Re: [Samba] Samba/LDAP and home dir creation
On Wednesday 09 June 2010 4:47:31 pm you wrote: > Hi Dimitri, > > You probably want to enable the PAM module > responsible for this. Back up and edit your > /etc/pam.d/system-auth and add the following > line: > > session required pam_oddjob_mkhomedir.so > skel=/etc/skel/ umask=0022 > > Note: Messing with your pam config may lock you > out of the system, so be careful. > > 2010/6/9 Dimitri Yioulos : > > Hi, all. > > > > I'm working on a project to create a Samba > > PDC with LDAP authentication. I've been > > pretty successful in getting everything to > > work. However, I've run into a small snag: > > > > The PDC is built on an OpenSuse 11.2 box. > > Most of the member servers are also OpenSuse > > 11.2 boxes. However, a CentOS 5.5 server was > > just added to the mix. While users can lo > > into the CentOS box, with LDAP providing the > > creds, no home directory is automagically > > created as in the OpenSuse boxes. I'd like > > to fix that, with your help. > > > > I've used authconfig-tui on the CentOS box to > > enable "Use LDAP" and "Use LDAP > > Authentication" (the equivalent of YAST's > > LDAP Client config tool?). I believe my > > smb.conf and ldap.conf files are correct > > (I'll provide them if you all need to see > > them). Any ideas? > > > > Thanks. > > > > Dimitri > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > -- > > To unsubscribe from this list go to the > > following URL and read the instructions: > > https://lists.samba.org/mailman/options/samb > >a > > -- > Diego Lima Diego, That worked perfectly! I used pam_mkhomedir.so, though, as this is a 32-bit system. Thank you. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba/LDAP and home dir creation
Hi Dimitri, You probably want to enable the PAM module responsible for this. Back up and edit your /etc/pam.d/system-auth and add the following line: session required pam_oddjob_mkhomedir.so skel=/etc/skel/ umask=0022 Note: Messing with your pam config may lock you out of the system, so be careful. 2010/6/9 Dimitri Yioulos : > Hi, all. > > I'm working on a project to create a Samba PDC > with LDAP authentication. I've been pretty > successful in getting everything to work. > However, I've run into a small snag: > > The PDC is built on an OpenSuse 11.2 box. Most of > the member servers are also OpenSuse 11.2 boxes. > However, a CentOS 5.5 server was just added to > the mix. While users can lo into the CentOS box, > with LDAP providing the creds, no home directory > is automagically created as in the OpenSuse > boxes. I'd like to fix that, with your help. > > I've used authconfig-tui on the CentOS box to > enable "Use LDAP" and "Use LDAP Authentication" > (the equivalent of YAST's LDAP Client config > tool?). I believe my smb.conf and ldap.conf > files are correct (I'll provide them if you all > need to see them). Any ideas? > > Thanks. > > Dimitri > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- Diego Lima -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] DC replication
So finally I got the net vampire to work. I had to roll back to commit 62e0a74 bypassing all the updates done by m...@samba.org for now. Now the replication PDC1 is the first domain controller created by provision PDC2 is the second is the second domain controller created by net vampire on PDC1 I added user using "net newuser testuser1" in few seconds it appeared on PDC2 using the command wbinfo -u on PDC2 I added user using "net newuser testuser2" it never appear on PDC1 Any idea what steps I'm missing here Thanks Ibrahim -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Debian Lenny 3.5.3 packages pam-auth-update
Quoting Christian PERRIER (bubu...@debian.org): > Indeed, I noticed this problem (this is the second time these > remainings from Debian squeeze packages slip to the lenny backports, > official or not)and fixed it in 2:3.5.3~dfsg-1~unoff50+2 packages. > > However, as of now, binary packages are compiled only for i386 > architecture and I did not compile the amd64 packages. So, I assume > you're using amd64 as architecture. Am I right? Maybe not. Turns out that, contrary to what I was believing, I did not complete the built package upload. It is in progress right now. Later on, amd64 packages will be ready and available. signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba/LDAP and home dir creation
Hi, all. I'm working on a project to create a Samba PDC with LDAP authentication. I've been pretty successful in getting everything to work. However, I've run into a small snag: The PDC is built on an OpenSuse 11.2 box. Most of the member servers are also OpenSuse 11.2 boxes. However, a CentOS 5.5 server was just added to the mix. While users can lo into the CentOS box, with LDAP providing the creds, no home directory is automagically created as in the OpenSuse boxes. I'd like to fix that, with your help. I've used authconfig-tui on the CentOS box to enable "Use LDAP" and "Use LDAP Authentication" (the equivalent of YAST's LDAP Client config tool?). I believe my smb.conf and ldap.conf files are correct (I'll provide them if you all need to see them). Any ideas? Thanks. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Domain Trusts
Anybody? > Greetings List, > > I’ve > been attempting to establish a two way domain trust between Samba Domains. > The reasons why are numerous but mainly so > that our Samba PDC supports Window7. > Domain A is Samba 3.0.33 and domain B is Samba 3.3.12 and I’ve > established that domain B trusts domain A without issue,however when I attempt > to trust domain B on domain A, I get the following error. “Could not connect > to > server DomainA PDC. Storing password for trusted domain failed.” > > I’m certain the password is correct. > > > _ > Hotmail is redefining busy with tools for the New Busy. Get more from your > inbox. > http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_2 > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba _ Hotmail is redefining busy with tools for the New Busy. Get more from your inbox. http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_2 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Debian Lenny 3.5.3 packages pam-auth-update
Quoting Neil Price (npr...@gibb.co.za): > I hope it is relevant to report this here. The debian lenny samba > 3.5.3 packages at http://pkg-samba.alioth.debian.org have this > problem: It is relevant, yes. Mailing pkg-samba-ma...@lists.alitoh.debian.org is also an option. Probably a better one as this is the package maintainers' address. Still, I catched your mail anyway. (what would have been inappropriate is to report this in Debian BTS as it does not belong to official Debian packages, but you're probably aware of this) > > Setting up winbind (2:3.5.3~dfsg-1~unoff50+1) ... > /var/lib/dpkg/info/winbind.postinst: line 16: pam-auth-update: > command not found > dpkg: error processing winbind (--configure): > subprocess post-installation script returned error exit status 127 > Errors were encountered while processing: > winbind > > I presume pam-auth-update is not relevant to Lenny. Yep. Your fix is correct. Indeed, I noticed this problem (this is the second time these remainings from Debian squeeze packages slip to the lenny backports, official or not)and fixed it in 2:3.5.3~dfsg-1~unoff50+2 packages. However, as of now, binary packages are compiled only for i386 architecture and I did not compile the amd64 packages. So, I assume you're using amd64 as architecture. Am I right? I'll upload amd64 binary packages ASAP to this unofficial repository. Sorry for the trouble you had with these packages... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] smbldap-tools
I was able to find a package for ubuntu, and got it installed. It is now creating those fields in LDAP. I hope this gets rid of my trust issues but I guess I will have to wait 30 days to find out. On Tue, Jun 8, 2010 at 3:45 PM, Miguel Medalha wrote: > > >> is there a current site that is maintaining smbldap-tools? > > https://gna.org/projects/smbldap-tools/ > >> where is 0.9.6? >> > > At the maintainer's site: > > http://www.iallanis.info/ > > It is currently unavailable but it happened before and it always came back. > Maybe it will one again. > > Search for a package "smbldap-tools-0.9.6-pre1.noarch.rpm". > If you don't find it I can send it to you by e-mail. > > > If you are on RHEL/CentOS 5.x, the EPEL repository contains specific version > 0.9.5.1 packages for that distro: > > smbldap-tools-0.9.5-1.el5.rf.noarch > > As I wrote in my post, this version correctly fills the attributes you > quoted. > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [part success] Re: cannot see or browse a share from a VPN client
On 08/06/10 12:06 PM, H.S. wrote: > Hello. > > I have three separate networks on my LAN: > wired network (192.168.0.0/24) > wireless network (192.168.5.0/24) > VPN (172.16.15.0/24) > > Here is an ASCII art showing my setup: > ,--. > ppp0 <--eth1eth0--192.168.0.0/24--->to LAN switch > | wlan0--192.168.5.0/24---> WLAN > | tun0--172.16.15.0/24---> VPN > |__| > > | > "ROUTER": Samba and VPN server machine > > > "ROUTER" is running Debian Testing and 2.6.30-2-686 kernel. The VPN > client mentioned below is a Dell laptop running Ubuntu Karmic. Well, got some of it working. Here are the settings that worked for me: interfaces = 127.0.0.0/8 172.16.15.0/24 eth0 wlan0 tun0 # samba host not visible on VPN client without the following remote announce = 172.16.21.255 #for security (allow only local, wired lan and VPN clients) hosts allow = 127.0.0.1 192.168.0.0/24 172.16.15.0/24 hosts deny = 0.0.0.0/0 Even though I can see and browse to the samba share from Gnome's Network GUI from a VPN client, but I cannot access the shared folder. The Network GUI reports "Unable to mount location - Failed to mount windows share". Note that I can mount the share using smbmount command by specifying the user=guest option, however. Here is the smb.conf file on ROUTER: #--- > grep -v '^[#;]' /etc/samba/smb.conf | grep -v '^ *$' [global] workgroup = routersmb server string = %h server dns proxy = no interfaces = 127.0.0.0/8 eth0 wlan0 tun0 remote announce = 172.16.21.255 hosts allow = 127.0.0.1 192.168.0.0/24 172.16.15.0/24 hosts deny = 0.0.0.0/0 log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d security = share encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes [homes] comment = Home Directories browseable = no read only = yes create mask = 0700 directory mask = 0700 valid users = %S [printers] comment = All Printers browseable = no path = /var/spool/samba printable = yes guest ok = no read only = yes create mask = 0700 [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = yes guest ok = no [SharedFolder] comment = Shared folder for general use. browsable = yes guest ok = yes path = /media/common_folder writable = yes ;force create mode = 0770 ;force directory mode = 0775 #--- So, what am I missing further regarding this failure of Gnome Network GUI to mount the windows share? Thanks. -- Please reply to this list only. I read this list on its corresponding newsgroup on gmane.org. Replies sent to my email address are just filtered to a folder in my mailbox and get periodically deleted without ever having been read. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] WG: cannot see or browse a share from a VPN client
On 09/06/10 03:31 AM, Daniel Müller wrote: > Hello, > > Your VPN does not pass through Netbios. > What kind of VPN are you using? Openvpn does netbios > Pass trough. I am using OpenVPN. Sorry for not specifying it earlier. > Did You "interfaces=IPinyour192.168.0.0/24 IPinyour172.16.15.0/24..." > In your smb.conf to make samba send browselists in your 172.16.15.0 net?? Here is what I have at present in my smb.conf regarding this: interfaces = 127.0.0.0/8 172.16.15.0/24 hosts allow = 127.0.0.1 192.168.0.0/24 172.16.15.0/24 hosts deny = 0.0.0.0/0 Also, when I restart samba, I get the following line in nmdb.log: create_subnets: Waiting for an interface to appear ... With the above settings, I can mount the share using smbmount from a VPN client but still cannot see or browse the share via Gnome's Network GUI (clicking on Windows Network gives nothing). This is in contrast to using the client on wired network (192.168.0.0.24). In this case I see the shares from GUI without any problems. So Samba shares browsing works from a wired LAN client but not from a VPN client on the wireless LAN. Thanks. -- Please reply to this list only. I read this list on its corresponding newsgroup on gmane.org. Replies sent to my email address are just filtered to a folder in my mailbox and get periodically deleted without ever having been read. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] logging in NAS200
Hello, I'm running SAMBA under Ubuntu 10.4. At work we share a network storage unit, a Linksys NAS200. I can see it as a "computer" in my workgroup but once I click on its icon in Nautilus it is opened as a blank screen. I cannot see the folders I should have access. Doing the same in Windows XP I can access these folders. I use the same username and password on Ubuntu, XP, Samba and NAS200. When running Ubuntu I can see all the computers in my workgroup (all of them with Windows XP) and share folders and printers. The problem occurs only with NAS200. Is there any special configuration that allows me to log in the NAS200? Thanks in advance for any help. All the best, Antonio PS. my smb.conf follows below. I have made only few modifications on the standard file. #=== Global Settings === [global] ## Browsing/Identification ### # Change this to the workgroup/NT-domain name your Samba server will part of workgroup = ULRCEPPM # server string is the equivalent of the NT Description field server string = %h (Linux Ubuntu) # Windows Internet Name Serving Support Section: # WINS Support - Tells the NMBD component of Samba to enable its WINS Server # wins support = no # WINS Server - Tells the NMBD components of Samba to be a WINS Client # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both ; wins server = w.x.y.z # This will prevent nmbd to search for NetBIOS names through DNS. dns proxy = no # What naming service and in what order should we use to resolve host names # to IP addresses ; name resolve order = lmhosts host wins bcast Networking # The specific set of interfaces / networks to bind to # This can be either the interface name or an IP address/netmask; # interface names are normally preferred ; interfaces = 127.0.0.0/8 eth0 # Only bind to the named interfaces and/or networks; you must use the # 'interfaces' option above to use this. # It is recommended that you enable this feature if your Samba machine is # not protected by a firewall or is a firewall itself. However, this # option cannot handle dynamic or non-broadcast interfaces correctly. ; bind interfaces only = yes Debugging/Accounting # This tells Samba to use a separate log file for each machine # that connects log file = /var/log/samba/log.%m # Cap the size of the individual log files (in KiB). max log size = 1000 # If you want Samba to only log through syslog then set the following # parameter to 'yes'. # syslog only = no # We want Samba to log a minimum amount of information to syslog. Everything # should go to /var/log/samba/log.{smbd,nmbd} instead. If you want to log # through syslog you should set the following parameter to something higher. syslog = 0 # Do something sensible when Samba crashes: mail the admin a backtrace panic action = /usr/share/samba/panic-action %d ### Authentication ### # "security = user" is always a good idea. This will require a Unix account # in this server for every user accessing the server. See # /usr/share/doc/samba-doc/htmldocs/Samba3-HOWTO/ServerType.html # in the samba-doc package for details. security = user # You may wish to use password encryption. See the section on # 'encrypt passwords' in the smb.conf(5) manpage before enabling. encrypt passwords = true # If you are using encrypted passwords, Samba will need to know what # password database type you are using. passdb backend = tdbsam obey pam restrictions = yes # This boolean parameter controls whether Samba attempts to sync the Unix # password with the SMB password when the encrypted SMB password in the # passdb is changed. unix password sync = yes # For Unix password sync to work on a Debian GNU/Linux system, the following # parameters must be set (thanks to Ian Kahan < for # sending the correct chat script for the passwd program in Debian Sarge). passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . # This boolean controls whether PAM will be used for password changes # when requested by an SMB client instead of the program listed in # 'passwd program'. The default is 'no'. pam password change = yes # This option controls how unsuccessful authentication attempts are mapped # to anonymous connections map to guest = bad user ## Domains ### # Is this machine able to authenticate users. Both PDC and BDC # must have this setting enabled. If you are the BDC you must # change the 'domain master' setting to no # ; domain logons = yes # # The following setting only takes effect if 'domain logons' is set # It specifies the location of the user's profile directory # from the client point of view) # The following required a [profile
[Samba] Debian Lenny 3.5.3 packages pam-auth-update
I hope it is relevant to report this here. The debian lenny samba 3.5.3 packages at http://pkg-samba.alioth.debian.org have this problem: Setting up winbind (2:3.5.3~dfsg-1~unoff50+1) ... /var/lib/dpkg/info/winbind.postinst: line 16: pam-auth-update: command not found dpkg: error processing winbind (--configure): subprocess post-installation script returned error exit status 127 Errors were encountered while processing: winbind I presume pam-auth-update is not relevant to Lenny. So I modified /var/lib/dpkg/info/winbind.postinst and ran dpkg --configure --pending. Seems fine. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] WG: cannot see or browse a share from a VPN client
Hello, Your VPN does not pass through Netbios. What kind of VPN are you using? Openvpn does netbios Pass trough. Did You "interfaces=IPinyour192.168.0.0/24 IPinyour172.16.15.0/24..." In your smb.conf to make samba send browselists in your 172.16.15.0 net?? --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von H.S. Gesendet: Dienstag, 8. Juni 2010 18:06 An: samba@lists.samba.org Betreff: [Samba] cannot see or browse a share from a VPN client Hello. I have three separate networks on my LAN: wired network (192.168.0.0/24) wireless network (192.168.5.0/24) VPN (172.16.15.0/24) Here is an ASCII art showing my setup: ,--. ppp0 <--eth1eth0--192.168.0.0/24--->to LAN switch | wlan0--192.168.5.0/24---> WLAN | tun0--172.16.15.0/24---> VPN |__| | "ROUTER": Samba and VPN server machine "ROUTER" is running Debian Testing and 2.6.30-2-686 kernel. The VPN client mentioned below is a Dell laptop running Ubuntu Karmic. I have setup Samba with a shared folder on the VPN server. I can browse the Samba network from wireless machines fine. But I cannot do so from a wireless machine with a VPN connection, i.e. VPN clients from my WLAN do not see the Samba network (from Gnome Network browsing GUI). This is what I wanted to achieve but it is not working. What am I missing here? I have the following in smb.conf file (wireless clients are not allowed intentinally, the idea is to allow them only via VPN): hosts allow = 127.0.0.1 192.168.0.0/24 172.16.15.0/24 hosts deny = 0.0.0.0/0 Now, at this point, from a machine on wireless LAN, I am able to mount the samba shared folder on "ROUTER" using "sudo smbmount -o user=guest". However, I do not see the share from Gnome's Network GUI tool. On the other hand, if the machine is put on the wired network, and is connected via VPN, the GUI can see the share without any problems. In short, smbmount works from LAN and from VPN, but Gnome Network browsing works only from LAN and not from VPN. What have I missed in the setup? In case this is relevant, when I start samba on the firewall machine "ROUTER" , I see the following in its log: * Samba name server ROUTER is now a local master browser for workgroup ROUTERSMB on subnet 192.168.0.1 * * Samba name server ROUTER is now a local master browser for workgroup ROUTERSMB on subnet 192.168.5.1 * Why do only these two networks act as a local browser and why doesn't VPN (172.16.15.0/24) also do so? Thanks in advance. -- Please reply to this list only. I read this list on its corresponding newsgroup on gmane.org. Replies sent to my email address are just filtered to a folder in my mailbox and get periodically deleted without ever having been read. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba