Re: [Samba] Samba4 Using AD/UNIX attributes for home directory and shell not possible?

[steve]

On 10/08/13 22:23, Markus Gillmeister wrote:

Hi,

I'm would like to use the attributes in AD for home directory
(homeDirectory) and the login shell  (loginShell) for users logging in via
ssh to a linux box.

I added the following parameters in the global-Section of
/etc/samba/smb.conf:
winbind nss info = rfc2307
idmap_ldb:use rfc2307 = yes

Also I set the attributes for a test-user (called tim) with some values.

But when calling getent passwd I got the following result:
...
SHADOW\tim:*:317:100:Tim Testinger:/home/SHADOW/tim:/bin/false

So it seems that winbind is ignoring AD attributes. Is this a bug or did I
misconfigure my samba installation?

Best Regards
Markus



Hi
On the DC, winbind will only read uidNumber and gidNumber. To be able to 
use the whole of rfc2307, use sssd or nss-ldapd.


If you want to use winbind, you will have to install Samba4 on a 
separate machine, domainify it and run it as a file server only. I 
suppose you could then ssh into that instead.

HTH
Steve

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] samba4 + winbind did not work

[Darek Frączkiewicz]

hello,

I have install samba4 on debian whezzy 64-bit  All is working OK, but now I
try to add qoutas to users and this tutorial did not working
https://wiki.samba.org/index.php/Samba4/Winbind

when i write getent passwd i did't see users from AD so e.g.
# id Administrator
 id Administrator: There is no such user


Pozdrowienia
--
dafr32
daf...@gmail.com
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba4 + winbind did not work

[Marc Muehlfeld]

Hello Darek,

Am 11.08.2013 23:02, schrieb Darek Frączkiewicz:

I have install samba4 on debian whezzy 64-bit  All is working OK, but now I
try to add qoutas to users and this tutorial did not working
https://wiki.samba.org/index.php/Samba4/Winbind


have a look at this HowTo
https://wiki.samba.org/index.php/Samba4/Domain_Member
This one works fine here.

I'm not sure about the other one. I haven't compared them. I'll merge 
the two HowTos the next time, when I have time.



* Are your DC and your member both running Samba 4?

* Do you run your DC as AD DC or NT4-style DC?

* If you are retrieving the xIDs via rfc2307, have you filled the unix 
tab in ADUC for the users/groups?


Regards,
Marc
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Create groupmap for BUILTINS

[Mooney, Ed]

Need to create groupmap for BUILTINS: BUILTIN\administrators (SID =
S-1-5-32-544) and BUILTIN\users (SID = S-1-5-32-545). The net groupmap
add with type=builtin did not work. Samba 3 and OS debian.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Win 7 slow browsing issue to SAMBA share

[Robert Guerero]

Hi Team,

Is there a workaround to fix this slow browsing issue to samba share.

we have a ver 3 samba on a solaris box and two users upgraded to win7 from xp 
and now they have issues on slow browsing to their samba home dirs.

Robert
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba 4 with LDAP proxy in DMZ

[Julian Pilfold-Bagwell]

Hi All,

I'm setting up a Samba AD domain which works perfectly with the WIn 7 
server tools and so far everything is going fine.  What has me stumped 
is setting up an LDAP proxy in our DMZ against which I can authenticate 
our email and web services.


I've got port 389 open on my main Samba 4 DC and if I use the domain 
administrator account to bind the proxy, everything works.  In order to 
give a degree of separation however, I've created a user called 
ldapbindacc and have used the server remote admin tools to delegate 
control of the directory server to that user with read only access to 
user and group details.  When I try to access the directory using this 
account, I get the following error message (the password is definitely 
correct):


# ldapsearch -LLL -H ldap://127.0.0.1 -b 
'dc=bordengrammar,dc=kent,dc=sch,dc=uk' -D 
'cn=ldapbindacc,cn=Users,dc=bordengrammar,dc=kent,dc=sch,dc=uk' -W 
'(sAMAccountName=Test.User)'

Enter LDAP Password:
ldap_bind: Invalid credentials (49)
additional info: Simple Bind Failed: NT_STATUS_LOGON_FAILURE

As I'm moving fro Samba 3 to 4, my AD knowledge is limited so I've been 
patching things together from various howto's.  Has anyone succeeded in 
this who can give me some tips.


Thanks,

Julian

--
Borden Grammar School,
Avenue of Remembrance,
Sittingbourne,
Kent,
ME10 4DB.

Tel: 01795 424192


This e-mail is from Borden Grammar School Trust.

This e-mail, together with any files transmitted with it, are confidential, and 
are intended solely for the use of the individual or entity to whom they are 
addressed. Any unauthorised dissemination or
copying of this e-mail or its attachments, and any use or disclosure of any 
information contained in them, is strictly prohibited, and may also be illegal. 
If you are not the intended recipient you must not use, disclose,
distribute, copy, print or relay this e-mail.

Please note that any views expressed by an individual within this e-mail, do 
not necessarily reflect the views of the Borden Grammar School Trust. Borden 
Grammar School Trust has taken reasonable precautions to ensure no
viruses are present in this e-mail, the Academy cannot accept responsibility 
for any loss or damage arising from the use of this e-mail and/or files 
attached.

Registered office: Borden Grammar School, Avenue of Remembrance, Sittingbourne, 
Kent, ME10 4DB

Registered in England: 07827591

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] os level permissions for samba 4 share

[Eduardo Sotomayor]

I read at the samba4 wiki that to setup a samba4 share you need to

 Create a folder that you want to share

# mkdir -p /srv/samba/Demo/

 Add a new share to your smb.conf:

[Demo]
 path = /srv/samba/Demo/
 read only = no


but what about permission at os level? I mean do I have to chmod 770
or chmod 2770 the folder or else?
I read somewhere that it was necessary to chmod 777 but that configuration is 
very unsecure at os level.

thanks
  
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] How to use --simple-bind-dn in samba-tool

[Olivier Nicole]

Thank's Andrew,


 For the record, for other non-AD servers that don't do SASL and so can't
 use -U, --simple-bind-dn takes a DN, so cn=admin,dc=example,dc=com might
 be the admin DN on an OpenLDAP server.

I tried:

  samba-tool user setpassword tata --newpassword=Ghij-1919 -d 10 -H
ldap://fbsd35.cs.ait.ac.th/
--simple-bind-dn=cs=administrator,dc=cs,dc=ait,dc=ac,dc=th

But it is still giving me the same error, so I suspect the DN is not correct.

I could not find any documentation saying what the DN should be.

Best regards,

Olivier
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Restart SMB Applescript for Mac OS X

[Edward Tillitz]

Hello, I am in need of a restart SMB Applescript for Mac OS X.  Some 
applications for Mac such as Filebrowser require the below steps to occur 
before allowing connection to files.  Can you help me with this.

Launch System Preferences.
Click Sharing.
Select the entry File Sharing.
Click the Options... button on the right-hand side.
Untick Share files and folders using SMB (Windows).
Click Done.
Click Options... again.
Tick Share files and folders using SMB (Windows).
Click Done.
Thank you,

Edward Tillitz

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba4 + winbind did not work

[Marc Muehlfeld]

Am 12.08.2013 00:29, schrieb Darek Frączkiewicz:

thank's Marc

i will try tomorow this howto
https://wiki.samba.org/index.__php/Samba4/Domain_Member
https://wiki.samba.org/index.php/Samba4/Domain_Member

I'm going to connect samba4 as AD with 30 windows workstations in my
school. After testing all is OK and works (joining windows, login users,
homedrives, GPO). The last thing is add qoutas to users. I can't do this
yet.



Quotas I haven't tried yet. But at least the winbind stuff should work 
like expected with this HowTo.



Regards,
Marc

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] SAMBA4 High CPU Performance

[Ashok Kumar J]

Hi,

   I taken the replication form the windows 2008 DC. And it is successful
by getting some issues faced on joing the samba DC. After i used the ps aux
command to see the output of the samba instance. suddenly it shows 90% of
CPU consumption.  During the sync rep from the windows DC, i can not
connect with the winbind client. Then i remove the sync with windows DC
rep, then the sync is not happening with the windows DC and the CPU
percentage also come down. Now I can easily join the winbind clients. So it
ensures that if it is high CPU percentage then the winbind is not able to
connect with the samba DC.  How i can control the CPU consumption and sync
rep from windows DC.

-- 
with regards

Ashok Kumar J
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] samba 4.0.x : samba_backup wrong path line 54

[me]

Hello,
(samba 4.0.8 compiled from git source)
Just tried the samba_backup from 
https://wiki.samba.org/index.php/Backup_and_Recovery

line 54 mention :
tdbbackup $ldb
where it should be
/usr/local/samba/bin/tdbbackup $ldb
Thanks for this nice samba version !

electronico
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[SCM] Samba Shared Repository - branch master updated

[Christian Ambach]

The branch, master has been updated
   via  20b64ea waf: replace dependency to libintl with samba_intl
   via  07b3a04 waf: consolidate libintl related checks
   via  a742e87 waf: add --without-gettext option
   via  ce8fbdf waf: fix build on AIX7
  from  9177a0d libcli/auth: add more const to 
spnego_negTokenInit-mechTypes

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 20b64eae75b8809d67b8c2824616996bb4722612
Author: Christian Ambach a...@samba.org
Date:   Thu Aug 1 23:00:21 2013 +0200

waf: replace dependency to libintl with samba_intl

Signed-off-by: Christian Ambach a...@samba.org
Reviewed-by: Andrew Bartlett abart...@samba.org

Autobuild-User(master): Christian Ambach a...@samba.org
Autobuild-Date(master): Mon Aug 12 00:46:34 CEST 2013 on sn-devel-104

commit 07b3a048724a6b41282e1f673aea5ce2c1202a5e
Author: Christian Ambach a...@samba.org
Date:   Thu Aug 1 22:28:05 2013 +0200

waf: consolidate libintl related checks

consolidate the dealing with functions from libintl and the
handling of checking if libiconv is required or not
to a common place in lib/replace

also add a new samba_intl subsystem that has dependencies
on the appropriate set of libraries (libintl, libintl+libiconv or none)
that can be used as a general dependency by code that depends
on the internationalization libraries

Signed-off-by: Christian Ambach a...@samba.org
Reviewed-by: Andrew Bartlett abart...@samba.org

commit a742e87b39bed97ac59f5ec8bff9bf3cedf8b68a
Author: Christian Ambach a...@samba.org
Date:   Tue Jun 25 18:37:35 2013 +0200

waf: add --without-gettext option

Signed-off-by: Christian Ambach a...@samba.org
Reviewed-by: Andrew Bartlett abart...@samba.org

commit ce8fbdf76ee2792d011d9da4d0116f04d9656886
Author: Christian Ambach a...@samba.org
Date:   Thu Jun 20 18:26:04 2013 +0200

waf: fix build on AIX7

the same works for AIX 5,6,7 so leave away the version specifics (as 
autoconf build did)

Signed-off-by: Christian Ambach a...@samba.org
Reviewed-by: Andrew Bartlett abart...@samba.org

---

Summary of changes:
 buildtools/wafsamba/wscript |5 +++-
 lib/replace/wscript |   46 ---
 nsswitch/wscript_build  |2 +-
 source3/wscript |9 +++---
 source3/wscript_build   |2 +-
 source4/heimdal_build/wscript_build |4 +-
 source4/heimdal_build/wscript_configure |4 +--
 7 files changed, 49 insertions(+), 23 deletions(-)


Changeset truncated at 500 lines:

diff --git a/buildtools/wafsamba/wscript b/buildtools/wafsamba/wscript
index 17aef27..fe2e515 100755
--- a/buildtools/wafsamba/wscript
+++ b/buildtools/wafsamba/wscript
@@ -82,6 +82,9 @@ def set_options(opt):
help='additional directory to search for gettext',
action='store', dest='gettext_location', 
default='/usr/local',
match = ['Checking for library intl', 'Checking for header 
libintl.h'])
+opt.add_option('--without-gettext',
+   help=(Disable use of gettext),
+   action=store_true, dest='disable_gettext', default=False)
 
 gr = opt.option_group('developer options')
 
@@ -322,7 +325,7 @@ def configure(conf):
 else:
 conf.env.HAVE_LD_VERSION_SCRIPT = False
 
-if sys.platform == aix5 or sys.platform == aix6:
+if sys.platform.startswith('aix'):
 conf.DEFINE('_ALL_SOURCE', 1, add_to_cflags=True)
 # Might not be needed if ALL_SOURCE is defined
 # conf.DEFINE('_XOPEN_SOURCE', 600, add_to_cflags=True)
diff --git a/lib/replace/wscript b/lib/replace/wscript
index 2117f56..b6fb10b 100644
--- a/lib/replace/wscript
+++ b/lib/replace/wscript
@@ -89,7 +89,7 @@ struct foo bar = { .y = 'X', .x = 1 };
   sys/sockio.h sys/un.h''', together=True)
 conf.CHECK_HEADERS('sys/uio.h ifaddrs.h direct.h dirent.h')
 conf.CHECK_HEADERS('windows.h winsock2.h ws2tcpip.h')
-conf.CHECK_HEADERS('libintl.h errno.h')
+conf.CHECK_HEADERS('errno.h')
 conf.CHECK_HEADERS('gcrypt.h getopt.h iconv.h')
 conf.CHECK_HEADERS('sys/inotify.h memory.h nss.h sasl/sasl.h')
 conf.CHECK_HEADERS('security/pam_appl.h zlib.h asm/unistd.h')
@@ -363,17 +363,41 @@ removeea setea
 headers='netinet/in.h arpa/nameser.h resolv.h')
 
 
-if not conf.CHECK_FUNCS_IN('gettext', 'intl', checklibc=True, 
headers='libintl.h'):
-# Some hosts need lib iconv for linking with lib intl
-# So we try with flags just in case it helps.
-oldflags = conf.env['LDFLAGS_INTL']
-conf.env['LDFLAGS_INTL'] = -liconv
-if not conf.CHECK_LIB('intl'):
-

[SCM] CTDB repository - branch master updated - ctdb-2.3-41-g5e9b1a7

[Amitay Isaacs]

The branch, master has been updated
   via  5e9b1a7e24d058ff88aaa0563db36a804e866fa9 (commit)
   via  867afb247bd8cc86c8d738f051a44cc534cafacf (commit)
   via  44a64d1c388bfe3c3388b191edfaedecfb7bb831 (commit)
   via  9cde47e1a5bf1b9ca3b4da8c2db94caac2b1aa5e (commit)
   via  81d7ce03b28d592a1337639e14d9ea141e20bfff (commit)
   via  d7f6bc3fed2dc61e6e587b4c0ec0ac27d533bbbe (commit)
   via  9e99e0eb072e2b845914ee3896acbc66b96138d7 (commit)
   via  44eb86e6042adb6efe75d2a5528b82a0f21d496d (commit)
   via  ebecc3a18f1cb397a78b56eaf8f752dd5495bcc9 (commit)
   via  68af5405acc123b5a90decd2123e2a02961a8fcf (commit)
  from  824dcec35ec461d78e22b2ea109473b32bfe3972 (commit)

http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=master


- Log -
commit 5e9b1a7e24d058ff88aaa0563db36a804e866fa9
Author: Amitay Isaacs ami...@gmail.com
Date:   Mon Aug 5 17:28:47 2013 +1000

common/io: Keep queue buffer size multiple of 4K

Currently queue buffer size is realloc'd every time we need to extend the
buffer.  Small increments can cause memory fragmentation.  Instead always
extend buffer in multiples of 4K.  This should reduce multiple 
talloc_realloc
calls when there are lots of packets in the socket buffer.

Also, if queue buffer has grown larger than 64K, throw away the buffer once
all the requests in the queue have been processed.  That way queue does not
hold on to large buffers.

Signed-off-by: Amitay Isaacs ami...@gmail.com

commit 867afb247bd8cc86c8d738f051a44cc534cafacf
Author: Martin Schwenke mar...@meltin.net
Date:   Fri Jul 26 13:57:03 2013 +1000

packaging: Allow setting custom release number in RPM spec file

Signed-off-by: Martin Schwenke mar...@meltin.net
Pair-Programmed-With: Amitay Isaacs ami...@gmail.com

commit 44a64d1c388bfe3c3388b191edfaedecfb7bb831
Author: Amitay Isaacs ami...@gmail.com
Date:   Wed Jul 31 15:59:11 2013 +1000

ctdbd: When a record is made sticky, log only once

Instead of logging from ctdb_request_call(), log the message from
ctdb_make_record_sticky().  That way if the record is already sticky, the
message is not repeated unnecessarily.

Signed-off-by: Amitay Isaacs ami...@gmail.com

commit 9cde47e1a5bf1b9ca3b4da8c2db94caac2b1aa5e
Author: Amitay Isaacs ami...@gmail.com
Date:   Mon Jul 15 17:34:31 2013 +1000

ctdbd: Improve high hopcount log messages when request is redirected

Signed-off-by: Amitay Isaacs ami...@gmail.com

commit 81d7ce03b28d592a1337639e14d9ea141e20bfff
Author: Martin Schwenke mar...@meltin.net
Date:   Tue Aug 6 16:11:40 2013 +1000

scripts: Do not run ctdb tool commands when debugging hung init event

CTDB daemon is not ready to accept clients in INIT runstate (init event).
CTDB daemon will start accepting connections in SETUP runstate (setup event)
and later.

Also, minor log formatting changes.

Signed-off-by: Martin Schwenke mar...@meltin.net

commit d7f6bc3fed2dc61e6e587b4c0ec0ac27d533bbbe
Author: Amitay Isaacs ami...@gmail.com
Date:   Mon Aug 5 17:38:42 2013 +1000

ctdbd: Avoid leaking file descriptor if talloc fails

Signed-off-by: Amitay Isaacs ami...@gmail.com

commit 9e99e0eb072e2b845914ee3896acbc66b96138d7
Author: Amitay Isaacs ami...@gmail.com
Date:   Mon Aug 5 14:08:28 2013 +1000

eventscript: Wait for debug hung script to finish or timeout before 
continuing

Currently if the debug hung script takes long time to finish, the subsequent
monitor event can collide with the previous event which is not yet finished.

Signed-off-by: Amitay Isaacs ami...@gmail.com

commit 44eb86e6042adb6efe75d2a5528b82a0f21d496d
Author: Amitay Isaacs ami...@gmail.com
Date:   Fri Aug 2 15:49:06 2013 +1000

eventscripts: Use configured RECLOCK file instead of asking CTDB

On cluster where recovery lock file is not being used, asking CTDB daemon
is unnecessary overhead.  And if CTDB is using recovery file, then changing
configuration without restarting is *stupid*.

Signed-off-by: Amitay Isaacs ami...@gmail.com
Pair-Programmed-With: Martin Schwenke mar...@meltin.net

commit ebecc3a18f1cb397a78b56eaf8f752dd5495bcc9
Author: Amitay Isaacs ami...@gmail.com
Date:   Fri Aug 2 10:54:38 2013 +1000

locking: Do not create multiple lock processes for the same key

If there are multiple lock helper processes waiting for the same record, 
then
it will cause a thundering herd when that record has been unlocked.  So 
avoid
scheduling lock contexts for the same record.  This will also mean that
multiple requests will get queued up behind the same lock context and can be
processed quickly once the lock has been obtained.

Signed-off-by: Amitay Isaacs ami...@gmail.com

commit 68af5405acc123b5a90decd2123e2a02961a8fcf
Author: Amitay Isaacs ami...@gmail.com
Date: