[Samba] Hybride samba..
i'm trying to build samba in hybrid mode. (https://wiki.samba.org/index.php/Franky#How_to_run_it) but obvious i'm running in to problems... (not enough howto info) does s3 need to join the s4 part ?! also do i use the same netbios name for s3+s4 ? and wbinfo -u and -g gives an error. security= ads ?? or user ?? (or...) does some one got frankenstein up ?! or some more info on howto.. it would be so mutch nicer then 2 separate machines running s3 and s4 Cheer, Collen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Hybride samba..
The original franky is indeed broke. but there might be an other way (see wiki link) http://lists.samba.org/archive/samba-technical/2011-February/076310.html i was just wondering if some people got it up and running. volker and metze where busy with it. and i prefer rather 1 server then 2. cheers. Collen On 11-4-2011 14:41, Taylor, Jonn wrote: There is currently no netbios support in S4. I am not sure if Franky is even working right now. I would post on the samba-technical list for help with this. Jonn On 04/11/2011 07:04 AM, Daniel Müller wrote: I do not think this is working with the same netbios name for both. The S3 must be a memberserver(ads) of the S4(ads-domain server with bind dns) and winbind running. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail:muel...@tropenklinik.de Internet:www.tropenklinik.de --- -Ursprüngliche Nachricht- Von:samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Collen Blijenberg Gesendet: Montag, 11. April 2011 12:29 An:samba@lists.samba.org Betreff: [Samba] Hybride samba.. i'm trying to build samba in hybrid mode. (https://wiki.samba.org/index.php/Franky#How_to_run_it) but obvious i'm running in to problems... (not enough howto info) does s3 need to join the s4 part ?! also do i use the same netbios name for s3+s4 ? and wbinfo -u and -g gives an error. security= ads ?? or user ?? (or...) does some one got frankenstein up ?! or some more info on howto.. it would be so mutch nicer then 2 separate machines running s3 and s4 Cheer, Collen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Can't find migrate tool.. [s4]
Hi all, i was looking for a tool/file called myldap-pub.py i looked in the git, but it's not there ?! (http://lists.samba.org/archive/samba/2011-February/160887.html) cheers, Collen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] named issue (Samba4, FC14)
Did you try to run bind without the s4 adjustments ?! look if your user rights are appropriate for the dns files. these will stop your named server aswell. what did you do with selinux ?! also try setting your debug level up, for named/bind. there might be some good info on where things go wrong. i had a big hassle with FC14 and dns as well. but i got it running after a few day's it was all in the debug log's . good luck. On 5-3-2011 22:14, Pascal Jakobi wrote: Hi gents ! I am trying to set-up an S4 server following the wiki instructions on Fedora 14. Everything seems fine until step 10 : kerberos DNS dynamic updates configuration. I seem to have done what is required (set $KEYTAB_FILE KRB5_KTNAME in /etc/init.d/named, add the tss-gssapi-credential tss-domain stanzas), however wher starting the named service, it remains stalled I am sure this is a well-known issue, however can't find any solution via Google. Can someone give a hint ? Thxs in advance P -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] S4 and phpldapadmin
Hi, i found some problem with the phpldapadmin-config.php that was created with samba4 if i try to use it, i get an: fatal error: class 'ldapservers' not found in .. (line nr) i can fidel with the setting and make it work better with version 1.2.0.5 from phpldapadmin. but after that i can only login anonymous. using the administrator account, created during provisioning won't work.. do i need a special DN orso ?! cheers, Collen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] S4 in browser list
Just a quick call, is it possible to get Samba4 in the browser list of a domain. at the moment i got samba 4 running, with a samba3 member server(for printing) i know samba4 isn't supporting browsing yet. can i use samba3 for the browsing part ?! (with dns proxy = yes ?) so far so good.. thx,. Collen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 Installed but DNS Problem
also make sure your DNS server is up and running(and resolving), your firewall is ok and your configed it right. dns can be a bit of pain, but check your logs and it's doable... Cheers, Collen On 17-2-2011 8:31, nc-codew...@netcologne.de wrote: Hello Imran, have you a running client/server-firewall? Regards Bert Am 15.02.2011 15:27, schrieb Imran Ashraf: Dear All, I have installed SAMBA 4 according to SAMBA4 How To (http://wiki.samba.org/index.php/Samba4/HOWTO) instructions. Everything is going fine but on Step No. (Configure DNS) it gives error when I try to resolve the DNS name. i.e imran.edu.pk. The error is Connection Time Out, No Server could be reached. Can anybody help me this. I will be thankful to you. Thanx Imran Ashraf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] s4 krb, bind9 updates
Hi, i'm trying to setup basic samba4 following the howto in the wiki. i use standard FC14, with bind 9.7.2 and samba 4-a14 so far so good, seems it all works. except for the dns updates.. funny part is that i get no error or what so ever in return... (error level 5) i mean, samba dns update script works, no errors, all it said no dns updates needed i also can join a machine (xp) and connect to shares klist and kinit are ok too (no errors reported, or differences with the howto) host lookups for krb and ldap are ok to (they where found without errors) what i did notice is that: - dns.keytab - secerets.keytab - secerets.ldb - secerets.tdb are not updated. and since dns_update uses the dns.keytab, it is obvious that bind isn't updated correctly so where do i start debugging this ?! somehow i get the idea that the problem is with the krb5 (before dns updates are done) i did use the krb5.conf that was generated with provisioning Thx, Collen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4 - dnsupdate
ps. the files dns.keytab and dns_update_list are not updated when joining a domain or starting a pc. (file date) On 31-1-2011 15:12, Collen Blijenberg wrote: Hi, i kinda learning to setup the samba4 all thing good so far (with the nice help of the wiki's, howto's and logics) except for the dns update part. some how i can't get the dns update to work i use bind 9.7.2 in fc14. pinging the machine gives an error of not knowing the machine in the dns.. bind9 does not show anny sign of an update, nor logs the the name of the machine ?! (debug level log) dunno where to look for in the samba logs. but at log level 5 there where no problems reported with dns i did place the tkey-gssapi and tkey-domain options in the bind.conf and also made the keytab changes in the sysconfig dir. also made sure the appropriate files where owned by 'named' and where writable.. dunno, how to look for the problem, coz can't find anny errors in the logs... thx... Collen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba4 - dnsupdate
Hi, i kinda learning to setup the samba4 all thing good so far (with the nice help of the wiki's, howto's and logics) except for the dns update part. some how i can't get the dns update to work i use bind 9.7.2 in fc14. pinging the machine gives an error of not knowing the machine in the dns.. bind9 does not show anny sign of an update, nor logs the the name of the machine ?! (debug level log) dunno where to look for in the samba logs. but at log level 5 there where no problems reported with dns i did place the tkey-gssapi and tkey-domain options in the bind.conf and also made the keytab changes in the sysconfig dir. also made sure the appropriate files where owned by 'named' and where writable.. dunno, how to look for the problem, coz can't find anny errors in the logs... thx... Collen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Managing win7 machines..
thx, these 2 packages i did not know yet.. is samba 3.5.x (and upcoming 3.6.x) still the franky edition ?? what i actually mean is, can i use 3.5/3.6 for combining ad/dc and browse/print ?! or is that part not working ?! Cheers, Collen On 29-1-2011 3:39, Rob Townley wrote: FusionInventory.org OPSI.org On Fri, Jan 28, 2011 at 2:47 PM,t...@tms3.com wrote: Ok, i get it... so both options are horror... so basically i have to use samba4 for the policies and all. and use samba3 on a different machine for the network browsing and printing. must be do-able just 1 question, can i use samba3 for the masterbrowser/wins and make samba4 use that.. (as for as i know the network browse support isn't ready for samba4) Yes Cheers, and thanx.. Collen On 21-1-2011 8:48, Daniel Müller wrote: No ntconfig.pol anymore. You may use kixtart or other tools. Or Registry-files. But be aware Some registry-things can only be done by administrator and no one else. If you have the most win 7 clients It is better to switch over to samba4. You can then manage your group policies with Microsoft tools on the fly. With things that samba4 does not support at this moment use a samba 3 domain member. Good Luck Daniel -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Collen Blijenberg Gesendet: Freitag, 21. Januar 2011 08:35 An: samba@lists.samba.org Betreff: Re: [Samba] Managing win7 machines.. I did that, but that doesn't make win7 obey the ntconfig.pol (nt4 policies) as far as i know win7 can't handle these policies, so i think i need an other way to apply policies to win7. thx. Collen. On 20-1-2011 17:17, Wagg, Dave wrote: I don't know about version 3 but have you made the following changes to the Control Panel à Admin Tools à Local Security Policy à Local Policies à Security options Change the Network Security: LAN Manager authentication level to Send LM NTLM responses Remove 128 bit encryption on the following 2 items as well: Network security: Minimum session security for NTLM SSP based CLIENTS and Network security: Minimum session security for NTLM SSP based SERVERS -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Collen Blijenberg Sent: Thursday, January 20, 2011 10:42 AM To: samba@lists.samba.org Subject: [Samba] Managing win7 machines.. I'm curious how others manage their windows 7 machines on a samba 3.x.x domain .. especial the part of policies and scripts. i got the win7 running in the samba domain, but i'm stuck in the policies part.. and i don't want to use nitrobit for this. how do other users do this.. ?! thx, Collen -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Managing win7 machines..
Ok, i get it... so both options are horror... so basically i have to use samba4 for the policies and all. and use samba3 on a different machine for the network browsing and printing. must be do-able just 1 question, can i use samba3 for the masterbrowser/wins and make samba4 use that.. (as for as i know the network browse support isn't ready for samba4) Cheers, and thanx.. Collen On 21-1-2011 8:48, Daniel Müller wrote: No ntconfig.pol anymore. You may use kixtart or other tools. Or Registry-files. But be aware Some registry-things can only be done by administrator and no one else. If you have the most win 7 clients It is better to switch over to samba4. You can then manage your group policies with Microsoft tools on the fly. With things that samba4 does not support at this moment use a samba 3 domain member. Good Luck Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Collen Blijenberg Gesendet: Freitag, 21. Januar 2011 08:35 An: samba@lists.samba.org Betreff: Re: [Samba] Managing win7 machines.. I did that, but that doesn't make win7 obey the ntconfig.pol (nt4 policies) as far as i know win7 can't handle these policies, so i think i need an other way to apply policies to win7. thx. Collen. On 20-1-2011 17:17, Wagg, Dave wrote: I don't know about version 3 but have you made the following changes to the Control Panel à Admin Tools à Local Security Policy à Local Policies à Security options Change the Network Security: LAN Manager authentication level to Send LM NTLM responses Remove 128 bit encryption on the following 2 items as well: Network security: Minimum session security for NTLM SSP based CLIENTS and Network security: Minimum session security for NTLM SSP based SERVERS -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Collen Blijenberg Sent: Thursday, January 20, 2011 10:42 AM To: samba@lists.samba.org Subject: [Samba] Managing win7 machines.. I'm curious how others manage their windows 7 machines on a samba 3.x.x domain .. especial the part of policies and scripts. i got the win7 running in the samba domain, but i'm stuck in the policies part.. and i don't want to use nitrobit for this. how do other users do this.. ?! thx, Collen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Managing win7 machines..
I'm curious how others manage their windows 7 machines on a samba 3.x.x domain .. especial the part of policies and scripts. i got the win7 running in the samba domain, but i'm stuck in the policies part.. and i don't want to use nitrobit for this. how do other users do this.. ?! thx, Collen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Managing win7 machines..
I did that, but that doesn't make win7 obey the ntconfig.pol (nt4 policies) as far as i know win7 can't handle these policies, so i think i need an other way to apply policies to win7. thx. Collen. On 20-1-2011 17:17, Wagg, Dave wrote: I don't know about version 3 but have you made the following changes to the Control Panel à Admin Tools à Local Security Policy à Local Policies à Security options Change the Network Security: LAN Manager authentication level to Send LM NTLM responses Remove 128 bit encryption on the following 2 items as well: Network security: Minimum session security for NTLM SSP based CLIENTS and Network security: Minimum session security for NTLM SSP based SERVERS -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Collen Blijenberg Sent: Thursday, January 20, 2011 10:42 AM To: samba@lists.samba.org Subject: [Samba] Managing win7 machines.. I'm curious how others manage their windows 7 machines on a samba 3.x.x domain .. especial the part of policies and scripts. i got the win7 running in the samba domain, but i'm stuck in the policies part.. and i don't want to use nitrobit for this. how do other users do this.. ?! thx, Collen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] backend migration and Samba upgrade.
Hi, as far as i know the RID's are not implemented in the sql backend. that's why it spits out these rid errors... i'm sorry, but i lack the time to continue with the sql backend... i'm not sure if your setup is going to work... but why not keep them both.. do the upgrade, and leave the old 3.0 arround. test it all, and if not work, take the old 3.0 and fiddle more until it works... ?! btw, need to do the same here in a while, keep me posted on your tracks.. Collen. On 5-5-2010 15:37, Bastien Semene wrote: Short background : Due to Windows Seven deplaoyment we have to upgrade Samba 3.0 to Samba 3.4 (actually less version but I see no reason not to go directly to 3.4). And due to SQL backend support aborted we have to switch from SQL backend to LDAP backend. What I have in mind to do this migration is the following : -install samba 34/OpenLDAP (I also change the machine in the meantime) -configure Samba 34 to use the ldap backend, the smb.conf will be rewriten from scratch. - sync the sid with net getlocalsid and netsetlocalsid. -pdbedit -e to export users and pdbedit -eg to export groups (on the old server). -pdbedit -i and pdbedit -ig on the new server. -tests. I'm far to be an expert in Samba, so advices on this procedure are very welcome. While checking that everything should be ok, I did a pdbedit -L and many lines (less than 1000) like this one appeared : lookup_global_sam_rid: looking up RID 513. Executing query SELECT nt_logon_time,nt_logoff_time,nt_kickoff_time,nt_pass_last_set_time,nt_pass_can_change_time,nt_pass_must_change_time,username,nt_domain,nt_username,gecos,nt_homedir,nt_dir_drive,nt_logon Can't find a unix id for an unmapped group No user SID retrieved from database! There are 3 RIDs concerned : 513, 11001, 515. Can I correct this error before migrating ? Is it mandatory/interesting to correct this error ? -- snip -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4 + openldap: provisioning isnt working
Hi all, I'm experiencing the same problems as this post. the problem is with the slapd.d config files, samba suppose to generate. they aren't there.. and that's why the ldapi won't start up. and that's why the provision fails... i did find a slapd.conf file at the same location, but running slaptest to convert it failed... (overlay deref not found) any tips or suggestions how to proceed ?! Greetz, collen Wiki seems to be out of date here. The wiki reference's [1] [2] a setup/provision-backend script, as well as a setup/provision script, yet current git only has a setup/provision executable. Some #samba and #openldap IRC advice was that provision-backend wasnt needed anymore, but based off the errors i'm seeing, there's definitely _something_ missing, I just dont know if that something ( /usr/local/samba4/private/ldap/slapd.d/ files ) ought to be provided by the missing setup/provision-backend. [1] http://wiki.samba.org/index.php/Samba4/LDAP_Backend/OpenLDAP [2] http://wiki.samba.org/index.php/Samba4/HOWTO/Ubuntu_Server_9.04 Following IRC advice, I attempted to just use the setup/provision script. It didnt work. I added a [running] print to provisionbackend.py, to see what it was running, so I could attempt to run slapd as it was running it, with debugging enabled. Heres the result: rekt...@deneb:~/archives/samba/source4$ setup/provision --realm=ELDERGODS.COM --ldap-backend-type=openldap --server-role=dc --domain=ELDERGODS --slapd-path='/usr/sbin/slapd' [running] '/usr/sbin/slapd' '-F/usr/local/samba4/private/ldap/slapd.d' '-h' 'ldapi://%2Fusr%2Flocal%2Fsamba4%2Fprivate%2Fldap%2Fldapi' Failed to bind - LDAP client internal error: NT_STATUS_UNEXPECTED_NETWORK_ERROR Failed to connect to 'ldapi://%2Fusr%2Flocal%2Fsamba4%2Fprivate%2Fldap%2Fldapi' Traceback (most recent call last): File setup/provision, line 213, in module nosync=opts.nosync,ldap_dryrun_mode=opts.ldap_dryrun_mode) File bin/python/samba/provision.py, line 1257, in provision provision_backend.start() File bin/python/samba/provisionbackend.py, line 252, in start raise ProvisioningError(slapd died before we could make a connection to it) -- snip connections_destroy: nothing to destroy. The /usr/local/samba4/private/ldap/slapd.d/ directory is completely empty. I'm not sure what is supposed to populate this, but as can be seen from the above debug logs, the slapd kicked off by setup/provision is definitely expecting there to be contents. This could very well be a result of the missing-in-action setup/provision-backend script. I'll be happy to do some wiki updating if I can get this issue resolved: the OpenLDAP wiki entry's last major work was the Ides of June 2008. Regards, rektide -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] provision-backend gone ?!
Hi, just a simple question, in most documents in the samba4 wiki there is a step to provision the backend... (setup/provision-backend) but i can't find it in the latest (11) alpha... so what's the idea now, skip this step ?? and go straight in the normal provision ? or, how else do i provision the openldap server. thx, Collen... -- love testing.. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] LDAP Account Manager 2.9.0 released
Wondering when samba 4 support will available in LAM ... On 16-12-2009 21:13, Roland Gruber wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 LDAP Account Manager (LAM) 2.9.0 - December 16th, 2009 == LAM is a web frontend for managing accounts stored in an LDAP directory. Announcement: - - LAM now supports managing Asterisk accounts and extensions. All documentation was moved to the new LAM manual. LAM Pro supports nisObject entries and custom scripts for the self service. This release also fixes some bugs. Full changelog: http://www.ldap-account-manager.org/lamcms/changelog Features: - - * management of various account types * Unix * Samba 3 * Kolab 2 * Asterisk * phpGroupwWare * DHCP * SSH keys * profiles for account creation * account creation via file upload * automatic creation/deletion of home directories * setting quotas * PDF output for all accounts * editor for organizational units * schema browser * tree view * multiple configuration files * multi-language support: Catalan, Chinese (Traditional + Simplified), Czech, Dutch, English, French, German, Hungarian, Italian, Japanese, Polish, Portuguese, Russian and Spanish * support for LDAP+SSL/TLS Availability: - - This software is available under the GNU General Public License V2.0. You can get the newest version at http://www.ldap-account-manager.org. File formats: DEB, RPM, tar.gz There is also a FreeBSD port. Debian users may use the packages in unstable. Demo installation: - -- You can try our demo installation online. http://www.ldap-account-manager.org/lamcms/liveDemo Support: - If you find a bug please file a bug report. For questions or implementing new features please use the mailinglist and feature request tracker at our homepage http://www.ldap-account-manager.org. Authors Copyright: - Copyright (C) 2003 - 2009: Michael Duergnermich...@duergner.com Roland Gruberp...@rolandgruber.de Tilo Lutztilol...@gmx.de LAM is published under the GNU General Public License. The complete list of licenses can be found in the copyright file. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkspP1kACgkQq/ywNCsrGZ5RnACbBhHW5KvZanVqw6arz2Enkqpy Kk0AnRECE3Oara+cvQPHdKDBQPsvhLbo =7AUR -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4 newuser probs
Ok, we've figured it out... if i only start the slapd-samba4 from the fedora-ds it wil work. but then the 389-console wil not function anymore. kind of odd, if you ask me, to install fedora-ds and not using the console to administer the directory... anny tips or tricks on how to get the console running with the samba4 ?? or how to inter grade samba4-scheme with the standard 389 and console ?? Cheers... Collen On 11-12-2009 10:49, col...@hermanjordan.nl wrote: Hi we're busy discovering samba4 at the moment. we've installed fedora-ds as ldap backend. all install's configs and provisioning went well.. (no strange errors orso) after fireing it all up we tried to add a user and this is what we got back: - Traceback (most recent call last): File ./newuser, line 69, inmodule samdb.newuser(username, opts.unixname, password, force_password_change_at_next_login_req=opts.must_change_at_next_login) File /usr/local/samba/lib/python2.6/site-packages/samba/samdb.py, line 129, in newuser objectClass: user}) _ldb.LdbError: (32, 'objectclass: Cannot add CN=test,CN=Users,DC=jordan,DC=net, parent does not exist!') -- i can see that there is a prob with the CN=Users, but what's the idea. i thought the provisioning did all the schema's and setup the ldap backend in the 389-console, there is no samba thing what so ever. but if i start the dirsrv samba4 is also started.. anny clue here.. Thx C. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4 + openldap: provisioning isnt working
try a 'ps -A | grep slap' to see if your ldap server is up and running... rektide wrote: Wiki seems to be out of date here. The wiki reference's [1] [2] a setup/provision-backend script, as well as a setup/provision script, yet current git only has a setup/provision executable. Some #samba and #openldap IRC advice was that provision-backend wasnt needed anymore, but based off the errors i'm seeing, there's definitely _something_ missing, I just dont know if that something ( /usr/local/samba4/private/ldap/slapd.d/ files ) ought to be provided by the missing setup/provision-backend. [1] http://wiki.samba.org/index.php/Samba4/LDAP_Backend/OpenLDAP [2] http://wiki.samba.org/index.php/Samba4/HOWTO/Ubuntu_Server_9.04 Following IRC advice, I attempted to just use the setup/provision script. It didnt work. I added a [running] print to provisionbackend.py, to see what it was running, so I could attempt to run slapd as it was running it, with debugging enabled. Heres the result: rekt...@deneb:~/archives/samba/source4$ setup/provision --realm=ELDERGODS.COM --ldap-backend-type=openldap --server-role=dc --domain=ELDERGODS --slapd-path='/usr/sbin/slapd' [running] '/usr/sbin/slapd' '-F/usr/local/samba4/private/ldap/slapd.d' '-h' 'ldapi://%2Fusr%2Flocal%2Fsamba4%2Fprivate%2Fldap%2Fldapi' Failed to bind - LDAP client internal error: NT_STATUS_UNEXPECTED_NETWORK_ERROR Failed to connect to 'ldapi://%2Fusr%2Flocal%2Fsamba4%2Fprivate%2Fldap%2Fldapi' Traceback (most recent call last): File setup/provision, line 213, in module nosync=opts.nosync,ldap_dryrun_mode=opts.ldap_dryrun_mode) File bin/python/samba/provision.py, line 1257, in provision provision_backend.start() File bin/python/samba/provisionbackend.py, line 252, in start raise ProvisioningError(slapd died before we could make a connection to it) -- snip connections_destroy: nothing to destroy. The /usr/local/samba4/private/ldap/slapd.d/ directory is completely empty. I'm not sure what is supposed to populate this, but as can be seen from the above debug logs, the slapd kicked off by setup/provision is definitely expecting there to be contents. This could very well be a result of the missing-in-action setup/provision-backend script. I'll be happy to do some wiki updating if I can get this issue resolved: the OpenLDAP wiki entry's last major work was the Ides of June 2008. Regards, rektide -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] fedora-ds and smb4 (a9)
Found it, at the ftp site of samba, kind of odd, that it's not part of the source, since it's asking for it... never the less, testing continues... Cheers, and thx... Collen Michael Wood wrote: 2009/12/4 Weiss, Benjamin benjamin.we...@osbi.ok.gov: I've got an (almost) working Samba4 installation (can't get replication working), and did a locate samba.schema. No dice... I haven't downloaded the source tarball, but it's in the git repository: $ ls -1 examples/LDAP/* examples/LDAP/convertSambaAccount examples/LDAP/get_next_oid examples/LDAP/ol-schema-migrate.pl examples/LDAP/README examples/LDAP/samba-nds.schema examples/LDAP/samba.schema examples/LDAP/samba.schema.at.IBM-DS examples/LDAP/samba-schema-FDS.ldif examples/LDAP/samba-schema.IBMSecureWay examples/LDAP/samba-schema-netscapeds4.x examples/LDAP/samba-schema-netscapeds5.x examples/LDAP/samba.schema.oc.IBM-DS -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] question on 3.4.0..
Hi... is the 3.4.0 version, the merge build an AD server ?? (can i use it as AD domain replacement) or is that still only with samba 4 ?? if so, do the admin utils from 2003 server work with 3.4.0 ?? the franky doc doesn't make it clear to me.. thx, good work guy's!! Collen. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] SAMBA+PDC+Mysql authentication Backend
Hi Pablo,
First i like to mention that the sql backend might not be the smartest
choice of backends.
in your debug you attached you'll see an mysql error:
[2009/06/12 15:53:01, 0] pdb_mysql.c:mysqlsam_replace_sam_account(415)
Error executing UPDATE user SET WHERE user_sid =
'S-1-5-21-2398918909-2979869015-1347180298-1234', You have an error in your SQL
syntax; check the manual that corresponds to your MySQL server version for the
right syntax to use near 'WHERE user_sid =
'S-1-5-21-2398918909-2979869015-1347180298-1234'' at line 1
that is because the query isn't right ('update user set where', it
should be 'update user set where user_sid')
try commenting out all the mysql things (in your smb.conf) except the:
- Backend
- host
- user
- pass
and - database.
the rest is pre defined in the backend it's self..
but like i said, the sql backend lacks some good things and you might
be better off with ldap or the pdb backend.
also the sql backend only works with 3.0.x and 3.2.x
the project needs new developers to bring it to a higher plan...
good luck with it... Greets. Collen
ps. i think you might post sql related stuff in pdbsql mailing list,
rather then the samba list...
Pablo Camera wrote:
I ne w in samba world but i was configured a Samba with shares folder linkable
to users and it was successfull.
Now i try to extend to PDC but the client can't logon into the server:
the log.smbd could this
[2009/06/12 15:51:21, 0] smbd/server.c:main(1209)
smbd version 3.2.3 started.
Copyright Andrew Tridgell and the Samba Team 1992-2008
[2009/06/12 15:51:21, 1] pdb_mysql.c:mysqlsam_init(607)
Connecting to database server, host: localhost, user: samba, database:
samba_auth, port: 3306
[2009/06/12 15:52:58, 0] rpc_server/srv_netlog_nt.c:get_md4pw(331)
get_md4pw: Workstation MULTI$: BDC secure channel requested but not a server
trust account
[2009/06/12 15:52:58, 0]
rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(502)
_netr_ServerAuthenticate2: failed to get machine password for account MULTI$:
NT_STATUS_NO_TRUST_SAM_ACCOUNT
[2009/06/12 15:52:58, 0] rpc_server/srv_netlog_nt.c:get_md4pw(331)
get_md4pw: Workstation MULTI$: BDC secure channel requested but not a server
trust account
[2009/06/12 15:52:58, 0]
rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(502)
_netr_ServerAuthenticate2: failed to get machine password for account MULTI$:
NT_STATUS_NO_TRUST_SAM_ACCOUNT
[2009/06/12 15:53:01, 0] pdb_mysql.c:mysqlsam_replace_sam_account(415)
Error executing UPDATE user SET WHERE user_sid =
'S-1-5-21-2398918909-2979869015-1347180298-1234', You have an error in your SQL
syntax; check the manual that corresponds to your MySQL server version for the
right syntax to use near 'WHERE user_sid =
'S-1-5-21-2398918909-2979869015-1347180298-1234'' at line 1
My smb.conf is this.
[global]
workgroup = MULTI
netbios name = MULTI
security = user
#Modificaciones para hacer de samba un PDC
os level = 64
preferred master = yes
domain master = yes
local master = yes
domain logons = yes
logon path = \\%N\%u
logon drive = H:
logon home = \\multi\%u\perfil
logon script = %u.bdat
add user script = /usr/local/samba/bin/./pdbedit -a %u
#add user to group script = /usr/sbin/groupmod -m %u %g
add machine script = /usr/local/samba/bin/./pdbedit -am %m
delete user script = /usr/local/samba/bin/./pdbedit -x %u
#delete group script = /usr/sbin/groupdel %g
#delete user from group script = /usr/sbin/groupmod -x %u %g
#set primary group script = /usr/sbin/usermod -g %g %u
passwd program = /usr/local/samba/bin/./pdbedit -am %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*all*authentication*tokens*updated*
idmap uid = 1-15000
idmap gid = 1-15000
#Para enviar password
#lanman auth = Yes
#ntlm auth = No
#lm announce = Yes
#client lanman auth = Yes
#Fin de password
#Fin de Modificaciones para PDC
#Mapeo de usuarios
username map = /usr/local/samba/lib/smbusers
#Fin de Mapeo de usuarios
obey pam restrictions = Yes
#Ultimo cambio de yes a no
encrypt passwords = yes
#fin cambio
update encrypted = no
#client lanman auth = yes
#client plaintext auth = yes
#Para Autenticar usuarios
passdb backend = mysql:mysql
mysql:mysql host = localhost
mysql:mysql user = samba
mysql:mysql password =
mysql:mysql database = samba_auth
mysql:fullname column= nt_fullname:
mysql:domain column = 'multi':
mysql:lanman pass column = NULL:
mysql:nt pass column = NULL:
mysql:plain pass column = plain_pw:
mysql:unknown_3 column = NULL
mysql:sid column = user_sid
mysql:nt username column = nt_username
#mysql:nt pass
smb passwd file = /etc/samba/private/smbpasswd
#Fin de Autenticacion de Usuarios
#Para PDC
[netlogon]
path = /home/netlogon
read only = yes
write list = ntadmin
[profiles]
path = /usr/local/samba/ntprofile
writeable = yes
create mask = 0600
directory mask = 0700
#Fin PDC
[homes]
comment = Home
[Samba] libnss_wins and arp ?!
Hi, I've installed the libnss_wins.so and all seems okay. i can ping, trace, getent with hostnames. so all looks ok, but if i do 'arp' i get ip's again ?! except for the hostsnames in the /etc/host file.. so question, can i make arp use the nss_wins module to resolve the hostname?? Thx, Collen ps, i do not run winbind, coz it's the pdc server -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ntlm hashes..
Hello, How can i make an lm/ntlm hash from a plain text password ?? i need a way to generate a ntlm password to put into an external database. we make the users and there passwords on a machine that is not direct connected to the samba domain. we can export the database, so the only prob i have left is, how to get the samba passwords (lm/nt) in the database. Thx. Collen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ntlm hashes..
Thx, found both packages. and they fit my needs... (-: Greets, Collen Peter Rindfuss wrote: On 03.04.2009 10:29, Collen Blijenberg wrote: Hello, How can i make an lm/ntlm hash from a plain text password ?? i need a way to generate a ntlm password to put into an external database. we make the users and there passwords on a machine that is not direct connected to the samba domain. we can export the database, so the only prob i have left is, how to get the samba passwords (lm/nt) in the database. You could use perl and the Crypt::SMBHash module. Peter Rindfuss -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] must change pwd
Hi, i noticed that pdbedit -u user --pwd-must-change-time=0 doesn't work anymore with samba 3.2.4 did the syntax changed?? Cheers, Collen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ACL
Did you also setup ACL in your fstab ?? the mounted partition needs acl to make samba use it. Cheers, Collen Clinton Mills wrote: Hi samba group, I'm trying to get samba to act like Windows in the Security tab (to be able to add, remove, and modify ACLs on certain files/folders). We are running Centos 5.2 (2.6.18-92.1.22.el5) with XFS installed for the /share partition. I currently have these versions of samba installed: samba-3.0.28-1.el5_2.1 samba-common-3.0.28-1.el5_2.1 I am pretty sure the ACL is all setup and working correctly. I can maintain ACL from Linux and I can even see them in the security tab for windows. I can also remove users from the security tab in Windows. These are the things I need help with . When I try and add a user it ask me for a username and password. I cannot get this to accept my password. . When I first load up the security tab it shows a long number S-1-5-21-... This screen takes a while to change these numbers to names. Is there a way to speed this up? . Is there a way to restrict people from adding them self to files/folder they do not have access to? I have looked all over and cannot find clear instructions on how to set ACL up in a user environment. If you could point me to one of these documents that would be very helpful. We currently have Samba setup to work without a domain. I have read on other websites that this is not a good idea: One problem with Samba ACL support is that listing users to use for access control entries (ACEs) within ACLs can be troublesome. Specifically, if you're using Samba in a standalone mode (i.e., configured with user security mode), Windows 2000 and Windows XP users might not be able to consistently list Samba users when configuring an ACL. We really don't have the option of doing a PDC. Is this a bad idea to try and get this to work without using PDC? smbd -b | grep ACL HAVE_SYS_ACL_H HAVE_ACL_LIBACL_H HAVE_POSIX_ACLS smb.conf [global] passdb backend = tdbsam add user script = /usr/sbin/useradd -m %u delete user script = /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupdel %g add user to group script = /usr/sbin/groupmod -A %u %g delete user from group script = /usr/sbin/groupmod -R %u %g add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody %u security = user encrypt passwords = yes preferred master = Yes domain master = Yes domain logons = Yes debuglevel = 3 workgroup = Workgroup workgroup = temp netbios name = hitsnap bind interfaces only = True interfaces = eth1 lo max disk size = 99 ;some programs (like PS7) can't deal with more than 1TB allow hosts = 192.168.0.0/16 socket options = TCP_NODELAY server string = Hitsnap smb ports = 139 syslog = 0 log level = 2 log file = /var/log/samba/log.%m vfs objects = recycle client ntlmv2 auth = yes ;recycle:repository = .recycle ;recycle:keeptree = Yes ;recycle:versions = Yes ;recycle:touch = Yes [netlogon] path = /var/lib/samba/netlogon read only = yes [homes] read only = no browseable = no [share1] ;minauth=none path = /share/hdrive/share1 read only = no browseable = yes writable = yes admin users = admin1 valid users = admin1 public = no create mask = 0777 directory mask = 0777 nt acl support = yes acl map full control = yes dont descend = .recycle Thanks Clinton Mills -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Inotify - too many open files
Hi hello, i get errors in my samba log from inotify. (Failed to init Inotify - too many open files ) i tried several things to increase my fd's (ulimit, sysctl) how can i get rid of this error ?!?! Thx, Collen. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbclient fails to resolve name
Hi, we' ve got some probs regarding the smbclient.. it's odd, coz all seems te be working ok, except the smbclients. we use samba 3.2.4, here is a debug level 10 nmblook up is working, also it's a pdc and seems to function normal ?! i did add wins with the nsswitch, and can ping the host. anny idea where to look for ?!?! Cheers, Collen [EMAIL PROTECTED] var]# echo huh | smbclient -M ODIN -d10 Initialising global parameters params.c:pm_process() - Processing configuration file /usr/local/samba/lib/smb.conf Processing section [global] doing parameter workgroup = JORDANET doing parameter server string = doing parameter netbios name = GREEN handle_netbios_name: set global_myname to: GREEN doing parameter netbios aliases = STATLER ATHENA THORTON doing parameter bind interfaces only = no doing parameter interfaces = 192.168.2.4 127.0.0.1/8 doing parameter socket options = TCP_NODELAY doing parameter name resolve order = wins bcast host doing parameter security = user doing parameter preferred master = yes doing parameter domain master = yes doing parameter domain logons = Yes doing parameter local master = yes doing parameter os level = 99 doing parameter map to guest = Never doing parameter wins support = yes doing parameter dns proxy = no - doing parameter include = /usr/local/samba/lib/smb_shares.conf params.c:pm_process() - Processing configuration file /usr/local/samba/lib/smb_shares.conf pm_process() returned Yes lp_servicenumber: couldn't find homes set_server_role: role = ROLE_DOMAIN_PDC -- added interface bond0 ip=192.168.2.4 bcast=192.168.3.255 netmask=255.255.254.0 interpret_interface: Adding interface 127.0.0.1/8 added interface 127.0.0.1/8 ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0 Netbios name list:- my_netbios_names[0]=GREEN my_netbios_names[1]=STATLER my_netbios_names[2]=ATHENA my_netbios_names[3]=THORTON Client started (version 3.2.4). Opening cache file at /usr/local/samba/var/locks/gencache.tdb Cache entry with key = AD_SITENAME/DOMAIN/ couldn't be found sitename_fetch: No stored sitename for internal_resolve_name: looking up ODIN#3 (sitename (null)) Cache entry with key = NBT/ODIN#03 couldn't be found no entry for ODIN#03 found. resolve_wins: Attempting wins lookup for name ODIN0x3 Cache entry with key = WINS_SRV_DEAD/127.0.0.1,0.0.0.0 couldn't be found wins_srv_is_dead: 127.0.0.1 is alive resolve_wins: using WINS server 127.0.0.1 and tag '*' bind succeeded on port 0 Sending a packet of len 50 to (127.0.0.1) on port 137 read_udp_v4_socket: ip 127.0.0.1 port 35072 read: 56 parse_nmb: packet id = 18870 Received a packet of len 56 from (127.0.0.1) port 137 nmb packet from 127.0.0.1(137) header: id=18870 opcode=Query(0) response=Yes header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes header: rcode=3 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=ODIN03 rr_type=10 rr_class=1 ttl=0 Negative name query response, rcode 0x03: The name requested does not exist. name_resolve_bcast: Attempting broadcast lookup for name ODIN0x3 bind succeeded on port 0 socket option SO_KEEPALIVE = 0 socket option SO_REUSEADDR = 1 socket option SO_BROADCAST = 1 Could not test socket option TCP_NODELAY. Could not test socket option TCP_KEEPCNT. Could not test socket option TCP_KEEPIDLE. Could not test socket option TCP_KEEPINTVL. socket option IPTOS_LOWDELAY = 0 socket option IPTOS_THROUGHPUT = 0 socket option SO_SNDBUF = 111616 socket option SO_RCVBUF = 111616 socket option SO_SNDLOWAT = 1 socket option SO_RCVLOWAT = 1 socket option SO_SNDTIMEO = 0 socket option SO_RCVTIMEO = 0 Sending a packet of len 50 to (192.168.3.255) on port 137 Sending a packet of len 50 to (192.168.3.255) on port 137 Sending a packet of len 50 to (192.168.3.255) on port 137 Sending a packet of len 50 to (127.255.255.255) on port 137 Sending a packet of len 50 to (127.255.255.255) on port 137 Sending a packet of len 50 to (127.255.255.255) on port 137 resolve_hosts: not appropriate for name type 0x3 lang_tdb_init: /usr/local/samba/lib/en_US.UTF-8.msg: No such file or directory Connection to ODIN failed. Error NT_STATUS_BAD_NETWORK_NAME [EMAIL PROTECTED] var]# -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] odd ip behavior
Hello, this might be a quick fix, but can't find it... sinse some time, samba users ip nrs like :::192.168.2.99 but i'm used to normal ip4 we made some changes in smb.conf (dunno witch) and ever sinse we've got those ::: (smbstatus shows it, aswell the samba.log's) how can i get my good old ipv4 back (witch smb.conf parameter) Thx ... Collen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3.2.4 WINs problem
Hi, Same here. nmblookup doesn't resolve the names. also with smbclient. just migrated the server from 3.0.23d to 3.2.4 (the old was working ok..) thx, Collen plug bert wrote: Hello All, i have a PDC running on subnet 192.168.100.x, and i have set wins support = yes. i have another subnet 192.168.101.x where all my client windows 2k/XP/2003/samba clients reside. For some reason the WINs server doesn't update its entries whenever a client changes IP address -- it still serves up the previous ip address mapping. This only seems to be a problem with samba-based clients; i've tried changing ip addresses on windows clients, and the WINs seems to detect the ip address changes immediately. For example, when i change the ip address for samba server serverA, from 192.168.101.1 to 192.168.101.2, an 'nmbloookup -R -U PDC serverA' returns 192.168.101.1, but an 'nmblookup serverA' returns 192.168.101.2. Upon suggestion from previous posts, the workaround now is to manually edit wins.dat on the WINS/PDC. While it does work well enough, i'm concerned that this may become a very big problem once i deploy this -- we have around 300 servers/VMs as of writing. Any advice? tia -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems configuring samba with pam_mysql auth - NT_STATUS_NO_SUCH_USER / NT_STATUS_LOGON_FAILURE
Hi, did you setup nss ??? since pam is for auth only, you still need the usernames.. (and there for nsswitch) or add them in /etc/passwd. (but then you can skip pam aawel ..) Cheers, Collen btw there are 2 mysql-nsswitch prodjects.. so you can use the auth data base for it as well.. René KIRSCHNER wrote: Hello everyone, First of all...sorry for this monster post, but I have tried to insert every potentially useful information. :) The last days I vainly tried to implement a samba server with MySQL authentication on one of our servers (Debian 2.6.27.5). The server shall provide fileshare services to some Mac clients (OS 10.4.11). Mail is already running with pam_mysql auth against the mail user database, so we wanted to use it synchronously for samba auth. I just copied the settings from /etc/pam.d/smtp to /etc/pam.d/samba (I additionally enabled sqllog and verbose mode for debugging). When trying to connected with smbclient directly on the server, I receive the following error message: NT_STATUS_LOGON_FAILURE -- [2008/11/25 16:03:40, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/11/25 16:03:40, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/11/25 16:03:40, 2] auth/auth.c:check_ntlm_password(318) check_ntlm_password: Authentication for user [admin] - [admin] FAILED with error NT_STATUS_NO_SUCH_USER [2008/11/25 16:03:40, 3] smbd/error.c:error_packet_set(61) error packet at smbd/sesssetup.c(1725) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE [2008/11/25 16:03:40, 3] smbd/process.c:smbd_process(2035) receive_message_or_smb failed: NT_STATUS_END_OF_FILE, exiting [2008/11/25 16:03:40, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/11/25 16:03:40, 3] smbd/connection.c:yield_connection(31) Yielding connection to [2008/11/25 16:03:40, 3] smbd/server.c:exit_server_common(949) Server exit (normal exit) I tried almost every possible configuration, useless. Maybe I have missed something. Thanks in advance, Rene -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Integrating Samba into a Database and configured for OpenVPN
checkout: http://sourceforge.net/projects/pdbsql/ there is a passwd backend for mysql and pgsql. you can combine it with nss-mysql and pam-mysql. the pdbsql is for samba 3.0.x and 3.2.x !! have fun.. Cheers, Collen Jesse Stone wrote: Thanks for the quick response. Without going into a huge discussion over my plans (I've written up a several page phased plan for configuring Ubuntu to my liking), I looked into LDAP and was afraid it wouldn't offer the flexibility I wanted. Basically, I want to intergrate two seperate environments to use MySQL for authenication (for everything: shell access, SSH, Samba, OpenVPN ect), performancing logging, and user activity logging. I then plan on using Python to migrade the data from both MySQL instances (1 in app server, 1 in DMZ) to MS SQL 2008 so that I can create a website (using C#) that displays all aspects of my envionment(s) in 1 page. I understand a lot of this may be done but the key is for me to learn new technologies. My work is pro-Microsoft and my passion/hobby is Linux so I'm attempting to combine the two. I plan on needing to learn Python for extensive scripting to make all this work. My problem, is I haven't found that anyone has done this before and I don't know where to begin. OpenVPN adds a second problem since I want it to be completely segregrated from the rest of my network yet be able to reach certain shares that will be on my local network. Instead of sharing on specific machines (or even having their names visible), I want all shares to be done via Samba and then setup Samba so that it's the only visible object for OpenVPN users. I guess the main thing, I don't know (but I have a good guess) that my approach isn't the best way to go about things but I'm using this has a project to learn several new technologies (and have fun). I hope that helps. -Jesse On Sun, Aug 31, 2008 at 1:47 PM, John Drescher [EMAIL PROTECTED] wrote: On Sun, Aug 31, 2008 at 4:47 PM, John Drescher [EMAIL PROTECTED] wrote: On Sun, Aug 31, 2008 at 4:23 PM, Jesse Stone [EMAIL PROTECTED] wrote: Hi All, This is my first post and I am relatively new with Linux. I am attempting to do three things and I'm hoping for advice: 1) Intergrate Samba fully with MySQL (unless another database would be considered better for this task). One of the things I've always had trouble with Linux is that everything is seperate. I understand that provides flexibility but I would like to configure my system (Ubuntu 8.04) so that everything is intragrated into 1 single database. This includes SSH, Shell Access, VPN, VNC, ect. 2) I have configured an OpenVPN server that I would like to provide shares to via Samba. The problems I'm running into is A) The OpenVPN is configured to be on a seperate subnet than the rest of my network. I want to configure Samba (and only Samba, not the rest of the machines in my network) to appear under Network Neighborhood to provide share access. The main thing is that I do not want VPN users to see any of my machines that sit outside the VPN even if (through Samba) they obtain data from them. 3) I've been researching setting Samba as a domain controller for my Windows machines (and other Linux machines?). I would like this to be used for the VPN as well. Instead of me required to create actual users on my system and then disabling SSH access. I would like to be able to add users via MySQL and indicate that they are VPN users and should have limited access. For me, this is a learning process and I do not expect detailed instructions in how to acomplish this. I would just like guidance (web sites would be great) that would help me acomplish this goal. What I do NOT want to do is have to setup two seperate instances of Samba, 1 for the VPN and 1 for the rest of the network. Why do you need MySQL to do this when LDAP does all of this without much effort? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] gpl v2v3 and plugins/backends
Hi all, I'm having some doubts with the following, so that's why i ask it to you all. currently we are maintaining the pdbsql project for samba (sql password backend) witch is license under gplv2. now that samba 3.2.x is license under gplv3, the question arose, can we keep the pdbsql backend under gplv2 ?? and actually the question goes for all plugins and backends. Cheers, Collen. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Policies on Windows Cliente XP
Ehh, do you mean that i can use the gpo from win 2000 sp4 to manage my policies ?!?!?!? i thought only policy editor from nt4 worked with samba pdc/bdc ?! Cheers, Collen group policies work fine in XP. you'll need the windows 2000 server policy account manager. i'll have to look up the exact name of it, but you can get it from extracting 2000 SP4. Tales Macedo wrote: Good Morning, Friends. Excuse my English, I live in Brazil, Rondônia State, Amazon. Recently, installed a SAMBA PDC server, and thats this work ok. The problem with this as we implement the policies (reg) of the Windows client, without users having to be in the group administrator in the Windows client. Query the How-To, but could not find the solution. Regards. Macêdo, Tales Pemaza S/A -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] net user error
Hi, just wondering if it's me. but if i do a 'net user' in samba 3.2.0 i get: --- [2008/07/16 22:35:13, 0] libsmb/clientgen.c:cli_receive_smb(160) Receiving SMB: Server stopped responding Could not connect to server 127.0.0.1 Connection failed: NT_STATUS_IO_TIMEOUT [EMAIL PROTECTED] samba]# --- is this a bug or not ?!? Cheers, Collen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] do i need posix users/groups in ldap
So correct me if i'm wrong, in order to use the ldap backend, you need to insert the posix users in ldap as well ?? there is no way to get it work, with the normal basic setup (passwd shadow group ect. files) that's odd ?! Collen. Adam Williams wrote: you'll need to put your posix users in ldap, because samba will add the sambaSamAccount values to them in ldap. Collen Blijenberg wrote: Hi all, i'm a bit confused, can i setup samba (3.0.30) with LDAP backend, and have the posix/local linux users and groups reside in the /etc/groups /etc/shadow ect. ect (the standard linux files) ??? or do i have to put them in ldap also ?? (is there a choice?) Greets, Collen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] do i need posix users/groups in ldap
Hi all, i'm a bit confused, can i setup samba (3.0.30) with LDAP backend, and have the posix/local linux users and groups reside in the /etc/groups /etc/shadow ect. ect (the standard linux files) ??? or do i have to put them in ldap also ?? (is there a choice?) Greets, Collen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] compile 3.0.28a probs.
Hi all, i have some odd errors i never had before, when compiling samba 3.0.28a first i had an error in oplock_linux.c :37 error: conflicting types for capget /usr/include/sys/capability.h:111 previous declaration of capget was here :39 error: conflicting types for capset /usr/include/sys/capability.h:110 previous declaration of capset was here -- i removed the capset and capget from this linux file, and it continued compiling again. it was a quick and dirty fix. but still odd. (did i misted a library or so ?!?!?) after that the make command spit this at me: -- mount.cifs.c: in function 'main' mount.cifs.c: 1183 : error 'PATH_MAX' undeclared (first use in this function) -- dunno how to fix it, but what LIBS did i forget to install here. it's a fresh install on: Fedora core 9 kernel: 2.6.25.3-18 gcc - 4.3.0 Tips ?!?!?!? hints ?!?!? clue's ?!?!? Cheers, Collen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba ldap
What about the mysql/pgsql backend ??! ideal for the middle class. (if your intentions are running a pdc/bdc) Collen. Edmundo Valle Neto wrote: Charles Marcus escreveu: On 5/15/2008 3:40 AM, Esteban Torres Rodriguez wrote: I'm new here and I have a doubt... I'm work with windows 2003 server and now i would change to llnux. My doubt regards the share of my server: to authenticate my users what is better: samba tdb or ldap? For us is not necessary an active directory, domain, ecc... I need only a file server and I have arounud 400 users...Anyone have experience? Any suggestions? always ldap. Not necessarily... tdb is *very* fast and reliable, much simpler to set up and maintain, and if you don't *need* all the bells and whistles of ldap (high availability, SSO, etc), tdb is the better choice - at least in my opinion... Depends of what is needed, in my opinion if an user must have the same password in samba AND any other service, use LDAP. Regards. Edmundo Valle Neto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] OT: Vista NTConfig.POL
We've got the same problem here. NT4 policies are not working with vista. now we need to find a way to use policies that work with vista (and xp and w2k) since the GPMC needs a w2k3 style domain controller to store the Register.pol file (yep ntconfig.pol became register.pol) samba will not do that. (as pdc) dunno if you can fool windows by making a SYSVOL share with the apr. subdirs and store the policies there ?! in the mean while, you can either push the policies by making register files and let vista (xp) import them with the login script (as you mentioned your self!) but that is still a dirty way to do it. second, you could use the Nitrobit group policy package, but that one is not free !!! so still, we need a way to deploy new style policies (adm admx) with samba as the backend. any tips or suggestions on how and what would be welcome.. (sysvol howto or replacement software) Thx, Collen Michael Heydon wrote: This isn't technically a samba question, but I figure there will be other samba users out there in the same boat. I have just setup the first Vista box on our samba domain and I am having some trouble with policies (they don't get applied). I have had a look around and there is alot of talk about the adm-admx change, etc but I haven't seen anyone say that anything needs to change in NTConfig.POL. Infact, there has been relatively little mention of NTConfig at all. Does Vista still support NT4 style policies? If not, what have others done to work around this? I guess I could push out .reg files through login scripts but I believe that might trigger UAC, any other suggestions? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and Vista profile probs
Well i must say, it looks like the removal of the profile list works. ! but the mentioning of the nt4 policy's not working with vista was a big bummer... isn't there an otherway to make policy's work with vista ?? like adding the SYSVOL share orso ?? or using the policy editor of xp/vista in combination with samba. Thx, Collen ps for the maillist admin: i get a lot of duplicate mail's from the samba list. Jean-Jacques Moulis wrote: CB Hi all, I've got some problems with vista sp1 + samba 3.0.28a CB vista will not save the profiles nor load them. ! CB I'm all familiar with the .V2 thing. CB vista however does create the profilename.V2 directory, but does not CB populate it with the data CB Xp machines work like a charm however. CB profiles path's are: \\server\profiles\testuser CB so the problem with the .V2 part is not share related, coz they are a CB dir in a share. CB we do get logged in with a temp profile. so authentication works (little CB slow do...) CB do i need to alter the vista policy's or something ?? CB if i browse manually to the profile share, i will be able to create dirs CB and files define those keys on clients: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System] WaitForNetwork=dword: CompatibleRUPSecurity=dword:0001 If you remove %USERPROFILE% (C:\users\john) for an user this user will be subsequently logged in with a temporary profile unless HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\SID of user is also removed. Unfortunatly Vista doesn't obey Netlogon\NTConfig.pol. you have to apply policies with other methods. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba and Vista profile probs
Hi all, I've got some problems with vista sp1 + samba 3.0.28a vista will not save the profiles nor load them. ! I'm all familiar with the .V2 thing. vista however does create the profilename.V2 directory, but does not populate it with the data Xp machines work like a charm however. profiles path's are: \\server\profiles\testuser so the problem with the .V2 part is not share related, coz they are a dir in a share. we do get logged in with a temp profile. so authentication works (little slow do...) do i need to alter the vista policy's or something ?? if i browse manually to the profile share, i will be able to create dirs and files - smb.conf [profiles] path = /Jordanet/profiles guest ok = yes browseable = no nt acl support = yes csc policy = disable read only =no #create mode = 0600 #directory mode = 0700 #profile acls = yes #writable = yes #inherit permissions = no #inherit acls = no #nt acl support = no #map acl inherit = No -- Cheers, Collen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Mangle char prob's
Hello, I have some problems regarding the name mangling part especially the Dos filenames. I've got 2 Directory's in my office network install. 1 called 'Microsoft Office' and 1 called 'Microsoft Visual Studio' the Office dir is hidden true 'hide files' in the smb conf. if i go to the dir and do dir /x /a (in dos) i see 'MICROS~1' 2 times ??? it seems that the mangling does calculate the end char (~1) separate from hidden and none hidden files this gives me an error, coz the office wants to open files in dos mode, and guess what it can't find them coz he dives into the visual studio dir ! so if you have a dir with 1 hidden sub-dir and 1 normal sub-dir and the start of the names are the same, the dos filenames will be the same Cheers, Collen ps used samba 3.0.24 and FC8 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] question re multiple backends and the 'guest' backend
Multiple backends was removed, and is ever since part of the pdb-sql project at sourceforge so if you want more that 1 backend, install multi.so from pdb-sql... Cheers, Collen Jerome Alet wrote: On Thu, Apr 26, 2007 at 03:05:05PM +0100, J Xu wrote: I am exactly in the situation as Jerome described. I keep most of samba users in an ldap database while still maintain a few users locally. This gave me the flexibility that those users do not depend on ldap. Exactly what I wanted to do. Actually I'm on Debian Sarge and have all my Samba users defined locally. Since three years, every night, a batch script is run which extracts users that were added today to the central LDAP server of the University, with an LDAP filter based on a few criterias, and duplicate them on the local system (with a different password though). To these users who come indirectly (not at the samba level) from LDAP, in fact student accounts, I locally add accounts for people who come maybe 2 or 3 days a year (some professors) and that nobody wants to add to the central LDAP server (which needless to say is not managed by me). So these users are only defined locally. Now since last September the central LDAP server was modified to include the Samba schema and could (theorically, not tested by me yet) be used from my local Samba PDC directly to grab its user accounts. I was really happy to learn that, and planned both to upgrade my Sarge system to Etch, and use that central LDAP server to not have to duplicate accounts every day, all before next September. But I can't do it, since I still need my 2/3 days a year local user accounts, and newer releases of Samba don't allow me to do this (if I understand correctly). So my choice is : - Keep Sarge forever. or : - Continue this duplication shit. or : - Install a local LDAP server which will be a partial replicate of the central one, and to which I'll add my needed local users. or : - ? Drop Samba (just joking) This really sucks especially because at the system level user accounts CAN come from different places in a chained configuration with the help of /etc/nsswitch.conf Is there any good reason to have made this change ? Is there any plan to reintroduce the functionnality at a later date ? TIA Jerome Alet -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] unsupported nsswitch entry
isn't password change done through PAM, not nsswitch Collen. Robert Steinmetz AIA wrote: After upgrading Samba on Solaris 8 I am unable to change passwords nsswitch.conf passwd: files winbind Attempting to change passwords results in; # passwd root passwd: Unsupported nsswitch entry for passwd:. Use -r repository . Unexpected failure. Password file/table unchanged. How do you get Solaris to recognize the winbind entry? I have installed the winbind library. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] authentication w/o using /etc/passwd
You could alway's try another backend, nss-mysql, nss-ldap ect ect. sato x wrote: I've never done this before, but I guess if you're using redhat or fedoracore, you could try to use authconfig via the console and choose samba authentication. Let me know if you succeed. Good luck. Regards, sato On 3/3/07, Young [EMAIL PROTECTED] wrote: Is there a way to configure Samba such that /etc/passwd is not used but Samba's password file only? I'm looking for a simple way to configure it to avoid using /etc/passwd, if there's a way. Thanks in advance! - Young -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.25pre2 Available for Download
Does that mean we can use the windows acl's ?? posix acl, has only RWX, with windows you have a bunch of options extra ?! (like write, but no delete, modify, list folder content ect. ect. ) or am i completely off here ?!?! Cheers, nice work dudes.. Collen Gerald (Jerry) Carter wrote: Release Announcements = Major features included in the 3.0.25 code base include: o Support for passing Windows security descriptors to a VFS plug-in allowing for multiple Unix ACL implements to running side by side on the Same server. Support for Additional ACL Modules == Samba's POSIX ACL support has been moved inside of the VFS layer which means it is now possible to support multiple ACL implementations on the same server including NFSv3 and GPFS ACLs. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba problems. accounts expire after a hour, but work after reset
Hi Edmundo, here is the situation: we have a PDC and BDC running samba 3.0.23d we have a Application Server running samba 3.0.24 + winbind. all have fixed (static) IP addresses in the 192.168.2.X segment. (no dhcp or whatever) with resetting, i ment a restart of the samba processes (sorry i was a little un clear) some time's i need to remove the .tdb files (except the secrets.tdb) what i noticed is that the crash/bug happens at peak hour (150 pc's and 100 users) so either samba has too many connections (??) or some other process can't handle it (i was thinking of the mysql deamon, but he has max connections set to 1000, so that should be enough) might be the fedora core too ?? so back to testing, i hope the winbind server will keep up today.. btw, no caching name server runnig in the domain... Cheers, and thx for da input. Edmundo Valle Neto wrote: Collen Blijenberg escreveu: Hi Edmundo, the main problem we have here, is that all out of the blue, the samba PDC and BDC are giving error's. like TRUST DOMAIN FAILED, or USER AUTH FAILED, MACHINE HAS NO ACCOUNT. things like that. but the funny part is, there is no reason for the servers to do that, they run for a few hours (sometimes a day) and then start spitting out these error's. after resetting the PDC, all turns back to normal. and those error's go away, and samba function as it should be. but then after a while, it's back to the error's again. we do use however the pdb-sql backend for storing the usernames and all... in that period, of error's the sql get queried. so the backend does work. and i can't find anny error's generated from the sql backend. also the sql server is accessible in those error times. (we use it for nss-mysql aswell) The only similar problem that happened to me once was a problem with an unconfigured network (that was deactivated) in the dhcp server that was running in the same samba server, and I dont remember why it happened. You said resetting, restarting samba doesn't make it work? Have you sure that the problem is in samba? so either the migration part went wrong (the sid uid part +1000), or samba has a serious bug in the passwd plugin backend ?? the winbindd part are for some other servers in the domain. Where is your winbindd daemon running? In that same server? Just a guess, are you using nscd? our domain is only accessible for domain accounts, so no guests or other accounts here. also all machines have registered to the domain no anonymously accounts and all. it's really driving me crazy this bug. cheers Collen Regards. Edmundo Valle Neto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba problems. accounts expire after a hour, but work after reset
Hi Edmundo, the main problem we have here, is that all out of the blue, the samba PDC and BDC are giving error's. like TRUST DOMAIN FAILED, or USER AUTH FAILED, MACHINE HAS NO ACCOUNT. things like that. but the funny part is, there is no reason for the servers to do that, they run for a few hours (sometimes a day) and then start spitting out these error's. after resetting the PDC, all turns back to normal. and those error's go away, and samba function as it should be. but then after a while, it's back to the error's again. we do use however the pdb-sql backend for storing the usernames and all... in that period, of error's the sql get queried. so the backend does work. and i can't find anny error's generated from the sql backend. also the sql server is accessible in those error times. (we use it for nss-mysql aswell) so either the migration part went wrong (the sid uid part +1000), or samba has a serious bug in the passwd plugin backend ?? the winbindd part are for some other servers in the domain. our domain is only accessible for domain accounts, so no guests or other accounts here. also all machines have registered to the domain no anonymously accounts and all. it's really driving me crazy this bug. cheers Collen Edmundo Valle Neto wrote: Collen Blijenberg escreveu: Hmm.. just a few last questions. the bug came back the other day, after i fired up some machine that uses winbindd for apache authentication. (no smb processes here). downside is that it's winbindd from samba 3.0.11. winbindd from samba 3.0.24 has some strange issues with that machine, for every page it starts re authing again resulting in asking username and password again, and again and again and . i think the problem might be there. Sorry, I don't use winbind. the part i don't get is the 'resolve unmapped account' ?? how can you have unmapped accounts ?? isn't it so that all account that don't have entries in the user database (or machine) are rejected ?? so don't need anny auth at all ? I ever used LDAP, so, for me the scripts ever creates all needed stuff. But some parts of the documentation makes mention of the algorithmic rid being used on groups that wasn't mapped by net groupmap for example. so basically, i can leave the old sid's and posix uid alone, but need to monitor the sid and uid when creating new users and machines, coz they can collide with the existing not standard uid and sid's . If you changed the ids as you said in the last e-mail that collisions must not happens. great, back to debuging again... thx for da input. Collen I didn't understood very well whats your problem, you said in the first e-mail that accounts keep expiring. All them? Clients get some estrange return error after some time? When that happens listing shares in the server shell with an user smbclient -L \\servername -Usomeuser%password or anonymously smbclient -L localhost -U% at least works? Regards. Edmundo Valle Neto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba problems. accounts expire after a hour, but work after reset
Hmm.. just a few last questions. the bug came back the other day, after i fired up some machine that uses winbindd for apache authentication. (no smb processes here). downside is that it's winbindd from samba 3.0.11. winbindd from samba 3.0.24 has some strange issues with that machine, for every page it starts re authing again resulting in asking username and password again, and again and again and . i think the problem might be there. the part i don't get is the 'resolve unmapped account' ?? how can you have unmapped accounts ?? isn't it so that all account that don't have entries in the user database (or machine) are rejected ?? so don't need anny auth at all ? so basically, i can leave the old sid's and posix uid alone, but need to monitor the sid and uid when creating new users and machines, coz they can collide with the existing not standard uid and sid's . great, back to debuging again... thx for da input. Collen Edmundo Valle Neto wrote: Collen Blijenberg escreveu: Sorry, forgot something, indeed there was a mixup with the migrating, old posix uid were differed than the once we use now. a changed the auto_increment value of the user.uid table from mysql. i took the highest sid (5620) subbed 1000 and /2 and used that for auto_increment value.. so now my new user accounts are in sync with samba RID's again. all i'm interested in now is the once i already have and use... i have a heap of accounts that have a posix uid, that doesn't fit the rules Edmundo explained (1000 + (2*uid)) it looks like all works fine, but i would like to take the advise of the experts... is the rule only active when creating new accounts, or does samba use that rule also with in daily basic things ? (like logging in, or accessing shares ??) does it harm to have a posix uid 1050 and a SID ending with -1299 ? Cheers Collen ... [cut] That I know, this algorithmic mapping is made to prevent clashes and prevent the use of well know RIDs by Windows domains. I don't know all the situations that the algorithmic mapping will be used in addiction of the creation of new accounts or to resolve unmapped accounts. (Someone correct me if Im wrong). But I would guess that if your accounts are being resolved (SID-GID and SID-UID) (and if I remember right those mappings are made inside the base used and/or inside groupmap_idmap.tdb, when you are not using winbind) you will not have any problems beyond those related with permissions by lost/changed ids after used (IF that happened). Regards. Edmundo Valle Neto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba problems. accounts expire after a hour, but work after reset
He thx Edmundo, hmm, basically i did a migration. we replaced an old samba server after 4 years, and made a new one. i exported the samba user accounts with the -i and -e option in pdbedit. the old exported samba was version 3.0.11. all i did was transfered the domain SID to the new pdc. exported the users and machine accounts. imported all in the new PDC, added the posix users, mapped some groups with net map. et voila.. i left all the old .tdb files and all on the old machine, and let the new PDC handle it. it looks if all works fine, but adding users and machines gives me the head ace.. isn't there anny way to influence the SID making process ?? some how i think that changing the algorithmic rid base option isn't going to work... i did some other tests as well to day, but it keeps on generating existing SID's (tried other machines) what did i forget to do with the migration ??? that makes the SID's screw up.. ? Cheers, Collen Edmundo Valle Neto wrote: Collen Blijenberg escreveu: Thx Felipe, after a week debugging, i found the problem!! there was a mix up with SID's. i had 5 machines and username with the same SID including the PDC. Would be a nice thing if you discover why that happened. Samba generates the RID part of the SID algorithmically (1000 + (2 x uid) for user accounts, and 1001 + (2 x gid) for groups), if the uid is different in these accounts the RID should be different too. but there is something funny were i need some help with, if i make a new user or machine account, samba generate the SID automatically. i saw, that my server doesn't look at existing SID's. No it doesn't, that's right. It's not needed, calculating RIDs that way will not make clashes. how can i let samba make SID's after a specified number ?? my problem at the moment is that if i make a new user, samba generate an existing SID, and there for trouble arise! Well, normally it will not make clashes, unless you already have a base with SIDs calculated, who knows how. You can change the algorithmic rid base option that defaults to 1000 to another value raising the values that will make RIDs. (if you have unmapped accounts, it will have their SIDs changed too, as the algorithm will be different, if I remember right in samba 3.0.23c theres some changes about that). In some distributions, you can raise the uid/gids range. That way would make higher RIDs be generated too. :) example: current last SID in user database: S-1-5-21-1968991162-2130249723-1959552931-5462 if i make a new user samba will use: S-1-5-21-1968991162-2130249723-1959552931-5410 Do you use a database server to store your samba users right? Well, I never used it, I don't know how exactly it stores information. As I don't know how do you have created your accounts or how much have you messed with them. Normally uids are not reused in posix accounts and samba user/group accounts picks up even/odd RID numbers, not making that probably future clash as you are seeing. :) so basically it's all about the last 4 digits! can i alter a .tdb file ??? (if so witch one??) I can't say that you can't, there's some tools that dump/change/add/etc contents of .tdb files, you can even dump them and grep to find where's the information that you are looking for, but keep in mind that probably you will mess up with any reference to the SID being changed (beeing it ACLs, profiles, or whatever). The last time that I blowed up my base with repeated SIDs (took me a while to discover why users where getting permissions that they shouldn't, it was the first time I used an LDAP base importing the old base and I changed the code that make the SIDs in the scripts that creates the accounts) I deleted all these accounts, raised the base RID, recreated them and changed permissions with shell scripts. all i like is samba to start making SID's after that -5462 number !!! Cheers, Collen ... [cut] I hope it helps. Regards. Edmundo Valle Neto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba problems. accounts expire after a hour, but work after reset
Sorry, forgot something, indeed there was a mixup with the migrating, old posix uid were differed than the once we use now. a changed the auto_increment value of the user.uid table from mysql. i took the highest sid (5620) subbed 1000 and /2 and used that for auto_increment value.. so now my new user accounts are in sync with samba RID's again. all i'm interested in now is the once i already have and use... i have a heap of accounts that have a posix uid, that doesn't fit the rules Edmundo explained (1000 + (2*uid)) it looks like all works fine, but i would like to take the advise of the experts... is the rule only active when creating new accounts, or does samba use that rule also with in daily basic things ? (like logging in, or accessing shares ??) does it harm to have a posix uid 1050 and a SID ending with -1299 ? Cheers Collen Collen Blijenberg wrote: He thx Edmundo, hmm, basically i did a migration. we replaced an old samba server after 4 years, and made a new one. i exported the samba user accounts with the -i and -e option in pdbedit. the old exported samba was version 3.0.11. all i did was transfered the domain SID to the new pdc. exported the users and machine accounts. imported all in the new PDC, added the posix users, mapped some groups with net map. et voila.. i left all the old .tdb files and all on the old machine, and let the new PDC handle it. it looks if all works fine, but adding users and machines gives me the head ace.. isn't there anny way to influence the SID making process ?? some how i think that changing the algorithmic rid base option isn't going to work... i did some other tests as well to day, but it keeps on generating existing SID's (tried other machines) what did i forget to do with the migration ??? that makes the SID's screw up.. ? Cheers, Collen Edmundo Valle Neto wrote: Collen Blijenberg escreveu: Thx Felipe, after a week debugging, i found the problem!! there was a mix up with SID's. i had 5 machines and username with the same SID including the PDC. Would be a nice thing if you discover why that happened. Samba generates the RID part of the SID algorithmically (1000 + (2 x uid) for user accounts, and 1001 + (2 x gid) for groups), if the uid is different in these accounts the RID should be different too. but there is something funny were i need some help with, if i make a new user or machine account, samba generate the SID automatically. i saw, that my server doesn't look at existing SID's. No it doesn't, that's right. It's not needed, calculating RIDs that way will not make clashes. how can i let samba make SID's after a specified number ?? my problem at the moment is that if i make a new user, samba generate an existing SID, and there for trouble arise! Well, normally it will not make clashes, unless you already have a base with SIDs calculated, who knows how. You can change the algorithmic rid base option that defaults to 1000 to another value raising the values that will make RIDs. (if you have unmapped accounts, it will have their SIDs changed too, as the algorithm will be different, if I remember right in samba 3.0.23c theres some changes about that). In some distributions, you can raise the uid/gids range. That way would make higher RIDs be generated too. :) example: current last SID in user database: S-1-5-21-1968991162-2130249723-1959552931-5462 if i make a new user samba will use: S-1-5-21-1968991162-2130249723-1959552931-5410 Do you use a database server to store your samba users right? Well, I never used it, I don't know how exactly it stores information. As I don't know how do you have created your accounts or how much have you messed with them. Normally uids are not reused in posix accounts and samba user/group accounts picks up even/odd RID numbers, not making that probably future clash as you are seeing. :) so basically it's all about the last 4 digits! can i alter a .tdb file ??? (if so witch one??) I can't say that you can't, there's some tools that dump/change/add/etc contents of .tdb files, you can even dump them and grep to find where's the information that you are looking for, but keep in mind that probably you will mess up with any reference to the SID being changed (beeing it ACLs, profiles, or whatever). The last time that I blowed up my base with repeated SIDs (took me a while to discover why users where getting permissions that they shouldn't, it was the first time I used an LDAP base importing the old base and I changed the code that make the SIDs in the scripts that creates the accounts) I deleted all these accounts, raised the base RID, recreated them and changed permissions with shell scripts. all i like is samba to start making SID's after that -5462 number !!! Cheers, Collen ... [cut] I hope it helps. Regards. Edmundo Valle Neto -- To unsubscribe from this list go to the following URL and read
Re: [Samba] samba problems. accounts expire after a hour, but work after reset
Thx Felipe, after a week debugging, i found the problem!! there was a mix up with SID's. i had 5 machines and username with the same SID including the PDC. but there is something funny were i need some help with, if i make a new user or machine account, samba generate the SID automatically. i saw, that my server doesn't look at existing SID's. how can i let samba make SID's after a specified number ?? my problem at the moment is that if i make a new user, samba generate an existing SID, and there for trouble arise! example: current last SID in user database: S-1-5-21-1968991162-2130249723-1959552931-5462 if i make a new user samba will use: S-1-5-21-1968991162-2130249723-1959552931-5410 so basically it's all about the last 4 digits! can i alter a .tdb file ??? (if so witch one??) all i like is samba to start making SID's after that -5462 number !!! Cheers, Collen Felipe Augusto van de Wiel wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/28/2007 10:11 AM, Collen Blijenberg wrote: Hello I'm having some strange problems with samba 3.0.23d (PDC) on my FC6 Hi Collen! if i start samba, everything works fine, but after an hour orso(some times 2 hours if there is not mutch traffic) machines and user accounts start expiring. i don't know why, but it is ?! after i do a restart, samba comes up and works again. i checked the mysql server (coz' i use pdb-sql as backend) but the sql query's get executed and value's are returned. (even if goes into bug-mode) so that part works ok!, all i can think of is that tdb files get corrupted ?? That's strange. Are you using Policy for you domain? Like the length of the password, time before user can change password and so on. the funny part is that i also have a BDC running the same samba version and sql version, and that one has no prob's ad all (only the smb.conf is differed and the netbios name) but on the counter part, the bdc isn't really doing anything, ot's not serving shares or printers actively.. some input would be nice, coz' i really have no idea where to look... ??? Can you provide logs when your server is working? That could help diagnose the problem. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF5usCCj65ZxU4gPQRAjF0AJ0bU9di1VckV0pmvKEj6b/ouEuRNwCfenYu jz79l+zzDiTyYu6GRwpsxug= =3R6i -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba problems. accounts expire after a hour, but work after reset
Hello I'm having some strange problems with samba 3.0.23d (PDC) on my FC6 if i start samba, everything works fine, but after an hour orso(some times 2 hours if there is not mutch traffic) machines and user accounts start expiring. i don't know why, but it is ?! after i do a restart, samba comes up and works again. i checked the mysql server (coz' i use pdb-sql as backend) but the sql query's get executed and value's are returned. (even if goes into bug-mode) so that part works ok!, all i can think of is that tdb files get corrupted ?? the funny part is that i also have a BDC running the same samba version and sql version, and that one has no prob's ad all (only the smb.conf is differed and the netbios name) but on the counter part, the bdc isn't really doing anything, ot's not serving shares or printers actively.. some input would be nice, coz' i really have no idea where to look... ??? Thx, Collen I get error's like these: --- [2007/02/27 09:48:26, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/02/27 09:48:26, 5] auth/auth_util.c:is_trusted_domain(2020) is_trusted_domain: Checking for domain trust with [JORDANET] [2007/02/27 09:48:26, 5] passdb/secrets.c:secrets_fetch_trusted_domain_password(340) secrets_fetch failed! [2007/02/27 09:48:26, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/02/27 09:48:26, 10] lib/gencache.c:gencache_get(329) Cache entry with key = TDOM/JORDANET couldn't be found [2007/02/27 09:48:26, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(184) no entry for trusted domain JORDANET found. [2007/02/27 09:48:26, 5] auth/auth_util.c:make_user_info(75) attempting to make a user_info for () [2007/02/27 09:48:26, 5] auth/auth_util.c:make_user_info(85) making strings for 's user_info struct === [2007/02/27 09:48:42, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 [2007/02/27 09:48:42, 0] rpc_server/srv_netlog_nt.c:get_md4pw(258) get_md4pw: Workstation C6-2$: account is not a trust account [2007/02/27 09:48:42, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(461) _net_auth2: failed to get machine password for account C6-2$: NT_STATUS_NO_TRUST_SAM_ACCOUNT [2007/02/27 09:48:42, 5] rpc_parse/parse_prs.c:prs_debug(84) 00 net_io_r_auth_2 = [2007/02/27 12:09:16, 3] auth/auth.c:check_ntlm_password(221) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2007/02/27 12:09:16, 3] auth/auth.c:check_ntlm_password(224) check_ntlm_password: mapped user is: [EMAIL PROTECTED] [2007/02/27 12:09:16, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/02/27 12:09:16, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/02/27 12:09:16, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/02/27 12:09:16, 2] pdb_mysql.c:mysqlsam_select_by_field(292) Executing query SELECT logon_time,logoff_time,kickoff_time,pass_last_set_time,pass_can_change_time,pass_must_change_time,username,domain,nt_username,nt_fullname,home_dir,dir_drive,logon_script,profile_path,acct_desc,workstations,unknown_str,munged_dial,user_sid,group_sid,lm_pw,nt_pw,NULL,acct_ctrl,logon_divs,hours_len,bad_password_count,logon_count,unknown_6,logon_hours,password_history FROM user WHERE username = 'ralph' [2007/02/27 12:09:16, 3] passdb/lookup_sid.c:fetch_gid_from_cache(1015) fetch gid from cache 1001 - S-1-5-21-1968991162-2130249723-1959552931-513 [2007/02/27 12:09:16, 3] passdb/lookup_sid.c:fetch_gid_from_cache(1015) fetch gid from cache 1001 - S-1-5-21-1968991162-2130249723-1959552931-513 [2007/02/27 12:09:16, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/02/27 12:09:16, 3] libsmb/ntlm_check.c:ntlm_password_check(344) ntlm_password_check: NT MD4 password check failed for user lldummanne [2007/02/27 12:09:16, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/02/27 12:09:16, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/02/27 12:09:16, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/02/27 12:09:16, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/02/27 12:09:16, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/02/27 12:09:16, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/02/27 12:09:16, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/02/27 12:09:16, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/02/27 12:09:16, 3] auth/auth_winbind.c:check_winbind_security(80) check_winbind_security: Not using winbind,
Re: [Samba] What is happening here?
Could you the message with a higher debug level ?? also is tribal-sfn2 your domain name or server name ?? Cheers, Collen M9. wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi readers of this list, I have this nasty problem, that looks fixed, but everytime something else annoying happens... - From SuSE10.0, there are problems with browsing LAN, due to susefirewall, was said...and partialy this is true.. All kind of strange things, incompatibilities, or bugs, keep me from just browsing shares in the network... I filed a bug on this issue: Bug # 246770 Today, i removed ashare, that was created as test, and was not nessesary anymore, result: network invisible! [EMAIL PROTECTED]:~ smbclient -L//tribal-sfn2 Password: Domain=[TRIBAL-SFN2] OS=[Unix] Server=[Samba 3.0.23d-19.2-1179-SUSE-SL10.2] tree connect failed: NT_STATUS_BAD_NETWORK_NAME [EMAIL PROTECTED]:~ What has happened here? I only removed one single share! To show i am serious, the cat log for the unexisting network in this case tribal-sfn2, from which i want to acces other pc's in the network.. [EMAIL PROTECTED]:~ cat /etc/samba/smb.conf [global] winbind gid = 1-2 winbind uid = 1-2 usershare max shares = 100 workgroup = mshome add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$ domain master = no restrict anonymous = no max protocol = NT acl compatibility = winnt ldap ssl = No server signing = Auto map to guest = Bad User guest ok = yes case sensitive = no strict locking = no msdfs proxy = no read only = no preferred master = no [divx] comment = films inherit acls = yes path = /windowsF/Divx/ read only = no # case sensitive = no # strict locking = no # msdfs proxy = no [mp3] comment = muziek inherit acls = Yes path = /windowsD/MP3/ read only = No ## Share disabled by YaST # [netlogon] [shared] comment = muziek inherit acls = Yes path = /shared/ read only = No [documenten] comment = documenten inherit acls = Yes path = /windowsC/Documents and Settings/All Users/Documenten/ read only = No [tekeningen] comment = tekeningen inherit acls = Yes path = /windowsE/Tekeningen/ read only = No [EMAIL PROTECTED]:~ these we commented out, entrances made by the kde config module, and with which this share did not exist.. # case sensitive = no # strict locking = no # msdfs proxy = no Is there something in this config which should look different? - -- Have a nice day, M9. Now, is the only time that exists. OS: Linux 2.6.18.2-34-default x86_64 Huidige gebruiker: [EMAIL PROTECTED] Systeem: openSUSE 10.2 (X86-64) KDE: 3.5.5 release 45.2 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFF4vn1X5/X5X6LpDgRAubiAJwLbBH7W+t3FQ3wYs8WNRTDkVM86QCgoq63 EtkwFXYe3p1Nfk3AuvSbudM= =Gyyg -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] What is happening here?
try smbclient -d10 -Lservername my guess is that ether the machine you smbclient from isn't in the domain, or the machine name is wrong... coz' in the previous mail there was: Domain=[TRIBAL-SFN2] OS=[Unix] Server=[Samba 3.0.23d-19.2-1179-SUSE-SL10.2] and as you can see domain states the machine name ? and that's what's wrong... (i think?) Have fun debugging... Collen M9. wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I would send the message with a higher debuglevel, if i only knew how? I do not know were to look to change: tree connect failed: NT_STATUS_BAD_NETWORK_NAME When i look at DNS and Hostname i see: Hostname: tribal-sfn2, domainname: site Collen Blijenberg schreef: Could you the message with a higher debug level ?? also is tribal-sfn2 your domain name or server name ?? Cheers, Collen M9. wrote: Hi readers of this list, I have this nasty problem, that looks fixed, but everytime something else annoying happens...snip - -- Have a nice day, M9. Now, is the only time that exists. OS: Linux 2.6.18.2-34-default x86_64 Huidige gebruiker: [EMAIL PROTECTED] Systeem: openSUSE 10.2 (X86-64) KDE: 3.5.5 release 45.2 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFF5ZuEX5/X5X6LpDgRAlscAKDFwFQGM6RqoipoelsGH3TW2Ou/oQCfT+/X rFud/NdSmP1wOBZD9Zs5SzI= =VMqD -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] SID trouble..
we had a major crash with out samba servers today. trouble lied with the SID's and trustdomainaccounts, here is some problem, 'net getlocalsid' gave back an error 'can't fetch domain sid for name: WALDORF' ?? Waldorf is the netbios name, not the domain ?? i thought localsid is the SID for the samba server name, not the domain ?? 'net getlocalsid DOMAIN' does get the right domain sid. but not the SID for the server itself also i had a security context stack overflow ?!?!?! (panic action and core dumps.. arg) all of a sudden, my PDC started looking for a trusted domain, 'JORDANET' witch is the domain name it is serving him self ?? after this, i deleted all the TDB files (include the secret.tdb) did a net rpc join, and a NET RPC GETSID against the BDC, and all worked fine again ?? (-SBDC) dunno, we did not changed a thing in our setup, and the PDC was running for 5 day's straight. ?? so i find it kinda strange it stopped running all of a sudden, an started to nag about trusted domains and all ?? hope this isn't going to be a regular problem, did someone had simulair trouble before ??? Cheers, Collen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] [home] shares not closing ?!
Hello... i have a small problem, in our samba domain, the home shares from users are not closing the connection. is there a way to make samba do this. i know it's an actual windows problem. now i have over 20 connections to homes shares from a view computers and i dislike the fact that users can see the other home shares listed under the pdc share list. i tried deadtime = 15, but no luck here... sugestions ?!?!?! Cheers, Collen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] pdb+bdc machine account
Maybe a dumb question, but i can't find the answer anywhere.. do you need to create posix accounts for samba PDC and BDC ??? (coz' mine didn't by default) also, if you use 'netbios alias' do you need to create accounts for these aliases as well ?? and do these SID's have to be the same as the original netbios name ??? Thx Collen.. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] replacing a samba pdc server.
We already did pdbedit -i | -e it some what worked out for us, all i like to say to this is that i find it some what odd that a RPC VAMIRE works for NT4 server migration but not for samba BDC 's ?? but we succeed in migrating from 3.0.11 to 3.0.23d... Thx and Cheers, Collen. Felipe Augusto van de Wiel wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/26/2007 05:59 AM, Collen Blijenberg wrote: Hmm, my new server is installed as BDC!, but using RPC VAMPIRE against a samba PDC or Domain, ain't working... Check Andrew's reply, you can't vampire Samba, even if you are a BDC. You should use pdbedit -i|-e instead. :) guess it's going to be import/export then, that's all there is left Yes. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFxz/vCj65ZxU4gPQRAihNAJ40oKNUGR+oD2E/ai6YP8HSTatbagCfYJ+y Tgx3KnCOiUUsxEhkoHVfOb8= =oFA/ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] replacing a samba pdc server.
Hello and good day, we're in the middle of migrating an old samba (3.0.11) pdc server, to a new server (3.0.23d) i thought i could do a NET VAMPIRE to make the new server sync with the old one. but ofcoz' that doesn't work (NT error code 0x1c010002) is there an other way to make these servers sync ? we really would like to start fresh, coz' there are some inconsistencies in the old data bases of users and posix-users. the old one is based on the mysql backend, and the new server will also be mysql. (no worries here, it's tested and works all ok) I read the migrating and updating chapter's of the howto, but there isn't a real good procedure described. (you should think the vampire command would be capable of doing this procedure..?!) Cheers, Collen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] replacing a samba pdc server.
Hmm, my new server is installed as BDC!, but using RPC VAMPIRE against a samba PDC or Domain, ain't working... guess it's going to be import/export then, that's all there is left Cheers, Collen Mark Rutherford wrote: Hmmm, you can use that, but: RPC VAMPIRE Export users, aliases and groups from remote server to local server. Can only be run an a BDC. Only if you are a BDC. :) Here is my question I have to migrate a server as well. The current server uses smbpasswd and the new server planned I want to use ldapsam. Can I Add the new server as a BDC and 'vampire' the current PDC and then 'promote' the new server and shut the other one off? Would be cool if I could. I am exploring methods of 'how' to change the server, but also how to keep things intact. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] file owner is root
Check your: admin users = username in smb.conf all users on this admin user list, create files and folders as root user !! Cheers Collen Felipe Augusto van de Wiel wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/30/2007 01:05 AM, Paiva LR wrote: Hello everybody, in my working samba server, any file created by any user with windows appears with root as the owner, at the server. This way i can't manage any quota system... what can i do to set the user as owner of his recent created files? Could you please send the important parts of your smb.conf? thanks Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFwIcGCj65ZxU4gPQRAn6ZAKDMYG21Q5Uo0UgsJqdiBTJb6zJ+xACeMXqD XSqOtFTr9aTS4VSd+wdk9Dg= =N2mP -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] replacing a samba pdc server.
Hmm, my new server is installed as BDC!, but using RPC VAMPIRE against a samba PDC or Domain, ain't working... guess it's going to be import/export then, that's all there is left Cheers, Collen Mark Rutherford wrote: Hmmm, you can use that, but: RPC VAMPIRE Export users, aliases and groups from remote server to local server. Can only be run an a BDC. Only if you are a BDC. :) Here is my question I have to migrate a server as well. The current server uses smbpasswd and the new server planned I want to use ldapsam. Can I Add the new server as a BDC and 'vampire' the current PDC and then 'promote' the new server and shut the other one off? Would be cool if I could. I am exploring methods of 'how' to change the server, but also how to keep things intact. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] replacing a samba pdc server.
Hello and good day, we're in the middle of migrating an old samba (3.0.11) pdc server, to a new server (3.0.23d) i thought i could do a NET VAMPIRE to make the new server sync with the old one. but ofcoz' that doesn't work (NT error code 0x1c010002) is there an other way to make these servers sync ? ea. can I do pdbedit -e tdbsam:/dump.tdb on the old server, and pdbedit -i tdbsam:/dump.tdb on the new server ??? (just for the machine,users and groups ??) we really would like to start fresh, coz' there are some inconsistencies in the old data bases of users and posix-users. the old one is based on the mysql backend, and the new server will also be mysql. (no worries here, it's tested and works all ok) I read the migrating and updating chapter's of the howto, but there isn't a real good procedure described. (you should think the vampire command would be capable of doing this procedure..?!) Cheers, Collen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] USRMGR.exe not working properly
Nope, these should be unix groups.. afaik, unix groups don't allow 'space' in there names... so 'Domain Users' will not work, 'domain_users' would.. dunno.. Holger Wesser wrote: 'net groupmap list' shows (an extract): Domain Admins (S-1-5-21-995113423-1751251495-2796976809-512) - Domain Admins Domain Users (S-1-5-21-995113423-1751251495-2796976809-513) - Domain Users Domain Guests (S-1-5-21-995113423-1751251495-2796976809-514) - Domain Guests Domain Computers (S-1-5-21-995113423-1751251495-2796976809-515) - Domain Computers Administrators (S-1-5-32-544) - Administrators Print Operators (S-1-5-32-550) - Print Operators Backup Operators (S-1-5-32-551) - Backup Operators Replicators (S-1-5-32-552) - Replicators this seems to be okay, don't it? Holger Collen Blijenberg schrieb: what do you see with the 'net groupmap list' command.. maybe you need to map them manually, (net group add .) coz' this became the default behavior for the 3.0.23 version... Cheers Collen Holger Wesser wrote: Hi there, I'm running Debian Sarge with the sernet-packages of Samba. Yesterday I updated from 3.0.22 to 3.0.23. When I start the usrmgr.exe, I still are able to modify users but I cannot see/modify groups anymore. Where could I start to find the problem? Thanks. Holger -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] USRMGR.exe not working properly
what do you see with the 'net groupmap list' command.. maybe you need to map them manually, (net group add .) coz' this became the default behavior for the 3.0.23 version... Cheers Collen Holger Wesser wrote: Hi there, I'm running Debian Sarge with the sernet-packages of Samba. Yesterday I updated from 3.0.22 to 3.0.23. When I start the usrmgr.exe, I still are able to modify users but I cannot see/modify groups anymore. Where could I start to find the problem? Thanks. Holger -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] speed trouble ...
Try an Imap server... Jose Luis Maquieira Taboada wrote: Hi again ! ok one of the main problem was the log level too high ... now I am making some changes and need to store the thunderbird mailboxes on a lan resource from windows, when the mboxes are quit big it takes a lot of time to check it ... how i can optimize it ... is a good idea use the cache mode on windows ( store files on local hd withouth conection ) 2006/6/19, Gerald Drouillard [EMAIL PROTECTED]: Jose Luis Maquieira Taboada wrote: Hi ! In my lan I have some projects with eclipse located in windows at w: drive; this w: is a samba resource in Debian. A one file save it takes 4-5 seconds ... its a lot of time than saving on local hard disk. I test some tuning options like file system and samba ... The files are .c and are little files ... a lot of them, gif, .c, .ogg, ... The FS is EXT3 with News format options on debian instalation ( inodes ) and the same results on an EXT3 with standar format. I´ve got a P4 with 1gb of ram and Debian Etch today updates ... The version of the samba installed is 3.0.22-1 and the kernel is the 2.6.15-1-686 Try the following: netbios name = BTEAM-2 server string = (%L) workgroup = LABORATORIO encrypt passwords = yes hosts allow = 192.168.190. 127. os level = 120 domain master = no preferred master = no wins support = yes name resolve order = hosts wins lmhosts bcast remote announce = 192.168.190.255 remote browse sync = 192.168.190.255 socket options = TCP_NODELAY SO_SNDBUF=65536 SO_RCVBUF=65536 IPTOS_LOWDELAY lock spin time = 15 lock spin count = 100 dos filetimes = yes dos filemode = yes log level = 1 getwd cache = yes [adiaz] comment = Carpeta compartida para Alberto path = /srv/public/adiaz read only = no guest ok = yes browseable = yes writeable = Yes user=adiaz -- Regards -- Gerald Drouillard Technology Architect Drouillard Associates, Inc. http://www.Drouillard.ca -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] policies
Check this out... http://www.microsoft.com/downloads/details.aspx?FamilyID=c16ae515-c8f4-47ef-a1e4-a8dcbacff8e3displaylang=en Adam Nielsen wrote: Guess this is a server tool (2000/2003) dunno, can this be obtained without having a windows server ? like is it part of a service pack, or resource kit ? It's part of the Windows Server 2003 Administration Tools Pack which you can install under XP Professional, but it looks like you need the Windows Server CDs to get the installer: http://technet2.microsoft.com/WindowsServer/en/Library/57adeda2-3e00-4d5e-9b01-cf2bf256912d1033.mspx?mfr=true Cheers, Adam. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] policies
Guess this is a server tool (2000/2003) dunno, can this be obtained without having a windows server ? like is it part of a service pack, or resource kit ? we also uses the old style poledit.exe (nt4) and would love to migrate to the MMC version... Cheers. C. Rodney Richison wrote: Rodney Richison wrote: Am going thru the learning curve on using samba as a primary controller. Samba is up and running just fine. However, I'm a bit confused on the ntlogin.pol thing. I'm gathering, if all the workstations are winxp, I need to do this?? Go to the Windows 200x/XP menu Start-Programs-Administrative Tools and select the MMC snap-in called Active Directory Users and Computers Select the domain or organizational unit I don't see the mmc snap-in. Or should I still be using poledit on samba 3.1? If so, if someone has a source for the 3 common adm files, I'd appreciate it. common.adm etc.. Any other comments would be welcome. Maybe if I ask a differant way. Here, http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/PolicyMgmt.html#id2625181 It suggest using a differant tool for winxp clients. qoute ** Instead of using the tool called the System Policy Editor, commonly called Poledit (from the executable name *poledit.exe*), GPOs are created and managed using a Microsoft Management Console (MMC) snap-in as follows: 1. Go to the Windows 200x/XP menu Start-Programs-Administrative Tools and select the MMC snap-in called Active Directory Users and Computers ** I cannot find this tool??? Is it on win2k server? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] passdb and samba v3.0.23pre1
Pdb_multi is part of the pdb_sql project on sourceforge. but there is no speed in the development.. Cheers Collen Someone outside of Samba was working on a pdb_multi. But IMO it is best to migrate all at once. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: proposed list of parameter to remove in 3.0.23
Quite a list, but no non we use. might i do a sugestion ? all with all, there are a lot of changes is the up coming release. not only these parameters en config options, but also the removal of the sql backends that multi passwd backend thing.. isn't it smarter , or it makes more sense to push these rather big changes through the 3.1 release ??? Cheers, Collen Gerald (Jerry) Carter wrote: Here's a short list of parameters I'd like to remove from smb.conf. hosts equiv read bmpx wins partners ldap server ldap port homedir map nis homedir magic script magic output Comments? I'd also like to kill the following configure options --with-nisplus-home --with-ldapsam --with-automount --with-dce-dfs -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Mysql as backend for samba
Wait for the next release. mysql backend is broke at the moment. development is transfered to: http://sourceforge.net/projects/pdbsql Cheers, Collen Blijenberg. satya panda wrote: Hi group, can i configure mysql(5.0.16) as backend for samba(3.0.22), i tried but fail...the error is NT-STATUS LOGIN FAILURE.. can you advice me what to do .. Thanxs, Satya -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How to set mysql backend for samba; Urgent pls
Well hello, samba prior to version 3 doesn't support the pdb_mysql backend. perhaps there is a way around, but i don't think so. dunno what's your idea of samba mysql, coz in your list you mention pam-mysql ?? my guesses are that pam-mysql is for the support of storing posix users in a mysql database, not samba users.! if you need mysql to store samba users, convert to samba 3, and wait for the next release. (coz from 3.0.14 - 3.0.22 the mysql backend is broke.) at the moment there is a project at sourceforge trying to make the mysql backend work again. ( https://sourceforge.net/projects/pdbsql ) but it won't be able to run until 3.0.23 (i guess) Cheers Have Fun Collen Blijenberg. MLHJ balijepalli srikrishnamohan wrote: Hello group, I Just joined the group and this is the first message to this group. I am facing a problem while configuring mysql backend to samba. I am using samba 2.2.7, mysql 5.0, pam-mysql-0.5 and RH9. Is it possible to set mysql backend for samba2.2.7? Pls explain the way to configure mysql to samba as backend. Regards Krishnam. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How to set mysql backend for samba; Urgent pls
Hello, It's there for all 3.xx versions, it will be removed from the future versions and continue as an standalone project. (3.0.23 i guess) you have to compile samba with expsam mysql. (be sure you have the development package from mysql installed) you could use the ldap backend, coz it's more stable, and has more options. Cheers Collen balijepalli srikrishnamohan wrote: Hello Collen, Thanks for your reply. Let me ask another question on this. Is mysql support for samba as backend is not there for all other current available versions(like versions before 3.0.14) or is it only not work the versions range you specified. If it is not there i'll move to ldap support. Regards, Krishnam. --- Collen Blijenberg [EMAIL PROTECTED] wrote: Well hello, samba prior to version 3 doesn't support the pdb_mysql backend. perhaps there is a way around, but i don't think so. dunno what's your idea of samba mysql, coz in your list you mention pam-mysql ?? my guesses are that pam-mysql is for the support of storing posix users in a mysql database, not samba users.! if you need mysql to store samba users, convert to samba 3, and wait for the next release. (coz from 3.0.14 - 3.0.22 the mysql backend is broke.) at the moment there is a project at sourceforge trying to make the mysql backend work again. ( https://sourceforge.net/projects/pdbsql ) but it won't be able to run until 3.0.23 (i guess) Cheers Have Fun Collen Blijenberg. MLHJ balijepalli srikrishnamohan wrote: Hello group, I Just joined the group and this is the first message to this group. I am facing a problem while configuring mysql backend to samba. I am using samba 2.2.7, mysql 5.0, pam-mysql-0.5 and RH9. Is it possible to set mysql backend for samba2.2.7? Pls explain the way to configure mysql to samba as backend. Regards Krishnam. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] pam_winbind log ip nr
Just a quick question, we use pam_winbind to authenticate users against smb-pdc. (works ok btw) is there a way to make pam_winbind log the ip numbers of failed authentications ?? or is this done by the PAM service ?? if i look in the /var/log/messages log i see the loggings of success and failed logins, but without IP nrs. it's for adding iptables rules to a blacklist. Cheers Thx Collen. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Strange problem with just 1 file..?
We are experiencing a strange problem with accessing a file, i tested it on samba 3.0.11 and 3.0.14a when we access the file (ask property's,copy or just run it) windows explorer gets system load of aprox. 100% for about 50 sec, and then starts (or shows the prop) the program. if i do the same, with another normal program on the same share and dir, the 50 sec. hick up isn't there. if i copy the file locally the issue is gone! the program is about 3,5 meg big, but i have a hunch that it's a so called compressed executable. (WilmarkWizard II Suite i guess) samba log files don't show strange behavior (no panics or errors on level 2). the server does it's work normally, we don't experience other probs with samba, it's just this one file. someone got a clue ?? Cheers Collen. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3 performance issues
Beside the story Greg Folkert wrote (witch make sense) remember this about GB network carts: You'll never get a full 1000 mb/s ! i saw you have a celeron processor (witch ain't the fastest in performance) coz' gb nic's tent to use a lot processor overhead, also raid cards use (a little) processor time. hdd through put is an issue, all together makes the performance. I've tested 2 marvel yukons (pci-x) between 2 xp clients, with only memory transfers and got (after some windows tweaking, coz windows isn't gb lan ready by default) 500mb/s (so that is only 50%) and had 99% proc. load. (pentium M 1.8) on realtek gb lan cards it was even worse. so a big processor(s) and real fast hdd's might do you some good! so put this together with Greg's story, and you'll get the fact's. Cheers, and good luck with testing/tweaking Collen. Greg Folkert wrote: On Thu, 2006-03-30 at 13:52 -0500, Rohit Kumar Mehta wrote: I believe I have some hardware or configuration related performance issues running samba 3.0.14a-3sarge. Our server is an Intel Celeron 2 Ghz with 512 MB of RAM and a 3ware card using SATA disks in a RAID 5 configuration (3ware controller card). We have a gigabit network and are using Intel Gigabit ethernet cards e1000). When copying large files to the samba shares on the system, the transfer rate maxes out near 100 mb/s. We tested with nttcp and were able to get speeds of nearly 800mb/s. So I think it is safe to conclude this is not a network issue. Various tools like top, xosview and mpstat convinced us that we are bound in the CPU. Stopping the samba file transfer and the cpu idle time exceeds 90%. We are convinced that our CPU is the bottleneck, but not sure why. #cat /proc/cpuinfo processor : 0 vendor_id : GenuineIntel cpu family : 15 model : 2 model name : Intel(R) Celeron(R) CPU 2.00GHz stepping: 9 cpu MHz : 1996.920 cache size : 128 KB fdiv_bug: no hlt_bug : no f00f_bug: no coma_bug: no fpu : yes fpu_exception : yes cpuid level : 2 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe cid bogomips: 3956.73 Does anyone have any advice on how to speed up our file transfers? We regularly have to 18 GB worth of files to this system, and it would be very good if we could speed it up. At current speeds, we get no advantage at all from even having gigabit network cards! Please feel free to ask me any other questions about our system setup. Thanks in advance for any advice, Have you done *ANY* system caching parameters, filesystem tuning, or Samba Config tuning? What have you done besides verify it is not the network itself? Have you tested throughput for the 3ware card? I can tell you this, if you have the RAID-5 setup not-optimally to work with the block sizing on your Filesystem you'll never get excellent throughput. I always tend to use largest blocking factors with the 3ware cards for RAID-5. This (for me at least) has proven the fastest and least latency ridden settings for me. But then I am using XFS on all of my 3ware RAID-5 setups. For Mirroring, I typically let the defaults work. Defaults have been by far the best setup for most filesystems. If you still believe you are suffering from CPU overload, I'd suggest sending it to the RAID-5 array with over compressed scp (with mild compression of 4 or 5) and then without compression. See what you get. I am betting the real problem comes from multiple bus-mastering cards conflicting or colliding. The Intel-E1000 and the 3ware card are definitely both bus-mastering. There are a couple of things on the Samba side you can do. Turn off Logging (you don't need it really), change the read and send buffer sizes, change the TCP setting it uses to be more in line with Gigabit, move to using Jumbo frames, get a TOE (TCP Offload Engine) NIC. Then if you still have issues, turn on logging for the stuff you are worried about (auth would be 0, etc...) and then add a sniffer to you connection. You'll definitely find something. My gut reaction is that since this is a Celeron Processor, you really need to goto 64-bit slots on the mother board. Getting a PCI-X capable motherboard would greatly help your problems. One last thing, any of the 95xx cards from 3ware are 3.3V only and are PCI2.3 compliant, they will function incorrectly possibly even be ruined or not recognized by a 5V or Auto-detect 5v/3.3v slot. The 9xxx, 8xxx and 7xxx cards can be used in either a 5V or 3.3V PCI slot. Good luck. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Dos clients on Samba 3.0.12
Correct me if I'm wrong, but if i recall it right, there was a dos bug in samba 3.0.11 ? 12 ? or 14 ? (somewhere between .11 and .14) so if you experience dos problems with your version, try a newer version.. Cheers.. Collen Raphael Neve wrote: Hello there, I recently replaced a server running Samba 2.x with a brand new one running Samba 3.0.12. I had a couple DOS machines running the Microsoft Client which worked fine on the old server. On the new one, they can log in fine, and do a dir on the remote drive, but when I try to copy a file to or from the server, the DOS machine hangs, and on the server I get a Connection reset by peer in the log.smbd. Does anyone have any idea what this might be ? I snouted about a bit on the internet and it seems there might be a speed disparity, and the data is going to fast for the DOS machines I tried playing with the sendfile share parameter but with no noticeable difference. Thanks, Raphael Neve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba + cups = raw postscript output
Here is some input on print accounting: David Smith wrote: Not sure of what exactly you are referring to with cups driver...are you using Adobe Postscript printer driver and cups generated PPD and printing to \\samba_server\printer_share ? Yes, I'm using \\samba\printer to print, and the Cups Test Driver v6 driver. I am wanting to be able to use print accounting, can this be done with the Adobe driver? We use Pykota for print accounting, allong with a standard pcl6 windows driver!! works fine, with cups as print backend!! if so, you don't want to have the 'raw' option enabled on the cups printer at all (comment out the 'raw' lines in /etc/cups/mime.types and /etc/cups/mime.convs and restart cups). Ok, I commented out the application/vnd.cups-raw setting from mime.types, now I Get a message in the Samba logs as follows [2006/03/06 09:22:47, 0] printing/print_cups.c:cups_job_submit(765) Unable to print file to HPLaserJet5si - client-error-document-format-not-supported Cheers Collen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] User Manager
We had the dame problem with the initial version of the mysql backend. our problem was fixed by setting the default value's for unkown_6 to 1260 and logon_divs to 168 dunno if the ldap backend has simulair entries.. but it seems indeed that your ldap database is corrupt.. Good luck Collen Louis van Belle wrote: This is somewhere a problem in you ldap database. if possible , try removing the database and rebuild it step by step. this way i resolved my The stub received bad data errors Louis -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens Douglas Sterner Verzonden: maandag 23 januari 2006 21:49 Aan: samba@lists.samba.org Onderwerp: [Samba] User Manager Using Suse ES9 SP2 with OpenLDAP backend with Samba 3.0.21pre I'm getting the following error. The stub received bad data Would you like to administer another domain? then User Manager closes when I select no. User Manager seems to work in limited fashion if Low speed connection is selected. This has worked fine until a few days ago and I have not made any changes. Thanks _ Don't just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] secrets failed
Ok found the problem, Seems that the Mysql_passwd backend is still not working.! (did worked in prev. versions!!) the thing that went wrong is that, pdb_sql wrote a machine name in ALL the fields of nt_fullname. (and screwed up some other fields) so all machine account became the same (and user too). I'll gonna try to setup a test environment to test and make the mysql back work again, if i have some time left!! do i need to make a bug report ?? Greetz, Collen Collen Blijenberg wrote: Well, i have a serious problem, all of an sudden samba rejects all my workstations and servers! my samba PDC reports back to me, secrets_fetch failed! nothing has changed, or altered.. it comes out of the blue! i did upgrade samba from 3.0.11 to 3.0.21, but that was 2 weeks ago, and the upgrade worked. (until now that is) going back to 3.0.11 didn't work, I'm kinda lost here.. suggestions might really help... thx Collen. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] secrets failed
Nope, sorry we had a vacantion last few weeks, so i didn't follow the pdb threads.. sorry.. (did i missed something (-; ) Grz. Collen. Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Collen Blijenberg wrote: Ok found the problem, Seems that the Mysql_passwd backend is still not working.! (did worked in prev. versions!!) the thing that went wrong is that, pdb_sql wrote a machine name in ALL the fields of nt_fullname. (and screwed up some other fields) so all machine account became the same (and user too). I'll gonna try to setup a test environment to test and make the mysql back work again, if i have some time left!! do i need to make a bug report ?? Collen, Have you followed the pdb threads from last week or so? If not, please file a bug and assign it to pdb_sql. That will notify the [EMAIL PROTECTED] maintainers. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDxRxNIR7qMdg1EfYRAq7kAJ4oYI7CBVvR8Ixpy9gA039OWx2b9gCeIHb7 Y0uRl6ueXfXPQOlHRsfpo5c= =1DB5 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] secrets failed
Well, i have a serious problem, all of an sudden samba rejects all my workstations and servers! my samba PDC reports back to me, secrets_fetch failed! nothing has changed, or altered.. it comes out of the blue! i did upgrade samba from 3.0.11 to 3.0.21, but that was 2 weeks ago, and the upgrade worked. (until now that is) going back to 3.0.11 didn't work, I'm kinda lost here.. suggestions might really help... thx Collen. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] secrets failed
Well, i have a serious problem, all of an sudden samba rejects all my workstations and servers! my samba PDC reports back to me, secrets_fetch failed! nothing has changed, or altered.. it comes out of the blue! i did upgrade samba from 3.0.11 to 3.0.21, but that was 2 weeks ago, and the upgrade worked. (until now that is) going back to 3.0.11 didn't work, I'm kinda lost here.. suggestions might really help... thx Collen. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Authentication problem with Mysql backend
Whoh man... did you create the unix user-account aswell ?? also try to change these settings: - encrypt passwords = YES - passdb backend = mysql:mysql - #mysql:username column = username: - #mysql:lanman pass column = lm_pw: - #mysql:nt pass column = nt_pw: - #mysql:plain pass column = plain_pw: - #mysql:unknown_3 column = NULL also what version of samba do you use ?? Rodrigo De la Pena wrote: hi, / i'm trying to configure samba with the mysql backend but it doesn't work. my smb.conf file is this: / #BOF [global] security = user workgroup = CABRERA encrypt passwords = no ;passdb backend = mysql:/usr/local/samba/lib/pdb/mysql.so passdb backend = mysql:mysql mysql:mysql host = localhost mysql:mysql user = samba mysql:mysql password = abmas mysql:mysql database = samba mysql:mysql table = user mysql:username column = username: mysql:lanman pass column = lm_pw: mysql:nt pass column = nt_pw: ;mysql:plain pass column = plain_pw: mysql:unknown_3 column = NULL #EOF / when i run smbclient it fails / [EMAIL PROTECTED] ~]# smbclient //localhost/rodelapena -U rodelapena -d 10 / the dir exists in the route showed up. //home2/rodelapena/ i don't know what is going on, the pdbedit command fails when i try to create an user but doesn't when i update it. I'm very new in samba, if you can help me with this problem i'll thank you ever. Thanks a lot. / -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.14a-Debian, MySQL Backend, Migration Problem
This would be a nice feature for future releases of samba. to be able to make a dump of your users/machine accounts. let's say an import/export function of user machine account.. it let's you migrate from differend passwd backend easely.. dunno just trying to help here, with some ideas.. Greets Collen Daniel Morlock wrote: Hi, I have an old system running Samba 3 with default passwd backend for about 30 users. Not I set up a new Samba 3.0.14a with mysql backend on another machine. I'd like to migrate the users from old system to the new system! I read through the official Samba HOWTOS and googled, but no useful concept of migration found. At the weekend I tested the following concept: - Configure the new server as BDC for the old server = Join the domain: net rpc join -S OLD_SERVER -w DOMNAME -U Administrator%passwd = Get the local SID with: net rcp getsid = Sync the old /var/lib/samba with the new /var/lib/samba = Sync the shared data and profiles = Sync /etc/passwd /etc/samba/smbpasswd /etc/group (Note: I decided to set up a default passwd backend, and if this is running, I change to mysql backend) After I changed the smb.conf I restarted the servers and I become the message from BDC: become domain logon server for DOMAIN. The testparm script tells me, that the smb.conf is set up correctly and it returns: Server role: ROLE_DOMAIN_BDC. A quick test was successful, I can login / logout from a domain user account on a windows xp station. Now I want to deactivate the old server and login with only the new server, so I shutdown the old server. A further login is working, BUT: I can login / logout without problems, so the authentification with BDC only is working! But I get the windows error message, that the group and user policies are wrong and therefore windows creates a new local profile. So my questions: - Have someone an idea to fix this problem? - Make my concept sense or does someone has a better concept? I hope you can help me with my problem. Regards, Daniel Morlock -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] mysql backend create user problem
Did you create the unix users before the mysql users ?? Greetz, Collen Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Edy Sulai wrote: | I have samba PDC (version 3.0.14a) working fine | before with smbpasswd backend. a few weeks ago, | we decide to move to mysql backend since we have email | server with mysql backend as well. I'm trying to use | one username and password for both email and samba | services. There were fixed to the pdb_mysql backend in 3.0.20a (we got new maintainers). Before you do anything, you sould retest against that release. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] mysql backend create user problem
The 3.0.20 version had a bug, so mysql passwd backend will not work the normal/standard way. did not tested the 3.0.20 a b version, but it might be fixed.. passdb backend = mysql:bmais bmais:mysql database = database bmais:mysql password = password bmais:mysql user = root bmais:mysql host = db.bmais.or.id bmais:table = bmais_or_id bmais:domain column = 'bmais.or.id' bmais:username column = pw_name: bmais:nt username column = pw_name: bmais:fullname column = pw_gecos: bmais:lanman pass column = pw_passwd: | - try to comment these out with #, your problem might be here. (but i'm not sure) Goodluck Edy Sulai wrote: Thanks for the quick response. yes, I did create unix users first. then proceed to create samba users. I tried upgrading samba version from 3.0.14a to 3.0.20, i still does the same thing. Now, I'm redoing all the samba works from scratch again. hopefully samba 3.0.20 doesn't give me the same problem. any idea what's wrong if samba pdb_mysql still behave this way? thanks Edy Did you create the unix users before the mysql users ?? Greetz, Collen Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Edy Sulai wrote: | I have samba PDC (version 3.0.14a) working fine | before with smbpasswd backend. a few weeks ago, | we decide to move to mysql backend since we have email | server with mysql backend as well. I'm trying to use | one username and password for both email and samba | services. There were fixed to the pdb_mysql backend in 3.0.20a (we got new maintainers). Before you do anything, you sould retest against that release. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Error compiling Samba for MySQL Support
Is this a mysql error, don't think so coz' the error is within system quota's. are you sure your system support system quota's ?? Collen Andrew Stephen wrote: Hi I am trying to recompile samba for MySQL support and get the following error Compiling lib/sysquotas_4A.c lib/sysquotas_4A.c: In function sys_get_vfs_quota: lib/sysquotas_4A.c:102: error: struct dqblk has no member named dqb_curblocks lib/sysquotas_4A.c:119: error: struct dqblk has no member named dqb_curblocks lib/sysquotas_4A.c:165: error: struct dqblk has no member named dqb_curblocks make: *** [lib/sysquotas_4A.o] Error 1 Any suggestions on how to get past it would be greatly appreciated. Cheers Andrew -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] error , mysql and samba
Yes it's necessary to make the unix users aswel unless you make a open system and use the nobody user. but then again you miss security and all..! Collen Dnebla wrote: hello everybody , before sorry bad english . my consults is , the configuration samba with passdb backend mysql , is necessary, create user unix system ? is necessary, adduser user ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] mod_ntlm_winbind on Apache vs. IE6, no POST method
Is the mod_ntlm_winbind already apache 2.XX ready ?? or is it still written for the 1.3.XX version ? Collen Andrew Bartlett wrote: On Mon, 2005-10-03 at 14:34 -0600, Todd Garrison wrote: Hello, I have setup mod_ntlm_winbind Firstly, I presume this is the version from lorikeet SVN? to provide authentication for an Apache 1.3.33 webserver running on Fedora Core 3. The authentication works, but I have run into a problem when using Internet Explorer. It seems that the problem might be with Internet Explorer itself, but here is what I think is happening - the browser will not submit any forms with a POST method on a website protected with NTLM Auth. Everything seems to work fine when using Firefox/Mozilla, but IE6 has a problem. Attached is the text extracted from a packet capture using both browsers: You can see that IE6 sends content-length: 0 and includes the NTLM hash again, whereas Firefox does not. Is this a bug in mod_ntlm_winbind, IE6, or just a configuration error? It looks like MSIE is avoiding resubmitting the POST twice for the multiple round trips of the NTLM exchange. Firefox is probably still sitting on an existing connection. So, I think the issue might be that apache is not handling the NTLM authentication request to the module, but we would need to see more server-side logs and a real (uncensored, unfortunately) packet capture. A small group of developers trying to take mod_ntlm_winbind further are gathering, I think we need to setup a public webpage and some contact details... Andrew Bartlett -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Production Release
You could already start with a stable version .. (3.0.20?) and upgrade later when the 20a or 21 version is released.. Laterz, Collen. [EMAIL PROTECTED] wrote: Hi, if i would start a production server on 1st of october, should i use 3.0.14a oder 3.0.20 or wait for 3.0.20a? Mit freundlichem Gruß, Dirk Laurenz Systems Engineer Fujitsu Siemens Computers S CE DE SE PS N/O Sales Central Europe Deutschland Professional Service Nord / Ost Hildesheimer Strasse 25 30880 Laatzen Germany Telephone: +49 (511) 84 89 - 18 08 Telefax:+49 (511) 84 89 - 25 18 08 Mobile: +49 (170) 22 10 781 Email: mailto:[EMAIL PROTECTED] Internet: http://www.fujitsu-siemens.com http://www.fujitsu-siemens.de/services/index.html *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Policy editor, policy's not(always)working
Hello, ya'll .. i got this problem, got a samba pdc and bdc up, running and syncing.. made some policy's with the good old poledit from NT4 now i have 2 groups. with 2 differend policy's group 1 - Teachers group 2 - Students. Default user - fallback these 2 groups kinda works, but once every time both groups fall back on the default user policy ? so the policy doesn't check the actual thing.. some how if a teacher logson, samba/windows falls back to the default user policy, even if he belongs to the teacher group ? now i made the default user the same as students, but now once every wile teachers complaining about missing links/policies ect ect ? i didn't noticed it before, but dunno is it a windows or samba bug ? (prob windows..!) annyway anny clues how to fix it, or work around it? Later - Collen Blijenberg (Systeem/Netwerk Beheerder) Montessori Lyceum Herman Jordan Zeist -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] user does not exist nsswitch/windind error
Well, in my case, i have samba running as a server, with auth. to 2 samba pbc/bdc servers this server uses winbind to resolve usernames and groups. i get the error: [ date ] nsswitch/winbind_user.c:winbind_getpwnam(159) user 'collen' does not exist. [ date ] nsswitch/winbind_user.c:winbind_getpwnam(159) user 'COLLEN' does not exist. and the user in question can not acces the shares. also, in the username, i miss the domain, coz other users who can acces the share, have the domain and username in the smb.log file it all started when i upgraded the pdb/bdc and fileserver to samba 3.0.7. shares and files on the pdc are going well, no prob's there. smb.conf (winbind part) winbind separator = + winbind cache time = 10 winbind enable local accounts = no winbind enum users = yes winbind enum groups= yes winbind use default domain = yes winbind nested groups = no winbind trusted domains only = np idmap gid = 1-2 idmap uid = 1-2 security = DOMAIN password server= pdc bdc - - Collen Blijenberg (Systeem/Netwerk Beheerder) Montessori Lyceum Herman Jordan Zeist -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Printing ask password
WEll got the printing all up and working (bsd) but we have 1 printer that is a little differend i need to setup a network printer, and if someone wants to print to it it should ask for a password (and/or username). the idea is that a studend who wants to print, gives a print job, and get's promted for a password, then the teacher have to aprove the print by entering a password. is this possible within samba (eg with pre exec command) or mayby to make printing allowed by 1 user, and if an other tries to print that he need to auth.again as a differend user ? does someone has a clue,hint or sugestion ?? (little things might work asswell) Greetings - Collen Blijenberg (Systeem/Netwerk Beheerder) Montessori Lyceum Herman Jordan Zeist -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re[2]: [Samba] backup posix-acl shares
Pax ans Star (and even and getfacl dump) are more for lokal backup's. i was thinking more of rdist, rsync or nfs4 (but i can't get posix acl to work in fc2) coz why make an archive first dist it, and unpackit again? actualy i was hoping to mount a samba share with smbfs then coping it local, but it looks like there are no acl's when mounting with smbfs ?? (or are there?) (but from a win box there are !??!) guess there must be more people with this problem.. just looking for a good and easy sollution for this backup issue!! thx, - Collen Blijenberg (Montessori Lyceum Herman Jordan) Monday, October 11, 2004, 5:17:40 PM, you wrote: JHT Collen, JHT You could use pax to backup ACLs. JHT - John T. JHT On Monday 11 October 2004 02:38, Collen Blijenberg MLHJ wrote: good day... well just need some good input on how to backup a samba server, and to preserve the posix-acl's.. got 1 pdc and 1 bdc running, but it seems that there isn't a good way to make a backup with acl.. nfs4 doesn't have anny good support for acl's (yet) so i tried to mount a samba share with mount -t smbfs.. no acl's there ?? so please is there a protocol/service that i can use, to backup my servers with posix acl. greetings.. - Collen Blijenberg (Systeem/Netwerk Beheerder) Montessori Lyceum Herman Jordan Zeist -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] backup posix-acl shares
good day... well just need some good input on how to backup a samba server, and to preserve the posix-acl's.. got 1 pdc and 1 bdc running, but it seems that there isn't a good way to make a backup with acl.. nfs4 doesn't have anny good support for acl's (yet) so i tried to mount a samba share with mount -t smbfs.. no acl's there ?? so please is there a protocol/service that i can use, to backup my servers with posix acl. greetings.. - Collen Blijenberg (Systeem/Netwerk Beheerder) Montessori Lyceum Herman Jordan Zeist -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
