[Samba] Winbind, pdbedit - does not belong to our domain
Hi all, I have a problem that started last week with winbind on a member server. The network consists of the following: Openldap/Bind/DHCP Server (No Samba) PDC - CentOS Linux - Samba 3-3.5.6-43.el5 (sernet package) BDC - CentOS Linux - Samba 3-3.0.31-36 Proxy Server (with NTLM Auth) - Mandriva Linux - Samba 3.5.3-3.1mdv2010.1 All of these work fine but the proxy needs replacing so I've put a new server together (CentOS 5.5 Sernet/Samba 3-3.5.6-43.el5) with and this is where it gets interesting. I've followed the same procedure I've used on the above 4 machines but I keep getting error messages in pdbedit as below: smbldap_search_domain_info: Searching for:[((objectClass=sambaDomain)(sambaDomainName=PROXY))] smbldap_open_connection: connection opened ldap_connect_system: successful connection to the LDAP server smbldap_search_paged: base = [dc=bordengrammar,dc=kent,dc=sch,dc=uk], filter = [((uid=*)(objectclass=sambaSamAccount))],scope = [2], pagesize = [1024] smbldap_search_paged: search was successful sid S-1-5-21-2387947558-1535987125-4294967295-1000 does not belong to our domain sid S-1-5-21-5543384853-2091317229-2861916464-2998 does not belong to our domain sid S-1-5-21-5543384853-2091317229-2861916464-2000 does not belong to our domain sid S-1-5-21-5543384853-2091317229-2861916464-2002 does not belong to our domain sid S-1-5-21-5543384853-2091317229-2861916464-2004 does not belong to our domain sid S-1-5-21-5543384853-2091317229-2861916464-2006 does not belong to our domain sid S-1-5-21-5543384853-2091317229-2861916464-3000 does not belong to our domain sid S-1-5-21-5543384853-2091317229-2861916464-3004 does not belong to our domain sid S-1-5-21-5543384853-2091317229-2861916464-3006 does not belong to our domain The first part suggests that the LDAP connection succeeded and the domain name and the SIDS are correct. The first SID appears to be the local root user but the rest are OK. Getent passwd works and returns all domain users. Getent group returns all groups correctly. Net group map list works and returns correctly mapped groups. Wbinfo -t returns checking the trust secret for domain BGS via RPC calls succeeded. wbinfo --own-domain returns the correct NT domain name In short, everything seems to work OK until you run wbinfo -u or -g at which point it sits there until it times out. Smb.conf is the same as the other member servers, the net rpc join command returned success and a machine account was successfully created in the LDAP directory. The smb.conf file is here: [global] workgroup = BGS netbios name = PROXY password server = 172.20.5.254 server string = Proxy wins server = 172.20.5.254 log file = /var/log/samba/%m.log max log size = 50 security = domain smb ports = 139 encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd dns proxy = no dos charset = 850 unix charset = ISO8859-1 log level = 3 idmap uid = 1-20 idmap gid = 1-20 winbind use default domain = yes local master = no os level = 10 domain master = no preferred master = no name resolve order = wins bcast lmhosts domain logons = no ldap ssl = no passdb backend = ldapsam:ldap://172.20.5.253 idmap backend = ldap:ldap://172.20.5.253 ldap admin dn = cn=Manager,dc=bordengrammar,dc=kent,dc=sch,dc=uk ldap suffix = dc=bordengrammar,dc=kent,dc=sch,dc=uk ldap machine suffix = ou=Users ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap Any suggestions gratefully received. Thanks, Julian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem with trust relationship
On Sat, Feb 12, 2011 at 12:51 PM, Leonardo Carneiro chesterma...@gmail.comwrote: Do you have the log level set at at least 3? John It was set to 2 (3 for winbind), but i setted for 3 and did some testes. again, nothing interesting. setted to 5 and at least something related to the machine name showed up on nmbd.log: [2011/02/12 12:43:48.071897, 4] nmbd/nmbd_workgroupdb.c:281(dump_workgroups) dump_workgroups() dump workgroup on subnet 192.168.0.2: netmask= 255.255.254.0: DOMINIO(1) current master browser = DOMAINSERVER ... (some machines) VELTEC16 40011003 () (the machine that i'm testing) ... (some others machines) other than this... nothing. Hi guys. I had to give a break to the samba debug cause my ldap base went crazy for a while after the upgrade, but it's ok now. Unfortunally, my samba PDC still isn't going quite well =( There is any other ideas that i could try? Before all this, eventually one or two machines had trust relationship issues, but all i need to do was re-adding them to the domain. Now i can't even do this, since when i try to add a machine is the domain, the Workstation service just crashes. =S -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] call for a forum to replace the mailing list?
On 19 February 2011 00:19, Aaron Solochek aarons-sa...@aberrant.org wrote: On 02/18/2011 04:11 PM, Mac wrote: [...] Please, this is not an attempt at a flame war or trolling. I am just pointing out that this may be a relic of the past. Yeah, it totally is. Lets move this discussion to twitter with the #samba4 tag. :) :) How many tweets would it take to post the average smb.conf or log excerpt? -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem with trust relationship
On Sat, Feb 19, 2011 at 11:15 AM, Leonardo Carneiro chesterma...@gmail.comwrote: On Sat, Feb 12, 2011 at 12:51 PM, Leonardo Carneiro chesterma...@gmail.com wrote: Do you have the log level set at at least 3? John It was set to 2 (3 for winbind), but i setted for 3 and did some testes. again, nothing interesting. setted to 5 and at least something related to the machine name showed up on nmbd.log: [2011/02/12 12:43:48.071897, 4] nmbd/nmbd_workgroupdb.c:281(dump_workgroups) dump_workgroups() dump workgroup on subnet 192.168.0.2: netmask= 255.255.254.0: DOMINIO(1) current master browser = DOMAINSERVER ... (some machines) VELTEC16 40011003 () (the machine that i'm testing) ... (some others machines) other than this... nothing. Hi guys. I had to give a break to the samba debug cause my ldap base went crazy for a while after the upgrade, but it's ok now. Unfortunally, my samba PDC still isn't going quite well =( There is any other ideas that i could try? Before all this, eventually one or two machines had trust relationship issues, but all i need to do was re-adding them to the domain. Now i can't even do this, since when i try to add a machine is the domain, the Workstation service just crashes. =S One thing i notice is that i cannot see my domain box when i navigate through the network, but if i go direct to the IP of the server i can see the shares and stuff. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] call for a forum to replace the mailing list?
On 2011/02/19 15:28 (GMT+0200) Michael Wood composed: How many tweets would it take to post the average smb.conf or log excerpt? One, to post the URL where it was uploaded for viewing by those actually interested in viewing it, instead of wasting bandwidth with megamails. -- How much better to get wisdom than gold, to choose understanding rather than silver. Proverbs 16:16 NKJV Team OS/2 ** Reg. Linux User #211409 Felix Miata *** http://fm.no-ip.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem with trust relationship
Hi guys. I had to give a break to the samba debug cause my ldap base went crazy for a while after the upgrade, but it's ok now. Unfortunally, my samba PDC still isn't going quite well =( There is any other ideas that i could try? Before all this, eventually one or two machines had trust relationship issues, but all i need to do was re-adding them to the domain. Now i can't even do this, since when i try to add a machine is the domain, the Workstation service just crashes. =S I still do not think this has anything to do with trust relationships. At least the client workstation service crashes do not. My guess is these crashes are caused by a virus or a bug in some internet security or antivirus software. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba ACLs and NFS ACLs:Differing results
I have two users on my network, Mary and Bob, who work together in a shared share. They both belong to the group Accounting. Bob is a savvy Linux user who accesses the share via NFS4. Mary toils away using Windows accessing the share via the Samba server. Mary will create a directory on the share and dump a number of files in which Bob and Mary will split the load. Bob, being a LInux user, will then take ownership of his files and run a sudo chown Bob filelist and keep track of his files this way. That's the set up to the issue and here's the rub. First some details: Samba server is running Fedora 14, Samba 3.5.6 as PDC, OpenLDAP backend, NFS4. The filesystem is mounted on the service with options: acl and user_xattr. The Samba share is: [Work] comment = Share for Work path = /home/work valid users = +domadmins, +Accounting write list = +domadmins, +Accounting inherit permissions = yes inherit acls = yes map acl inherit = yes acl group control = yes ea support = yes vfs object = acl_xattr recycle store dos attributes = yes map archive = no map hidden = no map system = no map readonly = no Bob does a standard NFS4 mount of the directory. The directories inherit the ACLs and group ownership from the parent directory: ls -l /home/work: drwxrws--- 2 Bob Accounting 4096 2011-02-19 09:57 /home/work getfacl /home/work: # file: work # owner: Bob # group: Accounting # flags: -s- user::rwx user:Bob:rwx user:Mary:rwx group::rwx group:Accounting:rwx group:domadmins:rwx mask::rwx other::--- default:user::rwx default:user:Bob:rwx default:user:Mary:rwx default:group::rwx default:group:domadmins:rwx default:group:Accounting:rwx default:mask::rwx default:other::--- If Bob creates any files through NFS4 his files get the ACLs as is shown on the Samba server: getfacl bob-file1: # file: bob-file1 # owner: Bob # group: Accounting user::rw- user:Bob:rwx#effective:rw- user:Mary:rwx #effective:rw- group::rwx #effective:rw- group:domadmins:rwx #effective:rw- group:Accounting:rwx#effective:rw- mask::rw- other::--- We all know that POSIX ACls aren't perfect but this is close to what I expect and want. When Mary creates a file from Windows the ACLs on the server are: getfacl mary-file2: # file: mary-file2 # owner: Mary # group: Accounting user::rwx user:Bob:rwx group::rwx group:domadmins:rwx mask::rwx other::--- While technically this may be correct as well, here's the rub and why I am writing to the list. As I said, Mary dumps the files on the share to be divided up between them so all of the files get the ACls shown for the file, mary-file2. When Bob runs, sudo chown Bob filelist to keep track of his files, Mary looses her user ACL and would loose all access if the group ownership would change. What is the correct behavior for inheriting ACLs from a parent directory? Should the ACLs be pruned based on the file ownership (as does Samba) or should be full ACLs be inherited as happens when using NFS4? IMHO, I would prefer the latter as it preserves all of the inherited permissions regardless of the actual file ownership. Was there a rational for the approach that Samba is taking? Thanks, Bob Smith --bs -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] WINS server 127.0.0.1 timed out registering IP
Hi Daniel, Thank you for your answer. I tried your suggestion and it works. The point is that one of reasons that I want the BDC is to have 100% redundadcy with the domain, with this I mean that If the PDC'd fall down, then I would have the BDC 100% up. Thus if the BDC is sharing some services with the PDC I will not get it. I don't know if is possible to have a samba wins in the BDC as I have in the PDC. Do you know it? --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von sisu . Gesendet: Freitag, 18. Februar 2011 13:47 An: Samba Betreff: [Samba] WINS server 127.0.0.1 timed out registering IP Hi all. After set up a BDC, I found a weird problem on my log.nmbd file, the case is that my nmb (on BDC) is not able to connect to the local wins server, just receive a time out . I set the wins support = yes which is the only mandatory parameter according to samba doc. I tried to shut down the firewall even. The log output is: === ... === become_logon_server: Atempting to become logon server for workgroup FOG on subnet UNICAST_SUBNET [2011/02/18 13:11:04.631006, 0] nmbd/nmbd_logonnames.c:121(become_logon_server_success) become_logon_server_success: Samba is now a logon server for workgroup FOG on subnet 192.168.5.37 [2011/02/18 13:11:06.130886, 2] nmbd/nmbd_nameregister.c:192(wins_registration_timeout) wins_registration_timeout: WINS server 127.0.0.1 timed out registering IP 192.168.5.37 [2011/02/18 13:11:06.130976, 2] nmbd/nmbd_nameregister.c:192(wins_registration_timeout) wins_registration_timeout: WINS server 127.0.0.1 timed out registering IP 192.168.5.37 [2011/02/18 13:11:06.131008, 2] nmbd/nmbd_nameregister.c:192(wins_registration_timeout) wins_registration_timeout: WINS server 127.0.0.1 timed out registering IP 192.168.5.37 [2011/02/18 13:11:06.131038, 2] nmbd/nmbd_nameregister.c:192(wins_registration_timeout) wins_registration_timeout: WINS server 127.0.0.1 timed out registering IP 192.168.5.37 [2011/02/18 13:11:06.131067, 2] nmbd/nmbd_nameregister.c:192(wins_registration_timeout) wins_registration_timeout: WINS server 127.0.0.1 timed out registering IP 192.168.5.37 [2011/02/18 13:11:06.131096, 2] nmbd/nmbd_nameregister.c:192(wins_registration_timeout) wins_registration_timeout: WINS server 127.0.0.1 timed out registering IP 192.168.5.37 [2011/02/18 13:11:06.131125, 0] nmbd/nmbd_logonnames.c:121(become_logon_server_success) become_logon_server_success: Samba is now a logon server for workgroup FOG on subnet UNICAST_SUBNET ===EOF == For another side, I have a quick question, not really important. The case is that I receive from some windows machines which are not into the domain, user login attempts. Obviously these users don't reach to log on: [2011/02/18 10:47:43.906677, 2] auth/auth.c:314(check_ntlm_password) check_ntlm_password: Authentication for user [Felix] - [Felix] FAILED with error NT_STATUS_NO_SUCH_USER [2011/02/18 10:47:43.915067, 2] auth/auth.c:314(check_ntlm_password) check_ntlm_password: Authentication for user [Felix] - [Felix] FAILED with error NT_STATUS_NO_SUCH_USE But, does anybody know why these machines are sending these login attempts? Thank everybody in advance. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Please, help me clarify (winbind).
Hi again, still struggling with winbind and trying to understand how it is supposed to work. Let's see if someone can answer a simple resolution question so I can see if something is wrong with my setup. One PDC/LDAP (no winbind), nss with ldap. This works fine as far as I can tell. The other machine is a DMS. Let's say I have an entry like this on my 'getent passwd' (via LDAP): adorca:x:10033:513:Aleix Dorca:/home/adorca:/bin/bash As far as I can tell this user's uid is 10033. So, now the question: If a windows machine should connect to this server what would winbind return as uid number? 10033 via NSS_LDAP or a new mapping stored/created on my LDAP Server. And would this user be treated as a 'Domain User' or as a 'Unix User'? The Samba How-To Collections states on 'Winbind with NSS to resolve UNIX/Linux user and group IDs': The use of the LDAP-based passdb backend requires use of the PADL nss_ldap utility or an equivalent. In this situation winbind is used to handle foreign SIDs, that is, SIDs from standalone Windows clients (i.e., not a member of our domain) as well as SIDs from another domain. The foreign UID/GID is mapped from allocated ranges (idmap uid and idmap gid) in precisely the same manner as when using winbind with a local IDMAP table. As I understand this having NSS with Ldap an winbind running a query to user 'adorca' should return uid=10033 and not a new idmap mapping. Is this correct? Please someone answer... I'm about to loose it trying to understand how this should work. Thanks, Aleix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] making BDC samba + ldap server
Hi Thanks for all the howto, but I dont understand the part to create ans slave slapd (my version is 2.4.15 mounted in ubuntu server). At the moment I understand this steps: Resume: First of all install a second machine with the samba and ldap. Do not start samba, do not start ldap. The ldap database should be nearly empty ex:/var/lib/ldap Now copy your smb.conf to your new machine ex: scp root@2machine :/etc/samba Edit the smb.conf to your needs and adjust it to be a bdc: domain master=NO domain logons=YES Make a testparm it should succed like this: testparm Load smb config files from /etc/samba/smb.conf Processing section [netlogon] WARNING: The share modes option is deprecated Processing section [sysvol] WARNING: The share modes option is deprecated Processing section [homes] Processing section [profiles] Processing section [alles] Processing section [printers] Processing section [print$] Loaded services file OK. Server role: ROLE_DOMAIN_BDC you are a BDC Press enter to see a dump of your service definitions Now you are on to copy your slapd.conf and ldap.conf to your new machine: Ex: scp slapd.conf root@2machine:/etc/openldap ---HOw I can make this If slurpd is deprecated? The guide http://blog.suretecsystems.com/archives/129-Replacing-Slurpd-using-OpenLDAP-2.4.html not's easy to understand, not exist other howto more simple? Now important I do the trick with slurpd. There are many other ways but this is easy. Slurpd should be installed on your Master an only there. So go in to the slapd.conf on your master and put a few lines in it at the end. Be carefull all tabs must fit exact as this example: replica uri=ldap://IPOFYOUR2MACHINE:389 binddn=cn=youradmin,dc=your,dc=ldap suffix=dc=yourc,dc=ldap bindmethod=simple credentials=securepassword I understand the part of backup slapd only works with the service stopped? Well Im grateful for all your time :-) Thanks and Best Regards 2011/2/18 t...@tms3.com In my hint I think your samba PDC/Ldap is cuurently working well! First of all install a second machine with the samba and ldap. Do not start samba, do not start ldap. The ldap database should be nearly empty ex:/var/lib/ldap Now copy your smb.conf to your new machine ex: scp root@2machine :/etc/samba Edit the smb.conf to your needs and adjust it to be a bdc: domain master=NO domain logons=YES Make a testparm it should succed like this: testparm Load smb config files from /etc/samba/smb.conf Processing section [netlogon] WARNING: The share modes option is deprecated Processing section [sysvol] WARNING: The share modes option is deprecated Processing section [homes] Processing section [profiles] Processing section [alles] Processing section [printers] Processing section [print$] Loaded services file OK. Server role: ROLE_DOMAIN_BDC you are a BDC Press enter to see a dump of your service definitions Yes very nice! Now you are on to copy your slapd.conf and ldap.conf to your new machine: Ex: scp slapd.conf root@2machine:/etc/openldap Now important I do the trick with slurpd. Sorry, but Slurpd is depricated and no longer available in Openldap since 2.3 http://www.openldap.org/doc/admin24/replication.html#Replacing%20Slurpd Here is nice overview of the way LDAP currently works: http://blog.suretecsystems.com/archives/129-Replacing-Slurpd-using-OpenLDAP-2.4.html Once you have sync-repl set up on the current master, and a proper slapd.conf and ldap.conf file on the new machine, start ldap, then smbpasswd -w ldap-master-passwd net rpc join -Uadministrator domain name Done. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Running and testing SMB2 under RHEL 5 and RHEL 6
Good morning, folks. I've been driving myself to distraction trying to test out SMB2 performance under Linux. I see that the Samba on RHEL 5 is relatively old, I'm dealing with an upstream NetApp fileserver that is configured for SMB2, so I've got clients to test. The Samba on RHEL 5 is relatively old, 3.0.33, with samba3x-3.5.4 alternatively available, and cifs-utils-* available from RPMforge. I've done some testing with all of these nad not seen a significant performance difference simply reading or writing up to 10,000 files 1 MB files in one directory, nor in other test setups, between when the NetApp has SMB2 enabled or disabled. It certainly has *equivalent* functionality with SMB2 enabled or disabled on the server side, but I'm not seeing any difference on the side of the clients. I also see that RHEL 6 has cifs-utils-4.4, and samba-3.5.4, and a samba4 package I've not touched. I've done basic tests, but not seen noticeable differences there, but my testing there is *very* limited: I don't have test servers close enough to the NetApp to really really on performance tests not to be blocked by busy VPN's between them. Does RHEL 5 or RHEL 6, or the current versions of cifs-utils available for either, actually support SMB2? I don't see a mount.smb2 binary in the packages, though I see it mentioned in the docs, and I'd like to really hammer the SMB2 server for performance comparisons. But it's meaningless if if it's not actually mounting as SMB2. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] User submitted job
On 02/18/2011 04:27 PM, Jeff Ross wrote: On 02/18/11 14:14, Christ Schlacta wrote: On 2/18/2011 05:49, Robert Moskowitz wrote: Is there a way for a user to run a job on the server? In particular, I want to implement a 'one click' backup using rsync. An icon on the desktop would do something (in a batch script maybe or some canned program) that would run a job under their ID that would rsync their home directory to a backup directory. magic files. In my experience, if you leave backups to users you're in big trouble because it doesn't matter how easy you make the backup it isn't going to get done. Oh, I already have nightly rsync in place to backup the home shares; it rsyncs the whole /home tree. But one very important user doesn't trust this (my wife!), so on top of what I am doing every night, I want an icon she can click on that would run a special backup just for her. Give her something she can 'see' did something for her... Since the home share is the user account (/home/user), I was thinking to just create a .crontab or something similar that would then run the job once and now. I would like to think there is something better than creating /home/user/.corntab, and I suspect this will not really work anyway. DeltaCopy is what you are after: http://www.aboutmyip.com/AboutMyXApp/DeltaCopy.jsp I will look at this. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] User submitted job
On 02/18/2011 04:15 PM, Christ Schlacta wrote: On 2/18/2011 05:49, Robert Moskowitz wrote: Is there a way for a user to run a job on the server? In particular, I want to implement a 'one click' backup using rsync. An icon on the desktop would do something (in a batch script maybe or some canned program) that would run a job under their ID that would rsync their home directory to a backup directory. magic files. What do you mean by this? One idea I had was to create a file that the hourly cronjob would watch for, that would trigger an rsync and delete this 'magic file'. But this is not immediate enough for the user in question. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Unable to connect to CUPS server localhost:631 - Connection refused
2011/2/19 David Touzeau da...@touzeau.eu: Dear Samba try to connexct to cups but cups is not loaded on the server and i did not want to use printer sharing on the server but it still wants connect on cups ? Why ? is there any option to add in order to disable completely using cups CUPS is chosen as printing system if Samba was compiled with --enable-cups and detects CUPS. To avoid these CUPS messages, set: printing = bsd and touch /etc/printcap (if you do not have /etc/printcap file). --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Not sure I understand when add user script is called
2011/2/18 Jack Downes j...@nwmt.us: I've built a domain member. It works pretty good with the exception that I want on-the-fly home directories being built. I'm not sure this is doable with a domain member as everything I've tried isn't even called - as far as I can tell. Using log level 3. If anyone can shed light on how to dynamically create home directories, that'd be great. anyway, here's my latest incarnation of smb.conf. If you enable winbind, add user script is not called. 2011/2/19 Andrew Masterson andrew.master...@nuvistaenergy.com: Here's how we do it. There are a thousand variations on a theme (samba 3.5.6) [homes] path = /data/homes/%D/%S valid users = @XX+domain admins, %S read only = No root preexec = /data/Backup/createhomes.sh %D %S Shell script looks like (creates /data/homes/DOMAIN NAME/USERNAME) (snip) 2011/2/19 Andrew Masterson andrew.master...@nuvistaenergy.com: session required /usr/local/lib/pam_mkhomedir.so skel=/usr/local/etc/skel If you use pam_mkhomedir.so, you have to set obey pam restrictions = yes in [global] section. --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] making BDC samba + ldap server
Now you are on to copy your slapd.conf and ldap.conf to your new machine: Ex: scp slapd.conf root@2machine:/etc/openldap ---HOw I can make this If slurpd is deprecated? The guide http://blog.suretecsystems.com/archives/129-Replacing-Slurpd-using-OpenLDAP-2.4.html not's easy to understand, not exist other howto more simple? Here is another guide. The first link is quite comprehensive. http://www.zytrax.com/books/ldap/ch7/ The entire online manual is a good read. I highly recommend it. Now important I do the trick with slurpd. There are many other ways but this is easy. Slurpd should be installed on your Master an only there. So go in to the slapd.conf on your master and put a few lines in it at the end. Be carefull all tabs must fit exact as this example: replica uri=ldap://IPOFYOUR2MACHINE:389 binddn=cn=youradmin,dc=your,dc=ldap suffix=dc=yourc,dc=ldap bindmethod=simple credentials=securepassword I understand the part of backup slapd only works with the service stopped? Well Im grateful for all your time :-) Thanks and Best Regards 2011/2/18 t...@tms3.com In my hint I think your samba PDC/Ldap is cuurently working well! First of all install a second machine with the samba and ldap. Do not start samba, do not start ldap. The ldap database should be nearly empty ex:/var/lib/ldap Now copy your smb.conf to your new machine ex: scp root@2machine:/etc/samba Edit the smb.conf to your needs and adjust it to be a bdc: domain master=NO domain logons=YES Make a testparm it should succed like this: testparm Load smb config files from /etc/samba/smb.conf Processing section [netlogon] WARNING: The share modes option is deprecated Processing section [sysvol] WARNING: The share modes option is deprecated Processing section [homes] Processing section [profiles] Processing section [alles] Processing section [printers] Processing section [print$] Loaded services file OK. Server role: ROLE_DOMAIN_BDC you are a BDC Press enter to see a dump of your service definitions Yes very nice! Now you are on to copy your slapd.conf and ldap.conf to your new machine: Ex: scp slapd.conf root@2machine:/etc/openldap Now important I do the trick with slurpd. Sorry, but Slurpd is depricated and no longer available in Openldap since 2.3 http://www.openldap.org/doc/admin24/replication.html#Replacing%20Slurpd Here is nice overview of the way LDAP currently works: http://blog.suretecsystems.com/archives/129-Replacing-Slurpd-using-OpenLDAP-2.4.html Once you have sync-repl set up on the current master, and a proper slapd.conf and ldap.conf file on the new machine, start ldap, then smbpasswd -w ldap-master-passwd net rpc join -Uadministrator domain name Done. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 9971061 s3: Pass logonHours through pdb_ads via 943aac2 s3: Add len to pdb_set_hours via 6f3008e s3: Let pdb_ads write accountExpires via 478d74f s3: Fix pdb_ads_pull_time from 464c696 vfs_smb_traffic_analyzer shall also transfer the clients IP address. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 9971061a9d17c2eb4bf1e8ea5691bec2b127072e Author: Volker Lendecke v...@samba.org Date: Wed Feb 16 16:33:21 2011 +0100 s3: Pass logonHours through pdb_ads Autobuild-User: Volker Lendecke vlen...@samba.org Autobuild-Date: Sat Feb 19 12:22:08 CET 2011 on sn-devel-104 commit 943aac2e366b781136cfff467b7ea5631890ebdd Author: Volker Lendecke v...@samba.org Date: Wed Feb 16 16:47:23 2011 +0100 s3: Add len to pdb_set_hours commit 6f3008e62714d46beed96e0f834340f81fa3c0c0 Author: Volker Lendecke v...@samba.org Date: Tue Feb 15 21:42:35 2011 +0100 s3: Let pdb_ads write accountExpires commit 478d74fe1447c4588b14ef7040c8c13339d54026 Author: Volker Lendecke v...@samba.org Date: Tue Feb 15 21:41:58 2011 +0100 s3: Fix pdb_ads_pull_time --- Summary of changes: source3/include/proto.h |3 +- source3/libnet/libnet_dssync_passdb.c |3 +- source3/libnet/libnet_samsync_passdb.c |3 +- source3/passdb/passdb.c |8 +++--- source3/passdb/pdb_ads.c| 42 ++- source3/passdb/pdb_get_set.c| 11 ++-- source3/passdb/pdb_ldap.c |2 +- source3/rpc_server/samr/srv_samr_util.c |4 ++- source3/utils/pdbedit.c |2 +- 9 files changed, 64 insertions(+), 14 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/proto.h b/source3/include/proto.h index 0885053..a2cc222 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -3770,7 +3770,8 @@ bool pdb_set_country_code(struct samu *sampass, uint16_t country_code, bool pdb_set_code_page(struct samu *sampass, uint16_t code_page, enum pdb_value_state flag); bool pdb_set_unknown_6(struct samu *sampass, uint32_t unkn, enum pdb_value_state flag); -bool pdb_set_hours(struct samu *sampass, const uint8_t *hours, enum pdb_value_state flag); +bool pdb_set_hours(struct samu *sampass, const uint8 *hours, int hours_len, + enum pdb_value_state flag); bool pdb_set_backend_private_data(struct samu *sampass, void *private_data, void (*free_fn)(void **), const struct pdb_methods *my_methods, diff --git a/source3/libnet/libnet_dssync_passdb.c b/source3/libnet/libnet_dssync_passdb.c index 4b66c39..df99e40 100644 --- a/source3/libnet/libnet_dssync_passdb.c +++ b/source3/libnet/libnet_dssync_passdb.c @@ -1263,7 +1263,8 @@ static NTSTATUS sam_account_from_object(struct samu *account, pdb_sethexhours(oldstr, pdb_get_hours(account)); pdb_sethexhours(newstr, logonHours.data); if (!strequal(oldstr, newstr)) { - pdb_set_hours(account, logonHours.data, PDB_CHANGED); + pdb_set_hours(account, logonHours.data, + logonHours.length, PDB_CHANGED); } } diff --git a/source3/libnet/libnet_samsync_passdb.c b/source3/libnet/libnet_samsync_passdb.c index 9d72194..cfcdb7c 100644 --- a/source3/libnet/libnet_samsync_passdb.c +++ b/source3/libnet/libnet_samsync_passdb.c @@ -179,7 +179,8 @@ static NTSTATUS sam_account_from_delta(struct samu *account, pdb_sethexhours(oldstr, pdb_get_hours(account)); pdb_sethexhours(newstr, r-logon_hours.bits); if (!strequal(oldstr, newstr)) - pdb_set_hours(account, r-logon_hours.bits, PDB_CHANGED); + pdb_set_hours(account, r-logon_hours.bits, + pdb_get_hours_len(account), PDB_CHANGED); } if (pdb_get_bad_password_count(account) != r-bad_password_count) diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index dafe55e..fdc4bdc 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -1086,7 +1086,7 @@ static bool init_samu_from_buffer_v0(struct samu *sampass, uint8_t *buf, uint32_ pdb_set_unknown_6(sampass, unknown_6, PDB_SET); pdb_set_acct_ctrl(sampass, acct_ctrl, PDB_SET); pdb_set_logon_divs(sampass, logon_divs, PDB_SET); - pdb_set_hours(sampass, hours, PDB_SET); + pdb_set_hours(sampass, hours, hours_len, PDB_SET); done: @@ -1278,7 +1278,7 @@ static bool init_samu_from_buffer_v1(struct samu *sampass, uint8_t *buf, uint32_ pdb_set_unknown_6(sampass, unknown_6,
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 8ad127e s3:tests: fix the smbclient_s3 test for multiple users running it. via 0749f7a s3:tests: remove unused script/tests/test_functions.sh via 93ca1bc s3:tests: include subunit.sh instead of test_functions.sh in test_posix_s3.sh via d03996a s3:tests: include subunit.sh instead of test_functions.sh in test_ntlm_auth_s3.sh via 6af6241 s3:tests: include subunit.sh instead of test_functions.sh in test_smbtorture_s3.sh via 4eb3da2 s3:tests: include subunit.sh instead of test_functions.sh in test_wbinfo_s3.sh via ae9aa47 s3:tests: use the blackbox subunit output formatter for the testparm_s3 test. via a1bec01 s3:tests: include subunit.sh instead of test_functions.sh in test_local_s3.sh via 745354e s3:tests: use the blackbox subunit output formatter for the smbclient_s3 test. from 9971061 s3: Pass logonHours through pdb_ads http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 8ad127e187abb8f9e8076a872e08faaf4fbc1367 Author: Michael Adam ob...@samba.org Date: Sat Feb 19 11:49:43 2011 +0100 s3:tests: fix the smbclient_s3 test for multiple users running it. The test created /tmp/log.smbclient, which lets the test fail if two users are running the test simultaneously. Now /tmp/log.test_smbclient_s3.$$ is used. Autobuild-User: Michael Adam ob...@samba.org Autobuild-Date: Sat Feb 19 13:06:57 CET 2011 on sn-devel-104 commit 0749f7a976fd1766bf076986f1b5e7eff323e5e0 Author: Michael Adam ob...@samba.org Date: Sat Feb 19 02:29:54 2011 +0100 s3:tests: remove unused script/tests/test_functions.sh This is not used any more now with selftest. commit 93ca1bc410b25492f02045f77bcd8d7d5bbfafe6 Author: Michael Adam ob...@samba.org Date: Sat Feb 19 01:14:54 2011 +0100 s3:tests: include subunit.sh instead of test_functions.sh in test_posix_s3.sh It would actually not be necessary at all to include a script providing testit() and so on, since this script snippet is currently only sourced in tests.sh to plan the included test. commit d03996afb50a22b24119cc4a6380c6923bcda997 Author: Michael Adam ob...@samba.org Date: Sat Feb 19 01:14:54 2011 +0100 s3:tests: include subunit.sh instead of test_functions.sh in test_ntlm_auth_s3.sh It would actually not be necessary at all to include a script providing testit() and so on, since this script snippet is currently only sourced in tests.sh to plan the included test. commit 6af6241040d376315f47716b4df7ca843b918d2d Author: Michael Adam ob...@samba.org Date: Sat Feb 19 01:14:54 2011 +0100 s3:tests: include subunit.sh instead of test_functions.sh in test_smbtorture_s3.sh It would actually not be necessary at all to include a script providing testit() and so on, since this script snippet is currently only sourced in tests.sh to plan the included test. commit 4eb3da2b0ece1c4d33c679c39f2beff0f2a324da Author: Michael Adam ob...@samba.org Date: Sat Feb 19 01:14:54 2011 +0100 s3:tests: include subunit.sh instead of test_functions.sh in test_wbinfo_s3.sh It would actually not be necessary at all to include a script providing testit() and so on, since this script snippet is currently only sourced in tests.sh to plan the included test. commit ae9aa47d6bcfa4ececdc1c74695c4c9a6c045ab6 Author: Michael Adam ob...@samba.org Date: Sat Feb 19 00:32:06 2011 +0100 s3:tests: use the blackbox subunit output formatter for the testparm_s3 test. With the old output, failures would go unnoticed by selftest. commit a1bec01eeb660e8ff00d77da185f81815be94c30 Author: Michael Adam ob...@samba.org Date: Sat Feb 19 01:14:54 2011 +0100 s3:tests: include subunit.sh instead of test_functions.sh in test_local_s3.sh It would actually not be necessary at all to include a script providing testit() and so on, since this script snippet is currently only sourced in tests.sh to plan the included test. commit 745354eab801ab08d161b7c5ee0142c82c1061b2 Author: Michael Adam ob...@samba.org Date: Sat Feb 19 00:32:06 2011 +0100 s3:tests: use the blackbox subunit output formatter for the smbclient_s3 test. With the old output, failures would go unnoticed by selftest. --- Summary of changes: source3/script/tests/test_functions.sh | 202 source3/script/tests/test_local_s3.sh |4 +- source3/script/tests/test_ntlm_auth_s3.sh |4 +- source3/script/tests/test_posix_s3.sh |4 +- source3/script/tests/test_smbclient_s3.sh | 22 +++- source3/script/tests/test_smbtorture_s3.sh |4 +- source3/script/tests/test_testparm_s3.sh |4 +- source3/script/tests/test_wbinfo_s3.sh |4 +- 8
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2011-02-20-0444/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2011-02-20-0444/samba3.stderr http://git.samba.org/autobuild.flakey/2011-02-20-0444/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2011-02-20-0444/samba4.stderr http://git.samba.org/autobuild.flakey/2011-02-20-0444/samba4.stdout The top commit at the time of the failure was: commit 8ad127e187abb8f9e8076a872e08faaf4fbc1367 Author: Michael Adam ob...@samba.org Date: Sat Feb 19 11:49:43 2011 +0100 s3:tests: fix the smbclient_s3 test for multiple users running it. The test created /tmp/log.smbclient, which lets the test fail if two users are running the test simultaneously. Now /tmp/log.test_smbclient_s3.$$ is used. Autobuild-User: Michael Adam ob...@samba.org Autobuild-Date: Sat Feb 19 13:06:57 CET 2011 on sn-devel-104