Re: [Samba] Winbind group mapping problem
Linux Addict wrote: Once for all, go ahead with rid and keep the smb.conf consistent across OR use rfc2307. RID is easier to manage. Thanks very much for the advice Dale Linux Addict. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Winbind group mapping problem
Dale Schroeder wrote: Which winbind idmap backend are you using? The default tdb backend generates id's randomly (which appears to be your case), meaning you will have to do a lot of chown commands on box B. For consistent mappings, use something like idmap_rid. http://us6.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html#id2598850 Thanks very much Dale, I was using the tdb backend. I read the docs but I'm not clear on whether the configuration can simply be retrofitted to both servers or whether changes to the data itself will be needed. I did make a quick test but aside from ownerships showing as 'user' rather than 'DOMAIN\user' nothing changed in respect of missing UIDs/GIDs. BTW the ultimate aim of was is to validate a server that will actually replace a single ADS domain member. This being the case I suppose I could back up the relevant tdb files, do a leave on the existing server, join the new one and copy the tdbs into place? Still, if I can use idmap_rid without undue hassle it's clearly a better solution. Best, Ben. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Winbind group mapping problem
Hello all, I have 2 boxes with identical smb.conf files apart from the netbios name. The contents of the shares have been copied from one to the other preserving the UNIX UIDs/GIDs and both boxes join to the AD domain without problems. The domain sid is the same on both machines. However, something isn't right with the group mapping: Box A (shows the correct AD groups with ls -l) //u...@host//:~$ getent group 10012 OURDOMAIN\domain users:*:10012: Box B (show mostly UIDs/GIDs with ls -l) //u...@host//:~$ getent group 10004 OURDOMAIN\domain users:*:10004: Can anyone give me a clue as to where to start looking to debug this? Many thanks in advance. Ben Tisdall -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: {Disarmed} Re: [Samba] Update: Winbind+nss working on one centOS 5.2 box but not another
Thanks Kums - I should have been clearer - the non-verbose testparm output (which doesn't show the netbios name) diffs out perfectly. The netbios names are in fact set differently and the join happens without errors. testparm -v Kums wrote: Make sure to have different Netbios Name, else only one box will be able to successfully join to AD + export Samba shares. Cheers, -Kums On Fri, Jan 23, 2009 at 1:18 AM, Ben Tisdall b...@redcircleit.com mailto:b...@redcircleit.com wrote: tim clusters wrote: What is your id backend? AD or RID? Can you post your smb.conf? Hi Tim thanks for replying. This is very minimal smb.conf - the history is that it was copied verbatim from a Guardian snap appliance worked perfectly well on 'Box A'. workgroup = OURDOMAIN security = ads server string = Samba Server Version %v netbios name = testukmcsstor1 realm = OURDOMAIN.PRIV idmap uid = 1-2 idmap gid = 1-2 ;interfaces = lo eth0 *MailScanner warning: numerical links are often malicious:* 192.168.12.2/24 http://192.168.12.2/24 *MailScanner warning: numerical links are often malicious:* 192.168.13.2/24 http://192.168.13.2/24 ;hosts allow = 127. 10 # logs split per machine log file = /var/log/samba/log.%m # max 50KB per log file, then rotate max log size = 50 preferred master = no wins support = yes ; wins server = w.x.y.z ; wins proxy = yes ; dns proxy = yes load printers = yes cups options = raw ; map archive = no ; map hidden = no ; map read only = no ; map system = no ; store dos attributes = yes Include = /etc/samba/shares.conf NB: I can testparm the conf from both boxes the output diffs perfectly. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- This message has been scanned for viruses and dangerous content by *MailScanner* http://www.mailscanner.info/, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Update: Winbind+nss working on one centOS 5.2 box but not another
tim clusters wrote: What is your id backend? AD or RID? Can you post your smb.conf? Hi Tim thanks for replying. This is very minimal smb.conf - the history is that it was copied verbatim from a Guardian snap appliance worked perfectly well on 'Box A'. workgroup = OURDOMAIN security = ads server string = Samba Server Version %v netbios name = testukmcsstor1 realm = OURDOMAIN.PRIV idmap uid = 1-2 idmap gid = 1-2 ;interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24 ;hosts allow = 127. 10 # logs split per machine log file = /var/log/samba/log.%m # max 50KB per log file, then rotate max log size = 50 preferred master = no wins support = yes ; wins server = w.x.y.z ; wins proxy = yes ; dns proxy = yes load printers = yes cups options = raw ; map archive = no ; map hidden = no ; map read only = no ; map system = no ; store dos attributes = yes Include = /etc/samba/shares.conf NB: I can testparm the conf from both boxes the output diffs perfectly. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind+nss working on one centOS 5.2 box but not another
Hi all,
I have an odd situation on my hands:
* Two CentOS 5.2 boxes both joined to an AD domain.
* Same samba version (3.0.28-1.el5_2.1) smb.conf, only the netbios names
differ
* Can enumerate users and groups using winbind -{u,g} on both.
* nss doesn't enumerate users groups on one (same lib versions, same
conf file).
//ben...@testukmcsstor1//:~$ rpm -qa | grep nss-
nss-tools-3.12.2.0-2.el5.centos
nss-3.12.2.0-2.el5.centos
pkinit-nss-0.7.3-1.el5
nss-3.12.2.0-2.el5.centos
Looks like this may be more of a libnss problem than a samba one, but
can anyone suggest how I can start to troubleshoot?
Thanks in advance,
Ben Tisdall
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Update: Winbind+nss working on one centOS 5.2 box but not another
Something is not right with the group mapping, but I am unsure what.
getent returns different a primary GID for a given user on each box and
the group mapping differs in each case:
Box A:
//u...@host//:~$ getent group 10012
OURDOMAIN\domain users:*:10012:
Box B:
//u...@host//:~$ getent group 10004
OURDOMAIN\domain users:*:10004:
When I do a long file listing winbindd is printing stuff like this:
[14855]: getpwuid 10082
Added timed event async_request_timeout: 2ae2266d45b0
child daemon request 51
timed_events_timeout: 299/87
process_request: request fn DUAL_UID2SID
[14254]: uid to sid 10082
uid = [10082]
Cache entry with key = IDMAP/UID/10082 couldn't be found
Query backends to map ids-sids
Query sids from domain OURDOMAIN
Fetching record UID 10082
Record UID 10082 not found
Query sids from domain SAMBASERVER
pdb_default_uid_to_rid: host has no idea of uid 10082
Storing response for pid 14257, len 3240
Destroying timed event 2ae2266d45b0 async_request_timeout
Retrieving response for pid 14257
uid2sid_recv: uid 10082 has sid S-1-22-1-10082
Could not find domain for sid S-1-22-1-10082
Ben Tisdall wrote:
Hi all,
I have an odd situation on my hands:
* Two CentOS 5.2 boxes both joined to an AD domain.
* Same samba version (3.0.28-1.el5_2.1) smb.conf, only the netbios names
differ
* Can enumerate users and groups using winbind -{u,g} on both.
* nss doesn't enumerate users groups on one (same lib versions, same
conf file).
//ben...@testukmcsstor1//:~$ rpm -qa | grep nss-
nss-tools-3.12.2.0-2.el5.centos
nss-3.12.2.0-2.el5.centos
pkinit-nss-0.7.3-1.el5
nss-3.12.2.0-2.el5.centos
Looks like this may be more of a libnss problem than a samba one, but
can anyone suggest how I can start to troubleshoot?
Thanks in advance,
Ben Tisdall
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NT_STATUS_MEDIA_WRITE_PROTECTED
Shot in the dark, it's not app-armor related is it? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] ACL/Excel file issue
Hi, I've just upgraded an organisation from 3.0.23a to 3.0.25b on CentOS. Everything went fine excpet they're having an issue with Excel files going RO which perhaps is related to acls. $ ls foo.xls -r--rwxr--+ 1 mr.bogus staff 101376 Apr 8 12:59 08-04-04 foo.xls and getfacl gives: # owner: mr.bogus # group: staff user::r-- user:mr.test:rw- group::rw- mask::rwx other::r-- This is the testparm output with extraneous shares pruned out. It's the same conf as the old server. [global] workgroup = REDRESSTRUST netbios name = REDRESS3 interfaces = eth0, lo bind interfaces only = Yes passdb backend = ldapsam:ldap://127.10.0.1:1389 passwd program = /usr/sbin/smbldap-passwd %u passwd chat = *New*Password* %n\n*Re-enter*new*password* %n\n *Password*changed* username map = /etc/samba/users.conf log level = 1 syslog = 0 name resolve order = wins bcast hosts time server = Yes printcap name = cups show add printer wizard = No add user script = /usr/sbin/smbldap-useradd -m %u delete user script = /usr/sbin/smbldap-userdel %u add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u add machine script = /usr/sbin/smbldap-useradd -w %u logon script = login.bat logon drive = P: domain logons = Yes preferred master = Yes wins support = Yes ldap admin dn = uid=admin,dc=redress,dc=org ldap delete dn = Yes ldap group suffix = ou=groups ldap idmap suffix = ou=idmap ldap machine suffix = ou=computers ldap passwd sync = Yes ldap suffix = dc=redress,dc=org ldap ssl = no ldap user suffix = ou=users printing = cups print command = lpq command = %p lprm command = hide files = /desktop.ini/ map archive = No include = /etc/samba/shares.conf [OrgData] comment = STAFF read/write, others read path = /space/data1/orgdata valid users = root, @staff read only = No create mask = 0664 force create mode = 0664 directory mask = 0775 force directory mode = 0775 Thanks, -- Ben Tisdall -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: smbd using 99.9% CPU with MS Office docs
Mark Nienberg wrote: Ben Tisdall wrote: I made a post a few weeks ago regarding this but was unable to find a solution. This is the situation: + I'm attempting to upgrade from samba 3.0.23a (Fedora core package 3.0.23a-1.fc4.1) to the latest version compiled from Samba source. Just a thought. Instead of compiling from source, have you tried downloading the fedora src file from samba.org and doing a rpmbuild --rebuild? That is the way I do it since it seems easier to me. The resulting rpm file is clever enough to move your samba files from redhat's locations (/var/cache/samba) to the default ones (/var/lib/samba). It will also tell you if you need additional packages installed in order to compile. That's a good thought - I'll probably do that, but I'd like to know why I'm having a problem compiling from source :-\ Cheers. -- Ben -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbd using 99.9% CPU with MS Office docs
I made a post a few weeks ago regarding this but was unable to find a solution. This is the situation: + I'm attempting to upgrade from samba 3.0.23a (Fedora core package 3.0.23a-1.fc4.1) to the latest version compiled from Samba source. + When using the latest version (or 3.0.25b), Win clients can authenticate access shares fine, but attempting to open any kind of MS Office doc (not just word docs as I originally thought) causes the associated smbd process to leap to 99.5% CPU utilisation remain there. The effect of this on the production system is a DOS the smbd processes in question need a -KILL signal to terminate them. These are the compile options I'm using: ./configure \ --with-piddir=/var/run \ --with-logfilebase=/var/log/samba \ --with-quotas \ --with-smbmount \ --enable-cups \ --with-configdir=/usr/local/samba/etc \ This is my testparm output: http://www.redcircleit.com/public/misc/testparm.out.txt (The smb.conf is based on the one used by the Fedora pkg, although with the addition of msdfs root = yes as I understand this changed between the two versions. Inverting the value doesn't help). This is an strace: http://www.redcircleit.com/public/misc/smbd.strace.txt And this is a level 10 log (not recommended for slow connections): http://www.redcircleit.com/public/misc/smbd.debug.log.gz This problem is 100% reproducible so severe that clearly it's either something specific to the system in question or some silly error or omission on my part. Unfortunately I'm stuck as to what this might be any pointers to further debugging would be very much appreciated. -- Ben Tisdall -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] admin access to user home directories
Linux Guy wrote: I've user directorys set to: chmod 700 chown username:Domain Users Users can access stuff fine. However, I'd like the samba root user to be able to access these shares as well. How might I go about this? Example permissions drwx-- 2 jdomDomain Users 4096 2007-07-01 09:32 jdom/ [homes] comment = Home Directories valid users = %S,root -- read only = no create mask = 0600 directory mask = 0700 browseable = no The UNIX perms/ownerships can stay as they are. -- Ben Tisdall -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.25b: smbd 99% CPU utilisation with opened MS Word doc
Eric J. Feldhusen wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ben Tisdall wrote: Hi I'm trying to upgrade from Samba 3.0.23c on FC4 to 3.0.25b from Samba sources. Everything appears to function correctly until an MS word document is opened from a share - the file opens but the smbd process in question rockets to 99%+ CPU, stays there needs kill -9'ing to stop it. This happens reliably. We're running RHEL 4.x with the latest RHEL samba packages of 3.0.10.x.x, and we've seen something similar on a couple of servers, but it's a very rare occurrence. Would you be able to send me a document that you know triggers the problem, along with what version of MS Word you're using to open it? Thanks for the kind offer Eric, will get back to you after some more testing. -- Ben Tisdall -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with LDAP failover config
Andrew Bartlett wrote: I suspect it's a build error, due to The Fedora Core 4 buidl not correctly detecting the ldap_initialize() function. If that were not to be detected in the libs, then we would fallback to an internal function that doesn't handle multiple servers. Thanks for your input here Andrew: [EMAIL PROTECTED]:~$ smbd -b | grep LDAP HAVE_LDAP_H HAVE_LDAP HAVE_LDAP_ADD_RESULT_ENTRY HAVE_LDAP_DN2AD_CANONICAL HAVE_LDAP_INIT HAVE_LDAP_INITIALIZE HAVE_LDAP_SET_REBIND_PROC HAVE_LIBLDAP LDAP_SET_REBIND_PROC_ARGS -- Ben Tisdall -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.25b: smbd 99% CPU utilisation with opened MS Word doc
Hi I'm trying to upgrade from Samba 3.0.23c on FC4 to 3.0.25b from Samba sources. Everything appears to function correctly until an MS word document is opened from a share - the file opens but the smbd process in question rockets to 99%+ CPU, stays there needs kill -9'ing to stop it. This happens reliably. I have an appropriate strace a level 7 log but can't see anything obviously wrong would appreciate some guidance as to what to look for. In the meantime here's my testparm output - this is the same config that works fine on the previous version. Thanks! [global] workgroup = REDRESSTRUST netbios aliases = JERRY interfaces = eth0 passdb backend = ldapsam:ldap://192.168.0.3:1389 passwd program = /usr/sbin/smbldap-passwd %u passwd chat = *New*Password* %n\n*Re-enter*new*password* %n\n *Password*changed* username map = /etc/samba/users.conf log level = 1 syslog = 0 name resolve order = wins bcast hosts time server = Yes printcap name = /etc/printers.conf show add printer wizard = No add user script = /usr/sbin/smbldap-useradd -m %u delete user script = /usr/sbin/smbldap-userdel %u add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u add machine script = /usr/sbin/smbldap-useradd -w %u logon script = login.bat logon drive = P: domain logons = Yes preferred master = Yes wins support = Yes ldap admin dn = uid=admin,dc=redress,dc=org ldap delete dn = Yes ldap group suffix = ou=groups ldap idmap suffix = ou=idmap ldap machine suffix = ou=computers ldap passwd sync = Yes ldap suffix = dc=redress,dc=org ldap ssl = no ldap user suffix = ou=users hide files = /desktop.ini/ map archive = No include = /etc/samba/shares.conf [homes] comment = Home Directories valid users = %S read only = No browseable = No [printers] comment = SMB Print Spool path = /var/spool/samba guest ok = Yes printable = Yes use client driver = Yes browseable = No [netlogon] comment = Network Logon Service path = /mnt/share/netlog valid users = root, @users write list = root [itadmin] path = /mnt/share/redressdata/itadmin valid users = root, x read only = No create mask = 00 force create mode = 0660 directory mask = 00 force directory mode = 0770 [Quickbooks] comment = FINANCE read/write path = /mnt/share/redressdata/quickbooks valid users = root, @finance read only = No create mask = 0660 force create mode = 0660 directory mask = 0770 force directory mode = 0770 [WebForms] path = /var/www/html/_docs_ valid users = xxx,xxx,xxx read only = No create mask = 00 force create mode = 0664 -- Ben Tisdall RedCircle IT Ltd, London NW1. www.redcircleit.com [EMAIL PROTECTED] +44 (0)20 7387 0351 +44 (0)7932 745803 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with LDAP failover config
Hi, I have working master slave OpenLDAP servers the Samba PDC works correctly when using either as the passdb backend. However, when configuring for LDAP failover as per this doc: http://samba.org/samba/docs/man/Samba-Guide/2000users.html Samba doesn't work the logs fill up with this: ldap_initialize: Bad parameter to an ldap routine Connection to LDAP server failed for the 1 try! This is the actual directive I'm using save for the FQDNs: passdb backend = ldapsam:ldap://master.example.com:1389 \ ldap://slave.example.com; Strace didn't produce anything useful. Version is Samba 3.0.23a-1.fc4.1 Probably something very silly but I'm out of ideas! Cheers, -- Ben Tisdall -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with LDAP failover config
John Drescher wrote: Is 1389 the real port on the master ldap server? Yes (I have Scalix running it's own LDAP-like directory on the standard port). To further clarify: passdb backend = ldapsam:ldap://master.example.com:1389 And passdb backend = ldapsam:ldap://slave.example.com Both work individually, but not both at once. Have you configured the ldap server to use ldap ssl? Previously, but I'm currently testing without in the interest of simplicity, ie: ldap ssl = off Thanks. -- Ben Tisdall -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with LDAP failover config
John Drescher wrote: On 8/8/07, Ben Tisdall [EMAIL PROTECTED] wrote: John Drescher wrote: Is 1389 the real port on the master ldap server? Yes (I have Scalix running it's own LDAP-like directory on the standard port). To further clarify: passdb backend = ldapsam:ldap://master.example.com:1389 And passdb backend = ldapsam:ldap://slave.example.com Both work individually, but not both at once. I believe I have both servers listed on one line but I am using samba-3.0.24-X on 64 bit gentoo. H, can you post your passdb backend line pls? Cheers. -- Ben Tisdall -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with LDAP failover config
John Drescher wrote: If the email client does something weird there is one space between the entries. These are two different machines with the first being the PDC and it is in the dns but the second is not so I used the numerical ip for that one instead. passdb backend = ldapsam:ldap://sysserv0.radimg.pitt.edu ldap://192.168.1.230; Thanks John, I'd already tried failed this way :( It turns out this appears to be related to newest Samba package as provided by Fedora Core 4 (3.0.23a-1.fc4.1) as using 3.0.25b compiled from the official Samba sources failover works fine. Unfortunately I'd already made a slightly embarrassing regression from 3.0.25b to the Fedora package on Monday due to resource utilisation issues I haven't yet had time to diagnose. All the more reason to get back on the case! Cheers, -- Ben Tisdall -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How to migrate samba 2.x account to ldap backend
GreeG wrote: Hi there, Is anybody has ever made this: Migrate samba 2.x users (and their unix accounts) to an openldap? I've found plenty of how to for building a blank samba/ldap authentication system, but nothing for migrate existing samba 2.x account (but samba 3.x)... smbldap-tools are useful for creating groups etc., migratetools are useful for unix account, but what about samba 2.x? I'm in the midst of such a migration agree the information out there is surprisingly sparse. **I should point out that was already already on Samba 3 so apologies if this doesn't apply here - test in a safe manner** I'm asssuming you've already got all your posix accounts groups in place - if you've used the PADL scripts to migrate these you'll have to modify some entries so that your machine accounts are under ou=computers rather ou=users or ou=people. Having laid the ground, I would firstly copy your smb.conf to something like migrate.smb.conf put all the stuff in the copy to allow it to talk to your LDAP server, **but not including the ldapsam backend directive**, eg: ldap ssl = [off|on|start_tls] ldap admin dn = uid=admin,dc=example,dc=com ldap suffix = dc=example,dc=com ldap group suffix = ou=groups ldap user suffix = ou=users ldap machine suffix = ou=computers Put the ldap admin user in secrets.tdb by doing: smbpasswd -w adminpass Copy your smbpasswd file to an alternate location avoid accidentally clobbering the real one with a typo. Now you can use pdbedit to export users, letting it using the new conf file by specifying it with '-s': pdbedit -s /path/to/migrate.smb.conf -e \ ldapsam:ldap://ldap.example.com[:port] Also group mappings: pdbedit -s /path/to/migrate.smb.conf -g -e \ ldapsam:ldap://ldap.example.com[:port] Obviously you'll need to point samba to the new backend once it's ready. HTH -- Ben Tisdall -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RE: Getting owner of files on Mounted Windows Share (3rd attempt)
Terlson, Adam (STP) wrote: Are people just ignoring my question because I messed something up, not getting it, or does no one know anything? Adam, I have several replies to your question from the list in my inbox, so try checking the archives if they didn't reach you for some reason. In summary, Windows ownerships don't pass through with smbfs, the ownerships will be those specified as options to the mount command, or if none are specified they will default to root:root. Check the manpage for smbmount for more details. -- Ben Tisdall -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Smba with Amanda backup --- permissions
bhoomikasc wrote: Hi, I am trying to create a Samba share on /media/winshare with the owner as amandabackup instead of root. But as soon as I mount the Samba share on to the mount point, the permissions for the owner get reverted back to root instead of amandabackup. Attaching a snapshot of how it looks like. http://www.nabble.com/file/p10894282/samba%2Bquery.jpg I suspect udev is coming into the picture because you're using /media as your mountpoint. Try mounting under /mnt see what happens. -- Ben Tisdall -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Smba with Amanda backup --- permissions
bhoomikasc wrote: Hi, I am trying to create a Samba share on /media/winshare with the owner as amandabackup instead of root. But as soon as I mount the Samba share on to the mount point, the permissions for the owner get reverted back to root instead of amandabackup. Attaching a snapshot of how it looks like. http://www.nabble.com/file/p10894282/samba%2Bquery.jpg I suspect udev is coming into the picture because you're using /media as your mountpoint. Try mounting under /mnt see what happens. -- Ben Tisdall -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Group mapping not working consistently - addendum
Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ben Tisdall wrote: Pardon me, I meant to include this information: [EMAIL PROTECTED]:~$ net rpc -d1 group members Caseworkers Password: [2007/05/29 20:53:13, 1] utils/net_rpc.c:run_rpc_command(170) rpc command function failed! (STATUS_SOME_UNMAPPED) First off, it appears that you are just trying to enumerate members of a group. There's no enough context from your original post to assume otherwise. Sorry about that. Things otherwise work as expected but the failure of the command was puzzling. In this case, the output indicates that some accounts belonging to the group have most likely been deleted. Granted, we shouldn't fail here anyways. But that's pretty much what the error msg in telling you. Bingo! Somehow my 'amanda' system user had snuck into this group! Thanks Jerry, fantastic support :) Best, -- Ben Tisdall -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Group mapping not working consistently - addendum
Pardon me, I meant to include this information: [EMAIL PROTECTED]:~$ net rpc -d1 group members Caseworkers Password: [2007/05/29 20:53:13, 1] utils/net_rpc.c:run_rpc_command(170) rpc command function failed! (STATUS_SOME_UNMAPPED) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Group mapping not working consistently
I'm trying to understand why my group mapping doesn't work in a consistent fashion. I've studied Important Samba-3.0.23 Change Notes chapter 13 of TOSHARG but am still struggling. I'm on 3.0.23a-1.fc4.1 (Fedora Core 4) as a PDC, tdbsam backend. 'net groupmap list' gives this: Domain Power Users (S-1-5-21-1365060548-1276164359-2333037906-31037) - pwrusers Domain Webmasters (S-1-5-21-1365060548-1276164359-2333037906-31031) - webmaster Staff (S-1-5-21-1365060548-1276164359-2333037906-3057) - staff Domain Admins (S-1-5-21-1365060548-1276164359-2333037906-512) - root General Managers (S-1-5-21-1365060548-1276164359-2333037906-3051) - genmgrs Domain Guests (S-1-5-21-1365060548-1276164359-2333037906-514) - nobody Caseworkers (S-1-5-21-1365060548-1276164359-2333037906-3053) - caseworkers 'getent group webmaster' outputs this: webmaster:x:15015:foo,bar,foobar And 'net rpc group members Domain Webmasters' gives: REDRESSTRUST\foo REDRESSTRUST\bar REDRESSTRUST\foo So far so good, but in the case of 'getent group caseworkers': caseworkers:x:1026:foo,bar.foobar 'net rpc group members Caseworkers' prints nothing. The problem seems to be related to GIDs - new unix groups are created with GIDs above 15000 mapping works fine, but mapping to existing groups with GIDs in the 1000 area seems to fail. Here's my smb.conf: [global] workgroup = REDRESSTRUST passwd chat = *New*Password* %n\n*Re-enter*new*password* %n\n *Password*changed* username map = /etc/samba/users.conf syslog = 0 log level = 1 name resolve order = wins bcast hosts time server = yes printcap name = CUPS show add printer wizard = No add user script = /usr/sbin/useradd -m %u delete user script = /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupdel %g add user to group script = /usr/sbin/usermod -a -G %g %u add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null %u logon script = login.bat logon drive = P: domain logons = Yes preferred master = Yes wins support = Yes printing = CUPS #idmap uid = 15000-2 #idmap gid = 15000-2 Cheers. -- Ben Tisdall RedCircle IT Ltd, London NW1. www.redcircleit.com [EMAIL PROTECTED] +44 (0)20 7387 0351 +44 (0)7932 745803 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbldap-useradd not creating machine accounts in correct fashion
On Fri, April 13, 2007 23:48, Edmundo Valle Neto wrote:
Your script appears to be working right, smbldap-useradd -w
machinename$ should only create an account with posix attributes, the
sambaSAMAccount class and attributes will be added by samba when the
client is joined into the domain.
You can see that in the IDEALX smbldap-tools user manual.
Thanks Edmundo and apologies for not having consulted the fine manual more
closely - I should know better.
In the end testing revealed that the tools were putting the machine
accounts under 'ou=computers,${suffix}' (as I wanted) but samba seemed to
be looking for them under 'ou=users,${suffix}', because if I reconfigured
the tools to put the accounts there then everything worked as expected.
This is odd as I have 'machine suffix = ou=computers' in smb.conf now,
having now put things back as they were, everything's working!
Therefore I can only conclude that the issue was due to some typo that
I've now unwittingly corrected - odd, as I was logging samba at up to 4
saw nothing suggestive.
Best,
--
Ben Tisdall
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbldap-useradd not creating machine accounts in correct fashion
On Fri, April 13, 2007 23:48, Edmundo Valle Neto wrote:
Your script appears to be working right, smbldap-useradd -w
machinename$ should only create an account with posix attributes, the
sambaSAMAccount class and attributes will be added by samba when the
client is joined into the domain.
You can see that in the IDEALX smbldap-tools user manual.
Thanks Edmundo and apologies for not having consulted the fine manual more
closely - I should know better.
In the end testing revealed that the tools were putting the machine
accounts under 'ou=computers,${suffix}' (as I wanted) but samba seemed to
be looking for them under 'ou=users,${suffix}', because if I reconfigured
the tools to put the accounts there then everything worked as expected.
This is odd as I have 'machine suffix = ou=computers' in smb.conf now,
having now put things back as they were, everything's working!
Therefore I can only conclude that the issue was due to some typo that
I've now unwittingly corrected - odd, as I was logging samba at up to 4
saw nothing suggestive.
Best,
--
Ben Tisdall
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbldap-useradd not creating machine accounts in correct fashion
Hi, I have OpenLDAP working here generally without problems for a variety of applications including the management of Samba. Functioning user accounts can be created via 'smbldap-useradd' with the proper samba attributes being added in LDAP, however... Something odd is happening when I (or samba) tries to create a machine account with 'smbldap-useradd -w test1$' - an entry is created that looks like this: dn: uid=test1$,ou=computers,dc=redcircle objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount cn: test1$ sn: test1$ uid: test1$ uidNumber: 1041 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer Needless to the computer is not able to join the domain... Whereas a working entry migrated from tdbsam looks like this: dn: uid=sonny$,ou=computers,dc=redcircle uid: sonny$ sambaSID: S-1-5-21-1595696850-3378076689-3030227139-3008 sambaPrimaryGroupSID: S-1-5-21-1595696850-3378076689-3030227139-1201 objectClass: sambaSamAccount objectClass: account displayName: SONNY$ sambaPwdMustChange: 2147483647 sambaAcctFlags: [W ] sambaPwdCanChange: 1175234556 sambaPwdLastSet: 1175234556 Feel as what's happening is so wrong that it must be some silliness on my part but for the life of me can't figure out what any help would be much appreciated. BTW this is occurring with version 0.9.2a of the tools downloaded from SF also the .deb for my Ubuntu server -- Ben Tisdall -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbldap-useradd not creating machine accounts in correct fashion
Hi, I have OpenLDAP working here generally without problems for a variety of applications including the management of Samba. Functioning user accounts can be created via 'smbldap-useradd' with the proper samba attributes being added in LDAP, however... Something odd is happening when I (or samba) tries to create a machine account with 'smbldap-useradd -w test1$' - an entry is created that looks like this: dn: uid=test1$,ou=computers,dc=redcircle objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount cn: test1$ sn: test1$ uid: test1$ uidNumber: 1041 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer Needless to the computer is not able to join the domain... Whereas a working entry migrated from tdbsam looks like this: dn: uid=sonny$,ou=computers,dc=redcircle uid: sonny$ sambaSID: S-1-5-21-1595696850-3378076689-3030227139-3008 sambaPrimaryGroupSID: S-1-5-21-1595696850-3378076689-3030227139-1201 objectClass: sambaSamAccount objectClass: account displayName: SONNY$ sambaPwdMustChange: 2147483647 sambaAcctFlags: [W ] sambaPwdCanChange: 1175234556 sambaPwdLastSet: 1175234556 Feel as what's happening is so wrong that it must be some silliness on my part but for the life of me can't figure out what any help would be much appreciated. BTW this is occurring with version 0.9.2a of the tools downloaded from SF also the .deb for my Ubuntu server. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
