Re[2]: [Samba] FreeBSD and Winbind
Where did you find the genent? I installed from the port but I didn't find the genent in my FreeBSD system. Thanks ALex On Thu, 8 Feb 2007 01:30:36 - (GMT) [EMAIL PROTECTED] wrote: > > On Thursday 08 February 2007 10:44, [EMAIL PROTECTED] wrote: > >> To be more specific I think I have made a mistake copying the libraries > >> to > >> the proper location. I was not able to find libnss_winbind.so in > >> /usr/samba/source/nsswitch. Instead, I found nss_winbind.so. Is this > >> the > >> correct file to copy? And, where should these files be copied to on > >> FreeBSD? From what I have read so far, I am guessing these should be > >> copied to /usr/lib. > > > > Why aren't you using the port? It should Just Work(tm). > > > > You can keep the nss shared object in /usr/local/lib because FreeBSD will > > mount the disks very early on. > > > >> My nsswitch has the following configuration > >> passwd: files winbind > >> group: files winbind > >> group_compat: nis > >> hosts: files dns > >> networks: files > >> passwd_compat: nis > >> shells: files > > > > Try removing the _compat entries. > > For LDAP I have this.. > > group: files ldap > > hosts: files dns > > networks: files > > passwd: files ldap > > shells: files > > > > And getent works fine. You could try cranking up debugging in Winbindd too > > (not that I've ever used it) > > > > -- > > Daniel O'Connor software and network engineer > > for Genesis Software - http://www.gsoft.com.au > > "The nice thing about standards is that there > > are so many of them to choose from." > > -- Andrew Tanenbaum > > GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C > > > > Unfortunately, some things came up and I going to be here for a while. > So, I changed the debug level on winbindd to 5. Wow, there is a lot > logged! > > When I use wbinfo -u or wbinfo -g, I can see a request to the DC and > information being retrieved. However, when I use getent passwd or getent > group, nothing is logged by winbindd. Does this mean the request is not > getting to winbindd? > > Thanks, > > > Jay > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re[2]: [Samba] Problems accessing a Samba share while logged into an AD domain....
see below On Wed, 7 Feb 2007 09:14:30 -0800 (PST) Sukanta Ganguly <[EMAIL PROTECTED]> wrote: > Alex, >This is my smb.conf file content. > > > > [global] > workgroup = SMOKIN > # map to guest = Bad User > idmap gid = 1-2 > idmap uid = 1-2 > realm = SMOKIN.NET > security = ADS > usershare max shares = 100 > winbind refresh tickets = yes > server string = Suse-vm2 > netbios name = Suse-vm2 > log level = 3 > log file = /var/log/samba/%m > max log size = 50 > winbind separator = + by Alex < here is + for winbind separator > encrypt passwords = yes > preferred master = no > template homedir = /home/%D/%U > template shell = /bin/bash > [data] > comment = Data > path = /Data > browseable = Yes > read only = No > inherit acls = Yes > valid users = SMOKIN\administrator SMOKIN\user1 SMOKIN\user2 > write list = SMOKIN\Administrator by Alex Here you use "\" as separator > > > > The Linux box runs Suse 10.1 and is names Suse-vm2 in the domain. "/Data" is > a directory where access needs to be provided. > > What am I doing wrong here? > > Thanks for your help > > -S- > > > > - Original Message > From: Alex Wang <[EMAIL PROTECTED]> > To: Sukanta Ganguly <[EMAIL PROTECTED]> > Sent: Tuesday, February 6, 2007 5:52:09 PM > Subject: Re: [Samba] Problems accessing a Samba share while logged into an AD > domain... > > > You better post some kind of samba setting. There are too many reason > for that problem > > > Alex > On Tue, 6 Feb 2007 17:30:06 -0800 (PST) > Sukanta Ganguly <[EMAIL PROTECTED]> wrote: > > > Hi, > >I am having some problems a Samba server logged into an Active Directory > > Domain, acting as PDC on Windows 2003 server. When I log into the AD domain > > from my XP machine, I see the Linux server, which has also logged into the > > AD server and exported a few shares. From XP i see the share in explorer > > but when I try to access it it pops up a login/password box for me. When I > > enter the login id and password (which is my login id and password for the > > AD domain, which it should not ask as I am already logged into the domain), > > it tells me that it is incorrect. > >Do you what I have done wrong here? > >If I am not logged into that particular AD domain where in the > > Linux/Samba server is loged and I try to access the Linux box from outside > > it works. What is the difference here? It still askes me for the Login id > > and password which is the AD login id and password (It should ask in this > > case as I am not logged into the domain). > >Any help or pointers will be appreciated. > > > > Thanks > > -S- > > > > > > > > > > Do you Yahoo!? > > Everyone is raving about the all-new Yahoo! Mail beta. > > http://new.mail.yahoo.com > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/listinfo/samba > > > > > Looking for earth-friendly autos? > Browse Top Cars by "Green Rating" at Yahoo! Autos' Green Center. > http://autos.yahoo.com/green_center/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re[2]: [Samba] cannot su, something may related to pam
Hi Even I use "account sufficient usr/lib/pam_winbind.so", I can login as root but I still not be able to connect from windows client. And this setting are working fine in Samba 3.0.22. Any help? Thanks Alex On Wed, 31 Jan 2007 09:57:58 -0200 Felipe Augusto van de Wiel <[EMAIL PROTECTED]> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 01/30/2007 09:54 PM, Alex Wang wrote: > > Hi All > > [...] > > It seems jumped the local passwd file and just search the > > domain user list. But even that, I still can't access the > > share folder from the network. It shows the share folder > > but when I double click it, it ask me for the password. > > > > Here is the smb.conf > [...] > > > /etc/pam.d/system > [...] > > # account > > accountrequired/usr/lib/pam_winbind.so > > #accountrequiredpam_krb5.so > > account requiredpam_login_access.so > > account requiredpam_unix.so > > IMHO, it seems that your first line in account would > mandate that the account also exists in the "winbind space". > > > > Thanks a lot > > Alex > > Kind regards, > > - -- > Felipe Augusto van de Wiel <[EMAIL PROTECTED]> > Coordenadoria de Tecnologia da Informa?0?4?0?0o (CTI) - SEDU/PARANACIDADE > http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.6 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFFwIRFCj65ZxU4gPQRAjQiAKCuUb6bP1QW0pRnSLasWEqgywcKZwCfSUQz > aHAajUukTTDC5deyy+6tXqU= > =/EZW > -END PGP SIGNATURE- > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] cannot su, something may related to pam
Hi All I installed samba 3.0.23d on the FreeBSD 5.4 through the port tree and join to the Windows 2000 Domain. But I can't su anymore. And the Windows client cannot go into the share folder. I have pam_winbind.so at /usr/lib and /usr/local/lib. The error message shows: Jan 30 18:50:36 BSDSVR01 pam_winbind[26131]: request failed: No such user, PAM error was unknown user (13), NT error was NT_STATUS_NO_SUCH_USER Jan 30 18:50:36 BSDSVR01 pam_winbind[26131]: request failed, but PAM error 0! Jan 30 18:50:36 BSDSVR01 pam_winbind[26131]: internal module error (retval = 3, user = `root') Jan 30 18:50:36 BSDSVR01 su[26131]: pam_acct_mgmt: error in service module It seems jumped the local passwd file and just search the domain user list. But even that, I still can't access the share folder from the network. It shows the share folder but when I double click it, it ask me for the password. Here is the smb.conf **copy start*** [global] workgroup = DOMAIN realm = DOMAIN.COM server string = Samba Server security = ADS allow trusted domains = No password server = dc syslog only = Yes log level =3 log file = /var/log/samba/smb.log max log size = 50 dns proxy = No wins server = 192.168.0.10 passdb expand explicit = No idmap uid = 600-2 idmap gid = 600-2 template homedir = /usr/samba/%U template shell = /bin/sh winbind cache time = 3600 winbind use default domain = Yes winbind nested groups = Yes winbind enum users = Yes winbind enum groups = Yes hosts allow = 192.168.0. #[Test] #path = /usr/samba #read only = No [Software] comment = Application path = /usr/samba/software valid users = @"Domain Users",@"Domain Admins" read only = Yes write list = @"Domain Admins" create mode = 0777 directory mode = 0777 **copy end*** nsswitch.conf **copy start** group: files winbind group_compat: nis hosts: files dns networks: files passwd: files winbind passwd_compat: nis shells: compat *copy end*** /etc/pam.d/system copy start* # auth auth sufficient /usr/lib/pam_winbind.so try_first_pass authsufficient pam_opie.so no_warn no_fake_prompts authrequisite pam_opieaccess.so no_warn allow_local #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass authrequiredpam_unix.so no_warn try_first_pass nullok # account accountrequired/usr/lib/pam_winbind.so #accountrequiredpam_krb5.so account requiredpam_login_access.so account requiredpam_unix.so # session #sessionoptionalpam_ssh.so session requiredpam_lastlog.so no_fail # password passwordsufficient /usr/lib/pam_winbind.so try_first_pass #password sufficient pam_krb5.so no_warn try_first_pass passwordrequiredpam_unix.so no_warn try_first_pass copy end** Thanks a lot Alex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] how to know local path ?
Question one here. c:\net use New connections will be remembered. Status Local RemoteNetwork --- OK Z:\\SAMBA\Home\me Microsoft Windows Network OK X:\\SAMPLE\SAMPLE Microsoft Windows Network The command completed successfully. Question two... No idea. :P Alex On Tue, 25 Apr 2006 10:35:10 -0400 Michael Li <[EMAIL PROTECTED]> wrote: > Hi, > > In computer A, is there any way to know local path at > computer B? > > Let me give more details : > > Computer B(linux) has a directory, called /samba/shared, > it is mapped to Computer A(Windows) as S:. > In computer A, is there any way to know "S:"'s local > path in computer B is "/samba/shared" ? > > > Furthermore, in computer B, is there any way to know > "/samba/shared" is mapped as "S:" in computer A ? > > Best regards. > Michael Li > > > == > This email message and any attachments are for the sole use of the intended > recipients and may contain proprietary and/or confidential information which > may be privileged or otherwise protected from disclosure. Any unauthorized > review, use, disclosure or distribution is prohibited. If you are not the > intended recipients, please contact the sender by reply email and destroy the > original message and any copies of the message as well as any attachments to > the original message. > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re[2]: [Samba] FreeBSD Samba Binary Package
Yes. U'r right. Normally I use tab to fix this error. :) ALex On Thu, 30 Mar 2006 06:25:28 -0800 "Guillermo Gutierrez" <[EMAIL PROTECTED]> wrote: > actually, it might be /usr/ports/net/samba3/. > I think FreeBSD still keeps two versions of samba in their ports. > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > Behalf Of Alex Wang > Sent: Thursday, March 30, 2006 5:56 AM > To: ?? .??. ?? Vivek Varghese Cherian > Cc: samba@lists.samba.org > Subject: Re: [Samba] FreeBSD Samba Binary Package > > > FreeBSD is using port to install everything. go to > /usr/ports/net/samba/; make install clean > > > ALex > On Thu, 30 Mar 2006 19:14:57 +0530 > "?? .??. ?? Vivek Varghese Cherian " <[EMAIL PROTECTED]> wrote: > > > Hi, > > > > The Samba URL http://us3.samba.org/samba/ftp/Binary_Packages/ does not seem > > to have a FreeBSD binary package. I tried a web search but to no avail. I > > have searched the samba list archives and i could not find any pointers > > either. Any assistance would be most welcome > > > > Thanks in Advance, > > > > -- > > Vivek Varghese Cherian > > Free as in Freedom > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/listinfo/samba > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] FreeBSD Samba Binary Package
FreeBSD is using port to install everything. go to /usr/ports/net/samba/; make install clean ALex On Thu, 30 Mar 2006 19:14:57 +0530 "?? .??. ?? Vivek Varghese Cherian " <[EMAIL PROTECTED]> wrote: > Hi, > > The Samba URL http://us3.samba.org/samba/ftp/Binary_Packages/ does not seem > to have a FreeBSD binary package. I tried a web search but to no avail. I > have searched the samba list archives and i could not find any pointers > either. Any assistance would be most welcome > > Thanks in Advance, > > -- > Vivek Varghese Cherian > Free as in Freedom > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re[3]: [Samba] Domain User access control in the smb.conf
Thanks a lot. It's working perfect right now. ALex On Fri, 17 Feb 2006 13:48:51 -0600 Don Meyer <[EMAIL PROTECTED]> wrote: > Yes, if you have the "valid users =" line present in a resource's > config block, then access to that resource is limited to the defined > set of users. If not present, then any user can connect to the resource. > > -D > > > At 01:41 PM 2/17/2006, Alex Wang wrote: > >Thanks Don, it works. > > > >Another question about that is, do I have to list all the users who need > >to access that share folder? > > > >[Test2] > > comment = Test > > path = /usr/tmp/ > > valid users = "@Domain Admins" > > readonly = Yes > > write list = myaccount > >Since myaccount is not in Domain Admins, I can't even access those share > >folder. Do I have to chagne to > > > >[Test2] > > comment = Test > > path = /usr/tmp/ > > valid users = "@Domain Admins", myaccount > > readonly = Yes > > write list = myaccount > > > >Thanks > > > >Alex > > > > > > > >On Fri, 17 Feb 2006 13:29:50 -0600 > >Don Meyer <[EMAIL PROTECTED]> wrote: > > > > > At 12:52 PM 2/17/2006, Alex Wang wrote: > > > >I guess the @"Domain\myaccount" is the wrong format, but I check the > > > >manual and can't find anything talk about the user list in smb.conf > > > > > > > >smb# testparm > > > >... > > > > winbind use default domain = Yes > > > > > > > > > First off, if "myaccount" is a user account, then drop the "@" -- > > > that is one of the specials used to designate a group. > > > > > > Second, with "winbind use default domain" active/enabled, you should > > > not have to specify the "DOMAIN\" part. > > > > > > Also, since you are using the special char "\" as a domain separator, > > > you need to be very cognizant of where you need to properly escape > > > it. (I.E., use "\\" instead of just "\") I'm pretty sure that > > > "valid users =" is one of those places... > > > > > > Cheers, > > > -D > > > > > > > > > Don Meyer <[EMAIL PROTECTED]> > > > Network Manager, ACES Academic Computing Facility > > > Technical System Manager, ACES TeleNet System > > > UIUC College of ACES, Information Technology and Communication Services > > > > > >"They that can give up essential liberty to obtain a little > > > temporary safety, > > > deserve neither liberty or safety." -- Benjamin > > Franklin, 1759 > > Don Meyer <[EMAIL PROTECTED]> > Network Manager, ACES Academic Computing Facility > Technical System Manager, ACES TeleNet System > UIUC College of ACES, Information Technology and Communication Services > >"They that can give up essential liberty to obtain a little > temporary safety, > deserve neither liberty or safety." -- Benjamin Franklin, 1759 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re[2]: [Samba] Domain User access control in the smb.conf
Thanks Don, it works. Another question about that is, do I have to list all the users who need to access that share folder? [Test2] comment = Test path = /usr/tmp/ valid users = "@Domain Admins" readonly = Yes write list = myaccount Since myaccount is not in Domain Admins, I can't even access those share folder. Do I have to chagne to [Test2] comment = Test path = /usr/tmp/ valid users = "@Domain Admins", myaccount readonly = Yes write list = myaccount Thanks Alex On Fri, 17 Feb 2006 13:29:50 -0600 Don Meyer <[EMAIL PROTECTED]> wrote: > At 12:52 PM 2/17/2006, Alex Wang wrote: > >I guess the @"Domain\myaccount" is the wrong format, but I check the > >manual and can't find anything talk about the user list in smb.conf > > > >smb# testparm > >... > > winbind use default domain = Yes > > > First off, if "myaccount" is a user account, then drop the "@" -- > that is one of the specials used to designate a group. > > Second, with "winbind use default domain" active/enabled, you should > not have to specify the "DOMAIN\" part. > > Also, since you are using the special char "\" as a domain separator, > you need to be very cognizant of where you need to properly escape > it. (I.E., use "\\" instead of just "\") I'm pretty sure that > "valid users =" is one of those places... > > Cheers, > -D > > > Don Meyer <[EMAIL PROTECTED]> > Network Manager, ACES Academic Computing Facility > Technical System Manager, ACES TeleNet System > UIUC College of ACES, Information Technology and Communication Services > >"They that can give up essential liberty to obtain a little > temporary safety, > deserve neither liberty or safety." -- Benjamin Franklin, 1759 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Domain User access control in the smb.conf
Hi All My system is Freebsd 5.4 and Samba 3.0.21a. I am using ADS for system security. In my smb.conf, I create a share like that. [Test2] comment = Test path = /usr/tmp/ valid users = @"Domain Admins",@"Domain\myaccount" The domain administrator can access the share folder, but I can't. It keeps asking me the username and password. The samba is joined to the domain and auth is working fine. I can auth my account under the shell without any problem. ** samba# klist Credentials cache: FILE:/tmp/krb5cc_0 Principal: [EMAIL PROTECTED] Issued ExpiresPrincipal Feb 15 17:38:15 >>>Expired<<< krbtgt/[EMAIL PROTECTED] Feb 15 18:29:51 >>>Expired<<< [EMAIL PROTECTED] ** smb# wbinfo -a myaccount%"***" plaintext password authentication succeeded challenge/response password authentication succeeded smb# I guess the @"Domain\myaccount" is the wrong format, but I check the manual and can't find anything talk about the user list in smb.conf smb# testparm Load smb config files from /usr/local/etc/smb.conf Processing section "[Test]" Processing section "[Test2]" Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions [global] workgroup = DOMAIN realm = DOMAIN.COM server string = Samba Server security = ADS allow trusted domains = No password server = dc syslog only = Yes log file = /var/log/samba/log.%m max log size = 50 dns proxy = No wins server = 192.168.0.100 passdb expand explicit = No idmap backend = idmap_rid:DOMAIN=500-1 idmap uid = 500-1 idmap gid = 500-1 template homedir = /usr/samba/%U template shell = /bin/sh winbind cache time = 3600 winbind use default domain = Yes winbind nested groups = Yes hosts allow = 192.168.0. [Test] path = /usr/samba read only = No [Test2] comment = Test path = /usr/tmp/ valid users = "@Domain Admins", @"DOMAIN\myaccount" Thanks Alex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba