Re: [Samba] join Samba 4 domain using likewise
Any solution to this problem? I have exactly the same error going the other way (trying to join a Ubuntu workstation to a Windows 2008 domain. Thanks. David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind group membership
Hi. On 27.01.2012 14:48, Eugene M. Zheganin wrote: Hi. FreeBSD 8.2 Samba 3.5.11 from ports I have an issue with group membership. id shows only small part of the groups a user is member of. I'm aware about UNIX max group issue, but this isn't related to it - for example for a user which is member of the 6 griups id shows only 3. Although wbinfo -r shows correct number of groups and wbinfo -G is able to successfully translate UNIX group to a domain SID. I was able to localize the problem a bit more. First of all, winbind doesn't recognize at all the Universal domain groups. Since I have only one domain, I simply changed all the universal group I'm interested in to global ones (still wonder who and why created all these groups as universal). But this solved only a part of the problem. I sill don't see all of the domain groups in 'id' output for the user. I compared the 'wbinfo -g' output and the 'getent group' output. In the 'getent group' some groups are missing ! These are the same groups that are missing from 'id user'. So any ideas ? Thanks. Eugene. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Is that possible to create profiles shares into group structure?
It works now! What did the trick was put the following line in the "[profiles]" share. Only using the "logon path" haven't made any difference. [profiles] ... path = /home/my_company/profiles/%G/ ... But it's absolutely necessary that you create the "group" directory (%G), Samba won't do that and won't create the roaming profile directory in this case. THANK YOU! Alexander Brazil On Fri, Jan 27, 2012 at 12:19 PM, Harry Jede wrote: > On 15:07:03 wrote Listas Fernandes: > > Hi. > > > > I'm using Samba + OpenLDAP. > > > > Samba version 3.4.9. > > > > Everything is working fine. > > > > But I would like to put the roaming user profiles in a directory > > structure considering the group of the users. > > > > For example, for now I have: > > > > /home/company/profiles/user1 > > /home/company/profiles/user2 > > /home/company/profiles/user3 > > > > And I would like to use: > > > > /home/company/profiles/financial/user1 > > /home/company/profiles/financial/user2 > > /home/company/profiles/students/user3 > > /home/company/profiles/visitors/user4 > > > > I've tried some changes using the %g variable in the "[profiles]" > > share, but nothing seems to do what I'm expecting. > > > > I've tried too using %g in the "logon path" but again nothing > > happened. > > > > I thought the following line would do the trick, but... no: > > > > logon path = \\%L\profiles\%g\%U > try this: > logon path = \\%L\profiles\%G\%U > > it works since years, we use > > logon path = \\%L\profiles\%G\%U\%a > > so we get a windows version specific profile. We need this because we > have w2k and wxp workstations. > > I don't remember if we had precreated the profiles group directories :-( > . > > > > > Could you give me any clue about how to do that? > > > > Thanks! > > > > Alexander > > Brazil > > > -- > > Regards >Harry Jede > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Is that possible to create profiles shares into group structure?
On 15:07:03 wrote Listas Fernandes: > Hi. > > I'm using Samba + OpenLDAP. > > Samba version 3.4.9. > > Everything is working fine. > > But I would like to put the roaming user profiles in a directory > structure considering the group of the users. > > For example, for now I have: > > /home/company/profiles/user1 > /home/company/profiles/user2 > /home/company/profiles/user3 > > And I would like to use: > > /home/company/profiles/financial/user1 > /home/company/profiles/financial/user2 > /home/company/profiles/students/user3 > /home/company/profiles/visitors/user4 > > I've tried some changes using the %g variable in the "[profiles]" > share, but nothing seems to do what I'm expecting. > > I've tried too using %g in the "logon path" but again nothing > happened. > > I thought the following line would do the trick, but... no: > > logon path = \\%L\profiles\%g\%U try this: logon path = \\%L\profiles\%G\%U it works since years, we use logon path = \\%L\profiles\%G\%U\%a so we get a windows version specific profile. We need this because we have w2k and wxp workstations. I don't remember if we had precreated the profiles group directories :-( . > > Could you give me any clue about how to do that? > > Thanks! > > Alexander > Brazil -- Regards Harry Jede -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Is that possible to create profiles shares into group structure?
Hi Daniel. "freddy" is member of the 'finantial' group, but has some 'adicional groups'. I think it's ok since the %g variable show me exactly and only the 'finantial' group. In other words, I can get this exactly information. Considering that do you think it's possible to do what I need? Anyway, using an user specific LDAP property as you suggested can fit my needs because I use an script to create and change users informations. In fact I have to do in this way because there's a lot of users and almost of them come from a freak third-part Paradox ( O.o ) database, so, my script import those users informations and automatically create and remove the users from the OpenLDAP. Thanks! Alexander Brazil On Fri, Jan 27, 2012 at 10:23 AM, Daniel Müller wrote: > Hmm... > So you only have for every user exactly one group? > Ex: freddy is only member of group financial?! > In a live environment this could not work. > If you are working with openldap you can define in your openldap-config the > "profile Path"(sambaProfilePath). > Leave it empty in you smb.conf samba would search for it in your > openldap-config. > But you need to define it for every user. > With ex:LDAP Admin you are able to do it in a gui. > > Good Luck > Daniel > > > --- > EDV Daniel Müller > > Leitung EDV > Tropenklinik Paul-Lechler-Krankenhaus > Paul-Lechler-Str. 24 > 72076 Tübingen > > Tel.: 07071/206-463, Fax: 07071/206-499 > eMail: muel...@tropenklinik.de > Internet: www.tropenklinik.de > --- > > -Ursprüngliche Nachricht- > Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] > Im > Auftrag von Listas Fernandes > Gesendet: Freitag, 27. Januar 2012 12:59 > An: samba@lists.samba.org > Betreff: [Samba] Is that possible to create profiles shares into group > structure? > > Hi. > > I'm using Samba + OpenLDAP. > > Samba version 3.4.9. > > Everything is working fine. > > But I would like to put the roaming user profiles in a directory structure > considering the group of the users. > > For example, for now I have: > > /home/company/profiles/user1 > /home/company/profiles/user2 > /home/company/profiles/user3 > > And I would like to use: > > /home/company/profiles/financial/user1 > /home/company/profiles/financial/user2 > /home/company/profiles/students/user3 > /home/company/profiles/visitors/user4 > > I've tried some changes using the %g variable in the "[profiles]" share, > but nothing seems to do what I'm expecting. > > I've tried too using %g in the "logon path" but again nothing happened. > > I thought the following line would do the trick, but... no: > > logon path = \\%L\profiles\%g\%U > > > Could you give me any clue about how to do that? > > Thanks! > > Alexander > Brazil > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Is that possible to create profiles shares into group structure?
Hmm... So you only have for every user exactly one group? Ex: freddy is only member of group financial?! In a live environment this could not work. If you are working with openldap you can define in your openldap-config the "profile Path"(sambaProfilePath). Leave it empty in you smb.conf samba would search for it in your openldap-config. But you need to define it for every user. With ex:LDAP Admin you are able to do it in a gui. Good Luck Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Listas Fernandes Gesendet: Freitag, 27. Januar 2012 12:59 An: samba@lists.samba.org Betreff: [Samba] Is that possible to create profiles shares into group structure? Hi. I'm using Samba + OpenLDAP. Samba version 3.4.9. Everything is working fine. But I would like to put the roaming user profiles in a directory structure considering the group of the users. For example, for now I have: /home/company/profiles/user1 /home/company/profiles/user2 /home/company/profiles/user3 And I would like to use: /home/company/profiles/financial/user1 /home/company/profiles/financial/user2 /home/company/profiles/students/user3 /home/company/profiles/visitors/user4 I've tried some changes using the %g variable in the "[profiles]" share, but nothing seems to do what I'm expecting. I've tried too using %g in the "logon path" but again nothing happened. I thought the following line would do the trick, but... no: logon path = \\%L\profiles\%g\%U Could you give me any clue about how to do that? Thanks! Alexander Brazil -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.5.8 - windows XP workstations disapear from browselist
Hello ! I've upgraded samba to 3.6.1 during migration to new hardware. Problem remains the same. Offtop. Are You Polish ? Nobody else reported similar problem. Perhaps it is language related (language specyfic Windows update). Thanks! BartekR W dniu 2012-01-26 21:59, Daniel Deptuła pisze: Hello! I'm afraid I have the same problem in my network. We have a domain where Samba (3.5.11) is the PDC. Clients include Windows XP's and 7's. I recently noticed that many stations are not visible in the browselist. I'll investigate it and let you know about the results. Daniel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Is that possible to create profiles shares into group structure?
Hi. I'm using Samba + OpenLDAP. Samba version 3.4.9. Everything is working fine. But I would like to put the roaming user profiles in a directory structure considering the group of the users. For example, for now I have: /home/company/profiles/user1 /home/company/profiles/user2 /home/company/profiles/user3 And I would like to use: /home/company/profiles/financial/user1 /home/company/profiles/financial/user2 /home/company/profiles/students/user3 /home/company/profiles/visitors/user4 I've tried some changes using the %g variable in the "[profiles]" share, but nothing seems to do what I'm expecting. I've tried too using %g in the "logon path" but again nothing happened. I thought the following line would do the trick, but... no: logon path = \\%L\profiles\%g\%U Could you give me any clue about how to do that? Thanks! Alexander Brazil -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4 user add - memberOf
On 27/01/2012 11:15, Daniel Müller wrote: Look at: https://wiki.samba.org/index.php/Samba-tool-external --- Hi All, After adding a new user, using 'samba-tool user add', what would be the best way to make the new user a 'memberOf' a specific group, from the command line/script? I was thinking, the obvious way would be the ldb* tools, are they documented anywhere? Regards, Mike. Thanks for the link. I have now worked it out and ldbmodify has done the trick. Regards, Mike. -- Any question is easy if you know the answer! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4 user add - memberOf
Look at: https://wiki.samba.org/index.php/Samba-tool-external --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Mike Howard Gesendet: Freitag, 27. Januar 2012 11:54 An: samba@lists.samba.org Betreff: [Samba] samba4 user add - memberOf Hi All, After adding a new user, using 'samba-tool user add', what would be the best way to make the new user a 'memberOf' a specific group, from the command line/script? I was thinking, the obvious way would be the ldb* tools, are they documented anywhere? Regards, Mike. -- Any question is easy if you know the answer! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba4 user add - memberOf
Hi All, After adding a new user, using 'samba-tool user add', what would be the best way to make the new user a 'memberOf' a specific group, from the command line/script? I was thinking, the obvious way would be the ldb* tools, are they documented anywhere? Regards, Mike. -- Any question is easy if you know the answer! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] The Recycled PIDs Fix
On Fri, Jan 27, 2012 at 02:57:55AM -0700, Manoj Dahal wrote: > This seems to be good for us for the time being. What > should we assume the value of UINT64_MAX, > 0x or 0x7FFF ? > > And the question is how soon the "don't verify this unique > id" code can be added in smbd if unique_id is UINT64_MAX? The procedure is for you to file a bug at bugzilla.samba.org and provide a patch. If that patch is reviewed positively, it will end up in the next released Samba version. For your OES, you can simply add the patch to your internal build process. With best regards, Volker Lendecke -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.sernet.de, mailto:kont...@sernet.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] The Recycled PIDs Fix
** Low Priority ** Hi Volker/Stefan, This seems to be good for us for the time being. What should we assume the value of UINT64_MAX, 0x or 0x7FFF ? And the question is how soon the "don't verify this unique id" code can be added in smbd if unique_id is UINT64_MAX? Thanks, -Manoj >>> Volker Lendecke 1/25/2012 8:21 PM >>> On Wed, Jan 25, 2012 at 03:47:58PM +0100, Stefan (metze) Metzmacher wrote: > Hi Manoj, > > > This is regarding your fix on recycled PIDs. I am an NCP developer from > > Novell and we use libsmbsharemodes library > > from Samba for Cross Protocols Locks between NCP, Samba and others. I have > > few queries regarding your fix. > > > > In your fix, you have added a new field called 'unique_id' in the server_id > > structure > > and we need to pass this in our call to samba share mode APIs e.g. > > create_share_mode_entry(). > > > > Also, you have introduced server registration/de-registration which is > > associated with 'unqiue_id'. If we use these new APIs > > then in which library from Samba do we need to link to? Or without calling > > serverid_register() can we directly pass any 'unique_id' > > while calling to create_share_mode_entry() and in that case whether this > > and other share mode APIs will work properly? > > > > > > Looking forward to your answer, > > Maybe we could invent a special value e.g. UINT64_MAX as "don't verify > this unique id". Good idea. Did not think about that. This would assume that the ncp server process never dies... Volker -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.sernet.de, mailto:kont...@sernet.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] winbind group membership
Hi. FreeBSD 8.2 Samba 3.5.11 from ports I have an issue with group membership. id shows only small part of the groups a user is member of. I'm aware about UNIX max group issue, but this isn't related to it - for example for a user which is member of the 6 griups id shows only 3. Although wbinfo -r shows correct number of groups and wbinfo -G is able to successfully translate UNIX group to a domain SID. Can this be solved somehow ? I tried the 3.6.1 from ports, but using it's nss_winbind.so id only shows primary group for mapped users and none for system users existing in the domain. For example: [emz@witchdoctor:/var/db/samba]# id emz uid=1001(emz) gid=0(wheel) groups=0(wheel),20007(администраторы домена),20100(warez-rw),20248(internet users - panicbox),20413(internet users - samara),20456(internet users - crystal) [emz@witchdoctor:/var/db/samba]# wbinfo -r emz 20002 20459 20456 20100 20547 20413 20007 20248 20009 20692 20587 20695 20693 20694 20585 20652 20584 20621 20613 20649 20590 20654 20664 20657 20612 20586 20001 2 [emz@witchdoctor:/var/db/samba]# wbinfo -r emz | xargs wbinfo -G S-1-5-21-3780126066-798514342-2262872178-513 [emz@witchdoctor:/var/db/samba]# wbinfo -G 20002 S-1-5-21-3780126066-798514342-2262872178-513 [emz@witchdoctor:/var/db/samba]# wbinfo -G 20459 S-1-5-21-3780126066-798514342-2262872178-17960 [emz@witchdoctor:/var/db/samba]# wbinfo -G 20456 S-1-5-21-3780126066-798514342-2262872178-17956 [emz@witchdoctor:/var/db/samba]# wbinfo -G 20100 S-1-5-21-3780126066-798514342-2262872178-11860 [emz@witchdoctor:/var/db/samba]# wbinfo -G 20547 S-1-5-21-3780126066-798514342-2262872178-20184 [emz@witchdoctor:/var/db/samba]# wbinfo -G 20413 S-1-5-21-3780126066-798514342-2262872178-17662 [emz@witchdoctor:/var/db/samba]# wbinfo -G 20007 S-1-5-21-3780126066-798514342-2262872178-512 [emz@witchdoctor:/var/db/samba]# wbinfo -G 20248 S-1-5-21-3780126066-798514342-2262872178-15792 [emz@witchdoctor:/var/db/samba]# wbinfo -G 20009 S-1-5-21-3780126066-798514342-2262872178-5934 [emz@witchdoctor:/var/db/samba]# wbinfo -G 20692 S-1-5-21-3780126066-798514342-2262872178-19463 [emz@witchdoctor:/var/db/samba]# wbinfo -G 20587 S-1-5-21-3780126066-798514342-2262872178-13813 [emz@witchdoctor:/var/db/samba]# wbinfo -G 20695 S-1-5-21-3780126066-798514342-2262872178-19466 Thanks. Eugene. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 and GSSAPI kerberos ldap connect
On Fri, 2012-01-27 at 08:40 +0100, steve wrote: > On 01/27/2012 05:37 AM, Andrew Bartlett wrote: > > On Sun, 2012-01-22 at 15:32 +0100, steve wrote: > > > >> even though I've made a ldap/hh3.site principal: > >> hh3:/tmp # samba-tool spn add ldap/hh3.site Administrator > >> hh3:/tmp # samba-tool domain exportkeytab /etc/ldap.keytab > >> --principal=ldap/hh3.site > >> > >> Why do I get the > >> Decrypt integrity check failed > >> error? > > Why do you keep doing this? > > > > What makes you think this is the right thing to do (so I can correct > > whatever gave you this misconception). > > > > Samba will not read /etc/ldap.keytab. > > > > Samba uses the private keytab containing it's own machine account only. > > Samba should not be contacted via the dns domain name, it should be > > contacted by the fully qualified domain name. > > > > The fact the dns domain name (hh3.site) resolves is an artefact of the > > default AD DNS zone, but should not be used. If your client uses the > > fully qualified name (dc.hh3.site), it will collect the correct ticket, > > and Samba will decrypt it. > > > > Thanks, > > > > Andrew Bartlett > > > Hi > > Thanks for pointing this out. It turned out that when I provisioned, I > had the fqdn wrong. Duh! I set that correctly in /etc/hosts, > reprovisioned and everything sprang to life. ldapsearch -Y GSSAPI worked > and I could extract stuff I'd put into the s4 LDAP database so our Linux > users could connect. > > I have still not been able to get winbind nor the fileserver working, so > I've added nfs4 for the Linux clients and there I did need to add a > principal for the kerberized nfs, otherwise the nfs server would not > start. That is correct. Unlike our internal services, you will need to add an account and give that account an SPN to allow other kerberos services to work. You then extract the keytab entry into the keytab file the service expects to use (quite possibly the system default /etc/krb5.keytab). > It's a bit of a hack but it's good enough for us at the moment. I > got around the user id mappings as described here: > http://linuxcostablanca.blogspot.com/p/samba-4.html I'll try and look over that and give you some feedback. Where possible, refer folks to the official HOWTO, as we can keep that up to date and correct errors/misconceptions centrally that way. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba