Re: [Samba] Samba 3.4.2 Winbind problem IDMAP GID range full
I get these same sort of errors repeated in my log files. They are present when I start samba and everything seems to work fine. However, after some long period of time, I won't be able to connect to the samba shares from a client. If I restart samba (/etc/init.d/samba restart), these errors are entered again at that time but I will then be able to connect. I haven't been able to find many answers yet... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] can not write to subfolders of samba share, just the root of it
Hi. I am using samba t share my files.I am sharing /media/MEDIA folder. it is a ntfs partition mounted with ntfs-3g with write/read access from linux. I can see and browse my shares and also create files in the root of this partition, ie /media/MEDIA, but in its subfolders i do not have write permissions. also by default computer name is not shown in windows xp, i have to type its name or address to browse to it. another interesting thing is that i have permission to create directory and delete files everywhere and in any folder and subfolder but when trying to create files in subfolders i get not enough free disk space error. any clues? by the way i dont know if this config file is correct, i find it as template in internet. tnx - here is my samba.conf [global] log file = /var/log/samba/log.%m passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\successfully* . obey pam restrictions = yes sync always = yes username map = /etc/samba/smbusers null passwords = yes map to guest = Bad User encrypt passwords = true show add printer wizard = no public = yes passwd program = /usr/bin/passwd %u wins support = true netbios name = roozbeh-mint inherit permissions = yes writeable = yes server string = %h Server default = global workgroup = WORKGROUP os level = 20 auto services = global DriveD security = share syslog = 0 panic action = /usr/share/samba/panic-action %d max log size = 1000 ## Browsing/Identification ### # Change this to the workgroup/NT-domain name your Samba server will part of # server string is the equivalent of the NT Description field Debugging/Accounting # This tells Samba to use a separate log file for each machine # that connects # Put a capping on the size of the log files (in Kb). # We want Samba to log a minimum amount of information to syslog. Everything # should go to /var/log/samba/log.{smbd,nmbd} instead. If you want to log # through syslog you should set the following parameter to something higher. # Do something sensible when Samba crashes: mail the admin a backtrace ### Authentication ### ; passdb backend = tdbsam ; guest account = nobody # For Unix password sync to work on a Debian GNU/Linux system, the following # parameters must be set (thanks to Ian Kahan < for # sending the correct chat script for the passwd program in Debian Sarge). Misc # Most people will find that this option gives better performance. # See smb.conf(5) and /usr/share/doc/samba-doc/htmldocs/Samba3-HOWTO/speed.html # for details # You may want to add the following on a Linux system: # SO_RCVBUF=8192 SO_SNDBUF=8192 ; socket options = tcp_nodelay #=== Share Definitions === [DriveD] path = /media/MEDIA -- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] One way Samba
Look at this hosts allow = 127. 192.77.0. try hosts allow = 127. 192.168.77. Chris wino_pilot schrieb: > I am running Samba 2:3.3.2 on a Kubuntu 9.04 Linux box. With the > configuration file below the linux box can see and retrieve shared files on > all 5 of my windows boxes. However, none of the windows boxes can see the > linux shares as they are defined in the smb.conf below. The linux box shows > up in the windows network neighborhood as Mercury1 but when I try to open it > to show the shares I get the message "\\Mercury1 is not accessible. . > The network paath was not found. Can anyone help? Please. > > > [global] > netbios name = Mercury1 > server string = Samba file and print server > workgroup = MNET > security = user > hosts allow = 127. 192.77.0. > interfaces = 127.0.0.1/8 192.168.77.0/24 > bind interfaces only = yes > remote announce = 192.168.77.255 > remote browse sync = 192.168.77.255 > printcap name = cups > load printers = yes > cups options = raw > printing = cups > guest account = smbguest > log file = /var/log/samba/samba.log > max log size = 1000 > null passwords = no > username level = 6 > password level = 6 > encrypt passwords = yes > unix password sync = yes > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > local master = no > domain master = no > preferred master = no > domain logons = no > os level = 33 > logon drive = m: > logon home = \\%L\homes\%u > logon path = \\%L\profiles\%u > logon script = %G.bat > time server = no > name resolve order = wins lmhosts bcast > wins support = yes > wins proxy = no > dns proxy = no > preserve case = yes > short preserve case = yes > client use spnego = no > client signing = no > client schannel = no > server signing = no > server schannel = no > nt pipe support = yes > nt status support = yes > allow trusted domains = no > obey pam restrictions = yes > enable spoolss = yes > client plaintext auth = no > disable netbios = no > follow symlinks = no > update encrypted = yes > pam password change = no > passwd chat timeout = 120 > hostname lookups = no > username map = /etc/samba/smbusers > smb passwd file = /etc/samba/smbpasswd > passwd program = /usr/bin/passwd '%u' > passwd chat = *New*password* %n\n *ReType*new*password* %n\n > *passwd*changed*\n > add user script = /usr/sbin/useradd -d /dev/null -c 'Samba User Account' -s > /dev/null '%u' > add user to group script = /usr/sbin/useradd -d /dev/null -c 'Samba User > Account' -s /dev/null -g '%g' '%u' > add group script = /usr/sbin/groupadd '%g' > delete user script = /usr/sbin/userdel '%u' > delete user from group script = /usr/sbin/userdel '%u' '%g' > delete group script = /usr/sbin/groupdel '%g' > add machine script = /usr/sbin/useradd -d /dev/null -g sambamachines -c > 'Samba Machine Account' -s /dev/null -M '%u' > machine password timeout = 120 > idmap uid = 1-2 > idmap gid = 1-2 > template shell = /bin/bash > winbind use default domain = yes > winbind separator = @ > winbind cache time = 360 > winbind trusted domains only = yes > winbind nested groups = no > winbind nss info = no > winbind refresh tickets = no > winbind offline logon = no > > [homes] > comment = Home Directories > path = /home > read only = no > available = yes > browseable = yes > writable = yes > guest ok = no > public = no > printable = no > share modes = no > locking = no > > [netlogon] > comment = Network Logon Service > path = /home/netlogon > read only = no > available = yes > browseable = yes > writable = no > guest ok = no > public = no > printable = no > share modes = no > locking = no > > [profiles] > comment = User Profiles > path = /var/samba/profiles > read only = no > available = yes > browseable = no > writable = yes > guest ok = no > public = no > printable = no > locking = no > create mode = 0600 > directory mask = 0700 > > [printers] > comment = All Printers > path = /var/spool/samba > browseable = yes > writable = no > guest ok = no > public = no > printable = yes > share modes = no > locking = no > > [pdf-documents] > path = /home/pdf-documents > comment = Converted PDF Documents > available = yes > browseable = yes > writeable = yes > guest ok = yes > > [pdf-printer] > path = /tmp > comment = PDF Printer Service > printable = yes > guest ok = yes > use client driver = yes > printing = bsd > print command = /usr/bin/gadmin-samba-pdf %s %u > lpq command = > lprm command = > > [Book] > path = /media/FreeAgent/Drive/Book > comment = Book Chapters > valid users = jon > admin users = jon > read only = no > available = yes > browseable = yes > writable = yes > guest ok = no > public = no > printable = no > share modes = no > locking = no > > [Photos] > path = /media/FreeAgent/Drive/Photos > comment = All Photos > valid users = jon > admin users = jon > read only = no > available = yes > browseable = yes > writable = yes > guest ok = no > public = no > printable = no > share modes = no > locking = no > > > -- To unsubscribe from this list go to the followi
[Samba] smbtorture config issue?
Hello, I'm trying to run smbtorture against another system. I have installed version 4.0.0alpha9 locally. The remote system is registered with ADS as: distinguishedName: CN=bl-uits-cictest,CN=Computers,DC=ads,DC=iu,DC=edu name: bl-uits-cictest dNSHostName: bl-uits-cictest.ads.iu.edu servicePrincipalName: HOST/bl-uits-cictest.ads.iu.edu servicePrincipalName: HOST/BL-UITS-CICTEST The server itself is cictest.cic.iu.edu, and I can connect to the remote server with smbclient as such: smbclient -s /usr/local/samba/etc/smb.conf -n bl-uits- cictest.ads.iu.edu -Ukallbac //cictest.cic.iu.edu/projects Password: Domain=[ADS] OS=[Unix] Server=[Samba 3.2.11-ctdb-65] smb: \> quit The problem is this: 1) smbtorture complains about the ads security setting: /usr/local/samba/bin/smbtorture --realm=ads.iu.edu -T samba3 -d 3 -W ADS --netbiosname=BL-UITS-CICTEST -U cictestuser3 // cictest.cic.iu.edu/projects RAW-QFSINFO lp_load: refreshing parameters from /usr/local/samba/etc/smb.conf params.c:pm_process() - Processing configuration file "/usr/local/ samba/etc/smb.conf" Processing section "[global]" Unknown enumerated value 'ADS' for 'security' params.c:pm_process() - Failed. Error returned from params.c:parse(). I have tried both ads and ADS, it doesn't seem to like either 2) smbtorture proceeds to complain as such: Server is not registered with our KDC: Miscellaneous failure (see text): Server (cifs/cictest.cic.iu@ads.iu.edu) unknown SPNEGO(gssapi_krb5) NEG_TOKEN_INIT failed to parse: NT_STATUS_INVALID_PARAMETER Got challenge flags: Got NTLMSSP neg_flags=0x60898215 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60088215 Server is not registered with our KDC: Miscellaneous failure (see text): Server (cifs/cictest.cic.iu@ads.iu.edu) unknown SPNEGO(gssapi_krb5) NEG_TOKEN_INIT failed to parse: NT_STATUS_INVALID_PARAMETER Got challenge flags: Got NTLMSSP neg_flags=0x60898215 Password for [ADS\cictestuser3]: Fwiw, my krb5.conf has a default realm of ADS.IU.EDU as well as a realms section for ADS.IU.EDU I can provide other information if it would be helpful. Can anyone offer some suggestions to troubleshoot this? Many thanks, Kristy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba group access
Dear All I have a question from you, if you can please answer it. I have a linux server, with samba installed on it. I have 3 groups as, GroupA, GroupB, GroupC Each group is having let suppose 10 members from 0-9 I have 3 shares on my smb.con as Share1, Share2, and Share3 Now what I want it to give the read access to every one on each share and give write access of GroupA to Share1, Share2 give write access of GroupB to Share2 give write access of GroupC to Share3 I also have two folders in Share1, and Share2 named Folder1, and Folder2 respectively Now GroupA shall have write access of both Folder1 and Folder2 in Share1 but GroupA shall have only write access of Folder1 in Share2 Can you help me with it, and give me an example smb.conf for this. If you need some information from me, please let me know -- Regards: Adnan Shaheen. -- Regards: Adnan Shaheen. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Getting Windows XP drivers from print$
The driver for HP 4650 downloaded from hp.com wouldn't install through APW. I also tried doing it through rpcclient which worked so much as I followed every step in the Samba guide for it with no errors, but Windows XP wasn't able to download the driver files from the Samba server. ya, sounds like same driver issues with v3.4.x alot of people here are problems with. Try using v3.3.x and see if you have better luck. I am not too keen on downgrading, as I am setting up a domain that needs to be Windows 7 compatible. v3.3.x printing is compatible with Windows 7. We're a large scale samba v3.3.9 and printing works with our Windows7 clients. Or you can wait for v3.4.4 due out on Dec 17 which is supposed to address these driver issues. I did some more testing today with the postscript drivers and it seems there is a "reference" for gyldendal somewhere which screws things up because if I name the queue differently (same .ppd etc) everything works :S FWIW, I didn't have a good experience using generic cups/postscript drivers. I had various problems which were fixed when we switched to printer specific drivers. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] fedora-ds and smb4 (a9)
2009/12/4 Weiss, Benjamin : > I've got an (almost) working Samba4 installation (can't get replication > working), and did a "locate samba.schema". No dice... I haven't downloaded the source tarball, but it's in the git repository: $ ls -1 examples/LDAP/* examples/LDAP/convertSambaAccount examples/LDAP/get_next_oid examples/LDAP/ol-schema-migrate.pl examples/LDAP/README examples/LDAP/samba-nds.schema examples/LDAP/samba.schema examples/LDAP/samba.schema.at.IBM-DS examples/LDAP/samba-schema-FDS.ldif examples/LDAP/samba-schema.IBMSecureWay examples/LDAP/samba-schema-netscapeds4.x examples/LDAP/samba-schema-netscapeds5.x examples/LDAP/samba.schema.oc.IBM-DS -- Michael Wood -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] A question about samba and quote
On Fri, Dec 4, 2009 at 12:59 AM, Alexander Födisch wrote: > Hi Robert, > > how did you implement the quota script in smb.conf? with parameter "dfree"? > can you show us your quota script, please? > > thanks very much! > alex > > Here is my script, place it at /root/bin/sambaquota.sh 8<8<- #! /bin/bash if [ "$2" == "4" ]; then echo "2 0 0 0 0 0 0" exit 0 fi DIRECTORY=`/bin/pwd` if [ "$DIRECTORY" == "/ls/users" ]; then QUOTA=`quota -w -v $3 | awk '{if(/^\/dev\/mapper\/ldrive-users/){sub(/\*/,"");sub(//," 0");print $2,$3,$4,$6,$7,$8}}'` elif [ "$DIRECTORY" == "/ls/groups" ]; then USER=`wbinfo --uid-info=$3 | awk -F ":" '{ print $1 }'` groups $USER | grep lfsci-csr > /dev/null EXIT=$? if [ $EXIT -ne "0" ]; then QUOTA=`wbinfo -r $USER | xargs quota -w -g | awk '{if(/\/dev\/mapper\/ldrive-groups/){sub(//," 0"); tbused+=$2; tbsoft+=$3; tbhard+=$4; tfused+=$6; tfsoft+=$7; tfhard+=$8 }} END {print tbused,tbsoft,tbhard,tfused,tfsoft,tfhard}'` if [ "${#QUOTA}" -lt "6" ]; then QUOTA="1 1 1 0 0 0" fi else QUOTA="0 0 0 0 0 0" fi fi echo "2 "$QUOTA 8<--8<--- The first case is if samba is asking for default quotas, really don't know how a default quota works so we send back nothing. The second case get where the script if being run from (the share being accessed), then if it's the user's share, send back the output from the quota command. The quota command is not very nice in that if the user is over quota it adds an extra field in the middle of the output, that is what the blank space in the awk commands does is inserts that field if it is missing. If they are accessing the group space, then add up all the quotas of all the groups the person belongs to and use that, otherwise send back an empty quota. The only problem with this script is that when a person does not have access to the share, it show the entire disk status (free and size) which I really don't want people seeing. The reason for this is that we open up the share at the share level and use ACLs to manage access (much easier than managing hundreds of shares and with "hide unreadable = true" it seems just as good. Then in smb.conf add/edit this line: get quota command = /root/bin/sambaquota.sh Hope that helps. Robert LeBlanc Life Sciences & Undergraduate Education Computer Support Brigham Young University -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] domain printer issues
Printing in 3.4.x is broken for the most part. It's only good for simple printing with WindowsXP 32 bit with certain drivers. Why this isn't being acknowledged by the SAMBA team is unknown. If you need a fully functional managed print server within a samba domain use 3.3.8. Neil Brian May wrote: Hello, As of today we seem to be having printer issues. As in computers that were working fine suddenly decided to stop working. One one computer. No printers won't work at all. For some printers, if I remove and reinstall, it complains that there are no printer drivers on the server (incorrect). When past this stage, none of the printers work. When I click the print test page button I get an immediate generic "failure to print" type response. Just in case I deleted all printers and then deleted all drivers, but it doesn't seem to have helped. On another computer all printers work except for one, which produces the same generic failure message. On another computer everything works fine. Including deleting printers, adding printers, etc. Any ideas? Samba 3.4.2 Window XP clients Thanks Brian May -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Getting Windows XP drivers from print$
Ryan Suarez wrote: Torkil Svensgaard wrote: I have two very similar printers set up on CUPS and Samba is configured to share the drivers. I had been playing around with setting up a RAW printer queue with native Windows drivers but eventually gave up on that. I deleted all printers and redid them from scratch and now only one of them works. Setup: Ubuntu Karmic 2.6.31-15-server #50-Ubuntu SMP Tue Nov 10 15:50:36 UTC 2009 x86_64 GNU/Linux Samba Version 3.4.0 What issues did you have with windows drivers? The driver for HP 4650 downloaded from hp.com wouldn't install through APW. I also tried doing it through rpcclient which worked so much as I followed every step in the Samba guide for it with no errors, but Windows XP wasn't able to download the driver files from the Samba server. Try using v3.3.x and see if you have better luck. I am not too keen on downgrading, as I am setting up a domain that needs to be Windows 7 compatible. I did some more testing today with the postscript drivers and it seems there is a "reference" for gyldendal somewhere which screws things up because if I name the queue differently (same .ppd etc) everything works :S I tried deleting every reference to it from the Windows registry as well as in Samba, as far as deleting the 3 .tdb files in /var/lib/samba before reinstalling but it is still impossible to have a printer called gyldendal. Are there any other files besides the 3 nt*.tdb which hold information about printers I could delete? Thanks, Torkil -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Ldap replication
WINS servers aren't, at least in theory, absolutely essential. I have just found that over the years it makes locating/browsing for Windows/Samba resources more reliable (espectially with multiple network segments and multiple domains.) If you aren't using WINS, clients will locate other machines via broadcasts. If I understand everything correctly, WINS (name resolution) lets you use a central server (vs broadcast) for locating Windows/Samba "servers" (and by server this would include XP machine since they do can share files and printers.) Part of finding machines is finding the master browser, which then actually lists what shared resources are available across all the machines.If you don't use WINS, machines can take longer to show up in the Network Neighborhood. So if the PDC goes down, the BDC should become the master browser (listing available resources) and the clients should (eventually) give up trying to locate machines via the specified WINS server and switch back to broadcast.You could probably configure DHCP to assign multiple WINS server IP parameters to your Win clients- and then if your PDC looks like it will be down for a while you could make the BDC be the wins server. Unfortunately samba does not support WINS replication. If my PDC does go offline, since it is also the primary file server, WINS functionality becomes irrelevant. On 12/04/09 11:10, Michael Wood wrote: 2009/12/2 Gaiseric Vandal: [...] Make sure that all machines are using the same WINS server. I have my PDC as the WINS server. What needs to be done if the PDC fails? Update the config on all the machines to point to another WINS server? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Ldap replication
2009/12/2 Gaiseric Vandal : [...] > Make sure that all machines are using the same WINS server. I have my PDC > as the WINS server. What needs to be done if the PDC fails? Update the config on all the machines to point to another WINS server? -- Michael Wood -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Auto-configure Samba to offer same shares as Windows on dual-boot machine
2009/11/25 Daniel Jensen : > Does anyone know of either a standalone tool or a distribution's > install&setup procedure which can set up samba shares by looking at what a > windows installation on the same computer does- say, by checking > HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares, figuring where > the directories being shared are mounted, matching printers to those > configured in Linux/etc, and offering all of these with the same share names > used in the Windows install? > > If not, why not? Has it just not been tried? It seems to me that something > along these lines would be a major advantage in easing people's transitions > from Windows to Linux or other platforms. It seems to me Fedora, Ubuntu, etc. might be interested in this. -- Michael Wood -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] nmbd startup fails
Hi 2009/12/1 Battersby-Cornmell, Robin Alasdair : > > Dear all, > > I regret that I am very new to this tool from the install side. I have so > far altered shares on a running machine only. > > I have (thanks to Joss for some help already) installed version 3.4.3 under > AIX 6.1 giving it our preferred base directory of /opt/freeware/samba/3.4.3 > > I have copied over the smb.conf file from the source machine (AIX 5.2 / Samba > 2.0.7) and tweaked the content of .../sbin so that a shell script intercepts > the call to the real swat, smbd and nmbd to ensure that the correct PATH & > LIBPATH are set and this seems to work fine for swat & smbd, but nmbd always > fails with the following in .../var/log.nmbd:- One thing to keep in mind is that the options (and defaults) can change between versions of Samba, so your old smb.conf might not be completely right for the new version of Samba. Try running "testparm -v" on both the old and the new servers and compare the results. Then read up on the options in the documentation and ask about the ones you're unsure of. It might also help if you post the "testparm -v" output here. > [2009/12/01 14:27:07, 0] nmbd/nmbd.c:854(main) > nmbd version 3.4.3 started. > Copyright Andrew Tridgell and the Samba Team 1992-2009 > [2009/12/01 14:27:07, 0] lib/util_sock.c:938(open_socket_in) > bind failed on port 137 socket_addr = 0.0.0.0. > Error = The socket name is already in use. > > It is true that the port 137 is in use as inetd has the entries:- > > netbios-ssn stream tcp nowait root /opt/freeware/samba/3.4.3/bin/smbd > smbd > netbios-ns dgram udp wait root /opt/freeware/samba/3.4.3/bin/nmbd > nmbd > > This is how we have it on the old server. Oddly, smbd starts just fine and > swat allows me to manage the smb.conf file - not that I understand most of > the options. I suggest you remove those lines from your inetd.conf and rather just run smbd and nmbd daemons. Can they even run from inetd any more? I suspect it's very inefficient at best to run them from inetd. > I still have no users being able to access the server, but I haven't even > begun to look at security. The old server has a pointer to a Windows domain > controller, so I'm hoping that it is all contained in there and I just have > to refer to it. I'm not entirely sure what you mean by this, but it sounds like you would need to join your new server to the Windows domain. -- Michael Wood -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Getting Windows XP drivers from print$
Torkil Svensgaard wrote: Hi list I have two very similar printers set up on CUPS and Samba is configured to share the drivers. I had been playing around with setting up a RAW printer queue with native Windows drivers but eventually gave up on that. I deleted all printers and redid them from scratch and now only one of them works. Setup: Ubuntu Karmic 2.6.31-15-server #50-Ubuntu SMP Tue Nov 10 15:50:36 UTC 2009 x86_64 GNU/Linux Samba Version 3.4.0 What issues did you have with windows drivers? My guess is that your driver issues can be attributed to printing changes in samba v.3.4.x: http://groups.google.co.kr/group/linux.samba/browse_thread/thread/23640b2efd7925a1/6b323230442a04b9?lnk=raot Try using v3.3.x and see if you have better luck. regards, Ryan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba from Sunfreeware and nss_winbind.so
I *think* there'e GPLv3 problems with distributing samba 3.4 with Solaris. You could be waiting a while. On Fri, 04 Dec 2009 09:59:06 -0500, Gaiseric Vandal wrote: > On 12/03/09 17:42, Gaiseric Vandal wrote: >> Sunfreeware.com has compiled packages of Samba 3.4.2 with kerberos and >> ldap support included (if you also install the ldap and kerberos >> packages from sunfreeware.) However it does not include the >> nss_winbind.so.* or libnss_winbind.so.* files. >> >> >> Solaris does include nss_winbind.so already (since it is included with >> Samba 3.0.x) or I could compile it from the 3.4.x source code. But >> then I am not sure if either of these would be compatible with >> Sunfreeware samba. >> >> I am using winbind in /etc/nsswitch.conf for supporting users in a >> trusted domain.under samba 3.0.x "getent passwd" did return users >> from a trusted domain. On 3.4 it is not, although "wbinfo -u" is >> working. >> >> >> Thanks >> >> >> > > I copied the nss_winbind.so file I compiled to /usr/local/samba/lib. > Samba will use that in preference to any files in /usr/lib so I didn't > need to delete or move Sun provided nss_winbind.so file. > > > I added the following to smb.conf (they had not been required in samba > 3.0.x.) > > idmap uid = 3-3 > idmap gid = 3-3 > > > The following entries already exisited in smb.conf (and had been sufficient > > > idmap config TRUSTEDWINDOMAIN:backend = ldap > #idmap config TRUSTEDWINDOMAIN:readonly = no > idmap config TRUSTEDWINDOMAIN:readonly = yes > idmap config TRUSTEDWINDOMAIN:default=no > idmap config TRUSTEDWINDOMAIN:ldap_base_dn = > ou=administration,ou=idmap,o=domain.com > idmap config TRUSTEDWINDOMAIN:ldap_user_dn = cn=Directory Manager > idmap config TRUSTEDWINDOMAIN:ldap_url = ldap://ldapserver1.domain.com > idmap config TRUSTEDWINDOMAIN:range = 3-3 > > > > idmap alloc backend = ldap > idmap alloc config:ldap_base_dn = ou=alloc,ou=idmap,o=domain.com > idmap alloc config:ldap_user_dn = cn=Directory Manager > idmap alloc config:ldap_url = ldap://ldapserver1.domain.com > idmap alloc config:range = 3-3 > > > > I also needed to add the following line to smb.conf > > client schannel = no > > This resolved "cm_get_ipc_userpass: No auth-user defined " error > messages in winbindd.log.I suspect this may be need to be set on the > PDC to resolve some other domain trust issues. The trusted domain is > Windows 2003 in mixed mode. > > > Ideally Sun will one day provide their own build of Samba 3.4.x. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba from Sunfreeware and nss_winbind.so
On 12/03/09 17:42, Gaiseric Vandal wrote: Sunfreeware.com has compiled packages of Samba 3.4.2 with kerberos and ldap support included (if you also install the ldap and kerberos packages from sunfreeware.) However it does not include the nss_winbind.so.* or libnss_winbind.so.* files. Solaris does include nss_winbind.so already (since it is included with Samba 3.0.x) or I could compile it from the 3.4.x source code. But then I am not sure if either of these would be compatible with Sunfreeware samba. I am using winbind in /etc/nsswitch.conf for supporting users in a trusted domain.under samba 3.0.x "getent passwd" did return users from a trusted domain. On 3.4 it is not, although "wbinfo -u" is working. Thanks I copied the nss_winbind.so file I compiled to /usr/local/samba/lib. Samba will use that in preference to any files in /usr/lib so I didn't need to delete or move Sun provided nss_winbind.so file. I added the following to smb.conf (they had not been required in samba 3.0.x.) idmap uid = 3-3 idmap gid = 3-3 The following entries already exisited in smb.conf (and had been sufficient idmap config TRUSTEDWINDOMAIN:backend = ldap #idmap config TRUSTEDWINDOMAIN:readonly = no idmap config TRUSTEDWINDOMAIN:readonly = yes idmap config TRUSTEDWINDOMAIN:default=no idmap config TRUSTEDWINDOMAIN:ldap_base_dn = ou=administration,ou=idmap,o=domain.com idmap config TRUSTEDWINDOMAIN:ldap_user_dn = cn=Directory Manager idmap config TRUSTEDWINDOMAIN:ldap_url = ldap://ldapserver1.domain.com idmap config TRUSTEDWINDOMAIN:range = 3-3 idmap alloc backend = ldap idmap alloc config:ldap_base_dn = ou=alloc,ou=idmap,o=domain.com idmap alloc config:ldap_user_dn = cn=Directory Manager idmap alloc config:ldap_url = ldap://ldapserver1.domain.com idmap alloc config:range = 3-3 I also needed to add the following line to smb.conf client schannel = no This resolved "cm_get_ipc_userpass: No auth-user defined " error messages in winbindd.log.I suspect this may be need to be set on the PDC to resolve some other domain trust issues. The trusted domain is Windows 2003 in mixed mode. Ideally Sun will one day provide their own build of Samba 3.4.x. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Is this the wrong forum for Samba4 DRS questions?
On Fri, Dec 04, 2009 at 08:14:49AM -0600, Weiss, Benjamin wrote: > Should I be directing Samba4 Directory Replication questions to the > samba-technical list? Yes, please :-) Volker pgpyA99dXoBcW.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] how to join to AD ?
I reinstalled the system and tried to follow the guidelines above. One thing: There is these lines in smb.conf and I have found no good information about them: idmap uid = 1-200 idmap gid = 5000-200 idmap config MY_DOMAIN:range = 1000 - 3 It seems that the users get their local UID / GUID as 1 / 5000 or above as set in 'idmap uid' and 'idmap gid'. What is the meaning of this 'idmap config MY_DOMAIN:range' and how should I set it ? We have a rather large domain of about 30,000 users. Mys own server will have max 100 users. Is there some preferred walues to set on those lines above ? I have no administrator rights to the AD. === Another thing. I have a right to join a PC to our domain. Before I could do that, I had to adduser myself in my server with the username I have in the domain. After that 'kinit' and 'net ads join' work. BTW: is krb5 necessary for the authentication ? -- View this message in context: http://old.nabble.com/how-to-join-to-AD---tp26513594p26635903.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Is this the wrong forum for Samba4 DRS questions?
Should I be directing Samba4 Directory Replication questions to the samba-technical list? Thanks! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] drive mapping for one user
On 12/4/2009, Hubert Choma (hubert...@wp.pl) wrote: > I would like to map a drive letter for one user via netlogon script. > How can I do it ? > The user is in geo group and I would like to map only for one user not > group. I would just add either of the lines to your existing script: :: call username specific .bat file if %username% == user call \\SERVER\netlogon\user.bat The above obviously requires the user.bat file to reside in the NETLOGON share and contain whetever user specific stuff you need. or if all you need to do is map just one drive: :: map username drive if %username% == user NET USE X: \\SERVER\SHARE You can also map drives for people in a group using the ISMEMBER check. This requires the ISMEMBER.EXE (freely available online) executable to be in the NETLOGON share: :: map drive for GroupName users \\SERVER\netlogon\ismember "Domain\GroupName" if errorlevel 1 net use x: \\SERVER\PATH\TO\DIR /persistent:no > echo off > C: > CD \ > NET TIME \\SERWER /SET /YES > NET USE * /D /YES > REM NET USE H: /HOME > NET USE R: \\SERWER\RASTRY$ > NET USE S: \\SERWER\EVID$ > NET USE T: \\SERWER\OSRODEK$ > NET USE U: \\SERWER\TMP$ > NET USE X: \\SERWER\OSNOWA$ > NET USE Y: \\SERWER\GEO1$ > NET USE Z: \\SERWER\GEO$ > NET USE W: \\SERWER\SKANY > regedit /s \\serwer\netlogon\placesbargeo.reg -- Best regards, Charles Marcus I.T. Director Media Brokers International, Inc. 678.514.6200 x224 678.514.6299 fax -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] fedora-ds and smb4 (a9)
I've got an (almost) working Samba4 installation (can't get replication working), and did a "locate samba.schema". No dice... -Original Message- From: col...@hermanjordan.nl [mailto:col...@hermanjordan.nl] Sent: Friday, December 04, 2009 6:36 AM To: samba@lists.samba.org Subject: [Samba] fedora-ds and smb4 (a9) hi i'm trying to start testing samba4 i used: http://wiki.samba.org/index.php/Samba4/LDAP_Backend/Samba_4_alpha_9_with_Fedora_DS as a start... so far so good, but i get stuck with th provision.. setup/provision \ --host-name=dev --root=root \ --domain=JORDAN --realm=JORDAN.NET \ --server-role="domain controller" \ --ldap-backend-type=fedora-ds \ --slapd-path=/usr/sbin/ns-slapd --setup-ds-path=/usr/sbin/setup-ds.pl gives: Administrator password will be set randomly! bin/python/samba/../../../setup/../../examples/LDAP/samba.schema: No such file or directory Traceback (most recent call last): File "setup/provision", line 222, in nosync=opts.nosync,ldap_dryrun_mode=opts.ldap_dryrun_mode) File "bin/python/samba/provision.py", line 1167, in provision setup_ds_path=setup_ds_path) File "bin/python/samba/provisionbackend.py", line 579, in __init__ raise Exception("Unable to convert Samba 3 schema.") Exception: Unable to convert Samba 3 schema. can see that it needs the ldap schema, but it's not in the source dir... anny idea where to find the exaples dir Cheers Collen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] fedora-ds and smb4 (a9)
hi i'm trying to start testing samba4 i used: http://wiki.samba.org/index.php/Samba4/LDAP_Backend/Samba_4_alpha_9_with_Fedora_DS as a start... so far so good, but i get stuck with th provision.. setup/provision \ --host-name=dev --root=root \ --domain=JORDAN --realm=JORDAN.NET \ --server-role="domain controller" \ --ldap-backend-type=fedora-ds \ --slapd-path=/usr/sbin/ns-slapd --setup-ds-path=/usr/sbin/setup-ds.pl gives: Administrator password will be set randomly! bin/python/samba/../../../setup/../../examples/LDAP/samba.schema: No such file or directory Traceback (most recent call last): File "setup/provision", line 222, in nosync=opts.nosync,ldap_dryrun_mode=opts.ldap_dryrun_mode) File "bin/python/samba/provision.py", line 1167, in provision setup_ds_path=setup_ds_path) File "bin/python/samba/provisionbackend.py", line 579, in __init__ raise Exception("Unable to convert Samba 3 schema.") Exception: Unable to convert Samba 3 schema. can see that it needs the ldap schema, but it's not in the source dir... anny idea where to find the exaples dir Cheers Collen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] drive mapping for one user
Am Friday 04 December 2009 12:18:14 schrieb Hubert Choma: > I would like to map a drive letter for one user via netlogon script. > How can I do it ? > The user is in geo group and I would like to map only for one user not > group. > echo off > C: > CD \ > NET TIME \\SERWER /SET /YES > NET USE * /D /YES > REM NET USE H: /HOME > NET USE R: \\SERWER\RASTRY$ > NET USE S: \\SERWER\EVID$ > NET USE T: \\SERWER\OSRODEK$ > NET USE U: \\SERWER\TMP$ > NET USE X: \\SERWER\OSNOWA$ > NET USE Y: \\SERWER\GEO1$ > NET USE Z: \\SERWER\GEO$ > NET USE W: \\SERWER\SKANY > regedit /s \\serwer\netlogon\placesbargeo.reg > > > Triumf polskich bokserów w Ełku > Zobacz zdjęcia z walk: > http://klik.wp.pl/?adr=http%3A%2F%2Fcorto.www.wp.pl%2Fas%2Fwojak.html&sid=9 >26 Hello, you can specify a logon script for this user: If you use the smbldap-tools: smbldap-usermod my_username --sambaLogonScript my_logon_script.bat or with pdbedit: pdbedit -u my_username -S my_logon_script.bat Kind Regards Richard Lamboj -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] drive mapping for one user
Hubert Choma wrote: >I would like to map a drive letter for one user via netlogon script. >How can I do it ? >The user is in geo group and I would like to map only for one user not >group. >echo off >C: >CD \ >NET TIME \\SERWER /SET /YES >NET USE * /D /YES >REM NET USE H: /HOME >NET USE R: \\SERWER\RASTRY$ >NET USE S: \\SERWER\EVID$ >NET USE T: \\SERWER\OSRODEK$ >NET USE U: \\SERWER\TMP$ >NET USE X: \\SERWER\OSNOWA$ >NET USE Y: \\SERWER\GEO1$ >NET USE Z: \\SERWER\GEO$ >NET USE W: \\SERWER\SKANY >regedit /s \\serwer\netlogon\placesbargeo.reg We have a line if exist H:\logon.bat call H:\logon.bat Then anything specific to an individual user can go in their personal logon script. Moray. "To err is human. To purr, feline" -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] drive mapping for one user
I would like to map a drive letter for one user via netlogon script. How can I do it ? The user is in geo group and I would like to map only for one user not group. echo off C: CD \ NET TIME \\SERWER /SET /YES NET USE * /D /YES REM NET USE H: /HOME NET USE R: \\SERWER\RASTRY$ NET USE S: \\SERWER\EVID$ NET USE T: \\SERWER\OSRODEK$ NET USE U: \\SERWER\TMP$ NET USE X: \\SERWER\OSNOWA$ NET USE Y: \\SERWER\GEO1$ NET USE Z: \\SERWER\GEO$ NET USE W: \\SERWER\SKANY regedit /s \\serwer\netlogon\placesbargeo.reg Triumf polskich bokserów w Ełku Zobacz zdjęcia z walk: http://klik.wp.pl/?adr=http%3A%2F%2Fcorto.www.wp.pl%2Fas%2Fwojak.html&sid=926 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How create OU
Try LDAP Account Manager or Phpldapadmin. They are both great tools for administrating ldap graphically. The first is more complete than the second. You can also create Ou's and something with ldif files. Create an LDIF file and use ldapmodify to inject it to slapd. 2009/11/19 Gaiseric Vandal > I use Apache Directory Studio to manage my LDAP structure, for things like > creating OU's, unix users etc. (I am using Sun's ldap server, and didn't > like the admin tools provided.) > > -Original Message- > From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] > On Behalf Of Bruno Steven > Sent: Wednesday, November 18, 2009 3:59 AM > To: openldap-techni...@openldap.org > Subject: [Samba] How create OU > > Hi ... > > I have squid integrated with OpenLdap . I need create an Ou and a lot of > groups but my Openldap is integrated with Samba too. How I could create OUs > in enviroment integrated ? For examaple, I create users using smbldap-tools > but this tool doesn´t create Ou. > > Thanks . > > > > -- > Bruno Steven - Administrador de sistemas. > LPIC-1 - LPI ID: lpi000119659 / Code: p2e4wz47e4 > https://www.lpi.org/caf/Xamman/certification > > MCP-Windows 2003 - TranscriptID: 793804 / Access Code: 080089100 > https://mcp.microsoft.com/authenticate/validatemcp.aspx > > > P Antes de imprimir pense em sua responsabilidade e comprometimento com o > Meio Ambiente. Before printing this message, think about your ecologic > responsability and environment commitment. > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Getting Windows XP drivers from print$
Hi list I have two very similar printers set up on CUPS and Samba is configured to share the drivers. I had been playing around with setting up a RAW printer queue with native Windows drivers but eventually gave up on that. I deleted all printers and redid them from scratch and now only one of them works. Setup: Ubuntu Karmic 2.6.31-15-server #50-Ubuntu SMP Tue Nov 10 15:50:36 UTC 2009 x86_64 GNU/Linux Samba Version 3.4.0 rpcclient $> enumprinters flags:[0x80] name:[\\freud\gyldendal] description:[\\freud\gyldendal,gyldendal,] comment:[gyldendal] flags:[0x80] name:[\\freud\goethe] description:[\\freud\goethe,goethe,] comment:[goethe] rpcclient $> enumdrivers [Windows NT x86] Printer Driver Info 1: Driver Name: [goethe] Printer Driver Info 1: Driver Name: [gyldendal] rpcclient $> getdriver gyldendal [Windows NT x86] Printer Driver Info 3: Version: [3] Driver Name: [gyldendal] Architecture: [Windows NT x86] Driver Path: [\\LOCALHOST\print$\W32X86\3\pscript5.dll] Datafile: [\\LOCALHOST\print$\W32X86\3\gyldendal.ppd] Configfile: [\\LOCALHOST\print$\W32X86\3\ps5ui.dll] Helpfile: [\\LOCALHOST\print$\W32X86\3\pscript.hlp] Dependentfiles: [\\LOCALHOST\print$\W32X86\3\pscript5.dll] Dependentfiles: [\\LOCALHOST\print$\W32X86\3\gyldendal.ppd] Dependentfiles: [\\LOCALHOST\print$\W32X86\3\ps5ui.dll] Dependentfiles: [\\LOCALHOST\print$\W32X86\3\pscript.hlp] Dependentfiles: [\\LOCALHOST\print$\W32X86\3\pscript.ntf] Dependentfiles: [\\LOCALHOST\print$\W32X86\3\cups6.ini] Dependentfiles: [\\LOCALHOST\print$\W32X86\3\cupsps6.dll] Dependentfiles: [\\LOCALHOST\print$\W32X86\3\cupsui6.dll] Monitorname: [] Defaultdatatype: [RAW] rpcclient $> getdriver goethe [Windows NT x86] Printer Driver Info 3: Version: [3] Driver Name: [goethe] Architecture: [Windows NT x86] Driver Path: [\\LOCALHOST\print$\W32X86\3\pscript5.dll] Datafile: [\\LOCALHOST\print$\W32X86\3\goethe.ppd] Configfile: [\\LOCALHOST\print$\W32X86\3\ps5ui.dll] Helpfile: [\\LOCALHOST\print$\W32X86\3\pscript.hlp] Dependentfiles: [\\LOCALHOST\print$\W32X86\3\pscript5.dll] Dependentfiles: [\\LOCALHOST\print$\W32X86\3\goethe.ppd] Dependentfiles: [\\LOCALHOST\print$\W32X86\3\ps5ui.dll] Dependentfiles: [\\LOCALHOST\print$\W32X86\3\pscript.hlp] Dependentfiles: [\\LOCALHOST\print$\W32X86\3\pscript.ntf] Dependentfiles: [\\LOCALHOST\print$\W32X86\3\cups6.ini] Dependentfiles: [\\LOCALHOST\print$\W32X86\3\cupsps6.dll] Dependentfiles: [\\LOCALHOST\print$\W32X86\3\cupsui6.dll] Monitorname: [] Defaultdatatype: [RAW] r...@freud:/var/lib/samba/printers/W32X86/3# ls -la total 1524 drwxrwxrwx 2 root root 4096 2009-12-04 10:52 . drwxrwxrwx 3 root root 4096 2009-12-03 13:46 .. -rwxrwxrwx 1 root root 72 2009-12-03 15:30 cups6.ini -rwxrwxrwx 1 root root 12568 2009-12-03 12:50 cupsps6.dll -rwxrwxrwx 1 root root 13672 2009-12-03 12:50 cupsui6.dll -rwxrwxrwx 1 root root 24131 2009-12-03 15:30 goethe.ppd -rwxrwxrwx 1 root root 77452 2009-12-03 15:19 gyldendal.ppd -rwxrwxrwx 1 root root 130048 2009-12-03 12:50 ps5ui.dll -rwxrwxrwx 1 root root 455168 2009-12-03 12:50 pscript5.dll -rwxrwxrwx 1 root root 26192 2009-12-03 15:30 pscript.hlp -rwxrwxrwx 1 root root 792644 2009-12-03 15:30 pscript.ntf Connecting to goethe from Windows XP works and it copies the driver files. Connection to gyldendal does not, it doesn't copy the files. Looking in the log file, this is what appears when I try to connect to the printer that doesn't work: [2009/12/04 10:16:05, 2] rpc_server/srv_spoolss_nt.c:234(find_printer_index_by_hnd) find_printer_index_by_hnd: Printer handle not found: find_printer_index_by_hnd: Printer handle not found: close_printer_handle: Invalid handle (OTHER:18607:4256) I'm guessing some sort of internal list is messed up maybe? Any ideas? Thanks, Torkil -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba