Re: [Samba] Administrative users on domain
Hello Donny, Am 12.07.2013 21:34, schrieb Donny Brooks: On the old domain, which was setup before I got here, our IT section was in an ldap group that allowed us to join PC's to the domain ... http://wiki.samba.org/index.php/Samba_AD_DC_HOWTO/AD_Delegation#Delegating_.27Joining_Computers_to_the_domain.27-permissions ... and when the prompt came up in windows to install software we could log in as ourselves. What do you mean by this? Do you want to have a group of users automatically in the administrator group on your workstations? http://community.spiceworks.com/how_to/show/2123-add-an-active-directory-group-to-the-local-administrator-group-of-workstation-s If you mean something else, please give some more details. Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Fwd: RE: samba4 pdc: Import sudoers active directory schema to ldb
This is a logical assumption that you made here, I tried both ways, but to no avail. At a closer look it seems this schema is incomplete, sudoers cn is missing. Go one step beyond and think what would the base search be when it comes to sudo section in sssd.conf(and mind that we have to index that too, in order to provide better performance for the queries and less scanning of the database). Greetings, George. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Win2003 DC fails to detect Samba 4 DC
I have an (apparently) valid Samba4 DC to which I have transferred all FSMO roles in preparation for running dcpromo and demoting the Win DC. All of the logs look good on the Samba DC and showrepl indicates no errors. Unfortunately, the Win DC does not seem to detect the Samba DC when I attempt to run dcpromo and it throws a nasty warning about AD data being lost. If I run Sites and Services, both DCs show up and are viewable. Also, in Users and Computers, both DCs correctly show up in Domain Controllers. Not sure what to do next. Help appreciated. Thanx, Garth -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Win2003 DC fails to detect Samba 4 DC
Starting over and following a couple of threads on this topic so please ignore. Thanx, Garth On 07/13/2013 08:49 AM, Garth Keesler wrote: I have an (apparently) valid Samba4 DC to which I have transferred all FSMO roles in preparation for running dcpromo and demoting the Win DC. All of the logs look good on the Samba DC and showrepl indicates no errors. Unfortunately, the Win DC does not seem to detect the Samba DC when I attempt to run dcpromo and it throws a nasty warning about AD data being lost. If I run Sites and Services, both DCs show up and are viewable. Also, in Users and Computers, both DCs correctly show up in Domain Controllers. Not sure what to do next. Help appreciated. Thanx, Garth -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4.0.6 update - login issues
Is it possible that this may be related to and fixed by the patch in this bug: https://bugzilla.samba.org/show_bug.cgi?id=9820 - Original Message - From: Kristofer Pettijohn kristo...@cybernetik.net To: Andrew Bartlett abart...@samba.org Cc: samba@lists.samba.org Sent: Thursday, June 13, 2013 12:17:53 AM Subject: Re: [Samba] Samba 4.0.6 update - login issues It happened again. When it happens, it happens at exactly the top of the hour. Same symptoms and results as below. On Jun 11, 2013, at 12:08 AM, Kristofer Pettijohn kristo...@cybernetik.net wrote: blockquote I would need logs and network traces to investigate this further. Could it be a kerberos ticket expiring? Does it still happen if you upgrade a test member server to 3.6 or 4.0 (so we can narrow down the issue)? I have logs (debug 16 from the client) and a network trace. If you would like me to send them somewhere, let me know where you would like them. Received an alert that Radius authentication fails (ntlm) Log into Radius server via ssh, which uses winbind for auth - receive this error: Domain Controller unreachable, using cached credentials instead. Network resources may be unavailable Ran net ads info blockquote [root@durad1 ~]# net ads info LDAP server: 10.9.10.81 LDAP server name: brsad.ad.bigrocksports.com Realm: AD.BIGROCKSPORTS.COM Bind Path: dc=AD,dc=BIGROCKSPORTS,dc=COM LDAP port: 389 Server time: Tue, 11 Jun 2013 00:42:44 EDT KDC server: 10.9.10.81 Server time offset: 0 /blockquote Ran net ads lookup blockquote [root@durad1 ~]# net ads lookup Information for Domain Controller: 10.9.10.81 Response Type: LOGON_SAM_LOGON_RESPONSE_EX GUID: 61b8eb21-20b7-459b-8d7e-224ea1fa85d5 Flags: Is a PDC: yes Is a GC of the forest: yes Is an LDAP server: yes Supports DS: yes Is running a KDC: yes Is running time services: yes Is the closest DC: yes Is writable: yes Has a hardware clock: yes Is a non-domain NC serviced by LDAP server: no Is NT6 DC that has some secrets: no Is NT6 DC that has all secrets: no Forest: ad.bigrocksports.com Domain: ad.bigrocksports.com Domain Controller: brsad.ad.bigrocksports.com Pre-Win2k Domain: BRS Pre-Win2k Hostname: BRSAD Server Site Name : Default-First-Site-Name Client Site Name : Default-First-Site-Name NT Version: 5 LMNT Token: LM20 Token: /blockquote tried a winbind ping blockquote [root@durad1 ~]# wbinfo -p Ping to winbindd succeeded /blockquote id username fails with No such user kinit usern...@ad.bigrocksports.com works. Email server authenticates against LDAP - and that is working without an issue. Restarted winbind on Radius server, did not change failed results ntlm_auth fails blockquote [root@durad1 ~]# /usr/bin/ntlm_auth --request-nt-key --domain= AD.BIGROCKSPORTS.COM --username=kpettijohn --password=password NT_STATUS_NO_LOGON_SERVERS: No logon servers (0xc05e) /blockquote Attempted to leave and re-join the domain: blockquote [root@durad1 samba]# net ads join -U Administrator Enter Administrator's password: Failed to join domain: failed to lookup DC info for domain ' AD.BIGROCKSPORTS.COM ' over rpc: The connection was refused /blockquote Restart samba DC on 10.9.10.81 ( brsad.ad.bigrocksports.com ), and machine can now join and ntlm_auth works. /blockquote -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Win2003 DC fails to detect Samba 4 DC
Well, I read several threads on this issue but none solved what I have going so I'll re-ask the question: Should I be able to join a Samba 4.0.7 server to a Windows 2003R2 AD that has been raised to the forest level of 2003 and then be able to demote the Win DC? As stated below, the Win Admin tools recognize the Samba DC as one of two DCs in the domain but the Win DC will not recognize Samba as such when trying to demote the Win DC. The FSMO roles will move to the Samba server but the DNS MMC will not recognize the Samba DC as a DC either. Is there an easy way to orphan the Win DC after just shutting it down? I'd be willing to do that. Thanx, Garth On 07/13/2013 11:17 AM, Garth Keesler wrote: Starting over and following a couple of threads on this topic so please ignore. Thanx, Garth On 07/13/2013 08:49 AM, Garth Keesler wrote: I have an (apparently) valid Samba4 DC to which I have transferred all FSMO roles in preparation for running dcpromo and demoting the Win DC. All of the logs look good on the Samba DC and showrepl indicates no errors. Unfortunately, the Win DC does not seem to detect the Samba DC when I attempt to run dcpromo and it throws a nasty warning about AD data being lost. If I run Sites and Services, both DCs show up and are viewable. Also, in Users and Computers, both DCs correctly show up in Domain Controllers. Not sure what to do next. Help appreciated. Thanx, Garth -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4.0.6 update - login issues
On Sat, 2013-07-13 at 14:23 -0500, Kristofer Pettijohn wrote: Is it possible that this may be related to and fixed by the patch in this bug: https://bugzilla.samba.org/show_bug.cgi?id=9820 I really need you to tell me that, not the other way around. It seems unlikely however, but you are of course free to test. Sorry, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] About NAS versus Samba
On Wed, Jul 10, 2013 at 9:44 PM, Fernando Lozano ferna...@lozano.eti.br wrote: Hi there, Has anyone tried to configure a NAS server to authenticate users using a Samba PDC, or even a Samba4 DC (AD-compatible) or an IPA server? Given choices, I used NFS. Samba is great for cross compatibility, but CIFS is a very chatty protocol with some longstanding complexities leading to awkward access control in my experience. That said, I've built a render cluster with 200 nodes running a 40 TByte storage setup with Samba 3.x for the Windows clients and NFSv3 for the SuSE users. It worked much better than the commercially funded storage array. (Ran headlong into the 2 TByte storage size issue due to 32-bit fiber optic controllers, but split it into 4 10 TByte arays.) I also did the first published ports of Samba to SunOS 4.1.x, so I've done a *lot* of setups. I'm evaluating replacing some Linux file server for a NAS product, but all them make me nervous when the vendor talks about Active Directory support and nothing else. In theory, many NASes are Linux boxes running samba, so there shouldn't be a problem, except if the web admin interface won't support a samba DC setup and I won't have SSH access to configure the NAS samba myself. So I'm asking if someone there has had any real experience, be it using Fedora, CentOS or RHEL as the Samba3 PDC or Samba4 DC. More building them up from scartch as part of other services. For commercial NAS support, I've been dealing a lot with NetApp, which incorporates a lot of the mirroring and snapshots and high performance issues an off the shefl USB disk storage box won't have. Those do play nicely with Samba, AD, and usually NIS as well. PS: I'm cross-posting because I asked before on the samba mailing list and nobody cared to answer. Or nobody has had any real experience. I'm hoing many sysadmins on the Fedora list also works on companies with RHEL or CentOS and had a real experience to share. []s, Fernando Lozano -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] What great things can a non-windows user do with Samba
On Thu, Jul 11, 2013 at 5:22 PM, steve st...@steve-ss.com wrote: On Thu, 2013-07-11 at 13:46 -0400, Robert Heller wrote: At Thu, 11 Jul 2013 11:52:49 -0400 Steve Litt sl...@troubleshooters.com wrote: Hi all, I ask this question about once a decade. I have about 7 computers, all Linux or BSD. Are there any cool things I can do with Samba, even though I have no Windows computers? Not really. Samba is just a tool to deal with pesky mess-windows machines. On a pure UNIX (Linux, BSD, Solaris, AIX, etc.) LAN, Samba is about as useful as Air Conditioners in Antartica in the middle of the Antartic winter. Hi We network stand alone Linux and xp boxes using s4 AD. As the windows desks break and virus, we replace them with Linux. We have no intention of replacing Samba4 with anything else if the lan becomes pure Linux. The new integrated Kerberos/LDAP management from Samba 4 is better than OpenLDAP, especially with multiple platforms such as MacOS, windows, UNIx, and Linux. It's also handy for testing software for Windows based environments, such as source files that are mixed case but overlapping when put on CIFS, such ag getLen.h and GetLen.h. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] What great things can a non-windows user do with Samba
Robert Heller wrote: At Thu, 11 Jul 2013 11:52:49 -0400 Steve Litt sl...@troubleshooters.com wrote: Hi all, I ask this question about once a decade. I have about 7 computers, all Linux or BSD. Are there any cool things I can do with Samba, even though I have no Windows computers? I haven't done timings against nfs for a while, but when I did, samba was notably faster than NFS... but that was back on 100Mb ether and alot has changed now. My current samba tops out at about 25% of a 20Gbit ether -- it becomes cpu bound due to the windows-design of 1 TCP connection serving all your file system requests. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2013-07-13-1658/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2013-07-13-1658/samba3.stderr http://git.samba.org/autobuild.flakey/2013-07-13-1658/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2013-07-13-1658/samba.stderr http://git.samba.org/autobuild.flakey/2013-07-13-1658/samba.stdout The top commit at the time of the failure was: commit 940395d38bcc348eb5f1be7ba03cd554d9d3bc93 Author: Volker Lendecke v...@samba.org Date: Thu Jul 11 16:22:26 2013 +0200 smbd: Fix a 100% loop at shutdown time In the destructor of fsp-aio_requests[0] we put another request into fsp-aio_requests[0]. Don't overwrite that with TALLOC_FREE. Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Thu Jul 11 20:56:42 CEST 2013 on sn-devel-104