[Samba] Set up Samba client to backup Windows XP home edition files
Hey, It seems that samba client could be used to back up Windows files. Am I right? To achieve this, I apt-get installed samba and set up it accordingly. Below is my smb.conf file /*==Begin=*/ [global] workgroup = HWWKM os level = 65 preferred master = Yes domain master = Yes wins support = Yes [KMOfficeShare] comment = For backup path = /home/samba read only = No /*End===*/ >From my Windows XP home edition's Network Neighborhood I can see KMOfficeShare folder and can create file in it. At my Windows XP home edition machine, I have set WINS server IP to samba server IP and changed the workgroup to HWWKM for Windows machine. The smbclient -L gives me the below output: /*Smbclient Begin==*/ hww-debian1:/etc/samba# smbclient -L localhost Enter root's password: Domain=[HWW-DEBIAN1] OS=[Unix] Server=[Samba 3.2.5] Sharename Type Comment - --- IPC$IPC IPC Service (Samba 3.2.5) KMOfficeShare Disk For backup Domain=[HWW-DEBIAN1] OS=[Unix] Server=[Samba 3.2.5] Server Comment ---- WorkgroupMaster ---- HWWKMHWW-DEBIAN1 /*Smbclient end==*/ The Windows XP machine (named hww-laptop) is not listed at all. I'm runing Debian Lenny with Samba 3.2.5 installed. Can any of you tell me what I need to do to be able to use smbclient to access the Windows XP files and do the back up please? I really appreciate your help. Blessings, Rocky -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] weird permissions issue
JJB wrote: > Dale Schroeder wrote: >> I don't know if you've solved this or not, but have you checked the >> acl's with getfacl. (I noticed all the "inherit acl" statements.) >> I once had this problem, and it was caused by the creation of default >> acl's that overrode all other permissions. Since I did not create >> them on the Samba server, it had to have happened by someone adjusting >> permissions through the Windows clients. After removing >> the default acl, all returned to normal. >> >> This may not be your problem, but it's worth checking. >> >> Dale > > > Hi Dale, > > Most likely you are correct. I've never used the acl commands before, we > didn't know they existed, we've been attacking the problem from a linux > permissions standpoint. > > getfacl returns for the parent folder > > # file: data/engineering/beta/Builds > # owner: hankj > # group: eng > user::rwx > group::rwx > other::r-x > > and for the folder in question: > > # file: Mac > # owner: jimd > # group: eng > user::rwx > group::rwx > other::r-x > > How do I delete these acls with the setfacl command? trying to figure > out syntax, but not getting anywhere. > > - Joel > setfacl -bR directory_or_file_name - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] W2K with Samba 3.3.2 problem
tisdn tisdn wrote: > Hi, > > We've had a problem using Samba 3.3.2 and windows 2000 workstations sp4. > After many tests, it was discovered that when the netbios name has an hyphen > the windows 2000 workstations don't see the groups on the samba domain, but > when the name is changed for one without hyphen the error doesn't occur. > > How to reproduce the problem? > - Configure samba 3.3.2 as domain controller > - Fill the netbios name parameter (smb.conf) using a name with hyphen like: > xxx-yyy > - Join the w2k workstation on the domain > - On the w2k workstation, logon using a non-administrative account and type > "net user /domain" > - The result will be "access denied" > > Do the same test using a netbios name without hyphen (it works!). > > Any idea about this problem? > > Regards, > TISDN Team Please file a bug report on https://bugzilla.samba.org If you do this, someone will look at it. Posting on this list can easily be missed. - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] weird permissions issue
Dale Schroeder wrote: I don't know if you've solved this or not, but have you checked the acl's with getfacl. (I noticed all the "inherit acl" statements.) I once had this problem, and it was caused by the creation of default acl's that overrode all other permissions. Since I did not create them on the Samba server, it had to have happened by someone adjusting permissions through the Windows clients. After removing the default acl, all returned to normal. This may not be your problem, but it's worth checking. Dale Hi Dale, Most likely you are correct. I've never used the acl commands before, we didn't know they existed, we've been attacking the problem from a linux permissions standpoint. getfacl returns for the parent folder # file: data/engineering/beta/Builds # owner: hankj # group: eng user::rwx group::rwx other::r-x and for the folder in question: # file: Mac # owner: jimd # group: eng user::rwx group::rwx other::r-x How do I delete these acls with the setfacl command? trying to figure out syntax, but not getting anywhere. - Joel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] W2K with Samba 3.3.2 problem
when you specify the netbios name dikrective have you tried enclosing the server netbios name in quotes when using a hyphen? tisdn tisdn wrote: Hi, We've had a problem using Samba 3.3.2 and windows 2000 workstations sp4. After many tests, it was discovered that when the netbios name has an hyphen the windows 2000 workstations don't see the groups on the samba domain, but when the name is changed for one without hyphen the error doesn't occur. How to reproduce the problem? - Configure samba 3.3.2 as domain controller - Fill the netbios name parameter (smb.conf) using a name with hyphen like: xxx-yyy - Join the w2k workstation on the domain - On the w2k workstation, logon using a non-administrative account and type "net user /domain" - The result will be "access denied" Do the same test using a netbios name without hyphen (it works!). Any idea about this problem? Regards, TISDN Team -- Jas "Tomorrow isn't promised so we live for today" -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] W2K with Samba 3.3.2 problem
Hi, We've had a problem using Samba 3.3.2 and windows 2000 workstations sp4. After many tests, it was discovered that when the netbios name has an hyphen the windows 2000 workstations don't see the groups on the samba domain, but when the name is changed for one without hyphen the error doesn't occur. How to reproduce the problem? - Configure samba 3.3.2 as domain controller - Fill the netbios name parameter (smb.conf) using a name with hyphen like: xxx-yyy - Join the w2k workstation on the domain - On the w2k workstation, logon using a non-administrative account and type "net user /domain" - The result will be "access denied" Do the same test using a netbios name without hyphen (it works!). Any idea about this problem? Regards, TISDN Team -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba4-alpha 6 on Ubuntu Jaunty
First let me say thanks to the Samba team for all time and effort you have put forward. Now I do not have a problem per se but am going to be testing some of the Alpha versions with respect to Ubuntu. I am interested in testing policies in particular but before I go through and do that I am curious about the dynamic dns and dhcp. I have always found DHCP to be a pain to set up in Linux and as I work in a predominantly Windows environment (did sneek in a Linux boxen for virtual machines), I can tell you that MSoft's version of DHCP is quite easy to work with. Are there any plans to tie the DNS and DHCP as part of the provisioning process? That in and of itself would be fairly important to win administrators. Thanks again. James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] TOSHARG-BDC.xml translate finish and some bug found
Jelmer Vernooij wrote: > On Fri, Jun 19, 2009 at 11:19:58AM +0900, OPC oota wrote: >> Samba-3 can act as a Backup Domain Controller (BDC) to another Samba Primary >> Domain Controller (PDC). A >> Samba-3 PDC can operate with an LDAP account backend. The LDAP backend can >> be either a common master LDAP >> server or a slave server. The use of a slave LDAP server has the benefit >> that when the master is down, clients >> may still be able to log onto the network. This effectively gives Samba a >> high degree of scalability and is >> - >> logon to? >> an effective solution for large organizations. If you use an LDAP slave >> server for a PDC, you will need to > >> Whenever a user logs into a Windows NT4/200x/XP Professional workstation, >> - log onto? or logon to? >> (login -> unix ,logon -> windows?) >> the workstation connects to a domain controller (authentication server) to >> validate that >> the username and password the user entered are valid. If the information >> entered > Afaik "logon to" is correct as well, but I'm not a native speaker. > John? Prentice Hall requested that change. Both are in fact correct and it is simply a matter of preference. My preference is in fact "logon to", so if we want to change it to that you have my +1. - John T. >> The domain SID has to be the same on the PDC and the BDC. In Samba versions >> pre-2.2.5, the domain SID was >> stored in the file private/MACHINE.SID. For all >> versions of Samba released since 2.2.5 >> the domain SID is stored in the file >> private/secrets.tdb. This file is unique to each >> server and cannot be copied from a PDC to a BDC; the BDC will generate a new >> SID at startup. It will overwrite >> the PDC domain SID with the newly created BDC SID. There is a procedure >> that will allow the BDC to aquire the >> >>-- >> >>acquire? >> domain SID. This is described here. > Thanks, fixed. > > Cheers, > > Jelmer -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] AIX starting and stopping samba from command line
Tim Evans wrote: BeefStu BeefStu wrote: All: I am running on an AIX 5.3 platform and I am looking to see if anybody has a script similar to this (see below) that will work under AIX. My goal is, on boot up I want to have samba started automatically. Can somebody let me what I have to do (on AIX) for this to happen. You can try the following (from several sources) /usr/bin/mkssys -s nmbd -p /opt/pware/sbin/nmbd -a '-F -s /opt/pware/lib/smb.conf' -u 0 -S -n 15 -f 9 -R -G samba /usr/bin/mkssys -s smbd -p /opt/pware/sbin/smbd -a '-F -s /opt/pware/lib/smb.conf' -u 0 -S -n 15 -f 9 -R -G samba /usr/bin/mkssys -s smbd -p /opt/pware/sbin/winbindd -a '-F -s /opt/pware/lib/smb.conf' -u 0 -S -n 15 -f 9 -R -G samba This gives you the ability to do:: startsrc -s smbd stopsrc -s winbindd stopsrc -g samba startsrc -g samba Assuming, of course, that you want to use the IBM way of managing daemons with SRC. Then you could add "startsrc -g samba" to inittab like: samba:2:once:/usr/bin/startsrc -g samba >/dev/console 2>&1 This can be done with: mkitab "samba:2:once:/usr/bin/startsrc -g samba >/dev/console 2>&1" Just some thoughts... Cheers, Bill We start it from the /etc/rc.tcpip script. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Upgrade Broke Permission
Hey, I upgraded samba from 3.2.4 to 3.2.8. Now all home dir permissions are showing owned by UID instead of user names. Has anyone had this issue? How to fix and prevent..? ~LA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] TOSHARG-BDC.xml translate finish and some bug found
On Fri, Jun 19, 2009 at 11:19:58AM +0900, OPC oota wrote: > Samba-3 can act as a Backup Domain Controller (BDC) to another Samba Primary > Domain Controller (PDC). A > Samba-3 PDC can operate with an LDAP account backend. The LDAP backend can be > either a common master LDAP > server or a slave server. The use of a slave LDAP server has the benefit that > when the master is down, clients > may still be able to log onto the network. This effectively gives Samba a > high degree of scalability and is > - > logon to? > an effective solution for large organizations. If you use an LDAP slave > server for a PDC, you will need to > Whenever a user logs into a Windows NT4/200x/XP Professional workstation, > - log onto? or logon to? > (login -> unix ,logon -> windows?) > the workstation connects to a domain controller (authentication server) to > validate that > the username and password the user entered are valid. If the information > entered Afaik "logon to" is correct as well, but I'm not a native speaker. John? > The domain SID has to be the same on the PDC and the BDC. In Samba versions > pre-2.2.5, the domain SID was > stored in the file private/MACHINE.SID. For all > versions of Samba released since 2.2.5 > the domain SID is stored in the file > private/secrets.tdb. This file is unique to each > server and cannot be copied from a PDC to a BDC; the BDC will generate a new > SID at startup. It will overwrite > the PDC domain SID with the newly created BDC SID. There is a procedure that > will allow the BDC to aquire the > > -- > > acquire? > domain SID. This is described here. Thanks, fixed. Cheers, Jelmer signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] AIX starting and stopping samba from command line
BeefStu BeefStu wrote: All: I am running on an AIX 5.3 platform and I am looking to see if anybody has a script similar to this (see below) that will work under AIX. My goal is, on boot up I want to have samba started automatically. Can somebody let me what I have to do (on AIX) for this to happen. We start it from the /etc/rc.tcpip script. -- Tim Evans, TKEvans.com, Inc.| 5 Chestnut Court UNIX System Admin Consulting| Owings Mills, MD 21117 http://www.tkevans.com/ | 443-394-3864 http://www.come-here.com/News/ | tkev...@tkevans.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
RE: [Samba] AIX starting and stopping samba from command line
We just have a script like this:
VERSION=`ls /opt/pware/samba|sort|tail -n 1`
/opt/pware/samba/${VERSION}/sbin/nmbd -D
/opt/pware/samba/${VERSION}/sbin/smbd -D
Which is called in /etc/inittab to start up Samba on boot ... nothing fancy :-)
-Original Message-
From: samba-bounces+claus.lund=state.vt...@lists.samba.org
[mailto:samba-bounces+claus.lund=state.vt...@lists.samba.org] On Behalf Of
BeefStu BeefStu
Sent: Friday, June 19, 2009 9:34 AM
To: samba@lists.samba.org
Subject: [Samba] AIX starting and stopping samba from command line
All:
I am running on an AIX 5.3 platform and I am looking to see if anybody has a
script similar to this (see below) that will work under AIX.
My goal is, on boot up I want to have samba started automatically. Can somebody
let me what I have to do (on AIX) for this to happen.
#!/bin/sh
#
# /etc/rc.d/init.d/smb - starts and stops SMB services.
#
# The following files should be synbolic links to this file:
# symlinks: /etc/rc.d/rc1.d/K35smb (Kills SMB services on shutdown)
# /etc/rc.d/rc3.d/S91smb (Starts SMB services in multiuser mode)
# /etc/rc.d/rc6.d/K35smb (Kills SMB services on reboot)
#
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0
# See how we were called.
case "$1" in
start)
echo -n "Starting SMB services: "
daemon smbd -D
daemon nmbd -D
echo
touch /var/lock/subsys/smb
;;
stop)
echo -n "Shutting down SMB services: "
killproc smbd
killproc nmbd
rm -f /var/lock/subsys/smb
echo ""
;;
*)
echo "Usage: smb {start|stop}"
exit 1
esac
_
Microsoft brings you a new way to search the web. Try Bing(tm) now
http://www.bing.com?form=MFEHPG&publ=WLHMTAG&crea=TEXT_MFEHPG_Core_tagline_try
bing_1x1--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
[Samba] AIX starting and stopping samba from command line
All:
I am running on an AIX 5.3 platform and I am looking to see if anybody has a
script similar to this (see below) that will work under AIX.
My goal is, on boot up I want to have samba started automatically. Can somebody
let me what I have to do (on AIX) for this to happen.
#!/bin/sh
#
# /etc/rc.d/init.d/smb - starts and stops SMB services.
#
# The following files should be synbolic links to this file:
# symlinks: /etc/rc.d/rc1.d/K35smb (Kills SMB services on shutdown)
# /etc/rc.d/rc3.d/S91smb (Starts SMB services in multiuser mode)
# /etc/rc.d/rc6.d/K35smb (Kills SMB services on reboot)
#
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0
# See how we were called.
case "$1" in
start)
echo -n "Starting SMB services: "
daemon smbd -D
daemon nmbd -D
echo
touch /var/lock/subsys/smb
;;
stop)
echo -n "Shutting down SMB services: "
killproc smbd
killproc nmbd
rm -f /var/lock/subsys/smb
echo ""
;;
*)
echo "Usage: smb {start|stop}"
exit 1
esac
_
Microsoft brings you a new way to search the web. Try Bing™ now
http://www.bing.com?form=MFEHPG&publ=WLHMTAG&crea=TEXT_MFEHPG_Core_tagline_try
bing_1x1--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
[Samba] Equivalent of "net ads leave" while not connected to domain controller, clearing up client contents.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gentlefolk, I have a machine name collision issue on our 2008 DC and a samba domain member machine got kicked off AD, but did not do an official "net ads leave". We have worked it out that the samba 3.0.x machine will change its name, but want to cause minimal disruption to the machine currently joined. Is there a way to clean up the samba machine while "offline" from the DC, rename it, and then join it again? Thank you, - -- Robert https://launchpad.net/~presgas GPG Public Key: http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0xBA9DF9ED3E4C7D36 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAko7in8ACgkQup357T5MfTbCWwCfXeLD7uDXqRUDaBiQEEn8rS7R c04An0FPrHTxtv92vTprg1UrJ3JofGXd =w6Iy -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [Announce] Samba 3.4.0rc1 Available for Download
Release Announcements = This is the first release candidate of Samba 3.4. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Major enhancements in Samba 3.4.0 include: -- Configuration changes: o The default passdb backend has been changed to 'tdbsam'! General changes: o Samba4 and Samba3 sources are included in the tarball Authentication Changes: o Changed the way smbd handles untrusted domain names given during user authentication. Printing Changes: o Various fixes including printer change notificiation for Samba spoolss print servers. Internal changes: o The remaining hand-marshalled DCE/RPC services (ntsvcs, svcctl, eventlog and spoolss) were replaced by autogenerated code based on PIDL. o Samba3 and Samba4 do now share a common tevent library. o The code has been cleaned up and the major basic interfaces are shared with Samba4 now. o An asynchronous API has been added. Configuration changes = !!! ATTENTION !!! The default passdb backend has been changed to 'tdbsam'! That breaks existing setups using the 'smbpasswd' backend without explicit declaration! Please use 'passdb backend = smbpasswd' if you would like to stick to the 'smbpasswd' backend or convert your smbpasswd entries using e.g. 'pdbedit -i smbpasswd -e tdbsam'. The 'tdbsam' backend is much more flexible concerning per user settings like 'profile path' or 'home directory' and there are some commands which do not work with the 'smbpasswd' backend at all. General Changes === On the way towards a standalone Samba AD domain controller, Samba3 and Samba4 branches can be built as "merged" build. That's why Samba3 and Samba4 sources are included in the tarball. The merged build is possible in Samba 3.4.0, but disabled by default. To learn more about the merged build, please see http://wiki.samba.org/index.php/Franky. According to this one, there is no "source" directory included in the tarball at all. Samba3 sources are located in "source3", Samba4 sources are located in "source4". The libraries have been moved to the toplevel directory. To build plain Samba3, please change to "source3" and start the build as usual. To build Samba4 as well, please use the "--enable-merged-build" configure option. Authentication Changes == Previously, when Samba was a domain member and a client was connecting using an untrusted domain name, such as BOGUS\user smbd would remap the untrusted domain to the primary domain smbd was a member of and attempt authentication using that DOMAIN\user name. This differed from how a Windows member server would behave. Now, smbd will replace the BOGUS name with it's SAM name. In the case where smbd is acting as a PDC this will be DOMAIN\user. In the case where smbd is acting as a domain member server this will be WORKSTATION\user. Thus, smbd will never assume that an incoming user name which is not qualified with the same primary domain, is part of smbd's primary domain. While this behavior matches Windows, it may break some workflows which depended on smbd to always pass through bogus names to the DC for verification. A new parameter "map untrusted to domain" can be enabled to revert to the legacy behavior. Printing Changes The spoolss subsystem was replaced by autogenerated code based on PIDL. That fixes several printing issues including printer change notificiation on Samba print servers and will stabilize the printing functionality generally. The support for spoolss printing with Windows Vista has been improved. Internal Changes The remaining hand-marshalled DCE/RPC services (ntsvcs, svcctl, eventlog and spoolss) were replaced by autogenerated code based on PIDL. So Günther Deschner finally corrected one of the biggest mistakes in the development of Samba: Hand-marshalled RPC stubs. Thanks a lot! :-) Samba3 and Samba4 do now share a common tevent library for fd and timer events. The code has been cleaned up and Samba3 and Samba4 do share the major basic interfaces now. That is why the libraries were moved to the toplevel directory. That is one of the first steps to share code and minimize the gap between these two versions. An asynchronous API has been added. ## Changes ### smb.conf changes Parameter Name Description Default -- --- --- access based share enum New No dedicated keytab file New "" kerberos method New default map untrusted to domain New No max open files Changed Default auto detecte
Re: [Samba] Samba & LDAP, with XP and Linux clients
As you probably realilse, the two separate areas are what samba requires in ldap and what Linux requires - it's likely that you've only populated the samba required stuff. Think of ldap like a /etc/passwd file with many more columns. You only have the columns for samba but most of the Linix/POSIX columns are missing. There are many ways to deal with this! Too many :-/ but they're all fun :-) ldapmodify is one to look at - you can adjust various items. you could export the whole ldap db using slapcat and then tidy the whole thing before importing it back... I think that both require some extra steps and as soon as you look at them, you'll see which approach suits you. 2009/6/19 Dave Beach > Hello list! I believe I may not have a Samba problem, but rather an LDAP > directory problem. I'm hoping to be redirected towards a more appropriate > mailing list to which I can post. > > I have a Slackware server running Samba and OpenLDAP, and my WinXP clients > authenticate just fine. I migrated from an smbpasswd backend to OpenLDAP > with a BD backend some time ago, using the migration tools provided with > smbldap-tools. Everything has been working fine. > > I now want to bring a Ubuntu workstation online, and authenticate to the > same LDAP database. I've understood that my previous approach was wrong > (trying to somehow get the Ubuntu box to join the domain), and that I > instead need to use nss and pam to point directly to the LDAP database on > the Slackware server. So far, so good. Ubuntu packages sourced and > installed. > > Executing "getent group" on the Ubuntu client produces the expected > results. > Executing "getent passwd" does not; it only shows me a subset of the user > accounts (notably, not my own account which was created prior to > migration). > Fiddling about with a couple of Windows-based ldap query clients, I can see > that there seem to be some differences between accounts that were created > pre-migration and those created post-migration. As an example, accounts > created post-migration seem to have different "objectClass" attributes and > values associated with them than do accounts created pre-migration - and > the > post-migration accounts are all visible with "getent passwd" on the Ubuntu > client. Also, the pre-migration accounts have the "account" objectClass > associated with them, while the post-migration accounts have the "person" > objectClass associated with them. The post-migration accounts also seem to > have the "posixAccount" object class associated with them. There are other > differences, but these strike me (in my ignorance) as possibly being the > source of the problem. > > In case it isn't obvious, I have zero LDAP experience other than this > futzing around I'm doing. It seems fairly obvious that I need to somehow > alter the pre-migration accounts in some way to make them more like the > post-migration accounts, such that I can then log onto the Ubuntu client > with the same user ID with which I log onto the WinXp clients. I'm > reluctant > to do much so far, in fear that I'll manage to irreparably damage the > pre-migration accounts (somehow lose the SID, etc) such that they'll need > to > be re-created, with all the pain that entails on the WinXP clients (I use > local profiles only on the WinXP boxes). > > So, as I said, probably not a Samba problem per se. Would someone be so > kind > as to suggest the proper list in which I can post this problem? > > Thanks very much in advance. > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba & LDAP, with XP and Linux clients
To add a bit more, my users typically look like:
dn: uid=a103,ou=People,ou=csim,dc=cs,dc=ait,dc=ac,dc=th
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: sambaSamAccount
cn: a103
sn: x
uid: a103
uidNumber: 5072
gidNumber: 95
homeDirectory: /home/a103
loginShell: /bin/sh
mail: a...@cs.ait.ac.th
givenName:
gecos:
userPassword: {md5}xx==
sambaSID: S-1-5-21-x-y-z-11144
sambaAcctFlags: [U ]
sambaPasswordHistory:
sambaPwdLastSet: 1243416344
sambaNTPassword: y
I think that Unix and samba authentication will not work with anything
less. sambaLMPassord will be necessary too for Win9x/Me
authentication.
Olivier
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba & LDAP, with XP and Linux clients
Hi, > Executing "getent group" on the Ubuntu client produces the expected results. > Executing "getent passwd" does not; it only shows me a subset of the user > accounts (notably, not my own account which was created prior to migration). I am running successfully with the user accounts having the objectClass: inetOrgPerson posixAccount shadowAccount top I think that posixAccount is necessary. Typically, objectClass person is not what you jneed to store a Unix account, you need to have home directory, shell, uid number, gid number, etc. and password to authenticate a Unix user with LDAP. Adding an objectClass or Attributes to an enxisting entry of your LDAP will not break anything that is already working. Bests, Olivier -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba & LDAP, with XP and Linux clients
Hello list! I believe I may not have a Samba problem, but rather an LDAP directory problem. I'm hoping to be redirected towards a more appropriate mailing list to which I can post. I have a Slackware server running Samba and OpenLDAP, and my WinXP clients authenticate just fine. I migrated from an smbpasswd backend to OpenLDAP with a BD backend some time ago, using the migration tools provided with smbldap-tools. Everything has been working fine. I now want to bring a Ubuntu workstation online, and authenticate to the same LDAP database. I've understood that my previous approach was wrong (trying to somehow get the Ubuntu box to join the domain), and that I instead need to use nss and pam to point directly to the LDAP database on the Slackware server. So far, so good. Ubuntu packages sourced and installed. Executing "getent group" on the Ubuntu client produces the expected results. Executing "getent passwd" does not; it only shows me a subset of the user accounts (notably, not my own account which was created prior to migration). Fiddling about with a couple of Windows-based ldap query clients, I can see that there seem to be some differences between accounts that were created pre-migration and those created post-migration. As an example, accounts created post-migration seem to have different "objectClass" attributes and values associated with them than do accounts created pre-migration - and the post-migration accounts are all visible with "getent passwd" on the Ubuntu client. Also, the pre-migration accounts have the "account" objectClass associated with them, while the post-migration accounts have the "person" objectClass associated with them. The post-migration accounts also seem to have the "posixAccount" object class associated with them. There are other differences, but these strike me (in my ignorance) as possibly being the source of the problem. In case it isn't obvious, I have zero LDAP experience other than this futzing around I'm doing. It seems fairly obvious that I need to somehow alter the pre-migration accounts in some way to make them more like the post-migration accounts, such that I can then log onto the Ubuntu client with the same user ID with which I log onto the WinXp clients. I'm reluctant to do much so far, in fear that I'll manage to irreparably damage the pre-migration accounts (somehow lose the SID, etc) such that they'll need to be re-created, with all the pain that entails on the WinXP clients (I use local profiles only on the WinXP boxes). So, as I said, probably not a Samba problem per se. Would someone be so kind as to suggest the proper list in which I can post this problem? Thanks very much in advance. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Permissions and security
Hi List Thanks for all the help. I found a solution. The solution was for to use "force user". Now shared files are owned by the same user and this solves my permissions problem. Thanks for the help Regards, Dennis -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
