Re: [Samba] Samba logs fill up disk with inotify errors, smbd 100% CPU
On Tue, Aug 24, 2010 at 08:17:57AM -0400, Valerie L. Magee wrote: > Please forgive me if direct email is not appropriate, but I am at my > wit's end. As a workaround, try "kernel change notify = no". This does not solve your problem though, but it should fix the immediate problem. Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] macmini samba
On 24 August 2010 15:09, larry wrote: > Hi, > > > > Did anyone know the samba daemon,config file and the installation path on > MAC OS 10.6? $ smbd -b Built by:r...@ghosttown.apple.com Built on:Thu May 6 17:48:29 PDT 2010 Built using: /usr/bin/cc Build host: Darwin ghosttown.apple.com 10.0 Darwin Kernel Version 10.0.0: Fri Jul 31 22:46:25 PDT 2009; root:xnu-1456.1.25~1/RELEASE_X86_64 x86_64 SRCDIR: /SourceCache/samba/samba-235.4/samba/source BUILDDIR:/var/tmp/samba/samba-235.4~1/x86_64 Paths: SBINDIR: /usr/sbin BINDIR: /usr/bin SWATDIR: /usr/swat CONFIGFILE: /private/etc/smb.conf LOGFILEBASE: /private/var/log/samba LMHOSTSFILE: /private/etc/lmhosts LIBDIR: /usr/lib/samba SHLIBEXT: dylib LOCKDIR: /private/var/samba PIDDIR: /private/var/run SMB_PASSWD_FILE: /private/var/db/samba/smbpasswd PRIVATE_DIR: /private/var/db/samba > > > > I have a problem that the windows users can only access shares on MAC by > computer name. > > > > But need input user name and password by IP address. > > > > > > > > Thanks > > > > Larry > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- James Peach | jor...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] macmini samba
Hi, Did anyone know the samba daemon,config file and the installation path on MAC OS 10.6? I have a problem that the windows users can only access shares on MAC by computer name. But need input user name and password by IP address. Thanks Larry -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba logs fill up disk with inotify errors, smbd 100% CPU
Please forgive me if direct email is not appropriate, but I am at my wit's end. I am running Kernel 2.6.35.2. Previously, I was running 2.6.32.something (don't know at this point). Samba is 3.4.8-59. I have been getting the inotify errors on both the old and the new Kernel, to the point that it filled my hard drive and made my Windows/XP unrecoverable. It appears to only happen when I am running Outlook on my Windows VM. Obviously, I normally run it all the time. Turning off notification is not a reasonable option. To get Windows to run, we restored to a version from June, but the inotify problem continued. So far, we have replaced the PST that my repetitive emails are sorted into, to eliminate the possibility that a corrupt PST is initiating a Windows Outlook problem/loop. Our next step would be to start a new OST, but that would put my email out of service for several hours as the OST is rebuilt. Nothing is wrong with the email messages involved. This inotify issue has been around for a long time, but there seems to be no resolution. Some of the comments in some of the forums suggest that the message is a debug message and shouldn't even be produced, and there were hints of a resolution for that. Is there one? I have lost most of the last three days because of this, and I really need some sort of resolution. After trying the OST rebuild, we would start all over with Linux, but that will cost me the better part of another day. Can you help? I can put you in touch with my techie (husband and/or son) if you want to work with them. They are both very knowledgeable. - Valerie Magee http://mageenet.net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Unable to save Word+Excel files after Samba Upgrade
Hi, after upgrading Samba 3.0.24 to Samba 3.5.4 a strange problem occurs: Users cannot anymore save files in MS Office (Word/Excel) on Samba shares. More precisely: Save as Office 2007 documents or RTF-Files works fine, but *.doc ist avoided with Error Message "Not enough memory". I found some posts reporting this problem before, but nothing really solved the issue. As I understand that this problem is well known, and should be solved. I would appreciate any hint. testparam -vvv [global] dos charset = CP850 unix charset = UTF-8 display charset = LOCALE workgroup = WORKGROUP realm = netbios name = FILESERVER netbios aliases = netbios scope = server string = %h (Samba %v) interfaces = bind interfaces only = Yes security = USER auth methods = encrypt passwords = Yes update encrypted = No client schannel = Auto server schannel = Auto allow trusted domains = Yes map to guest = Never null passwords = No obey pam restrictions = Yes password server = * smb passwd file = /etc/samba/smbpasswd private dir = /etc/samba passdb backend = ldapsam algorithmic rid base = 1000 root directory = guest account = nobody enable privileges = Yes pam password change = No passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX \spassword:* %n\n *password\supdated\ssuccessfully* . passwd chat debug = No passwd chat timeout = 2 check password script = username map = password level = 0 username level = 0 unix password sync = No restrict anonymous = 0 lanman auth = No ntlm auth = Yes client NTLMv2 auth = No client lanman auth = No client plaintext auth = No preload modules = dedicated keytab file = kerberos method = default map untrusted to domain = No log level = 3 syslog = 0 syslog only = No log file = /var/log/samba/log.%m max log size = 1000 debug timestamp = Yes debug prefix timestamp = No debug hires timestamp = Yes debug pid = No debug uid = No debug class = No enable core files = Yes smb ports = 445 139 large readwrite = Yes max protocol = NT1 min protocol = CORE min receivefile size = 0 read raw = Yes write raw = Yes disable netbios = No reset on zero vc = No acl compatibility = auto defer sharing violations = Yes nt pipe support = Yes nt status support = Yes announce version = 4.9 announce as = NT max mux = 50 max xmit = 16644 name resolve order = lmhosts wins host bcast max ttl = 259200 max wins ttl = 518400 min wins ttl = 21600 time server = No unix extensions = Yes use spnego = Yes client signing = auto server signing = No client use spnego = Yes client ldap sasl wrapping = plain enable asu support = No svcctl list = deadtime = 0 getwd cache = Yes keepalive = 300 lpq cache time = 30 max smbd processes = 0 paranoid server security = Yes max disk size = 0 max open files = 16384 socket options = TCP_NODELAY use mmap = Yes hostname lookups = No name cache timeout = 660 ctdbd socket = cluster addresses = clustering = No ctdb timeout = 0 load printers = Yes printcap cache time = 750 printcap name = cups server = cups encrypt = No cups connection timeout = 30 iprint server = disable spoolss = No addport command = enumports command = addprinter command = deleteprinter command = show add printer wizard = Yes os2 driver map = mangling method = hash2 mangle prefix = 1 max stat cache size = 256 stat cache = Yes machine password timeout = 604800 add user script = rename user script = delete user script = add group script = delete group script = add user to group script = delete user from group script = set primary group script = add machine script = /usr/sbin/smbldap-useradd -w "%u" shutdown script = abort shutdown script = username map script = logon script = logon.cmd logon path = \\%L\profiles\%U logon drive = logon home = \\%N\%U domain logons = Yes init logon delayed hosts = init logon delay = 100
[Samba] Problems Joining AD/Domain
Hello, I am working at a company where officially my job duty is unrelated to my problem. However, I am coordinating with my company's chief IT admin to create a Linux workstation for our call center to extend the life of our outdated computers. However, I am stuck at trying to get the workstation to join the domain. When I attempt to join the domain using YaST (openSUSE's system configuration tool) it prompts me for a network admin's username/password (same as 'net join DOMAIN'). While I understand the need for having this access, unfortunately it is out of the question due to several reasons (mainly that I work on this at night/overnight when he's gone, plus he doesn't know what Samba would "do" to the network). Although joining a workstation to a domain requires administrative privileges, he told me that he joined my workstation to the domain (using MAC/IP or some combo, I'm not sure). However when I do a 'net join DOMAIN' it still prompts for a username/password. I know that he added the workstation because at one point I managed to trick Samba, but it said the machine's network password was empty. So, the question being: how do I join this PC to the domain with NO admin user/pass assuming that he did in fact add the PC to the domain on the AD server's side? Thanks! Nick Betcher -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba4 trusting samba3
back on the list again. I'm setting up a samba4 domain controller and I need servers in the new active directory to trust the old samba 3 domain. The wizard in the active directory domains and trusts snap in doesn't recognize the name of the samba 3 domain as valid, even though that machine resolves all the netbios names just fine (with lmhosts) Can I do it manually right from the samba4 pdc? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Windows 7 Workstation cannot create local profile
Hi there i have a issues with a Windows 7 Workstation it logs in successfully to the domain, but it doesn't creates the local profile user, keeps creating TEMP profile. On workstation I set the registry to: HKLM\Software\Policies\Microsoft\Windows\System LocalProfile 1 REG_DWORD HKLM\Software\Policies\Microsoft\Windows\System ReadOnlyProfile 1 REG_DWORD To enable Local Profiles only. PDC smb.conf logon script = netlogon.bat logon path = \\%L\profiles\%U [profiles] comment = Network Profiles Share path = /var/lib/samba/profiles read only = No profile acls = Yes create mode = 0700 directory mode = 0700 writable = yes browseable = No store dos attributes = Yes csc policy = disable On folder /var/lib/samba/profiles i have a copy of Default profile that comes with Windows 7 What's wrong? Thanks for your help. German -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Windows 7 Workstation cannot create local profile
Hi there i have a issues with a Windows 7 Workstation it logs in successfully to the domain, but it doesn't creates the local profile user. On workstation I set the registry to: HKLM\Software\Policies\Microsoft\Windows\System LocalProfile 1 REG_DWORD HKLM\Software\Policies\Microsoft\Windows\System ReadOnlyProfile 1 REG_DWORD To enable Local Profiles only. PDC smb.conf logon script = netlogon.bat logon path = \\%L\profiles\%U [profiles] comment = Network Profiles Share path = /var/lib/samba/profiles read only = No profile acls = Yes create mode = 0700 directory mode = 0700 writable = yes browseable = No store dos attributes = Yes csc policy = disable On folder /var/lib/samba/profiles i have a copy of Default profile that comes with Windows 7 What's wrong? Thanks for your help. German -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Join domain through direct registry manipulation?
Might it be possible to join a Windows machine to a Samba domain by direct registry manipulation? As an experiment, on a test machine: (not in a domain) reg export HKLM >before_join.txt (join domain) reg export HKLM >pre_reboot.txt (reboot0 reg export HKLM >post_reboot.txt The files created are unicode, with every other byte a null, and diff didn't like these on my linux boxes. Probably locale was set incorrectly. In any case, used my extract program (from here: http://drmtools.sourceforge.net/ [nothing to do with digital rights management - those are my initials] ) to make them into plain text: extract -nr 1 -sc 3 -all -in post_reboot.txt -hnd >post_reboot.txt2 extract -nr 1 -sc 3 -all -in before_join.txt -hnd >before_join.txt2 extract -nr 1 -sc 3 -all -in pre_reboot.txt -hnd >pre_reboot.txt2 then xxdiff before_join.txt2 post_reboot.txt2 xxdiff before_join.txt2 pre_reboot.txt >From these I see a few random bits changing (which might be important but I cannot interpret them), plus these three which definitely seem to be relevant. in post_reboot.txt2: HKLM\SYSTEM\ControlSet001\Control\Lsa\Kerberos\Sidcache "MachineSid"=hex: HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETLOGON\\Control "ActiveService"="NetLogon" HKLM\SYSTEM\ControlSet001\Services\NetLogon "start"=dword:2 in pre_reboot.txt2: HKLM\SYSTEM\ControlSet001\Control\Lsa\Kerberos\Sidcache no "MachineSid" value HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETLOGON\\Control "ActiveService"="Netlogon" HKLM\SYSTEM\ControlSet001\Services\NetLogon "start"=dword:2 in before_join.txt2 HKLM\SYSTEM\ControlSet001\Control\Lsa\Kerberos\Sidcache no "MachineSid" value HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETLOGON\\Control no "ActiveService" value HKLM\SYSTEM\ControlSet001\Services\NetLogon "start"=dword:3 It looks like the initial step in the netlogon is to change the 3rd and 2nd values. Not clear where the logon credentials are stored. Then at reboot the MachineSid is returned by the Samba server to the client, presumably very early in the boot process. The MachineSid on two client machines differed, although only in a few digits. That suggests that one should be able to able to join an XP machine by doing something on the Samba server (maybe just: smbpasswd -a -m MACHINE$ ?) and then on the client do three reg add commands to set it to the appropriate state, and reboot. That would be really convenient since the cloning process running under linux could easily write a runonce file with these commands into the Windows partition. However, I do not see a place on the server side to retrieve the MachineSid for a particular workstation. If it is in smbpasswd, it is encrypted. Regards, David Mathog mat...@caltech.edu Manager, Sequence Analysis Facility, Biology Division, Caltech -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] id mapping
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Greg, That may work for you as well, but I was actually referring to: idmap backend = hash That should be available in 3.5.4. Robert On 08/24/2010 11:10 AM, Greg Dickie wrote: > > Hi Robert, > > Thanks for the response. You are referring to > idmap backend = rid > > correct? > > Greg > > On Tue, 2010-08-24 at 09:10 -0400, Robert Freeman-Day wrote: > I have been the most happy with the hash idmap. It really is the least > invasive and "just works" (does that need to be trademarked these > days?). Since it hashes the SID with the same algorithm, all members > get the same UID/GID mappings, which is a big win. > > Robert > > On 08/23/2010 05:21 PM, Greg Dickie wrote: Hi, Today I'm trying to debug a problem on samba 3.5.4 where a domain member server is having trouble mapping UIDs to SIDs. I must admit I never really looked at this before as everything seemed to "just work". Today I discovered that idmap backend on the PDC and the member server were both defaulted to tdb. This means they have independent views of UID to SID mappings I guess. That sucks. So I'm looking at the ldap backend but I notice that it uses a special ou in the LDAP tree to store mappings. Why do we need that if the sambaSamAccount schema also has SIDs and UIDs for each user. Also, how is that tree populated? Looking at my PDC it seems to just pull everything out of gencache.tdb or say that no mapping exists. Doing a tdbdump of winbind_idmap.tdb shows only a few entries. This seems to be more complicated than I expected. I'm sorry if this is a silly question but what am I doing wrong? Thanks a lot, Greg > > - -- Robert Freeman-Day https://launchpad.net/~presgas GPG Public Key: http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0xBA9DF9ED3E4C7D36 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkx0AV0ACgkQup357T5MfTbW+gCbBWbdjCMcwl0wI3VWNJqdsFpV gq4AnimntaTY46H1g7PKJ97knra7VvtV =/5Jb -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] id mapping
Hi Robert, Thanks for the response. You are referring to idmap backend = rid correct? Greg On Tue, 2010-08-24 at 09:10 -0400, Robert Freeman-Day wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > I have been the most happy with the hash idmap. It really is the least > invasive and "just works" (does that need to be trademarked these > days?). Since it hashes the SID with the same algorithm, all members > get the same UID/GID mappings, which is a big win. > > Robert > > On 08/23/2010 05:21 PM, Greg Dickie wrote: > > Hi, > > > > Today I'm trying to debug a problem on samba 3.5.4 where a domain > > member server is having trouble mapping UIDs to SIDs. I must admit I > > never really looked at this before as everything seemed to "just work". > > Today I discovered that idmap backend on the PDC and the member server > > were both defaulted to tdb. This means they have independent views of > > UID to SID mappings I guess. That sucks. So I'm looking at the ldap > > backend but I notice that it uses a special ou in the LDAP tree to store > > mappings. Why do we need that if the sambaSamAccount schema also has > > SIDs and UIDs for each user. Also, how is that tree populated? > > > > Looking at my PDC it seems to just pull everything out of gencache.tdb > > or say that no mapping exists. Doing a tdbdump of winbind_idmap.tdb > > shows only a few entries. This seems to be more complicated than I > > expected. I'm sorry if this is a silly question but what am I doing > > wrong? > > > > Thanks a lot, > > Greg > > > > > > > - -- > > > Robert Freeman-Day > > https://launchpad.net/~presgas > GPG Public Key: > http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0xBA9DF9ED3E4C7D36 > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.10 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAkxzxMMACgkQup357T5MfTY0VACfSGOY2vXg05lUplINAeqxr42s > iR0AnA3P/DdGApB0+WIJZTzNN99qiv/z > =ddTf > -END PGP SIGNATURE- -- Greg Dickie just a guy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Word/Excel documents cannot be saved after Samba Upgrade
Thanks for your advice, but no change ... I actually noticed some strange in net groupmap To me it looks like we have two different sambaSID, Could the problem be a false mapping of unix group "users"? fileserver:~# net getlocalsid WORKGROUP SID for domain WORKGROUP is: S-1-5-21-2486266552-4179740748-4022069874 fileserver:~# net groupmap list Domain Admins (S-1-5-21-2486266552-4179740748-4022069874-512) -> Domain Admins Domain Users (S-1-5-21-2486266552-4179740748-4022069874-513) -> Domain Users Domain Guests (S-1-5-21-2486266552-4179740748-4022069874-514) -> Domain Guests Domain Computers (S-1-5-21-2486266552-4179740748-4022069874-515) -> Domain Computers Administrators (S-1-5-32-544) -> Administrators Account Operators (S-1-5-32-548) -> Account Operators Print Operators (S-1-5-32-550) -> Print Operators Backup Operators (S-1-5-32-551) -> Backup Operators Replicators (S-1-5-32-552) -> Replicators users (S-1-5-21-3588677525-3898198964-4119851206-1201) -> users ak (S-1-5-21-2486266552-4179740748-4022069874-3001) -> ak fa (S-1-5-21-3588677525-3898198964-4119851206-3003) -> fa im (S-1-5-21-3588677525-3898198964-4119851206-3005) -> im am (S-1-5-21-3588677525-3898198964-4119851206-3011) -> am friend (S-1-5-21-3588677525-3898198964-4119851206-3013) -> friend tg (S-1-5-21-3588677525-3898198964-4119851206-3015) -> tg hn (S-1-5-21-3588677525-3898198964-4119851206-3017) -> hn kontakt (S-1-5-21-3588677525-3898198964-4119851206-3021) -> kontakt ct (S-1-5-21-3588677525-3898198964-4119851206-3023) -> ct mm (S-1-5-21-3588677525-3898198964-4119851206-3019) -> mm sso (S-1-5-21-3588677525-3898198964-4119851206-3025) -> sso nk (S-1-5-21-3588677525-3898198964-4119851206-3007) -> nk sp (S-1-5-21-3588677525-3898198964-4119851206-3009) -> sp ck (S-1-5-21-3588677525-3898198964-4119851206-3049) -> ck gs (S-1-5-21-3588677525-3898198964-4119851206-3051) -> gs sr (S-1-5-21-3588677525-3898198964-4119851206-3053) -> sr friend2 (S-1-5-21-3588677525-3898198964-4119851206-3055) -> friend2 cv (S-1-5-21-3588677525-3898198964-4119851206-3057) -> cv ts (S-1-5-21-3588677525-3898198964-4119851206-3059) -> ts om (S-1-5-21-3588677525-3898198964-4119851206-3065) -> om mg (S-1-5-21-3588677525-3898198964-4119851206-3067) -> mg dw (S-1-5-21-2486266552-4179740748-4022069874-3069) -> dw vm (S-1-5-21-3588677525-3898198964-4119851206-3071) -> vm GF (S-1-5-21-2486266552-4179740748-4022069874-3027) -> jb Berater (S-1-5-21-2486266552-4179740748-4022069874-3029) -> Berater Team1 (S-1-5-21-2486266552-4179740748-4022069874-3031) -> Team1 Team2 (S-1-5-21-2486266552-4179740748-4022069874-3033) -> Team2 Team3 (S-1-5-21-2486266552-4179740748-4022069874-3035) -> Team3 Officemanagement (S-1-5-21-2486266552-4179740748-4022069874-3037) -> Officemanagement vw (S-1-5-21-2486266552-4179740748-4022069874-3039) -> vw jo (S-1-5-21-2486266552-4179740748-4022069874-3041) -> jo Regards Karsten > Try your: nt acl support = Yes > IN nt acl support = NO > > --- > EDV Daniel Müller > > Leitung EDV > Tropenklinik Paul-Lechler-Krankenhaus > Paul-Lechler-Str. 24 > 72076 Tübingen > > Tel.: 07071/206-463, Fax: 07071/206-499 > eMail: muel...@tropenklinik.de > Internet: www.tropenklinik.de > --- > > -Ursprüngliche Nachricht- > Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im > Auftrag von Karsten Hoffmann > Gesendet: Dienstag, 24. August 2010 14:16 > An: samba > Betreff: [Samba] Word/Excel documents cannot be saved after Samba Upgrade > > Hi, > > after upgrading Samba 3.0.24 to Samba 3.5.4 a strange problem occurs: > > Users cannot anymore save files in MS Office (Word/Excel) on Samba > shares. More precisely: > Save as Office 2007 documents or RTF-Files works fine, but *.doc ist > avoided with Error Message "Not enough memory". > Of course there are lots of memory/space and ACL/Permissions should be > ok since other file operations are working as expected. > > I found some posts reporting this problem before, but nothing really > solved the issue. > > As I understand that this problem is well known, and should be solved. > I would appreciate any hint. > > testparam -vvv > [global] > dos charset = CP850 > unix charset = UTF-8 > display charset = LOCALE > workgroup = WORKGROUP > realm = > netbios name = FILESERVER > netbios aliases = > netbios scope = > server string = %h (Samba %v) > interfaces = > bind interfaces only = Yes > security = USER > auth methods = > encrypt passwords = Yes > update encrypted = No > client schannel = Auto > server schannel = Auto > allow trusted domains = Yes > map to guest = Never > null passwords = No > obey pam restrictions = Yes > password server = * > smb passwd file = /etc/samba/smbpasswd > private dir = /etc/samba > passdb backend = ldapsam > algorithmic rid base = 1000 > root directory = > guest account = nobody > enable privileges = Yes > pam password change = No > passwd program = /usr/bin/passwd
Re: [Samba] samba 4 questions (status, roaming profiles, etc)
Make profiles ready in windows7: In your smb.conf: [profiles] path= /yourprofilepath/profiles read only= no mkdir /yourprofilepath/profiles On your windows client start Active Directory Users and Comupters. Right click,properties, then profil tab: Profile path: Yourpathtothe profiles along with %Username% EX: \\mydomain\profiles\%USERNAME% --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Aaron Solochek Gesendet: Dienstag, 24. August 2010 15:58 An: samba@lists.samba.org Betreff: [Samba] samba 4 questions (status, roaming profiles, etc) I'm testing samba 4 (pulling from git) on my ubuntu 10.4 box and have a bunch of questions I can't seem to find answers for on the web. 1) There is some problem with my roaming profile such that windows complains and logs me in using my most recently saved profile. I've tried moving my profile on the server out of the way, but windows doesn't seem to recreate it. How do I make it recreate a roaming profile? The client is windows 7. 2) My AD domain is FOO.COM, but the actual domain internally is bar.foo.com. I ran into some issues with this, this biggest of which was that clients would try to pull their group policy from //FOO.COM/sysvol/foo.com/... which meant that the server needed to be exposed externally. I solved this by having foo.com resolve to the local IP internally, but I was wondering if there is some more elegant way to tell clients that the controller for FOO.COM is for these purposes. Also, am I going to run into other pain by having a flat AD domain scheme? Creating a BAR.FOO.COM domain seems like it would be a pain at this point. 3) What is the status of printing in samba4? The most recent thing I could find online was from 2005 and said it wasn't implemented yet. All our printers are IP printers, and my goal is to have them automatically added to machines via group policy. 4) What's the deal with the Users and Computers sections of group policy objects? If I already have my users and computers separated into People and Machines groups in active directory, and have two group policy objects People_GP and Machines_GP applied to their respective groups, will settings in the Users section of Machines_GP apply to any user that logs in to a machine in the Machines group? 5) Where can I find all the smb.conf options that are actually valid for samba4? 6) I can't seem to edit the unix attributes for users in AD. I'd really like to be able to pull account information down via ldap on unix machines. Is this possible? Ok, I think that's enough for now. I really appreciate any help people can offer. Thanks. -Aaron -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] HOWTO samba4 centos5.5 named dnsupdate drbd simple failover
centOs5.5/samba4/named here is a short guide setting it up to work.
This Version is with some minor adds about profiles.
First of all do not install the bind package coming with centos 5.5!!
Install needs for samba
yum install libacl* gnutls* readline* python* gdb* autoconf*
Named installation:
Here is a description on what to do:
http://jason.roysdon.net/2009/10/16/building-bind-9-6-on-rhel5-centos5-for-d
nssec-nsec3-support/
The steps,
yum -y install make gcc rpm-build libtool autoconf openssl-devel libcap-devel
libidn-devel libxml2-devel openldap-devel postgresql-devel sqlite-devel
mysql-devel krb5-devel xmlto
For named to compile correctly you need this 2 packages too:
yum -y install curl*
download.fedora.redhat.com/pub/fedora/epel/5/i386/python-dns-1.7.1-1.el5.noa
rch.rpm
cd /usr/src/redhat/SRPMS
wget -c
ftp://mirrors.kernel.org/pub/fedora/updates/11/SRPMS/bind-9.6.*.src.rpm
wget -c
ftp://mirrors.kernel.org/pub/fedora/updates/11/SRPMS/dnssec-conf-*.src.rpm
cd /usr/src/redhat/SRPMS
wget -c
ftp://mirrors.kernel.org/pub/fedora/updates/12/SRPMS/bind-9.6.*.src.rpm
wget -c
ftp://mirrors.kernel.org/pub/fedora/releases/12/Fedora/source/SRPMS/dnssec-c
onf-*.src.rpm
rpm -ivh --nomd5 bind-9.6.*.src.rpm dnssec-conf-*.src.rpm
cd /usr/src/redhat/SPECS
rpmbuild -ba ./bind.spec
The built bind RPM is now in /usr/src/redhat/RPMS/i386/ or
/usr/src/redhat/RPMS/x86_64/ depending on your Arch.
rpmbuild --ba ./dnssec-conf.spec
The built dnssec-conf RPM is now in /usr/src/redhat/RPMS/noarch/
cd /usr/src/redhat/RPMS/*86*
rpm -Uvh bind-9.6.*.rpm bind-utils-9.6.*.rpm bind-libs-9.6.*.rpm
../noarch/dnssec-conf-1.21-*.noarch.rpm
Now bind is installed Config-File in /etc/named.conf I disabled in options:
//dnssec-enable yes;
//dnssec-validation yes;
//dnssec-lookaside . trust-anchor dlv.isc.org.;
To make bind work you have to add user named to the group named.
Set the rights to make named work correctly
chmod 770 /etc/named.conf
chmod 770 /etc/named.rfc1912.zones
chown root:named /etc/named.conf
chown named:named /etc/named.rfc1912.zones
chmod -R 770 /var/named
chown -R named:named /var/named
chown named:named /etc/rndc.key
chown named:named /var/run/named/
Now download and install samba:
url: http://wiki.samba.org/index.php/Samba4/HOWTO
mkdir samba4
cd samba4
rsync -avz samba.org::ftp/unpacked/samba_4_0_test/ .
cd /source4
./autogen.sh
./configure.devloper
make
make install
Samba4 is now installed in /usr/local/samba
Provision it:
Cd /samba4/source4
./setup/provision --realm=samdom.example.com --domain=SAMDOM
--adminpass=SOMEPASSWORD --server-role='domain controller'
In my case:
./setup/provision --realm=tuebingen.tst.loc
--domain=TUEBINGEN--adminpass=SOMEPASSWORD --server-role='domain controller'
Now you nedd to add the PATH to roots .bash_profile in /root
--> PATH=$PATH:$HOME/bin:/usr/local/samba/bin:/usr/local/samba/sbin
ldconfig
which samba must answer: /usr/local/samba/sbin/samba
Now you must set the lib paths:
echo "/usr/local/samba/lib" > /etc/ld.so.conf.d/samba4.conf
The next things to do( named should have read and write) :
Cd /usr/local/samba/private
Chown named:named krb5.conf
Chown -R named:named /usr/local/samba/private/dns
Chown named:named named.conf
Chown named:named named.conf.update
Chown named:named dns.keytab
Cp krb5.conf /etc # this will overwrite the org. krb5.conf
cd /etc/sysconfig
Vi named There add a line at the bootom:
KEYTAB_FILE="/usr/local/samba/private/dns.keytab"
export KEYTAB_FILE
Now you must update your /etc/named.conf , Be sure to have em listen on a IP
not only 127.0.0.1:
Here is mine
options {
listen-on port 53 { 127.0.0.1;192.168.134.27; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost;allyoursubnetshere; };
recursion yes;
forwarders { 192.168.134.253; };##put here your first dns if you have };
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/usr/local/samba/private/named.conf";samba4 link include
"/etc/named.rfc1912.zones";
In your /etc/resolv.conf you have one single entry: → nameserver localhost
Now you have to put in your globals /usr/local/smba/etc/smb.conf
Interfaces=eth0 # or Ipaddress
Now samba -I -M single
And you are done!!!
Samba_dnsupdate --verbose will give you:
[r...@node1 etc]# samba_dnsupdate --verbose Looking for DNS entry A
tuebingen.tst.loc 192.168.134.27 as tuebingen.tst.loc.
Looking for DNS entry A node1.tuebingen.tst.loc 192.168.134.27 as
node1.tuebingen.tst.loc.
Looking for DNS entry CNAME
365d2a9f-bfe6-462d-965e-8622bfefc190._msdcs.tuebingen.tst.loc
node1.tuebingen.tst.loc as
365d2a9f-bf
[Samba] samba 4 questions (status, roaming profiles, etc)
I'm testing samba 4 (pulling from git) on my ubuntu 10.4 box and have a bunch of questions I can't seem to find answers for on the web. 1) There is some problem with my roaming profile such that windows complains and logs me in using my most recently saved profile. I've tried moving my profile on the server out of the way, but windows doesn't seem to recreate it. How do I make it recreate a roaming profile? The client is windows 7. 2) My AD domain is FOO.COM, but the actual domain internally is bar.foo.com. I ran into some issues with this, this biggest of which was that clients would try to pull their group policy from //FOO.COM/sysvol/foo.com/... which meant that the server needed to be exposed externally. I solved this by having foo.com resolve to the local IP internally, but I was wondering if there is some more elegant way to tell clients that the controller for FOO.COM is for these purposes. Also, am I going to run into other pain by having a flat AD domain scheme? Creating a BAR.FOO.COM domain seems like it would be a pain at this point. 3) What is the status of printing in samba4? The most recent thing I could find online was from 2005 and said it wasn't implemented yet. All our printers are IP printers, and my goal is to have them automatically added to machines via group policy. 4) What's the deal with the Users and Computers sections of group policy objects? If I already have my users and computers separated into People and Machines groups in active directory, and have two group policy objects People_GP and Machines_GP applied to their respective groups, will settings in the Users section of Machines_GP apply to any user that logs in to a machine in the Machines group? 5) Where can I find all the smb.conf options that are actually valid for samba4? 6) I can't seem to edit the unix attributes for users in AD. I'd really like to be able to pull account information down via ldap on unix machines. Is this possible? Ok, I think that's enough for now. I really appreciate any help people can offer. Thanks. -Aaron -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Disk full message with non full disk
On 08/24/2010 05:36 AM, rpere...@lavabit.com wrote: > Hello > > I'm having some disk full messages in several windows xp clients.The disk > have a lot space free. > > I'm using Centos 5.5 with the samba centos official package. > > samba-3.0.33-3.29 > > Maybe a samba bug ? Any advice ? > > Thanks a lot for any help > > regards > > roberto I saw this with one account with Samba 4 recently from a Vista machine. My problem was that there were problems syncing the profile for that user (network problems from resume after sleep w/ one mother board). After a few of those in a row I started seeing that message. I looked at the event logs on the windows machine, found out what files were the problem, erased them on client and server. The problem went completely away. Hope this helps. Trever -- "All our dreams can come true - if we have the courage to pursue them" -- Walt Disney signature.asc Description: OpenPGP digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] id mapping
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have been the most happy with the hash idmap. It really is the least invasive and "just works" (does that need to be trademarked these days?). Since it hashes the SID with the same algorithm, all members get the same UID/GID mappings, which is a big win. Robert On 08/23/2010 05:21 PM, Greg Dickie wrote: > Hi, > > Today I'm trying to debug a problem on samba 3.5.4 where a domain > member server is having trouble mapping UIDs to SIDs. I must admit I > never really looked at this before as everything seemed to "just work". > Today I discovered that idmap backend on the PDC and the member server > were both defaulted to tdb. This means they have independent views of > UID to SID mappings I guess. That sucks. So I'm looking at the ldap > backend but I notice that it uses a special ou in the LDAP tree to store > mappings. Why do we need that if the sambaSamAccount schema also has > SIDs and UIDs for each user. Also, how is that tree populated? > > Looking at my PDC it seems to just pull everything out of gencache.tdb > or say that no mapping exists. Doing a tdbdump of winbind_idmap.tdb > shows only a few entries. This seems to be more complicated than I > expected. I'm sorry if this is a silly question but what am I doing > wrong? > > Thanks a lot, > Greg > > - -- Robert Freeman-Day https://launchpad.net/~presgas GPG Public Key: http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0xBA9DF9ED3E4C7D36 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkxzxMMACgkQup357T5MfTY0VACfSGOY2vXg05lUplINAeqxr42s iR0AnA3P/DdGApB0+WIJZTzNN99qiv/z =ddTf -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Word/Excel documents cannot be saved after Samba Upgrade
Try your: nt acl support = Yes IN nt acl support = NO --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Karsten Hoffmann Gesendet: Dienstag, 24. August 2010 14:16 An: samba Betreff: [Samba] Word/Excel documents cannot be saved after Samba Upgrade Hi, after upgrading Samba 3.0.24 to Samba 3.5.4 a strange problem occurs: Users cannot anymore save files in MS Office (Word/Excel) on Samba shares. More precisely: Save as Office 2007 documents or RTF-Files works fine, but *.doc ist avoided with Error Message "Not enough memory". Of course there are lots of memory/space and ACL/Permissions should be ok since other file operations are working as expected. I found some posts reporting this problem before, but nothing really solved the issue. As I understand that this problem is well known, and should be solved. I would appreciate any hint. testparam -vvv [global] dos charset = CP850 unix charset = UTF-8 display charset = LOCALE workgroup = WORKGROUP realm = netbios name = FILESERVER netbios aliases = netbios scope = server string = %h (Samba %v) interfaces = bind interfaces only = Yes security = USER auth methods = encrypt passwords = Yes update encrypted = No client schannel = Auto server schannel = Auto allow trusted domains = Yes map to guest = Never null passwords = No obey pam restrictions = Yes password server = * smb passwd file = /etc/samba/smbpasswd private dir = /etc/samba passdb backend = ldapsam algorithmic rid base = 1000 root directory = guest account = nobody enable privileges = Yes pam password change = No passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX \spassword:* %n\n *password\supdated\ssuccessfully* . passwd chat debug = No passwd chat timeout = 2 check password script = username map = password level = 0 username level = 0 unix password sync = No restrict anonymous = 0 lanman auth = No ntlm auth = Yes client NTLMv2 auth = No client lanman auth = No client plaintext auth = No preload modules = dedicated keytab file = kerberos method = default map untrusted to domain = No log level = 3 syslog = 0 syslog only = No log file = /var/log/samba/log.%m max log size = 1000 debug timestamp = Yes debug prefix timestamp = No debug hires timestamp = Yes debug pid = No debug uid = No debug class = No enable core files = Yes smb ports = 445 139 large readwrite = Yes max protocol = NT1 min protocol = CORE min receivefile size = 0 read raw = Yes write raw = Yes disable netbios = No reset on zero vc = No acl compatibility = auto defer sharing violations = Yes nt pipe support = Yes nt status support = Yes announce version = 4.9 announce as = NT max mux = 50 max xmit = 16644 name resolve order = lmhosts wins host bcast max ttl = 259200 max wins ttl = 518400 min wins ttl = 21600 time server = No unix extensions = Yes use spnego = Yes client signing = auto server signing = No client use spnego = Yes client ldap sasl wrapping = plain enable asu support = No svcctl list = deadtime = 0 getwd cache = Yes keepalive = 300 lpq cache time = 30 max smbd processes = 0 paranoid server security = Yes max disk size = 0 max open files = 16384 socket options = TCP_NODELAY use mmap = Yes hostname lookups = No name cache timeout = 660 ctdbd socket = cluster addresses = clustering = No ctdb timeout = 0 load printers = Yes printcap cache time = 750 printcap name = cups server = cups encrypt = No cups connection timeout = 30 iprint server = disable spoolss = No addport command = enumports command = addprinter command = deleteprinter command = show add printer wizard = Yes os2 driver map = mangling method = hash2 mangle prefix = 1 max stat cache size = 256 stat cache = Yes machine password timeout = 604800 add user script = rename user script = delete user script = add group script = delete group script = add user to group script = delete user from group script = set primary group script = add machine script = /usr/sbin/smbldap-useradd -w "%u" shutdown script = abort shutdown script = username map script = logon script = logon.cmd logon path = \\%L\profiles\%U logon drive = logon home = \\%N\%U domain logons = Yes init logon delayed hosts = init logon delay = 100 os level = 20 lm announce = Auto lm interval = 60 preferred master = No local master = Yes domain master = Auto browse list = Yes enhanced browsing = Yes dns proxy = No wins proxy = No wins server = wins support = Yes wins hook = kernel oplocks = Yes lock spin time = 200 oplock break wait time = 0 ldap admin dn = "cn=admin,dc=menyesch,dc=de" ldap delete dn = No ldap group suffix = ou=Groups ldap idmap suf
[Samba] Word/Excel documents cannot be saved after Samba Upgrade
Hi, after upgrading Samba 3.0.24 to Samba 3.5.4 a strange problem occurs: Users cannot anymore save files in MS Office (Word/Excel) on Samba shares. More precisely: Save as Office 2007 documents or RTF-Files works fine, but *.doc ist avoided with Error Message "Not enough memory". Of course there are lots of memory/space and ACL/Permissions should be ok since other file operations are working as expected. I found some posts reporting this problem before, but nothing really solved the issue. As I understand that this problem is well known, and should be solved. I would appreciate any hint. testparam -vvv [global] dos charset = CP850 unix charset = UTF-8 display charset = LOCALE workgroup = WORKGROUP realm = netbios name = FILESERVER netbios aliases = netbios scope = server string = %h (Samba %v) interfaces = bind interfaces only = Yes security = USER auth methods = encrypt passwords = Yes update encrypted = No client schannel = Auto server schannel = Auto allow trusted domains = Yes map to guest = Never null passwords = No obey pam restrictions = Yes password server = * smb passwd file = /etc/samba/smbpasswd private dir = /etc/samba passdb backend = ldapsam algorithmic rid base = 1000 root directory = guest account = nobody enable privileges = Yes pam password change = No passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX \spassword:* %n\n *password\supdated\ssuccessfully* . passwd chat debug = No passwd chat timeout = 2 check password script = username map = password level = 0 username level = 0 unix password sync = No restrict anonymous = 0 lanman auth = No ntlm auth = Yes client NTLMv2 auth = No client lanman auth = No client plaintext auth = No preload modules = dedicated keytab file = kerberos method = default map untrusted to domain = No log level = 3 syslog = 0 syslog only = No log file = /var/log/samba/log.%m max log size = 1000 debug timestamp = Yes debug prefix timestamp = No debug hires timestamp = Yes debug pid = No debug uid = No debug class = No enable core files = Yes smb ports = 445 139 large readwrite = Yes max protocol = NT1 min protocol = CORE min receivefile size = 0 read raw = Yes write raw = Yes disable netbios = No reset on zero vc = No acl compatibility = auto defer sharing violations = Yes nt pipe support = Yes nt status support = Yes announce version = 4.9 announce as = NT max mux = 50 max xmit = 16644 name resolve order = lmhosts wins host bcast max ttl = 259200 max wins ttl = 518400 min wins ttl = 21600 time server = No unix extensions = Yes use spnego = Yes client signing = auto server signing = No client use spnego = Yes client ldap sasl wrapping = plain enable asu support = No svcctl list = deadtime = 0 getwd cache = Yes keepalive = 300 lpq cache time = 30 max smbd processes = 0 paranoid server security = Yes max disk size = 0 max open files = 16384 socket options = TCP_NODELAY use mmap = Yes hostname lookups = No name cache timeout = 660 ctdbd socket = cluster addresses = clustering = No ctdb timeout = 0 load printers = Yes printcap cache time = 750 printcap name = cups server = cups encrypt = No cups connection timeout = 30 iprint server = disable spoolss = No addport command = enumports command = addprinter command = deleteprinter command = show add printer wizard = Yes os2 driver map = mangling method = hash2 mangle prefix = 1 max stat cache size = 256 stat cache = Yes machine password timeout = 604800 add user script = rename user script = delete user script = add group script = delete group script = add user to group script = delete user from group script = set primary group script = add machine script = /usr/sbin/smbldap-useradd -w "%u" shutdown script = abort shutdown script = username map script = logon script = logon.cmd logon path = \\%L\profiles\%U logon drive = logon home = \\%N\%U domain logons = Yes init logon delayed hosts = init logon delay = 100 os level = 20 lm announce = Auto lm interval = 60 preferred master = No local master = Yes domain master = Auto browse list = Yes enhanced browsing = Yes dns proxy = No wins proxy = No wins server = wins support = Yes wins hook = kernel oplocks = Yes lock spin time = 200 oplock break wait time = 0 ldap admin dn = "cn=admin,dc=menyesch,dc=de" ldap delete dn = No ldap group suffix = ou=Groups ldap idmap suffix = ldap machine suffix = ou=Computers ldap passwd sync = no ldap replication sleep = 1000 ldap suffix = dc=menyesch,dc=de ldap ssl = no ldap ssl ads = No ldap deref = auto ldap follow referral = Auto ldap timeout = 15 ldap connection timeout = 2 ldap page size = 1024 ldap user suffix = ou=People ldap debug level = 0 ldap debug threshold = 10 eventlog list = add share command = change share command = delete share command = preload = lock directory = /var/lib/samba state directory = /var/lib/samba cache directory = /var/lib/samba pid directory = /var/run/samba utmp directory = wtmp directory = utmp = No defaul
[Samba] Disk full message with non full disk
Hello I'm having some disk full messages in several windows xp clients.The disk have a lot space free. I'm using Centos 5.5 with the samba centos official package. samba-3.0.33-3.29 Maybe a samba bug ? Any advice ? Thanks a lot for any help regards roberto This is my smb.conf #=== Global Settings = [global] # --- Network Related Options - # # workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH # # server string is the equivalent of the NT Description field # # netbios name can be used to specify a server name not tied to the hostname # # Interfaces lets you configure Samba to use multiple interfaces # If you have multiple network interfaces then you can list the ones # you want to listen on (never omit localhost) # # Hosts Allow/Hosts Deny lets you restrict who can connect, and you can # specifiy it as a per share option as well # workgroup = workgroup server string = Samba Server Version %v netbios name = server2 ; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24 ; hosts allow = 127. 192.168.12. 192.168.13. # --- Logging Options - # # Log File let you specify where to put logs and how to split them up. # # Max Log Size let you specify the max size log files should reach # logs split per machine ; log file = /var/log/samba/%m.log # max 50KB per log file, then rotate ; max log size = 50 # --- Standalone Server Options # # Security can be set to user, share(deprecated) or server(deprecated) # # Backend to store user information in. New installations should # use either tdbsam or ldapsam. smbpasswd is available for backwards # compatibility. tdbsam requires no further configuration. security = user passdb backend = tdbsam # --- Domain Members Options # # Security must be set to domain or ads # # Use the realm option only with security = ads # Specifies the Active Directory realm the host is part of # # Backend to store user information in. New installations should # use either tdbsam or ldapsam. smbpasswd is available for backwards # compatibility. tdbsam requires no further configuration. # # Use password server option only with security = server or if you can't # use the DNS to locate Domain Controllers # The argument list may include: # password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name] # or to auto-locate the domain controller/s # password server = * ; security = domain ; passdb backend = tdbsam ; realm = MY_REALM ; password server = # --- Domain Controller Options # # Security must be set to user for domain controllers # # Backend to store user information in. New installations should # use either tdbsam or ldapsam. smbpasswd is available for backwards # compatibility. tdbsam requires no further configuration. # # Domain Master specifies Samba to be the Domain Master Browser. This # allows Samba to collate browse lists between subnets. Don't use this # if you already have a Windows NT domain controller doing this job # # Domain Logons let Samba be a domain logon server for Windows workstations. # # Logon Scrpit let yuou specify a script to be run at login time on the client # You need to provide it in a share called NETLOGON # # Logon Path let you specify where user profiles are stored (UNC path) # # Various scripts can be used on a domain controller or stand-alone # machine to add or delete corresponding unix accounts # ; security = user ; passdb backend = tdbsam ; domain master = yes ; domain logons = yes # the login script name depends on the machine name ; logon script = %m.bat # the login script name depends on the unix user used ; logon script = %u.bat ; logon path = \\%L\Profiles\%u # disables profiles support by specifing an empty path ; logon path = ; add user script = /usr/sbin/useradd "%u" -n -g users ; add group script = /usr/sbin/groupadd "%g" ; add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /n ohome -s /bin/false "%u" ; delete user script = /usr/sbin/userdel "%u" ; delete user from group script = /usr/sbin/userdel "%u" "%g" ; delete group script = /usr/sbin/groupdel "%g" # --- Browser Control Options # # set local master to no if you don't want Samba to become a master # browser on your network. Otherwise the normal election rules apply # # OS Level determines the precedence of this server in master browser # elections. The default value should be reasonable # # Preferred Master causes Samba to force a local browser election on startup # and gives it a slightly higher chan
[Samba] Disk full message with non full disk
Hello I'm having some disk full messages in several windows xp clients.The disk have a lot space free. I'm using Centos 5.5 with the samba centos official package. samba-3.0.33-3.29 Maybe a samba bug ? Any advice ? Thanks a lot for any help regards roberto This is my smb.conf #=== Global Settings = [global] # --- Network Related Options - # # workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH # # server string is the equivalent of the NT Description field # # netbios name can be used to specify a server name not tied to the hostname # # Interfaces lets you configure Samba to use multiple interfaces # If you have multiple network interfaces then you can list the ones # you want to listen on (never omit localhost) # # Hosts Allow/Hosts Deny lets you restrict who can connect, and you can # specifiy it as a per share option as well # workgroup = workgroup server string = Samba Server Version %v netbios name = server2 ; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24 ; hosts allow = 127. 192.168.12. 192.168.13. # --- Logging Options - # # Log File let you specify where to put logs and how to split them up. # # Max Log Size let you specify the max size log files should reach # logs split per machine ; log file = /var/log/samba/%m.log # max 50KB per log file, then rotate ; max log size = 50 # --- Standalone Server Options # # Security can be set to user, share(deprecated) or server(deprecated) # # Backend to store user information in. New installations should # use either tdbsam or ldapsam. smbpasswd is available for backwards # compatibility. tdbsam requires no further configuration. security = user passdb backend = tdbsam # --- Domain Members Options # # Security must be set to domain or ads # # Use the realm option only with security = ads # Specifies the Active Directory realm the host is part of # # Backend to store user information in. New installations should # use either tdbsam or ldapsam. smbpasswd is available for backwards # compatibility. tdbsam requires no further configuration. # # Use password server option only with security = server or if you can't # use the DNS to locate Domain Controllers # The argument list may include: # password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name] # or to auto-locate the domain controller/s # password server = * ; security = domain ; passdb backend = tdbsam ; realm = MY_REALM ; password server = # --- Domain Controller Options # # Security must be set to user for domain controllers # # Backend to store user information in. New installations should # use either tdbsam or ldapsam. smbpasswd is available for backwards # compatibility. tdbsam requires no further configuration. # # Domain Master specifies Samba to be the Domain Master Browser. This # allows Samba to collate browse lists between subnets. Don't use this # if you already have a Windows NT domain controller doing this job # # Domain Logons let Samba be a domain logon server for Windows workstations. # # Logon Scrpit let yuou specify a script to be run at login time on the client # You need to provide it in a share called NETLOGON # # Logon Path let you specify where user profiles are stored (UNC path) # # Various scripts can be used on a domain controller or stand-alone # machine to add or delete corresponding unix accounts # ; security = user ; passdb backend = tdbsam ; domain master = yes ; domain logons = yes # the login script name depends on the machine name ; logon script = %m.bat # the login script name depends on the unix user used ; logon script = %u.bat ; logon path = \\%L\Profiles\%u # disables profiles support by specifing an empty path ; logon path = ; add user script = /usr/sbin/useradd "%u" -n -g users ; add group script = /usr/sbin/groupadd "%g" ; add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /n ohome -s /bin/false "%u" ; delete user script = /usr/sbin/userdel "%u" ; delete user from group script = /usr/sbin/userdel "%u" "%g" ; delete group script = /usr/sbin/groupdel "%g" # --- Browser Control Options # # set local master to no if you don't want Samba to become a master # browser on your network. Otherwise the normal election rules apply # # OS Level determines the precedence of this server in master browser # elections. The default value should be reasonable # # Preferred Master causes Samba to force a local browser election on startup # and gives it a slightly higher chance of
Re: [Samba] Domain admin privileges: a strange bug in Samba?
This raises the following question: With the privileges system in place, isn't the use of the "username map = /etc/samba/smbusers" somewhat of a historical relic? Perhaps the "username map" default should be changed to "no value". It could then be used if needed by some users but the current default wouldn't upset the normal operation of other, more needed functions. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Domain admin privileges: a strange bug in Samba?
I was in the process of setting up a new Samba 3.5.4 PDC with LDAP backend, over CentOS 5.5, when I came across a very strange behavior. After executing the smbladp-populate script, I was trying to grant the needed privileges to the group "Domain Admins" in order no to use "root" to manage the Windows domain. After successfully granting rights to the "Admin" user, there was no way to make this user benefit from them. Even the command "net rpc rights list", if executed by -U Admin, always failed with the following result: net rpc rights list Admin -U Admin Enter Admin's password: (I enter "Admin's password here") Receiving SMB: Server stopped responding Could not connect to server 127.0.0.1 Connection failed: NT_STATUS_END_OF_FILE This was followed by a smb core dump. The log then presents the following: [2010/08/24 11:27:00.143535, 0] lib/fault.c:46(fault_report) === [2010/08/24 11:27:00.143824, 0] lib/fault.c:47(fault_report) INTERNAL ERROR: Signal 11 in pid 19667 (3.5.4) Please read the Trouble-Shooting section of the Samba3-HOWTO [2010/08/24 11:27:00.143927, 0] lib/fault.c:49(fault_report) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2010/08/24 11:27:00.144021, 0] lib/fault.c:50(fault_report) === [2010/08/24 11:27:00.144100, 0] lib/util.c:1465(smb_panic) PANIC (pid 19667): internal error [2010/08/24 11:27:00.151658, 0] lib/util.c:1569(log_stack_trace) BACKTRACE: 26 stack frames: #0 smbd(log_stack_trace+0x1a) [0x2ae9fd7622c5] #1 smbd(smb_panic+0x55) [0x2ae9fd7623c9] #2 smbd [0x2ae9fd753101] #3 /lib64/libc.so.6 [0x2aea005cf2d0] #4 smbd(sid_compare+0x22) [0x2ae9fd75db54] #5 smbd(add_sid_to_array_unique+0x39) [0x2ae9fd75e189] #6 smbd(create_token_from_username+0xd37) [0x2ae9fd7b1eeb] #7 smbd(create_local_token+0x4e) [0x2ae9fd7b231e] #8 smbd [0x2ae9fd7b550d] #9 smbd [0x2ae9fd5b8097] #10 smbd(ntlmssp_update+0x270) [0x2ae9fd5b7c86] #11 smbd(auth_ntlmssp_update+0x17) [0x2ae9fd7b5215] #12 smbd [0x2ae9fd52be5e] #13 smbd(reply_sesssetup_and_X+0x191) [0x2ae9fd52c18f] #14 smbd [0x2ae9fd560eb1] #15 smbd [0x2ae9fd563b4e] #16 smbd [0x2ae9fd564341] #17 smbd(run_events+0x1d6) [0x2ae9fd7711f8] #18 smbd(smbd_process+0x97c) [0x2ae9fd56337d] #19 smbd [0x2ae9fda6f4ca] #20 smbd(run_events+0x1d6) [0x2ae9fd7711f8] #21 smbd [0x2ae9fd771467] #22 smbd(_tevent_loop_once+0x84) [0x2ae9fd7717e9] #23 smbd(main+0xf83) [0x2ae9fda6f1ff] #24 /lib64/libc.so.6(__libc_start_main+0xf4) [0x2aea005bc994] #25 smbd [0x2ae9fd4ea5a9] [2010/08/24 11:27:00.159996, 0] lib/fault.c:326(dump_core) dumping core in /var/log/samba/cores/smbd Only "root" could obtain a successful answer, even if I gave "Admin" the same password that "root" has. After many efforts I was stuck. I even downgraded to Samba 3.4.8 with the same result. I then raised the log level to 2. Suddenly, the results came: SeMachineAccountPrivilege SeTakeOwnershipPrivilege SeBackupPrivilege SeRestorePrivilege SeRemoteShutdownPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege I consulted the Samba logs and noticed the following: [2010/08/24 11:00:23.397276, 2] auth/auth.c:304(check_ntlm_password) check_ntlm_password: authentication for user [Admin] -> [root] -> [root] succeeded [2010/08/24 11:00:23.397973, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: root So, user Admin was being mapped to root, and this only worked if Admin had the same password as "root", as expected. Since "username map = /etc/samba/smbusers" is the Samba default, I commented all the lines in /etc/samba/smbusers. Now, the correct behavior was restored. What is most strange here is that *the success of the connection depends on the log level being 2 or higher*. Everything less causes the connection to fail with the result: Receiving SMB: Server stopped responding Could not connect to server 127.0.0.1 Connection failed: NT_STATUS_END_OF_FILE With all the lines commented out in /etc/samba/smbusers, privileges work as expected. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to filter files using roaming profiles
Hi If i make a crontab not affects when user will access to their profile everyday? Thanks 2010/8/23 erik bergsma > prf*.tmp files are created by a lot of programs outlook, virtualbox > etc... > > by description (http://support.microsoft.com/kb/328607) they see pretty > important, but with my personal experience they are not so > > i think the easiest way is to set up a crontab that deletes the prf*.tmp > files over night > > 2010/8/22 marcos gonzalez > > Hi David >> >> Really this problem only pass with files created by thunderbird. This >> program creates a .tmp files during syncronization with imap accounts and >> generates most biggest files. I can't filter this folder and Im not >> interested to make this user by user, y prefer to make this for all samba >> users. >> >> Do you know any good link explaining how to create policie filters in XP? >> >> And finally the tmp folder is not sync. >> >> Thanks :-) >> >> 2010/8/22 David Gonzalez >> >> > Hola Marcos, >> > >> > I don't know how gurus here will do it, but I'd suggest you go ahead and >> > create some policy or use the built it windows feature to avoid/permit >> sync >> > of certain files >> > >> > You copuld also tweak registry keys, or do as I did with my users, I >> > created a "Default User" using redegit and loading the NTDUSER.DAT hive >> and >> > deciding which directories should the system keep in sync. >> > >> > One other problem I see there is that if your clients are XP/2K/7 that >> > nasty %USERPROFILE%\AppData\local\TEMP directory is sneaking up on your >> sync >> > proccess, and it tends to grow quite large, so one other suggestion is >> to go >> > ahead and change TEMP and TMP enviroment variables, be it from My >> Computer > >> > Properties > Advanced > Enviroment Variables >> > and take that directory to some other place like D:\ or C:\, depends on >> > yopur setup. >> > >> > That's my ywo cents on this, so hope this helps. >> > >> > --- >> > David Gonzalez H. >> > DGHVoIP - OPEN SOURCE TELEPHONY SOLUTIONS >> > Phone Bogotá: +(57-1)289-1168 >> > Phone Medellin: +(57-4)247-0985 >> > Mobile: +(57)315-838-8326 >> > MSN: da...@planetaradio.net >> > Skype: davidgonzalezh >> > WEB: http://www.dghvoip.com/ >> > Proud Linux User #294661 >> > >> > >> > On Sun, Aug 22, 2010 at 12:37 PM, marcos gonzalez < >> > marcos.gonzalez.c...@gmail.com> wrote: >> > >> >> Hello list >> >> >> >> I'm a system administrator implementing a samba server for mi work. One >> of >> >> the most important things is how to use roaming profiles, and I'm >> viewing >> >> that in the synchronisation there are more bad type archives that >> produces >> >> and excessive use of disc memory. It's possible to filter that .tmp >> files >> >> not synchronise? >> >> >> >> these are my rules inside smb.conf: >> >> >> >> logon path = \\%N\profiles\%U >> >> logon drive = >> >> logon home = >> >> logon script = >> >> >> >> Thanks && Best Regards >> >> -- >> >> To unsubscribe from this list go to the following URL and read the >> >> instructions: https://lists.samba.org/mailman/options/samba >> >> >> > >> > >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
