Re: [Samba] Samba 3.0
Steve Jr Ramage wrote: I was wondering how is support for NT Style Domains doing in Samba 3.0? If I want to use domain level security is Active Directory Part of the Package or will NT 4.0 style be provided too? Also how is support for tools like Server Manager, and User Manager across the domain, from Windows Clients in the new version? AIUI, the "security = ads" setting (new in 3.0) specifies Active Directory membership, while the existing "security = domain" specifies NT4-stype domain membership. Samba 3.0 will be able to serve as an NT4 PDC, but not (yet) an Active Directory DC. (ObAnecdote: I'm successfully using a Samba 3.0.0beta2 server in "security = domain" mode, authenticating against a Win2000 Active Directory. Had to get some assistance from this list, of course...) -- Ben Finney <[EMAIL PROTECTED]> IT Technical Support Officer Support Centre, The Muir Electrical Company ph: +61 3 9338 4300 web: <http://www.thegoodguys.com.au/> -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Access denied when printing to Samba printers
Howdy all,
I'm setting up a print server machine to serve hosts in an Active
Directory domain. Debian GNU/Linux ("sarge", current testing branch),
Samba 3.0.0beta2-1.
Success so far:
- All steps in the current DIAGNOSIS document
<http://au1.samba.org/samba/devel/docs/html/diagnosis.html>
- Sharing printer drivers from the [print$] share (yay!)
- Connecting to the Samba server from a Win2000 host
- Connecting to individual printer shares from a Win2000 host
Failure:
- Printing anything to said printer shares.
The Win2000 client, when attempting to print a test page to the
printer, immediately responds with "Access denied" and an offer to
lead me through the printer troubleshooting help.
Selected portions of 'testparm -vs':
=
Processing section "[printers]"
Processing section "[print$]"
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
'winbind separator = +' might cause problems with group membership.
# Global parameters
[global]
workgroup = TGGLOCAL
realm =
netbios name = TGGSPS001
interfaces =
bind interfaces only = No
security = DOMAIN
auth methods =
encrypt passwords = Yes
update encrypted = No
client schannel = Auto
server schannel = Auto
allow trusted domains = Yes
map to guest = Never
null passwords = No
obey pam restrictions = Yes
password server = tggad001, tggad002, *
private dir = /var/lib/samba
passdb backend = tdbsam, guest
guest account = nobody
restrict anonymous = 0
lanman auth = Yes
ntlm auth = Yes
client NTLMv2 auth = No
client lanman auth = Yes
client plaintext auth = Yes
protocol = NT1
acl compatibility =
paranoid server security = Yes
load printers = Yes
printcap name = cups
disable spoolss = No
idmap only = No
idmap backend =
idmap uid = 1-2
idmap gid = 1-2
winbind separator = +
winbind cache time = 600
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = No
printer admin = @lpadmin, TGGLOCAL+Domain Admins
[printers]
comment = All printers
path = /var/local/spool/samba
create mask = 0700
guest ok = Yes
printable = Yes
print command = lp -c -d %p -o raw; rm %s
lpq command = lpstat -o %p
lprm command = cancel %p-%j
browseable = No
[print$]
comment = Printer drivers
path = /var/lib/samba/printers
write list = root, @lpadmin, TGGLOCAL+Domain Admins
guest ok = Yes
=
The frustrating part is that this was working briefly a week ago, but
is not currently and I can't determine why. This is small comfort of
course; but it does show that it's at least possible to get this
working :-)
--
Ben Finney <[EMAIL PROTECTED]>
IT Technical Support Officer
Support Centre, The Muir Electrical Company
ph: +61 3 9338 4300 web: <http://www.thegoodguys.com.au/>
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Access denied when printing to Samba printers
Ben Finney wrote: Failure: - Printing anything to said printer shares. [...] [printers] comment = All printers path = /var/local/spool/samba create mask = 0700 guest ok = Yes printable = Yes Corey Hart asked me (off-list) to check the permissions on the spool directory. They are: $ ls -ld /var/local/samba/spool/ drwxrwxrwt2 root nogroup 4096 Aug 7 13:24 /var/local/samba/spool/ (This is based on advice to make a separate spool directory, with the same permissions as /tmp has.) -- Ben Finney <[EMAIL PROTECTED]> IT Technical Support Officer Support Centre, The Muir Electrical Company ph: +61 3 9338 4300 web: <http://www.thegoodguys.com.au/> -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Access denied when printing to Samba printers
Ben Finney wrote: The Win2000 client, when attempting to print a test page to the printer, immediately responds with "Access denied" and an offer to lead me through the printer troubleshooting help. Some other points that may be relevant: At one point I was using "security = ads" in an attempt to get things working; however, the (brief) success was had with "security = domain". I'm still seeing krb5 messages though; is it possible to authenticate against a Win2000 Active Directory domain, in "mixed" mode, without using kerberos? I'm using winbindd via PAM, and set up /etc/pam.d/login and /etc/pam.d/samba such that authentication appears to be working. I'm happy to be told that this may be affecting it, if only someone can help me diagnose it. -- Ben Finney <[EMAIL PROTECTED]> IT Technical Support Officer Support Centre, The Muir Electrical Company ph: +61 3 9338 4300 web: <http://www.thegoodguys.com.au/> -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Access denied when printing to Samba printers
[EMAIL PROTECTED] wrote: Failure: - Printing anything to said printer shares. [...] [printers] comment = All printers path = /var/local/spool/samba [...] $ ls -ld /var/local/samba/spool/ drwxrwxrwt2 root nogroup 4096 Aug 7 13:24 /var/local/samba/spool/ OMFG. The spool directory Samba was looking for was not the same as the directory I created. Correct that error, and it's all fine now. Thank you to the samba list, and Corey Hart in particular, for assisting me in seeing what was right in front of my face :-) -- Ben Finney <[EMAIL PROTECTED]> IT Technical Support Officer Support Centre, The Muir Electrical Company ph: +61 3 9338 4300 web: <http://www.thegoodguys.com.au/> -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
