Re: [Samba] Samba4 Using AD/UNIX attributes for home directory and shell not possible?
On 10/08/13 22:23, Markus Gillmeister wrote: Hi, I'm would like to use the attributes in AD for home directory (homeDirectory) and the login shell (loginShell) for users logging in via ssh to a linux box. I added the following parameters in the global-Section of /etc/samba/smb.conf: winbind nss info = rfc2307 idmap_ldb:use rfc2307 = yes Also I set the attributes for a test-user (called tim) with some values. But when calling getent passwd I got the following result: ... SHADOW\tim:*:317:100:Tim Testinger:/home/SHADOW/tim:/bin/false So it seems that winbind is ignoring AD attributes. Is this a bug or did I misconfigure my samba installation? Best Regards Markus Hi On the DC, winbind will only read uidNumber and gidNumber. To be able to use the whole of rfc2307, use sssd or nss-ldapd. If you want to use winbind, you will have to install Samba4 on a separate machine, domainify it and run it as a file server only. I suppose you could then ssh into that instead. HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba4 + winbind did not work
hello, I have install samba4 on debian whezzy 64-bit All is working OK, but now I try to add qoutas to users and this tutorial did not working https://wiki.samba.org/index.php/Samba4/Winbind when i write getent passwd i did't see users from AD so e.g. # id Administrator id Administrator: There is no such user Pozdrowienia -- dafr32 daf...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4 + winbind did not work
Hello Darek, Am 11.08.2013 23:02, schrieb Darek Frączkiewicz: I have install samba4 on debian whezzy 64-bit All is working OK, but now I try to add qoutas to users and this tutorial did not working https://wiki.samba.org/index.php/Samba4/Winbind have a look at this HowTo https://wiki.samba.org/index.php/Samba4/Domain_Member This one works fine here. I'm not sure about the other one. I haven't compared them. I'll merge the two HowTos the next time, when I have time. * Are your DC and your member both running Samba 4? * Do you run your DC as AD DC or NT4-style DC? * If you are retrieving the xIDs via rfc2307, have you filled the unix tab in ADUC for the users/groups? Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Create groupmap for BUILTINS
Need to create groupmap for BUILTINS: BUILTIN\administrators (SID = S-1-5-32-544) and BUILTIN\users (SID = S-1-5-32-545). The net groupmap add with type=builtin did not work. Samba 3 and OS debian. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Win 7 slow browsing issue to SAMBA share
Hi Team, Is there a workaround to fix this slow browsing issue to samba share. we have a ver 3 samba on a solaris box and two users upgraded to win7 from xp and now they have issues on slow browsing to their samba home dirs. Robert -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4 with LDAP proxy in DMZ
Hi All, I'm setting up a Samba AD domain which works perfectly with the WIn 7 server tools and so far everything is going fine. What has me stumped is setting up an LDAP proxy in our DMZ against which I can authenticate our email and web services. I've got port 389 open on my main Samba 4 DC and if I use the domain administrator account to bind the proxy, everything works. In order to give a degree of separation however, I've created a user called ldapbindacc and have used the server remote admin tools to delegate control of the directory server to that user with read only access to user and group details. When I try to access the directory using this account, I get the following error message (the password is definitely correct): # ldapsearch -LLL -H ldap://127.0.0.1 -b 'dc=bordengrammar,dc=kent,dc=sch,dc=uk' -D 'cn=ldapbindacc,cn=Users,dc=bordengrammar,dc=kent,dc=sch,dc=uk' -W '(sAMAccountName=Test.User)' Enter LDAP Password: ldap_bind: Invalid credentials (49) additional info: Simple Bind Failed: NT_STATUS_LOGON_FAILURE As I'm moving fro Samba 3 to 4, my AD knowledge is limited so I've been patching things together from various howto's. Has anyone succeeded in this who can give me some tips. Thanks, Julian -- Borden Grammar School, Avenue of Remembrance, Sittingbourne, Kent, ME10 4DB. Tel: 01795 424192 This e-mail is from Borden Grammar School Trust. This e-mail, together with any files transmitted with it, are confidential, and are intended solely for the use of the individual or entity to whom they are addressed. Any unauthorised dissemination or copying of this e-mail or its attachments, and any use or disclosure of any information contained in them, is strictly prohibited, and may also be illegal. If you are not the intended recipient you must not use, disclose, distribute, copy, print or relay this e-mail. Please note that any views expressed by an individual within this e-mail, do not necessarily reflect the views of the Borden Grammar School Trust. Borden Grammar School Trust has taken reasonable precautions to ensure no viruses are present in this e-mail, the Academy cannot accept responsibility for any loss or damage arising from the use of this e-mail and/or files attached. Registered office: Borden Grammar School, Avenue of Remembrance, Sittingbourne, Kent, ME10 4DB Registered in England: 07827591 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] os level permissions for samba 4 share
I read at the samba4 wiki that to setup a samba4 share you need to Create a folder that you want to share # mkdir -p /srv/samba/Demo/ Add a new share to your smb.conf: [Demo] path = /srv/samba/Demo/ read only = no but what about permission at os level? I mean do I have to chmod 770 or chmod 2770 the folder or else? I read somewhere that it was necessary to chmod 777 but that configuration is very unsecure at os level. thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to use --simple-bind-dn in samba-tool
Thank's Andrew, For the record, for other non-AD servers that don't do SASL and so can't use -U, --simple-bind-dn takes a DN, so cn=admin,dc=example,dc=com might be the admin DN on an OpenLDAP server. I tried: samba-tool user setpassword tata --newpassword=Ghij-1919 -d 10 -H ldap://fbsd35.cs.ait.ac.th/ --simple-bind-dn=cs=administrator,dc=cs,dc=ait,dc=ac,dc=th But it is still giving me the same error, so I suspect the DN is not correct. I could not find any documentation saying what the DN should be. Best regards, Olivier -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Restart SMB Applescript for Mac OS X
Hello, I am in need of a restart SMB Applescript for Mac OS X. Some applications for Mac such as Filebrowser require the below steps to occur before allowing connection to files. Can you help me with this. Launch System Preferences. Click Sharing. Select the entry File Sharing. Click the Options... button on the right-hand side. Untick Share files and folders using SMB (Windows). Click Done. Click Options... again. Tick Share files and folders using SMB (Windows). Click Done. Thank you, Edward Tillitz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4 + winbind did not work
Am 12.08.2013 00:29, schrieb Darek Frączkiewicz: thank's Marc i will try tomorow this howto https://wiki.samba.org/index.__php/Samba4/Domain_Member https://wiki.samba.org/index.php/Samba4/Domain_Member I'm going to connect samba4 as AD with 30 windows workstations in my school. After testing all is OK and works (joining windows, login users, homedrives, GPO). The last thing is add qoutas to users. I can't do this yet. Quotas I haven't tried yet. But at least the winbind stuff should work like expected with this HowTo. Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] SAMBA4 High CPU Performance
Hi, I taken the replication form the windows 2008 DC. And it is successful by getting some issues faced on joing the samba DC. After i used the ps aux command to see the output of the samba instance. suddenly it shows 90% of CPU consumption. During the sync rep from the windows DC, i can not connect with the winbind client. Then i remove the sync with windows DC rep, then the sync is not happening with the windows DC and the CPU percentage also come down. Now I can easily join the winbind clients. So it ensures that if it is high CPU percentage then the winbind is not able to connect with the samba DC. How i can control the CPU consumption and sync rep from windows DC. -- with regards Ashok Kumar J -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba 4.0.x : samba_backup wrong path line 54
Hello, (samba 4.0.8 compiled from git source) Just tried the samba_backup from https://wiki.samba.org/index.php/Backup_and_Recovery line 54 mention : tdbbackup $ldb where it should be /usr/local/samba/bin/tdbbackup $ldb Thanks for this nice samba version ! electronico -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 20b64ea waf: replace dependency to libintl with samba_intl via 07b3a04 waf: consolidate libintl related checks via a742e87 waf: add --without-gettext option via ce8fbdf waf: fix build on AIX7 from 9177a0d libcli/auth: add more const to spnego_negTokenInit-mechTypes http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 20b64eae75b8809d67b8c2824616996bb4722612 Author: Christian Ambach a...@samba.org Date: Thu Aug 1 23:00:21 2013 +0200 waf: replace dependency to libintl with samba_intl Signed-off-by: Christian Ambach a...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Christian Ambach a...@samba.org Autobuild-Date(master): Mon Aug 12 00:46:34 CEST 2013 on sn-devel-104 commit 07b3a048724a6b41282e1f673aea5ce2c1202a5e Author: Christian Ambach a...@samba.org Date: Thu Aug 1 22:28:05 2013 +0200 waf: consolidate libintl related checks consolidate the dealing with functions from libintl and the handling of checking if libiconv is required or not to a common place in lib/replace also add a new samba_intl subsystem that has dependencies on the appropriate set of libraries (libintl, libintl+libiconv or none) that can be used as a general dependency by code that depends on the internationalization libraries Signed-off-by: Christian Ambach a...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit a742e87b39bed97ac59f5ec8bff9bf3cedf8b68a Author: Christian Ambach a...@samba.org Date: Tue Jun 25 18:37:35 2013 +0200 waf: add --without-gettext option Signed-off-by: Christian Ambach a...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit ce8fbdf76ee2792d011d9da4d0116f04d9656886 Author: Christian Ambach a...@samba.org Date: Thu Jun 20 18:26:04 2013 +0200 waf: fix build on AIX7 the same works for AIX 5,6,7 so leave away the version specifics (as autoconf build did) Signed-off-by: Christian Ambach a...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org --- Summary of changes: buildtools/wafsamba/wscript |5 +++- lib/replace/wscript | 46 --- nsswitch/wscript_build |2 +- source3/wscript |9 +++--- source3/wscript_build |2 +- source4/heimdal_build/wscript_build |4 +- source4/heimdal_build/wscript_configure |4 +-- 7 files changed, 49 insertions(+), 23 deletions(-) Changeset truncated at 500 lines: diff --git a/buildtools/wafsamba/wscript b/buildtools/wafsamba/wscript index 17aef27..fe2e515 100755 --- a/buildtools/wafsamba/wscript +++ b/buildtools/wafsamba/wscript @@ -82,6 +82,9 @@ def set_options(opt): help='additional directory to search for gettext', action='store', dest='gettext_location', default='/usr/local', match = ['Checking for library intl', 'Checking for header libintl.h']) +opt.add_option('--without-gettext', + help=(Disable use of gettext), + action=store_true, dest='disable_gettext', default=False) gr = opt.option_group('developer options') @@ -322,7 +325,7 @@ def configure(conf): else: conf.env.HAVE_LD_VERSION_SCRIPT = False -if sys.platform == aix5 or sys.platform == aix6: +if sys.platform.startswith('aix'): conf.DEFINE('_ALL_SOURCE', 1, add_to_cflags=True) # Might not be needed if ALL_SOURCE is defined # conf.DEFINE('_XOPEN_SOURCE', 600, add_to_cflags=True) diff --git a/lib/replace/wscript b/lib/replace/wscript index 2117f56..b6fb10b 100644 --- a/lib/replace/wscript +++ b/lib/replace/wscript @@ -89,7 +89,7 @@ struct foo bar = { .y = 'X', .x = 1 }; sys/sockio.h sys/un.h''', together=True) conf.CHECK_HEADERS('sys/uio.h ifaddrs.h direct.h dirent.h') conf.CHECK_HEADERS('windows.h winsock2.h ws2tcpip.h') -conf.CHECK_HEADERS('libintl.h errno.h') +conf.CHECK_HEADERS('errno.h') conf.CHECK_HEADERS('gcrypt.h getopt.h iconv.h') conf.CHECK_HEADERS('sys/inotify.h memory.h nss.h sasl/sasl.h') conf.CHECK_HEADERS('security/pam_appl.h zlib.h asm/unistd.h') @@ -363,17 +363,41 @@ removeea setea headers='netinet/in.h arpa/nameser.h resolv.h') -if not conf.CHECK_FUNCS_IN('gettext', 'intl', checklibc=True, headers='libintl.h'): -# Some hosts need lib iconv for linking with lib intl -# So we try with flags just in case it helps. -oldflags = conf.env['LDFLAGS_INTL'] -conf.env['LDFLAGS_INTL'] = -liconv -if not conf.CHECK_LIB('intl'): -
[SCM] CTDB repository - branch master updated - ctdb-2.3-41-g5e9b1a7
The branch, master has been updated via 5e9b1a7e24d058ff88aaa0563db36a804e866fa9 (commit) via 867afb247bd8cc86c8d738f051a44cc534cafacf (commit) via 44a64d1c388bfe3c3388b191edfaedecfb7bb831 (commit) via 9cde47e1a5bf1b9ca3b4da8c2db94caac2b1aa5e (commit) via 81d7ce03b28d592a1337639e14d9ea141e20bfff (commit) via d7f6bc3fed2dc61e6e587b4c0ec0ac27d533bbbe (commit) via 9e99e0eb072e2b845914ee3896acbc66b96138d7 (commit) via 44eb86e6042adb6efe75d2a5528b82a0f21d496d (commit) via ebecc3a18f1cb397a78b56eaf8f752dd5495bcc9 (commit) via 68af5405acc123b5a90decd2123e2a02961a8fcf (commit) from 824dcec35ec461d78e22b2ea109473b32bfe3972 (commit) http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=master - Log - commit 5e9b1a7e24d058ff88aaa0563db36a804e866fa9 Author: Amitay Isaacs ami...@gmail.com Date: Mon Aug 5 17:28:47 2013 +1000 common/io: Keep queue buffer size multiple of 4K Currently queue buffer size is realloc'd every time we need to extend the buffer. Small increments can cause memory fragmentation. Instead always extend buffer in multiples of 4K. This should reduce multiple talloc_realloc calls when there are lots of packets in the socket buffer. Also, if queue buffer has grown larger than 64K, throw away the buffer once all the requests in the queue have been processed. That way queue does not hold on to large buffers. Signed-off-by: Amitay Isaacs ami...@gmail.com commit 867afb247bd8cc86c8d738f051a44cc534cafacf Author: Martin Schwenke mar...@meltin.net Date: Fri Jul 26 13:57:03 2013 +1000 packaging: Allow setting custom release number in RPM spec file Signed-off-by: Martin Schwenke mar...@meltin.net Pair-Programmed-With: Amitay Isaacs ami...@gmail.com commit 44a64d1c388bfe3c3388b191edfaedecfb7bb831 Author: Amitay Isaacs ami...@gmail.com Date: Wed Jul 31 15:59:11 2013 +1000 ctdbd: When a record is made sticky, log only once Instead of logging from ctdb_request_call(), log the message from ctdb_make_record_sticky(). That way if the record is already sticky, the message is not repeated unnecessarily. Signed-off-by: Amitay Isaacs ami...@gmail.com commit 9cde47e1a5bf1b9ca3b4da8c2db94caac2b1aa5e Author: Amitay Isaacs ami...@gmail.com Date: Mon Jul 15 17:34:31 2013 +1000 ctdbd: Improve high hopcount log messages when request is redirected Signed-off-by: Amitay Isaacs ami...@gmail.com commit 81d7ce03b28d592a1337639e14d9ea141e20bfff Author: Martin Schwenke mar...@meltin.net Date: Tue Aug 6 16:11:40 2013 +1000 scripts: Do not run ctdb tool commands when debugging hung init event CTDB daemon is not ready to accept clients in INIT runstate (init event). CTDB daemon will start accepting connections in SETUP runstate (setup event) and later. Also, minor log formatting changes. Signed-off-by: Martin Schwenke mar...@meltin.net commit d7f6bc3fed2dc61e6e587b4c0ec0ac27d533bbbe Author: Amitay Isaacs ami...@gmail.com Date: Mon Aug 5 17:38:42 2013 +1000 ctdbd: Avoid leaking file descriptor if talloc fails Signed-off-by: Amitay Isaacs ami...@gmail.com commit 9e99e0eb072e2b845914ee3896acbc66b96138d7 Author: Amitay Isaacs ami...@gmail.com Date: Mon Aug 5 14:08:28 2013 +1000 eventscript: Wait for debug hung script to finish or timeout before continuing Currently if the debug hung script takes long time to finish, the subsequent monitor event can collide with the previous event which is not yet finished. Signed-off-by: Amitay Isaacs ami...@gmail.com commit 44eb86e6042adb6efe75d2a5528b82a0f21d496d Author: Amitay Isaacs ami...@gmail.com Date: Fri Aug 2 15:49:06 2013 +1000 eventscripts: Use configured RECLOCK file instead of asking CTDB On cluster where recovery lock file is not being used, asking CTDB daemon is unnecessary overhead. And if CTDB is using recovery file, then changing configuration without restarting is *stupid*. Signed-off-by: Amitay Isaacs ami...@gmail.com Pair-Programmed-With: Martin Schwenke mar...@meltin.net commit ebecc3a18f1cb397a78b56eaf8f752dd5495bcc9 Author: Amitay Isaacs ami...@gmail.com Date: Fri Aug 2 10:54:38 2013 +1000 locking: Do not create multiple lock processes for the same key If there are multiple lock helper processes waiting for the same record, then it will cause a thundering herd when that record has been unlocked. So avoid scheduling lock contexts for the same record. This will also mean that multiple requests will get queued up behind the same lock context and can be processed quickly once the lock has been obtained. Signed-off-by: Amitay Isaacs ami...@gmail.com commit 68af5405acc123b5a90decd2123e2a02961a8fcf Author: Amitay Isaacs ami...@gmail.com Date: