[Samba] Windows 7 Easy Transfer
I've installed Windows 7 64/Pro on a former XP/Pro workstation connected to Samba domain (Debian/Squeeze - v3.5.6). Prior to doing this, I saved the settings using the Windows Easy Transfer tool to create a 13G file on a USB stick. I completed the install of Windows 7 and joined the workstation to the domain. I can log in with a Domain Admin account, and I note that the Domain Admins are in the local Administrators group. However when I run the Easy Transfer tool to restore whatever settings it can, I get "Windows easy transfer can't log on to your domain account". I've seen some other complaints about Easy Transfer having some problems with Domains, but I'm wondering if there are any known problems with Samba domains? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] pam_smbpass.so on AIX
>Run ldd on the binary. it will show the unresolved library references. Hi there! Here is the output: benhu@systst:/opt $ ldd /opt/samba-4.0.0/lib/security/pam_smbpass.so /opt/samba-4.0.0/lib/security/pam_smbpass.so needs: /usr/lib/libc.a(shr.o) /usr/lib/libpam.a(shr.o) /usr/lib/libpthread.a(shr_xpg5.o) /opt/samba-4.0.0/lib/libwbclient.so /usr/lib/librtl.a(shr.o) /unix /usr/lib/libcrypt.a(shr.o) /usr/lib/libmls.a(shr.o) /usr/lib/libpthreads.a(shr_comm.o) /usr/lib/libpthreads.a(shr_xpg5.o) /usr/lib/libmlsenc.a(shr.o) /usr/lib/libodm.a(shr.o) benhu@systst:/opt $ ldd /opt/samba-4.0.0/lib/libwbclient.so /opt/samba-4.0.0/lib/libwbclient.so needs: /usr/lib/libc.a(shr.o) /usr/lib/libpthreads.a(shr_xpg5.o) /usr/lib/librtl.a(shr.o) /unix /usr/lib/libcrypt.a(shr.o) /usr/lib/libpthreads.a(shr_comm.o) AIX doesn't have an rpath option that I know of, and it doesn't have an ld.so.conf. The closest equivalent is to define LIBPATH in /etc/environment. I have done this, since I had to do that to get swat working in the first place. But the above looks good to me, since they're absolute paths you'd think it's just work... Since it works for swat and not for passwd though, I'm wondering if it has something to do with 32-bit vs 64-bit binaries... Thanks! -Ben -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] pam_smbpass.so on AIX
On Fri, 2013-01-18 at 19:20 +, Benjamin Huntsman wrote: > Yet another odd one... > > I've got it set up now so that swat uses pam_smbpass.so, and once a user logs > into swat at least once, it'll update their password in the passdb backend > configured for Samba. But, I also need to ensure that when a user changes > their password via passwd, it also gets updated. I added the following in > /etc/security/login.cfg: > > usw: > auth_type = PAM_AUTH > > and that makes telnetd, passwd, etc all go through pam. > > However, when I try to log in via telnet or run passwd, I get this in > syslog.log: > > Jan 18 10:59:06 systst auth|security:debug login PAM: load_modules: > /usr/lib/security/pam_aix > Jan 18 10:59:06 systst auth|security:debug login PAM: load_function: > successful load of pam_sm_authenticate > Jan 18 10:59:06 systst auth|security:debug login PAM: load_modules: > /opt/samba-4.0.0/lib/security/pam_smbpass.so > Jan 18 10:59:06 systst auth|security:debug login PAM: open_module: > /opt/samba-4.0.0/lib/security/pam_smbpass.so failed: A file or directory in > the path name does not exist. > Jan 18 10:59:06 systst auth|security:err|error login PAM: load_modules: can > not open module /opt/samba-4.0.0/lib/security/pam_smbpass.so > > > However, if I run swat, it'll load > /opt/samba-4.0.0/lib/security/pam_smbpass.so just fine. No, it's not a typo, > and yes, the module is present in that path. > > I don't know what to do. I need to deploy this tomorrow (Saturday), and the > users need to be able to update their Samba passwords when they run passwd, > etc. Replacing the system passwd program with a script that calls both from > absolute paths is not a workable solution, though technically it would work. > > Anyway, any idea why swat can load pam_smbpass.so but not telnetd or passwd? Run ldd on the binary. it will show the unresolved library references. My guess is that things it relies on, are on in the standard library path for the system. Perhaps edit /etc/ld.so.conf to put opt/samba-4.0.0/lib in that path? Normally all that isn't required (we use -rpath when linking), but perhaps that's working for our binaries (eg swat), but not our plugins when loaded by telnet? Anyway, that's how I would start debugging this. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to set ACLs with Samba4 AD?
Hello Lee, I am not sure I understand what is your real need. but If you don't want to use samba-tool, you can use windows explorer to set your acls... assuming you have your file system supporting xattr, you can connect to your share drive from windows with a privileged account like the administrator. and then right click on the folder / property / security. you should be able to set/reset acls for users and groups what I used to do, is create my folder, give full priviledge and even acls (OS level) for all on that folder, and then as Admin on windows, I remove and set privilege for only those who need it. You might need the following under your shared folder in smb.conf: vfs objects = acl_xattr Regards, Inno. De : Lee Allen À : samba@lists.samba.org Envoyé le : Vendredi 18 janvier 2013 22h12 Objet : [Samba] How to set ACLs with Samba4 AD? I apologize if this is very beginner/basic. In my defense, I can't get the Samba4 documentation to compile on my system, and I can't find the man pages online (a pointer to them would be extremely helpful). And in general, I am having difficulty sorting through the documentation on the wiki because much of it is clearly pre-Samba4 and therefore obsolete, or at least questionable. It's hard to know what is relevant. Most of the posts I see here seem to be much better informed than I am. I would love to know how they obtained their knowledge. So here is my question: I am running Samba4 as an AD and file server. How do I define ACLs for the samba shares, for domain users & groups? These users and groups are not defined on the underlying OS (CentOS 6.3). It seems the answer is to do it via the underlying filesystem, but how is that possible when the domain users & groups are not defined in the OS? I see samba-tool has some ACL get/set capability. Is that the answer? Or is there some special magic to get CentOS to control file access by referring to the Samba4 AD? Many thanks in advance for any help. And I would be very grateful for pointers to Samba4 introductory or background material (I have used the HOW-TOs extensively). Lee Allen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] compiling samba for ubuntu 12.4 lts
OK, it worked. I used the git package configuration as described at http://wiki.samba.org/index.php/Samba4/Debian but I had to make some small adjustments. It was unavoidable to use the following packages from the latest ubuntu repositories. I chose to create a local repository with only these debs to stay as close to the lts-version as possible. heimdal-dev_1.6~git20120403+dfsg1-2_amd64.deb heimdal-multidev_1.6~git20120403+dfsg1-2_amd64.deb libasn1-8-heimdal_1.6~git20120403+dfsg1-2_amd64.deb libgssapi3-heimdal_1.6~git20120403+dfsg1-2_amd64.deb libhcrypto4-heimdal_1.6~git20120403+dfsg1-2_amd64.deb libhdb9-heimdal_1.6~git20120403+dfsg1-2_amd64.deb libheimbase1-heimdal_1.6~git20120403+dfsg1-2_amd64.deb libheimntlm0-heimdal_1.6~git20120403+dfsg1-2_amd64.deb libhx509-5-heimdal_1.6~git20120403+dfsg1-2_amd64.deb libkadm5clnt7-heimdal_1.6~git20120403+dfsg1-2_amd64.deb libkadm5srv8-heimdal_1.6~git20120403+dfsg1-2_amd64.deb libkafs0-heimdal_1.6~git20120403+dfsg1-2_amd64.deb libkdc2-heimdal_1.6~git20120403+dfsg1-2_amd64.deb libkrb5-26-heimdal_1.6~git20120403+dfsg1-2_amd64.deb libldb1_1.1.13-1_amd64.deb libldb-dev_1.1.13-1_amd64.deb libtdb1_1.2.10-2_amd64.deb libtdb-dev_1.2.10-2_amd64.deb libtevent0_0.9.17-1_amd64.deb libtevent-dev_0.9.17-1_amd64.deb libwind0-heimdal_1.6~git20120403+dfsg1-2_amd64.deb python-ldb_1.1.13-1_amd64.deb python-ldb-dev_1.1.13-1_amd64.deb python-tdb_1.2.10-2_amd64.deb install dependencies: apt-get install bison docbook-xml docbook-xsl flex heimdal-dev heimdal-multidev libbsd-dev libldb-dev libparse-yapp-perl libsmbclient-dev libsubunit-dev libtalloc-dev libtdb-dev libtevent-dev libwbclient-dev python-all-dev python-ldb python-ldb-dev python-talloc-dev python-tdb python-testtools subunit xsltproc libldb1 libldb-dev libtdb-dev libtevent-dev python-ldb python-ldb-dev python-tdb git clone git://git.debian.org/pkg-samba/samba4 samba4-unstable mv samba4-unstable/debian debian rm -r samba4-unstable vi debian/winbind4.install # remove last line "usr/share/man/man1/ntlm_auth4.1" vi debian/changelog # change to: >> samba (4.0.1-0ubuntu1) unstable; urgency=low * Initial release (Closes: #) -- firstname name Wed, 16 Jan 2013 16:35:18 +0100 << vi debian/control # edit line 3 change Maintainer to: >> Maintainer: Ubuntu Developers << insert line: >> XSBC-Original-Maintainer: Samba Debian Maintainers << vi debian/rules # edit line 84 orig: >> rm $(DESTDIR)/usr/lib/$(DEB_HOST_MULTIARCH)/samba/share/ldb.so << # change to: >> rm -f $(DESTDIR)/usr/lib/$(DEB_HOST_MULTIARCH)/samba/share/ldb.so << # edit line 100 orig: >> dh_install --sourcedir=$(DESTDIR) --list-missing --fail-missing << # change to: >> dh_install --sourcedir=$(DESTDIR) --list-missing << wget http://www.samba.org/samba/ftp/stable/samba-4.0.1.tar.gz cp samba-4.0.1.tar.gz samba_4.0.1.orig.tar.gz tar -xzf samba-4.0.1.tar.gz cd samba-4.0.1 cp -r ../debian . debuild > ../build.log -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] pam_smbpass.so on AIX
Yet another odd one... I've got it set up now so that swat uses pam_smbpass.so, and once a user logs into swat at least once, it'll update their password in the passdb backend configured for Samba. But, I also need to ensure that when a user changes their password via passwd, it also gets updated. I added the following in /etc/security/login.cfg: usw: auth_type = PAM_AUTH and that makes telnetd, passwd, etc all go through pam. However, when I try to log in via telnet or run passwd, I get this in syslog.log: Jan 18 10:59:06 systst auth|security:debug login PAM: load_modules: /usr/lib/security/pam_aix Jan 18 10:59:06 systst auth|security:debug login PAM: load_function: successful load of pam_sm_authenticate Jan 18 10:59:06 systst auth|security:debug login PAM: load_modules: /opt/samba-4.0.0/lib/security/pam_smbpass.so Jan 18 10:59:06 systst auth|security:debug login PAM: open_module: /opt/samba-4.0.0/lib/security/pam_smbpass.so failed: A file or directory in the path name does not exist. Jan 18 10:59:06 systst auth|security:err|error login PAM: load_modules: can not open module /opt/samba-4.0.0/lib/security/pam_smbpass.so However, if I run swat, it'll load /opt/samba-4.0.0/lib/security/pam_smbpass.so just fine. No, it's not a typo, and yes, the module is present in that path. I don't know what to do. I need to deploy this tomorrow (Saturday), and the users need to be able to update their Samba passwords when they run passwd, etc. Replacing the system passwd program with a script that calls both from absolute paths is not a workable solution, though technically it would work. Anyway, any idea why swat can load pam_smbpass.so but not telnetd or passwd? Many thanks! -Ben -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ldap users with users samba
Hello ! I trying sync ldap users with users samba. I´m using a interface, by create ldap users. So, when ldap user be created, i want account e password samba be created. No my smb.conf I put the follow lines: ldap admin dn = cn=admin,dc=def,dc=mg,dc=gov,dc=br ldap group suffix = ou = groups ldap machine suffix = ou = computers ldap passwd sync = yes encrypt passwords = Yes ldap suffix = dc=def,dc=mg,dc=gov,dc=br ldap ssl = no ldap user suffix = ou = defensory smb ports = 445 139 add user script = /usr/sbin/smbldap-useradd -a -m "%u" add group script = /usr/sbin/smbldap-groupadd -p "%g" add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" add machine script = /usr/sbin/smbldap-useradd -w "%u" passwd program = /usr/sbin/smbldap-passwd -s "%u" passdb backend = ldapsam:ldap://10.65.8.95 passdb backend = tdbsam hosts allow = 127.0.0.1, 10.65.8.0/255.255.252.0 pam password change = yes passwd program = /usr/bin/passwd %u I make a configure in sladp.conf: include /etc/ldap/schema/ppolicy.schema moduleload ppolicy.so overlay ppolicy access to attrs=userPassword,shadowLastChange,sambaPwdMustChange,sambaLMPassword,sambaPwdLastSet,sambaNTPassword by dn="cn=admin,dc=def,dc=mg,dc=gov,dc=br" write by anonymous auth by self write by * none The user ldap is done, but samba user is not created. See some logs: Jan 18 16:09:01 defensoria slapd[6210]: conn=2455 fd=50 ACCEPT from IP=10.65.8.95:54507 (IP=0.0.0.0:389) So its bad. root@replica:/etc/ldap# smbclient -L 10.65.8.95 -U xbox Enter xbox's password: session setup failed: NT_STATUS_LOGON_FAILURE Thanks ! Rodrigo Faria Tavares -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] How to set ACLs with Samba4 AD?
I apologize if this is very beginner/basic. In my defense, I can't get the Samba4 documentation to compile on my system, and I can't find the man pages online (a pointer to them would be extremely helpful). And in general, I am having difficulty sorting through the documentation on the wiki because much of it is clearly pre-Samba4 and therefore obsolete, or at least questionable. It's hard to know what is relevant. Most of the posts I see here seem to be much better informed than I am. I would love to know how they obtained their knowledge. So here is my question: I am running Samba4 as an AD and file server. How do I define ACLs for the samba shares, for domain users & groups? These users and groups are not defined on the underlying OS (CentOS 6.3). It seems the answer is to do it via the underlying filesystem, but how is that possible when the domain users & groups are not defined in the OS? I see samba-tool has some ACL get/set capability. Is that the answer? Or is there some special magic to get CentOS to control file access by referring to the Samba4 AD? Many thanks in advance for any help. And I would be very grateful for pointers to Samba4 introductory or background material (I have used the HOW-TOs extensively). Lee Allen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 3 - getting rid of some logfile errors
Jürgen Echter echter-kuechen-elektro.de> writes: > > Hi, > > i have a lot of entries in my logs which i can't solve, but everything > works as expected. > > my setup: > > samba pdc - bacula > samba bdc - mule > Ubuntu 10.04-LTS Server > samba 3.4.7 > > log file entries: > > Aug 1 08:25:40 bacula smbd[23854]: canonicalize_connect_path failed for service alex, path /\\mule\alex > Aug 1 08:25:41 bacula smbd[23854]: [2012/08/01 08:25:41, 0] smbd/service.c:988(make_connection_snum) > Aug 1 08:25:41 bacula smbd[23854]: canonicalize_connect_path failed for service alex, path /\\mule\alex > Aug 1 08:25:44 bacula smbd[24003]: [2012/08/01 08:25:44, 0] lib/util_sock.c:1498(get_peer_addr_internal) > Aug 1 08:25:44 bacula smbd[24003]: getpeername failed. Error was Transport endpoint is not connected > Aug 1 08:25:44 bacula smbd[24003]: [2012/08/01 08:25:44, 0] lib/util_sock.c:743(write_data) > Aug 1 08:25:44 bacula smbd[24003]: [2012/08/01 08:25:44, 0] lib/util_sock.c:1498(get_peer_addr_internal) > Aug 1 08:25:44 bacula smbd[24003]: getpeername failed. Error was Transport endpoint is not connected > Aug 1 08:25:44 bacula smbd[24003]: write_data: write failure in writing to client 0.0.0.0. Error > Connection reset by peer > Aug 1 08:25:44 bacula smbd[24003]: [2012/08/01 08:25:44, 0] smbd/process.c:62(srv_send_smb) > Aug 1 08:25:44 bacula smbd[24003]: Error writing 4 bytes to client. -1. (Transport endpoint is not connected) > Aug 1 08:26:07 bacula smbd[24002]: [2012/08/01 08:26:07, 0] lib/util_sock.c:539(read_fd_with_timeout) > Aug 1 08:26:07 bacula smbd[24002]: [2012/08/01 08:26:07, 0] lib/util_sock.c:1498(get_peer_addr_internal) > Aug 1 08:26:07 bacula smbd[24002]: getpeername failed. Error was Transport endpoint is not connected > Aug 1 08:26:07 bacula smbd[24002]: read_fd_with_timeout: client 0.0.0.0 read error = Connection reset > by peer. > > any hints how to resolve this? > > thanks > > juergen > Hello Juergen, I also have the same exact error messages in SMBD log´s: lib/util_sock.c:1498(get_peer_addr_internal and lib/util_sock.c:539(read_fd_with_timeout) we use Ubuntu Server 10.4 (Samba 3.4.7) Member server everything works ok two...We have an Active Directory 2008 domain Did you get to solve this problems? Vladimiro Sabino -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 classicupgrade to Samba AD
Here is the whole command I am testing: root@telluride:/usr/local/samba# /usr/local/samba/bin/samba-tool domain classicupgrade --dbdir /root/old-samba/ --use-xattrs=yes --realm=ntserv.local /root/old-samba/smb.conf Reading smb.conf Processing section "[netlogon]" Unknown parameter encountered: "share modes" Ignoring unknown parameter "share modes" Provisioning Exporting account policy Exporting groups Exporting users Ignoring group memberships of 'L-LECHUGA$' S-1-5-21-684095783-2094215992-774919444-1995: Unable to enumerate group memberships, (-1073741724,No such user) Ignoring group memberships of 'ahendrickson' S-1-5-21-684095783-2094215992-774919444-1921: Unable to enumerate group memberships, (-1073741724,No such user) .. a whole bunch of similar errors Ignoring group memberships of 'S-GURULE$' S-1-5-21-684095783-2094215992-774919444-1658: Unable to enumerate group memberships, (-1073741724,No such user) Next rid = 6155 Exporting posix attributes Reading WINS database Cannot open wins database, Ignoring: [Errno 2] No such file or directory: '/root/old-samba/wins.dat' lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf Looking up IPv4 addresses Looking up IPv6 addresses No IPv6 address will be assigned Processing section "[netlogon]" Processing section "[sysvol]" Module 'acl_xattr' loaded Setting up secrets.ldb Setting up the registry Setting up the privileges database Setting up idmap db Setting up SAM db Setting up sam.ldb partitions and settings Setting up sam.ldb rootDSE Pre-loading the Samba 4 and AD schema partition_metadata: Migrating partition metadata Adding DomainDN: DC=ntserv,DC=local DN: DC=ntserv,DC=local is a NC Adding configuration container DN: CN=Configuration,DC=ntserv,DC=local is a NC Setting up sam.ldb schema DN: CN=Schema,CN=Configuration,DC=ntserv,DC=local is a NC Setting up sam.ldb configuration data Setting up display specifiers Adding users container Modifying users container Adding computers container Modifying computers container Setting up sam.ldb data Setting up well known security principals Setting up sam.ldb users and groups Setting up self join Setting acl on sysvol skipped Adding DNS accounts Creating CN=MicrosoftDNS,CN=System,DC=ntserv,DC=local Creating DomainDnsZones and ForestDnsZones partitions DN: DC=DomainDnsZones,DC=ntserv,DC=local is a NC DN: DC=ForestDnsZones,DC=ntserv,DC=local is a NC Populating DomainDnsZones and ForestDnsZones partitions Setting up sam.ldb rootDSE marking as synchronized Fixing provision GUIDs A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf Setting up fake yp server settings Once the above files are installed, your Samba4 server will be ready to use Admin password:5]9+V=xFXT9sixJ+o0!4O Server Role: active directory domain controller Hostname: telluride NetBIOS Domain:NTSERV DNS Domain:ntserv.local DOMAIN SID:S-1-5-21-684095783-2094215992-774919444 Importing WINS database Importing Account policy Importing idmap database Processing section "[netlogon]" Processing section "[sysvol]" Importing groups Importing users Adding users to groups Processing section "[netlogon]" Processing section "[sysvol]" idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_INVALID_OWNER. ERROR(runtime): uncaught exception - (-1073741734, 'NT_STATUS_INVALID_OWNER') File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 175, in _run return self.run(*args, **kwargs) File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py", line 1318, in run useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs) File "/usr/local/samba/lib/python2.7/site-packages/samba/upgrade.py", line 926, in upgrade_from_samba3 result.names.domaindn, result.lp, use_ntvfs) File "/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py", line 1476, in setsysvolacl setntacl(lp,sysvol, SYSVOL_ACL, str(domainsid), use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=s4_passdb) File "/usr/local/samba/lib/python2.7/site-packages/samba/ntacls.py", line 154, in setntacl smbd.set_nt_acl(file, security.SECINFO_OWNER | security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd) Thank you again for your help on this. Thanks, Max >>> Andrew Bartlett 1/16/2013 2:24 PM >>> On Wed, 2013-01-16 at 09:23 -0700, Max Olivas wrote: > Is the workaround something I do or something that is fixed in the > newer version? > > Thanks, > Max > > >>> "Max Olivas " 1/15/2013 6:54 AM >>> > Version 4.1.0pre1-GIT-94f11e9 on Ubuntu 12.04 LTS. > > Thanks, > Max > > >>> Andrew Bartlett 1/14/2013 3:01 PM >>> > On Mon, 2013-01-14 at 14:14 -0700, Max Olivas wrote: > > Hey All, > > > > Thanks for the feedback.
Re: [Samba] Samba AD DC initial join fails at schema replication
For the sake of clarity, I was originally operating at forest/domain 2012 levels in this environment. I rolled back to 2008r2 due to an earlier issue. Subject: Re: [Samba] Samba AD DC initial join fails at schema replication On Thu, 2013-01-17 at 13:57 -0800, Matthieu Patou wrote: > On 01/16/2013 06:03 PM, Rican, Joshua T Civ USAF AF ISR Agency > NASIC/SCXE wrote: > > Date: 16Jan2013 > > Samba Version: 4.0.1 > > OS Version: RHEL 6.3 > > Windows OS: Server 2012 > > Forest/Domain: 2008r2 > > Warning: Failed to convert schema object > > CN=ms-DS-Claim-Type,CN=Schema,CN=Configuration, into ldb > > msg > That's a known issue I have a patch for this it was working back in > October and it's in my todo to restest it, ping me in a couple of > days, for the moment you need not to have Windows 2012 schema. > That is to say never join a Windows 2012 server to your domain. Do you mean (a) Do not join a Windows 2012 Server to the domain or (b) do not join a Windows 2012 Server as a Domain Controller in the domain? -- Adam Tauno Williams GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba smime.p7s Description: S/MIME cryptographic signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba AD DC initial join fails at schema replication
On Thu, 2013-01-17 at 13:57 -0800, Matthieu Patou wrote: > On 01/16/2013 06:03 PM, Rican, Joshua T Civ USAF AF ISR Agency > NASIC/SCXE wrote: > > Date: 16Jan2013 > > Samba Version: 4.0.1 > > OS Version: RHEL 6.3 > > Windows OS: Server 2012 > > Forest/Domain: 2008r2 > > Warning: Failed to convert schema object > > CN=ms-DS-Claim-Type,CN=Schema,CN=Configuration, into ldb msg > That's a known issue I have a patch for this it was working back in > October and it's in my todo to restest it, ping me in a couple of days, > for the moment you need not to have Windows 2012 schema. > That is to say never join a Windows 2012 server to your domain. Do you mean (a) Do not join a Windows 2012 Server to the domain or (b) do not join a Windows 2012 Server as a Domain Controller in the domain? -- Adam Tauno Williams GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem joining Samba 4 to an older Samba 4 alpha 17
2013/1/18 Andrew Bartlett > On Fri, 2013-01-18 at 10:11 +0100, Daniel Hedblom wrote: > > Hi there, > > > > Im trying to join a samba 4.0.1 server to an older samba 4 alpha 17 > server. > > Whatever i do the join is interrupted but i dont know what goes wrong. > Dns > > is double checked and correct as is most other stuff. How can i get a > > better view of what is happening than this? Can it be the source domain > > that contains erroneous objects? > > > > My goal is to move the old server to a new one, maybe there are a better > > way of doing this? Suggestions? > > Honestly, upgrading in place is the best way to do this. Backup the old > DC, upgrade in place, and start the 4.0.1 release. The role transfer > stuff isn't as reliable as we would like, whereas in-place is. > > Thanks for answering so fast. Im trying to move to a new hardware at the same time, and the server is not easily upgraded as its an Resara Server with their own packages of Samba4. Not so sure i would be successfull if i upgrade. I would very much prefer if i could move the machine and user accounts somehow without doing nasty stuff to the original server. If i upgrade in place will a subsequent join of another DC be easier then? > Andrew Bartlett > > -- > Andrew Bartletthttp://samba.org/~abartlet/ > Authentication Developer, Samba Team http://samba.org > > > > //danielh -- With best regards, Daniel Hedblom Sysadmin Phone: +46 (0) 620-68 22 02 Mobile: + 46 (0) 70 383 72 44 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problems with smbclient send netbios message
On Wed, 2013-01-16 at 13:11 -0200, José Colzani wrote: > Hi. > > First, sorry by my bad english :) > > I had a samba 3.0 and use a script with smbclient to send messages to 30 > computers in my laboratory. I upgrade to debian squeeze and samba 3.5 and > now i dont use the script command. > > root@escort:~# echo "Testando" | smbclient -NM LAB5-01 -I 192.168.3.200 > Type your message, ending it with a Control-D > cli_message returned NT_STATUS_PIPE_BROKEN > > I finding in samba bugzilla this: > https://bugzilla.samba.org/show_bug.cgi?id=7635 > > When i test with RH 5.9 with samba 3.0 this work, only with samba 3.5 dont > work. > > [root@delorean ~]# smbclient --version > Version 3.0.33-3.39.el5_8 > [root@delorean ~]# echo "Teste" | smbclient -M LAB5-01 -I 192.168.3.200 > Connected. Type your message, ending it with a Control-D > sent 7 bytes > > Please, can anyone helpme? Try Samba 4.0. it is actually tested as part of 'make test' in the 4.0 release, so you may have better luck there. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 Integration With Google
On Wed, 2013-01-16 at 13:59 -0800, Varoujan Avanessians wrote: > Hello everone, > > In my Company we are going through a network redesign and Planning to > retire our Novel edirectory, and Novel Servers and replace them with Samba4 > (Over 150 Servers). We have setup a Samba4 test environment which seems to > be working well so far. We are an organization with multiple locations and > over 1200 users, we are also very heavy users of google apps. I have couple > of questions that I need help with. > > 1- Is it possible to Integrate samba4 with Google Apps for Single sign-on, > I know google has and application that Integrates Microsoft Active > Directory with Google Apps, so I assume it should be possible with Samba4 > too. Has anyone tried and used this feature with success? I think that outputting the password sync would be a custom development task at this point. It will be a very useful feature for others too. > 2- We already have over 1200 accounts on Google. Is there a way to Import > these user accounts into samba4? The hard part will be getting the plaintext passwords. Otherwise, it is mostly a matter of just getting the data into AD-like LDIF files, and adding them. You might be able to instead upgrade your Novell domain into Samba 4.0's AD DC, if it currently backs a Samba 3.x 'classic' domain (or can be made to), or otherwise you should be able to get the plaintext pw from the Novell server with some work. > I would really appreciate any help in this matter and welcome any > additional suggestions that you may have for a Project of this magnitude. This certainly needs a lot of care. What you are proposing would be one of our larger deployments in terms of numbers of users, and is very large in terms of number of servers (almost certainly the largest, if you really want 150 DCs), and will be stretching our replication capabilities. I'll help you however I can, but you may wish to engage some professional support as well. I do wish you all the best. It is great to see folks taking Samba 4.0 as an AD DC to new and exciting places! Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem joining Samba 4 to an older Samba 4 alpha 17
On Fri, 2013-01-18 at 10:11 +0100, Daniel Hedblom wrote: > Hi there, > > Im trying to join a samba 4.0.1 server to an older samba 4 alpha 17 server. > Whatever i do the join is interrupted but i dont know what goes wrong. Dns > is double checked and correct as is most other stuff. How can i get a > better view of what is happening than this? Can it be the source domain > that contains erroneous objects? > > My goal is to move the old server to a new one, maybe there are a better > way of doing this? Suggestions? Honestly, upgrading in place is the best way to do this. Backup the old DC, upgrade in place, and start the 4.0.1 release. The role transfer stuff isn't as reliable as we would like, whereas in-place is. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 DNS: "recursion requested but not available"
On 2013-01-17 19:27, Thomas Simmons wrote: Hi Thomas, > Has this problem been fixed? It looks like the patch referenced above had > issues, but there were no further follow-ups in bugzilla. I'm still trying to figure out why the proposed patch doesn't work. Currently I'm getting a better debugging infrastructure in place for all things DNS, I'm hoping to tackle this issue next. My current state is at https://gitweb.samba.org/?p=kai/samba.git;a=shortlog;h=refs/heads/bug9485 but note that this currently has the same issues as the patch on bug #9485. Cheers, Kai -- Kai Blin Worldforge developer http://www.worldforge.org/ Wine developer http://wiki.winehq.org/KaiBlin Samba team member http://www.samba.org/samba/team/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Request to an old post - Having problem with Samba Internal DNS
Hello all, I have installed Samba on a Cent OS 6.3. I followed the Samba4/HOW-TO. I'm using the samba internal dns. I can join the domain with a Win 7 Client but I have problems with the internal dns. I tried to test/debug the dynamic dns update by the help of the Samba4/HOW-TO. The summary of the error-message: ; TSIG error with server: tsig verify failure Failed nsupdate: 2 Failed update of 21 entries In the archive of the mailing list I found the same error. Unfortunately there is no solution for the problem but the user solved the Problem https://lists.samba.org/archive/samba/2012-October/169446.html Thanks beforehand, Christof -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem joining Samba 4 to an older Samba 4 alpha 17
Hi there, Im trying to join a samba 4.0.1 server to an older samba 4 alpha 17 server. Whatever i do the join is interrupted but i dont know what goes wrong. Dns is double checked and correct as is most other stuff. How can i get a better view of what is happening than this? Can it be the source domain that contains erroneous objects? My goal is to move the old server to a new one, maybe there are a better way of doing this? Suggestions? Error joining to domain: Schema-DN[CN=Schema,CN=Configuration,DC=sesam,DC=lan] objects[402/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=sesam,DC=lan] objects[804/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=sesam,DC=lan] objects[1206/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=sesam,DC=lan] objects[1550/1550] linked_values[0/0] Analyze and apply schema objects Partition[CN=Configuration,DC=sesam,DC=lan] objects[402/1674] linked_values[0/0] Partition[CN=Configuration,DC=sesam,DC=lan] objects[804/1674] linked_values[0/0] Partition[CN=Configuration,DC=sesam,DC=lan] objects[1206/1674] linked_values[0/0] Partition[CN=Configuration,DC=sesam,DC=lan] objects[1608/1674] linked_values[0/0] Partition[CN=Configuration,DC=sesam,DC=lan] objects[1674/1674] linked_values[94/0] Partition[DC=sesam,DC=lan] objects[100/100] linked_values[79/0] Partition[DC=sesam,DC=lan] objects[502/6594] linked_values[0/0] Partition[DC=sesam,DC=lan] objects[904/6594] linked_values[0/0] Partition[DC=sesam,DC=lan] objects[1306/6594] linked_values[0/0] Partition[DC=sesam,DC=lan] objects[1708/6594] linked_values[0/0] Partition[DC=sesam,DC=lan] objects[2110/6594] linked_values[0/0] Partition[DC=sesam,DC=lan] objects[2512/6594] linked_values[0/0] Partition[DC=sesam,DC=lan] objects[2914/6594] linked_values[0/0] Partition[DC=sesam,DC=lan] objects[3316/6594] linked_values[0/0] Partition[DC=sesam,DC=lan] objects[3718/6594] linked_values[0/0] Partition[DC=sesam,DC=lan] objects[4120/6594] linked_values[0/0] Partition[DC=sesam,DC=lan] objects[4522/6594] linked_values[0/0] Partition[DC=sesam,DC=lan] objects[4924/6594] linked_values[0/0] Partition[DC=sesam,DC=lan] objects[5326/6594] linked_values[0/0] Partition[DC=sesam,DC=lan] objects[5728/6594] linked_values[0/0] Partition[DC=sesam,DC=lan] objects[6130/6594] linked_values[0/0] Partition[DC=sesam,DC=lan] objects[6532/6594] linked_values[0/0] Partition[DC=sesam,DC=lan] objects[6694/6594] linked_values[1338/0] Partition[DC=sesam,DC=lan] objects[6694/6594] linked_values[1500/0] Partition[DC=sesam,DC=lan] objects[6694/6594] linked_values[1500/0] Partition[DC=sesam,DC=lan] objects[6694/6594] linked_values[1500/0] Partition[DC=sesam,DC=lan] objects[6694/6594] linked_values[1500/0] Partition[DC=sesam,DC=lan] objects[6694/6594] linked_values[1500/0] Partition[DC=sesam,DC=lan] objects[6694/6594] linked_values[1500/0] Partition[DC=sesam,DC=lan] objects[6694/6594] linked_values[811/0] ERROR(runtime): uncaught exception - (-1073741807, 'NT_STATUS_END_OF_FILE') File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run return self.run(*args, **kwargs) File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 552, in run machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1104, in join_DC ctx.do_join() File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1014, in do_join ctx.join_finalise() File "/usr/lib/python2.7/dist-packages/samba/join.py", line 812, in join_finalise ctx.send_DsReplicaUpdateRefs(nc) File "/usr/lib/python2.7/dist-packages/samba/join.py", line 797, in send_DsReplicaUpdateRefs ctx.drsuapi.DsReplicaUpdateRefs(ctx.drsuapi_handle, 1, r) //danileh -- With best regards, Daniel Hedblom Sysadmin Phone: +46 (0) 620-68 22 02 Mobile: + 46 (0) 70 383 72 44 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba