Re: [Samba] Old question - NT4 BDC in Samba domain?
Like it is written down in the HOWTO: NO! You just have to setup a Samba3 bdc in your nt4 Windows Domain like described here: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/NT4Migration.html Good Luck --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Martin Hochreiter Gesendet: Donnerstag, 3. Februar 2011 08:09 An: samba@lists.samba.org Betreff: [Samba] Old question - NT4 BDC in Samba domain? Hi! I have to migrate a samba domain to an Active Directory and therefore I need as first step to have a NT4.0 BDC in my network. As I don't find an useful answer via google I want to ask you if a NT4 BDC will work in a Samba PDC enviroment? regards Martin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Old question - NT4 BDC in Samba domain?
Thank your for your response I don't need another samba bdc (I already have 3) - I wanted do get a NT4 BDC as first step for a migration to an Active Directory. Ok, so I have to look for another way to migrate users. regards Martin Like it is written down in the HOWTO: NO! You just have to setup a Samba3 bdc in your nt4 Windows Domain like described here: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/NT4Migration.html Good Luck --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Martin Hochreiter Gesendet: Donnerstag, 3. Februar 2011 08:09 An: samba@lists.samba.org Betreff: [Samba] Old question - NT4 BDC in Samba domain? Hi! I have to migrate a samba domain to an Active Directory and therefore I need as first step to have a NT4.0 BDC in my network. As I don't find an useful answer via google I want to ask you if a NT4 BDC will work in a Samba PDC enviroment? regards Martin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Old question - NT4 BDC in Samba domain?
Try this: http://www.techrepublic.com/article/get-it-done-transfer-nt4-domain-data-usi ng-the-active-directory-migration-tool/1058251 --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: Martin Hochreiter [mailto:linux...@wavenet.at] Gesendet: Donnerstag, 3. Februar 2011 09:46 An: muel...@tropenklinik.de Cc: samba@lists.samba.org Betreff: Re: [Samba] Old question - NT4 BDC in Samba domain? Thank your for your response I don't need another samba bdc (I already have 3) - I wanted do get a NT4 BDC as first step for a migration to an Active Directory. Ok, so I have to look for another way to migrate users. regards Martin Like it is written down in the HOWTO: NO! You just have to setup a Samba3 bdc in your nt4 Windows Domain like described here: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/NT4Migration.html Good Luck --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Martin Hochreiter Gesendet: Donnerstag, 3. Februar 2011 08:09 An: samba@lists.samba.org Betreff: [Samba] Old question - NT4 BDC in Samba domain? Hi! I have to migrate a samba domain to an Active Directory and therefore I need as first step to have a NT4.0 BDC in my network. As I don't find an useful answer via google I want to ask you if a NT4 BDC will work in a Samba PDC enviroment? regards Martin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] application can not delete from samba share
Dear All I am stucked with a problem , I'd like to ask your help. Problem : - I can not delete files from Samba_3.2.5 share from a specific windows application. Filemanagers, command prompt can handle the files well. The checked things: - the same application was able to delete from samba_2.x - permissions are OK. From windows explorer or from command prompt I can delete well. Create files, delete, modify perfect from WinOS but from this application is not possible. -acls , SIDs seems to be OK. getfacl rwxrwxrwx - this application is able to delete from other shares except the files are on samba - log level 10: I could not recognized any failure or strange behaviour - I have tried many settings in smb.conf : oplock, case sensitive settings etc .. without success I monitored the successful deleting from a file-manager and compared with unsuccessful one (this application) . Some this are different between logs but I am not able to catch the reason of problem. I can provide logs or screenshoot about comparison if needed. Have you already experienced such a problem. I appreciate any help Thank you regards: Zoltan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Access to s3 shares when userPrincipalName differs from the sAMAccountName
Hello all, I've been trying to use a Samba3 fileserver with security = ADS in a domain where the DC is Samba4. It all seems to work, except for users with long names. What happens is that users can log in to the domain with their userPrincipalName as well as the sAMAccountName. Unfortunately, if the username is longer than 20 characters (which, because of our username = first_name.last_name policy, is the case for a few users), then the userPrincipalName and the sAMAccountName differ. So when users that have logged in using their userPrincipalName try to access a share on the Samba3 server, they try to authenticate using the userPrincipalName, which winbind doesn't know about, and fail. This looks to be a problem that a lot of people should have run into over the past few years, but I haven't been able to find any clues by searching the mailing list archives. Is there a workaround I could use? At the moment my options seem to be: 1) Ask users with long names to only log in using the sAMAccountName. This is very suboptimal of course. 2) Change these users' userPrincipalName to be the same as the sAMAccountName so that they will /have/ to use the sAMAccountName to log in. Doable but ugly and it will complicate our email setup too. 3) Find a magic GPO configuration option that will force windows clients to always use the sAMAccountName to authenticate when accessing a network share. After a few hours searching on the web and manually going through each option in the GPO editor, there doesn't appear to be such a setting. 4) Hack winbindd to do an ldap search to convert the userPrincipalName to the sAMAccountName when it is obvious we're dealing with the former (i.e. when it's larger than 20 characters). 5) Hack winbindd to trim the username so that the userPrincipalName will be converted to the sAMAccountName. I can't even imagine the ways this could break and it would be a huge burden to maintain such hacks in the long term. Any insight on this? I'm sure there's a better option! Thanks, Aggelos -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] application can not delete from samba share
Hello, with samba3 many things changed. For me too coming from samba 2x to samba3 the first thing was that office files could no longer be saved as I was used without problem with samba 2x. Try to set the sticky bit for the user or the group(1770 2770)the application is running. It solved me many problems. Or try in your [share] profile acls = yes nt acl support = no Good Luck --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Nemeth Zoltan Gesendet: Donnerstag, 3. Februar 2011 10:11 An: samba@lists.samba.org Betreff: [Samba] application can not delete from samba share Dear All I am stucked with a problem , I'd like to ask your help. Problem : - I can not delete files from Samba_3.2.5 share from a specific windows application. Filemanagers, command prompt can handle the files well. The checked things: - the same application was able to delete from samba_2.x - permissions are OK. From windows explorer or from command prompt I can delete well. Create files, delete, modify perfect from WinOS but from this application is not possible. -acls , SIDs seems to be OK. getfacl rwxrwxrwx - this application is able to delete from other shares except the files are on samba - log level 10: I could not recognized any failure or strange behaviour - I have tried many settings in smb.conf : oplock, case sensitive settings etc .. without success I monitored the successful deleting from a file-manager and compared with unsuccessful one (this application) . Some this are different between logs but I am not able to catch the reason of problem. I can provide logs or screenshoot about comparison if needed. Have you already experienced such a problem. I appreciate any help Thank you regards: Zoltan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Repeated Forced Election... can this be avoided ?
Hi all, I am running a v3.5.6 samba as a PDC with tbdsam. I have: security = user domain master= yes domain logons= yes local master = yes preferred master = yes os level = 33 log level= 1 My daily logwatch shows: Connections Denied: lib/util_sock.c:1432(get_peer_addr_internal) getpeername failed. Error was Transport endpoint is not connected 0.0.0.0 : 121 Time(s) lib/util_sock.c:1432(get_peer_addr_internal) getpeername failed. Error was Transport endpoint is not connected 0.0.0.0 : 121 Time(s) Forced Election: In workgroup SMB_DOMAIN when announced server was: Windows 7 (a.b.c.x) : 22 Time(s) Windows 7 (a.b.c.y) : 120 Time(s) Windows XP(a.b.c.z) : 120 Time(s) The 22 Time(s) machine is only on some of the time ! Is this normal ? Can I avoid this clutter ? -- other than by turning off the logging :-) I also see some DHCP logging: Unknown Entries: Unable to add reverse map from w.c.b.a.in-addr.arpa. to FRED.SMB_DOMAIN: not found: 16 Time(s) Unable to add reverse map from y.c.b.a.in-addr.arpa. to BARNEY.SMB_DOMAIN: not found: 8 Time(s) Unable to add reverse map from x.c.b.a.in-addr.arpa. to WILMA.SMB_DOMAIN: not found: 14 Time(s) Are these normal ? Is there something I should do with dynamic DNS to help, here ? Thanks, Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba constantly creating mapping
Hi all, I have Samba server joined Active Directory domain based on win2008r2, using LDAP as idmap backend. Recently I upgraded from 3.3.x to 3.5.x (Sernet RPMs for Centos4). Now I constantly observe those messages in log: [2011/02/03 09:10:25.696896, 0] winbindd/idmap_ldap.c:1471(idmap_ldap_set_mapping) ldap_set_mapping_internals: Failed to add S-1-5-21-3807515285-1394671770-2144936185-513 to 21066 mapping [gidNumber] [2011/02/03 09:10:25.696927, 0] winbindd/idmap_ldap.c:1473(idmap_ldap_set_mapping) ldap_set_mapping_internals: Error was: (Already exists) [2011/02/03 09:15:16.234228, 0] winbindd/idmap.c:201(smb_register_idmap_alloc) idmap_alloc module ldap already registered! [2011/02/03 09:15:16.234271, 0] winbindd/idmap.c:201(smb_register_idmap_alloc) idmap_alloc module tdb already registered! [2011/02/03 09:15:16.234286, 0] winbindd/idmap.c:149(smb_register_idmap) Idmap module passdb already registered! [2011/02/03 09:15:16.234300, 0] winbindd/idmap.c:149(smb_register_idmap) Idmap module nss already registered! with gidNumber increasing, although samba created mapping for this SID: dn: sambaSID=S-1-5-21-3807515285-1394671770-2144936185-513,ou=idmap,dc=corp,dc=domain objectClass: sambaIdmapEntry objectClass: sambaSidEntry gidNumber: 20042 sambaSID: S-1-5-21-3807515285-1394671770-2144936185-513 structuralObjectClass: sambaSidEntry RID 513 is standard Domain Users group, but *S-1-5-21-3807515285-1394671770-2144936185* is not AD domain: wbinfo --all-domains BUILTIN DLC CORP DLC is hostname of Samba server and CORP - AD domain. wbinfo -D corp Name : CORP Alt_Name : corp.domain SID : S-1-5-21-3642537914-689118755-2668763798 Active Directory : Yes Native: Yes Primary : Yes wbinfo -D dlc Name : DLC Alt_Name : SID : *S-1-5-21-3807515285-1394671770-2144936185* Active Directory : No Native: No Primary : No As I understand I should somehow add entry for this SID in local SAM database with net sam. But how: with net sam createlocalgroup or net sam createdomaingroup or net sam createbuiltingroup? I don't understand SAM well, please advice me how to do this. Thanks. -- Vladimir Vassiliev -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] understanding users mapping
Hello all, Im Fran, and im from Spain. Im currently using an english book to setup my samba server, and im having problems understanding it. I explain my problem. I dont want to use root to join clients to the domain; i prefer creating a plain user. Ok, so, the steps i follow are: net groupmap add unixgroup=srvadmins ntgroup=Server Admins net groupmap add ntgroup=Domain Admins unixgroup=dmnadmins rid=512 type=d net rpc rights grant 'ORA\Server Admins' seMachineAccountPrivilege Now, users: root, dmnadmin(from dmnadmins group) and srvadmin (from srvadmins group) can add machines to domain. So i wonder, why srvadmins group is needed to be granted privileges? I tryed to lower dmnadmins privileges by revoking semachineaccountprivilege privilege, but didnt worked, and it user managed to add a machine to the domain correctly. Ok, so, is this really usefull? why do i need 3 kind of users to be able to join to the domain? should i really stick to using root to join clients? thank you -- Fran Del Val Dpto de informática. Rojatex S.L. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] understanding users mapping
Hallo, fdelval, Du meintest am 03.02.11: I dont want to use root to join clients to the domain; i prefer creating a plain user. Look at admin users in [global, file /etc/samba/smb.conf. There you can define which linux user is allowed to do this job. Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] application can not delete from samba share
Hello Daniel Thank you for hints the application is running on WinOs and the files what should be deleted on linux-samba share. I checked the mentioned acl sttings , but simpthom is sill the same : - only this win application is not able to delete from samba share - same appl can delete on other shares well The question is with other words: how can I setup totally same emulation on samba as WinOS shares are ? How can I found out the reason, why delete from samba is different from winappl. point of view then other shares. Thank you for any answers regards: Zoltan Eredeti üzenet Tárgy: AW: [Samba] application can not delete from samba share Feladó: Daniel Müller muel...@tropenklinik.de Címzett: nzol...@freemail.hu, samba@lists.samba.org Dátum: 2/3/2011 11:00 AM Hello, with samba3 many things changed. For me too coming from samba 2x to samba3 the first thing was that office files could no longer be saved as I was used without problem with samba 2x. Try to set the sticky bit for the user or the group(1770 2770)the application is running. It solved me many problems. Or try in your [share] profile acls = yes nt acl support = no Good Luck --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Nemeth Zoltan Gesendet: Donnerstag, 3. Februar 2011 10:11 An: samba@lists.samba.org Betreff: [Samba] application can not delete from samba share Dear All I am stucked with a problem , I'd like to ask your help. Problem : - I can not delete files from Samba_3.2.5 share from a specific windows application. Filemanagers, command prompt can handle the files well. The checked things: - the same application was able to delete from samba_2.x - permissions are OK. From windows explorer or from command prompt I can delete well. Create files, delete, modify perfect from WinOS but from this application is not possible. -acls , SIDs seems to be OK. getfacl rwxrwxrwx - this application is able to delete from other shares except the files are on samba - log level 10: I could not recognized any failure or strange behaviour - I have tried many settings in smb.conf : oplock, case sensitive settings etc .. without success I monitored the successful deleting from a file-manager and compared with unsuccessful one (this application) . Some this are different between logs but I am not able to catch the reason of problem. I can provide logs or screenshoot about comparison if needed. Have you already experienced such a problem. I appreciate any help Thank you regards: Zoltan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] understanding users mapping
Hello mate, I added it, with a simple user, and yes, it worked. Now, doubs storm my mind. now i have like 3 ways of achieving what i want. 1) username map = /etc/samba/smbusers (linking users to root) 2) admin users = frank 3) messing up with my netgroups and granting rights Which one should i use? Which one offers the most secure way? Hallo, fdelval, Du meintest am 03.02.11: I dont want to use root to join clients to the domain; i prefer creating a plain user. Look at admin users in [global, file /etc/samba/smb.conf. There you can define which linux user is allowed to do this job. Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Fran Del Val Dpto de informática. Rojatex S.L. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] understanding users mapping
Hallo, fdelval, Du meintest am 03.02.11 zum Thema Re: [Samba] understanding users mapping: now i have like 3 ways of achieving what i want. 1) username map = /etc/samba/smbusers (linking users to root) 2) admin users = frank 3) messing up with my netgroups and granting rights Which one should i use? I prefer admin users in the smb.conf. Don't know wether it is the best of all possible solutions. Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] understanding users mapping
Hi, as usual there are several ways to accomplish what you're looking for. This is what I prefer - netgroups and granting rights, because 1) username map = /etc/samba/smbusers (linking users to root) IMHO the really old style for those who don't know a better way. You shouldn't grant admin-rights this way. 2) admin users = frank Somehow better than 1) but also a short-term solution you shouldn't use. 3) messing up with my netgroups and granting rights IMHO it's not messing with but the only way to grant user-rights and priviliges. It's more complex and you need to think about it ini advance, but it's a propper long-term solution. Check out the official samba-howto - chapter 15/16: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/rights.html http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/AccessControls.html Cheers, Christian === Dipl.-Ing. Christian Rost roCon - Informationstechnologie Ulmenstraße 45 44534 Lünen fon: +49 (0) 2306 910 658 fax: +49 (0) 2306 910 664 url: http://www.rocon-it.de Helmut Hullen hul...@t-online.de wrote Subject: Re: [Samba] understanding users mapping Date: 03.02.2011 13:56 Hallo, fdelval, Du meintest am 03.02.11 zum Thema Re: [Samba] understanding users mapping: now i have like 3 ways of achieving what i want. 1) username map = /etc/samba/smbusers (linking users to root) 2) admin users = frank 3) messing up with my netgroups and granting rights Which one should i use? I prefer admin users in the smb.conf. Don't know wether it is the best of all possible solutions. Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] understanding users mapping
Hello Christian Ok, i will start by your favourite way because i want to use the feature of mapping groups. Now i mapped my linux group to a windows domain admins and, in users and groups management console in windows, i can see my group magically there. Now im mapping more groups, but i cant manage to group any group except domain admins What's happening? Hi, as usual there are several ways to accomplish what you're looking for. This is what I prefer - netgroups and granting rights, because 1) username map = /etc/samba/smbusers (linking users to root) IMHO the really old style for those who don't know a better way. You shouldn't grant admin-rights this way. 2) admin users = frank Somehow better than 1) but also a short-term solution you shouldn't use. 3) messing up with my netgroups and granting rights IMHO it's not messing with but the only way to grant user-rights and priviliges. It's more complex and you need to think about it ini advance, but it's a propper long-term solution. Check out the official samba-howto - chapter 15/16: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/rights.html http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/AccessControls.html Cheers, Christian === Dipl.-Ing. Christian Rost roCon - Informationstechnologie UlmenstraÃe 45 44534 Lünen fon: +49 (0) 2306 910 658 fax: +49 (0) 2306 910 664 url: http://www.rocon-it.de Helmut Hullen hul...@t-online.de wrote Subject: Re: [Samba] understanding users mapping Date: 03.02.2011 13:56 Hallo, fdelval, Du meintest am 03.02.11 zum Thema Re: [Samba] understanding users mapping: now i have like 3 ways of achieving what i want. 1) username map = /etc/samba/smbusers (linking users to root) 2) admin users = frank 3) messing up with my netgroups and granting rights Which one should i use? I prefer admin users in the smb.conf. Don't know wether it is the best of all possible solutions. Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Fran Del Val Dpto de informática. Rojatex S.L. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] understanding users mapping
2011/2/3 fdel...@rojatex.com: I dont want to use root to join clients to the domain; i prefer creating a plain user. As Cristian said, using user-rights is the only way that does not user root to join. Im currently using an english book to setup my samba server, and im having problems understanding it. (snip) So i wonder, why srvadmins group is needed to be granted privileges? (snip) Ok, so, is this really usefull? why do i need 3 kind of users to be able to join to the domain? No, I think that the book shows these 3 users only as an example. And you know, net groupmap command itself does not grant the rights to add machines to the domain. Remember that you should create domain admins group to keep compatibility with Windows. --- TAKAHASHI Motonobu mo...@monyo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Repeated Forced Election... can this be avoided ?
2011/2/3 chris.hall.l...@highwayman.com: I also see some DHCP logging: Unknown Entries: Unable to add reverse map from w.c.b.a.in-addr.arpa. to FRED.SMB_DOMAIN: not found: 16 Time(s) Unable to add reverse map from y.c.b.a.in-addr.arpa. to BARNEY.SMB_DOMAIN: not found: 8 Time(s) Unable to add reverse map from x.c.b.a.in-addr.arpa. to WILMA.SMB_DOMAIN: not found: 14 Time(s) Are these normal ? Is there something I should do with dynamic DNS to help, here ? If you stop this message, apply a patch in http://support.microsoft.com/kb/2171571 or modify your Windows 7 machine's FQDN manually. Forced Election: In workgroup SMB_DOMAIN when announced server was: Windows 7 (a.b.c.x) : 22 Time(s) Windows 7 (a.b.c.y) : 120 Time(s) Windows XP(a.b.c.z) : 120 Time(s) The 22 Time(s) machine is only on some of the time ! Have you set these machine's firewall suitable for Internet? If a windows machine running browsing service can not receive UDP broadcast, the machine recognizes that I have to become a master browser and will cause election. --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Old question - NT4 BDC in Samba domain?
2011/2/3 Martin Hochreiter linux...@wavenet.at: Hi! I have to migrate a samba domain to an Active Directory and therefore I need as first step to have a NT4.0 BDC in my network. As I don't find an useful answer via google I want to ask you if a NT4 BDC will work in a Samba PDC enviroment? No and vice versa. --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] understanding users mapping
On Thu, Feb 03, 2011 at 11:50:12PM +0900, TAKAHASHI Motonobu wrote: 2011/2/3 fdel...@rojatex.com: I dont want to use root to join clients to the domain; i prefer creating a plain user. As Cristian said, using user-rights is the only way that does not user root to join. Im currently using an english book to setup my samba server, and im having problems understanding it. (snip) So i wonder, why srvadmins group is needed to be granted privileges? (snip) Ok, so, is this really usefull? why do i need 3 kind of users to be able to join to the domain? No, I think that the book shows these 3 users only as an example. And you know, net groupmap command itself does not grant the rights to add machines to the domain. Remember that you should create domain admins group to keep compatibility with Windows. --- TAKAHASHI Motonobu mo...@monyo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Αγαπητέ/ή κύριε/κυρία, Σε συνέχεια του μηνύματός σας θα θέλαμε να σας ενημερώσουμε Παραμένουμε στη διάθεσή σας για οποιαδήποτε άλλη πληροφορία ή διευκρίνιση. Με εκτίμηση OTEbusiness Customer Service - 13818 Technical Support Γενική Διεύθυνση Εταιρικών Επιχειρησιακών Πελατών ΟΤΕ AE www.otebusiness.gr Τηλ.:13818 (Επιλογή 1 1) Fax.:2106798566 mailto: supp...@otebusiness.gr ΔΙΕΥΚΡΙΝΙΣΗ* Οι πληροφορίες ή/και τυχόν αρχεία που υπάρχουν σε αυτό το ηλεκτρονικό μήνυμα είναι προσωπικά και απόρρητα. Ο αποστολέας αυτού του ηλεκτρονικού μηνύματος αποσκοπεί στην παραλαβή του, μόνο από τον ονομαζόμενο παραλήπτη. Εάν δεν είστε ο ονομαζόμενος παραλήπτης, δε σας επιτρέπεται να αποθηκεύσετε, αντιγράψετε ή χρησιμοποιήσετε με οποιονδήποτε τρόπο τις πληροφορίες που περιέχονται σε αυτό το ηλεκτρονικό μήνυμα. Απαγορεύεται επίσης η περαιτέρω καθ' οιονδήποτε τρόπο χρήση και ανακοίνωση του μηνύματος από τον παραλήπτη του ή τρίτο, χωρίς τη συναίνεση του συντάκτη του. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Old question - NT4 BDC in Samba domain?
Thank you for that link - I already knew the ADMT. The disadavantage of the ADMT is, that you can't transfer the SID or write the old SID in the SID history neither you can move the passwords ... what, with over 5000 users , is essential. regards Martin Am 2011-02-03 10:14, schrieb Daniel Müller: Try this: http://www.techrepublic.com/article/get-it-done-transfer-nt4-domain-data-usi ng-the-active-directory-migration-tool/1058251 --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] application can not delete from samba share
On Thu, Feb 3, 2011 at 7:07 AM, Nemeth Zoltan nzol...@freemail.hu wrote: How can I found out the reason, why delete from samba is different from winappl. point of view then other shares. Read all of the changelogs between versions. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] understanding users mapping
Please CC to samba list. 2011/2/4 fdel...@rojatex.com: root has adding machines privileges because root has all powers in linux and samba Yes, root (uid=0) has natively all rights on Samba. Domain Admins has privileges because that group already had privileges in windows, and samba understand that Yes, rid=512 is reserved for Domain Admins and Domain Admins has the rights natively. srvadmins has rights because i granted them with the net rpc privileges. Yes. --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ACL and Replace all Child object permissions
I have an issue with samba+acl and Windows checkbox Replace all Child object permissions . I have a folder with defaults ACLs : /default:user:user1:rwx, default:user:user2:rwx owned by user1/ On Windows if I'm checking Replace all Child object permissions with inheritable permissions from this object on this folder, it losts the default ACL default:user:user1:rwx, others ACLs stays right (default:user:user2:rwx). /default:user:user2:rwx owned by user1/ Is it a normal behavior to delete an user from Default ACL if he is already owner of a folder? How can i avoid this? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] POSIX ACLs vs. EA security.NTACLs
2011/2/3 Robert W. Smith rwsm...@bislink.net: This might be more inclusive if I said, Linux Permissions vs POSIX ACLs vs vfs_xattr. (snip) 1) Does Samba maintain the consistency between all of the stored NTFS attributes and POSIX ACLs when using vfs_xattr? Only one way, from NTFS attributes to POSIX ACLs. 2) When might the POSIX ACL not be in sync with the vfs_xattr EA stored in security.NTACL when using Samba? As far as I examined at Samba 3.5.6, the consistency is almost kept. But in prior version, is not. And ACL inherit flag can not work well. https://bugzilla.samba.org/show_bug.cgi?id=6841 4) With 'inherit acls = yes' what does 'default acl' imply? All ACLs on the file/directory or just those preceded with the tag 'default'? 'inheit acls = yes' only affects the *permissions* (not any ACLs) for child files or directories. Read smb.conf(5). But if inherit permissions = yes, inherit acls is always ignored. 7) Currently, if a users comes to me and says, 'I need the lawyer to have access to file XYZ', I would grant the POSIX ACL using the Linux CLI with, # setfacl -m g:mud-suckers:rw, without regard to the users OS platform. With vfs_xattr, do I now need to somehow 'sync' the POSIX ACL with the security.NTACL EA? If yes, how? Under acl_xattr enabled, you should not set POSIX ACLs manually. You have no way to sync. 5) For the astute reader, since this is a Samba share, I force the group to be 'domusers' (DOMAIN\Domain Users in Win) for new files/directories. Will this always be the Linux permission group? Will this overwrite the Linux group 'users' of existing files or new files where permissions and ACLs are inherited? force group only affects the permission group for new files/directories. 6) I want to always ensure both the Linux only group 'users' and the 'domusers' (which include both Linux and Windows users and Win only users) are enabled on all files/directories on this share. Hey, I'll give my silver dollar to the person who can come up with a configuration that will solve this with both NFS and Samba! I recommend: 1) to set owner and group to root, 2) add g:users:rwx and g:domusers:rwx to the default ACL 3) If both POSIX ACL and security.NTACL exist on a file/directory, which does smbcacls show? What does Win* Properties--Security show? What does smbclient show? Maybe NTACL is shown. Remember, POSIX ACL is used to determine if access is allowed or not. NTACL is not referred. --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ACL and Replace all Child object permissions
2011/2/4 Zorg z...@probesys.com: I have an issue with samba+acl and Windows checkbox Replace all Child object permissions . I have a folder with defaults ACLs : /default:user:user1:rwx, default:user:user2:rwx owned by user1/ On Windows if I'm checking Replace all Child object permissions with inheritable permissions from this object on this folder, it losts the default ACL default:user:user1:rwx, others ACLs stays right (default:user:user2:rwx). /default:user:user2:rwx owned by user1/ Is it a normal behavior to delete an user from Default ACL if he is already owner of a folder? How can i avoid this? As far as I examined at Samba 3.5.6, an error occured. At older version of Samba, I have met the similar behavior: default ACL is vanished when the user granted permissions by the default ACL is also an owner. Anyway map acl inherit does not fully work: https://bugzilla.samba.org/show_bug.cgi?id=6841 --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ACLs under windows 7 - you do not have permissions to access
2011/2/1 sisu . npil...@hotmail.com: Hi all again, Finally I found the source of my problem, it was I set force group = root parameter on my shares, It was really useful for me since whether an user created a file it forced the group root as a primary root and then as I had the default acls (for secondary group) for example: #ll drwxrwx---+ 2 user root 6 Feb 1 11:04 test_file default:group:tech:r-x thus only the members of this secondary group (tech) were able to interact with that file due to the default acl I had on this directory. Currently the problem that I have is all the users are in the same group 'company' then as I can't force the group as root the default group will be 'company', which implies everybody will have access to this file. drwxrwx---+ 2 user company 6 Feb 1 11:14 test_file2 Any suggestion? Thanks again for your support ! force group = root affects only the *permission group*, not the groups defined by ACLs. So simply force group = root will solve the problem. Try it! --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] From LDAP to tdbsam
We are scaling back our Samba service, and no longer need the server to act as a domain controller or do general LDAP authentication. Since we are also going to move the service to a different piece of hardware, I would like to simplify the setup by removing LDAP from the operation on the new machine. The only problem I see will be the existing user base. Is there an easy way to move the lm and nt hashes from the LDAP database to a passdb.tdb file? Mike [PS. Of course, if I am making a mistake here, and the LDAP setup has some advantage that I am overlooking, let me know...] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] From LDAP to tdbsam
2011/2/4 Michael Urban ur...@panix.com: (snip) The only problem I see will be the existing user base. Is there an easy way to move the lm and nt hashes from the LDAP database to a passdb.tdb file? Use pdbedit -e ldapsam -i tdbsam command. For detail refer to pdbedit(8). --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Old question - NT4 BDC in Samba domain?
On Fri, Feb 04, 2011 at 12:01:59AM +0900, TAKAHASHI Motonobu wrote: 2011/2/3 Martin Hochreiter linux...@wavenet.at: Hi! I have to migrate a samba domain to an Active Directory and therefore I need as first step to have a NT4.0 BDC in my network. As I don't find an useful answer via google I want to ask you if a NT4 BDC will work in a Samba PDC enviroment? No and vice versa. --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Αγαπητέ/ή κύριε/κυρία, Σε συνέχεια του μηνύματός σας θα θέλαμε να σας ενημερώσουμε Παραμένουμε στη διάθεσή σας για οποιαδήποτε άλλη πληροφορία ή διευκρίνιση. Με εκτίμηση OTEbusiness Customer Service - 13818 Technical Support Γενική Διεύθυνση Εταιρικών Επιχειρησιακών Πελατών ΟΤΕ AE www.otebusiness.gr Τηλ.:13818 (Επιλογή 1 1) Fax.:2106798566 mailto: supp...@otebusiness.gr ΔΙΕΥΚΡΙΝΙΣΗ* Οι πληροφορίες ή/και τυχόν αρχεία που υπάρχουν σε αυτό το ηλεκτρονικό μήνυμα είναι προσωπικά και απόρρητα. Ο αποστολέας αυτού του ηλεκτρονικού μηνύματος αποσκοπεί στην παραλαβή του, μόνο από τον ονομαζόμενο παραλήπτη. Εάν δεν είστε ο ονομαζόμενος παραλήπτης, δε σας επιτρέπεται να αποθηκεύσετε, αντιγράψετε ή χρησιμοποιήσετε με οποιονδήποτε τρόπο τις πληροφορίες που περιέχονται σε αυτό το ηλεκτρονικό μήνυμα. Απαγορεύεται επίσης η περαιτέρω καθ' οιονδήποτε τρόπο χρήση και ανακοίνωση του μηνύματος από τον παραλήπτη του ή τρίτο, χωρίς τη συναίνεση του συντάκτη του. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Repeated Forced Election... can this be avoided ?
On Thu, Feb 03, 2011 at 11:58:35PM +0900, TAKAHASHI Motonobu wrote: 2011/2/3 chris.hall.l...@highwayman.com: I also see some DHCP logging: Unknown Entries: Unable to add reverse map from w.c.b.a.in-addr.arpa. to FRED.SMB_DOMAIN: not found: 16 Time(s) Unable to add reverse map from y.c.b.a.in-addr.arpa. to BARNEY.SMB_DOMAIN: not found: 8 Time(s) Unable to add reverse map from x.c.b.a.in-addr.arpa. to WILMA.SMB_DOMAIN: not found: 14 Time(s) Are these normal ? Is there something I should do with dynamic DNS to help, here ? If you stop this message, apply a patch in http://support.microsoft.com/kb/2171571 or modify your Windows 7 machine's FQDN manually. Forced Election: In workgroup SMB_DOMAIN when announced server was: Windows 7 (a.b.c.x) : 22 Time(s) Windows 7 (a.b.c.y) : 120 Time(s) Windows XP(a.b.c.z) : 120 Time(s) The 22 Time(s) machine is only on some of the time ! Have you set these machine's firewall suitable for Internet? If a windows machine running browsing service can not receive UDP broadcast, the machine recognizes that I have to become a master browser and will cause election. --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Αγαπητέ/ή κύριε/κυρία, Σε συνέχεια του μηνύματός σας θα θέλαμε να σας ενημερώσουμε Παραμένουμε στη διάθεσή σας για οποιαδήποτε άλλη πληροφορία ή διευκρίνιση. Με εκτίμηση OTEbusiness Customer Service - 13818 Technical Support Γενική Διεύθυνση Εταιρικών Επιχειρησιακών Πελατών ΟΤΕ AE www.otebusiness.gr Τηλ.:13818 (Επιλογή 1 1) Fax.:2106798566 mailto: supp...@otebusiness.gr ΔΙΕΥΚΡΙΝΙΣΗ* Οι πληροφορίες ή/και τυχόν αρχεία που υπάρχουν σε αυτό το ηλεκτρονικό μήνυμα είναι προσωπικά και απόρρητα. Ο αποστολέας αυτού του ηλεκτρονικού μηνύματος αποσκοπεί στην παραλαβή του, μόνο από τον ονομαζόμενο παραλήπτη. Εάν δεν είστε ο ονομαζόμενος παραλήπτης, δε σας επιτρέπεται να αποθηκεύσετε, αντιγράψετε ή χρησιμοποιήσετε με οποιονδήποτε τρόπο τις πληροφορίες που περιέχονται σε αυτό το ηλεκτρονικό μήνυμα. Απαγορεύεται επίσης η περαιτέρω καθ' οιονδήποτε τρόπο χρήση και ανακοίνωση του μηνύματος από τον παραλήπτη του ή τρίτο, χωρίς τη συναίνεση του συντάκτη του. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] POSIX ACLs vs. EA security.NTACLs
On Fri, Feb 04, 2011 at 01:19:50AM +0900, TAKAHASHI Motonobu wrote: 2011/2/3 Robert W. Smith rwsm...@bislink.net: 7) Currently, if a users comes to me and says, 'I need the lawyer to have access to file XYZ', I would grant the POSIX ACL using the Linux CLI with, # setfacl -m g:mud-suckers:rw, without regard to the users OS platform. With vfs_xattr, do I now need to somehow 'sync' the POSIX ACL with the security.NTACL EA? If yes, how? Under acl_xattr enabled, you should not set POSIX ACLs manually. You have no way to sync. What will happen is that smbd will notice the NTACL and the POSIX ACL are no longer in sync (hash value changed) and delete the NTACL stored in the EA and re-sync with POSIX automatically. 3) If both POSIX ACL and security.NTACL exist on a file/directory, which does smbcacls show? What does Win* Properties--Security show? What does smbclient show? Maybe NTACL is shown. Remember, POSIX ACL is used to determine if access is allowed or not. NTACL is not referred. NTACL is shown. NTACL can deny additional access, but not override POSIX ACLs. Both are considered when accessing a file. A *lot* of new work has gone into this in 3.5.7 and Samba this version now passes the torture4 ACL tests (which are *really* nasty :-). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Adding LDAP Backend to Samba
Am 03.02.2011 20:26, schrieb J. Echter: Hi, im trying to use our LDAP server as backend for Samba (PDC). I used smbldap-tools to transfer samba users to our LDAP server. Now i have ou=computers, ou=idmap, ou=smb-usr and ou=groups. I added the following to my smb.conf ldap passwd sync = yes passdb backend = ldapsam:ldap://localhost ldap suffix = dc=workgroup,dc=local ldap admin dn = cn=admin,dc=workgroup,dc=local ldap machine suffix = ou=computers ldap user suffix = ou=smb-usr ldap group suffix = ou=groups ldap idmap suffix = ou=idmap ldap ssl = no # Scripts for Samba to use if it creates users, groups, etc. add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel %u add group script = /usr/sbin/smbldap-groupadd -p '%g' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' # Script that Samba users when a PC joins the domain .. # (when changing 'Computer Properties' on the PC) add machine script = /usr/sbin/smbldap-useradd -w '%u' but im still not able to login. I saw that there are users and computers all in ou=groups (cn=pc1$) and also in ou=computers (uid=pc1$) is this correcto? unfortunately i'm no samba expert either ldap :) thanks for helping. cheers juergen. sorry forgot to add some essential stuff. Samba: Version: 2:3.4.7~dfsg-1ubuntu3.3 on Ubuntu 10.04 LTS x64 thanks. :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Adding LDAP Backend to Samba
Does pbdedit -Lv show the users, groups and machines? On 02/03/2011 02:34 PM, J. Echter wrote: Am 03.02.2011 20:26, schrieb J. Echter: Hi, im trying to use our LDAP server as backend for Samba (PDC). I used smbldap-tools to transfer samba users to our LDAP server. Now i have ou=computers, ou=idmap, ou=smb-usr and ou=groups. I added the following to my smb.conf ldap passwd sync = yes passdb backend = ldapsam:ldap://localhost ldap suffix = dc=workgroup,dc=local ldap admin dn = cn=admin,dc=workgroup,dc=local ldap machine suffix = ou=computers ldap user suffix = ou=smb-usr ldap group suffix = ou=groups ldap idmap suffix = ou=idmap ldap ssl = no # Scripts for Samba to use if it creates users, groups, etc. add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel %u add group script = /usr/sbin/smbldap-groupadd -p '%g' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' # Script that Samba users when a PC joins the domain .. # (when changing 'Computer Properties' on the PC) add machine script = /usr/sbin/smbldap-useradd -w '%u' but im still not able to login. I saw that there are users and computers all in ou=groups (cn=pc1$) and also in ou=computers (uid=pc1$) is this correcto? unfortunately i'm no samba expert either ldap :) thanks for helping. cheers juergen. sorry forgot to add some essential stuff. Samba: Version: 2:3.4.7~dfsg-1ubuntu3.3 on Ubuntu 10.04 LTS x64 thanks. :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] multiple samba accounts
Is it possible on a windows computer to connect to a linux server with two samba accounts, simultaneous? My scenario is, I want to create two mapped network drives on a windows computer to two separate home directories on a linux server, but I want to require one samba user name and password to connect to home directory A and a second samba user name and password to connect to home directory B. As it stands right now, as soon as I connect to the first mapped network drive with the first samba account, when I go to create the second mapped network drive the windows computer tries to use the first samba account, instead of prompting for the second samba account. Thanks Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Adding LDAP Backend to Samba
Hi, im trying to use our LDAP server as backend for Samba (PDC). I used smbldap-tools to transfer samba users to our LDAP server. Now i have ou=computers, ou=idmap, ou=smb-usr and ou=groups. I added the following to my smb.conf ldap passwd sync = yes passdb backend = ldapsam:ldap://localhost ldap suffix = dc=workgroup,dc=local ldap admin dn = cn=admin,dc=workgroup,dc=local ldap machine suffix = ou=computers ldap user suffix = ou=smb-usr ldap group suffix = ou=groups ldap idmap suffix = ou=idmap ldap ssl = no # Scripts for Samba to use if it creates users, groups, etc. add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel %u add group script = /usr/sbin/smbldap-groupadd -p '%g' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' # Script that Samba users when a PC joins the domain .. # (when changing 'Computer Properties' on the PC) add machine script = /usr/sbin/smbldap-useradd -w '%u' but im still not able to login. I saw that there are users and computers all in ou=groups (cn=pc1$) and also in ou=computers (uid=pc1$) is this correcto? unfortunately i'm no samba expert either ldap :) thanks for helping. cheers juergen. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Adding LDAP Backend to Samba
Am 03.02.2011 20:43, schrieb Gaiseric Vandal: Does pbdedit -Lv show the users, groups and machines? Hi, no it doesn't. User Search failed! Cheers. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] multiple samba accounts
Marc Fromm wrote: Is it possible on a windows computer to connect to a linux server with two samba accounts, simultaneous? If you're using just simple file sharing with authentication, then yes. Connect the first share using the machine name, connect the second share using the machine's IP address. Doug -- Ben Franklin quote: Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] multiple samba accounts
On 02/03/2011 03:01 PM, Doug Lytle wrote: Marc Fromm wrote: Is it possible on a windows computer to connect to a linux server with two samba accounts, simultaneous? If you're using just simple file sharing with authentication, then yes. Connect the first share using the machine name, connect the second share using the machine's IP address. Doug My experience is that if you are on a windows XP machine and try to connect with multiple credentials, if will fail. e.g net use m: \\samba\share1 /user:user1 net user n: \\samba\share2 /user:user2 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] multiple samba accounts
Gaiseric Vandal wrote: My experience is that if you are on a windows XP machine and try to connect with multiple credentials, if will fail. I had the same experience, until I ran into an article that said for 1 share, use the name and for the other to use the IP address. I've been using that for around 6 months now, it works. Doug -- Ben Franklin quote: Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Double user name
I have two samba servers running Ubuntu 10.04 Samba Version 3.4.7 One server acts as domain controller and stores user ids in a .tdb Somehow I've ended up with a duplicate user name. On the Domain Controller # pdbedit -w -L|grep debbie debbie:1005::84DEC6FE3B018B0FB977EDDF5009742C:[U ]:LCT-4D4B086F: On the other Server running winbind I get # getent passwd|grep debbie debbie:*:10025:10001::/home/ATLANTA/debbie:/bin/bash LOUISE\debbie:*:10055:10232::/home/LOUISE/debbie:/bin/bash LOUISE\thelma\debbie:*:10056:10232::/home/LOUISE/thelma\debbie:/bin/bash # wbinfo -u|grep debbie LOUISE\debbie LOUISE\thelma\debbie debbie This is the only user that does this. Any ideas what is going on? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Adding LDAP Backend to Samba
maybe you need to run smbpasswd -w passwd for cn=admin,dc=workgroup,dc=local On Thu, 03 Feb 2011 16:56:37 -0300, J. Echter j.ech...@elektro-mayer-echter.de wrote: Am 03.02.2011 20:43, schrieb Gaiseric Vandal: Does pbdedit -Lv show the users, groups and machines? Hi, no it doesn't. User Search failed! Cheers. -- Jorge C. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Adding LDAP Backend to Samba
Am 03.02.2011 22:29, schrieb Jorge Concha C.: smbpasswd -w passwd for cn=admin,dc=workgroup,dc=local sudo smbpasswd -w secret Setting stored password for cn=admin,dc=workgroup,dc=local in secrets.tdb but still no login possible. is there a specific logfile i could have a look at? i looked at some logs from samba, but didn't see anything related... cheers. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Adding LDAP Backend to Samba
Am 03.02.2011 22:12, schrieb Gaiseric Vandal: On 02/03/2011 02:56 PM, J. Echter wrote: Am 03.02.2011 20:43, schrieb Gaiseric Vandal: Does pbdedit -Lv show the users, groups and machines? Hi, no it doesn't. User Search failed! Cheers. I don't use the ldap tools scripts, so my environment may not match yours exactly. You may also want to read through the scripts to see if they create users, computers and groups where you think they will. I don't know if the scripts check the smb.conf file - I suspect not. Sounds like your scripts are putting objects in one location, but samba expects them in another. I have my users and machines under the same suffix. You can have an ou below that suffix which would also get searched by samba. I have this since my LDAP backend also includes the unix account info- otherwise samba couldn't find the unix uid for my machine accounts. You may want to use a gui LDAP editor (e.g. apache directory studio) to get the entries into the correct location. Not sure if you can move then directly BUT you can export LDAP entries (or entire OU's) to a text file, delete the entries from ldap, edit the entries in the text file, and then reimport. yes, i also wondered if the accounts in the right position. i use phpldapadmin and could easily move entrys, but i wasn't sure if this is the right way to go... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Adding LDAP Backend to Samba
Am 03.02.2011 20:56, schrieb J. Echter: Am 03.02.2011 20:43, schrieb Gaiseric Vandal: Does pbdedit -Lv show the users, groups and machines? Hi, no it doesn't. User Search failed! Cheers. after using i get this with 'pbdedit -Lv' sudo pdbedit -Lv --- Unix username:bacula NT username: bacula Account Flags:[U ] User SID: S-1-5-21-3842863818-2180709222-141296495-1001 Primary Group SID:S-1-5-21-3842863818-2180709222-141296495-513 Full Name:bacula Home Directory: \\pdc\bacula HomeDir Drive:h: Logon Script: bacula.bat Profile Path: \\pdc\profile\bacula Domain: WORKGROUP Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: never Kickoff time: never Password last set:Fr, 04 Feb 2011 00:11:03 CET Password can change: Fr, 04 Feb 2011 00:11:03 CET Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FF only one user, but this one isnt added to samba, its the one i choose for installation of ubuntu. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Adding LDAP Backend to Samba
Am 04.02.2011 00:16, schrieb J. Echter: Am 03.02.2011 20:56, schrieb J. Echter: Am 03.02.2011 20:43, schrieb Gaiseric Vandal: Does pbdedit -Lv show the users, groups and machines? User Search failed! after using smbpasswd -w secret -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Seperate BIND server for Samba 4
On Thu, 2011-02-03 at 07:58 +0100, Helmut Hullen wrote: Hallo, Andrew, Du meintest am 03.02.11: Is it possible to use a seperate BIND server instead? I'd like to not run BIND on my file server. This isn't recommended. In future versions of Samba4, we will support BIND 9.8 and a plugin that will directly read and write our database, to support GSSTSIG dynamic updates and to allow multiple DNS servers in the domain. This will need to be on a real DC. Just for curiousity: I prefer dnsmasq as nameserver; do you support this program too? No. BIND is the only server that will support the range of functions Samba requires. I know BIND has a bad name in some minds, but we did look and there is no suitable alternative. I also don't think BIND deserves the reputation it has gained, but that's just my opinion. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Cisco Inc. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Access to s3 shares when userPrincipalName differs from the sAMAccountName
On Thu, 2011-02-03 at 10:39 +0100, Angelos Oikonomopoulos wrote: Hello all, I've been trying to use a Samba3 fileserver with security = ADS in a domain where the DC is Samba4. It all seems to work, except for users with long names. Is the authentication using NTLM or Kerberos? Either way, this is unlikely to be a Samba3 bug, given that it's not been raised before, so perhaps re-raise the issue on samba-technical, with network traces etc to show what's going on, and I'll happily look into it for you. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Cisco Inc. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.5.6, Solaris 10, pam_winbind.so will not link
Did you ever find a more elegant way of fixing this (I'm having the same problem and hacking the generated Makefile just seems wrong) -- View this message in context: http://samba.2283325.n4.nabble.com/Samba-3-5-6-Solaris-10-pam-winbind-so-will-not-link-tp3015506p3251459.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] RPC_S_PROCNUM_OUT_OF_RANGE
Hi, I had a linux server installed with samba 3.0.9-2.6 (SuSE 9.1) and a samba shared folder among 12 PC under WinXP/Win7. The linux server has been replaced by a new one a week ago. The new machine runs samba 3.5.4-5.1.2x86-64 with the same shared folder and the same smb.conf file. Till then, when the PCs try to connect to the samba share via explorer a window opens with the message Numéro de procédure hors de l'intervalle admis (RPC_S_PROCNUM_OUT_OF_RANGE corresponding to windows error 1745). Has anyone an idea how I could get rid of that message and gain access to the samba shared folder with the explorer ? I've registered the PCs names and passwords in smbpasswd and one user named nobody because I thought of a problem of recognition of the PCs. I've found many mails about this error but no solution. Does anyone have an idea ? Thanks -- - Nadine Mauch ReadySOFT Sarl 4 avenue de la Gare 67560 ROSHEIM Tel: (0033) 3 88.49.21.00 Fax: (0033) 3 88.50.47.43 mel: directio...@readysoft.eu mel: nadine.ma...@readysoft.eu site: www.readysoft.eu Déclaration de confidentialité : Ce message ainsi que toutes les pièces jointes sont confidentielles et établis à l'intention exclusive de leurs destinataires. Toute utilisation ou diffusion non autorisée est interdite. Tout message électronique est susceptible d'altération. Ready Soft décline toute responsabilité au titre de ce message s'il a été altéré, déformé ou falsifié. Important notice regarding confidentiality: This email and any attachments are confidential and intended solely for the addresses. Any unauthorised use or dissemination is prohibited. E-mails are susceptible to alteration. Neither Ready Soft shall be liable for the message if altered, changed or falsified. - # smb.conf is the main samba configuration file. You find a full commented # version at /usr/share/doc/packages/samba/examples/smb.conf.SuSE # Date: 2002-11-19 # [global] workgroup = ** guest account = nobody keepalive = 300 domain logons = no domain master = auto preferred master = yes os level = 20 kernel oplocks = yes security = user encrypt passwords = yes server string = Samba%v printer name = hp time server = yes unix extensions = yes # modif 28/01/11 display charset = UTF-8 unix charset = UTF-8 dos charset = ISO8859-15 #^ log level = 1 syslog = 0 printing = cups # printcap name = /etc/printcap load printers = yes socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY # veto files = /*.eml/*.nws/riched20.dll/*.{*}/ #si le nom d'utilisateur n'existe pas, on utilise le guest account map to guest = Bad User max connections = 25 max print jobs = 30 interfaces = 192.168.***.***/255.255.255.128 bind interfaces only = yes wins support = yes netbios name = ** #usershare allow guests = yes [Partage] comment = Repertoire windows sous linux path = /linux/Partage browseable = yes writeable = yes create mode = 0777 guest ok = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba only access by ip but not hostname/server string
Hi, my dns setup is 192.168.2.1, the ip address of the machine specifically is 192.168.2.101. Is that what you are asking for? -- View this message in context: http://samba.2283325.n4.nabble.com/Samba-only-access-by-ip-but-not-hostname-server-string-tp3249630p3252957.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba only access by ip but not hostname/server string
Hi, sorry, I finally got it to work finally, with changing the line:br / interfaces = eth0 192.168.2.101/24br / it finally do show up in my network places! and accessible through hostname. But there is a slight problem, my network streaming media player (play files off the shared folder in local network) can see the machine! but doesn't find any files in it, here is the log:br / blockquote //This is a normal computer connection:br / [2011/02/01 20:58:51.218145, 1] smbd/service.c:1070(make_connection_snum)br / ted-laptop (192.168.2.102) connect to service main initially as user root (uid=0, gid=0) (pid 9495)br / [2011/02/01 21:14:46.513152, 1] smbd/service.c:1070(make_connection_snum)br / ted-laptop (192.168.2.102) connect to service root initially as user root (uid=0, gid=0) (pid 9495)br / //This is the network streaming media playerbr / [2011/02/01 08:53:01.796675, 1] smbd/service.c:1070(make_connection_snum)br / 192.168.2.100 (192.168.2.100) connect to service root initially as user root (uid=0, gid=0) (pid 6114)br / [2011/02/01 08:53:01.814535, 1] smbd/service.c:1251(close_cnum)br / 192.168.2.100 (192.168.2.100) closed connection to service rootbr / [2011/02/01 08:53:17.596589, 1] smbd/service.c:1070(make_connection_snum)br / 192.168.2.100 (192.168.2.100) connect to service main initially as user root (uid=0, gid=0) (pid 6116)br / [2011/02/01 08:53:17.681783, 1] smbd/service.c:1251(close_cnum)br / 192.168.2.100 (192.168.2.100) closed connection to service mainbr / /blockquote The connection seems to close off in a few seconds, what is likely to be the issue? Thanks, Ted -- View this message in context: http://samba.2283325.n4.nabble.com/Samba-only-access-by-ip-but-not-hostname-server-string-tp3249630p3252978.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Need to Locate the GNU SMB Library Source Code
Volker, Thanks for your response. I think my original request may have been confusing. I don't have any Samba installation that contains a / smbval directory. That is my problem. I am using a product called Documentum Content Server where the documentation provides a way to customize a particular capability via utilization of the SMB Library Source Code. I am supposed to find that Library on the Samba.org web-site, but cannot seem to locate it. That is my question, where can I find the SMB Library Source Code? I hope you or someone else can help. Thanks so much! Bobby On Feb 1, 2011, at 7:43 AM, Volker Lendecke wrote: On Mon, Jan 31, 2011 at 01:11:24PM -0500, Bobby Baker wrote: My operating system is Solaris 10. I need the SMB Library Source Code, which I need to rebuild. I also need the smbvalid.a library located in the /smbval directory,. and the valid.h file located in the /include directory. I presume both of these files are contained in the library source, or will be generated as part of the rebuild. Samba does not contain or install a valid.h file. Also, I am not aware that Samba has anything to do with the /smbval directory. Can you post a ls -l /smbval on our machine, so that we can see that it looks like Samba? Thanks, Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3.5.6 - numerous regressions while running as AD member against Samba4alpha14 DC
Hi! I've setup Samba4alpha14 on a FreeBSD 8.2-RC2 box as a DC which just works serving network of a couple of dozens of Win7 clients. Then I installed Samba 3.5.6 on another of FreeBSD box and wanted to join it into the AD. I've run in the following set of issues: 1. Joining domain with net ads join -U administrator fails with the following error messages: kinit succeeded but ads_sasl_spnego_krb5_bind failed: Invalid credentials and then: Joining domain failed: Invalid credentials. Having spent some time in debugger I've finally managed to join the domain by adding the following line to my smd.conf: client ldap sasl wrapping = seal 2. Attempts to perform a dynamic DNS update with net ads dns register -P simply saying DNS update failed!. Again a couple of hours of debugging, and the problem is solved using the following patch. Please not though that I don't really understand what this patch actually does! :) diff -ur samba-3.5.6.orig/source3/libaddns/dnsgss.c samba-3.5.6/source3/libaddns/dnsgss.c --- samba-3.5.6.orig/source3/libaddns/dnsgss.c 2010-10-07 19:41:16.0 +0300 +++ samba-3.5.6/source3/libaddns/dnsgss.c 2011-02-01 16:31:35.0 +0200 @@ -175,7 +175,7 @@ * TODO: Compare id and keyname */ - if ((resp-num_additionals != 1) || + if (/*(resp-num_additionals != 1) ||*/ (resp-num_answers == 0) || (resp-answers[0]-type != QTYPE_TKEY)) { err = ERROR_DNS_INVALID_MESSAGE; 3. nss_winbind shows only a single group for each domain user. I mean when I issue the 'id username' command the 'Domain Users' group is returned as primary group for username, but memberships in any other groups is lost. I did not found a solution for this problem. Meanwhile I reverted to Samba 3.4.9 and it just works. I've joined the domain without client ldap sasl wrapping = seal being specified in the config file, DDNS updates just work without any patches, and group membership resolution is also works just fine. When replying to this mail please place me in CC as I am not subscribed to the list (yet). Best regards, Andrey. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] WinXP closing network share when starting task manager
Hello We use WinXP SP3 with samba version 3.5.4-2382-SUSE-SL10.0 We have some drives mapped to users, most of them work fine but one behaves weird: upon starting the task manager by ctrl-alt-delete, the network drive disconnects. From what i can tell is that windows disconnects the drive, so i don't think it is a bug of samba but maybe someone can help me figure this out :-) Attached is the log and the relevant parts of smb.conf p.s. the share's name is 'privat' thanks regards vinz # /etc/samba/smb.conf # a01 # 2006-08-21 (mr) [global] # server netbios name = NAS_OFFICE netbios aliases = sbs_cdsrv workgroup = SBS server string = NAS Office # 2010-08-09 meierv follow symlinks = yes wide links = yes unix extensions = no # 2010-08-09 end #2011-02-02 meierv obey pam restrictions = No #2011-02-02 meierv end # 2010-08-30 meierv min protocol = LANMAN1 lanman auth = yes client lanman auth = yes client ntlmv2 auth = yes ntlm auth = yes # 2010-08-30 end # network interfaces = 10.0.17.1 127.0.0.1 bind interfaces only = yes deny hosts = all allow hosts = 10.0. 127. 192.168.1. # domain local master = no preferred master = no domain master = no wins support = no # security security = domain password server = * username map = /etc/samba/smbusers # locking and performance strict locking = auto getwd cache = yes deadtime = 60 socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY #socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 ; SO_KEEPALIVE ; SO_REUSEADDR ; SO_BROADCAST ; SO_SNDBUF * ; SO_RCVBUF * ; SO_SNDLOWAT * ; SO_RCVLOWAT * ; IPTOS_LOWDELAY ; IPTOS_THROUGHPUT ; TCP_NODELAY ; read raw (default) ; write raw (default) ; max xmit (default = 65536) ### 2006-08-14 (mr) short preserve case = yes # logging syslog = 0 syslog only = no log level = 3 max log size = 1000 log file = /var/log/samba/%m.log debug timestamp = yes debug hires timestamp = yes debug pid = yes debug uid = yes # global settings create mask = 0640 directory mask = 2750 acl map full control = yes #lanman auth = yes #client lanman auth = yes #client ntlmv2 auth = yes # print settings #s07load printers = yes load printers = no #s07printing = cups # printing = #s07printcap name = cups printcap name = cups [privat] comment = Privates Verzeichnis %U path = /nas/pdc/homedir/%U writeable = yes create mask = 0600 force create mode = 0600 directory mask = 2700 force directory mode = 2700 map archive = no map hidden = no map system = no dos filemode = no force group = users valid users = +users[2011/02/02 16:30:58.540073, 3, pid=12823, effective(0, 0), real(0, 0)] smbd/process.c:1485(process_smb) Transaction 209 of length 240 (0 toread) [2011/02/02 16:30:58.540158, 3, pid=12823, effective(0, 0), real(0, 0)] smbd/process.c:1294(switch_message) switch message SMBsesssetupX (pid 12823) conn 0x0 [2011/02/02 16:30:58.540188, 3, pid=12823, effective(0, 0), real(0, 0)] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/02/02 16:30:58.540227, 3, pid=12823, effective(0, 0), real(0, 0)] smbd/sesssetup.c:1435(reply_sesssetup_and_X) wct=12 flg2=0xc807 [2011/02/02 16:30:58.540256, 3, pid=12823, effective(0, 0), real(0, 0)] smbd/sesssetup.c:1189(reply_sesssetup_and_X_spnego) Doing spnego session setup [2011/02/02 16:30:58.540290, 3, pid=12823, effective(0, 0), real(0, 0)] smbd/sesssetup.c:1231(reply_sesssetup_and_X_spnego) NativeOS=[Windows 2002 Service Pack 3 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] [2011/02/02 16:30:58.540352, 3, pid=12823, effective(0, 0), real(0, 0)] smbd/sesssetup.c:805(reply_spnego_negotiate) reply_spnego_negotiate: Got secblob of size 40 [2011/02/02 16:30:58.540410, 3, pid=12823, effective(0, 0), real(0, 0)] libsmb/ntlmssp.c:65(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0xa2088207 [2011/02/02 16:30:58.541026, 3, pid=12823, effective(0, 0), real(0, 0)] smbd/process.c:1485(process_smb) Transaction 210 of length 260 (0 toread) [2011/02/02 16:30:58.541064, 3, pid=12823, effective(0, 0), real(0, 0)] smbd/process.c:1294(switch_message) switch message SMBsesssetupX (pid 12823) conn 0x0 [2011/02/02 16:30:58.541093, 3, pid=12823, effective(0, 0), real(0, 0)] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx
[Samba] ADS 2008 configuration
Hi, I am Inderjit, and have some issues with configuration of samba with ADS 2008. I am able to connect to ADS 2008, but command getent group doesn't show always the output with ADS groups. We have more that 25000 users and domain controller is not located at same location. Could you please give me a hints or suggestions, what can be changed to solve this issue. Regards Inderjit -- NEU: FreePhone - kostenlos mobil telefonieren und surfen! Jetzt informieren: http://www.gmx.net/de/go/freephone -- NEU: FreePhone - kostenlos mobil telefonieren und surfen! Jetzt informieren: http://www.gmx.net/de/go/freephone -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] PAM authentication with winbind and AD
All, After two days of googling, reading, swearing and cursing, I am finally admitting I cannot solve this one. I have three production FreeBSD servers running various network utilities (DHCP, bacula, zabix, syslog, rsync). These have been running fine for several years. As a primary Windows domain (accounting firm. Not much choice), I like to centralize all logins into AD which is currently mixed 2003/2008 DCs. To achieve this with FreeBSD, I have been using the following instructions since FreeBSD 6.1 and Samba 3.0 with the exception that I built all the ports through the ports collection: http://oslabs.mikro-net.com/fbsd_samba.html It has always worked for several years through FreeBSD 7.1 and Samba 3.2 with the current AD structure but recently I decided to upgrade the Samba port and now I am having issues. To troubleshoot, I have setup a clean install of FreeBSD 8.1 with the follow ports built with the following options and setup: openntpd heimdal 1.4 IPV6=on KCM=on BDB=off SQLITE=off LDAP=off PKINIT=on DIGEST=on KX509=on KRB4=off CRACKLIB=off X11=off cyprus-sasl2 BDB=on MYSQL=off PGSQL=off SQLITE=off DEV_URANDOM=off ALWAYSTRUE=off KEEP_DB_OPEN=off AUTHDAEMOND=off LOGIN=off PLAIN=off CRAM=off DIGEST=off OTP=off NTLM=off openldap24-sasl-client SASL=on FETCH=on samba 3.5 LDAP=on ADS=on CUPS=off WINBIND=on SWAT=off ACL_SUPPORT=on AIO_SUPPORT=on FAM_SUPPORT=on SYSLOG=on QUOTAS=on UTMP=on PAM_SMBPASS=on DNSUPDATE=off AVAHI=off EXP_MODULES=on POPT=on IPV6=off MAX_DEBUG=off SMBTORTURE=off After setting up as I have before, I can get ldapsearch, wbinfo -u and getent passwd username to display the correct info. It appears that winbind is communicating with AD. But the login command fails with a signal 11 (core dump) and no other info. I have included configs and an abridged log below as well. Some information in the configs and logs have been edited for security but I am sure they are set correctly in the real files. I would appreciate any help. If there is easier, newer and/or better way to authenticate users to AD on FreeBSD, please let me know. I don't use Samba for file shares, just for authentication. /etc/krb5.conf [logging] default = SYSLOG:AUTH:INFO kdc = SYSLOG:AUTH:INFO admin_server = SYSLOG:AUTH:INFO [libdefaults] default_domain = EXAMPLE.COM [realms] EXAMPLE.COM = { kdc = gnv-dc3-tmp.example.com default_domain = example.com admin_server = gnv-dc3-tmp.example.com } [domain_realm] .example.com = EXAMPLE.COM example.com = EXAMPLE.COM .EXAMPLE.COM = EXAMPLE.COM [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } /usr/local/etc/openldap/ldap.conf host gnv-dc3-tmp.example.com base dc=example,dc=com ldap_version 3 URI ldap://gnv-dc3-tmp.example.com binddn cn=username,cn=GNV,cn=AllUsers,dc=example,dc=com bindpw p@55w0rd scope sub pam_login_attribute sAMAccountName pam_passwd md5 idle_timeout 3600 nss_base_passwd dc=example,dc=com?one nss_base_group dc=example,dc=com?one sasl_secprops maxssf=0 krb5_ccname FILE:/tmp/krb5cc_0 /etc/pam.d/login authsufficient pam_winbind.so authsufficient pam_self.so no_warn authinclude system # account account sufficient pam_winbind.so account requisite pam_securetty.so account requiredpam_nologin.so account include system # session session include system # password passwordinclude system /etc/nsswitch.conf group: files winbind group_compat: nis hosts: files dns networks: files passwd: files winbind passwd_compat: nis shells: files services: compat services_compat: nis protocols: files rpc: files /usr/local/etc/smb.conf [global] realm = EXAMPLE.COM security = ADS encrypt passwords = yes socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_SNDBUF=8192 SO_RCVBUF=8192 workgroup = EXAMPLE server string = allow trusted domains = no idmap backend = idmap_rid:EXAMPLE=10-20 idmap uid = 11-20 idmap gid = 11-20 netbios name = GNV-NS2-TMP winbind use default domain = yes syslog = 3 syslog only = yes template shell = /bin/tcsh restrict anonymous = 2 client ntlmv2 auth = yes /var/log/all.log Feb 3 16:09:38 gnv-ns2-tmp ntpd[29094]: ntp engine ready Feb 3 16:09:40 gnv-ns2-tmp ntpd[29093]: set local clock to Thu Feb 3 16:09:40 EST 2011 (offset 1.713505s) Feb 3 16:10:03 gnv-ns2-tmp ntpd[29094]: peer 192.168.4.19 now valid Feb 3 16:12:27 gnv-ns2-tmp ntpd[29094]: clock is now synced Feb 3 16:13:31 gnv-ns2-tmp ntpd[29096]: adjusting local clock by 0.032613s Feb 3 17:07:37 gnv-ns2-tmp smbd[25927]: [2011/02/03 17:07:37.413455, 1] smbd/files.c:193(file_init) Feb 3
Re: [Samba] Double user name
Hallo, Robert, Du meintest am 03.02.11: I have two samba servers running Ubuntu 10.04 Samba Version 3.4.7 One server acts as domain controller and stores user ids in a .tdb Somehow I've ended up with a duplicate user name. On the Domain Controller # pdbedit -w -L|grep debbie debbie:1005::84DEC6FE3B018B0FB977EDDF 5009742C:[U ]:LCT-4D4B086F: Looks like no valid password. On the other Server running winbind I get # getent passwd|grep debbie debbie:*:10025:10001::/home/ATLANTA/debbie:/bin/bash LOUISE\debbie:*:10055:10232::/home/LOUISE/debbie:/bin/bash LOUISE\thelma\debbie:*:10056:10232::/home/LOUISE/thelma\debbie:/bin/b ash Looks like no valid password too. Do you use LDAP? Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Seperate BIND server for Samba 4
Hallo, Andrew, Du meintest am 04.02.11: Just for curiousity: I prefer dnsmasq as nameserver; do you support this program too? No. BIND is the only server that will support the range of functions Samba requires. That doesn't please me - sorry. I know BIND has a bad name in some minds, but we did look and there is no suitable alternative. I also don't think BIND deserves the reputation it has gained, but that's just my opinion. Perhaps you should ask at least the maintainer(s) of dnsmasq for some additions. ISC-named is a monster. Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] multiple samba accounts
The first home share I think is mapped at domain login!?? Let's say S:!? Do you use a logon script? So the second ,or the first too, home share could be mapped from the command prompt Or script like this: net use R: \\otherserver\otherhome passwordotherserver /user:yourotherserver-domain\usernameotherserver Good Luck Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Marc Fromm Gesendet: Donnerstag, 3. Februar 2011 20:42 An: samba@lists.samba.org Betreff: [Samba] multiple samba accounts Is it possible on a windows computer to connect to a linux server with two samba accounts, simultaneous? My scenario is, I want to create two mapped network drives on a windows computer to two separate home directories on a linux server, but I want to require one samba user name and password to connect to home directory A and a second samba user name and password to connect to home directory B. As it stands right now, as soon as I connect to the first mapped network drive with the first samba account, when I go to create the second mapped network drive the windows computer tries to use the first samba account, instead of prompting for the second samba account. Thanks Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] application can not delete from samba share
Hi Read all of the changelogs between versions. It is impossible. Could you imagine how many things changed since version 2.x ? CIFS implementation for example .. Regards: Zoltan Eredeti üzenet Tárgy: Re: [Samba] application can not delete from samba share Feladó: Chris Smith smb...@chrissmith.org Címzett: nzol...@freemail.hu CC: samba@lists.samba.org Dátum: 2/3/2011 4:53 PM On Thu, Feb 3, 2011 at 7:07 AM, Nemeth Zoltannzol...@freemail.hu wrote: How can I found out the reason, why delete from samba is different from winappl. point of view then other shares. Read all of the changelogs between versions. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via f4bc9df replace: Try to fix broken sys/capabilites.h on Linux. via 0539d2a Revert replace: Try to fix broken sys/capabilites.h on Linux. via e025a21 s3:libnet_dssync_passdb: remove useless DEBUG statements from 7b30c02 s3-epmap: use correct dcerpc client header in dcerpc_ep.c http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit f4bc9df100f37b69160c50a87009bba43d8f2e35 Author: Stefan Metzmacher me...@samba.org Date: Wed Feb 2 10:40:06 2011 +0100 replace: Try to fix broken sys/capabilites.h on Linux. As this is more or less a broken header we need to include linux/types.h before sys/capabilities.h to avoid redefinitions. Systems like ClearOS 5.2 need linux/types.h very early. metze Autobuild-User: Stefan Metzmacher me...@samba.org Autobuild-Date: Thu Feb 3 05:26:12 CET 2011 on sn-devel-104 (cherry picked from commit 1e42aa6b3a2912426caebaf89596fa7c9f19ba2e) commit 0539d2a1a75dcc0a3f20b42890121e71691a00a6 Author: Stefan Metzmacher me...@samba.org Date: Thu Feb 3 03:32:21 2011 +0100 Revert replace: Try to fix broken sys/capabilites.h on Linux. This reverts commit c2207e9b2cdec9cd4c32184c668a2c469edb7148. This still doesn't build for me on ClearOS 5.2. metze (cherry picked from commit 5f18925e695d0c271aea456a4ee63aeb1e8bbf96) commit e025a21c604bb854474b84b45bc3d94d05a5dea5 Author: Stefan Metzmacher me...@samba.org Date: Thu Feb 3 02:11:41 2011 +0100 s3:libnet_dssync_passdb: remove useless DEBUG statements metze Autobuild-User: Stefan Metzmacher me...@samba.org Autobuild-Date: Thu Feb 3 04:20:54 CET 2011 on sn-devel-104 (cherry picked from commit c1c3cb0a237b1ba075e67979f9aad329d6e5914f) --- Summary of changes: lib/replace/libreplace.m4 |2 ++ lib/replace/replace.h |7 +++ lib/replace/system/capability.h |4 lib/replace/system/config.m4 |1 - lib/replace/wscript |4 ++-- source3/libnet/libnet_dssync_passdb.c |4 6 files changed, 11 insertions(+), 11 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/replace/libreplace.m4 b/lib/replace/libreplace.m4 index 3dd64ef..24fc5cd 100644 --- a/lib/replace/libreplace.m4 +++ b/lib/replace/libreplace.m4 @@ -89,6 +89,8 @@ AC_INCLUDES_DEFAULT #endif] ) +AC_CHECK_HEADERS(linux/types.h) + AC_CACHE_CHECK([for working mmap],libreplace_cv_HAVE_MMAP,[ AC_TRY_RUN([#include $libreplacedir/test/shared_mmap.c], libreplace_cv_HAVE_MMAP=yes,libreplace_cv_HAVE_MMAP=no,libreplace_cv_HAVE_MMAP=cross)]) diff --git a/lib/replace/replace.h b/lib/replace/replace.h index f738658..60aa3d4 100644 --- a/lib/replace/replace.h +++ b/lib/replace/replace.h @@ -121,6 +121,13 @@ #include stddef.h #endif +#ifdef HAVE_LINUX_TYPES_H +/* + * This is needed as some broken header files require this to be included early + */ +#include linux/types.h +#endif + #ifndef HAVE_STRERROR extern char *sys_errlist[]; #define strerror(i) sys_errlist[i] diff --git a/lib/replace/system/capability.h b/lib/replace/system/capability.h index 832bc29..a7b78f0 100644 --- a/lib/replace/system/capability.h +++ b/lib/replace/system/capability.h @@ -37,10 +37,6 @@ #define BROKEN_RHEL5_SYS_CAP_HEADER_WORKAROUND #endif -#ifdef HAVE_LINUX_TYPES_H -#include linux/types.h -#endif - #include sys/capability.h #ifdef BROKEN_RHEL5_SYS_CAP_HEADER_WORKAROUND diff --git a/lib/replace/system/config.m4 b/lib/replace/system/config.m4 index 71d3d53..04364bc 100644 --- a/lib/replace/system/config.m4 +++ b/lib/replace/system/config.m4 @@ -25,7 +25,6 @@ fi AC_HEADER_SYS_WAIT # capability -AC_CHECK_HEADERS(linux/types.h) AC_CHECK_HEADERS(sys/capability.h) case $host_os in diff --git a/lib/replace/wscript b/lib/replace/wscript index 23bb5c3..7e90206 100644 --- a/lib/replace/wscript +++ b/lib/replace/wscript @@ -37,10 +37,10 @@ def configure(conf): conf.DEFINE('_OSF_SOURCE', 1, add_to_cflags=True) conf.DEFINE('_XOPEN_SOURCE', 600, add_to_cflags=True) -conf.CHECK_HEADERS('crypt.h locale.h acl/libacl.h compat.h') +conf.CHECK_HEADERS('linux/types.h crypt.h locale.h acl/libacl.h compat.h') conf.CHECK_HEADERS('acl/libacl.h attr/xattr.h compat.h ctype.h dustat.h') conf.CHECK_HEADERS('fcntl.h fnmatch.h glob.h history.h krb5.h langinfo.h') -conf.CHECK_HEADERS('libaio.h linux/types.h locale.h ndir.h pwd.h') +conf.CHECK_HEADERS('libaio.h locale.h ndir.h pwd.h') conf.CHECK_HEADERS('shadow.h sys/acl.h') conf.CHECK_HEADERS('sys/attributes.h sys/capability.h sys/dir.h sys/epoll.h') conf.CHECK_HEADERS('sys/fcntl.h sys/filio.h sys/filsys.h sys/fs/s5param.h sys/fs/vx/quota.h') diff --git
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 39a3be5 Fix a couple of missing checks on talloc returns. from f4bc9df replace: Try to fix broken sys/capabilites.h on Linux. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 39a3be57e19736af1b640c71f2c5722516aa8e07 Author: Jeremy Allison j...@samba.org Date: Wed Feb 2 12:20:18 2011 -0800 Fix a couple of missing checks on talloc returns. Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Wed Feb 2 22:23:46 CET 2011 on sn-devel-104 (cherry picked from commit 40850b3b275494b91b59ebc5e25e11e2235ed722) --- Summary of changes: source3/librpc/rpc/dcerpc_ep.c |5 + 1 files changed, 5 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/librpc/rpc/dcerpc_ep.c b/source3/librpc/rpc/dcerpc_ep.c index b0c9104..cfbe0ab 100644 --- a/source3/librpc/rpc/dcerpc_ep.c +++ b/source3/librpc/rpc/dcerpc_ep.c @@ -70,6 +70,10 @@ NTSTATUS dcerpc_binding_vector_create(TALLOC_CTX *mem_ctx, b-object = iface-syntax_id; if (b-transport == NCACN_NP) { b-host = talloc_asprintf(b, %s, global_myname()); + if (b-host == NULL) { + status = NT_STATUS_NO_MEMORY; + goto done; + } } bvec-bindings[i] = *b; @@ -162,6 +166,7 @@ static NTSTATUS ep_register(const struct ndr_interface_table *iface, map_tower = talloc_zero(entries, struct epm_twr_t); if (map_tower == NULL) { + status = NT_STATUS_NO_MEMORY; goto done; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 13470f1 charcnv: removed call to setlocale() (bug 7519) from 1e42aa6 replace: Try to fix broken sys/capabilites.h on Linux. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 13470f11ee47da446eb7094c29dbc8ff402aede9 Author: Andrew Tridgell tri...@samba.org Date: Fri Feb 4 16:04:30 2011 +1100 charcnv: removed call to setlocale() (bug 7519) We don't need this setlocale() call, and it can break applications that use our libraries Thanks to Milan Crha for pointing this out Autobuild-User: Andrew Tridgell tri...@samba.org Autobuild-Date: Fri Feb 4 06:51:01 CET 2011 on sn-devel-104 --- Summary of changes: lib/util/charset/charcnv.c | 10 -- 1 files changed, 0 insertions(+), 10 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/util/charset/charcnv.c b/lib/util/charset/charcnv.c index f8aeea3..59b36e3 100644 --- a/lib/util/charset/charcnv.c +++ b/lib/util/charset/charcnv.c @@ -139,16 +139,6 @@ static smb_iconv_t get_conv_handle(struct smb_iconv_convenience *ic, if (initialised == false) { initialised = true; - -#ifdef LC_ALL - /* we set back the locale to C to get ASCII-compatible - toupper/lower functions. For now we do not need - any other POSIX localisations anyway. When we - should really need localized string functions one - day we need to write our own ascii_tolower etc. - */ - setlocale(LC_ALL, C); -#endif } if (ic-conv_handles[from][to]) { -- Samba Shared Repository