[Samba] LDAP
Dearow friends ple help me how to configure the ldap in redhatel5 server and also how to put postfix mail server in the ldap server ple any help me -- Bala -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Hiding the Username & Password mount_point cifs
Hallo, for two or may be three user I think it is a good solution to write the users and the passwords in a hidden file. But for more users? With google I did not find a solution without LDAP. In regards Kaspar -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba as fileserver in an Windows AD Domain
Am Mittwoch, 28. Oktober 2009 19:46:44 schrieb Daniel Bauer: > Hallo, > > I tried to setup a SuSE10.2 with samba 3.0.23d (but the same trouble with > SuSE11.1). > > I got a valid Kerberos Ticket and joined successfully the domain (with net > join). > > Users and group are displayed with wbinfo -u / -g . I could also verify > accounts with wbinfo -a user%pass. > > When I tried to access the shares, the dialog apears to give the > credentials. It doesn't matter what you fill in, there is no access. > > I also could not get users and groups with getent passwd / group. I tried > different configs of > /etc/nsswitch.conf with different results: > > only local accounts will be showed: > passwd: compat > group: compat > > local account and the group BUILTIN > passwd: files winbind > group: files winbind > > here are the local account, the BUILTIN group and a new entry like this: > "+::0:" are displayed > I think there is a problem with matching Windows LDAP with *nix LDAP > passwd: files winbind ldap > group: files winbind ldap > > My /etc/smb.conf: > [global] > workgroup = WIN2003SRV > security = ADS > realm = win2003srv.loc > idmap backend = ad > idmap uid = 1-2 > idmap gid = 1-2 > template homedir = /home/%D/%U > winbind separator = + > password server = 10.1.2.154 > domain master = No > ldap ssl = no > winbind use default domain = yes > winbind enum users = yes > winbind enum groups = yes > winbind nested groups = yes > encrypt passwords = yes > client use spnego = yes > wins server = 10.1.2.154 > > I see successful logins at the Windows DC. > Do I need LDAP, or is Kerberos enough? > Could somebody tell me what I do wrong? > > Thanks a lot > Daniel > I have the same 'problem' ... kaspar -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Lots of smbd processes and connections?
On 10/29/09 4:20 PM, "Jeremy Allison" wrote: > > Did you reboot the client ? Until you do it'll still think > the Samba server is a dfs host. The one client I tested was rebooted (it affects all of the 50 or so client machines that I run) - I'll look tomorrow into disabling DFS via group policy also on the client side (if that's possible even). Matthew -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] compiling 3.2.15: cifs.upcall not found afer RPM build
On Thu, 29 Oct 2009 15:34:41 -0400 (EDT) "David Magda" wrote: > On Thu, October 29, 2009 15:05, Jeff Layton wrote: > > > Be forewarned that there's no kernel support for DFS or krb5 in RHEL4 > (unless you've added that yourself). So there's little reason to install > cifs.upcall there. > > So is the samba.spec file designed for RHEL 5+ then? I'm trying to > simplify things by using the included scripts and files and not rolling my > own. If 'configure' does not find the proper headers (or libraries), > there's no sense having the .spec file look for the binaries if they're > not going to be generated. Not sure if there's a way to automated that. > I'm not sure. I'm afraid that I've never used makerpms.sh. > Turns out that Samba is looking for "keyutils.h", while RHEL4 has > "keyutil.h" (no 's'). Ditto for "libkeyutil[s].so". Create a soft link > fixed the 'configure' and linking errors, and allowed the RPMs to be > built. > It sounds like something is broken with your install. My RHEL4 host has a keyutils.so and keyutils.h as part of the keyutils-devel and keyutils-libs packages. -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Cant connect to samba share from windows xp with another user
Hi, I getting this problem since I updated my samba server for the one with opensuse 11.1. When I try to get to a share in the samba server, say \\sambaserver\apps, and Im logged in the station with a user that has access to the share everything works fine. But when I log in with a user that does not have access to that share windows prompts me a user/password dialog box. I fill in a valid user/password samba does allow me to log in. Here is my smb.conf share part: [aplicativos] path = /home/SemBackup/aplicativos valid users = ff force group = users writeable = yes when I logged in a station with user ff I can access the share. But then I log in with user visitantes which does not have access permission. Windows prompts for user/password. I fill in user ff and my password and windows denies access. In the log it shows it trying to log in with user visitantes and not with user ff: [2009/10/29 20:52:57, 1] smbd/service.c:close_cnum(1409) lfoinfo-tec (:::10.2.1.5) closed connection to service netlogon [2009/10/29 20:52:58, 2] smbd/service.c:make_connection_snum(740) user 'visitantes' (from session setup) not permitted to access this share (aplicativos) [2009/10/29 20:53:00, 2] smbd/service.c:make_connection_snum(740) user 'visitantes' (from session setup) not permitted to access this share (aplicativos) [2009/10/29 20:53:00, 2] smbd/service.c:make_connection_snum(740) user 'visitantes' (from session setup) not permitted to access this share (aplicativos) [2009/10/29 20:53:07, 2] smbd/service.c:make_connection_snum(740) user 'visitantes' (from session setup) not permitted to access this share (aplicativos) [2009/10/29 20:53:11, 2] smbd/service.c:make_connection_snum(740) If it can help: smbd version 3.2.7-11.4.1-2210-SUSE-CODE11 started. Why samba, or windows, is not trying to log in with ff password? Thanks for your attention. -- att., Flávio Fonseca Dark Penguin Informática Ltda. LPI 2 Certified -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Lots of smbd processes and connections?
On Thu, Oct 29, 2009 at 12:03:16PM -0500, Matthew Dickinson wrote: > > On 10/28/09 11:33 PM, "Jeremy Allison" wrote: > > > If you're not using DFS then try setting "host msdfs = no" and > > rebooting the clients. I'm guessing this may make a difference. > > > > Jeremy. > > This hasn't made any difference for me, I'm still getting the "couldn't find > serviced" truncated message Did you reboot the client ? Until you do it'll still think the Samba server is a dfs host. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Missing sids for domain administrator?
> -Original Message- > From: samba-boun...@lists.samba.org On Behalf Of Ian Puleston > Sent: Thursday, October 29, 2009 11:22 AM > > I'm working on bug https://bugzilla.samba.org/show_bug.cgi?id=6592 and > something that has apparently changed in my setup is preventing me from > testing the final stages of the fix. I have a machine running Samba > server and joined to the domain, and am accessing that from the W2K3 > domain server, logged into the latter as the domain > administrator. But the problem is that in its access checks smbd is not > getting the sid for the Administrators group (S-1-5-32-544). > > Back in July I was getting the S-1-5-32-544 sid, > but something has changed since then and now I am not. The samba log from back in July: > se_access_check: user sid is > S-1-5-21-4023909512-3739307249-2032274589-500 > se_access_check: also S-1-5-21-4023909512-3739307249-2032274589-513 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-4023909512-3739307249-2032274589-520 > se_access_check: also S-1-5-21-4023909512-3739307249-2032274589-519 > se_access_check: also S-1-5-21-4023909512-3739307249-2032274589-518 > se_access_check: also S-1-5-21-4023909512-3739307249-2032274589-512 > se_access_check: also S-1-5-32-545 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-22-1-601 > se_access_check: also S-1-22-2-604 > se_access_check: also S-1-22-2-607 > se_access_check: also S-1-22-2-608 > se_access_check: also S-1-22-2-609 > se_access_check: also S-1-22-2-610 > se_access_check: also S-1-22-2-603 > se_access_check: also S-1-22-2-602 > > The missing sids are for the Users and Administrators group, plus those > "S-2-22-2" sids, whatever they are. A bit more information I've managed to glean. I'm working on Fedora 10 which has Samba 3.2.15 installed, but the version I was building and testing with was 3.2.4. Having now downloaded and built 3.2.15 I am now seeing those "S-2-22-[12]" sids, but still not the sids for the Administrators and Users groups. But if I run the Fedora version of smbd 3.2.15 then I see the S-1-5-32-545 sid too, but still not S-1-5-32-544. If I run the version of 3.2.15 that I built I see neither. To build it I used "./configure --with-ads", are there maybe some other options I should have used that may explain that difference? And I still need to find why I don't see sid S-1-5-32-544 with any version? Ian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] LDAP and setting the password
On Thu, 2009-10-29 at 02:49 -0500, Zane C.B. wrote: > When it comes to using the LDAP backend and setting the password, how > does one prevent it from being regarded as out of date? By what? If you mean OpenLDAP ppolicy: OpenLDAP ppolicy and Samba are essentially incompatible. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] compiling 3.2.15: cifs.upcall not found afer RPM build
On Wed, 28 Oct 2009 15:42:43 -0400 (EDT) "David Magda" wrote: > Hello, > > Trying to compile Samba 3.2.15 on a RHEL AS 4u2 (i686) and I'm getting the > following result from 'sh makerpms.sh': > > > Provides: samba-doc = 3.2.15-1 > > Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 > rpmlib(PayloadFilesHavePrefix) <= 4.0-1 rpmlib(VersionedDependencies) <= > 3.0.3-1 > > > > > > RPM build errors: > > File not found: /var/tmp/samba-3.2.15-root/usr/sbin/cifs.upcall > > File not found by glob: > /var/tmp/samba-3.2.15-root/usr/share/man/man8/cifs.upcall.8.* > > makerpms.sh: Done. > > Not really anything present either: > > > # find /var/tmp/samba-3.2.15-root -name 'cifs*' > > /var/tmp/samba-3.2.15-root/usr/share/swat/help/manpages/cifs.upcall.8.html > > # > > No binaries seem to be present either: > > > # find /usr/src/redhat/BUILD/samba-3.2.15 -name 'cifs*' > > /usr/src/redhat/BUILD/samba-3.2.15/source/client/cifs_spnego.h > > /usr/src/redhat/BUILD/samba-3.2.15/source/client/cifs.upcall.c > > /usr/src/redhat/BUILD/samba-3.2.15/docs-xml/Samba3-Developers-Guide/cifsntdomain.xml > /usr/src/redhat/BUILD/samba-3.2.15/docs-xml/manpages-3/cifs.upcall.8.xml > > /usr/src/redhat/BUILD/samba-3.2.15/docs-xml/Samba4-HOWTO/cifsfs.xml > > # > > Is this an issue with the samba.spec file, or am i missing something? > > > Be forewarned that there's no kernel support for DFS or krb5 in RHEL4 (unless you've added that yourself). So there's little reason to install cifs.upcall there. -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind + Active Directory + email
Robert LeBlanc wrote: Ok, I can't seem to search for the right thing to get what I need. I'm looking for a solution where if quota or some other mailing system needs to send an email to an Active Directory user, that it uses the email address listed in Active Directory for that user. We are connected to Active Directory using winbind, on one system we are using pam_winbind, on another we are not. Of course, I'm looking for the simplest option. It seems that mail is being sent to user_at_hostname right now. Thanks, Robert LeBlanc Life Sciences & Undergraduate Education Computer Support Brigham Young University Hi Robert, I used the ldapsearch command in a preexec script to create a .forward, the command I used was: # ldapsearch -D "cn=SOMEFAKEUSERR,ou=Service,dc=domain,dc=utah,dc=edu" -b "ou=CHE_Users,dc=domain,dc=utah,dc=edu" -w PASSWORD -x -LLL "(sAMAccountName=00112413)" mail | grep mail # Output looks like this: # mail: foo...@eng.utah.edu I can send the entire script if you are interested, the above is just what handles the email. -- Brian Gregorcy IT Manager University of Utah Department of Chemical Engineering 801.585.7170 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Missing sids for domain administrator?
Hi, I'm working on bug https://bugzilla.samba.org/show_bug.cgi?id=6592 and something that has apparently changed in my setup is preventing me from testing the final stages of the fix. I have a machine running Samba server and joined to the domain, and am accessing that from the W2K3 domain server logged, logged into the latter as the domain administrator. But the problem is that in its access checks smbd is not getting the sid for the Administrators group (S-1-5-32-544). In an email that I sent back in July (http://lists.samba.org/archive/samba/2009-July/149285.html) I included my samba log file, and at that point I was getting the S-1-5-32-544 sid, but something has changed since then and now I am not. My question is does anyone have any idea of what may have changed that would cause that? Here is an extract from the log in that email: Checking password for unmapped user [sd80]\[administrat...@[ianserver] with the new password interface check_ntlm_password: mapped user is: [sd80]\[administrat...@[ianserver] check_ntlm_password: winbind authentication for user [Administrator] succeeded check_ntlm_password: authentication for user [Administrator] ->[Administrator] -> [SD80+administrator] succeeded se_access_check: user sid is S-1-5-21-4023909512-3739307249-2032274589-500 se_access_check: also S-1-5-21-4023909512-3739307249-2032274589-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-4023909512-3739307249-2032274589-520 se_access_check: also S-1-5-21-4023909512-3739307249-2032274589-519 se_access_check: also S-1-5-21-4023909512-3739307249-2032274589-518 se_access_check: also S-1-5-21-4023909512-3739307249-2032274589-512 se_access_check: also S-1-5-32-545 se_access_check: also S-1-5-32-544 se_access_check: also S-1-22-1-601 se_access_check: also S-1-22-2-604 se_access_check: also S-1-22-2-607 se_access_check: also S-1-22-2-608 se_access_check: also S-1-22-2-609 se_access_check: also S-1-22-2-610 se_access_check: also S-1-22-2-603 se_access_check: also S-1-22-2-602 And here is what I am seeing now: check_ntlm_password: Checking password for unmapped user [sd80]\[administrat...@[ianserver] with the new password interface check_ntlm_password: mapped user is: [sd80]\[administrat...@[ianserver] check_ntlm_password: winbind authentication for user [Administrator] succeeded check_ntlm_password: authentication for user [Administrator] -> [Administrator] -> [SD80+administrator] succeeded se_access_check: user sid is S-1-5-21-4023909512-3739307249-2032274589-500 se_access_check: also S-1-5-21-4023909512-3739307249-2032274589-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-4023909512-3739307249-2032274589-520 se_access_check: also S-1-5-21-4023909512-3739307249-2032274589-519 se_access_check: also S-1-5-21-4023909512-3739307249-2032274589-518 se_access_check: also S-1-5-21-4023909512-3739307249-2032274589-512 The missing sids are for the Users and Administrators group, plus those "S-2-22-2" sids, whatever they are. Thanks Ian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Domain trusts "forgetting" trusted users
I am running Samba ver 3.0.33 on Solaris 10 (sparc) as a PDC with LDAP for the backend for both samba and unix accounts. I have also set up a trust with an Windows domain- lets call it WINDOMAIN- (the PDC for the Windows domain is Win 2003 but is in mixed mode for backwards compat.) The SAMBA domain trusts the WINDOWS domain, not not vice versa. I had also tried setting up trusts with another, test domain (lets call it TESTDOMAIN.) I have winbind enabled. Initially idmap entries were stored in the local tdb backend. I switched this to ldap (wanted idmappings with in the domain to be consistent across member servers, and wanted to add a BDC.) smb.conf includes -- passdb backend = ldapsam:ldap://ldap1.mydomain.com ldap suffix=o=mydomain.com ldap user suffix=ou=people ldap group suffix=ou=smb_groups ldap machine suffix=ou=machines ldap admin dn="cn=Directory Manager" ldap ssl = no ldap passwd sync = no ldap idmap suffix=ou=idmap winbind enum users = Yes winbind enum groups = no winbind use default domain = no winbind trusted domains only = no #ldap time out default is 15 sec ldap timeout=30 # idmap domains = WINDOMAIN, TESTDOMAIN idmap domains = WINDOMAIN idmap config WINDOMAIN:backend = ldap idmap config WINDOMAIN:readonly = no idmap config WINDOMAIN:default=no idmap config WINDOMAIN:ldap_base_dn = ou=windomain,ou=idmap,o=mydomain.com idmap config WINDOMAIN:ldap_user_dn = cn=Directory Manager idmap config WINDOMAIN:ldap_url =ldap1.mydomain.com idmap config WINDOMAIN:range = 3-3 #idmap config TESTDOMAIN:backend = ldap #idmap config TESTDOMAIN:readonly = no #idmap config TESTDOMAIN:default=no #idmap config TESTDOMAIN:ldap_base_dn =ou=testdomain,ou=idmap,o=mydomain.com #idmap config TESTDOMAIN:ldap_user_dn = cn=Directory Manager #idmap config TESTDOMAIN:ldap_url =ldap1.mydomain.com #idmap config TESTDOMAIN:range = 4-4 idmap alloc backend = ldap idmap alloc config:ldap_base_dn = ou=alloc,ou=idmap,o=mydomain.com idmap alloc config:ldap_user_dn = cn=Directory Manager idmap alloc config:ldap_url = ldap1.mydomain.com idmap alloc config:range = 7 - 7 -- getting the correct (or mostly correct syntax) took a little while. /etc/nsswitch.conf is configured for winbind. When I first run "wbinfo -u" and "wbinfo -g", samba would populate entries for the WINDOMAIN account in windomain,ou=idmap,o=mydomain.com. The id's would be in the 7 range not the 3 range- which is fine with me since entries for each domain were still in the correct ldap container. "getent passwd" and "getent group" would show the WINDOMAIN domain accounts. Everything would be fine for several days. However, after a few days, getent commands no longer showed the WINDOMAIN accounts. The only solution would be to stop windbind, delete the idmap entries from ldap, restart winbind and let the entries repopulate. I am unclear on if the "idmap config SOMEDOMAIN:range" setting for each domain should be within the "idmap alloc config:range" The syntax for this seems to change with different versions of samba. Any thoughts? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] compiling 3.2.15: cifs.upcall not found afer RPM build
>>> On 10/28/2009 at 08:42 PM, in message <63944.207.61.230.154.1256758963.squir...@webmail.ee.ryerson.ca>, "David Magda" wrote: > Hello, > > Trying to compile Samba 3.2.15 on a RHEL AS 4u2 (i686) and I'm getting the > following result from 'sh makerpms.sh': > > > Provides: samba-doc = 3.2.15-1 > > Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 > rpmlib(PayloadFilesHavePrefix) <= 4.0-1 rpmlib(VersionedDependencies) <= > 3.0.3-1 > > > RPM build errors: > > File not found: /var/tmp/samba-3.2.15-root/usr/sbin/cifs.upcall > > File not found by glob: > /var/tmp/samba-3.2.15-root/usr/share/man/man8/cifs.upcall.8.* > > makerpms.sh: Done. > > Is this an issue with the samba.spec file, or am i missing something? Look at the configure output, maybe you're missing the dependency for keyutils-devel (SuSE's RPM name, no idea what it's called on RHEL) which is required for cifs.upcall? At least that helped building latest git version... # Required to build cifs.upcall: BuildRequires: keyutils-devel Bye, Marcel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Lots of smbd processes and connections?
On 10/28/09 11:33 PM, "Jeremy Allison" wrote: > If you're not using DFS then try setting "host msdfs = no" and > rebooting the clients. I'm guessing this may make a difference. > > Jeremy. This hasn't made any difference for me, I'm still getting the "couldn't find serviced" truncated message Matthew -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] winbind + Active Directory + email
Ok, I can't seem to search for the right thing to get what I need. I'm looking for a solution where if quota or some other mailing system needs to send an email to an Active Directory user, that it uses the email address listed in Active Directory for that user. We are connected to Active Directory using winbind, on one system we are using pam_winbind, on another we are not. Of course, I'm looking for the simplest option. It seems that mail is being sent to user_at_hostname right now. Thanks, Robert LeBlanc Life Sciences & Undergraduate Education Computer Support Brigham Young University -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [Announce] Samba 3.4.3 Available for Download
= "I never met a chocolate I didn't like." Deanna Troi (Marina Sirtis) in Star Trek: The Next Generation = Release Announcements = This is the latest stable release of Samba 3.4. Major enhancements in Samba 3.4.3 include: o Fix trust relationships to windows 2008 (2008 r2) (bug #6711). o Fix file corruption using smbclient with NT4 server (bug #6606). o Fix Windows 7 share access (which defaults to NTLMv2) (bug #6680). ## Changes ### Changes since 3.4.2 --- o Jeremy Allison * BUG 6529: Offline files conflict with Vista and Office 2003. * BUG 6726: SIVAL should have been an SVAL. * BUG 6769: Fix symlink unlink. * BUG 6774: smbd crashes if "aio write behind" is set. * BUG 6776: Fix core dump caused by running overlapping Byte Lock test. * BUG 6781: Fix renaming subfolders in Explorer view. * BUG 6793: Fix Winbind crash with "INTERNAL ERROR: Signal 6". * BUG 6796: Deleting an event context on shutdown can cause smbd to crash. * BUG 6828: Fix infinite timeout when byte lock held outside of Samba. * BUG 6829: Fix displaying of multibyte characters in smbclient. o Günther Deschner * BUG 6711: Fix trust relationships to windows 2008 (2008 r2). * BUG 6815: Fix Windows 2008 R2 SPNEGO negTokenTarg parsing failure. o Olaf Flebbe * BUG 6772: Allow outstanding_aio_calls to be decremented. * BUG 6804: Fix hpux compiler issue. * BUG 6805: Correctly handle aio_error() and errno. o Björn Jacke * BUG 6704: Fix syntax error in avahi configure test. * BUG 6728: BSD needs sys/sysctl.h included to build properly. * BUG 6824: Fix avahi activation. * QNX doesn't know uint - replace with uint_t. o Andrew Klosterman * BUG 6690: Fix wrong error check in profile. o Marc Aurele La France * BUG 6707: Fix an occasional segfault in config file parsing. o Jeff Layton * BUG 6810: Add support for finding alternate credcaches to cifs.upcall. o Volker Lendecke * BUG 6606: Fix file corruption using smbclient with NT4 server. * BUG 6703: Allow smbstatus as non-root. * BUG 6731: Fix reading beyond the end of a named stream in xattr_streams. * BUG 6765: Add a "hidden" parameter "share:fake_fscaps". * BUG 6793: Fix segfault in winbindd_pam_auth. * BUG 6797: Fix a memleak in libwbclient. * BUG 6807: Fix a segfault in "net rpc trustdom list" for long domain names. * Fix an uninitialized variable. * Only ever handle one event after a select call. o Derrell Lipman * BUG 6532: Fix domain enumeration if master browser has space in name. o Stefan Metzmacher * BUG 6711: Fix trust relationships to windows 2008 (2008 r2). o Buchan Milne * BUG 6791: Fix linking order in cifs.upcall. o Lars Müller * BUG 6710: Adjust regex to match variable names including underscores. * Conditional install of the cifs.upcall man page. o Shirish Pargaonkar * BUG 4675: mount.cifs: Do not attempt to update /etc/mtab if it is a symbolic link. o Karolin Seeger * Fix warning occuring when building the manpages. o Simo Sorce * BUG 6764: Fix timeval calculation. o Bo Yang * BUG 6735: Don't overwrite password in pam_winbind, subsequent pam modules might use the old password and new password. * BUG 6811: Fix reference to freed memory in pam_winbind. * BUG 6826: Don't fail authentication when one or some group of require-membership-of is invalid. * BUG 6840: Fix crash in pam_winbind. == == Our Code, Our Bugs, Our Responsibility. == The Samba Team == Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/stable The release notes are available online at: http://www.samba.org/samba/history/samba-3.4.3.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team pgpMUZv6PGCsa.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Timeouts to connect with password server
This occassion. Samba 3.0.26, connected to Windows 2000 server. POP3 checks user presenting throug PAM and squid does auth through ntlm_auth. Nearest DC suddenly fails and shoud be got down to maintenance. Exist far DC, ping about 30 ms. Checking user presence for POP3 by pam_winbindd and auth for squid sometimes succesful, sometimes not. How to increase timeout on connection to DC to allow work PAM and ntlm_auth on link with ping 30-40 ms between Samba and DC? -- With Best Regards. Rashid N. Achilov (RNA1-RIPE), JID: cityc...@jabber.org OOO "ACK" telecommunications administrator, e-mail: achilov-rn [at] askd.ru PGP: 83 CD E2 A7 37 4A D5 81 D6 D6 52 BF C9 2F 85 AF 97 BE CB 0A -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] LDAP and setting the password
When it comes to using the LDAP backend and setting the password, how does one prevent it from being regarded as out of date? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba & LDAP: "Unable to allocate a new user id: bailing out!"
Great - that was the reason. In case someone else encounters the same
problem - adding the following lines helped:
idmap backend = ldap
idmap alloc backend = ldap
idmap alloc config:ldap_base_dn = ou=idmaps,dc=lohrmann,dc=de
idmap alloc config:ldap_user_dn = cn=samba,dc=lohrmann,dc=de
idmap alloc config:ldap_url = ldap://ldap.lohrmann.de
Thx François!
Am 28.10.2009 17:23, schrieb François Legal:
You have to define an allocation backend for idmapping, so that winbindd
can allocate uids and gids for the users and groups that you want to
create.
On Wed, 28 Oct 2009 16:32:35 +0100, Christian Geiger
wrote:
Hi!
I'm currently setting up a Samba 3 PDC. So far I managed to setup Samba
with an OpenLDAP backend, but adding a user with the command "net rpc
user add mg password -U root" results in the following error:
Failed to add user 'mg' with: WERR_GENERAL_FAILURE.
In the logfile it says:
[2009/10/28 15:56:28, 0] passdb/pdb_ldap.c:ldapsam_create_user(5119)
ldapsam_create_user: Unable to allocate a new user id: bailing out!
Unfortunately I cannot find any other hint on what the reason could be.
Has someone an idea what I might have misconfigured?
Below's my smb.conf. The samba-user has granted the rights to manage the
whole domain-tree (olcAccess = {0}to dn.sub="dc=lohrmann,dc=de" by
dn="cn=samba,dc=lohrmann,dc=de" manage by * break).
Thx a lot in advance!
Chris
smb.conf:
[global]
workgroup = LOHRMANN.DE
domain logons = yes
domain master = yes
local master = yes
preferred master = yes
os level = 65
passdb backend = ldapsam
ldap admin dn = cn=samba,dc=lohrmann,dc=de
ldap suffix = dc=lohrmann,dc=de
ldap passwd sync = yes
ldap machine suffix = ou=machines
ldap user suffix = ou=users
ldap group suffix = ou=groups
ldap idmap suffix = ou=idmaps
ldap ssl = no
idmap uid = 1-2
idmap gid = 1-2
ldapsam:trusted = yes
ldapsam:editposix = yes
logon drive = H:
logon script = logon.bat
logon path = \\%N\profiles\%U\%a
[homes]
comment = Users Home Directories
valid users = %S
writeable = yes
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
[profiles]
comment = Users profiles
path = /var/lib/samba/profiles
[printers]
comment = All Printers
browseable = no
path = /var/spool/samba
printable = yes
guest ok = no
read only = yes
create mask = 0700
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
__ Hinweis von ESET NOD32 Antivirus, Signaturdatenbank-Version 4553
(20091028) __
E-Mail wurde gepr�ft mit ESET NOD32 Antivirus.
http://www.eset.com
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba ldap
On Thu, Oct 29, 2009 at 12:13 AM, Dale Schroeder
wrote:
>
> Dale Schroeder
> Technical Issues
> Del Sol Food Company, Inc.
> (979)836-5978(979) 836-5978
>
>
> Kaushal Shriyan wrote:
>
> On Wed, Oct 28, 2009 at 11:44 PM, Dale Schroeder
> wrote:
>
>
> Kaushal Shriyan wrote:
>
> Hi,
>
> I am following https://help.ubuntu.com/8.10/serverguide/C/samba-ldap.html
> and ldap works perfectly fine.
> I have issues with connecting to ldap from samba.
>
> I get
>
> [2009/10/27 12:37:28, 1] lib/smbldap.c:another_ldap_try(1153)
> Connection to LDAP server failed for the 9 try!
> [2009/10/27 12:37:29, 2] lib/smbldap.c:smbldap_open_connection(786)
> smbldap_open_connection: connection opened
> [2009/10/27 12:37:29, 2] lib/smbldap.c:smbldap_connect_system(982)
> failed to bind to server ldap://localhost/ with
> dn="cn=admin,dc=webaroo,dc=com" Error: Can't contact LDAP server
> (unknown)
>
> I have ldapserver running on the same server as samba server is
> running. when i run ldapsearch -x -H ldaps://localhost. I am able to
> see the user details.
> Please let me know if anyone needs configs and additional information.
> Also when i run smbldap-populate, i get
> http://paste.ubuntu.com/302630/
>
> Thanks,
>
> Kaushal
>
>
>
>
>
>
> Hi,
>
>
> I see you're using encryption. All of that is beyond me, as my setup is
> plain.
> Still, I noticed some inconsistencies and 1 probable error. I pasted each
> suspicious
> value below its pastebin link.
>
> Below are my configs.
>
>
> Notice below that you have different values for the ldap admin user.
> Twice you have cn=admin.
> Once you have dc=admin.
>
> http://pastebin.com/dcb24c87 ---> ldap.conf
> http://pastebin.com/d721f0d4d ---> slapd.conf
>
>
> rootdn "cn=admin,dc=example,dc=com"
>
> http://pastebin.com/d102cbfc5 --->samba.conf
>
>
> ldap admin dn = cn=admin,dc=example,dc=com
> ldap suffix = dc=example,dc=com (compare this line with what you put in
> smbldap.conf)
>
> http://pastebin.com/d4a02b874 --> smbldap.conf
>
>
> suffix="dc=admin,dc=example,dc=com" (compare to smb.conf)
> Probably should not have the dc=admin part.
> Because of all the ${suffix} entries, this would propagate throughout the
> "ou" entries.
>
> http://pastebin.com/d716fddc0 ---> smbldap_bind.conf
>
>
> masterDN="dc=admin,dc=example,dc=com"
>
> If the problem lies with ldaps/ssl rather than my observations, then someone
> far more knowledgeable than me will have to find it.
>
> Dale
>
>
> Hi Dale
>
> I have set it correctly in smbldap.conf and smbldap_bind.conf
>
> cn=admin,dc=webaroo,dc=com
>
> I get http://pastebin.com/d6d35247f
>
> Please suggest/guide.
>
>
> Did you try changing the value in smbldap.conf from
>
> suffix="dc=admin,dc=example,
> dc=com"
>
> to
>
> suffix="dc=example,dc=com"
>
> (removing "dc=admin")?
>
> The error message seems to indicate you did not.
>
> adding new entry: ou=Users,cn=admin,dc=example,dc=com
>
> Dale
>
> Thanks,
>
> Kaushal
>
>
Hi Dale,
I get http://pastebin.com/d47ac4bd9
Thanks,
Kaushal
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
