[Samba] What is the recommend method to give users local admin access?
What is the recommend method with a samba pdc to give users local administrator access to their workstations? In Samba4 / Active Directory I can use a group policy. For Samba I can add 'Domain Users' to the local administrator group following these instructions. http://www.samba.org/samba/docs/man/Samba3-HOWTO/groupmapping.html#id2598630Is there a better way to do this? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] What is the recommend method to give users local admin access?
On Sat, Aug 27, 2011 at 4:22 PM, TAKAHASHI Motonobu mo...@monyo.com wrote: I recommend that Domain Admins global group should be created with rid=512 to grant administrative rights for its domain itself. Thanks for the help. Unfortunately this would give them to much privileges. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] What is the recommend method to give users local admin access?
On Sat, Aug 27, 2011 at 8:24 PM, Christian PERRIER bubu...@debian.orgwrote: Give them a local account with admin access? But not give that to their regular account? Seriously, don't give people habits of working with admin access to Windows machines. Really. If you really want to do this...and reinstall Windows clients every 6 months, This depends on the environment. And that's where clonezilla is for :-) then create a domain group (something like ShootSelfInFoot) and put this global group in the Administrators local group on each client. What about adding 'Domain Users' to the local Administrators group? Or do I need do create an unique group? I could automate this with: net localgroup administrators /add my_domain_name\Domain Users -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Working simultaneously with the same user account
On 01-03-11 16:06, Chris Weiss wrote: having separate usernames and password per share is never simple, SMB wasn't designed to work like that. the simple way is to make user groups for shares and add the users accounts to the groups they need access to. This is far simpler as when you need to take a users rights away from a share due to job position changes you just remove them from the group instead of making everyone else remember a new password. Thanks all for the help. I've setup a simple single share with one user, which works fine. I'll try a more complex configuration using groups and multiple users/shares next. From what I've seen this should work without any problems. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Working simultaneously with the same user account
On Mon, Feb 28, 2011 at 9:37 PM, Gaiseric Vandal gaiseric.van...@gmail.com wrote: Are users logging into the PC with this one account? Or are they logging into PC's with unique accounts? Are they accessing other shares besides this one? If this is the only share, it shouldn't be a problem (technically.) Users are logging into the pc with unique accounts. I would like to have them access other shares as well. The idea is to have a simple setup with a standard username and password for shares. Here's a more complete example: Greate folders === mkdir /media/test chmod -R 770 /media/test chmod g+s /media/test chown -R root:users /media/test mkdir /media/samba chmod -R 770 /media/samba chmod g+s /media/samba groupadd office chown -R root:office /media/samba Add users smbpasswd -a user smbpasswd -a user2 Add users to relevant groups gpasswd -a user users gpasswd -a user2 office Create /etc/samba/smb.conf == [global] workgroup = WORKGROUP netbios name = TESTSERVER security = user [test] path = /media/test read only = No store dos attributes = yes inherit permissions = yes [samba] path = /media/samba read only = No store dos attributes = yes inherit permissions = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Working simultaneously with the same user account
I would like to authenticate several desktops with the samba server using the same user name and password. Is it possible for 5 desktops to work simultaneously using the same user name and password in the same share on the samba server? Are there any downsides or possible problems with this approach? Permissions are inheritable and based on groups: # mkdir /media/test # chmod -R 770 /media/test # chmod g+s /media/test # chown -R root:users /media/test # cat /etc/samba/smb.conf [global] workgroup = WORKGROUP netbios name = TESTSERVER security = user [test] path = /media/test read only = No store dos attributes = yes inherit permissions = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] How do I get a real username in samba pdc instead of , , , ?
Hi, I've got a Samba PDC running, there is one weird problem though . On all Windows machines it shows comma's like this: ,,, instead of the user name. I used the following commands to add users and groups: # net groupmap add ntgroup=Domain Admins unixgroup=root rid=512 type=d # net groupmap add ntgroup=Domain Users unixgroup=users rid=513 type=d # net groupmap add ntgroup=Domain Guests unixgroup=nogroup rid=514 type=d # adduser username # smbpasswd -a username Is there something I can do to fix this? Thanks in advance! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Error joining domain The specified account already exists
I solved this with a workaround by renaming my main desktop. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] One user can't login on PDC without a network connection
Hi, Summary In my testlab I have a Samba pdc setup. All is running fine except for 1 problem. I have a user (B) that cannot login without a network connection, the error message is: there are currently no logon servers available to service the logon request. When I plug in the network cable I can login again. When I do a network-less login as another user (A) on the same machine I can login without any problems. Background My first user (user A) at first got the same error message. I replaced the smbpasswd backend with tdbsam and this problem disappeared I made a new user (user B), logged in on the same machine with network connection, logged out, unplugged the cable and tried logging in only with this user I get the: there are currently no logon servers available to service the logon request error. I am running Debian stable on the server with a backported Samba, the clients run Windows 7. As a side note, the login script for user B isn't working either, maybe the two are related. Any ideas what might be the problem? Thanks in advance for your help! # cat /etc/samba/smb.conf [global] workgroup = HOME passwd chat = *New*Password* %n\n*Re-enter*new*password* %n\n *Password*changed* username map = /etc/samba/smbusers syslog = 0 name resolve order = wins bcast hosts add user script = /usr/sbin/useradd -m -G users '%u' delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/usermod -G '%g' '%u' delete user from group script = /usr/bin/gpasswd -d '%u' '%g' add machine script = /usr/sbin/useradd -s /bin/false '%u' logon script = scripts/login.bat logon path = logon drive = Z: domain logons = Yes preferred master = Yes wins support = Yes passdb backend = tdbsam [Share] comment = Share path = /media/share #valid users = %G inherit permissions = yes read only = No [netlogon] comment = Network Logon Service path = /media/netlogon #valid users = %S #read only = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] One user can't login on PDC without a network connection
I solved this with the instructions listed below. The problem was that the domain name for user B was the hostname of the server and not the 'workgroup = HOME' from smb.conf. Any ideas what caused this problem in the first place? -Instructions Use pdbedit and make sure that the DOMAIN line contains the correct domain name: # pdbedit -Lv your_username if it doesn't contain the correct domain name do the following: # pdbedit -i tdbsam -e smbpasswd # pdbedit -i smbpasswd -e tdbsam http://lists.samba.org/archive/samba/2008-October/144077.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Error joining domain The specified account already exists
I have reinstalled samba from scratch and copied my previous smb.conf. My main desktop was logged on in the domain. When I try re-add my main desktop to the domain I get: The following error occurred attempting to join the domain MYDOMAIN: The specified account already exists I tried completely removing and re-installing samba which didn't work either. Removing and readding the WINDOWS7$ useraccount also didn't work. Thanks in advance for your help. # tail /var/log/samba/log.smbd pdb_get_group_sid: Failed to find Unix account for windows7$ [2010/05/16 10:00:41, 0] passdb/pdb_get_set.c:211(pdb_get_group_sid) pdb_get_group_sid: Failed to find Unix account for windows7$ [2010/05/16 10:00:53, 0] lib/util_sock.c:539(read_fd_with_timeout) [2010/05/16 10:00:53, 0] lib/util_sock.c:1491(get_peer_addr_internal) getpeername failed. Error was Transport endpoint is not connected read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Solved: Error joining domain The specified account already exists
I have reinstalled samba from scratch and copied my previous smb.conf. My main desktop was logged on in the domain. When I try re-add my main desktop to the domain I get: The following error occurred attempting to join the domain MYDOMAIN: The specified account already exists I tried completely removing and re-installing samba which didn't work either. Removing and readding the WINDOWS7$ useraccount also didn't work. Thanks in advance for your help. Reinstalling Samba in Debian changed the database to tdbsam while my original smb.conf didn't use tdbsam. Adding the following lines to smb.conf fixed the problem: encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] What is the preferred way to inherit permission on a pdc?
On Thu, May 6, 2010 at 10:08 AM, Luca Olivetti l...@wetron.es wrote: En/na Aniruddha ha escrit: For now I solved this problem by adding 'inherit permissions = yes' and 'force group = mygroup' to smb.conf. Instead of the latter I use the sticky bit on the group in a folder, I still have to use the inherit permissions = yes. This way I can have just one share with different write access in different folders. Thanks! That is a great idea. I also found some more information about this topic here; http://www.samba.org/samba/docs/man/Samba3-ByExample/kerberos.html#id2614269 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] What is the preferred way to inherit permission on a pdc?
When you follow chapter 2 of SBE ( http://www.samba.org/samba/docs/man/Samba3-ByExample/small.html ) you get a working PDC. However there is one problem: if you create a document in a shared folder only the owner can edit this document. Others in the same group can't edit the document and get a 'permission denied' error. Permission are arranged with groups, new files get the permission of the creator (which is is proper Linux behavior). For now I solved this problem by adding 'inherit permissions = yes' and 'force group = mygroup' to smb.conf. I do wonder what the correct or preferred way is to handle these permission problems with samba as a pdc? How do you make sure that files create by users in a domain are accessible by every other member in the group? Thanks in advance! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba server suddenly stopped working
Hi, I had a working samba server and suddenly my Windows (1 vista and 1 XP) boxes couldn't see the Samba share anymore. The smb.conf appeared to be fine and I can ping the server. I run the latest Gentoo Linux on the server. Anyone has an idea what might be the problem? Thanks in advance! Regards, Aniruddha -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba