[Samba] SID versus user-group name in Property windows
I have a weird issue when I wanna see Security Tab in the file property's. I dont see the user and group name's but only their SID. See pictures but when I add users and group acl on this file, I get their user and group name. If I close and reopen the propetu of this file, I get again the SID Someone know how to fix this issue?? My file server is a domain member of the PDC My PDC is on LDAP I use LDAP-auth on the file server this is my config on the file server [global] workgroup = DOMAINNAME server string = Samba Server security = server password server = PDCSERV log file = /var/log/samba/%m.log max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 load printers = No dns proxy = No #ldap ssl = no passdb backend = ldapsam:ldap://PDCSERV ldap suffix = dc=company,dc=com ldap machine suffix = ou=machines ldap user suffix = ou=People ldap group suffix = ou=Group ldap admin dn = cn=manager,dc=company,dc=com debuglevel = 10 -- Daniel ChÃnard Croesus Finansoft Inc. 2 Place Laval, Suite 510 Laval, Quebec Canada H7N 5N6 Site Web: www.croesus.com [EMAIL PROTECTED] Tel: +1 450-662-6101, 145 Fax: +1 450-662-3629 Please Note: The Light at the End of The Tunnel will be turned off until further notice due to budget cutbacks. --The Managemen -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] create_canon_ace_lists: unable to map SID
I have a samba server on linux with a LDAP DC, On a client server, I was do net join -S DOMSERV -Uadmin%PASSWORD and that's work The server member of DOMSERV have a share XFS filesystem. When I set manualy the acl (setfacl -m g:group:rwx the_file) It's ok, the other domain member see the ACL But when I set the acl with a Windows Workstation, that's don't work smbd/posix_acls.c:create_canon_ace_lists(1380) create_canon_ace_lists: unable to map SID my client smb.conf [global] workgroup = TOTODOM server string = Samba Server security = DOMAIN password server = domain-srv log file = /var/log/samba/%m.log max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 load printers = No dns proxy = No ldap ssl = no map acl inherit = Yes my server smb.conf [global] unix charset = ASCII workgroup = DOMSERV server string = Samba Server update encrypted = Yes passdb backend = ldapsam:ldap://192.168.53.58, guest passwd program = /usr/bin/smbpasswd %u passwd chat = *new*password* %n\n *new*password* %n\n *changed* passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* unix password sync = no encrypt passwords = Yes passwd chat debug = Yes log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 bind interfaces only = no interfaces = eth0 lo pam password change = yes add user script = /usr/bin/smbpasswd -a %u -D 256 delete user script = /usr/bin/smbpasswd -x %u -D 256 add machine script = /usr/bin/smbpasswd -m -a %u$ -D 256 logon script = netlogon.bat logon path = \\srv-image\profiles\%u logon drive = X: logon home = \\srv-image\%u domain logons = Yes os level = 65 preferred master = No domain master = Yes dns proxy = No ldap suffix = dc=domserv,dc=com ldap machine suffix = ou=hosts ldap user suffix = ou=People ldap group suffix = ou=Groups ldap admin dn = cn=manager,dc=domserv,dc=com #ldap delete dn = Yes #ldap trust ids = Yes ldap ssl = no ldap passwd sync = Yes admin users = Administrator root hosts allow = 192.168.53.0/255.255.255.0 127.0.0.1 #ldap filter = (&(uid=%u) (objectclass=sambaAccount)) ldap delete dn =yes Someone can help me?? -- Daniel ChÃnard Croesus Finansoft Inc. 2 Place Laval, Suite 510 Laval, Quebec Canada H7N 5N6 Site Web: www.croesus.com [EMAIL PROTECTED] Tel: +1 450-662-6101, 145 Fax: +1 450-662-3629 Please Note: The Light at the End of The Tunnel will be turned off until further notice due to budget cutbacks. --The Managemen -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] change password on w2k workstation
Hi!! I'm not able to change a user password on a workstation and with smbpasswd when I'm log. ex: [EMAIL PROTECTED] usertest]$ smbpasswd Old SMB password: New SMB password: Retype new SMB password: machine 127.0.0.1 rejected the password change: Error was : RAP86: The specified password is invalid. Failed to change password for usertest so when I'm root, that's work The log message for this case is: [2003/08/26 11:59:11, 0] auth/pampass.c:smb_pam_chauthtok(692) PAM: UNKNOWN PAM ERROR (19) for User: usertest [2003/08/26 11:59:11, 0] auth/pampass.c:smb_pam_passchange(848) smb_pam_passchange: PAM: Password Change Failed for user usertest! When I'm on a w2k workstation, the log say: [2003/08/26 12:04:53, 0] auth/pampass.c:smb_pam_chauthtok(692) PAM: UNKNOWN PAM ERROR (19) for User: usertest [2003/08/26 12:04:53, 0] auth/pampass.c:smb_pam_passchange(848) smb_pam_passchange: PAM: Password Change Failed for user usertest! My smb.conf is passdb backend = ldapsam:ldap://192.168.53.58, guest passwd program = /usr/bin/smbpasswd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* unix password sync = Yes encrypt passwords = Yes passwd chat debug = Yes logon script = netlogon.bat logon path = \\srv-image\profiles\%u logon drive = X: logon home = \\srv-image\%u domain logons = Yes os level = 65 preferred master = Yes domain master = Yes dns proxy = No ldap suffix = dc=mydomain,dc=com ldap machine suffix = ou=machines ldap user suffix = ou=People ldap group suffix = ou=Groups ldap admin dn = cn=manager,dc=mydomain,dc=com ldap delete dn = Yes ldap trust ids = Yes ldap ssl = no ldap passwd sync = Yes admin users = Administrator root hosts allow = 192.168.53.0/255.255.255.0 127.0.0.1 my slapd.conf index cn,sn,uid,displayName pres,sub,eq index uidNumber,gidNumber eq index sambaSIDeq index sambaPrimaryGroupSIDeq index sambaDomainName eq index objectClass eq index default sub access to dn=".*dc=unigiciel,dc=com" by self write by *read access to dn=".*dc=unigiciel,dc=com" attrs=userPassword,sambaLMPassword,sambaNTPassword by dn="cn=manager,dc=unigiciel,dc=com" write by self write by anonymous auth by * read my /etc/ldap.conf ssl no port389 rootbinddn cn=manager,dc=mydomain,dc=com pam_filter objectclass=posixAccount pam_login_attribute uid My samba version samba-3.0.0beta3-1 my pam login auth required /lib/security/pam_securetty.so auth required /lib/security/pam_nologin.so auth sufficient /lib/security/pam_ldap.so auth required /lib/security/pam_unix_auth.so try_first_pass accountsufficient /lib/security/pam_ldap.so accountrequired /lib/security/pam_unix_acct.so password required /lib/security/pam_cracklib.so password required /lib/security/pam_ldap.so password required /lib/security/pam_pwdb.so use_first_pass sessionsufficient /lib/security/pam_ldap.so sessionrequired /lib/security/pam_unix_session.so sessionoptional /lib/security/pam_console.so Someone can help me?? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba