[Samba] samba 3 acting as a samba 4 bdc
Hello I have a fileserver with samba 3.6.9 in a remote location, i have a few users there (4) but the network connectivity is not good, so i'm trying to setup some kind of validation cache, i have samba 4 on my main office, can i setup the fileserver to act as a bdc for the samba 4 or is not possible? Thanks in advance -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba4 internal dns update
Hello Last week we changed our ip range, every computer was shutdown and everything is working, but we are still getting the old ip address on the dns, my version is samba 4.0.3 and i am using internal dns This is the actual smb.conf [global] workgroup = MYCOMPANY realm = MYCOMPANY.COM.CO netbios name = DOMINIO server role = active directory domain controller idmap_ldb:use rfc2307 = yes dns forwarder = 8.8.8.8 wins support = Yes log level = 1 allow dns updates = True Any suggestions? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] getent group and net ads user info differs
Hello I have a samba 4.0.3 pdc and a samba 3.5.10 as a fileserver and i am having an issue that i like to share with you. I have a share son the samba 3 setup like this [Comercial] browsable = Yes comment = Comercial path = /shares2/Comercial valid users = @Ingenieria, @Mercadeo, @Comercial, @SIIF, @Costos, administrador, backup write list = @Comercial, @Mercadeo, @Ingenieria, administrador, claudiavillegas, manuelaparicio read list = @Comercial, @SIIF, ,@Almacen, @Costos, @Uruguay, @Ingenieria, backup force create mode = 666 force directory mode = 777 veto files = /*.exe/*.com/*.dll/*.mp3/*.bat/ As you can see the Comercial group is authorized to read and write, so i have this user lisanyurimicolta she is on the Comercial group: [root@srvfs audit]# net ads user info lisanyurimicolta Domain Users TerminalServer politicas3 SIIF Comercial [root@srvfs audit]# srvfs is my samba 3.x server, but then she can't write on the share, so i'm executing a getent group to validate that she is on that group for the winbind, but i get this [root@srvfs audit]# getent group comercial comercial:*:16777233:claralibreros,christiancano,danilocampo,anabedoya,guillerminagarcia,humbertocardona,marthamurillo,pruebas,yoancanabal,andreasaa,adrianazapata,jhonrealpe,maryamgamboa,jassonaperador,adolfotrullo,christhianjimenez,mariaguerrero,mariomunera,mauricioperdomo,melbaorejuela,paolagomez,richardordonez,ginagarces,juanagudelo,adrianalopez,andrespossu,dianaolano,yulymejia,edwinyepes,jenniferbazantes,ronaldduque,maribelgomez,linabanol,lauramulcue,johncastillo,luzgallego,giovannysotomayor,andresgutierrez,arlexcardona,jonathangaviria,victorianavia,andrescampino Why is this happening? any suggestions? Thanks for your help. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] getent group and net ads user info differs
Hello Kevin The group is on the samba AD and i don't have nis installed on this server, the nsswitch.conf is this. passwd: files winbind shadow: files winbind group: files winbind My OS is Centos 6.3 El 4/04/2013, a las 10:42, Shaw, Kevin kevin.s...@xerox.com escribió: Cristian, The group commercial is in /etc/group or NIS group? cat /etc/group | grep lisanyurimicolta ypcat -k group | grep lisanyurimicolta If group is configured correctly I would look at /etc/nsswitch.conf. I don't know what OS you are running, this is where name switching is configured in Solaris. HTH, -Kevin -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Cristian Saavedra Sent: Thursday, April 04, 2013 7:45 AM To: samba@lists.samba.org Subject: [Samba] getent group and net ads user info differs Hello I have a samba 4.0.3 pdc and a samba 3.5.10 as a fileserver and i am having an issue that i like to share with you. I have a share son the samba 3 setup like this [Comercial] browsable = Yes comment = Comercial path = /shares2/Comercial valid users = @Ingenieria, @Mercadeo, @Comercial, @SIIF, @Costos, administrador, backup write list = @Comercial, @Mercadeo, @Ingenieria, administrador, claudiavillegas, manuelaparicio read list = @Comercial, @SIIF, ,@Almacen, @Costos, @Uruguay, @Ingenieria, backup force create mode = 666 force directory mode = 777 veto files = /*.exe/*.com/*.dll/*.mp3/*.bat/ As you can see the Comercial group is authorized to read and write, so i have this user lisanyurimicolta she is on the Comercial group: [root@srvfs audit]# net ads user info lisanyurimicolta Domain Users TerminalServer politicas3 SIIF Comercial [root@srvfs audit]# srvfs is my samba 3.x server, but then she can't write on the share, so i'm executing a getent group to validate that she is on that group for the winbind, but i get this [root@srvfs audit]# getent group comercial comercial:*:16777233:claralibreros,christiancano,danilocampo,anabedoya,guillerminagarcia,humbertocardona,marthamurillo,pruebas,yoancanabal,andreasaa,adrianazapata,jhonrealpe,maryamgamboa,jassonaperador,adolfotrullo,christhianjimenez,mariaguerrero,mariomunera,mauricioperdomo,melbaorejuela,paolagomez,richardordonez,ginagarces,juanagudelo,adrianalopez,andrespossu,dianaolano,yulymejia,edwinyepes,jenniferbazantes,ronaldduque,maribelgomez,linabanol,lauramulcue,johncastillo,luzgallego,giovannysotomayor,andresgutierrez,arlexcardona,jonathangaviria,victorianavia,andrescampino Why is this happening? any suggestions? Thanks for your help. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] getent group and net ads user info differs
Fixed! [root@dominio Policies]# samba-tool dbcheck Checking 1394 objects ERROR: orphaned backlink attribute 'memberOf' in CN=lisanyurimicolta,CN=Users,DC=forsa,DC=com,DC=co for link member in CN=SIIF,CN=Users,DC=forsa,DC=com,DC=co Not removing orphaned backlink member ERROR: orphaned backlink attribute 'memberOf' in CN=lisanyurimicolta,CN=Users,DC=forsa,DC=com,DC=co for link member in CN=Comercial,CN=Users,DC=forsa,DC=com,DC=co Not removing orphaned backlink member ERROR: incorrect DN string component for member in object CN=SIIF,CN=Users,DC=forsa,DC=com,DC=co - GUID=7ba58aea-6479-41a6-9e7c-cf69e62aad35;CN=lisanyurimicolta,CN=Users,DC=forsa,DC=com,DC=co Not fixing incorrect string version of DN ERROR: incorrect DN string component for member in object CN=Comercial,CN=Users,DC=forsa,DC=com,DC=co - GUID=7ba58aea-6479-41a6-9e7c-cf69e62aad35;CN=lisanyurimicolta,CN=Users,DC=forsa,DC=com,DC=co Not fixing incorrect string version of DN Please use --fix to fix these errors Checked 1394 objects (4 errors) So i re ran the process with --fix and now i can see the user. El 4/04/2013, a las 12:24, Cristian Saavedra c...@asualcance.com escribió: Hello Kevin The group is on the samba AD and i don't have nis installed on this server, the nsswitch.conf is this. passwd: files winbind shadow: files winbind group: files winbind My OS is Centos 6.3 El 4/04/2013, a las 10:42, Shaw, Kevin kevin.s...@xerox.com escribió: Cristian, The group commercial is in /etc/group or NIS group? cat /etc/group | grep lisanyurimicolta ypcat -k group | grep lisanyurimicolta If group is configured correctly I would look at /etc/nsswitch.conf. I don't know what OS you are running, this is where name switching is configured in Solaris. HTH, -Kevin -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Cristian Saavedra Sent: Thursday, April 04, 2013 7:45 AM To: samba@lists.samba.org Subject: [Samba] getent group and net ads user info differs Hello I have a samba 4.0.3 pdc and a samba 3.5.10 as a fileserver and i am having an issue that i like to share with you. I have a share son the samba 3 setup like this [Comercial] browsable = Yes comment = Comercial path = /shares2/Comercial valid users = @Ingenieria, @Mercadeo, @Comercial, @SIIF, @Costos, administrador, backup write list = @Comercial, @Mercadeo, @Ingenieria, administrador, claudiavillegas, manuelaparicio read list = @Comercial, @SIIF, ,@Almacen, @Costos, @Uruguay, @Ingenieria, backup force create mode = 666 force directory mode = 777 veto files = /*.exe/*.com/*.dll/*.mp3/*.bat/ As you can see the Comercial group is authorized to read and write, so i have this user lisanyurimicolta she is on the Comercial group: [root@srvfs audit]# net ads user info lisanyurimicolta Domain Users TerminalServer politicas3 SIIF Comercial [root@srvfs audit]# srvfs is my samba 3.x server, but then she can't write on the share, so i'm executing a getent group to validate that she is on that group for the winbind, but i get this [root@srvfs audit]# getent group comercial comercial:*:16777233:claralibreros,christiancano,danilocampo,anabedoya,guillerminagarcia,humbertocardona,marthamurillo,pruebas,yoancanabal,andreasaa,adrianazapata,jhonrealpe,maryamgamboa,jassonaperador,adolfotrullo,christhianjimenez,mariaguerrero,mariomunera,mauricioperdomo,melbaorejuela,paolagomez,richardordonez,ginagarces,juanagudelo,adrianalopez,andrespossu,dianaolano,yulymejia,edwinyepes,jenniferbazantes,ronaldduque,maribelgomez,linabanol,lauramulcue,johncastillo,luzgallego,giovannysotomayor,andresgutierrez,arlexcardona,jonathangaviria,victorianavia,andrescampino Why is this happening? any suggestions? Thanks for your help. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] upgrade procedure
Hello I'm upgrading to 4.0.4 as far as i remember the samba_upgradeprovision must not be used, so i'm asking for the current upgrade procedure: - configure samba 4.0.4 - make - create current samba backup (just in case) - killall samba process - make install - run samba After that, the new binaries are in place, should i do something else? run an script? delete a file? anything? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] multiple dc's
Hello In our company we have 5 remote office, i'm trying to setup a replicated domain across this sites, using vpn, is multiple DCs soported? can i use the RODC option or is not yet implemented? I try top setup the replication between this servers but i'm starting to get several WERR_BADFILE error and now i get a WERR_DS_DRA_INTERNAL_ERROR Appreciate any help -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba rodc
Hello What is the status of the samba RODC? I'm trying to setup a PDC - RODC schema and this is what i do On my RODC kinit administrator then samba-tool domain join my domain.com rodc -U Administrator The sync is complete Committing SAM database Sending DsReplicateUpdateRefs for all the replicated partitions Setting RODC invocationId Setting isSynchronized and dsServiceName Setting up secrets database Joined domain FORSA (SID S-1-5-21-3380525496-3468030855-4252408690) as an RODC But after that i see this on my PDC log 2013/03/03 19:54:50, 0] ../source4/librpc/rpc/dcerpc_util.c:660(dcerpc_pipe_auth_recv) Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for e3514235-4b06-11d1-ab04-00c04fc2dcd2@ncacn_ip_tcp:37a0236c-89bb-481c-95e9-257682646e2a._msdcs.forsa.com.co[1024,seal,krb5] NT_STATUS_UNSUCCESSFUL And in my RODC i see this Default-First-Site-Name\BDC DSA Options: 0x0025 DSA object GUID: 37a0236c-89bb-481c-95e9-257682646e2a DSA invocationId: 64f4a862-309d-4a0d-a3de-5aa8998da68a INBOUND NEIGHBORS ERROR(runtime): DsReplicaGetInfo of type 0 failed - (8453, 'WERR_DS_DRA_ACCESS_DENIED') I don't know where else to search. Appreciate your help. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] estrange behavior with some users
Hello list We have migrated from our samba 3 domain to samba 4 and we are still trying to figure somethings I have two servers, one is my domain pdc named dominio, my other one is a fileserver with samba 3.6.6 named srvfs So, i've joined srvfs to my domain using net ads and everything is ok, i can see the users and validate them But i have a particular case with a few users, this is the case If i check the user ulisesbonilla on my domain, i can see this. root@dominio samba]# pdbedit -Lv ulisesbonilla Unix username:ulisesbonilla NT username: Account Flags:[U ] User SID: S-1-5-21-3380525496-3468030855-4252408690-5324 Primary Group SID:S-1-5-21-3380525496-3468030855-4252408690-513 Full Name:ulisesbonilla Home Directory: \\DOMINIO\ulisesbonilla HomeDir Drive:H: Logon Script: scripts\magaly.bat Profile Path: Domain: Account desc: ulisesbonilla Workstations: Munged dial: Logon time: 0 Logoff time: Mon, 18 Jan 2038 22:14:07 COT Kickoff time: Mon, 18 Jan 2038 22:14:07 COT Password last set:Sat, 02 Mar 2013 11:21:48 COT Password can change: Sat, 02 Mar 2013 11:21:48 COT Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FF [root@dominio samba]# on my fileserver (samba 3.6) i can see the user [root@srvfs ~]# net ads user info ulisesbonilla Domain Users SIIF TerminalServer politicas2 Logisticag But when the user tries to validate the samba always says NT_ACCESS_DENIED When i try to retrieve the user using getent passwd it returns nothing [root@srvfs log]# getent passwd ulisesbonilla [root@srvfs log]# however i can retrieve other users: [root@srvfs log]# getent passwd balco3 balco3:*:16777221:16777220::/home/balco3:/bin/bash [root@srvfs log]# There are a few users with this problem, has someone any suggestion? Thanks in advanced -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4 PDC to BDC file replication
Did you try using -X -A flags? Also you can try using getfacl and setfacl Enviado desde un dispositivo movil El 2/03/2013, a las 23:41, C Waddy craigwa...@gmail.com escribió: No luck so far with a suitable solution for file replication to BDC and retain ntfs perms.. After testing again with Rsync, it will not preserve NTFS permissions, no matter what flags are used? Glusterfs is cool but only for 64 Bit systems. There must be a solution to this with Samba4, anyone using a tested and working Method? Without the replication of folders/files with NTFS ACL's we can't use Samba4 in our Business which is very frustrating :( On Sat, Mar 2, 2013 at 10:06 AM, Ben Metcalfe bwmetca...@gmail.com wrote: Without inviting too many anti-CDDL flames; if you have ZFS on Linux working on your samba 4 box, a zfs send and receive should do the job well; preserving all file attributes and only transferring deltas. Plus you get all the usual ZFS benefits (snapshots, copy-on-write, check-summing), assuming you've got the RAM to make it work smoothly. http://zfsonlinux.org/ Has anyone tried this configuration? Ben On 1 March 2013 23:46, Gregory Sloop gr...@sloop.net wrote: Thanks. I asked this a few weeks back and didn't get much response. The half-hearted consensus was that rsync wouldn't do the job. [It seemed to me it should, as long as you're replicating between two DC members, and not to a non DC member. (Because, as I figured it, a non DC member wouldn't have any idea about the users/groups, since it's not replicating and of the DC data, right?)] Glad for any light you can shed - and thanks for letting me know it should work. I'll tinker with it when I'm to that point. -Greg JA On Thu, Feb 28, 2013 at 09:13:39PM -0800, Gregory Sloop wrote: I'm in the same boat, and I'm only aware of two possibilities. 1) Robocopy - using a Windows client. BUT Robocopy doesn't do file deltas - changed files are copied in their entirety. Which isn't a problem if you don't have large files. But if you've got a 10G file that changes often, then this probably isn't the best alternative. 2) http://www.bvckup.com/support/ [Bvckup] This also appears to be a Windows utility, but does handle file delta's. I have never used this tool and so can't vouch for it in any way. If you find a functional solution, that preferably can be used on the two Linux/Samba boxes to do file-deltas and still maintain the permissions - that would be best. One other option that might work: Rsync the data, and use robocopy to simply duplicate the permissions structure. [I believe this is possible.] JA rsync using -A (preserve ACLs) and -X (preserve extended attributes) JA and -o (preserve owner (super-user only)) and -g (preserve group) JA should copy thing perfectly. -- Gregory Sloop, Principal: Sloop Network Computer Consulting Voice: 503.251.0452 x82 EMail: gr...@sloop.net http://www.sloop.net --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Migrating from Internal DNS to bind9_dlz
You are running on bind, so you must disable the dns server on smb.conf file, or use the samba internal dns server. El 14/02/2013, a las 17:07, Thomas Simmons twsn...@gmail.com escribió: Hello, I'm not sure what I'm doing and still haven't been able to get this working. I've not been able to find any documentation. Can anyone offer some insight? So far I've: 1) Installed Bind 9.8.2 (from the CentOS repo) 2) Run 'samba_upgradedns --dns-backend=BIND9_DLZ' [root@DC1 var]# samba_upgradedns --dns-backend=BIND9_DLZ Reading domain information Looking up IPv4 addresses Looking up IPv6 addresses DNS accounts already exist No zone file /usr/local/samba/private/dns/internal.ama-inc.com.zone DNS records will be automatically created DNS partitions already exist dns-amadc1 account already exists See /usr/local/samba/private/named.conf for an example configuration include file for BIND and /usr/local/samba/private/named.txt for further documentation required for secure DNS updates Finished upgrading DNS 3) Add include /usr/local/samba/private/named.conf; to the end of /etc/named.conf (directly after other include statements) 4) Add tkey-gssapi-keytab /usr/local/samba/private/dns.keytab; under (inside) options{ 5) run chgrp named /usr/local/samba/private/dns.keytab and chmod g+r /usr/local/samba/private/dns.keytab Start Bind Start Samba4 I see this in log.samba [2013/02/14 16:15:39, 0] ../source4/smbd/service_stream.c:342(stream_setup_socket) Failed to listen on 0.0.0.0:53 - NT_STATUS_ADDRESS_ALREADY_ASSOCIATED [2013/02/14 16:15:39, 0] ../source4/dns_server/dns_server.c:616(dns_add_socket) Failed to bind to 0.0.0.0:53 TCP - NT_STATUS_ADDRESS_ALREADY_ASSOCIATED On Tue, Feb 5, 2013 at 3:10 PM, fe...@epepm.cupet.cu wrote: Hello All, I would like to migrate our production S4 instance from internal DNS to bind9_dlz. Has anyone else done this? Is it even possible? I did it using samba_upgradedns. Check this in your server: /usr/local/samba/sbin/samba_upgradedns --help -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] removing local policies
Hello Everyone We are upgrading to Samba4 from Samba 3.x, we got a fully functional domain over the last 4 years and we are trying to do our migration as smooth as possible. I have migrated, users, machines and everything to the new samba4 domain (not in production yet), however when i log and old machine from the samba 3.x domain to the samba 4 domains, the local policy still applies, i suppose is because the old policies uses ntconfig.pol that burns the change on the registry. I'd like to remove that policies without having to reinstall or recreate users, has anyone managed to do that? Thanks in advanced. Cristian Saavedra -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 in FreeBSD 9 i386 for Domain controller not working. Samba version 4.1.0 pre1-GIT cf15406
On 11/19/2012 11:03 AM, pccom frank wrote: Thank you Andrew! You are right. Let FreeBSD start its own Kerberos does not make sense since Samba4 has its own Kerberos. I can not get Samba4's Kerberos working. The following is the message I run Samba4. I am using the Samba4's internal DNS. I copied krb5.conf from /usr/local/samba/private to /etc after I run samba-tool domain provision. root@f10:/usr/local/samba/sbin # ./samba -i -M single samba version 4.1.0pre1-GIT-e6a100e started. Copyright Andrew Tridgell and the Samba Team 1992-2012 samba: using 'single' process model /usr/local/samba/sbin/samba_dnsupdate: Traceback (most recent call last): /usr/local/samba/sbin/samba_dnsupdate: File /usr/local/samba/sbin/samba_dnsupdate, line 507, in module /usr/local/samba/sbin/samba_dnsupdate: get_credentials(lp) /usr/local/samba/sbin/samba_dnsupdate: File /usr/local/samba/sbin/samba_dnsupdate, line 121, in get_credentials /usr/local/samba/sbin/samba_dnsupdate: creds.get_named_ccache(lp, ccachename) /usr/local/samba/sbin/samba_dnsupdate: RuntimeError: kinit for F10$@ F10.PCCOM.CA failed (Cannot contact any KDC for requested realm) /usr/local/samba/sbin/samba_dnsupdate: ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_ACCESS_DENIED Have you executed kinit before start samba? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba