[Samba] Samba4: how to build on Virtualbox
Hi everyone VB with openSUSE 12.1 guest and host, guest with 512Mb RAM. Samba4 takes over 6 hours to build on the guest. The host does it in around 30 minutes even when the guest is fired up. I tried to rsync a build from the host to the guest but that takes forever too. Any tips? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Is there any instrospection GPO Python API available on Samba 4?
On Wed, 2012-07-18 at 21:31 -0300, Gabriel SERPRO wrote: > Hello Everybody, > > Is there any API available on Samba 4 that allows GPO's introspection?? (If > a Python API doesn't exist I'll try to generate binds with Swig!?) > > Truly, I need something that allow me to query GPO by Guid(for example), > list some attributes (Display Name, OU that is linked, security attr) and > see or catch the value of the items defined (Computer Configuration, User > Configuration, etc.), something like that. > > I tried with the MS Native API (Just work on windows and with RSAT > installed), but it just dump a XML or HTML Files with the values, which > becomes a overwhelming work for filtering and treatment. > > Thanks in advance, > > Gabriel Abdalla Cavalcante We have some C code in libgpo and python code in source4/scripting/python/samba/netcmd/gpo.py We also have registry parsing code that might help you deal with the resulting objects. However, much more remains to be done. Andrew Bartlett -- > > Andrew Bartletthttp://samba.org/~abartlet/ > Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] error in join a RODC (samba4)
On Fri, 2012-07-20 at 12:04 -0300, Luiz Gustavo wrote: > Hi list, > > I'm trying to add a RODC in an AD environment using the command: Is this joining a Samba4 domain, or a Microsoft AD domain? > /usr/local/samba4# bin/samba-tool domain join ad.x.com.br RODC > -UAdministrator --realm=ad.x.com.br -W X > > But I'm getting this error: > ERROR(ldb): uncaught exception - LDAP error 32 LDAP_NO_SUCH_OBJECT - > > <> > File > "/usr/local/samba4/lib/python2.7/site-packages/samba/netcmd/__init__.py", > line 160, in _run > return self.run(*args, **kwargs) > File > "/usr/local/samba4/lib/python2.7/site-packages/samba/netcmd/domain.py", > line 262, in run > machinepass=machinepass, use_ntvfs=use_ntvfs, > dns_backend=dns_backend) > File "/usr/local/samba4/lib/python2.7/site-packages/samba/join.py", > line 1019, in join_RODC > ctx.do_join() > File "/usr/local/samba4/lib/python2.7/site-packages/samba/join.py", > line 956, in do_join > ctx.join_add_objects() > File "/usr/local/samba4/lib/python2.7/site-packages/samba/join.py", > line 513, in join_add_objects > ctx.join_add_ntdsdsa() > File "/usr/local/samba4/lib/python2.7/site-packages/samba/join.py", > line 438, in join_add_ntdsdsa > ctx.samdb.add(rec, ["rodc_join:1:1"]) > > > I am using a DC with the provision by using the parameter > "--dns-backend=BIND9_FLATFILE" > > Using provision with samba_dlz, samba-tool can join the RODC without > problems, but I can not use the dynamic dns update. If this is starting with a Samba4 domain with the flat file DNS, we probably need to work out if we have DNS partitions before we attempt to replicate them. Can you file a bug so I don't forget? Thanks, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 unable to find SPN (Kerberos)
On Sat, 2012-07-21 at 07:01 +, Marcel Ritter wrote: > Hi, > > while trying to use Samba4 as KDC for secure NFS (once again) > I found something I suspect to be an error: > > In order for NFS (with krb5) to work it requires a nfs/... principal, > so I created one using samba-tool: > > samba-tool user add nfs-user > samba-tool spn add nfs/atom.mydomain.org nfs-user > samba-tool domain exportkeytab /etc/krb5.keytab > -principal=nfs/atom.mydomain.org > > After setting up NFS, a secure mount fails (permission denied). > > While trying to debug this error, I had a look at the KDC debug > output of samba, and all queries done while looking for the > SPN are: > > # Samba 4 log (during mount attempt): > Kerberos: AS-REQ nfs/atom.mydomain@mydomain.org from > ipv4:192.168.1.2:43938 for krbtgt/mydomain@mydomain.org > expr: > (&(objectClass=user)(userPrincipalName=nfs/atom.mydomain@mydomain.org)) > expr: (&(objectClass=user)(samAccountName=nfs/atom.mydomain.org)) > Kerberos: UNKNOWN -- nfs/atom.mydomain@mydomain.org: no such entry found > in hdb > So the question is: Shouldn't there also be a query like > expr: (&(objectClass=user)(servicePrincipalName=nfs/atom.mydomain.org)) > to make SPNs usable? > > Or did I miss something else here? An AS-REQ means that something is trying to kinit with the name nfs/atom.mydomain.org (ie, as a client). This shouldn't be needed, so work out what is doing that. The line for a client (user) connecting to an NFS server will be more like: Kerberos: TGS-REQ user@realm for nfs/atom.mydomain.org I hope this helps you debug this further, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Storing uidNumber and gidNumber in GC?
On 22/07/12 11:04, Elia Pinto wrote: It is a possibilty. But not the only, if you want to consider to reuse deleted account uid number. OTOH, if you care to don't never permit reuse the same uid number Hi In windows I can create a GPO which restricts access to an OU e.g. specific areas of the control panel. Do we have anything like this in openSUSE? Specifically, I'd like an OU to have access only to Yast>Hardware>NFS Client Is that possible? L x -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] rsync folder permissions
I'm trying to rsync our filserver to a USB backup. When I first start, all the folders are created with root:root ownership whereas the actual owners are root:Domain Users or root: one.of.our.groups Eventually, the groups show correctly, but not always. My question is, when rsync creates the new directories, does it respect user and group all the way along or must we wait for the end of the rsync to find out? IOW, sometimes we get a correct rsync but not every time even if we leave it to the end. If anyone can help me with the English here that would be beautiful. Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
