Re: [Samba] name resolution: dns name different to windows machinename
--- Original message --- Subject: Re: [Samba] name resolution: dns name different to windows machinename From: Gaiseric Vandal To: Date: Monday, 20/12/2010 5:15 PM I am not sure how you would have a DNS server assign random names. But if you aren't going to have the correct entries for the XP machine in DNS, then you probably should not have any DNS entries for those machines.XP machines can register their hostnames directly in DNS (if the DNS server supports it.) In general I don't think workstations machines need to be in DNS at all since (unless you have shared folders or printers.) It's certainly easier when a help desk request comes in to ask the user for the machine name label, then try and get the machines IP addy. rdp://acct1 rdp://lab7 rdp://eng21 rdp://admin5 soo But yeah, WinXP and up have no problem doing this. dhcp can be a big help as well. I general DISABLE dynamic updates in DNS and don't have DNS assignments/static IP's for most XP machines. -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Marcus Sent: Monday, December 20, 2010 5:17 AM To: samba@lists.samba.org Subject: [Samba] name resolution: dns name different to windows machine name Hi, we are running a samba domain controller as master with activated WINS. The machine name of each WinXP client is set manually during the installation initial process. Each client is using the WINS server of our domain controller. The WinXP clients are getting their IP by a global DNS Server, which sets the DNS and reverse DNS entry identically to the windos machine name. Now the administrator of the DNS server is planning to change the DNS and reverse DNS concept in the way that the DNS and reverse DNS entry will be not identically to the windows machine name any more. The WinXP clients will get a generic, randomly set DNS/reverse DNS entry. Does this have any effects for functionality of my samba domain controller and/or the WinXP clients? Thanks, Marcus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Ldap Users only?
Your example is a text-book case of why you would use domains. I am not sure why it would be unacceptable- since you already have a samba machine and, from the user POV, the login process is practically the same. The LDAP component is for the samba backend- you would need an LDAP backend for samba if you have more than one domain controller, and you might want to use LDAP backend for samba if you are already using LDAP for other stuff. But since windows domain model is unacceptable, the only other solution I can think of is the use Kerberos.You can configure XP machines to use Kerberos authentication, and then configure your linux server as a Kerberos server. You would have to look on support.microsoft.com for instructions for the XP side of things.Although I am then not sure how you would configure samba to use Kerberos authentication as well. Maybe if you configure plaintext auth in samba so it can use the OS level authentication -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Christ Schlacta Sent: Sunday, December 19, 2010 10:28 PM To: samba@lists.samba.org Subject: Re: [Samba] Ldap Users only? firstly, I'd like to apologize, somehow we ended up off-list. my setup looks like this: Density: Massive file storage rebirth: Media server (most files come from density, but it has a share for local files, too) faithful: backup server (handles backups from density, rebirth, and other systems) smb shares are used for laptops and desktops (a bunch of laptops and desktops): Joining these systems to the domain is inconvenient, awkward, and not going to happen because we have a small family household, and most of them are non-techie. the trick is, each time we change a password on a laptop or desktop, we have to change the corresponding passwords on all the systems. since each user only uses 1-2 laptops and a desktop (my wife and I have a laptop and netbook each), that's simple. Changing the server passwords requires logging into 3 servers over ssh, typing their old and new passwords, then changing their samba passwords. I want to store all the usernames and passwords for the servers in the ldap directory, so that users can update their passwords once. as I stated above, joining the end user systems to a domain is UNACCEPTABLE, and with one of the servers set to be master browser, I can set all of the systems to join the "workgroup" aarcane.info, and all the systems show up on the network view in windows 7 (and windows XP, and linux, and mac also.). All I can find is howtos on using samba as an ldap-backed domain controller. thanks, again, tms3 and everyone else for any help. On 12/19/2010 18:20, t...@tms3.com wrote: > > > > On Sunday 19/12/2010 at 5:54 pm, Christ Schlacta wrote: >> actually, it's because we have a few samba servers here, it's just a >> home, > Honestly, I have a lab/cloud at home. I can't for the life of me even > contemplate running them with out full Samba/LDAP domain mode...well, > I've converted over to Samba4 since August, but it is by far the > easiest way to manage things. >> but different machines use samba for different reasons. as such, >> it's a pain in the butt to have to change passwords on all systems. >> I'm aware that we'd need to have matching unix accounts, and the plan >> is to use 10K+ UIDs for samba users to make logging into the shell a >> simple matter as well. What's bugging me at the moment, is that in >> workgroup mode, it uses the HOSTNAME > HOSTNAME is a NETBios name, and it is based on that whole host of > protocols/services. It has NOTHING to do with DNS names, or machine > names. >> for the domain name.. but there are several different hosts.. can I >> just use the workgroup name and have it work? will it be smart >> enough to say "I'm not in domain mode, so the domain doesn't matter," >> or will I need to add a user for each host, thus mitigating any benefit? > It would perhaps be better if you laid out what you have and are > doing. I'm having a tough time understanding what you are > doing/having issues with. >> >> >> On 12/19/2010 17:37, t...@tms3.com wrote: >> >> >> >> >> On Sunday 19/12/2010 at 5:02 pm, Christ Schlacta wrote: >> >> X-SpamDetect-Info: - Start ASpam results >> --- >> X-SpamDetect-Info: This message may be spam. This message >> BODY has been altered to show you the spam information >> X-SpamDetect: ***: 3.8 sd=3.8 [96]12%-6.0(Accept Orbs) >> [212]87%5.6(!46,60) [129]44%-0.0(from_return_nomatch) >> [27]46%-0.0(X-LangGuess:English) >> X-SpamDetect-Info: - End ASpam results >> - >> >> how to do only users from ldap? >> >> Same way as domain mode...I'm assuming for workstation users to >> have access to smb shares >> >> You don't need to add machines to the domain, thou
Re: [Samba] name resolution: dns name different to windows machine name
I am not sure how you would have a DNS server assign random names. But if you aren't going to have the correct entries for the XP machine in DNS, then you probably should not have any DNS entries for those machines.XP machines can register their hostnames directly in DNS (if the DNS server supports it.) In general I don't think workstations machines need to be in DNS at all since (unless you have shared folders or printers.) I general DISABLE dynamic updates in DNS and don't have DNS assignments/static IP's for most XP machines. -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Marcus Sent: Monday, December 20, 2010 5:17 AM To: samba@lists.samba.org Subject: [Samba] name resolution: dns name different to windows machine name Hi, we are running a samba domain controller as master with activated WINS. The machine name of each WinXP client is set manually during the installation initial process. Each client is using the WINS server of our domain controller. The WinXP clients are getting their IP by a global DNS Server, which sets the DNS and reverse DNS entry identically to the windos machine name. Now the administrator of the DNS server is planning to change the DNS and reverse DNS concept in the way that the DNS and reverse DNS entry will be not identically to the windows machine name any more. The WinXP clients will get a generic, randomly set DNS/reverse DNS entry. Does this have any effects for functionality of my samba domain controller and/or the WinXP clients? Thanks, Marcus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Keeping Windows ACL's when migrating to SAMBA Server
-Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of TAKAHASHI Motonobu Sent: Saturday, December 18, 2010 10:20 PM To: George Cc: samba@lists.samba.org; Jeremy Allison Subject: Re: [Samba] Keeping Windows ACL's when migrating to SAMBA Server 2010/12/19 George : > Rightnow i got it half working but am having trouble with part of it. If I > use robocopy, It copies the files and ACL but not the correct create of > modify dates > > robocopy \\man_fs2\Batteries \\bed-fs1\servers\man_fs2\Batteries /sec /e > > If I use xxcopy I can copy all the files with the proper create and modify > dates but it wont copy the ACL's. > > xxcopy \\man_fs2\Batteries \\bed-fs1\servers\man_fs2\Batteries /backup > > George Are you using the /COPYALL switch? http://www.stevelu.com/TechnicalArticles/DevTools/1206.aspx (for gory flag details) I have successfully migrated several servers with terabytes of data from windows to linux by using robocopy (although I don't remember the exact flags at the moment). xcopy is unreliable for that much data IMX. -=Andrew -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Keeping Windows ACL's when migrating to SAMBA Server
I've tried it with the /copyall switch and /copy:datsou and still no luck On Dec 20, 2010 6:31 PM, "Andrew Masterson" < andrew.master...@nuvistaenergy.com> wrote: > > > > -Original Message- > From: samba-boun...@lists.samba.org > [mailto:samba-boun...@lists.samba.org] On Behalf Of TAKAHASHI Motonobu > Sent: Saturday, December 18, 2010 10:20 PM > To: George > Cc: samba@lists.samba.org; Jeremy Allison > Subject: Re: [Samba] Keeping Windows ACL's when migrating to SAMBA > Server > > 2010/12/19 George : >> Rightnow i got it half working but am having trouble with part of it. > If I >> use robocopy, It copies the files and ACL but not the correct create > of >> modify dates >> >> robocopy \\man_fs2\Batteries \\bed-fs1\servers\man_fs2\Batteries /sec > /e >> >> If I use xxcopy I can copy all the files with the proper create and > modify >> dates but it wont copy the ACL's. >> >> xxcopy \\man_fs2\Batteries \\bed-fs1\servers\man_fs2\Batteries /backup >> >> George > > > > Are you using the /COPYALL switch? > > http://www.stevelu.com/TechnicalArticles/DevTools/1206.aspx (for gory > flag details) > > I have successfully migrated several servers with terabytes of data from > windows to linux by using robocopy (although I don't remember the exact > flags at the moment). xcopy is unreliable for that much data IMX. > > -=Andrew -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba upgrade question
The key advantages of the Solaris provided version is that - someone already did the compilation work - ZFS support is included (this is backported by Sun and not included with 3.0.x source code from samba.) - nsswitch support is also enabled The big problems I had with Sun's version (which is why I also ended up recompiling) - domain trusts don't always work, and the idmap functionality is buggy. So I think 3.0.x is pretty much a dead-end at this point. According to the Oracle forums, Samba 3.4.x is included with the recent Solaris Express release- so I expect it to be included with Solaris 11 (whenever that comes out.) My guess (no evidence to back this up) is that Solaris 10 will stay on samba 3.0.x. You have to make some changes when you change versions and if they pushed that our as an automatic update it could possible break things. With the sunfreeware and blastwave versions of samba- - these might be 32-bit only. - I don't think zfs is included. - nsswitch support may or may not be included.I had problems with this with sunfreeware samba in the past. On 12/20/2010 11:34 AM, Ray Van Dolson wrote: On Thu, Dec 16, 2010 at 07:56:55AM -0800, Chernoguz, Inessa wrote: Hi All, I have a problem with upgrade samba on Solaris 10 (x86). The current version is 3.0.25b (distributed with Solaris 10). I am trying to upgrade version to 3.4.5. I compiled samba from sources, has not any problem with make and installation. Now I have 2 different versions and when I am running "svcadm enable samba" I am receiving old version. The old version installed under: /usr/sfw/sbin, new one under /usr/sbin... # /usr/sfw/sbin/smbd -V Version 3.0.25a # /usr/sbin/smbd -V Version 3.4.5 # ps -ef | grep smbd root 7531 7305 0 17:55:32 pts/1 0:00 grep smbd root 6981 6979 0 15:19:58 ? 0:00 /usr/sfw/sbin/smbd -D root 6979 1 0 15:19:58 ? 0:00 /usr/sfw/sbin/smbd -D Can you, please help me here? Thanks a lot, Inessa As someone already replied, you need to disable the vendor provided Samba first: # svcadm disable samba Then set up SysV init scripts for your new, custom installation of Samba or something via SMF. Alternately, Sunfreeware or Blastwave may have pre-packaged Samba installs that include these scripts. I prefer sticking with the vendor-provided packages when possible (hand built packages don't scale administratively). The latest Sun version of Samba is 3.0.37 for Solaris 10 and I believe they have a refresh due out shortly. Thanks, Ray -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba upgrade question
On Thu, Dec 16, 2010 at 07:56:55AM -0800, Chernoguz, Inessa wrote: > Hi All, > > I have a problem with upgrade samba on Solaris 10 (x86). The current > version is 3.0.25b (distributed with Solaris 10). I am trying to > upgrade version to 3.4.5. I compiled samba from sources, has not any > problem with make and installation. Now I have 2 different versions > and when I am running "svcadm enable samba" I am receiving old > version. The old version installed under: /usr/sfw/sbin, new one > under /usr/sbin... > > # /usr/sfw/sbin/smbd -V > Version 3.0.25a > # /usr/sbin/smbd -V > Version 3.4.5 > # ps -ef | grep smbd > root 7531 7305 0 17:55:32 pts/1 0:00 grep smbd > root 6981 6979 0 15:19:58 ? 0:00 /usr/sfw/sbin/smbd -D > root 6979 1 0 15:19:58 ? 0:00 /usr/sfw/sbin/smbd -D > > Can you, please help me here? > > Thanks a lot, > Inessa As someone already replied, you need to disable the vendor provided Samba first: # svcadm disable samba Then set up SysV init scripts for your new, custom installation of Samba or something via SMF. Alternately, Sunfreeware or Blastwave may have pre-packaged Samba installs that include these scripts. I prefer sticking with the vendor-provided packages when possible (hand built packages don't scale administratively). The latest Sun version of Samba is 3.0.37 for Solaris 10 and I believe they have a refresh due out shortly. Thanks, Ray -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind / trust questions and issues
On 12/15/2010 4:19 PM, Eric A. Hall wrote: > First issue is that I would like to filter out the local (LABS) users and > groups in winbind if possible. I tried using "winbind: ignore domains = LABS" but this causes winbindd to completely ignore its own domain, which in turn causes it to freak out, dump core, and die I have also tried using require_membership_of=SID for CORP/Domain Users (the remote users I want to allow local access through winbind), but pam_winbind complains about the foreign SID and then allows everybody to login despite the error Anything else I could try? -- Eric A. Hall http://www.eric-a-hall.com/ Network Technology Research Grouphttp://www.ntrg.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba upgrade HowTo requested
Hi, Volker! On Sat, Dec 18, 2010 at 10:10 AM, Volker Lendecke wrote: > On Fri, Dec 17, 2010 at 11:26:12AM +0100, Willy Offermans wrote: >> >> 20101026: >> AFFECTS: users of net/samba35 >> AUTHOR: Timur Bakeyev >> >> This is the latest stable release of the Samba3 distribution. It has >> been extended with the experimental support of the NFS4-like ACLs on >> ZFS partitions, thanks to the sysutils/libsunacl library by Edward >> Tomasz Napierala(trasz). This support haven't been tested thoroughly, >> so try it on your own risk. > > This looks interesting. I just did a portsnap fetch update > in my FreeBSD 8.1 box, but I don't find that snippet. Where > can I find those patches? There are small patches in the port itself to detect and incorporate libsunacl via configure and build vfs_zfsacl module OOTB. As for the lib itself - it is situated in /usr/ports/sysutils/libsunacl. With regards, Timur. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem using smb_audit with samba3-3.5
I don't know if I can ask here, but I don't have any answer in official forum[1]. I really need to implement this, please help me. I did all steps of INSTALL documentation and I got this error: [2010/12/10 11:58:33.911661, 0] lib/module.c:59(do_smb_load_module) Error trying to resolve symbol 'init_samba_module' in /usr/lib64/samba/vfs/mysql_audit.so: /usr/lib64/samba/vfs/mysql_audit.so: undefined symbol: init_samba_module [2010/12/10 11:58:33.911810, 0] smbd/vfs.c:167(vfs_init_custom) error probing vfs module 'mysql_audit': NT_STATUS_UNSUCCESSFUL Any ideas? I am really lost :( [1] - http://sourceforge.net/projects/smbdaudit/forums/forum/275569/topic/4008809 Rafael Gomes Consultor em TI LPIC-1 MCSO (71) 8318-0284 IV Encontro Nordestino de Software Livre & IV Encontro Potiguar de Software Livre http://ensl.org.br Atenção: Este e-mail pode conter anexos no formato ODF (Open Document Format)/ABNT (extensões odt, ods, odp, odb, odg). Antes de pedir os anexos em outro formato, você pode instalar gratuita e livremente o BrOffice (http://www.broffice.org). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] howto? howto switch domain controllers in an ldap directory?
> I've got an ldap directory, but no PDC yet. I want to set up a test PDC, > and once things work, I want to be able to set a more appropriate system to > be teh PDC using teh same login informations (replica of existing authzn > databases). where's the documentation of how to do this? what do I need to > know about this process (I'm not sure what it's even called >,.,< > > in case I wasn't clear above, I want to just be able to "flip a switch" (in > the proverbial sense) and switch PDC on an existing ldap directory without > having to purge it or migrate data or anything else so complex. To switch PDCs basically all you need to do is set the ip addreess of the ldap servers in the PDC and set the ldap password so the pdc can connect to the ldap server. smbpasswd -w Remember that samba and ldap are independent. The PDC need not be on the same server as your ldap servers. And I say servers you should always maintain more than 1 ldap server. This is pretty easy to do with ldap syncrepl http://www.bind9.net/manual/openldap/2.3/syncrepl.html You don't forget to configure pam and nss to use ldap on each linux machine that is on your domain. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Need a little help with Samba 3.5.5 on FreeNAS 7.2.5543
On 20 December 2010 04:16, Steve B wrote: > 1. Not sure what you mean by "remote the file". I can open and read the file I believe he meant "remove". I think he was just wondering if you got a different error with the file missing, which would prove that Audiotron was actually accessing the file. If you got the same symptoms, then it's possible that Audiotron was not actually finding/reading the file at all. > in any editor, but the Audiotron performs some sort of read function on the > file that tells it there are X number of radio stations defined in the file. > The file is basically an XML file. -- Michael Wood -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] problem connecting DFS-share with winXP - successful with Vista & 7
Hi, i have problems connecting to DFS-Share from Client WindowsXP. Same configuration works fine for Windows Vista and 7. On Windows 7 the LMCompatibility Level is 3. the striking point I see in logfile is following 2010/12/20 10:30:17, 1] smbd/service.c:make_connection_snum(1119) 10.184.144.171 (10.184.144.171) signed connect to service applbin initially as user useracc (uid=45110, gid=45110) (pid 20312) [2010/12/20 10:30:17, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/12/20 10:30:17, 2] smbd/reply.c:reply_tcon_and_X(789) Serving applbin as a Dfs root [2010/12/20 10:30:17, 3] smbd/reply.c:reply_tcon_and_X(794) tconX service=APPLBIN [2010/12/20 10:30:17, 3] smbd/process.c:process_smb(1576) Transaction 3 of length 1404 (0 toread) [2010/12/20 10:30:17, 3] smbd/process.c:switch_message(1393) switch message SMBsesssetupX (pid 20312) conn 0x0 [2010/12/20 10:30:17, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/12/20 10:30:17, 3] smbd/sesssetup.c:reply_sesssetup_and_X(1412) wct=12 flg2=0xc807 [2010/12/20 10:30:17, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1175) Doing spnego session setup [2010/12/20 10:30:17, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1210) NativeOS=[Windows 2002 Service Pack 3 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] [2010/12/20 10:30:17, 3] smbd/sesssetup.c:reply_spnego_negotiate(802) reply_spnego_negotiate: Got secblob of size 1172 [2010/12/20 10:30:17, 3] libads/authdata.c:decode_pac_data(301) Found account name from PAC: CLIENTXP$ [] [2010/12/20 10:30:17, 3] smbd/sesssetup.c:reply_spnego_kerberos(356) Ticket name is [client...@domain.local] [2010/12/20 10:30:17, 1] smbd/sesssetup.c:reply_spnego_kerberos(474) Username DOMAIN00\CLIENTXP$ is invalid on this system [2010/12/20 10:30:17, 3] smbd/error.c:error_packet_set(61) error packet at smbd/sesssetup.c(480) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE On Windows Vista the Same Section in logfile shows different account-name: Doing spnego session setup [2010/12/20 09:12:29, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1210) NativeOS=[] NativeLanMan=[] PrimaryDomain=[] [2010/12/20 09:12:29, 3] smbd/sesssetup.c:reply_spnego_negotiate(802) reply_spnego_negotiate: Got secblob of size 6566 [2010/12/20 09:12:29, 3] libads/authdata.c:decode_pac_data(301) Found account name from PAC: USERACC [Nachname, Vorname] [2010/12/20 09:12:29, 3] smbd/sesssetup.c:reply_spnego_kerberos(356) Ticket name is [user...@domain.local] The difference i see, is that on windows XP the system don't take the username of connecting account, although it is grabbed in start of session-log. [2010/12/20 10:30:17, 3] libads/authdata.c:decode_pac_data(301) Found account name from PAC: USERACC [Nachname, Vorname] [2010/12/20 10:30:17, 3] smbd/sesssetup.c:reply_spnego_kerberos(356) Ticket name is [efro...@domain.local] Has someone an idea, how i can fix this problem. This problem only occurs, if i connect via DFS Master. If i connect directly to the Share, all is successful. [complete Logfile]: http://paste.ubuntu.com/545870/ [config DFS-master]: http://paste.ubuntu.com/545874/ [config client]: http://paste.ubuntu.com/545873/ Regards, Steffen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] name resolution: dns name different to windows machine name
Hi, we are running a samba domain controller as master with activated WINS. The machine name of each WinXP client is set manually during the installation initial process. Each client is using the WINS server of our domain controller. The WinXP clients are getting their IP by a global DNS Server, which sets the DNS and reverse DNS entry identically to the windos machine name. Now the administrator of the DNS server is planning to change the DNS and reverse DNS concept in the way that the DNS and reverse DNS entry will be not identically to the windows machine name any more. The WinXP clients will get a generic, randomly set DNS/reverse DNS entry. Does this have any effects for functionality of my samba domain controller and/or the WinXP clients? Thanks, Marcus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
