[Samba] LDAP Account Manager 3.5.0.RC1 released
LDAP Account Manager (LAM) 3.5.0.RC1 - July 22nd, 2011 == LAM is a web frontend for managing accounts stored in an LDAP directory. Announcement: - The General Information module shows internal data about LDAP entries and LAM is now capable to manage LDAP quota entries (Linux Disk Quota). Home directories may be created/deleted for existing accounts. The server information includes data from cn=monitor. LAM Pro users can create automount maps and use ppolicy to lock accounts. This is a test release. Please do not install it in your production environment. Please report any bugs until 2011-08-05. Full changelog: http://www.ldap-account-manager.org/lamcms/changelog Download: http://www.ldap-account-manager.org/lamcms/releases Features: - * management of various account types * Unix * Samba 3 * Kolab 2 * Asterisk * phpGroupwWare * Zarafa * DHCP * SSH keys * profiles for account creation * account creation via file upload * automatic creation/deletion of home directories * setting quotas * PDF output for all accounts * editor for organizational units * schema browser * tree view * multiple configuration files * multi-language support: Catalan, Chinese (Traditional + Simplified), Czech, Dutch, English, French, German, Hungarian, Italian, Japanese, Polish, Portuguese, Russian and Spanish * support for LDAP+SSL/TLS Demo installation: -- You can try our demo installation online. http://www.ldap-account-manager.org/lamcms/liveDemo Support: If you find a bug please file a bug report. For questions or implementing new features please use the mailinglist and feature request tracker at our homepage http://www.ldap-account-manager.org. Authors & Copyright: Copyright (C) 2003 - 2011: Roland Gruber LAM is published under the GNU General Public License. The complete list of licenses can be found in the copyright file. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] windows 7 clients complain that the trust relationship with the server has failed
From: "Strong, Steve" Date: Fri, 22 Jul 2011 13:45:38 -0500 (snip) > I know this is a known issue and I've found several reputable sites on the > web that suggest making the same set of changes to the Windows 7 registry: > > HKLM\System\CCS\Services\LanmanWorkstation\Parameters > DWORD DomainCompatibilityMode = 1 > DWORD DNSNameResolutionRequired = 0 > > HKLM\System\CCS\Services\Netlogon\Parameters > DWORD RequireSignOnSeal = 0 > DWORD RequireStrongKey = 0 No, only under HKLM\System\CCS\Services\LanmanWorkstation\Parameters should be set . See https://wiki.samba.org/index.php/Windows7 . --- TAKAHASHI Motonobu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Build problem on RHEL 5.6
Just had to rework which patches needed to be done to 3.5.9. A lot of them had been merged into 3.5.8. I have an updated ctdb also. Jonn On 07/22/2011 02:28 PM, Nico Kadel-Garcia wrote: > On Fri, Jul 22, 2011 at 11:39 AM, Taylor, Jonn > wrote: >> I built these on CentOS 5.6. >> >> http://www.taylortelephone.com/samba3x/ >> >> Jonn > Cool. What did you have to tweak from the RHEL samba3x SRPM's ? > > >> On 07/22/2011 01:03 AM, Nico Kadel-Garcia wrote: >>> On Mon, Jul 18, 2011 at 7:13 PM, Manjit Trehan wrote: Hi, I'm trying to build Samba-3.5.9 on RHEL 5.6 and I'm getting several errors similar to the following: >>> Start with the samba3x SRPM from RHEL 5 or Scientific Linux, to make >>> sure you've installed all the dependencies: >>> >>> >>> http://mirrors.kernel.org/redhat/redhat/linux/enterprise/5Server/en/os/SRPMS/samba3x-3.5.4-0.83.el5.src.rpm >>> >>> Then try building 3.5.9. And strongly consider jumping to RHEL 6 or >>> Scientific Linux 6, there are interesting dependencies on the latest >>> releases that are better resolved in a 4 years more recent base OS. >>> It's been out long enough to be stable and have the edges worn off the >>> new software changes. >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Build problem on RHEL 5.6
On Fri, Jul 22, 2011 at 11:39 AM, Taylor, Jonn wrote: > I built these on CentOS 5.6. > > http://www.taylortelephone.com/samba3x/ > > Jonn Cool. What did you have to tweak from the RHEL samba3x SRPM's ? > On 07/22/2011 01:03 AM, Nico Kadel-Garcia wrote: >> On Mon, Jul 18, 2011 at 7:13 PM, Manjit Trehan wrote: >>> Hi, >>> >>> I'm trying to build Samba-3.5.9 on RHEL 5.6 and I'm getting several errors >>> similar to the following: >> Start with the samba3x SRPM from RHEL 5 or Scientific Linux, to make >> sure you've installed all the dependencies: >> >> >> http://mirrors.kernel.org/redhat/redhat/linux/enterprise/5Server/en/os/SRPMS/samba3x-3.5.4-0.83.el5.src.rpm >> >> Then try building 3.5.9. And strongly consider jumping to RHEL 6 or >> Scientific Linux 6, there are interesting dependencies on the latest >> releases that are better resolved in a 4 years more recent base OS. >> It's been out long enough to be stable and have the edges worn off the >> new software changes. > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] windows 7 clients complain that the trust relationship with the server has failed
I'm running my samba 3.5.9 server on CentOS 5.x. Windows 7 clients can add themselves to the domain, and local users on the client can map network drives (even ones they don't have access to and modify the contents!!!) and net view and net use commands work, but give the user too much access. XP clients can add themselves to the domain, authenticate users correctly and apply correct access rules to shared directories on the server. I know this is a known issue and I've found several reputable sites on the web that suggest making the same set of changes to the Windows 7 registry: HKLM\System\CCS\Services\LanmanWorkstation\Parameters DWORD DomainCompatibilityMode = 1 DWORD DNSNameResolutionRequired = 0 HKLM\System\CCS\Services\Netlogon\Parameters DWORD RequireSignOnSeal = 0 DWORD RequireStrongKey = 0 below is my smb.conf file (and thanks!) steve ps: I'm also open to general advise regarding my samba configuration... #=== Global Settings = [global] workgroup = cs.mtmercy.edu server string = Mount Mercy CS Lab Samba Server -- Version = %v netbios name = GRACE log file = /var/log/samba/%m.log ;not in original version max log size = 50 ;not in original version passdb backend = tdbsam security = user interfaces = lo eth0 10.9.1.6/21 hosts allow = 127. 10.9. encrypt passwords = yes add user script = /usr/sbin/useradd -m %u delete user script = /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupdel %g add user to group script = /usr/sbin/usermod -G %g %u add machine script = /usr/sbin/useradd -d /dev/null -s /bin/false -g machines %u logon drive = H: domain logons = yes os level = 255 preferred master = yes domain master = yes local master = yes #=== Share Definitions = password server = grace.cs.mtmercy.edu idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/false winbind use default domain = false [netlogon] comment = network logon service path = /var/lib/samba/netlogon/scripts browseable = No read only = No [Profiles] comment = Roaming Profile Share path = /usr/lib/samba/profiles read only = No browseable = No guest ok = Yes profile acls = Yes [homes] comment = home directories browseable = no writeable = yes [printers] comment = all printers path = /usr/spool/samba printable = yes browseable = yes guest ok = yes writable = no printable = yes [common] comment = read only directory for cs resources path = /usr/share/common public = yes writeable = no printable = no write list = @faculty, @csfaculty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4, Windows 7, Roaming profiles and Folder redirection
Hi John, Happy to help. Here's the Microsoft Knowledgebase reference for User Shell Folders: http://support.microsoft.com/kb/931087 Marc On Jul 21, 2011, at 5:40 PM, John H Terpstra wrote: > Marc, > > Thank you for posting this information. It would help significantly if you > could also provide Microsoft Knowledgebase references for the registry > changes. > > Cheers, > John T. > > On 07/21/2011 06:22 PM, Marc Cain wrote: >> Here are the key steps that need to be applied for Windows 7 and >> WinXp > folder redirection in Samba 3.x environments. Feel free to email me off > list if you need any more detail: >> >> -- For Windows 7 be sure to create a proper default user profile on > the workstation using sysprep. It's crucial to the initial profile creation. >> >> The first time a user logs onto the domain have a logon script > (vbscript works great for this) do the following: >> >> -- Copy the applicable folder(s) from the users local profile to > locations on the server that are outside the user's remote profile path; > for instance to a folder in their home directory. >> >> -- Alter the paths in > "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell > Folders" to point to these new locations. The most critical folders, and > maybe the only ones you really need to redirect, are Application > Data(AppData) and Desktop, though you can redirect anything that's list > in User Shell Folders including Downloads. >> >> -- Make sure the workstation's local GroupPolicy is set to not roam > the folders you've redirected. Windows will continue to copy them up and > down from the server's profile folder if you don't set this: User > Configuration\Administrative Templates\System\User Profiles \Exclude > directories in roaming profile >> >> - You will want to look at a couple of other settings in the Local > GroupPolicy and tweak to your preferences >> Computer Configuration\Administrative Templates\System\User Profiles >> User Configuration\Administrative Templates\System\User Profiles >> >> Here's the path structure we use: >> >> Profile: \\sambaserver\profiles\username\WinXP >> \\sambaserver\profiles\username\WinXP.V2 >> >> Redirected: \\sambaserver\homes\username\redirectedfolders\Desktop >> \\sambaserver\homes\username\redirectedfolders\Favorites >> \\sambaserver\homes\username\redirectedfolders\WinXP\AppData >> \\sambaserver\homes\username\redirectedfolders\WinXP.V2\AppData >> >> The first logon can be long depending on network performance and the > number of installed apps, up to a couple of minutes due to the copying > of data from local to remote drives. Subsequent logons should only take > 5 to 10 seconds (again depending on network performance) since the > system is only copying a few megabytes worth of data to and from the > profile folder. >> >> There are a couple of critical timeout issues that may need to be > addressed if you experience long Welcome screens after the initial logon: >> >> When the following local GPO is left in its default setting Samba > domain logons are delayed for 30 seconds: "Computer > Configuration\Administrative Templates\System\User Profiles\Set maximum > wait time for the network if the user has a roaming user profile or > remote home directory." Enable this and set the value to 0 to work > around this timeout. >> >> A 30 second timeout can occur if you set the local GPO to "Run logon > scripts synchronously". The fix was to apply an old Vista reg setting. > Can be Googled as "Vista Run logon scripts synchronously". >> . >> >> Marc >> >> On Jul 21, 2011, at 8:07 AM, Tanuki uk wrote: >> >>> Hello, >>> I'm quite new to Samba administration and I've inherited a working samba >>> setup with roaming profiles however the login and logout times for users has >>> been growing and I'm starting to think it's time do something about it. I'm >>> thinking redirect some folders to a samba share on the network will speed up >>> the login and logout times. >>> >>> Our setup has 25 Windows 7 workstations and about 10 laptop users(also on >>> windows 7) all connecting to one Samba server. The laptops are often not on >>> the main office network so i was planning to use offline file sync for the >>> network drive i would be redirecing to, is this a bad idea for some reason? >>> >>> I've had a look around at various documentation and details seem >>> quite scarce. However all the documentation I've found is targeted at >>> Windows XP or suggests using domain wide Group Policy Objects (GPO's). My >>> understanding is that GPO's can only be used if you have a Windows AD server >>> or Samba 4 however I don't have a Windows server and Samba 4 is abit too >>> bleeding edge for a production deployment(?). >>> >>> If anyone can point me to some good documentation it would be really useful, >>> I would love to see an updated "The Official Samba HOWTO and Reference >>> Guide" or similar. Thought's comments or insights are also more then >>> welcome. >>> >>>
Re: [Samba] Write but no read Permissons
From: Jeremy Allison Date: Wed, 20 Jul 2011 11:53:18 -0700 > On Wed, Jul 20, 2011 at 11:38:17AM -0700, Aaron Clausen wrote: > > I have a somewhat unusual situation in which I need to create a > > "drop box" share that allows users to copy files into the share, but > > denies them read or delete permissions. I'm running Samba 3 with > > ACL support. Is this remotely possible? > > This should help. > > http://www.theopensourcerer.com/2008/04/17/a-shared-drop-box-using-samba/ > > Tweak the "mode" lines to get the right permissions. This post may help you, ACL support is not required: http://lists.samba.org/archive/samba-technical/2011-January/075640.html --- TAKAHASHI Motonobu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba + LDAP + SMBLDAP-Tools + Roaming Profiles
From: "J. Echter" Date: Thu, 21 Jul 2011 08:51:25 +0200 > Am 20.07.2011 18:08, schrieb TAKAHASHI Motonobu: > hi, > > tried all your hints. still now profiles found... H... My testing environment is available at ftp://ftp.ring.gr.jp/pub/net/samba-jp/vmware_player_images/sambapdc-squeeze-20110713.zip In this environment, 1) # chmod 1777 /var/lib/samba/shares/profiles 2) changing "hide files" and "profiles acls" same as yours 3) # pdbedit -p \\sambapdc\profiles\username username 4) Logging on as the user, roaming profiles is successfully created. I'm using "ldapsam:editposix" instead of smbldap-tools, so this may not help you... --- TAKAHASHI Motonobu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Build problem on RHEL 5.6
I built these on CentOS 5.6. http://www.taylortelephone.com/samba3x/ Jonn On 07/22/2011 01:03 AM, Nico Kadel-Garcia wrote: > On Mon, Jul 18, 2011 at 7:13 PM, Manjit Trehan wrote: >> Hi, >> >> I'm trying to build Samba-3.5.9 on RHEL 5.6 and I'm getting several errors >> similar to the following: > Start with the samba3x SRPM from RHEL 5 or Scientific Linux, to make > sure you've installed all the dependencies: > > > http://mirrors.kernel.org/redhat/redhat/linux/enterprise/5Server/en/os/SRPMS/samba3x-3.5.4-0.83.el5.src.rpm > > Then try building 3.5.9. And strongly consider jumping to RHEL 6 or > Scientific Linux 6, there are interesting dependencies on the latest > releases that are better resolved in a 4 years more recent base OS. > It's been out long enough to be stable and have the edges worn off the > new software changes. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] CIFS proxy
Hi. We managed to get samba 4 cifs proxy working with s4u2proxy auth in an AD environment. The problem is it won't let clients neither write files larger than 16441 bytes nor read files larger than 65536 bytes. For example, writing a 16641 byte file works ok, but writing a 16642 byte (or larger) file fails: # ls -l 16641.txt 16642.txt -rw-r--r-- 1 root root 16641 Jul 21 11:30 16641.txt -rw-r--r-- 1 root root 16642 Jul 21 11:30 16642.txt # smbclient //samba4/cifs4test -k -c "put 16641.txt" Domain=[MYDOMAIN] OS=[Unix] Server=[Samba 4.0.0alpha16] putting file 16641.txt as \16641.txt (8125.1 kb/s) (average 8125.5 kb/s) # smbclient //samba4/cifs4test -k -c "put 16642.txt" Domain=[MYDOMAIN] OS=[Unix] Server=[Samba 4.0.0alpha16] cli_push returned NT_STATUS_ACCESS_DENIED NT_STATUS_IO_TIMEOUT closing remote file \16642.txt Reading files up to 65536 bytes works fine, but reading larger files produces a 0 byte file with no error messages: # smbclient //samba4/cifs4test -k -c "get 65535.txt" Domain=[MYDOMAIN] OS=[Unix] Server=[Samba 4.0.0alpha16] getting file \65535.txt of size 65535 as 65535.txt (12799.6 KiloBytes/sec) (average 12799.8 KiloBytes/sec) # smbclient //samba4/cifs4test -k -c "get 65536.txt" Domain=[MYDOMAIN] OS=[Unix] Server=[Samba 4.0.0alpha16] getting file \65536.txt of size 65536 as 65536.txt (0.0 KiloBytes/sec) (average 0.0 KiloBytes/sec) # ls -ll 65535.txt 65536.txt -rw-r--r-- 1 root root 65535 Jul 22 12:09 65535.txt -rw-r--r-- 1 root root 0 Jul 22 12:10 65536.txt If clients connect directly to the server (windows 2003 SP2) everything works fine. We tested this on windows xp and smbclient 3.5.8 as clients and Samba 4 alpha16 as cifs proxy with increasing debug levels, but haven't found any suspicious message so far. The samba 4 server is "Trusted for delegation" in AD. We also tried using cifs:user/cifs:password or cifs:use-s4u2proxy options to no avail. [global] server role = member server workgroup = MYDOMAIN realm = MYDOMAIN.COM netbios name = SAMBA4 [cifs4test] ntvfs handler = cifs cifs:server = SERVER01 cifs:share = enc Any suggestions on how to further debug this? Thanks! Max On 06/07/11 18:22, Andrew Bartlett wrote: On Wed, 2011-07-06 at 17:25 -0300, Maximiliano Bertacchini wrote: Hi, I need to run a Samba CIFS proxy (not DFS) in an AD environment. I've checked samba4's ntvfs cifs module but it won't even compile and I guess it's not ready for production. Samba4's CIFS proxy is what you want. If you have issues compiling Samba4, then let's deal with those. The CIFS proxy is quite well tested as part of our automated test suite, and I would be far happier using it in production than going via the linux kernel CIFS client. The Samba4 CIFS proxy supports both accepting forward-able Kerberos tickets, and newly developed by metze) using S2U4Proxy to get the tickets itself. Andrew Bartlett -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Win7/W2K8 R2 sp1
On 07/22/2011 10:43 AM, Gaiseric Vandal wrote: On 03/10/2011 12:00 PM, Zuskov, M.S. wrote: After upgrading Win7 and W2K8 R2 clients to service pack 1 it is no longer possible to log in to domain(before the upgrade the clients can log in into domain). Clean installation of Win7/W2K8 R2 with integrated sp1 has the same effect. Our domain PDC is running on samba 3.3.7. I'm curious if anyone else has seen this already. Thank you Mikhail Zuskov Can you remove the machine from the domain and then rejoin it back to the domain? Just to clarify - remove/rejoin the Windows 7 PC, not the samba server. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Win7/W2K8 R2 sp1
On 03/10/2011 12:00 PM, Zuskov, M.S. wrote: After upgrading Win7 and W2K8 R2 clients to service pack 1 it is no longer possible to log in to domain(before the upgrade the clients can log in into domain). Clean installation of Win7/W2K8 R2 with integrated sp1 has the same effect. Our domain PDC is running on samba 3.3.7. I'm curious if anyone else has seen this already. Thank you Mikhail Zuskov Can you remove the machine from the domain and then rejoin it back to the domain? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba