[Samba] help with winbind and groups
Hello, I have winbind working well out of the box. However, I am having problems with using groups to restrict ssh access to the box. I have a feeling there are some tricks that I haven't thought of yet. Here is the relevant parts of smb.conf: workgroup = FOO password server = server.foo.local realm = FOO.LOCAL security = ads idmap uid = 1-2 idmap gid = 1-2 template shell = /bin/bash winbind use default domain = no winbind offline logon = false winbind enum users = no winbind enum groups = yes winbind separator = + 1. 'getent group' works and shows this group (yes, it is a different domain through a trust): NARF+tdtest:*:10521:NARF+joe_jel 2. I have this in sshd_config: AllowGroups root NARF+tdtest This works great! I can log in with NARF+joe_jel via ssh and life is good. However, I have a whole bunch of groups in AD that have spaces in them. I can see them fine in a 'getent group'. However, how can I restrict ssh access using these groups? I have tried quoting them in sshd_config but no luck. Any tricks here? Thanks! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Trouble with idmap_ldap in 3.3.6
Hello everyone, We've been running Samba for years, and with the exception of IDMAP, we've been very happy. Well, now we have a real need to keep this information in a shared DB, so I'm trying to set up the idmap_ldap plugin. I *think* I have lookups working correctly-- at least, I can see that Samba is contacting the LDAP directory. But since there's nothing actually *in* my directory yet, I can't be sure. But the real issue is that I'm having trouble getting LDAP to work as an allocating backend. I'm getting some ugly stuff like this: [2009/07/10 23:37:51, 0] winbindd/idmap.c:smb_register_idmap_alloc(201) idmap_alloc module tdb already registered! [2009/07/10 23:37:51, 0] winbindd/idmap.c:smb_register_idmap(149) Idmap module passdb already registered! [2009/07/10 23:37:51, 0] winbindd/idmap.c:smb_register_idmap(149) Idmap module nss already registered! [2009/07/10 23:37:51, 0] winbindd/idmap.c:idmap_alloc_init(589) ERROR: Initialization failed for alloc backend, deferred! [2009/07/10 23:38:12, 0] lib/fault.c:fault_report(40) === [2009/07/10 23:38:12, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 14920 (3.3.6) Please read the Trouble-Shooting section of the Samba3-HOWTO [2009/07/10 23:38:12, 0] lib/fault.c:fault_report(43) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2009/07/10 23:38:12, 0] lib/fault.c:fault_report(44) === [2009/07/10 23:38:12, 0] lib/util.c:smb_panic(1673) PANIC (pid 14920): internal error [2009/07/10 23:38:12, 0] lib/util.c:log_stack_trace(1777) BACKTRACE: 21 stack frames: #0 winbindd(log_stack_trace+0x2d) [0x3581f9] #1 winbindd(smb_panic+0x8e) [0x35804b] #2 winbindd [0x341960] #3 winbindd [0x341971] #4 /lib/tls/libc.so.6 [0x74e918] #5 winbindd [0x62c779] #6 winbindd(run_events+0xdf) [0x36b645] #7 winbindd [0x2b8c6d] #8 winbindd [0x2b5eb7] #9 winbindd(async_request+0x20f) [0x2b5881] #10 winbindd(do_async+0x13c) [0x2b9301] #11 winbindd(winbindd_gid2sid_async+0xd8) [0x2c190e] #12 winbindd(winbindd_gid_to_sid+0x2fd) [0x2a2bc7] #13 winbindd [0x2819b8] #14 winbindd [0x28251a] #15 winbindd [0x282368] #16 winbindd [0x281ce7] #17 winbindd [0x282c13] #18 winbindd(main+0xb68) [0x283a96] #19 /lib/tls/libc.so.6(__libc_start_main+0xd3) [0x73bdf3] #20 winbindd [0x280f31] [2009/07/10 23:38:12, 0] lib/fault.c:dump_core(231) dumping core in /var/log/samba/cores/winbindd It's entirely possible that I'm just not configuring this properly. I've been looking at this document (http://samba.org/~obnox/presentations/sambaXP-2009/sambaxp-2009-talk-obnox-slides-paper.pdf) for guidance, because to be honest, it's not clear which revision of idmap_ldap the manpage actually refers to. Anyway, the global section of my smb.conf follows, edited slightly. Can someone help me out? Oh, and I should mention-- I did set the alloc secret using 'net idmap secret alloc'. That part seems to go OK. (BTW-- some of these options have accreted over the years-- some of them may no longer be necessary, or even helpful-- please let me know if anything sticks out at you) [global] interfaces = eth0 netbios name = FOZZIE-NEW socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 realm = BOSTON.EXAMPLE.NET security = ADS idmap uid = 1-2 idmap gid = 1-2 idmap backend = ldap:ldap://localhost/ idmap alloc backend = ldap idmap alloc config : ldap_url = ldap://localhost/ idmap alloc config : ldap_user_dn = cn=Manager,dc=boston,dc=example,dc=net idmap alloc config : ldap_base_dn = ou=Idmap,dc=boston,dc=example,dc=net ldap idmap suffix = ou=Idmap,dc=boston,dc=example,dc=net ldap admin dn = cn=Manager,dc=boston,dc=example,dc=net ldap suffix = dc=boston,dc=example,dc=net ldap ssl = off winbind enum users = no winbind enum groups = no workgroup = BOSTON os level = 20 password server = bosdc01.boston.example.net preferred master = no winbind separator = + max log size = 50 log file = /var/log/samba/log.%m encrypt passwords = yes dns proxy = no wins server = 192.168.0.252 wins proxy = no smb ports = 139 load printers = no printable = no printcap name = /dev/null # For broken MacOSX client max disk size = 1048576 # make sure mode bits are always set correctly create mask = 770 directory mask = 770 # change default server identification string server string = "" # for sshd template shell = /bin/bash client use spnego = yes unix extensions = no I set up my LDAP with the following LDF: dn: dc=bost
Re: [Samba] net command in sernet -samba 3.4 for RHEL
True. It looks like something went wrong in my first install of samba3-client. I ran a reinstall and the binary is there and working correctly. samba3-client conflicted with samba-common 3.0.33 provided by RHEL. I removed that package first to resolve the conflict. It's possible that is where things went awry. The other side effect of removing samba-common is that it is required by Gnome and KDE. So now I have no gui desktop. RHEL bug 446349 - libsmbclient requires samba-windbind (and samba-common) Miguel Medalha wrote: After upgrading a test machine to Sernet's 3.4 package, it looks like the "net" command is gone. I am using that same Sernet package (i386 version) and the "net" command is working perfectly here. -- Adam Cohen / IT Manager Energy Biosciences Institute / UC Berkeley 109 Calvin Lab / 510-642-7709 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] net command in sernet -samba 3.4 for RHEL
After upgrading a test machine to Sernet's 3.4 package, it looks like the "net" command is gone. I am using that same Sernet package (i386 version) and the "net" command is working perfectly here. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] net command in sernet -samba 3.4 for RHEL
# yum list | grep samba3 samba3.i3863.4.0-40.el5 installed samba3.x86_64 3.4.0-40.el5 installed samba3-client.i386 3.4.0-40.el5 installed samba3-client.x86_64 3.4.0-40.el5 installed samba3-utils.i386 3.4.0-40.el5 installed samba3-utils.x86_643.4.0-40.el5 installed samba3-winbind.i3863.4.0-40.el5 installed samba3-winbind.x86_64 3.4.0-40.el5 installed Why do you have BOTH the .i386 and x86_64 installed? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] net command in sernet -samba 3.4 for RHEL
# yum list | grep samba3 samba3.i3863.4.0-40.el5 installed samba3.x86_64 3.4.0-40.el5 installed samba3-client.i386 3.4.0-40.el5 installed samba3-client.x86_64 3.4.0-40.el5 installed samba3-utils.i386 3.4.0-40.el5 installed samba3-utils.x86_643.4.0-40.el5 installed samba3-winbind.i3863.4.0-40.el5 installed samba3-winbind.x86_64 3.4.0-40.el5 installed at this point, would you advise: yum reinstall samba3-client ?? thanks for the tip about emailing direct - wasn't sure if that was the proper protocol and I really do appreciate the work you guys put into building the RH packages - not sure I could build from source on my own Michael Adam wrote: Hi, Adam Cohen wrote: After upgrading a test machine to Sernet's 3.4 package, it looks like the "net" command is gone. This was definitely there in the redhat-supplied 3.0 build and I thought it was there in sernet's 3.3 build too. I installed all the rpm's - samba3-client, samba3-utils, samba3-cifsmount am I missing something? Which packages precisely did you use? For the rhel5-packages, I find the net binary in the samba3-client package: $ rpm -qpl samba3-client-3.4.0-40.el5.x86_64.rpm | grep net /usr/bin/net /usr/share/man/man8/net.8.gz $ rpm -qpl samba3-client-3.4.0-40.el5.i386.rpm | grep net /usr/bin/net /usr/share/man/man8/net.8.gz $ Btw: for questions about the sernet packages, you can please write to sa...@sernet.de directly. Cheers - Michael -- Adam Cohen / IT Manager Energy Biosciences Institute / UC Berkeley 109 Calvin Lab / 510-642-7709 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] net command in sernet -samba 3.4 for RHEL
Hi, Adam Cohen wrote: > After upgrading a test machine to Sernet's 3.4 package, it looks like > the "net" command is gone. This was definitely there in the > redhat-supplied 3.0 build and I thought it was there in sernet's 3.3 > build too. I installed all the rpm's - samba3-client, samba3-utils, > samba3-cifsmount am I missing something? Which packages precisely did you use? For the rhel5-packages, I find the net binary in the samba3-client package: $ rpm -qpl samba3-client-3.4.0-40.el5.x86_64.rpm | grep net /usr/bin/net /usr/share/man/man8/net.8.gz $ rpm -qpl samba3-client-3.4.0-40.el5.i386.rpm | grep net /usr/bin/net /usr/share/man/man8/net.8.gz $ Btw: for questions about the sernet packages, you can please write to sa...@sernet.de directly. Cheers - Michael -- Michael Adam SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.SerNet.DE, mailto: Info @ SerNet.DE pgp6jFbkz1Nnw.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] net command in sernet -samba 3.4 for RHEL
On Fri, Jul 10, 2009 at 02:10:24PM -0700, Adam Cohen wrote: > After upgrading a test machine to Sernet's 3.4 package, it looks like > the "net" command is gone. This was definitely there in the > redhat-supplied 3.0 build and I thought it was there in sernet's 3.3 > build too. I installed all the rpm's - samba3-client, samba3-utils, > samba3-cifsmount am I missing something? I'll look into this soon. Volker -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] net command in sernet -samba 3.4 for RHEL
After upgrading a test machine to Sernet's 3.4 package, it looks like the "net" command is gone. This was definitely there in the redhat-supplied 3.0 build and I thought it was there in sernet's 3.3 build too. I installed all the rpm's - samba3-client, samba3-utils, samba3-cifsmount am I missing something? -- Adam Cohen / IT Manager Energy Biosciences Institute / UC Berkeley 109 Calvin Lab / 510-642-7709 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 RC
I'm wondering if anybody's got this work with windows server 2008 R2 RC (build 7100). I'm able to join my samba domain after making all of the posted registry modifications, but I too am getting the "The trust relationship between this workstation and the primary domain failed" message when I try to login. I upgraded to Samba 3.3.6 (from 3.0.33) and joined the machine after doing so. Here's the log from the samba pdc when I try a domain login: [2009/07/10 09:22:35, 0] rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(555) _netr_ServerAuthenticate2: netlogon_creds_server_check failed. Rejecting auth requestfrom client DISCOVERY machine account DISCOVERY$ [2009/07/10 09:22:35, 0] rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(555) _netr_ServerAuthenticate2: netlogon_creds_server_check failed. Rejecting auth requestfrom client DISCOVERY machine account DISCOVERY$ [2009/07/10 09:22:50, 0] lib/util_sock.c:read_socket_with_timeout(939) [2009/07/10 09:22:50, 0] lib/util_sock.c:get_peer_addr_internal(1676) getpeername failed. Error was Transport endpoint is not connected read_socket_with_timeout: client 0.0.0.0 read error = Connection reset by peer. All my XP clients are still fine as well as vista and server 2008 Standard R1 clients. Any ideas? In the meantime, I'll try installing windows 7 RC and see if I have different results. -- View this message in context: http://www.nabble.com/Windows-7-RC-tp23405949p24432021.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] login.bat has error?
On Thu, Jul 9, 2009 at 8:31 AM, Mohsen Pahlevanzadeh wrote: > ldap suffix = dc=example,dc=com Ohh... Your smb.conf is wrong. That one should read: ldap suffix = dc=mylove -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] login.bat has error?
On Fri, Jul 10, 2009 at 4:23 PM, Mohsen Pahlevanzadeh wrote: > I have configure all of them.But you remind me hash of > smbldap_bind.conf, i input clear text password.May i input hash of my > password? AFAIK, you need clear text passwords. What about your ACLs? Does DN have permission to write? Are you sure you have not made a typo somewhere? Do you have the samba.schema in place? The error you posted is -apparently- from Samba. When you run smbldap-useradd from CLI, does it gives an error? Can you run "smbldap-useradd somebody"? Remember that computers are users too, so nss_base_passwd (/etc/ldap.conf) must be configured so it can return entries in ou=users and ou=computers (in your case it must be nss_base_passwd dc=mylove?sub) BTW, are you running: smbldap-useradd -w debian$ or smbldap-useradd -w debian ? Regards, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Active Directory Integration Problems
David Armstrong wrote: Thanks for the replies. I have modified the share portion of my smb.conf file as shown below. Still no luck. [test] path = /home/2CP/darmstrong browseable = yes read only = yes inherit permissions = yes valid users = "2CP\darmstrong","buexec","test",itadmin write list = "2CP\darmstrong","buexec","test",itadmin read list = When modifying file permissions for shares on Windows servers, I have to log out and log back on again before the workstation recognizes them. Does the same go for Samba shares? Sounds like my first suggestion was wrong, maybe try uping the idmap setting. idmap backend = rid:CHEMENG=500-1 idmap uid = 500-1 idmap gid = 500-1 Is there anything in the logs? -- Brian Gregorcy IT Manager University of Utah Department of Chemical Engineering -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] login.bat has error?
I have configure all of them.But you remind me hash of smbldap_bind.conf, i input clear text password.May i input hash of my password? smbldap-useradd -w workstation can't run.and gives me error: Error: modifications require authentication at /usr/share/perl5/smbldap_tools.pm line 1083. [2009/07/10 13:53:22, 0] passdb/pdb_interface.c:pdb_default_create_user(336) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w debian$' gave 1 On Fri, 2009-07-10 at 14:14 -0300, Norberto Bensa wrote: > smbldap_bind.conf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] recognizing netbios name
Robert, I agree with Miguel, as basic networking is fairly straightforward. Are your workstations using DHCP with the router acting as the DHCP server? If so, does the router have an option for declaring a WINS server, and have you done so? If the router doesn't have that option, have you manually enabled netbios over tcp/ip and declared the WINS server on the clients? If you're using static ip's, then you'll also have to manually configure the workstations for WINS to work. Run ps -ef | grep mbd. You should see both smbd and nmbd if Samba is fully active. Good luck, Dale Miguel Medalha wrote: Conclusion: There is no way for an individual user, even one with decades of computer experience, to set up a Linux LAN. I cannot in any way, shape or form, agree with that. My first Linux domain controller was working on production after a couple of weeks of study, starting from about zero knowledge of Samba. Reading your post, it seems to me that your problem lies with some misconfiguration on that router you are using between the Linux machine and the Windows machines. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
RE: [Samba] "No data on inotify fd" error
Receiving the exact same errors on RHEL 5.3 kernel: 2.6.18-92.1.13.el5xen Samba Version: 3.0.31-SerNet-RedHat After some googling it looks like a kernel bug, so I set "kernel change notify = No" in smbd.conf and I had to kill two rogue smbd processes on the box, reboot the rogue user's machine and then it hasn't happened again since. (the smbd processes appeared to have detached themselves from the client, so they were filling the logs and needed to be terminated) It looks like I'll need to schedule an outage to update the kernel. > -Original Message- > From: samba-bounces+andrew.masterson=nuvistaenergy@lists.samba.org > [mailto:samba-bounces+andrew.masterson=nuvistaenergy@lists.samba.org ] On > Behalf Of MargoAndTodd > Sent: Saturday, June 27, 2009 3:23 PM > To: samba@lists.samba.org > Cc: volker.lende...@sernet.de > Subject: Re: [Samba] "No data on inotify fd" error > > Volker Lendecke wrote: > > > > On Fri, Jun 26, 2009 at 03:45:32PM -0700, MargoAndTodd wrote: > >> My poor /var/log/messages is getting hammered with: > >> > >> smbd[16076]: No data on inotify fd?! > >> > >> smbd[16076]: [2009/06/25 13:21:18, 0] \ > >> smbd/notify_inotify.c:inotify_handler(249) > >> > >> Everything else seems to be working fine. Any idea > >> what this is all about? > > > > Is there any way to reproduce this? Till we really fix this, > > can you try the attached workaround patch? This will reduce > > the number of messages a lot. > > Hi Volker, > > What triggered this was my root partition filling. I > go to this customer on Wednesdays or Thursdays. I get > a nightly backup report, which I have included a > "df" on my hard drives. My root partition went > from typical 56% capacity to 86%. After cleaning > everything up, it dropped to 46%. > > So, I installed a months worth of YUM updates, including > a kernel update. Since this is a running server, I could > not reboot after the kernel update. So I set it to > reboot at 8:00 PM (20:00). Since then, with the > fine offices of logrotate, my root partition > has dropped to 27%. So there is a very big possibility > that the kernel update and/or the reboot did the trick. > > But, I will check next Tuesday or Thursday. > > I am not sure how to duplicate this. And, am a bit > cautious about sending this to Samba's bugzilla, being > that it is older Red Hat Enterprise stuff. If I can > duplicate this, I should report it to Red Hat. > > -T > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] login.bat has error?
On Fri, Jul 10, 2009 at 6:42 AM, Mohsen Pahlevanzadeh wrote: > Oh,I found following log in log.debian: > Error: modifications require authentication > at /usr/share/perl5/smbldap_tools.pm line 1083. Looking up the code of smbldap_tools.pm, it looks like it is trying to make a modification to the tree, but it doesn't have the required permissions (it wants to update $sambaUnixIdPooldn) Have you configured all these files ? : /etc/ldap/slapd.conf /etc/ldap/ldap.conf /etc/ldap.conf /etc/nsswitch.conf /etc/smbldap-tools/smbldap-tools.conf /etc/smbldap-tools/smbldap_bind.conf /etc/samba/smb.conf Have you ran smbldap-populate ? Does samba know the "ldap admin dn" password (smbpasswd -W) ? Can you run "smbldap-useradd -w workstation"? Does it succeed? HTH, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Simple group question...
On 7/10/2009, Regis Niggemann (reg...@techheads.com) wrote: > Of course the problem with this method is you are granting that group admin > rights to all those computers. If a single account in that group with those > rights becomes infected with some malware, it is possible for that malware > to infect ALL the computers. > > Just saying... Not a problem if you ALSO restrict each user to only be able to log onto their computer... this way, even though they are in that group, they can only log onto theirs... -- Best regards, Charles -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba(3.2.12 and 3.4.0) - Winbind - trusted domains - Problem!
Ok Here is a Logfile with some nice Errors: [2009/07/10 11:51:19, 3] winbindd/idmap.c:359(idmap_init_default_domain) idmap_init: using 'tdb' as remote backend [2009/07/10 11:51:19, 3] winbindd/idmap_tdb.c:616(idmap_tdb_db_init) Warning: 'idmap uid' not set! [2009/07/10 11:51:19, 3] winbindd/idmap_tdb.c:630(idmap_tdb_db_init) Warning: 'idmap gid' not set! [2009/07/10 11:51:19, 1] winbindd/idmap_tdb.c:214(idmap_tdb_load_ranges) idmap uid missing [2009/07/10 11:51:19, 0] winbindd/idmap_tdb.c:287(idmap_tdb_open_db) Upgrade of IDMAP_VERSION from -1 to 2 is not possible with incomplete configuration [2009/07/10 11:51:19, 1] winbindd/idmap.c:321(idmap_init_domain) idmap initialization returned NT_STATUS_UNSUCCESSFUL [2009/07/10 11:51:19, 1] winbindd/winbindd_user.c:97(winbindd_fill_pwent) error getting user id for sid S-1-5-21-1801630100-1912888146-724944298-3714 [2009/07/10 11:51:19, 1] winbindd/winbindd_user.c:856(winbindd_getpwent) could not lookup domain user testuser1806200902 [2009/07/10 11:51:19, 0] winbindd/idmap.c:201(smb_register_idmap_alloc) idmap_alloc module ldap already registered! [2009/07/10 11:51:19, 0] winbindd/idmap.c:201(smb_register_idmap_alloc) idmap_alloc module tdb already registered! [2009/07/10 11:56:17, 5] winbindd/winbindd_async.c:386(winbindd_lookupname_async) Could not find domain for name 'DOMAIN2' [2009/07/10 11:56:17, 5] winbindd/winbindd_sid.c:116(lookupname_recv) lookupname returned an error [2009/07/10 11:56:17, 5] winbindd/winbindd_util.c:672(init_child_recv) Received child initialization response for domain DOMAIN3 [2009/07/10 11:56:17, 5] libsmb/namequery.c:200(saf_fetch) saf_fetch: Returning "SERVER-DOM3" for "DOMAIN3" domain This Errors are coming up 10 Times and winbind needs without cache 1,5 GB RAM and 100% CPU Time! Well i'am using LDAP as idmap Backend... idmap uid = 1-2 idmap gid = 1-2 idmap backend = ldap:ldap://127.0.0.1/ ldap idmap suffix = ou=Idmap I hope someone can help me... :-) -- Neu: GMX Doppel-FLAT mit Internet-Flatrate + Telefon-Flatrate für nur 19,99 Euro/mtl.!* http://portal.gmx.net/de/go/dsl02 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] recognizing netbios name
Conclusion: There is no way for an individual user, even one with decades of computer experience, to set up a Linux LAN. I cannot in any way, shape or for, agree with that. My first Linux domain controller was working on production after a couple of weeks of study, starting from about zero knowledge of Samba. Reading your post, it seems to me that your problem lies with some misconfiguration on that router you are using between the Linux machine and the Windows machines. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] login.bat has error?
Oh,I found following log in log.debian: Error: modifications require authentication at /usr/share/perl5/smbldap_tools.pm line 1083. Do you know about this? Yours, Mohsen On Fri, 2009-07-10 at 14:03 +0430, Mohsen Pahlevanzadeh wrote: > Now i changed my netbios name.but i get same error. > On Thu, 2009-07-09 at 20:38 -0300, Norberto Bensa wrote: > > Forwarding this one to the list: > > > > On Thu, Jul 9, 2009 at 8:16 PM, Mohsen > > Pahlevanzadeh wrote: > > > Mylove is my netbios name & my workgroup name. > > > > Oh... That's a violation of the smb protocol :-) > > > > Your netbios name can't be your workgroup/domain name. > > > > Try that on Windows if you don't believe me. > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] login.bat has error?
Now i changed my netbios name.but i get same error. On Thu, 2009-07-09 at 20:38 -0300, Norberto Bensa wrote: > Forwarding this one to the list: > > On Thu, Jul 9, 2009 at 8:16 PM, Mohsen > Pahlevanzadeh wrote: > > Mylove is my netbios name & my workgroup name. > > Oh... That's a violation of the smb protocol :-) > > Your netbios name can't be your workgroup/domain name. > > Try that on Windows if you don't believe me. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] login.bat has error?
Now i changed netbios name to my hostname.& my workgroup name is mylove. But i got same error. On Thu, 2009-07-09 at 20:30 -0400, John Drescher wrote: > On Thu, Jul 9, 2009 at 7:38 PM, Norberto Bensa wrote: > > Forwarding this one to the list: > > > > On Thu, Jul 9, 2009 at 8:16 PM, Mohsen > > Pahlevanzadeh wrote: > >> Mylove is my netbios name & my workgroup name. > > > > Oh... That's a violation of the smb protocol :-) > > > > Your netbios name can't be your workgroup/domain name. > > > > Try that on Windows if you don't believe me. > > > It also can not be the name of a user or group or anything else in smb > > John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] recognizing netbios name
July 10, 2009 François Legal de...@thom.fr.eu.org samba@lists.samba.org Subject: [Samba] recognizing netbios name You responded: > I think samba can't really work without smb.conf > Most parameters have default values, but things like > workgroup don't. > > Do you have any kind of firewall present on the samba > machine or selinux policy in the way ? > > When wins support is set to yes in smb.conf, can you see > the samba processes in ps-ef and the samba processes > listening on the correct net work interface > (netstat -lnp) ? > > François Sir: I also find it remarkable that Samba runs without smb.conf, but it worked on two different tries. I already eliminated firewalls without improvement. As for selinux, I have not mastered it. I hope it is not necessary to spend a month understanding it just so I can connect a LAN. When running Samba as well as possible, including wins support = yes ps -ef reports two processes containing smb in their name: /usr/libexec/gvfsd-smb-browse /usr/libexec/gvfsd-smb netstat -lnp reports lots, too much to interpret. The only entry with smb in its name is: unix 2 [ ACC ] STREAM LISTENING 14588 2716/gvfsd-smb-brow /tmp-orbit/rtmq-linc-a9c-0-709443e53c0c3 (Its all one line in the report). Experience with this kind of problem suggests that an elementary switch somewhere has not been turned on. There seem to be no tools that assist in locating it. Aside: I decided I was making little progress, so I decided to spend $80 buying Red Hat Enterprise Linux. It comes with support through your configuration. A call to to the US, after a half-hour listening to "your call is important to us", got a referral to a Canadian distributor. When he asked me how to spell L-I-N-U-X, I new I was out of luck. Conclusion: There is no way for an individual user, even one with decades of computer experience, to set up a Linux LAN. Robert T McQuaid Mattawa Ontario Canada earlier communication: July 8, 2009 Nick Pappin npap...@latahfcu.org François Legal de...@thom.fr.eu.org samba@lists.samba.org Subject: [Samba] recognizing netbios name F Legal suggested: > If there is a router between your samba machine and your > windows machines (which all 3 are on the same subnet if > I understood correctly), then you probably need some > sort of name resolution service (either WINS as provided > by samba or DNS), as the broadcast packets used by the > machines to announce themselves to the network probably > won't traverse your router. Another option is building > an lmhosts file and distributing it all over the > machines. However, I think wins should work fine in > your case, so just add wins support = yes in smb.conf > then setup your windows machines to use the wins at the > address of your samba machine. W Nick Pappin asked: > Is the linux system and the windows boxes on the same subnet and network. Gentlemen: The hardware configuration is a router connected to a modem and the outside internet, and also connected to each of four computers by ethernet cables, so all computers are on the same subnet. Enabling WINS in smb.conf made no difference. Establishing an lmhosts file on a windows computer associating 192.168.0.4 with dell allowed ping dell to produce the same result as ping 192.168.0.4, but otherwise there was no improvement. One more drastic test. After becoming skeptical of smb.conf because no log files showed up where specified, I made a backup and deleted it entirely -- rm /etc/samba/smb.conf . On rebooting, there was no change, the Linux system could still read all windows computers, though they could not see the Linux system. So it seems Samba is paying no attention to smb.conf. Is there a way to communicate directly with Samba to find out what it is relying on? Robert T McQuaid original request below: July 6, 2009 Samba samba@lists.samba.org Subject: recognizing netbios name I have a Fedora 10 Linux system connected through a router to three windows computers (XP+XP+Vista). The Linux computer seems unable to present a netbios name to the rest of the network. The Linux computer can read files from all of the Windows computers, but the windows computers cannot see anything on the Linux system. The following diagnoses have already been made: I shut off the modem connecting to the internet, then disabled all firewalls. No improvement. I looked in the router for its table of attached devices. It lists a device name for the windows
[Samba] Samba(3.2.12 and 3.4.0) - Winbind - trusted domains - Problem!
Good Morning! We got in some troubles using trusted domains and winbind. First i will tell you something about the network and samba configuration. For our SMB Environment we use Samba 3.2.12. We have three trusted domains. Our Samba Server uses LDAP as Backend. Most of the time it worked nice, but after some time Winbind loses User Entrys. On the windows side i can see "unknown user 1-0-0". If i set winbind cache time to 0. Winbind will uses 100% off CPU time. So when i switch it back to something higher than 0, winbind will take 0% and alle Users can be mapped. After some time the problem returns slowly. "wbinfo -u" shows all users, but "getent passwd" not. Some Users are Missing. Domain Logon on trusted domains does work, but the User has no right on his files -> "unknown user 1-0-0"! Here is the Error Log: [2009/07/08 07:36:44, 1] winbindd/winbindd_user.c:winbindd_fill_pwent(84) error getting user id for sid S-1-5-21-1801630100-1912888146-724944298-3840 [2009/07/08 07:36:44, 1] winbindd/winbindd_user.c:winbindd_getpwent(766) could not lookup domain user c.akgay [2009/07/08 07:36:44, 1] winbindd/winbindd_user.c:winbindd_fill_pwent(84) error getting user id for sid S-1-5-21-1801630100-1912888146-724944298-3842 [2009/07/08 07:36:44, 1] winbindd/winbindd_user.c:winbindd_getpwent(766) could not lookup domain user p.singh [2009/07/08 07:36:44, 1] winbindd/winbindd_user.c:winbindd_fill_pwent(84) error getting user id for sid S-1-5-21-1801630100-1912888146-724944298-3844 [2009/07/08 07:36:44, 1] winbindd/winbindd_user.c:winbindd_getpwent(766) could not lookup domain user h.sahi [2009/07/08 07:36:44, 1] winbindd/winbindd_user.c:winbindd_fill_pwent(84) error getting user id for sid S-1-5-21-1801630100-1912888146-724944298-3846 [2009/07/08 07:36:44, 1] winbindd/winbindd_user.c:winbindd_getpwent(766) could not lookup domain user a.nur [2009/07/08 07:36:54, 0] libsmb/clientgen.c:cli_receive_smb(165) Receiving SMB: Server stopped responding [2009/07/08 07:36:54, 1] winbindd/winbindd_cm.c:cm_prepare_connection(947) failed tcon_X with NT_STATUS_IO_TIMEOUT [2009/07/08 07:36:57, 0] libsmb/namequery.c:saf_store(75) saf_store: refusing to store 0 length domain or servername! [2009/07/08 07:37:07, 0] libsmb/clientgen.c:cli_receive_smb(165) Receiving SMB: Server stopped responding [2009/07/08 07:37:07, 1] winbindd/winbindd_cm.c:cm_prepare_connection(947) failed tcon_X with NT_STATUS_IO_TIMEOUT Whats Wrong? So we have switched on one Server to Samba 3.4.0. It seems to work! "wbinfo -u" and "getent passwd" shows the same count of users. But after one hour i got this when i logon from Domain1 to Domain2: "session setup failed: NT code 0x1c010002". "dom1:/# smbclient -U MITARBEITER+r.lamboj //server-dom2/all-homes". Domain Logons work. You can logon from a PC that is Member of Domain1 to Domain2. But i cant Access Shares from the other Domain. When i send a SIGHUP Signal to winbindd it will work again for one hour(or less), sometimes i need to kill winbindd and restart it. I have tried to Upgrade the other Samba PDC(from 3.2.12 to 3.4.0) Samba worked fine, but winbind wont work. It seems to hang. After all that trouble i have tried soemthing new. I will give every trusted domain its own range of user- and group- ids. idmap alloc backend = ldap idmap alloc config:ldap_base_dn = ou=Idmap,dc=intern,dc=domain,dc=at idmap alloc config:ldap_url = ldap://127.0.0.1/ idmap alloc config:range = 10-30 idmap alloc config:ldap_user_dn = cn=Manager,dc=intern,dc=domain,dc=at idmap config DOMAIN1:range = 10-19 idmap config DOMAIN1:backend = ldap idmap config DOMAIN1:ldap_base_dn = ou=Idmap,dc=intern,dc=domain,dc=at idmap config DOMAIN1:ldap_url = ldap://127.0.0.1/ idmap config DOMAIN1:ldap_user_dn = cn=Manager,dc=intern,dc=domain,dc=at idmap config DOMAIN2:range = 20-29 idmap config DOMAIN2:backend = ldap idmap config DOMAIN2:ldap_base_dn = ou=Idmap,dc=intern,dc=domain,dc=at idmap config DOMAIN2:ldap_url = ldap://127.0.0.1/ idmap config DOMAIN2:ldap_user_dn = cn=Manager,dc=intern,dc=domain,dc=at But this doesnt work, it starts at a range from 1 for all Domains. I also have set the secrets with: net idmap secret domain1 mypassword net idmap secret domain2 mypassword net idmap secret alloc mypassword Does i need to clear the idmap database? How can i CHANGE the range? Thos does not work too: idmap uid = 10-20 idmap gid = 10-20 It starts at 1 and not at 10. Full Configuration of one of the Samba Servers: [global] # Do something sensible when Samba crashes: mail the admin a backtrace panic action = /usr/share/samba/panic-action %d netbios name = SERVER-DOM1 workgroup = DOMAIN1 server string = Samba PDC %v hosts allow = 127.0.0.0/8 192.168.10.0/24 security = user encrypt passwords = true interfaces = eth0 bind interfaces only = yes log leve
Re: [Samba] No Error When Trying To Delete Protected Files WithWindows Explorer
On Fri, Jul 10, 2009 at 09:59:47AM +0200, Volker Lendecke wrote: > The problem is definitely fixed in 3.0.32. However, the fix > depends on a correct mapping from file system ACLs to NT > ACLs. I'm not aware that there exists such a mapping for the > NSS file system. You might want to contact Novell to provide > it. Well, sorry... Had not seen your @novell.com address :-) Feel free to provide a module that maps NSS->NT ACLs :-) Volker signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Active Directory Integration Problems
HI:) what permission you used for the folder: /home/CHE-shares/faculty ? Thanks:) Gabi On Fri, Jul 10, 2009 at 12:20 AM, gregorcy wrote: >> [test] >> >> path = /home/2CP/darmstrong >> >> valid users = 2CP\darmstrong,2CP\buexec,2CP\test,itadmin >> >> write list = 2CP\darmstrong,2CP\buexec,2CP\test,itadmin >> >> read list = >> >> > > > > Try setting up your share like this, I am not sure that you need the quotes > except of groups with spaces in them. > > >> [faculty] >> comment = CHE Faculty Share >> path = /home/CHE-shares/faculty >> browseable = yes >> read only = yes >> inherit permissions = yes >> write list = @"CHEMENG+Domain Admins", >> @"CHEMENG+Faculty" >> valid users = @"CHEMENG+Domain Admins", >> @"CHEMENG+Faculty" >> admin users = @"CHEMENG+Domain Admins" > > > > -- > Brian Gregorcy > IT Manager > University of Utah > Department of Chemical Engineering > 801.585.7170 > > > > > > > > > > > > >> > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] No Error When Trying To Delete Protected Files WithWindows Explorer
On Fri, Jul 10, 2009 at 01:06:40AM -0600, Har Gagan Sahai wrote: > Can you please tell me in which samba version this problem was fixed ? > I am using 3.0.32 and facing the same problem on the NSS > file system. (bug #5841). > > Probably with the change I would be able to see the error > in the windows machine. The problem is definitely fixed in 3.0.32. However, the fix depends on a correct mapping from file system ACLs to NT ACLs. I'm not aware that there exists such a mapping for the NSS file system. You might want to contact Novell to provide it. Volker signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] No Error When Trying To Delete Protected Files WithWindows Explorer
Volker, Can you please tell me in which samba version this problem was fixed ? I am using 3.0.32 and facing the same problem on the NSS file system. (bug #5841). Probably with the change I would be able to see the error in the windows machine. Thanks and regards, Har Gagan Sahai >>> Volker Lendecke 7/8/2009 6:00 PM >>> On Wed, Jul 08, 2009 at 01:10:32PM +0100, Atkinson, Robert wrote: > I have a file on a VMS system that I'm accessing using a SAMBA share. When I > delete the file, the icon disappears from the browser window as if it's been > deleted. > > On the VMS host, the file is still there, and cannot be deleted because it's > protected (no delete privilege). If I then press F5 to refresh the Browser > window, the fie re-appears. > > A trace of the IP packets show that SAMBA is returning an 'Access Denied' > message, but Windows doesn't seem to see it. Has anyone else come across > this? Is it a known bug with Windows? You probably need a recent Samba version, with XP SP2 Windows changed the way to delete a file. Probably you're seeing the "Access Denied" on the close request, Windows ignores it there. Recent Samba gives the error message on the open call preceding that. Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Broken Pipes openSuSE 10.3 samba-3.3.4
Guys, After upgrade to samba 3.3.4 on openSuSE 10.3, I'm getting: Jul 10 02:05:14 bonza smbd[31942]: [2009/07/10 02:05:14, 0] lib/util_sock.c:write_data(1136) Jul 10 02:05:14 bonza smbd[31942]: [2009/07/10 02:05:14, 0] lib/util_sock.c:get_peer_addr_internal(1676) Jul 10 02:05:14 bonza smbd[31942]: getpeername failed. Error was Transport endpoint is not connected Jul 10 02:05:14 bonza smbd[31942]: write_data: write failure in writing to client 0.0.0.0. Error Broken pipe Jul 10 02:05:14 bonza smbd[31942]: [2009/07/10 02:05:14, 0] smbd/process.c:srv_send_smb(74) Jul 10 02:05:14 bonza smbd[31942]: Error writing 61503 bytes to client. -1. (Transport endpoint is not connected) Jul 10 02:05:14 bonza smbd[31942]: [2009/07/10 02:05:14, 0] lib/util_sock.c:write_data(1136) Jul 10 02:05:14 bonza smbd[31942]: [2009/07/10 02:05:14, 0] lib/util_sock.c:get_peer_addr_internal(1676) Jul 10 02:05:14 bonza smbd[31942]: getpeername failed. Error was Transport endpoint is not connected Jul 10 02:05:14 bonza smbd[31942]: write_data: write failure in writing to client 0.0.0.0. Error Broken pipe Jul 10 02:05:14 bonza smbd[31942]: [2009/07/10 02:05:14, 0] smbd/process.c:srv_send_smb(74) Jul 10 02:05:14 bonza smbd[31942]: Error writing 75 bytes to client. -1. (Transport endpoint is not connected) All file transfers want to stop at 7558640 bytes. I haven't seen broken pipes in years. Any ideas? This server operates in standalone: [global] workgroup = RB_LAW server string = Samba Server %v map to guest = Bad User log level = 1 log file = /var/log/samba/log.%m max log size = 500 smb ports = 139 name resolve order = wins lmhosts bcast time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = cups disable spoolss = Yes show add printer wizard = No os level = 80 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes hosts allow = 192.168.7., 192.168.8., 127., 66.76.63.120 [homes] comment = Home Directories read only = No browseable = No Dunno what to check? -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba