Re: [Samba] samba policies? logon scripts?
As long as you are guessing around gpos you better take a look at samba4 and a samba3 member server Making the things samba4 is yet not willing to do. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von TAKAHASHI Motonobu Gesendet: Mittwoch, 9. Februar 2011 16:23 An: fdel...@rojatex.com Cc: samba@lists.samba.org Betreff: Re: [Samba] samba policies? logon scripts? 2011/2/9 : > Kind of dificult, dark, and poorly documented task, isnt it? > > While i found docens of samba config manuals and examples, i cant find > info about a logon script. > I had to get the poledit.exe from a Service Pack from w2000... > > too much complexity for placing a desktop shortcut. > > Is this the only way? To create logon script and NTconfig.pol is basically the work on Windows side. At the view of Samba, to create NETLOGON share and to put NTconfig.pol already created on Windows is the only work about system policy. Also to specify the name of logon script in smb.conf and putting proper logon script to proper path is about logon script. Basically you had better search these topics into Windows documents. Remember that system policy is suitable for NT4, so you should search in old docs. > Oh, and Takahashi, i had an unanswered question from my last doub. Would > you be kind to answer here even if its not the topic? > > I can only "automatically map" > unix admins - nt domain admins > unix users - nt domain users > > the other groups i create, must be added manually in each windows client > to each DOMAIN/unix-group, right? If you can use GPO, you can add any domain groups to local groups automatically. But unfortunately Samba 3 domain does not support GPO. --- TAKAHASHI Motonobu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] xp to samba domain member
Try [Global] password server= yourdomainserver Good Luck Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Robert Fitzpatrick Gesendet: Donnerstag, 10. Februar 2011 00:11 An: Samba Betreff: [Samba] xp to samba domain member I have a Samba PDC setup on FreeBSD with a WinXP, Win7, 2003 server and Ubuntu Linux all joined. All works from each workstation except for my Windows XP unable to access the Linux member. It can access all other computers except that one while Win7 and 2003 server have no problems accessing this Samba Linux member. The Linux member is running Samba 3.4.7... > [global] > netbios name = MEDIA > workgroup = FITZ > security = DOMAIN > username map = /etc/samba/smbusers > log level = 10 > syslog = 0 > log file = /var/log/samba/%m > max log size = 50 > smb ports = 139 > name resolve order = wins bcast hosts > printcap name = CUPS > wins server = 192.168.1.21 > winbind trusted domains only = Yes > printer admin = root > printing = cups This WinXP client has SP3 and joined the same Samba PDC domain FITZ as all other workstations without a problem. It can access all other computers and shares, but this Linux member and the error is 'The network path was not found'. I have tried shutting down firewall and virus protections. Anyone know what can cause this type of problem between WinXP SP3 and a Samba member? -- Robert -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Differences adding printers between Windows XP & Windows 7
Okay, this turns out to be an oddity with the printer driver it seems. I can use the 32 bit UPD driver on both 32 and 64 bit clients without issue. Nevermind, and disregard. thanks, Jack On 02/09/2011 16:22, Jack Downes wrote: Not sure what's going on here, but it's got to be a permissions thing it would seem. Background: working ADS. Samba 3.5.6 atop Freebsd 8.1 as domain member When I attempt to load drivers with Windows XP Pro (32bit), everything is fine. I can load either x32 drivers or x64 drivers. The same cannot be said for Windows 7. I cannot correctly load drivers with Windows 7, and here is a typical error when attempting to load x64 drivers with Windows 7 Pro (64 bit). -- [2011/02/09 15:49:46.330375, 3] switch message SMBclose (pid 2564) conn 0x803c1cc50 [2011/02/09 15:49:46.330433, 3] setting sec ctx (1001, 1001) - sec_ctx_stack_ndx = 0 [2011/02/09 15:49:46.330519, 3] close fd=46 fnum=17359 (numopen=1) [2011/02/09 15:49:46.330657, 3] fill_share_mode_lock failed [2011/02/09 15:49:46.330700, 3] fill_share_mode_lock failed [2011/02/09 15:49:46.330783, 2] printserver closed file x64/SETF9B9.tmp (numopen=0) NT_STATUS_OK [2011/02/09 15:49:46.332043, 3] Transaction 9443 of length 112 (0 toread) [2011/02/09 15:49:46.332084, 3] switch message SMBtrans2 (pid 2564) conn 0x803c1cc50 [2011/02/09 15:49:46.332119, 3] setting sec ctx (1001, 1001) - sec_ctx_stack_ndx = 0 [2011/02/09 15:49:46.332174, 3] call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2011/02/09 15:49:46.332345, 3] call_trans2qfilepathinfo: SMB_VFS_STAT of x64/cioum64.msi failed (No such file or directory) [2011/02/09 15:49:46.332463, 3] error packet at smbd/trans2.c(5210) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND [2011/02/09 15:49:46.334642, 3] Transaction 9444 of length 118 (0 toread) [2011/02/09 15:49:46.334746, 3] switch message SMBtrans2 (pid 2564) conn 0x803c1cc50 [2011/02/09 15:49:46.334807, 3] setting sec ctx (1001, 1001) - sec_ctx_stack_ndx = 0 [2011/02/09 15:49:46.334875, 3] call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 [2011/02/09 15:49:46.334967, 3] creating new dirptr 256 for path x64, expect_close = 1 Any help would be appreciated. Any more errors logging or whatnot that i can provide I will. this is at loglevel=3 thanks, Jack -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mount -F smbfs
2011/2/9 Volker Lendecke : > On Wed, Feb 09, 2011 at 08:40:49AM +0900, TAKAHASHI Motonobu wrote: >> 2011/2/8 Hosam Al Ali : >> >> > plz if u have any idea about mount windows share inside Solaris10 OS with >> > mount -F smbfs or mount -F cifs >> >> mount.cifs is a successor of mount.smbfs and mount.smbfs >> is no longer supported after Samba 3.2.0. So you should >> use mount.cifs. > > That's true for Linux, I'm not so sure about mount.cifs on > Solaris. Sorry, I forgot it's a Solaris 10 question. For Solaris 10, I think Sharity-Light is available: http://www.obdev.at/products/sharity-light/ But it's an old product and has security problem that Sharity-Light cannot use other than plain text password. In Solaris, it seems that there is another CIFS system: http://download.oracle.com/docs/cd/E19963-01/821-1449/6nmechs5a/index.html But I do not know the detail and it's available in Solaris 10 or not. --- TAKAHASHI Motonobu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Differences adding printers between Windows XP & Windows 7
Not sure what's going on here, but it's got to be a permissions thing it would seem. Background: working ADS. Samba 3.5.6 atop Freebsd 8.1 as domain member When I attempt to load drivers with Windows XP Pro (32bit), everything is fine. I can load either x32 drivers or x64 drivers. The same cannot be said for Windows 7. I cannot correctly load drivers with Windows 7, and here is a typical error when attempting to load x64 drivers with Windows 7 Pro (64 bit). -- [2011/02/09 15:49:46.330375, 3] switch message SMBclose (pid 2564) conn 0x803c1cc50 [2011/02/09 15:49:46.330433, 3] setting sec ctx (1001, 1001) - sec_ctx_stack_ndx = 0 [2011/02/09 15:49:46.330519, 3] close fd=46 fnum=17359 (numopen=1) [2011/02/09 15:49:46.330657, 3] fill_share_mode_lock failed [2011/02/09 15:49:46.330700, 3] fill_share_mode_lock failed [2011/02/09 15:49:46.330783, 2] printserver closed file x64/SETF9B9.tmp (numopen=0) NT_STATUS_OK [2011/02/09 15:49:46.332043, 3] Transaction 9443 of length 112 (0 toread) [2011/02/09 15:49:46.332084, 3] switch message SMBtrans2 (pid 2564) conn 0x803c1cc50 [2011/02/09 15:49:46.332119, 3] setting sec ctx (1001, 1001) - sec_ctx_stack_ndx = 0 [2011/02/09 15:49:46.332174, 3] call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2011/02/09 15:49:46.332345, 3] call_trans2qfilepathinfo: SMB_VFS_STAT of x64/cioum64.msi failed (No such file or directory) [2011/02/09 15:49:46.332463, 3] error packet at smbd/trans2.c(5210) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND [2011/02/09 15:49:46.334642, 3] Transaction 9444 of length 118 (0 toread) [2011/02/09 15:49:46.334746, 3] switch message SMBtrans2 (pid 2564) conn 0x803c1cc50 [2011/02/09 15:49:46.334807, 3] setting sec ctx (1001, 1001) - sec_ctx_stack_ndx = 0 [2011/02/09 15:49:46.334875, 3] call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 [2011/02/09 15:49:46.334967, 3] creating new dirptr 256 for path x64, expect_close = 1 Any help would be appreciated. Any more errors logging or whatnot that i can provide I will. this is at loglevel=3 thanks, Jack -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] xp to samba domain member
I have a Samba PDC setup on FreeBSD with a WinXP, Win7, 2003 server and Ubuntu Linux all joined. All works from each workstation except for my Windows XP unable to access the Linux member. It can access all other computers except that one while Win7 and 2003 server have no problems accessing this Samba Linux member. The Linux member is running Samba 3.4.7... > [global] > netbios name = MEDIA > workgroup = FITZ > security = DOMAIN > username map = /etc/samba/smbusers > log level = 10 > syslog = 0 > log file = /var/log/samba/%m > max log size = 50 > smb ports = 139 > name resolve order = wins bcast hosts > printcap name = CUPS > wins server = 192.168.1.21 > winbind trusted domains only = Yes > printer admin = root > printing = cups This WinXP client has SP3 and joined the same Samba PDC domain FITZ as all other workstations without a problem. It can access all other computers and shares, but this Linux member and the error is 'The network path was not found'. I have tried shutting down firewall and virus protections. Anyone know what can cause this type of problem between WinXP SP3 and a Samba member? -- Robert -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] archive in the future
On Tuesday 08 February 2011, Helmut Hullen elucidated thus: > Hallo, samba, > > the mailinglist archive shows some articles from the future: > > http://lists.samba.org/archive/samba/ > > I'm impressed! > > Viele Gruesse! > Helmut The joys of misconfigured MTAs or MUAs. Mailman is a little bit "dumb" when it comes to date fields. Of course, that doesn't prevent me from using it. :) j -- Joshua Kugler Part-Time System Admin/Programmer http://www.eeinternet.com - Fairbanks, AK PGP Key: http://pgp.mit.edu/ ID 0x73B13B6A -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Moving from SAMBA to 2003 domain with XP SP# client machines roaming profiles stopped working
We have been directed to move off a SAMBA domain to a server 2003R2 domain. We run roaming profiles with samba and would like to continue this on 2003R2. After bringing all the XPSP3 desktops into the 2003R2 domain, roaming profiles wont work. I'm not even trying to use the SAMBA generated profiles. The error I get when logging on is: *Windows cannot locate the server copy of your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you logoff. Errors in the event viewer are: DETAIL - Configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied. This only happens on machines we switched from SAMBA. Any other machine we add to the AD Domain that wasn't in the SAMBA domain handles roaming profiles just fine. Has anyone ever seen this behavior? I've checked the permissions on "Documents and Settings" and they are the same as on other machines that work so I don't think it's a permissions problem loading a profile into the Documents and Settings Dir. I've tried flushing old local group policies with gpedit, loading the policy templates. I just don't know where to go from here and what else to try, short of re-imaging the machines. They come into the AD Domain just fine and authenticate users, but roaming profiles won't load. This even occurs if the roaming profile account used is a "Domain Admin". We are using SAMBA version 3.0.33... Thank you very much in advance for your time... Doug P (Sadly moving off Linux) * ** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem with trust relationship
Hi John and others, Tks for the feedback. I tried the configs you showed to me and unfortunally did not work. Also, there is a [small] number of windows xp and vista getting the same problem too. Any new ideas? You need to re add the systems back to the domain after the trust expires. The registry entries are to prevent the expiration not to fix an already expired trust. The easy way to test is to use the Windoze network wizard and keep the name the same. If the join works and on reboot the trust works then it is most definately the machine pass issue. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem with trust relationship
> Hi John and others, > > Tks for the feedback. I tried the configs you showed to me and > unfortunally did not work. Also, there is a [small] number of windows > xp and vista getting the same problem too. Any new ideas? You need to re add the systems back to the domain after the trust expires. The registry entries are to prevent the expiration not to fix an already expired trust. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem with trust relationship
On Wed, Feb 9, 2011 at 4:06 PM, John Drescher wrote: > On Wed, Feb 9, 2011 at 1:04 PM, Leonardo Carneiro > wrote: >> Hello everyone, >> >> I have a Samba 3.4.7 + OpenLDAP working as PDC. Since this morning, >> some computers, mainly the ones with Windows 7, are getting trust >> relationship problems and I cannot find the source of the problem. All >> my windows boxes do automatic updates, and there was a pack of 9 or 10 >> updates yesterday, but i don't know if this have some relation with >> the problem. >> >> I don't know exactly what kind of information i should give to get >> extra help, so any help is welcome. >> > > http://www.mail-archive.com/samba@lists.samba.org/msg110665.html > > John > Hi John and others, Tks for the feedback. I tried the configs you showed to me and unfortunally did not work. Also, there is a [small] number of windows xp and vista getting the same problem too. Any new ideas? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem with trust relationship
On Wed, Feb 9, 2011 at 1:04 PM, Leonardo Carneiro wrote: > Hello everyone, > > I have a Samba 3.4.7 + OpenLDAP working as PDC. Since this morning, > some computers, mainly the ones with Windows 7, are getting trust > relationship problems and I cannot find the source of the problem. All > my windows boxes do automatic updates, and there was a pack of 9 or 10 > updates yesterday, but i don't know if this have some relation with > the problem. > > I don't know exactly what kind of information i should give to get > extra help, so any help is welcome. > http://www.mail-archive.com/samba@lists.samba.org/msg110665.html John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem with trust relationship
Hello everyone, I have a Samba 3.4.7 + OpenLDAP working as PDC. Since this morning, some computers, mainly the ones with Windows 7, are getting trust relationship problems and I cannot find the source of the problem. All my windows boxes do automatic updates, and there was a pack of 9 or 10 updates yesterday, but i don't know if this have some relation with the problem. I don't know exactly what kind of information i should give to get extra help, so any help is welcome. Tks in advance -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] net ads keytab syntax - encryption types
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, I am working with integrating various Linux distros as domain members with an Active Directory Domain running on Windows Server 2008 R2 native. The Domain admins have allowed des keys for backwards (nfs) compatibility, but prefers the default enctypes supported in 2008 r2: http://support.microsoft.com/kb/977321 * AES256-CTS-HMAC-SHA1-96 * AES128-CTS-HMAC-SHA1-96 * RC4-HMAC I would like to allow the Domain Members to work with their own keytabs via the "net ads keytab" command set but have found that the default (i.e. "net ads keytab create -P" or "net ads keytab add HTTP -P") only creates the two des and ArcFour with HMAC/md5 enctypes, no AES enctypes are listed. The Domain admins can use tools on their side to create SPNs and keytabs that have AES and we would prefer them over DES/ArcFour except in special circumstances.: # klist -ke Keytab name: WRFILE:/etc/krb5.keytab KVNO Principal - - -- 5 host/iu-itps-rhel6ad.ads.iu@ads.iu.edu (DES cbc mode with CRC-32) 5 host/iu-itps-rhel6ad.ads.iu@ads.iu.edu (DES cbc mode with RSA-MD5) 5 host/iu-itps-rhel6ad.ads.iu@ads.iu.edu (ArcFour with HMAC/md5) 5 host/iu-itps-rhel...@ads.iu.edu (DES cbc mode with CRC-32) 5 host/iu-itps-rhel...@ads.iu.edu (DES cbc mode with RSA-MD5) 5 host/iu-itps-rhel...@ads.iu.edu (ArcFour with HMAC/md5) 5 IU-ITPS-RHEL6AD$@ADS.IU.EDU (DES cbc mode with CRC-32) 5 IU-ITPS-RHEL6AD$@ADS.IU.EDU (DES cbc mode with RSA-MD5) 5 IU-ITPS-RHEL6AD$@ADS.IU.EDU (ArcFour with HMAC/md5) 5 ssh/iu-itps-rhel6ad.ads.iu@ads.iu.edu (DES cbc mode with CRC-32) 5 ssh/iu-itps-rhel6ad.ads.iu@ads.iu.edu (DES cbc mode with RSA-MD5) 5 ssh/iu-itps-rhel6ad.ads.iu@ads.iu.edu (ArcFour with HMAC/md5) 5 ssh/iu-itps-rhel...@ads.iu.edu (DES cbc mode with CRC-32) 5 ssh/iu-itps-rhel...@ads.iu.edu (DES cbc mode with RSA-MD5) 5 ssh/iu-itps-rhel...@ads.iu.edu (ArcFour with HMAC/md5) # net ads keytab list -P Vno TypePrincipal 5 DES cbc mode with CRC-32 host/iu-itps-rhel6ad.ads.iu@ads.iu.edu 5 DES cbc mode with RSA-MD5 host/iu-itps-rhel6ad.ads.iu@ads.iu.edu 5 ArcFour with HMAC/md5 host/iu-itps-rhel6ad.ads.iu@ads.iu.edu 5 DES cbc mode with CRC-32host/iu-itps-rhel...@ads.iu.edu 5 DES cbc mode with RSA-MD5 host/iu-itps-rhel...@ads.iu.edu 5 ArcFour with HMAC/md5 host/iu-itps-rhel...@ads.iu.edu 5 DES cbc mode with CRC-32IU-ITPS-RHEL6AD$@ADS.IU.EDU 5 DES cbc mode with RSA-MD5 IU-ITPS-RHEL6AD$@ADS.IU.EDU 5 ArcFour with HMAC/md5 IU-ITPS-RHEL6AD$@ADS.IU.EDU 5 DES cbc mode with CRC-32 ssh/iu-itps-rhel6ad.ads.iu@ads.iu.edu 5 DES cbc mode with RSA-MD5 ssh/iu-itps-rhel6ad.ads.iu@ads.iu.edu 5 ArcFour with HMAC/md5 ssh/iu-itps-rhel6ad.ads.iu@ads.iu.edu 5 DES cbc mode with CRC-32ssh/iu-itps-rhel...@ads.iu.edu 5 DES cbc mode with RSA-MD5 ssh/iu-itps-rhel...@ads.iu.edu 5 ArcFour with HMAC/md5 ssh/iu-itps-rhel...@ads.iu.edu Is there a way to have the "net" command specify enctypes when working with keytabs? Thanks, Robert - -- Robert Freeman-Day https://launchpad.net/~presgas GPG Public Key: http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0xBA9DF9ED3E4C7D36 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk1St5MACgkQup357T5MfTaH3ACeMion3aBVfmu5UkHT1e9jgi2m p5MAoJIGjeIWs7LTQvy1jAIxq5IXyhsV =bDeC -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba policies? logon scripts?
pdbedit lets you set the login script and various "windows" variables for each user. smb.conf sets the netlogon share path.The actual syntax of a login script is for of a windows question. I would look at (or google for) the Microsoft documentation on this.You should be able to have if/then statements to map things differently depending on primary group membership. # pdbedit -Lv someuser Logon Script: logon.bat Home Directory: \\server1\users\someuser HomeDir Drive: # # cd /export/samba/netlogon # more logon.bat net use x: /delete /y net use x: %homeshare% net use p: /delete /y net use r: /delete /y net use r: \\server1\dept net use y: /delete /y net use y: \\server1\users On 02/09/2011 04:24 AM, fdel...@rojatex.com wrote: Kind of dificult, dark, and poorly documented task, isnt it? While i found docens of samba config manuals and examples, i cant find info about a logon script. I had to get the poledit.exe from a Service Pack from w2000... too much complexity for placing a desktop shortcut. Is this the only way? Oh, and Takahashi, i had an unanswered question from my last doub. Would you be kind to answer here even if its not the topic? I can only "automatically map" unix admins - nt domain admins unix users - nt domain users the other groups i create, must be added manually in each windows client to each DOMAIN/unix-group, right? thank you 2011/2/9: poledit.exe ok, i take notes. I suppose i should download it in every client pc? No, poledit is used to create NTconfig.pol file. and what about logon scripts? do i forget about them? As Liutauras said: It will modify registry according to your needs. basically, settings stored in registry can be managed with system policy. The backgroup image file name is stored in registry, but shortcuts are not. Anyway these knowledge are applied not only to Samba but also to NT domain. So you had better search into knowledge how to manage NT domain. --- TAKAHASHI Motonobu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba policies? logon scripts?
2011/2/9 : > Kind of dificult, dark, and poorly documented task, isnt it? > > While i found docens of samba config manuals and examples, i cant find > info about a logon script. > I had to get the poledit.exe from a Service Pack from w2000... > > too much complexity for placing a desktop shortcut. > > Is this the only way? To create logon script and NTconfig.pol is basically the work on Windows side. At the view of Samba, to create NETLOGON share and to put NTconfig.pol already created on Windows is the only work about system policy. Also to specify the name of logon script in smb.conf and putting proper logon script to proper path is about logon script. Basically you had better search these topics into Windows documents. Remember that system policy is suitable for NT4, so you should search in old docs. > Oh, and Takahashi, i had an unanswered question from my last doub. Would > you be kind to answer here even if its not the topic? > > I can only "automatically map" > unix admins - nt domain admins > unix users - nt domain users > > the other groups i create, must be added manually in each windows client > to each DOMAIN/unix-group, right? If you can use GPO, you can add any domain groups to local groups automatically. But unfortunately Samba 3 domain does not support GPO. --- TAKAHASHI Motonobu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] cooperation with samba?
> On Wed, Feb 09, 2011 at 10:45:00AM +0100, Helmut Hullen wrote: >> in the samba mailinglist there was a remark that samba 4 is designed >> only for the BIND nameserver; (snip) >> But what about people who want to use Samba without ADS, perhaps far >> away from a Windows environment? It's more simple to configure, it >> doesn't need specially trained operators. >> >> What about "Samba 4 light for SOHO"? Without ADS, Samba has nothing to do with DNS, I think. What does your "cooperation" mean? -- --- TAKAHASHI Motonobu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] username change
2011/2/9 Jochen Eggemann : > I need to change the unix username on a samba server. How can I change the > samba username stored in passwd.tdb Set "rename username script = usermod -l '%unew' '%uold'" And "net user rename" will help you? Perhaps directly modifying passwd.tdb with tdbtool will be done what you want, but I have not examined. --- TAKAHASHI Motonobu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] username change
Hi, I need to change the unix username on a samba server. How can I change the samba username stored in passwd.tdb It is important not to loose the domain integration. The name of the corresponding profile on the windows machine need not change. When the user information was stored in smbpasswd, I could simply rename the user in the file. How do I do that in passwd.tdb? opensuse 11.3 samba-3.5.6 passdb.tdb Thanks, Jochen -- IT-Management Nordwestdeutsche Forstliche Versuchsanstalt Grätzelstr. 2 37079 Göttingen Tel: 0551 69 40 11 64 Fax: 0551 69 40 11 60 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] problema com windows 7
Bom dia Debianos, Uso aqui um debian lenny com Samba PDC + ldap, samba versão 3.4.7 Hoje, várias máquinas com windows 7 começaram a apresentar falha na relação de confiança entre a máquina e o domínio. Tentar remover e adicioná-las novamente não funciona (não é nem possível readicioná-las). sei que a MS lança updates toda terça, então é provável que seja algo do update. mais alguém está tendo problemas? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] cooperation with samba?
On Wed, Feb 09, 2011 at 10:45:00AM +0100, Helmut Hullen wrote: > Hallo, Simon (and Andrew), > > Du meintest am 08.02.11: > > >> in the samba mailinglist there was a remark that samba 4 is designed > >> only for the BIND nameserver; look escpecially at > >> > >> http://lists.samba.org/archive/samba/2011-February/160848.html > >> > >> I know that most programmers work in their "free" time (me too). But > >> I don't like working with the ISC DNS, and I'd like working with > >> "dnsmasq" under samba 4 too. > > > My understanding of the situation is that full integration with AD > > requires support for dynamic DNS and the ability to update DNS zones > > with a fair variety of esoteric record types. To provide that sort of > > facility in dnsmasq would require re-writing and generalising a lot > > of code. > > [...] > > But what about people who want to use Samba without ADS, perhaps far > away from a Windows environment? It's more simple to configure, it > doesn't need specially trained operators. > > What about "Samba 4 light for SOHO"? That's called Samba3 ;-) Whatever the details of Samba4 will finally look like, there will always be a way to just run a very simple file server with local users. The required components for that will be part of what will be shipped as Samba version 4. With best regards, Volker Lendecke -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] CentOs 5.5 Glusterfs 3.1.0 Samba 3.5 MSOffice Files
I did it thank you, Volker: This is my share definition (especially for msoffice files) working on a gluster-vol.So you can replicate your data to as many server you want: [test] path=/mnt/glusterfs/windows/test readonly=no profile acls = YES oplocks=NO <--- This is the most important setting posix locking = NO level2 oplocks=NO #oplocks auf dem share fuer folgende file-types ausschalten veto oplock files = /*.mdb/*.MDB/*.dbf/*.DBF/*.doc/*.docx/*.xls/*.xlsx/*.tmp/*.TMP/?~$*/~$*/*.ex e/*.com write list=@"Domain Users" @"Domain Admins" create mask = 2770 force create mode=2770 force group= "Domain Users" --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: Volker Lendecke [mailto:volker.lende...@sernet.de] Gesendet: Mittwoch, 9. Februar 2011 09:52 An: Daniel Müller Cc: samba@lists.samba.org Betreff: Re: [Samba] CentOs 5.5 Glusterfs 3.1.0 Samba 3.5 MSOffice Files On Wed, Feb 09, 2011 at 09:31:55AM +0100, Daniel Müller wrote: > So I do not give up as other users may have the same problems: > I did a file test.xlsx and it seems samba does a posix lock read only?!!Why? Have you taken a look at the smb.conf "posix locking" option? The posix read lock is not directly related to oplocks. With best regards, Volker Lendecke -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] cooperation with samba?
Hallo, Simon (and Andrew), Du meintest am 08.02.11: >> in the samba mailinglist there was a remark that samba 4 is designed >> only for the BIND nameserver; look escpecially at >> >> http://lists.samba.org/archive/samba/2011-February/160848.html >> >> I know that most programmers work in their "free" time (me too). But >> I don't like working with the ISC DNS, and I'd like working with >> "dnsmasq" under samba 4 too. > My understanding of the situation is that full integration with AD > requires support for dynamic DNS and the ability to update DNS zones > with a fair variety of esoteric record types. To provide that sort of > facility in dnsmasq would require re-writing and generalising a lot > of code. [...] But what about people who want to use Samba without ADS, perhaps far away from a Windows environment? It's more simple to configure, it doesn't need specially trained operators. What about "Samba 4 light for SOHO"? I prefer using cifs instead of nfs, p.e., even in a LAN only with Linux clients. And there's no need for an ADS. There's no need for a DNS monster like ISC bind. Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] CentOs 5.5 Glusterfs 3.1.0 Samba 3.5 MSOffice Files
On Wed, Feb 09, 2011 at 10:41:24AM +0100, Daniel Müller wrote: > Posix locking is yes so I will point it to no!? If you want to avoid the posix lock calls, yes. I am not certain however that this will be the final fix for the problem. I have not seen the full logfiles yet, you only have small snippets available. With best regards, Volker Lendecke -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] CentOs 5.5 Glusterfs 3.1.0 Samba 3.5 MSOffice Files
The other lock parameters in global: blocking locks = Yes csc policy = manual fake oplocks = No locking = Yes oplocks = Yes level2 oplocks = Yes oplock contention limit = 2 posix locking = Yes strict locking = Auto --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: Volker Lendecke [mailto:volker.lende...@sernet.de] Gesendet: Mittwoch, 9. Februar 2011 09:52 An: Daniel Müller Cc: samba@lists.samba.org Betreff: Re: [Samba] CentOs 5.5 Glusterfs 3.1.0 Samba 3.5 MSOffice Files On Wed, Feb 09, 2011 at 09:31:55AM +0100, Daniel Müller wrote: > So I do not give up as other users may have the same problems: > I did a file test.xlsx and it seems samba does a posix lock read only?!!Why? Have you taken a look at the smb.conf "posix locking" option? The posix read lock is not directly related to oplocks. With best regards, Volker Lendecke -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] CentOs 5.5 Glusterfs 3.1.0 Samba 3.5 MSOffice Files
Posix locking is yes so I will point it to no!? [root@ctdb1 ~]# testparm -v|grep posix Load smb config files from /etc/samba/smb.conf rlimit_max: rlimit_max (1024) below minimum Windows limit (16384) Processing section "[netlogon]" Processing section "[homes]" Processing section "[test]" Processing section "[office]" Loaded services file OK. Server role: ROLE_DOMAIN_PDC Press enter to see a dump of your service definitions posix locking = Yes --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: Volker Lendecke [mailto:volker.lende...@sernet.de] Gesendet: Mittwoch, 9. Februar 2011 09:52 An: Daniel Müller Cc: samba@lists.samba.org Betreff: Re: [Samba] CentOs 5.5 Glusterfs 3.1.0 Samba 3.5 MSOffice Files On Wed, Feb 09, 2011 at 09:31:55AM +0100, Daniel Müller wrote: > So I do not give up as other users may have the same problems: > I did a file test.xlsx and it seems samba does a posix lock read only?!!Why? Have you taken a look at the smb.conf "posix locking" option? The posix read lock is not directly related to oplocks. With best regards, Volker Lendecke -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba policies? logon scripts?
Kind of dificult, dark, and poorly documented task, isnt it? While i found docens of samba config manuals and examples, i cant find info about a logon script. I had to get the poledit.exe from a Service Pack from w2000... too much complexity for placing a desktop shortcut. Is this the only way? Oh, and Takahashi, i had an unanswered question from my last doub. Would you be kind to answer here even if its not the topic? I can only "automatically map" unix admins - nt domain admins unix users - nt domain users the other groups i create, must be added manually in each windows client to each DOMAIN/unix-group, right? thank you > 2011/2/9 : >> poledit.exe >> ok, i take notes. >> I suppose i should download it in every client pc? > > No, poledit is used to create NTconfig.pol file. > >> and what about logon scripts? do i forget about them? > > As Liutauras said: > It will modify registry according to your needs. > basically, settings stored in registry can be managed > with system policy. > > The backgroup image file name is stored in registry, > but shortcuts are not. > > Anyway these knowledge are applied not only to Samba but > also to NT domain. So you had better search into knowledge > how to manage NT domain. > > --- > TAKAHASHI Motonobu > -- Fran Del Val Dpto de informática. Rojatex S.L. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Antw: Re: bind9 dlopen/dlz problems [update]
>>> Andrew Bartlett schrieb am 2/8/2011 um 22:15 in Nachricht <1297199717.28365.6.camel@obed>: > On Mon, 2011-02-07 at 08:28 +0100, Marcel Ritter wrote: > > Hi, > > > > just a short update on this issue: > > > > By using strace and having a look at the source code, I found the > > reason for the named error: > > > > Accessing samba database via ldapi requires the use of ildap.so > > (samba ldb module, which is not located in "standard ldb modules > > path"). Just setting LDB_MODULES_PATH to the directory containing > > it makes named start: > > > > export LDB_MODULES_PATH=/usr/lib/samba/ldb/ > > named -u named > > -> startup complete > > > > So it wasn't my first suspect "ldap uri": > > ldapi:///var/lib/samba4/private/ldap_priv/ldapi > > ldapi://%2Fvar%2Flib%2Fsamba4%2Fprivate%2Fldap_priv%2Fldapi > > > > This leaves me with the task to finally get some DNS entries into the > > samba database :-) > > The only way to get DNS entries in is by replicating an existing > Microsoft DNS server. > > Anyway, the reason there isn't any documentation is that it's not really > finished. We got it to the point where we were able to show that > BIND9.8 when released would do what we want, when we are loaded with the > dlopen dlz plugin. That was an important milestone, as it is more > difficult to get a new BIND version to Samba4 users than an updated > plugin. > > From here, we need to come up with a secure read/write approach over > LDAPI, with transactions of some kind, and tidy up some other details. > > Then we will publish some more docs on this. But in the meantime, you > seem to have cracked the setup for the less secure, unsafe (no > transactions) but works-for-a-demo mode of operation :-). > > Andrew Bartlett > > -- > Andrew Bartlett http://samba.org/~abartlet/ > Authentication Developer, Samba Team http://samba.org > Samba Developer, Cisco Inc. Hi Andrew, thanks for giving an update on this issue. I know it may be a little early (and insecure) to use this setup - but I like the way it works anyway :-) Just in case someone wanted to modify the provision tool, to create the DNS entries in samba ldb database directly instead of creating a named.conf - could you give some directions where to start? (And yes, I know that Active Directory DNS data types are ugly binary blobs, but I'll take that as a challenge :-) Bye, Marcel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] CentOs 5.5 Glusterfs 3.1.0 Samba 3.5 MSOffice Files
On Wed, Feb 09, 2011 at 09:31:55AM +0100, Daniel Müller wrote: > So I do not give up as other users may have the same problems: > I did a file test.xlsx and it seems samba does a posix lock read only?!!Why? Have you taken a look at the smb.conf "posix locking" option? The posix read lock is not directly related to oplocks. With best regards, Volker Lendecke -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] CentOs 5.5 Glusterfs 3.1.0 Samba 3.5 MSOffice Files
So I do not give up as other users may have the same problems: I did a file test.xlsx and it seems samba does a posix lock read only?!!Why? I did : oplocks=NO level2 oplocks=NO Did another file with veto files: veto oplock files = /*.mdb/*.MDB/*.dbf/*.DBF/*.doc/*.docx/*.xls/*.xlsx/*.tmp/*.TMP/?~$*/~$*/*.ex e/*.com THE SAME [2011/02/09 09:16:27.397588, 3] smbd/process.c:1294(switch_message) switch message SMBreadX (pid 6829) conn 0x2ba2aa180c30 [2011/02/09 09:16:27.397603, 4] smbd/uid.c:257(change_to_user) change_to_user: Skipping user change - already user [2011/02/09 09:16:27.397619, 10] locking/posix.c:301(is_posix_locked) is_posix_locked: File test.xlsx, offset = 8079, count = 4012, type = READ [2011/02/09 09:16:27.397637, 10] locking/posix.c:172(posix_lock_in_range) posix_lock_in_range: offset_out = 8079, count_out = 4012 [2011/02/09 09:16:27.397653, 8] locking/posix.c:250(posix_fcntl_getlock) posix_fcntl_getlock 38 8079 4012 0 [2011/02/09 09:16:27.397670, 8] lib/util.c:1822(fcntl_getlock) fcntl_getlock fd=38 offset=8079 count=4012 type=0 [2011/02/09 09:16:27.398394, 3] lib/util.c:1846(fcntl_getlock) fcntl_getlock: fd 38 is returned info 2 pid 0 [2011/02/09 09:16:27.398415, 8] locking/posix.c:280(posix_fcntl_getlock) posix_fcntl_getlock: Lock query call successful [2011/02/09 09:16:27.398430, 10] locking/brlock.c:1308(brl_locktest) brl_locktest: posix start=8079 len=4012 unlocked for fnum 10267 file test.xlsx [2011/02/09 09:16:27.398464, 10] locking/locking.c:154(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=8079 len=4012 unlocked for fnum 10267 file test.xlsx [2011/02/09 09:16:27.398485, 10] smbd/fileio.c:106(read_file) read_file (test.xlsx): pos = 8079, size = 4012, returned 0 [2011/02/09 09:16:27.398522, 3] smbd/reply.c:3591(send_file_readX) send_file_readX fnum=10267 max=4012 nread=0 [2011/02/09 09:16:27.398646, 10] lib/util_sock.c:726(read_smb_length_return_keepalive) got smb length of 59 [2011/02/09 09:16:27.398666, 6] smbd/process.c:1482(process_smb) got message type 0x0 of len 0x3b [2011/02/09 09:16:27.398680, 3] smbd/process.c:1485(process_smb) Transaction 1989 of length 63 (0 toread) [2011/02/09 09:16:27.398694, 5] lib/util.c:617(show_msg) [2011/02/09 09:16:27.398702, 5] lib/util.c:627(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=100 smb_mid=46401 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=10264 (0x2818) smb_vwv[ 3]= 8079 (0x1F8F) smb_vwv[ 4]=0 (0x0) smb_vwv[ 5]= 2936 (0xB78) smb_vwv[ 6]= 2936 (0xB78) smb_vwv[ 7]=0 (0x0) smb_vwv[ 8]=0 (0x0) smb_vwv[ 9]= 2936 (0xB78) smb_vwv[10]=0 (0x0) smb_vwv[11]=0 (0x0) smb_bcc=0 [2011/02/09 09:16:27.398801, 3] smbd/process.c:1294(switch_message) switch message SMBreadX (pid 6829) conn 0x2ba2aa180c30 [2011/02/09 09:16:27.398815, 4] smbd/uid.c:257(change_to_user) change_to_user: Skipping user change - already user [2011/02/09 09:16:27.398832, 10] locking/posix.c:301(is_posix_locked) is_posix_locked: File test.xlsx, offset = 8079, count = 2936, type = READ [2011/02/09 09:16:27.398850, 10] locking/posix.c:172(posix_lock_in_range) posix_lock_in_range: offset_out = 8079, count_out = 2936 [2011/02/09 09:16:27.398866, 8] locking/posix.c:250(posix_fcntl_getlock) posix_fcntl_getlock 30 8079 2936 0 [2011/02/09 09:16:27.398883, 8] lib/util.c:1822(fcntl_getlock) fcntl_getlock fd=30 offset=8079 count=2936 type=0 [2011/02/09 09:16:27.399970, 3] lib/util.c:1846(fcntl_getlock) fcntl_getlock: fd 30 is returned info 2 pid 0 [2011/02/09 09:16:27.31, 8] locking/posix.c:280(posix_fcntl_getlock) posix_fcntl_getlock: Lock query call successful [2011/02/09 09:16:27.46, 10] locking/brlock.c:1308(brl_locktest) brl_locktest: posix start=8079 len=2936 unlocked for fnum 10264 file test.xlsx [2011/02/09 09:16:27.400039, 10] locking/locking.c:154(strict_lock_default) strict_lock_default: flavour = WINDOWS_LOCK brl start=8079 len=2936 unlocked for fnum 10264 file test.xlsx [2011/02/09 09:16:27.400061, 10] smbd/fileio.c:106(read_file) read_file (test.xlsx): pos = 8079, size = 2936, returned 0 [2011/02/09 09:16:27.400078, 3] smbd/reply.c:3591(send_file_readX) send_file_readX fnum=10264 max=2936 nread=0 [2011/02/09 09:16:27.400167, 10] lib/util_sock.c:726(read_smb_length_return_keepalive) [2011/02/09 09:27:21.247593, 3] smbd/process.c:1294(switch_message) switch message SMBreadX (pid 6921) conn 0x2ab17e5427d0 [2011/02/09 09:27:21.247607, 4] smbd/uid.c:257(change_to_user) change_to_user: Skipping user change - already user [2011/02/09 09:27:21.247629, 10] lib/dbwrap_tdb.c:100(db_tdb_fetch_locked) Locking key 13003E01 [2011/02/09 09:27:21.247649, 10] lib/dbwrap_tdb.c:129(db_tdb_fetch_locked) Allocated locked data 0x0x2ab17e570540 [2011/02/09 09:27:21.247663, 10] locking/brlock.c: