Re: [Samba] Samba 3.0
Steve Jr Ramage wrote: I was wondering how is support for NT Style Domains doing in Samba 3.0? If I want to use domain level security is Active Directory Part of the Package or will NT 4.0 style be provided too? Also how is support for tools like Server Manager, and User Manager across the domain, from Windows Clients in the new version? AIUI, the "security = ads" setting (new in 3.0) specifies Active Directory membership, while the existing "security = domain" specifies NT4-stype domain membership. Samba 3.0 will be able to serve as an NT4 PDC, but not (yet) an Active Directory DC. (ObAnecdote: I'm successfully using a Samba 3.0.0beta2 server in "security = domain" mode, authenticating against a Win2000 Active Directory. Had to get some assistance from this list, of course...) -- Ben Finney <[EMAIL PROTECTED]> IT Technical Support Officer Support Centre, The Muir Electrical Company ph: +61 3 9338 4300 web: <http://www.thegoodguys.com.au/> -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Access denied when printing to Samba printers
Howdy all, I'm setting up a print server machine to serve hosts in an Active Directory domain. Debian GNU/Linux ("sarge", current testing branch), Samba 3.0.0beta2-1. Success so far: - All steps in the current DIAGNOSIS document <http://au1.samba.org/samba/devel/docs/html/diagnosis.html> - Sharing printer drivers from the [print$] share (yay!) - Connecting to the Samba server from a Win2000 host - Connecting to individual printer shares from a Win2000 host Failure: - Printing anything to said printer shares. The Win2000 client, when attempting to print a test page to the printer, immediately responds with "Access denied" and an offer to lead me through the printer troubleshooting help. Selected portions of 'testparm -vs': = Processing section "[printers]" Processing section "[print$]" Load smb config files from /etc/samba/smb.conf Loaded services file OK. 'winbind separator = +' might cause problems with group membership. # Global parameters [global] workgroup = TGGLOCAL realm = netbios name = TGGSPS001 interfaces = bind interfaces only = No security = DOMAIN auth methods = encrypt passwords = Yes update encrypted = No client schannel = Auto server schannel = Auto allow trusted domains = Yes map to guest = Never null passwords = No obey pam restrictions = Yes password server = tggad001, tggad002, * private dir = /var/lib/samba passdb backend = tdbsam, guest guest account = nobody restrict anonymous = 0 lanman auth = Yes ntlm auth = Yes client NTLMv2 auth = No client lanman auth = Yes client plaintext auth = Yes protocol = NT1 acl compatibility = paranoid server security = Yes load printers = Yes printcap name = cups disable spoolss = No idmap only = No idmap backend = idmap uid = 1-2 idmap gid = 1-2 winbind separator = + winbind cache time = 600 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = No printer admin = @lpadmin, TGGLOCAL+Domain Admins [printers] comment = All printers path = /var/local/spool/samba create mask = 0700 guest ok = Yes printable = Yes print command = lp -c -d %p -o raw; rm %s lpq command = lpstat -o %p lprm command = cancel %p-%j browseable = No [print$] comment = Printer drivers path = /var/lib/samba/printers write list = root, @lpadmin, TGGLOCAL+Domain Admins guest ok = Yes = The frustrating part is that this was working briefly a week ago, but is not currently and I can't determine why. This is small comfort of course; but it does show that it's at least possible to get this working :-) -- Ben Finney <[EMAIL PROTECTED]> IT Technical Support Officer Support Centre, The Muir Electrical Company ph: +61 3 9338 4300 web: <http://www.thegoodguys.com.au/> -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Access denied when printing to Samba printers
Ben Finney wrote: Failure: - Printing anything to said printer shares. [...] [printers] comment = All printers path = /var/local/spool/samba create mask = 0700 guest ok = Yes printable = Yes Corey Hart asked me (off-list) to check the permissions on the spool directory. They are: $ ls -ld /var/local/samba/spool/ drwxrwxrwt2 root nogroup 4096 Aug 7 13:24 /var/local/samba/spool/ (This is based on advice to make a separate spool directory, with the same permissions as /tmp has.) -- Ben Finney <[EMAIL PROTECTED]> IT Technical Support Officer Support Centre, The Muir Electrical Company ph: +61 3 9338 4300 web: <http://www.thegoodguys.com.au/> -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Access denied when printing to Samba printers
Ben Finney wrote: The Win2000 client, when attempting to print a test page to the printer, immediately responds with "Access denied" and an offer to lead me through the printer troubleshooting help. Some other points that may be relevant: At one point I was using "security = ads" in an attempt to get things working; however, the (brief) success was had with "security = domain". I'm still seeing krb5 messages though; is it possible to authenticate against a Win2000 Active Directory domain, in "mixed" mode, without using kerberos? I'm using winbindd via PAM, and set up /etc/pam.d/login and /etc/pam.d/samba such that authentication appears to be working. I'm happy to be told that this may be affecting it, if only someone can help me diagnose it. -- Ben Finney <[EMAIL PROTECTED]> IT Technical Support Officer Support Centre, The Muir Electrical Company ph: +61 3 9338 4300 web: <http://www.thegoodguys.com.au/> -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Access denied when printing to Samba printers
[EMAIL PROTECTED] wrote: Failure: - Printing anything to said printer shares. [...] [printers] comment = All printers path = /var/local/spool/samba [...] $ ls -ld /var/local/samba/spool/ drwxrwxrwt2 root nogroup 4096 Aug 7 13:24 /var/local/samba/spool/ OMFG. The spool directory Samba was looking for was not the same as the directory I created. Correct that error, and it's all fine now. Thank you to the samba list, and Corey Hart in particular, for assisting me in seeing what was right in front of my face :-) -- Ben Finney <[EMAIL PROTECTED]> IT Technical Support Officer Support Centre, The Muir Electrical Company ph: +61 3 9338 4300 web: <http://www.thegoodguys.com.au/> -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba