Re: [Samba] python scripting samba

[Gémes Géza]

2013-04-16 01:30 keltezéssel, Geoff Crompton írta:
Can someone point me to some documentation on scripting samba user and 
group management from python? I'd much rather not do this via calls 
out to samba-tool, and if I could do this remotely (via LDAP like 
calls) I'd be even happier.


Cheers,
Geoff

Have a look at the samba-tool code at:
/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/
and
/usr/local/samba/lib/python2.7/site-packages/samba/provision/
There are really good examples of using SAMDb even remote ones.

Regards

Geza Gemes
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Winbind strip domain from username?

[Gémes Géza]

2013-04-15 23:12 keltezéssel, Luc Lalonde írta:

Hello Folks,

This directive works with Samba3 but does not seem to work with Samba-4.0.5:

winbind use default domain = Yes

I want to get a username that does not contain the domain (GIGL).  Instead 
here's what I get:

[root@roquefort ~]# getent passwd | grep GIGL
GIGL\Administrator:*:0:100::/usagers/%U:/bin/bash
GIGL\Guest:*:302:303::/usagers/%U:/bin/bash
GIGL\krbtgt:*:307:100::/usagers/%U:/bin/bash
GIGL\dns-stilton:*:308:100::/usagers/%U:/bin/bash
GIGL\testuser:*:309:100::/usagers/%U:/bin/bash
GIGL\llalonde:*:310:100::/usagers/%U:/bin/bash

How do I remove the 'GIGL\' from the username?  This is causing me problems 
mounting the user's home directory at logon with 'PAM_MOUNT'

What am I missing?

Thank You!


Please attach your smb.conf.

Regards

Geza Gemes
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Problems attaching Windows server as secondary DC.

[Jonis Maurin Ceará]

Should, but doesn't..same error: RPC Server.at least here doesn't
work, only 2008 R2.


2013/4/15 

>
>
> On Mon, 15 Apr 2013, Jonis Maurin Ceará wrote:
>
>  Only Win 2012 DC, 2008 R2 join fine as DC. Same here with fresh install of
>> S4 and Win 2012.
>>
>
> I am trying to join a Windows Server 2012 machine as a secondary DC. This
> should work, right?
>
> Simon
>
>
>
>>
>> 2013/4/15 Friedmar 
>>
>>matthews.eu> writes:
>>>
>>>  I have my Samba4 up and running. I was able to get a Windows 2012 server
 to join the samba4 domain.

 However, I have not been able to get the Windows server to promote
 itself
 to a secondary DC.

 I would appreciate any suggestions on debugging this issue.

 One the Server 2012 machine, in the "prerequisites check", I see the
 following message:
 "Verification or prerequisites for Active Directory preparation failed
 ..
 Exception: THe RPC server is unavailable. ."

>>>
>>>
>>> Simon you are not alone!
>>>
>>> Same here: Ubuntu 13.04 and samba4-4.0.1+dfsg1-1+. This exists since
>>> long time (12.04 and S4 beta).
>>> At present level it seems that Win DC could not join S4 Domains. So you
>>> could
>>> not get ridd of samba4.
>>>
>>> Bug or feature?
>>>
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  
>>> https://lists.samba.org/**mailman/options/samba
>>>
>>>  --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  
>> https://lists.samba.org/**mailman/options/samba
>>
>>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba4 member of an another « Samba4 » domain

[François Lafont]

Le 15/04/2013 04:28, steve a écrit :

> Indeed, for each new user or group you create you always end up with an idmap 
> entry too. What
> 
> idmap_ldb:use rfc2307 = yes
> 
> is saying is 'ignore idmap and give priority to AD'. Of course, the 
> attributes must be there in the first place otherwise it will fall back to 
> idmap again.  Exactly what we are trying to avoid at all costs. I had to 
> prove this to myself by creating a user in AD with rfc2307 stuff and then 
> deleting his entry in idmap. With the
> 
> idmap_ldb:use rfc2307 = yes
> in place then no problem. All his stuff came from AD as expected:) 

Ok. I think it's clear for me now.

> I think we're speaking the same language now.

Yes, thank you for your help Steve. :-)
Bye.

-- 
François Lafont
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] python scripting samba

[Geoff Crompton]

Can someone point me to some documentation on scripting samba user and 
group management from python? I'd much rather not do this via calls out 
to samba-tool, and if I could do this remotely (via LDAP like calls) I'd 
be even happier.


Cheers,
Geoff
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Winbind strip domain from username?

[Luc Lalonde]

Hello Folks,

This directive works with Samba3 but does not seem to work with Samba-4.0.5:

winbind use default domain = Yes

I want to get a username that does not contain the domain (GIGL).  Instead 
here's what I get:

[root@roquefort ~]# getent passwd | grep GIGL
GIGL\Administrator:*:0:100::/usagers/%U:/bin/bash
GIGL\Guest:*:302:303::/usagers/%U:/bin/bash
GIGL\krbtgt:*:307:100::/usagers/%U:/bin/bash
GIGL\dns-stilton:*:308:100::/usagers/%U:/bin/bash
GIGL\testuser:*:309:100::/usagers/%U:/bin/bash
GIGL\llalonde:*:310:100::/usagers/%U:/bin/bash

How do I remove the 'GIGL\' from the username?  This is causing me problems 
mounting the user's home directory at logon with 'PAM_MOUNT'

What am I missing?

Thank You!

-- 
Luc Lalonde, analyste
-
Département de génie informatique:
École polytechnique de Montréal
(514) 340-4711 x5049
luc.lalo...@polymtl.ca
-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Problems attaching Windows server as secondary DC.

[simon+samba]

On Mon, 15 Apr 2013, Jonis Maurin Ceará wrote:


Only Win 2012 DC, 2008 R2 join fine as DC. Same here with fresh install of
S4 and Win 2012.


I am trying to join a Windows Server 2012 machine as a secondary DC. 
This should work, right?


Simon




2013/4/15 Friedmar 


  matthews.eu> writes:


I have my Samba4 up and running. I was able to get a Windows 2012 server
to join the samba4 domain.

However, I have not been able to get the Windows server to promote itself
to a secondary DC.

I would appreciate any suggestions on debugging this issue.

One the Server 2012 machine, in the "prerequisites check", I see the
following message:
"Verification or prerequisites for Active Directory preparation failed
..
Exception: THe RPC server is unavailable. ."



Simon you are not alone!

Same here: Ubuntu 13.04 and samba4-4.0.1+dfsg1-1+. This exists since
long time (12.04 and S4 beta).
At present level it seems that Win DC could not join S4 Domains. So you
could
not get ridd of samba4.

Bug or feature?


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba4 rfc2307 practice and confuse

[Gémes Géza]

2013-04-15 11:51 keltezéssel, d tbsky írta:

2013/4/15 steve 


Yes. To get the rfc2307 info out from the directory you can use winbind,
nslcd or sssd on the client. If you want to get all of the rfc2307
attributes on the DC, your choice is narrowed down to the latter two. As
Geza posted earlier,  winbind can only manage uidNumber and gidNumber.

I've put our nslcd method here:
http://linuxcostablanca.**blogspot.com.es/2013/04/**
ubuntu-client-for-samba4.html
Will post the sssd solution sometime today.
HTH
Steve


  I remeber that samba team suggest to use winbind instead of ldap to
work with samba server, although I don't know why or is it still true for
samba 4 DC. so what's the benefit of winbind?
 since RHEL 6 comes with sssd, I think maybe I will use that instead of
winbind. and thanks a lot for your information!!

Regards,
tbskyd

Winbind strengths:

1. Caching (lot better than nscd)
2. Can get group membership (the SIDs) from PAC (less lookups on the DC)
3. No need for storing plaintext passwords in config files, or create 
other user accounts than the machine account (created at join) and 
storing their keytab.


Probably there are others too (as well as weaknesses)

Regards

Geza Gemes
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Problems attaching Windows server as secondary DC.

[Jonis Maurin Ceará]

Only Win 2012 DC, 2008 R2 join fine as DC. Same here with fresh install of
S4 and Win 2012.


2013/4/15 Friedmar 

>   matthews.eu> writes:
>
> > I have my Samba4 up and running. I was able to get a Windows 2012 server
> > to join the samba4 domain.
> >
> > However, I have not been able to get the Windows server to promote itself
> > to a secondary DC.
> >
> > I would appreciate any suggestions on debugging this issue.
> >
> > One the Server 2012 machine, in the "prerequisites check", I see the
> > following message:
> > "Verification or prerequisites for Active Directory preparation failed
> > ..
> > Exception: THe RPC server is unavailable. ."
>
>
> Simon you are not alone!
>
> Same here: Ubuntu 13.04 and samba4-4.0.1+dfsg1-1+. This exists since
> long time (12.04 and S4 beta).
> At present level it seems that Win DC could not join S4 Domains. So you
> could
> not get ridd of samba4.
>
> Bug or feature?
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Problems attaching Windows server as secondary DC.

[Friedmar]

  matthews.eu> writes:

> I have my Samba4 up and running. I was able to get a Windows 2012 server 
> to join the samba4 domain.
> 
> However, I have not been able to get the Windows server to promote itself 
> to a secondary DC.
> 
> I would appreciate any suggestions on debugging this issue.
> 
> One the Server 2012 machine, in the "prerequisites check", I see the 
> following message:
> "Verification or prerequisites for Active Directory preparation failed 
> ..
> Exception: THe RPC server is unavailable. ."


Simon you are not alone!

Same here: Ubuntu 13.04 and samba4-4.0.1+dfsg1-1+. This exists since
long time (12.04 and S4 beta).
At present level it seems that Win DC could not join S4 Domains. So you could
not get ridd of samba4.

Bug or feature?


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] file share necessary?

[Gémes Géza]

2013-04-15 06:21 keltezéssel, Geoff Crompton írta:

On 15/04/13 14:07, Marc Muehlfeld wrote:

Am 15.04.2013 04:23, schrieb Geoff Crompton:

On
https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO#Setup_a_basic_File_Share 



the instructions says

For the server to be useful you, will need to update it to have at
least one share


What do you need a file share for the server to be useful? Isn't a
domain controller 'useful' to authenticate machines and users even 
if it

doesn't have a file share? I would have thought that this step would be
optional, like the NTP step just above it.


The DC need at least a sysvol and netlogon share.


Regards,
Marc


That makes sense. If you've followed the HOWTO (as I just have) you 
probably already have sysvol and netlogon shares. Does anyone mind if 
I mark the 'Setup a basic File Share' as optional, and add some notes 
that the sysvol and netlogon shares are needed for a domain 
controller, but users should feel free to add their own if they desire?


Cheers,
Geoff

+1 from me

Regards

Geza Gemes
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] LDAP (Schemas,Users) to Samba4 migration

[alxgrb]

Thanks for your help Andrew!
It works perfectly.

see messages:

>>> cat simpleuser2samba.ldif 
dn: cn=firstuser,cn=Users,dc=demo,dc=lan
objectclass: user
sAMAccountName: firstuser

>>> /usr/local/samba/bin/ldbadd -H /usr/local/samba/private/sam.ldb
>>> simpleuser2samba.ldif
Added 1 records successfully

>>> /usr/local/samba/bin/samba-tool user list
Administrator
dns-ubsrv
firstuser
demouser
testuser
alxgrb
krbtgt
Guest
alex


Many thanks again,
Alexander




--
View this message in context: 
http://samba.2283325.n4.nabble.com/LDAP-Schemas-Users-to-Samba4-migration-tp4646168p4646806.html
Sent from the Samba - General mailing list archive at Nabble.com.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba4 rfc2307 practice and confuse

[d tbsky]

2013/4/15 steve 

> Yes. To get the rfc2307 info out from the directory you can use winbind,
> nslcd or sssd on the client. If you want to get all of the rfc2307
> attributes on the DC, your choice is narrowed down to the latter two. As
> Geza posted earlier,  winbind can only manage uidNumber and gidNumber.
>
> I've put our nslcd method here:
> http://linuxcostablanca.**blogspot.com.es/2013/04/**
> ubuntu-client-for-samba4.html
> Will post the sssd solution sometime today.
> HTH
> Steve
>

 I remeber that samba team suggest to use winbind instead of ldap to
work with samba server, although I don't know why or is it still true for
samba 4 DC. so what's the benefit of winbind?
since RHEL 6 comes with sssd, I think maybe I will use that instead of
winbind. and thanks a lot for your information!!

Regards,
tbskyd
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba4 rfc2307 practice and confuse

[steve]

On 15/04/13 11:07, d tbsky wrote:


so you mean with samba 4 as DC and samba 3.x as winbind client, you can
get correct rfc2307 gidnumber(and working getent group)?
Yes. To get the rfc2307 info out from the directory you can use winbind, 
nslcd or sssd on the client. If you want to get all of the rfc2307 
attributes on the DC, your choice is narrowed down to the latter two. As 
Geza posted earlier,  winbind can only manage uidNumber and gidNumber.


I've put our nslcd method here:
http://linuxcostablanca.blogspot.com.es/2013/04/ubuntu-client-for-samba4.html
Will post the sssd solution sometime today.
HTH
Steve

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba4 rfc2307 practice and confuse

[d tbsky]

2013/4/14 Gémes Géza 

>
> Unfortunately the winbind implementation samba as an AD DC uses (the one
> in the samba binary) is not able to read other posix information from AD
> other than the uidNumber and gidNumber.


   I think I can live with that since we use it only for a few people. but
the broken
"template homedir"  seems a bug to me. or is it limited by something else
also?


> I have read many times complaints like this, it seems, that some
> distributions/relases bundle a version of samba, that has some bugs, a
> similar setup (just the ranges are different) works for me using ubuntu
> 12.04.
>

   so you mean with samba 4 as DC and samba 3.x as winbind client, you can
get correct rfc2307 gidnumber(and working getent group)?

   I don't think samba 3.x comes with RHEL has this kind of bug,since they
already have detailed document abount how to link to Active Directory. and
I also tried the lasted binary rpm at samba web site, the behavior is the
same.

I think the problem is at server side. I use microsoft remote
administration tool(ADUC) under windows 7 to managent the domain rfc2307
settings, I think maybe that's problem. since samba  minic microsoft AD,
use microsoft tool to manage it looks reasonable, even samba AC DC HOWTO
suggest it. but it seems few people in this email list use that tool?

   and today I found another interesting bug/featuer with windows ADUC. my
short domain name is "DOM", and if I create a group who's namd is "dom",
samba4 DC will be angry. the
"getent group" at samba4 DC will refuse to return this entry, and all the
entries created after that (has larger xidnumber) will also disappear. as
long as I rename the group to something else, "getent group" will become
normal.

since there are so many strange behaviors, I don't know what's the best
practice to treat samba 4 DC. but I am glad that at least some people in
the email list do have a working environment. maybe I can find out what's
my problem one day.

thanks a lot.

Regards,
tbskyd





>
> Geza Gemes
>
>>
>> Regards,
>> tbskyd
>>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  
> https://lists.samba.org/**mailman/options/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] [samba4] crash of winbind after "ls -l /usr/local/samba/var/locks/sysvol"

[François Lafont]

Le 14/04/2013 13:51, François Lafont a écrit :
 
>> I'm going to search, meanwhile, here is the ouput of the "samba -i -M single 
>> -d 10" command during the "ls -l /usr/local/samba/var/locks/sysvol/" problem.
> 
> Ooups! Sorry I have forgotten the url address:
> http://sisco.laf.free.fr/codes/samba4_gid_300.log

Will that information be enough? Or should I provide other things?

-- 
François Lafont
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Sysvol replication

[Daniel Müller]

For my interest!? What are your issues about gluster not working replicating
sysvol?

Greetings
 
Daniel

---
EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: muel...@tropenklinik.de
Internet: www.tropenklinik.de
---
-Ursprüngliche Nachricht-
Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im
Auftrag von Jim Potter
Gesendet: Sonntag, 14. April 2013 22:34
An: samba
Betreff: [Samba] Sysvol replication

Hi all,

Has anyone actually got sysvol replication working between 2 (or more)
Samba4 DCs? I've tried gluster, inosync, csync and rsync and keep getting
stuck on issues with the extended attributes.

Is there a roadmap or any clues of a date when MSFRS or DFS replication will
be part of Samb4?

thanks again,

Jim
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba