba4-alpha6. I've been successful
> in setting up an AD with an openldap backend. I'm now
> shifting my focus to how I would go about migrating to
> a samba4 setup from a microsoft AD implementation.
>
> To that end I've written a perl script that uses Net::LDAP
> to create users in the samba4 LDAP backend. I can create
> the user in such a way that samba4 is happy with it, but
> I'm unable to set an initial password for the user.
>
> I've tried using a template user that has a known password
> and then duplicating that users nTSecurityDescriptor, but that
> doesn't seem to work. I've tried creating a unicodePwd entry
> with the following code:
>
> my $charmap = Unicode::Map8->new('latin1') or die $!;
> my $unipwd = $charmap->tou(qq{"$passwd"})->byteswap()->utf16();
>
> But that doesn't seem to work either.
>
> I was wondering if anyone working with samba4 could recommend
> a way to create users programmatically. If a mechanism does not
> exist, perhaps someone could point me in the right direction to
> add the necessary hooks to samab4 to allow it.
This should now work in Samba4, thanks to work to get Windows 7 to join
the domain.
We also support an extension: You may set 'userPassword' with a utf8
password, rather than the silly UCS2 in quotes format of unicodePwd.
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc. http://redhat.com
signature.asc
Description: This is a digitally signed message part
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem with Samba 4 and Fedora Directory Server
On Mon, 2009-03-16 at 14:28 -0700, Alan Worstell wrote: > Hi, > I'm trying to integrate Samba with an existing CentOS Directory Server How do you plan to 'integrate' this? Remember, Samba4 creates a new directory tree from scratch (rather than Samba3's ability to easily 'attach' to another directory). > using the instructions at > http://wiki.samba.org/index.php/Samba4/LDAP_Backend/Fedora_DS > > I'm at the step "On both hosts, prepare the backend:" and use the code > there, replacing the realm, domain, and password with my own, and I get > this error: > > provision-backend: error: no such option: --ldap-manager-pass This particular option has been renamed to --ldap-admin-pass > If I remove the password line I get a bunch of python errors. Does > anyone have any suggestions? The Fedora DS backend has become un-maintained, as has the wiki page. While it is the aim to have this working again at some point, more effort (particularly by some very helpful external contributors) has gone into the OpenLDAP backend at this time. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Updating samba4 from git
On Sat, 2009-04-04 at 22:14 +0200, Mister Olli wrote: > Hi folks, > > I have a samba4 server, which is acting as AD DC for a small domain. The > whole setup is based on version 4.0.0alpha8-GIT-7fc8086 on freebsd. > > Since the samba process is core dumping several times a day, I want to > update to the newest code in the tree. > > How can I do this, without loosing all the data in my AD?= Because your tree is so recent, you should just need to rebuild, but simply not re-provision. It will use the existing database. That said, as Volker points out, because your tree is so recent, it probably won't help anyway. Could you please provide a backtrace? Almost certainly the bug is still there. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] migrating Samba PDC to a new server
Squeezer99 wrote: > > it should work ok. make sure to run net getlocalsid and net > getdomainsid and write them down and on the new server do net > setlocalsid and net setdomainsid if they are different. > Thanks! - -- Kent Tong Wicket tutorials freely available at http://www.agileskills2.org/EWDW Axis2 tutorials freely available at http://www.agileskills2.org/DWSAA -- View this message in context: http://www.nabble.com/migrating-Samba-PDC-to-a-new-server-tp22861046p22900728.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Unix Extensions and "force create mode"?
On Sun, 2009-04-05 at 19:44 +0200, Fabio Muzzi wrote: > > Is this a bug or is it the intended behaviuor? Is there a way to force > permissions even when files are accessed from a Linux client that uses > Unix extensions? It's been fixed in latest cifs.ko code, I think it may have made kernel 2.6.29 Simo. -- Simo Sorce Samba Team GPL Compliance Officer Principal Software Engineer at Red Hat, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Unix Extensions and "force create mode"?
It seems that when the clients (and the server) use Unix extensions, the "force create mode" (and maybe "force directory mode"?) setting is completely ignored. I have a Samba 3.2.5 server that is accessed from Windows and Linux. One share is configured as follows: [foto] comment = Galleria fotografica path = /ud0/foto create mask = 0775 read only = No directory mask = 0775 force directory mode = 0775 force create mode = 0664 map system = Yes map hidden = Yes dos filemode = Yes When a Windows client writes a file to this share, the file gets the correct permissions (664). When a Linux client writes to this share, the permissions are set from the client (in my case the default is 660). This is wrong because I need 664 on this share. If I disable Unix Extensions on the server, the "force" settings are enforced correctly. Is this a bug or is it the intended behaviuor? Is there a way to force permissions even when files are accessed from a Linux client that uses Unix extensions? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC & Squid NTLM Auth - Same machine
yeap! no success just yet :( Victor Medina Phyllis Diller - "If it weren't for baseball, many kids wouldn't know what a millionaire looked like." On Tue, Mar 31, 2009 at 6:17 PM, Stefan Dengscherz wrote: > Hello Victor, > > > did you try supplying the domain name along with the username? Like > "DOMAIN\administrator". Or adding "winbind use default domain = yes" > to your samba configuration. > > > Regards, > > -sd > > 2009/3/31 Victor Medina : >> David, it did not work. >> >> Any suggestion? >> >> Victor Medina >> >> Samuel Goldwyn - "I don't think anyone should write their >> autobiography until after they're dead." >> >> >> On Wed, Apr 1, 2009 at 12:13 PM, David Wells wrote: >>> Victor Medina wrote: Hi Guys! Probably this is not the best place to ask, I'll try anyway... =) I've been trying to configure a Samba PDC and a Squid Porxy server with NTLM auth on the same machine but NTML_AUTH keeps complaining about: NT_STATUS_INVALID_HANDLE I have others machines running Squid and Authenticating against a Samba Server but on different machines, this is the first time a try both on the same machine. Can I use Squid+NTLM Auth and Samba configured as PDC on the same machine? Is there any winbind issue with this kind of configuration? I'm using SLES10+SP2 Samba version as reported by rpm is 3.0.32-0.8 Squid version as reported by rpm is 2.5.STABLE12-18.13 - This is my smb.conf [global] dos charset = 850 unix charset = ISO8859-1 workgroup = C1.SV netbios name = PDCSRVC1SV server string = interfaces = eth0 bind interfaces only = Yes map to guest = Bad Password passdb backend = ldapsam:ldap://127.0.0.1 guest account = Invitado time server = Yes deadtime = 20 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = cups logon path = logon home = domain logons = Yes os level = 65 preferred master = Yes domain master = Yes wins support = Yes ldap admin dn = cn=Administrador,o=Ferreteria EPA ldap delete dn = Yes ldap group suffix = ou=group ldap machine suffix = ou=people ldap passwd sync = Yes ldap suffix = ou=c1,c=sv,o=Ferreteria EPA ldap user suffix = ou=people idmap domains = DEFAULT idmap alloc backend = ldap idmap alloc config:range = 1-10 idmap alloc config:ldap_url = ldap://127.0.0.1 idmap alloc config:ldap_user_dn = cn=Administrador,o=Ferreteria EPA idmap alloc config:ldap_base_dn = ou=idmap,ou=c1,c=sv,o=Ferreteria EPA idmap config DEFAULT:range = 1-10 idmap config DEFAULT:ldap_url = ldap://127.0.0.1 idmap config DEFAULT:ldap_user_dn = cn=Administrador,o=Ferreteria EPA idmap config DEFAULT:ldap_base_dn = ou=idmap,ou=c1,c=sv,o=Ferreteria EPA idmap config DEFAULT:default = yes idmap config DEFAULT:readonly = no idmap config DEFAULT:backend = ldap ldapsam:editposix = yes ldapsam:trusted = yes create mask = 0640 force create mode = 0640 directory mask = 0750 force directory mode = 0750 case sensitive = No dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd My relevant squid.conf lines... auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp C1.SV/PDCSRVC1SV auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic C1.SV/PDCSRVC1SV auth_param ntlm children 100 auth_param basic children 100 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours The pdc works as expected, machine join works like charm, users and groups management works equally right, all accounts are placed in the LDAP, getent passwd, groups and shadow shows the ldap accounts I also did a few tests with wbinfo e01ssvsai:/var/lib/samba/winbindd_privileged # wbinfo -u invitado usuarioprueba e01ggen e01glogis e01gcont e01jcomp1 e01jcomp2 e01jcomp3 e01jcomp4 e01jrepo e01jreclu e01rrece e01gcom e01ssvsai:/var/lib/samba/winbindd_privileged # wbinfo -g BUILTIN BUILTIN domain users domain admins domain guests grupoprueba gcentralsv gcompras gcontrol ggerencia glogistica gmercadeo gpersonal gventas gjefecompras gjefecon
[Samba] Migration samba to AD
Greetings, This is an exception of what we do. Migrate from Proprietary to opensource. However, when it comes to makes a great shift, a samba expert is the best to handle such a situation. If someone wants to come forward, please contact via my personal email in order not to congest this list. Best wishes and sorry for the trouble. Cheers, Jimmy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] can not join linux box to PDC, windows works
Hi ther, I try to join a linux box to to a bdc. Attempting to do so produces a failure. chrissy:~ # net rpc join MEMBER -Uroot%secret -I 10.168.1.2 [2009/04/05 14:35:27, 0] utils/net_rpc_join.c:net_rpc_join_ok(87) net_rpc_join_ok: failed to get schannel session key from server 10.168.1.2 for domain MITELERDE. Error was NT_STATUS_ACCESS_DENIED Unable to join domain MITELERDE. when I use a bad password, I get a different error: chrissy:~ # net rpc join MEMBER -Uroot%secretxx -I 10.168.1.2 Could not connect to server 10.168.1.2 The username or password was not correct. Connection failed: NT_STATUS_LOGON_FAILURE net -V on the client that wants to join prints: Version 3.2.7-11.2.1-2080-SUSE-CODE11 on the server: Version 3.2.3 I added the configs of the server and the client. I would be grateful for pointers how to fix that. thanks robert - client that wants to join - [global] workgroup = ROTTI netbios name = CHRISSY security = domain idmap gid = 2-3 idmap uid = 2-3 winbind uid = 2-3 winbind gid = 2-3 winbind use default domain = yes wins server = 10.168.1.2 password server = 10.168.1.2 idmap backend = rid:ROTTI=2-3 - server - [global] workgroup = MITELERDE netbios name = FRODO passdb backend = tdbsam add user script = /usr/sbin/useradd -m %u delete user script = /usr/sbin/userdel -m %u add group script = /usr/sbin/groupadd -m %u delete group script = /usr/sbin/groupadd -m %u add user to group script = /usr/sbin/usermod -G %g %u add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null %u logon script = scripts\logon.bat logon path = \\%L\Profiles\%U logon drive = H: logon home = \\%L\%U domain logons = Yes os level = 35 local master = Yes preferred master = Yes domain master = Yes idmap uid = 15000-2 idmap gid = 15000-2 printing = cups wins support = Yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
