Re: [Samba] Join AD domain using security = domain ?
Thanks Jerry. I thought the same too. I don't get a connection refused, it times out. Perhaps something on the LAN. It's a new AD setup running on HP blades for 1000+ users. I'll need to check with the MS admins. Thanks for your help. Greatly appreciated ! Keep well. Kind regards David Wilson D c D a t a CNS, CLS, Linux+ T: 0860-1-LINUX F: 0866878971 M: 0824147413 E: [EMAIL PROTECTED] W: http://www.dcdata.co.za - Original Message - From: "Gerald (Jerry) Carter" <[EMAIL PROTECTED]> To: "David Wilson" <[EMAIL PROTECTED]> Cc: Sent: Thursday, February 23, 2006 6:02 PM Subject: Re: [Samba] Join AD domain using security = domain ? -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David Wilson wrote: Ah excellent ! Thanks for your help Jerry. I came right. My only problem is that when a client connects to my Samba, Samba first attempts to connect to the AD DC on port 445 to authenticate the user - this times out after some seconds and then successfully goes through on port 139. Must be something on the AD DC that is stopping this ? Is there any way I can try forcing Samba to only use port 139 in thatrequest to the AD DC ? I've tried 'smb ports = 139' - this of course seems to be only for the 'server' side of Samba. If an AD server is rejecting connections on port 445, then something is wrong with the DC. Are you sure it's really an AD DC? Is this perhaps a mixed mode domain with NT4 BDCs? cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD/dyRIR7qMdg1EfYRAvkFAKCKwFjNHOzE3wtVfFT8JMe+1eP6mgCg3Gy/ 3QO/QnqSFXI98fv6XDQUbRo= =UjFn -END PGP SIGNATURE- -- This email and all contents are subject to the following disclaimer: http://www.dcdata.co.za/emaildisclaimer.html -- This email and all contents are subject to the following disclaimer: http://www.dcdata.co.za/emaildisclaimer.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Join AD domain using security = domain ?
Ah excellent ! Thanks for your help Jerry. I came right. My only problem is that when a client connects to my Samba, Samba first attempts to connect to the AD DC on port 445 to authenticate the user - this times out after some seconds and then successfully goes through on port 139. Must be something on the AD DC that is stopping this ? Is there any way I can try forcing Samba to only use port 139 in that request to the AD DC ? I've tried 'smb ports = 139' - this of course seems to be only for the 'server' side of Samba. Any ideas ? Kind regards David Wilson D c D a t a CNS, CLS, Linux+ T: 0860-1-LINUX F: 0866878971 M: 0824147413 E: [EMAIL PROTECTED] W: http://www.dcdata.co.za - Original Message - From: "Gerald (Jerry) Carter" <[EMAIL PROTECTED]> To: "David Wilson" <[EMAIL PROTECTED]> Cc: Sent: Wednesday, February 22, 2006 3:58 PM Subject: Re: [Samba] Join AD domain using security = domain ? -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 22 Feb 2006, David Wilson wrote: Hi guys, Is it possible to join an AD domain using NT style authentication ? i.e. security = domain in smb.conf and use 'net join rpc -W [MYADDOMAIN] When I tried this I get the following error: [2006/02/22 11:56:42, 0] rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel(2641) cli_rpc_pipe_open_schannel: failed to get schannel session key from server msu adserver for domain MYADDOMAIN. [2006/02/22 11:56:42, 0] utils/net_rpc_join.c:net_rpc_join_ok(61) Error connecting to NETLOGON pipe. Error was NT_STATUS_NO_TRUST_SAM_ACCOUNT Unable to join domain MYADDOMAIN. Schannel is on RPC connections so you will see the same processing regardless of how winbindd is configured. You can set 'client schannel = no' in smb.conf. What version of Samba is this.? cheers, jerry = I live in a Reply-to-All world. --- Samba--- http://www.samba.org Centeris --- http://www.centeris.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQFD/G4kIR7qMdg1EfYRApKAAKDYZ7xjn8/mY7Ume7nVnH8mtkShCgCgifz1 0rf30YyqVzKveX3UHvTdnC0= =zQy/ -END PGP SIGNATURE- -- This email and all contents are subject to the following disclaimer: http://www.dcdata.co.za/emaildisclaimer.html -- This email and all contents are subject to the following disclaimer: http://www.dcdata.co.za/emaildisclaimer.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Join AD domain using security = domain ?
Thanks Thomas. Samba-3.0.21b. My smb.conf is off-site. I'll send it if disabling the client schannel still does not work. Thanks for your help so far ! Kind regards David Wilson D c D a t a CNS, CLS, Linux+ T: 0860-1-LINUX F: 0866878971 M: 0824147413 E: [EMAIL PROTECTED] W: http://www.dcdata.co.za - Original Message - From: "Thomas Limoncelli" <[EMAIL PROTECTED]> To: Sent: Wednesday, February 22, 2006 3:48 PM Subject: Re: [Samba] Join AD domain using security = domain ? David Wilson wrote: Is it possible to join an AD domain using NT style authentication ? i.e. security = domain in smb.conf and use 'net join rpc -W [MYADDOMAIN] Been there. Done that. When I tried this I get the following error: [2006/02/22 11:56:42, 0] rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel(2641) cli_rpc_pipe_open_schannel: failed to get schannel session key from server msu adserver for domain MYADDOMAIN. [2006/02/22 11:56:42, 0] utils/net_rpc_join.c:net_rpc_join_ok(61) Error connecting to NETLOGON pipe. Error was NT_STATUS_NO_TRUST_SAM_ACCOUNT Unable to join domain MYADDOMAIN. You didn't post your Samba version and smb.conf, so we need to wild-guess. Try adding "client schannel = No" in [global]. -TL -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- This email and all contents are subject to the following disclaimer: http://www.dcdata.co.za/emaildisclaimer.html -- This email and all contents are subject to the following disclaimer: http://www.dcdata.co.za/emaildisclaimer.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Join AD domain using security = domain ?
Hi Jerry, Thanks for your reply. Cool. So I can just try 'client schannel = no' in the smb.conf and it should join ? This is samba-3.0.21b on Solaris 9 (SunOS5.9). Kind regards David Wilson D c D a t a CNS, CLS, Linux+ T: 0860-1-LINUX F: 0866878971 M: 0824147413 E: [EMAIL PROTECTED] W: http://www.dcdata.co.za - Original Message - From: "Gerald (Jerry) Carter" <[EMAIL PROTECTED]> To: "David Wilson" <[EMAIL PROTECTED]> Cc: Sent: Wednesday, February 22, 2006 3:58 PM Subject: Re: [Samba] Join AD domain using security = domain ? -BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 22 Feb 2006, David Wilson wrote: Hi guys, Is it possible to join an AD domain using NT style authentication ? i.e. security = domain in smb.conf and use 'net join rpc -W [MYADDOMAIN] When I tried this I get the following error: [2006/02/22 11:56:42, 0] rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel(2641) cli_rpc_pipe_open_schannel: failed to get schannel session key from server msu adserver for domain MYADDOMAIN. [2006/02/22 11:56:42, 0] utils/net_rpc_join.c:net_rpc_join_ok(61) Error connecting to NETLOGON pipe. Error was NT_STATUS_NO_TRUST_SAM_ACCOUNT Unable to join domain MYADDOMAIN. Schannel is on RPC connections so you will see the same processing regardless of how winbindd is configured. You can set 'client schannel = no' in smb.conf. What version of Samba is this.? cheers, jerry = I live in a Reply-to-All world. --- Samba--- http://www.samba.org Centeris --- http://www.centeris.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQFD/G4kIR7qMdg1EfYRApKAAKDYZ7xjn8/mY7Ume7nVnH8mtkShCgCgifz1 0rf30YyqVzKveX3UHvTdnC0= =zQy/ -END PGP SIGNATURE- -- This email and all contents are subject to the following disclaimer: http://www.dcdata.co.za/emaildisclaimer.html -- This email and all contents are subject to the following disclaimer: http://www.dcdata.co.za/emaildisclaimer.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Join AD domain using security = domain ?
Hi guys, Is it possible to join an AD domain using NT style authentication ? i.e. security = domain in smb.conf and use 'net join rpc -W [MYADDOMAIN] When I tried this I get the following error: [2006/02/22 11:56:42, 0] rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel(2641) cli_rpc_pipe_open_schannel: failed to get schannel session key from server msu adserver for domain MYADDOMAIN. [2006/02/22 11:56:42, 0] utils/net_rpc_join.c:net_rpc_join_ok(61) Error connecting to NETLOGON pipe. Error was NT_STATUS_NO_TRUST_SAM_ACCOUNT Unable to join domain MYADDOMAIN. Do you have to have 'security = ads' and use 'net join ads..', and also have Kerberos enabled ? Kind regards David Wilson D c D a t a CNS, CLS, Linux+ T: 0860-1-LINUX F: 0866878971 M: 0824147413 E: [EMAIL PROTECTED] W: http://www.dcdata.co.za -- This email and all contents are subject to the following disclaimer: http://www.dcdata.co.za/emaildisclaimer.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] sambaLogonHours and timezones
Thanks Jerry and Jim. Greatly appreciated. David Wilson CNS, CLS, Linux+ 033 3427003 082 4147413 0860-1-LINUX [EMAIL PROTECTED] - Original Message - From: "Gerald (Jerry) Carter" <[EMAIL PROTECTED]> To: "David Wilson" <[EMAIL PROTECTED]> Cc: ; <[EMAIL PROTECTED]> Sent: Wednesday, October 26, 2005 2:41 PM Subject: Re: [Samba] sambaLogonHours and timezones -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David Wilson wrote: | Hi Jerry, | | Thanks for your reply. | | Sound like what you've said is correct. | | Could it not be that the values being stored are in | GMT and that's why my clients (Windows XP) who are in | the SAST timezone (GMT+2) cannot log on two hours | before they would normally not be able to ? | Perhaps it's the NT User Manager running on XP that | is perhaps not picking up the correct timezone of | the XP desktop when we set the logon hours ? Perhaps | the NT User Manager believes it's in GMT ? | | A shot in the dark ? :) Could be. I've copied Jim McDonough on this this he has been poking with usrmgr.exe more than I have lately. I'm hoping (hey Jim :) ) that he'll be able to follow though with any untested corner cases here. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDX3ljIR7qMdg1EfYRAoKrAJ0WGn7o2DEAuCxqwTsEILPRdvb03gCeLCyU nPBRCJJdPFIlKwyGfNdpg6E= =+1Rz -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] sambaLogonHours and timezones
Hi Jerry, Thanks for your reply. Sound like what you've said is correct. Could it not be that the values being stored are in GMT and that's why my clients (Windows XP) who are in the SAST timezone (GMT+2) cannot log on two hours before they would normally not be able to ? My Samba server and all clients are all set in the same timezone. (SAST). Perhaps it's the NT User Manager running on XP that is perhaps not picking up the correct timezone of the XP desktop when we set the logon hours ? Perhaps the NT User Manager believes it's in GMT ? A shot in the dark ? :) Kind regards David Wilson CNS, CLS, Linux+ 033 3427003 082 4147413 0860-1-LINUX [EMAIL PROTECTED] - Original Message - From: "Gerald (Jerry) Carter" <[EMAIL PROTECTED]> To: "David Wilson" <[EMAIL PROTECTED]> Cc: Sent: Monday, October 24, 2005 3:48 PM Subject: Re: [Samba] sambaLogonHours and timezones -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David Wilson wrote: | Hi guys, | | Any ideas on this one ? I've really tried everything | now from what I can see. Sorry. Thought I had replied already but apparently not. |> The time on the server is set to localtime, the timezone |> set to SAST (GMT+2) as are all the XP workstations. |> The time on the server and workstations is correct. |> |> Any ideas why my values are out by 2 hours each time ? Samba does not manipulate the time value at all. It just returns the value to the client at logon time. So unless I'm missing something here in the code, the value must be stored in the client's timezone. So your comment about users not being able to logon 2 hours before the logon end time makes sense. Granted this is a bad design if you have clients set in different timezones. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc "There's an anonymous coward in all of us." --anonymous -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDXOYmIR7qMdg1EfYRAtu3AKC3BnR8EQHdPo+PCfqhFnkFTFRBLACg9KcU TL8PhC+QukHrQt/7OtlxDwg= =pCDJ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] sambaLogonHours and timezones
Hi guys, Any ideas on this one ? I've really tried everything now from what I can see. Could it be a problem with the SAST tmezone implementation under Linux ? Is there anyone else I can contact about this problem ? Kind regards David Wilson CNS, CLS, Linux+ 033 3427003 082 4147413 0860-1-LINUX [EMAIL PROTECTED] - Original Message - From: "David Wilson" <[EMAIL PROTECTED]> To: "Gerald (Jerry) Carter" <[EMAIL PROTECTED]> Cc: Sent: Wednesday, October 19, 2005 2:38 PM Subject: Re: [Samba] sambaLogonHours and timezones Hi Jerry, Thanks for your reply. The time on the server is set to localtime, the timezone set to SAST (GMT+2) as are all the XP workstations. The time on the server and workstations is correct. Any ideas why my values are out by 2 hours each time ? Thanks for your help so far. Kind regards David Wilson CNS, CLS, Linux+ 033 3427003 082 4147413 0860-1-LINUX [EMAIL PROTECTED] - Original Message - From: "Gerald (Jerry) Carter" <[EMAIL PROTECTED]> To: "David Wilson" <[EMAIL PROTECTED]> Cc: Sent: Wednesday, October 19, 2005 1:35 PM Subject: Re: [Samba] sambaLogonHours and timezones -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David Wilson wrote: | Hi guys/girls, | | How are you keeping ? | | A while ago I mentioned a problem that I'm picking up with Samba with | OpenLDAP and the "logon hours" restrictions which are implemented via | the NT 4.0 User Manager. | | Basically my problem was that users were unable to login 2 hours before | the actual restriction should kick in. | At the time I thought that perhaps the problem was caused by Slackware | Linux and it's timezone implementation of SAST (GMT+2). | Since then I've experienced the same problem on SLES9 and Suse Linux 9.3. | |> From what I can see, the "sambaLogonHours" value is always set with |> GMT in sambaLogonHours is localtime. Not GMT IIRC. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDVi+CIR7qMdg1EfYRAtOjAKDrZ7nl63r9N3t0lCU6mT5UNNW3PgCfcJGx PGEvZLagxfsG1UrX0XabuaY= =NWZc -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] sambaLogonHours and timezones
Hi Jerry, Thanks for your reply. The time on the server is set to localtime, the timezone set to SAST (GMT+2) as are all the XP workstations. The time on the server and workstations is correct. Any ideas why my values are out by 2 hours each time ? Thanks for your help so far. Kind regards David Wilson CNS, CLS, Linux+ 033 3427003 082 4147413 0860-1-LINUX [EMAIL PROTECTED] - Original Message - From: "Gerald (Jerry) Carter" <[EMAIL PROTECTED]> To: "David Wilson" <[EMAIL PROTECTED]> Cc: Sent: Wednesday, October 19, 2005 1:35 PM Subject: Re: [Samba] sambaLogonHours and timezones -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David Wilson wrote: | Hi guys/girls, | | How are you keeping ? | | A while ago I mentioned a problem that I'm picking up with Samba with | OpenLDAP and the "logon hours" restrictions which are implemented via | the NT 4.0 User Manager. | | Basically my problem was that users were unable to login 2 hours before | the actual restriction should kick in. | At the time I thought that perhaps the problem was caused by Slackware | Linux and it's timezone implementation of SAST (GMT+2). | Since then I've experienced the same problem on SLES9 and Suse Linux 9.3. | |> From what I can see, the "sambaLogonHours" value is always set with |> GMT in sambaLogonHours is localtime. Not GMT IIRC. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDVi+CIR7qMdg1EfYRAtOjAKDrZ7nl63r9N3t0lCU6mT5UNNW3PgCfcJGx PGEvZLagxfsG1UrX0XabuaY= =NWZc -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] sambaLogonHours and timezones
Hi guys, Any takers ? Kind regards David Wilson CNS, CLS, Linux+ 033 3427003 082 4147413 0860-1-LINUX [EMAIL PROTECTED] - Original Message - From: "David Wilson" <[EMAIL PROTECTED]> To: Sent: Saturday, October 15, 2005 2:16 PM Subject: sambaLogonHours and timezones Hi guys/girls, How are you keeping ? A while ago I mentioned a problem that I'm picking up with Samba with OpenLDAP and the "logon hours" restrictions which are implemented via the NT 4.0 User Manager. Basically my problem was that users were unable to login 2 hours before the actual restriction should kick in. At the time I thought that perhaps the problem was caused by Slackware Linux and it's timezone implementation of SAST (GMT+2). Since then I've experienced the same problem on SLES9 and Suse Linux 9.3. From what I can see, the "sambaLogonHours" value is always set with GMT in mind. Because in South Africa we are at GMT+2 Samba enforces restrictions 2 hours before it should. For example if users should only denied login access at 16:00, Samba is denying them access at 14:00. I've looked all over and cannot find a solution to the problem other than adding two hours to the logon hours restrictions for each user when using the NT User Manager tool. Does anyone know of a workaround for this ? Is there a way to get Samba to check the time zone on the server first and make calculations before writing values for the "sambaLogonHours" attribute ? Links/references: Explanation of feature: http://www.archive-two.com/new-2794385-2895.html http://lists.samba.org/archive/samba-technical/2004-December/038271.html http://archives.free.net.ph/message/20051006.181854.4d7c50dc.en.html http://archives.free.net.ph/message/20050701.071531.eeffd7e5.en.html http://lists.samba.org/archive/samba/2005-February/099778.html Thanks in advance. Kind regards David Wilson CNS, CLS, Linux+ 033 3427003 082 4147413 0860-1-LINUX -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] sambaLogonHours and timezones
Hi guys/girls, How are you keeping ? A while ago I mentioned a problem that I'm picking up with Samba with OpenLDAP and the "logon hours" restrictions which are implemented via the NT 4.0 User Manager. Basically my problem was that users were unable to login 2 hours before the actual restriction should kick in. At the time I thought that perhaps the problem was caused by Slackware Linux and it's timezone implementation of SAST (GMT+2). Since then I've experienced the same problem on SLES9 and Suse Linux 9.3. From what I can see, the "sambaLogonHours" value is always set with GMT in mind. Because in South Africa we are at GMT+2 Samba enforces restrictions 2 hours before it should. For example if users should only denied login access at 16:00, Samba is denying them access at 14:00. I've looked all over and cannot find a solution to the problem other than adding two hours to the logon hours restrictions for each user when using the NT User Manager tool. Does anyone know of a workaround for this ? Is there a way to get Samba to check the time zone on the server first and make calculations before writing values for the "sambaLogonHours" attribute ? Links/references: Explanation of feature: http://www.archive-two.com/new-2794385-2895.html http://lists.samba.org/archive/samba-technical/2004-December/038271.html http://archives.free.net.ph/message/20051006.181854.4d7c50dc.en.html http://archives.free.net.ph/message/20050701.071531.eeffd7e5.en.html http://lists.samba.org/archive/samba/2005-February/099778.html Thanks in advance. Kind regards David Wilson CNS, CLS, Linux+ 033 3427003 082 4147413 0860-1-LINUX -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Xp PCs intermittently requiring rejoin to domain
Hi guys and girls, I'm running Samba-3.0.4 as a PDC for about 40 workstations. It's been running perfectly for about 6 months. Suddenly in the last week two PCs have required that they be 'rejoined' to the domain. This seems to be happening every couple days or so. I've looked through the logs but can't find any clues about missing computer accounts etc. Any ideas why ? Thanks in advance. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Xp PCs intermittently requiring rejoin to domain
Hi guys and girls, I'm running Samba-3.0.4 as a PDC for about 40 workstations. It's been running perfectly for about 6 months. Suddenly in the last week two PCs have required that they be 'rejoined' to the domain. This seems to be happening every couple days or so. I've looked through the logs but can't find any clues about missing computer accounts etc. Any ideas why ? Thanks in advance. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Logon Hours problems (really stuck)
Hi guys, Any takers on this ? I'm really not sure where else to turn to ? Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." - Original Message - From: "David Wilson" <[EMAIL PROTECTED]> To: "Christoph Scheeder" <[EMAIL PROTECTED]> Cc: Sent: Wednesday, March 02, 2005 11:01 PM Subject: Re: [Samba] Re: Logon Hours problems (really stuck) Hi guys, Thanks for all your help with this but I'm still stuck. The logon hours restrictions worked 100% after I set the timezone to GMT and set the clock to our local time here in South Africa. I then upgraded the Samba version to 3.0.11 and suddenly the logon hours restrictions went wrong again. I've tried all combinations op "time offset" in the smb.conf and tried changing the timezone back to SAST but still no luck. I've now downgraded back to Samba-3.0.9 and set the timezone back to GMT however this time things still seem out by 2 hours e.g. 2 hours need to be added to the logon times to allow users to log in whereas before this seemed to work perfectly. Could this really be a Slackware Linux issue ? The timezone and time settings on the workstations are 100% correct. Any ideas are greatly appreciated. Many thanks. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." - Original Message - From: "Christoph Scheeder" <[EMAIL PROTECTED]> To: "David Wilson" <[EMAIL PROTECTED]> Cc: Sent: Saturday, February 05, 2005 10:51 AM Subject: Re: [Samba] Re: Logon Hours problems (really stuck) Hi, yes that definitly sounds like a problem with the timezone-settings on the local server, or a mismatch between timezones set on the server and the clients. Doubblecheck they are consistent and in sync. Last year i had on client pc of a customer beleave it was summertime but in fact that ended a week before. Result were, all files from this client stored to the samba server got timestamps 2 hours back in time. I guess if they had defined kickofftimes this machine would have been kicked 2 hours too early. doesn't that sound a little familiar to you? Fixed the clients timesetting and all was fine again. Christoph David Wilson schrieb: Hi Christoph, I haven't tried what you suggested yet however there is definitely something wrong with the time on my Samba server: In my smb.conf I have the following under my [netlogon] share which creates a log indicating user login times: preexec = echo "%u logged into %h from %m (%I) at %T running %a." >> /tmp/samba-login.log What is interesting is that the time indicated in my /tmp/samba-login.log is two hours behind the actual time on the server (which is synched to an international time server). This is what I get in the log: aw088 logged into tux from lab4_6_208 (10.0.6.208) at 2005/02/04 08:39:25 running WinXP. If I type "date" on the server this is what I get: Fri Feb 4 10:39:06 SAST 2005 As you can see, Samba believes it's two hours behind the actual (correct) time of the server. The "time offset = 120" option in the smb.conf does not seem to make any difference. Is this still related to the hardware clock issues etc. you've mentioned below ? Thanks for all your help so far, greatly appreciated. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! _______ "Computers are not intelligent. They only think they are." - Original Message - From: "Christoph Scheeder" <[EMAIL PROTECTED]> To: "David Wilson" <[EMAIL PROTECTED]> Cc: Sent: Thursday, February 03, 2005 11:44 AM Subject: Re: [Samba] Re: Logon Hours problems (really stuck) Hi, what i do is the following setup for linux-servers and time: 1.) set hardware-clock to GMT, 2.) tell the system the hardwareclock is set to GMT (how depends on distro) 3.) set local timezone to GMT+2 (again, depends on distro) 4.) check all win-Clients to have the correct timezone set after that your system-clock should be showing the correct time in linux, and samba should use the correct kickoff times. as a sideefect it gives you the possibility to use ntp to sync your clock with any timeserver out there in the internet. Christoph David Wilson schrieb: Hi
Re: [Samba] Re: Logon Hours problems (really stuck)
Hi guys, Thanks for all your help with this but I'm still stuck. The logon hours restrictions worked 100% after I set the timezone to GMT and set the clock to our local time here in South Africa. I then upgraded the Samba version to 3.0.11 and suddenly the logon hours restrictions went wrong again. I've tried all combinations op "time offset" in the smb.conf and tried changing the timezone back to SAST but still no luck. I've now downgraded back to Samba-3.0.9 and set the timezone back to GMT however this time things still seem out by 2 hours e.g. 2 hours need to be added to the logon times to allow users to log in whereas before this seemed to work perfectly. Could this really be a Slackware Linux issue ? The timezone and time settings on the workstations are 100% correct. Any ideas are greatly appreciated. Many thanks. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." - Original Message - From: "Christoph Scheeder" <[EMAIL PROTECTED]> To: "David Wilson" <[EMAIL PROTECTED]> Cc: Sent: Saturday, February 05, 2005 10:51 AM Subject: Re: [Samba] Re: Logon Hours problems (really stuck) Hi, yes that definitly sounds like a problem with the timezone-settings on the local server, or a mismatch between timezones set on the server and the clients. Doubblecheck they are consistent and in sync. Last year i had on client pc of a customer beleave it was summertime but in fact that ended a week before. Result were, all files from this client stored to the samba server got timestamps 2 hours back in time. I guess if they had defined kickofftimes this machine would have been kicked 2 hours too early. doesn't that sound a little familiar to you? Fixed the clients timesetting and all was fine again. Christoph David Wilson schrieb: Hi Christoph, I haven't tried what you suggested yet however there is definitely something wrong with the time on my Samba server: In my smb.conf I have the following under my [netlogon] share which creates a log indicating user login times: preexec = echo "%u logged into %h from %m (%I) at %T running %a." >> /tmp/samba-login.log What is interesting is that the time indicated in my /tmp/samba-login.log is two hours behind the actual time on the server (which is synched to an international time server). This is what I get in the log: aw088 logged into tux from lab4_6_208 (10.0.6.208) at 2005/02/04 08:39:25 running WinXP. If I type "date" on the server this is what I get: Fri Feb 4 10:39:06 SAST 2005 As you can see, Samba believes it's two hours behind the actual (correct) time of the server. The "time offset = 120" option in the smb.conf does not seem to make any difference. Is this still related to the hardware clock issues etc. you've mentioned below ? Thanks for all your help so far, greatly appreciated. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." - Original Message - From: "Christoph Scheeder" <[EMAIL PROTECTED]> To: "David Wilson" <[EMAIL PROTECTED]> Cc: Sent: Thursday, February 03, 2005 11:44 AM Subject: Re: [Samba] Re: Logon Hours problems (really stuck) Hi, what i do is the following setup for linux-servers and time: 1.) set hardware-clock to GMT, 2.) tell the system the hardwareclock is set to GMT (how depends on distro) 3.) set local timezone to GMT+2 (again, depends on distro) 4.) check all win-Clients to have the correct timezone set after that your system-clock should be showing the correct time in linux, and samba should use the correct kickoff times. as a sideefect it gives you the possibility to use ntp to sync your clock with any timeserver out there in the internet. Christoph David Wilson schrieb: Hi guys, Unfortunately this is still happening I've tried restarting Samba. Users who should be denied access after 21:00 are being denied access at 19:00. Our time zone in South Africa is GMT+2. Perhaps I should set the timezone on the server to UTC/GMT ? Do you think this will help ? Should I then leave the time set to the current time in South Africa ? Or should I set the time to the time at UTC/GMT ? There's something I must be missing here. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Li
Re: [Samba] Resource deadlock avoided
Hi Adnan, Thanks for your reply. Interesting. Mine is when I use smbmount and try to copy off a users 'active' Outlook .pst file. Anyone else know anything about this ? Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." - Original Message - From: "Adnan Yusuf" <[EMAIL PROTECTED]> To: Sent: Friday, February 25, 2005 10:11 PM Subject: RE: [Samba] Resource deadlock avoided Hello: I also have the same problem on files that, according to smbstatus, have: DenyMode: DENY_NONE Oplocks: NONE Strangely enough this is only happening for one Mac user. And even then this only happens for two of the 20+ files he's got open, and the only apparent difference between them is in the Access column: the offending files have Access: 0x3. If I use 'smbstatus -L', it lists files open on this user's computer, yet reports *no* locks when I use 'smbstatus -u -L'. An smbstatus bug, perhaps? Also, the '[Errno 35] Resource Deadlock Avoided' messages only started showing up after I upgraded the fileserver to: OS: Fedora Core 3 Kernel: 2.6.9-1.667 Samba: 3.0.11-1 What could be causing this problem? Any help would be greatly appreciated. Thanks! Regards, Adnan. -Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of David Wilson Sent: Monday, February 21, 2005 9:41 AM To: samba@lists.samba.org Subject: [Samba] Resource deadlock avoided Hi guys, How are you keeping ? I use 'smbmount' and a custom script to mount remote shares from Windows desktops and back them up to a Linux server. Everything works great except that I get "Resource deadlock avoided" when trying to copy 'Outlook.pst'. This of course is due to users' having their Outlook open when my backup script runs. Is anyone aware of a way to avoid the 'Resource deadlock avoided" error and still copy 'Outlook.pst' file ? I've had a look around but can't find too much info on this. Thanks in advance. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Logon Hours problems (really stuck)
Hi guys, I've finally got this working. All I did was set the timezone to GMT and then adjust the time using 'date' so that it matched our current localtime in South Africa. Everything now seems to work 100%. Could it be that Samba only follows GMT time ? Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." - Original Message - From: "Christoph Scheeder" <[EMAIL PROTECTED]> To: "David Wilson" <[EMAIL PROTECTED]> Cc: Sent: Saturday, February 05, 2005 10:51 AM Subject: Re: [Samba] Re: Logon Hours problems (really stuck) Hi, yes that definitly sounds like a problem with the timezone-settings on the local server, or a mismatch between timezones set on the server and the clients. Doubblecheck they are consistent and in sync. Last year i had on client pc of a customer beleave it was summertime but in fact that ended a week before. Result were, all files from this client stored to the samba server got timestamps 2 hours back in time. I guess if they had defined kickofftimes this machine would have been kicked 2 hours too early. doesn't that sound a little familiar to you? Fixed the clients timesetting and all was fine again. Christoph David Wilson schrieb: Hi Christoph, I haven't tried what you suggested yet however there is definitely something wrong with the time on my Samba server: In my smb.conf I have the following under my [netlogon] share which creates a log indicating user login times: preexec = echo "%u logged into %h from %m (%I) at %T running %a." >> /tmp/samba-login.log What is interesting is that the time indicated in my /tmp/samba-login.log is two hours behind the actual time on the server (which is synched to an international time server). This is what I get in the log: aw088 logged into tux from lab4_6_208 (10.0.6.208) at 2005/02/04 08:39:25 running WinXP. If I type "date" on the server this is what I get: Fri Feb 4 10:39:06 SAST 2005 As you can see, Samba believes it's two hours behind the actual (correct) time of the server. The "time offset = 120" option in the smb.conf does not seem to make any difference. Is this still related to the hardware clock issues etc. you've mentioned below ? Thanks for all your help so far, greatly appreciated. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." - Original Message - From: "Christoph Scheeder" <[EMAIL PROTECTED]> To: "David Wilson" <[EMAIL PROTECTED]> Cc: Sent: Thursday, February 03, 2005 11:44 AM Subject: Re: [Samba] Re: Logon Hours problems (really stuck) Hi, what i do is the following setup for linux-servers and time: 1.) set hardware-clock to GMT, 2.) tell the system the hardwareclock is set to GMT (how depends on distro) 3.) set local timezone to GMT+2 (again, depends on distro) 4.) check all win-Clients to have the correct timezone set after that your system-clock should be showing the correct time in linux, and samba should use the correct kickoff times. as a sideefect it gives you the possibility to use ntp to sync your clock with any timeserver out there in the internet. Christoph David Wilson schrieb: Hi guys, Unfortunately this is still happening I've tried restarting Samba. Users who should be denied access after 21:00 are being denied access at 19:00. Our time zone in South Africa is GMT+2. Perhaps I should set the timezone on the server to UTC/GMT ? Do you think this will help ? Should I then leave the time set to the current time in South Africa ? Or should I set the time to the time at UTC/GMT ? There's something I must be missing here. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Resource deadlock avoided
Hi guys, How are you keeping ? I use 'smbmount' and a custom script to mount remote shares from Windows desktops and back them up to a Linux server. Everything works great except that I get "Resource deadlock avoided" when trying to copy 'Outlook.pst'. This of course is due to users' having their Outlook open when my backup script runs. Is anyone aware of a way to avoid the 'Resource deadlock avoided" error and still copy 'Outlook.pst' file ? I've had a look around but can't find too much info on this. Thanks in advance. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] net vampire accounts of Windows 2000 AD
Hi Thomas, Thanks for your reply. Ok excellent ! I'll give it a try. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." - Original Message - From: "thomas constans" <[EMAIL PROTECTED]> To: "David Wilson" <[EMAIL PROTECTED]> Cc: "samba" Sent: Friday, February 11, 2005 10:21 AM Subject: Re: [Samba] net vampire accounts of Windows 2000 AD Le vendredi 11 février 2005 à 09:09 +0200, David Wilson a écrit : Hi guys, We are looking at migrating a Windows 2000 AD domain controller to Samba. Can the same "net vampire" procedure be used to migrate user accounts and passwords to the new Samba domain controller ? Any other pitfalls which you can think of off hand ? yes, i have succesfully done such a migration, in a test environnment. it is almost the same as with nt4 PDC migration. i followed http://samba.idealx.org/smbldap-howto.fr.html#htoc75 most difficult part is migrating user profiles, policies and such. good luck Many thanks. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." -- Thomas Constans http://www.opendoor.fr 04 78 68 17 34 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] net vampire accounts of Windows 2000 AD
Hi guys, We are looking at migrating a Windows 2000 AD domain controller to Samba. Can the same "net vampire" procedure be used to migrate user accounts and passwords to the new Samba domain controller ? Any other pitfalls which you can think of off hand ? Many thanks. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Logon Hours problems (Slackware)
Thanks for your reply. Wow ! That is weird. I've changed it to be UTC-based. hopefully it helps. If I'm still battling I'll try setting my time zone to Athens and see what happens ? Perhaps this will be fixed in Slackware 10.1 ? Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." - Original Message - From: <[EMAIL PROTECTED]> To: Sent: Tuesday, February 08, 2005 5:19 PM Subject: Re: [Samba] Re: Logon Hours problems (Slackware) My setup was also on Slackware 10, and the time zone was correct, but still the time was incorrect, and changing strangely on every reboot (it was a dual-boot machine). I suppose it is a bug in Slackware 10. Besides, even the time zone is the same as yours - GMT+2. /etc/localtome is a symlink to some file in /usr/share/zoneinfo. The fact is, Athens and Sofia are in the same time zone, but when symlink points to Athens, everything is o.k., when the symlink points to Sofia time is incorrect. On Tuesday 08 February 2005 08:13, David Wilson wrote: Oh hell ! Mmm.. :) I wonder how to solve this ? My /etc/localtime has a whole lot of gibberish in it, but it does say SAST at the end. I assume my timezone is set correctly then ? Perhaps I should just try setting the timezone to GMT/UTC ? Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." - Original Message ----- From: <[EMAIL PROTECTED]> To: "David Wilson" <[EMAIL PROTECTED]> Sent: Monday, February 07, 2005 1:27 PM Subject: Re: [Samba] Re: Logon Hours problems (Slackware) >I observed this problem on Slackware 10.0 :) > > On Sunday 06 February 2005 10:51, you wrote: >> Hi, >> >> Thanks for your reply. >> I'll check /etc/localtime and see if it's a similar thing to what you >> had. >> Thanks for your assistance. >> >> Just for reference this is a Slackware-10.0 box and the timezone was >> set >> to >> GMT+2 (SAST) by using "timeconfig". Perhaps someone else has picked up >> this >> issue when using Slackware too ? >> >> Kindest regards >> David Wilson >> ___ >> D c D a t a >> Tel +27 33 342 7003 >> Fax +27 33 345 4155 >> Cell +27 82 4147413 >> http://www.dcdata.co.za >> [EMAIL PROTECTED] >> Powered by Linux, driven by passion ! >> ___ >> >> "Computers are not intelligent. They only think they are." >> >> - Original Message - >> From: <[EMAIL PROTECTED]> >> To: >> Sent: Friday, February 04, 2005 1:45 PM >> Subject: Re: [Samba] Re: Logon Hours problems (really stuck) >> >> >I had some similar time problems with some versions of glibc. The >> >solution >> >was >> > to point the link /etc/localtime from Sofia to Athens (we are in the >> > same >> > time zone). May be you could point that to some other city in the >> > same >> > time >> > zone? >> > >> > On Thursday 03 February 2005 10:23, David Wilson wrote: >> >> Hi guys, >> >> >> >> Unfortunately this is still happening I've tried restarting Samba. >> >> Users >> >> who should be denied access after 21:00 are being denied access at >> >> 19:00. >> >> >> >> Our time zone in South Africa is GMT+2. Perhaps I should set the >> >> timezone on the server to UTC/GMT ? >> >> Do you think this will help ? Should I then leave the time set to >> >> the >> >> current time in South Africa ? Or should I set the time to the time >> >> at UTC/GMT ? >> >> >> >> There's something I must be missing here. >> >> >> >> Kindest regards >> >> David Wilson >> >> ___ >> >> D c D a t a >> >> Tel +27 33 342 7003 >> >> Fax +27 33 345 4155 >> >> Cell +27 82 4147413 >> >> http://www.dcdata.co.za >> >> [EMAIL PROTECTED] >> >> Powered by Linux, driven by passion ! >> >> ___ >> >> >> >> "Computers are not intelligent. They
Re: [Samba] Re: Logon Hours problems (Slackware)
Oh hell ! Mmm.. :) I wonder how to solve this ? My /etc/localtime has a whole lot of gibberish in it, but it does say SAST at the end. I assume my timezone is set correctly then ? Perhaps I should just try setting the timezone to GMT/UTC ? Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." - Original Message - From: <[EMAIL PROTECTED]> To: "David Wilson" <[EMAIL PROTECTED]> Sent: Monday, February 07, 2005 1:27 PM Subject: Re: [Samba] Re: Logon Hours problems (Slackware) I observed this problem on Slackware 10.0 :) On Sunday 06 February 2005 10:51, you wrote: Hi, Thanks for your reply. I'll check /etc/localtime and see if it's a similar thing to what you had. Thanks for your assistance. Just for reference this is a Slackware-10.0 box and the timezone was set to GMT+2 (SAST) by using "timeconfig". Perhaps someone else has picked up this issue when using Slackware too ? Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." - Original Message - From: <[EMAIL PROTECTED]> To: Sent: Friday, February 04, 2005 1:45 PM Subject: Re: [Samba] Re: Logon Hours problems (really stuck) >I had some similar time problems with some versions of glibc. The >solution >was > to point the link /etc/localtime from Sofia to Athens (we are in the > same > time zone). May be you could point that to some other city in the same > time > zone? > > On Thursday 03 February 2005 10:23, David Wilson wrote: >> Hi guys, >> >> Unfortunately this is still happening I've tried restarting Samba. >> Users >> who should be denied access after 21:00 are being denied access at >> 19:00. >> >> Our time zone in South Africa is GMT+2. Perhaps I should set the >> timezone on the server to UTC/GMT ? >> Do you think this will help ? Should I then leave the time set to the >> current time in South Africa ? Or should I set the time to the time at >> UTC/GMT ? >> >> There's something I must be missing here. >> >> Kindest regards >> David Wilson >> ___ >> D c D a t a >> Tel +27 33 342 7003 >> Fax +27 33 345 4155 >> Cell +27 82 4147413 >> http://www.dcdata.co.za >> [EMAIL PROTECTED] >> Powered by Linux, driven by passion ! >> ___ >> >> "Computers are not intelligent. They only think they are." >> >> - Original Message - >> From: "David Wilson" <[EMAIL PROTECTED]> >> To: "david rankin" <[EMAIL PROTECTED]>; "samba" >> >> Sent: Monday, January 31, 2005 8:48 AM >> Subject: Re: [Samba] Re: Logon Hours problems (really stuck) >> >> > Hi David, >> > >> > Nice name ! :) >> > >> > Thanks for your reply. >> > I'm pretty sure I did restart Samba, to double check I will restart >> > it >> > again this evening. >> > >> > Kindest regards >> > David Wilson >> > ___ >> > D c D a t a >> > Tel +27 33 342 7003 >> > Fax +27 33 345 4155 >> > Cell +27 82 4147413 >> > http://www.dcdata.co.za >> > [EMAIL PROTECTED] >> > Powered by Linux, driven by passion ! >> > ___ >> > >> > "Computers are not intelligent. They only think they are." >> > >> > - Original Message - >> > From: "david rankin" <[EMAIL PROTECTED]> >> > To: "samba" >> > Sent: Saturday, January 29, 2005 5:40 PM >> > Subject: Re: [Samba] Re: Logon Hours problems (really stuck) >> > >> >>> Hi guys, >> >>> >> >>> The "time offset" option unfortunately did not solve my problem. >> >>> Users that are meant to be kicked off at 21:00 keep getting kicked >> >>> off >> >>> at 19:00. The time on the server is right. >> >>> What else could be causing my problem ? >> >> >> >> If you made changes, did you remember to restart samba? (strange
Re: [Samba] Re: Logon Hours problems (Slackware)
Hi, Thanks for your reply. I'll check /etc/localtime and see if it's a similar thing to what you had. Thanks for your assistance. Just for reference this is a Slackware-10.0 box and the timezone was set to GMT+2 (SAST) by using "timeconfig". Perhaps someone else has picked up this issue when using Slackware too ? Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." - Original Message - From: <[EMAIL PROTECTED]> To: Sent: Friday, February 04, 2005 1:45 PM Subject: Re: [Samba] Re: Logon Hours problems (really stuck) I had some similar time problems with some versions of glibc. The solution was to point the link /etc/localtime from Sofia to Athens (we are in the same time zone). May be you could point that to some other city in the same time zone? On Thursday 03 February 2005 10:23, David Wilson wrote: Hi guys, Unfortunately this is still happening I've tried restarting Samba. Users who should be denied access after 21:00 are being denied access at 19:00. Our time zone in South Africa is GMT+2. Perhaps I should set the timezone on the server to UTC/GMT ? Do you think this will help ? Should I then leave the time set to the current time in South Africa ? Or should I set the time to the time at UTC/GMT ? There's something I must be missing here. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." - Original Message - From: "David Wilson" <[EMAIL PROTECTED]> To: "david rankin" <[EMAIL PROTECTED]>; "samba" Sent: Monday, January 31, 2005 8:48 AM Subject: Re: [Samba] Re: Logon Hours problems (really stuck) > Hi David, > > Nice name ! :) > > Thanks for your reply. > I'm pretty sure I did restart Samba, to double check I will restart it > again this evening. > > Kindest regards > David Wilson > ___ > D c D a t a > Tel +27 33 342 7003 > Fax +27 33 345 4155 > Cell +27 82 4147413 > http://www.dcdata.co.za > [EMAIL PROTECTED] > Powered by Linux, driven by passion ! > ___ > > "Computers are not intelligent. They only think they are." > > - Original Message - > From: "david rankin" <[EMAIL PROTECTED]> > To: "samba" > Sent: Saturday, January 29, 2005 5:40 PM > Subject: Re: [Samba] Re: Logon Hours problems (really stuck) > >>> Hi guys, >>> >>> The "time offset" option unfortunately did not solve my problem. >>> Users that are meant to be kicked off at 21:00 keep getting kicked >>> off >>> at 19:00. The time on the server is right. >>> What else could be causing my problem ? >> >> If you made changes, did you remember to restart samba? (stranger >> things >> have happened) >> >> -- >> David C. Rankin, J.D., P.E. >> RANKIN LAW FIRM, PLLC >> 510 Ochiltree Street >> Nacogdoches, Texas 75961 >> (936) 715-9333 >> (936) 715-9339 fax >> www.rankin-bertin.com >> -- >> - Original Message - >> From: "David Wilson" <[EMAIL PROTECTED]> >> To: >> Sent: Saturday, January 29, 2005 5:01 AM >> Subject: [Samba] Re: Logon Hours problems (really stuck) >> >>> Hi guys, >>> >>> I'm really sorry to bother you with this but I'm really battling and >>> can't find any info to solve my problem. >>> Please have a look at my issue below and give me some guidance as to >>> what could be causing it. >>> >>> Thanks in advance. >>> >>> Kindest regards >>> David Wilson >>> ___ >>> D c D a t a >>> Tel +27 33 342 7003 >>> Fax +27 33 345 4155 >>> Cell +27 82 4147413 >>> http://www.dcdata.co.za >>> [EMAIL PROTECTED] >>> Powered by Linux, driven by passion ! >>> ___ >>> >>> "Computers are not intelligent. They only think they are." >>> >>> - Original Message - >>> From: David Wilson >>> To: samba@lists.samba.org >>> Sent: Thursday, January 27, 2005 3:43 PM >>> Subject: Re: Logon Hours problems >>>
Re: [Samba] Re: Logon Hours problems (really stuck)
Hi Christoph, Thanks for your help with this. I will go onsite to the check the time/timezone settings on the client PCs on Monday and see where things are going wrong. I'm sure I'll track it down. Your assistance is greatly appreciated. Keep well. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." - Original Message - From: "Christoph Scheeder" <[EMAIL PROTECTED]> To: "David Wilson" <[EMAIL PROTECTED]> Cc: Sent: Saturday, February 05, 2005 10:51 AM Subject: Re: [Samba] Re: Logon Hours problems (really stuck) Hi, yes that definitly sounds like a problem with the timezone-settings on the local server, or a mismatch between timezones set on the server and the clients. Doubblecheck they are consistent and in sync. Last year i had on client pc of a customer beleave it was summertime but in fact that ended a week before. Result were, all files from this client stored to the samba server got timestamps 2 hours back in time. I guess if they had defined kickofftimes this machine would have been kicked 2 hours too early. doesn't that sound a little familiar to you? Fixed the clients timesetting and all was fine again. Christoph David Wilson schrieb: Hi Christoph, I haven't tried what you suggested yet however there is definitely something wrong with the time on my Samba server: In my smb.conf I have the following under my [netlogon] share which creates a log indicating user login times: preexec = echo "%u logged into %h from %m (%I) at %T running %a." >> /tmp/samba-login.log What is interesting is that the time indicated in my /tmp/samba-login.log is two hours behind the actual time on the server (which is synched to an international time server). This is what I get in the log: aw088 logged into tux from lab4_6_208 (10.0.6.208) at 2005/02/04 08:39:25 running WinXP. If I type "date" on the server this is what I get: Fri Feb 4 10:39:06 SAST 2005 As you can see, Samba believes it's two hours behind the actual (correct) time of the server. The "time offset = 120" option in the smb.conf does not seem to make any difference. Is this still related to the hardware clock issues etc. you've mentioned below ? Thanks for all your help so far, greatly appreciated. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." - Original Message - From: "Christoph Scheeder" <[EMAIL PROTECTED]> To: "David Wilson" <[EMAIL PROTECTED]> Cc: Sent: Thursday, February 03, 2005 11:44 AM Subject: Re: [Samba] Re: Logon Hours problems (really stuck) Hi, what i do is the following setup for linux-servers and time: 1.) set hardware-clock to GMT, 2.) tell the system the hardwareclock is set to GMT (how depends on distro) 3.) set local timezone to GMT+2 (again, depends on distro) 4.) check all win-Clients to have the correct timezone set after that your system-clock should be showing the correct time in linux, and samba should use the correct kickoff times. as a sideefect it gives you the possibility to use ntp to sync your clock with any timeserver out there in the internet. Christoph David Wilson schrieb: Hi guys, Unfortunately this is still happening I've tried restarting Samba. Users who should be denied access after 21:00 are being denied access at 19:00. Our time zone in South Africa is GMT+2. Perhaps I should set the timezone on the server to UTC/GMT ? Do you think this will help ? Should I then leave the time set to the current time in South Africa ? Or should I set the time to the time at UTC/GMT ? There's something I must be missing here. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Logon Hours problems (really stuck)
Hi Christoph, I haven't tried what you suggested yet however there is definitely something wrong with the time on my Samba server: In my smb.conf I have the following under my [netlogon] share which creates a log indicating user login times: preexec = echo "%u logged into %h from %m (%I) at %T running %a." >> /tmp/samba-login.log What is interesting is that the time indicated in my /tmp/samba-login.log is two hours behind the actual time on the server (which is synched to an international time server). This is what I get in the log: aw088 logged into tux from lab4_6_208 (10.0.6.208) at 2005/02/04 08:39:25 running WinXP. If I type "date" on the server this is what I get: Fri Feb 4 10:39:06 SAST 2005 As you can see, Samba believes it's two hours behind the actual (correct) time of the server. The "time offset = 120" option in the smb.conf does not seem to make any difference. Is this still related to the hardware clock issues etc. you've mentioned below ? Thanks for all your help so far, greatly appreciated. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." - Original Message ----- From: "Christoph Scheeder" <[EMAIL PROTECTED]> To: "David Wilson" <[EMAIL PROTECTED]> Cc: Sent: Thursday, February 03, 2005 11:44 AM Subject: Re: [Samba] Re: Logon Hours problems (really stuck) Hi, what i do is the following setup for linux-servers and time: 1.) set hardware-clock to GMT, 2.) tell the system the hardwareclock is set to GMT (how depends on distro) 3.) set local timezone to GMT+2 (again, depends on distro) 4.) check all win-Clients to have the correct timezone set after that your system-clock should be showing the correct time in linux, and samba should use the correct kickoff times. as a sideefect it gives you the possibility to use ntp to sync your clock with any timeserver out there in the internet. Christoph David Wilson schrieb: Hi guys, Unfortunately this is still happening I've tried restarting Samba. Users who should be denied access after 21:00 are being denied access at 19:00. Our time zone in South Africa is GMT+2. Perhaps I should set the timezone on the server to UTC/GMT ? Do you think this will help ? Should I then leave the time set to the current time in South Africa ? Or should I set the time to the time at UTC/GMT ? There's something I must be missing here. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Logon Hours problems (really stuck)
Hi guys, Unfortunately this is still happening I've tried restarting Samba. Users who should be denied access after 21:00 are being denied access at 19:00. Our time zone in South Africa is GMT+2. Perhaps I should set the timezone on the server to UTC/GMT ? Do you think this will help ? Should I then leave the time set to the current time in South Africa ? Or should I set the time to the time at UTC/GMT ? There's something I must be missing here. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." - Original Message - From: "David Wilson" <[EMAIL PROTECTED]> To: "david rankin" <[EMAIL PROTECTED]>; "samba" Sent: Monday, January 31, 2005 8:48 AM Subject: Re: [Samba] Re: Logon Hours problems (really stuck) Hi David, Nice name ! :) Thanks for your reply. I'm pretty sure I did restart Samba, to double check I will restart it again this evening. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." - Original Message - From: "david rankin" <[EMAIL PROTECTED]> To: "samba" Sent: Saturday, January 29, 2005 5:40 PM Subject: Re: [Samba] Re: Logon Hours problems (really stuck) Hi guys, The "time offset" option unfortunately did not solve my problem. Users that are meant to be kicked off at 21:00 keep getting kicked off at 19:00. The time on the server is right. What else could be causing my problem ? If you made changes, did you remember to restart samba? (stranger things have happened) -- David C. Rankin, J.D., P.E. RANKIN LAW FIRM, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 (936) 715-9333 (936) 715-9339 fax www.rankin-bertin.com -- - Original Message - From: "David Wilson" <[EMAIL PROTECTED]> To: Sent: Saturday, January 29, 2005 5:01 AM Subject: [Samba] Re: Logon Hours problems (really stuck) Hi guys, I'm really sorry to bother you with this but I'm really battling and can't find any info to solve my problem. Please have a look at my issue below and give me some guidance as to what could be causing it. Thanks in advance. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." - Original Message ----- From: David Wilson To: samba@lists.samba.org Sent: Thursday, January 27, 2005 3:43 PM Subject: Re: Logon Hours problems Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." - Original Message - From: David Wilson To: samba@lists.samba.org Sent: Tuesday, January 25, 2005 10:16 PM Subject: Re: Logon Hours problems I've found the "time offset" option from the smb.conf man page. In South Africa we are GMT+2, so I've set "time offset = 120" in my smb.conf. Do you think this is the right thing to do ? Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." - Original Message - From: David Wilson To: samba@lists.samba.org Sent: Tuesday, January 25, 2005 2:11 PM Subject: Logon Hours problems More information on my problem below. It seems that users that were only meant to kicked off at 21:00 were kicked off at 19:00. I've checked the time and timezone on the Linux server and all seems correct. I think I've messed up something somewhere to do with Samba and time and Logon Hours restrictions. Please point me in the right direction. Many thanks David Wilson From: "David Wilson" <[EMAIL PROTECTED]> To: Sent: Sunday, January 23, 2005 6:26 PM Subject: [Samba] Logon hours Hi guys, Sorry to bug you on this. Any ideas on my query below ? I saw something about all samba-3.x versions requiring a patch to implement the logon hours restrictions 100% ?
Re: [Samba] Veto files applied per group
Hi Malte, Unfortunately still no luck with this one. Any ideas why ? Thanks for your help. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." - Original Message - From: "David Wilson" <[EMAIL PROTECTED]> To: ""M. Müller"" <[EMAIL PROTECTED]>; Sent: Monday, January 31, 2005 8:44 PM Subject: Re: [Samba] Veto files applied per group Hi Malte, Sorry to bug you with this, but I've tried it and it does not seem to work - perhaps something I've missed ? Running "testparm" gives me the following error: "Can't find include file /usr/local/samba/lib/%g-smb.conf" In my smb.conf I have the following: comment = Home Directories read only = no create mask = 0600 directory mask = 0700 browseable = no include = /usr/local/samba/lib/%g-smb.conf In the /usr/local/samba/lib/students-smb.conf file I have only the following: veto files = /*.mp3/*.avi/*.mpg/ Running smbmount and mounting the share as the user who is a student and writing a .mp3 file to the share works perfectly when it should be denied. When I do this I get the same "can't find include file..." error before smbmount actually mounts the share. I've tried various things including "%G" instead of "%g" etc. It just seems that Samba is not expanding the %G or %g variables. Any ideas ? Thank you for your assistance. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." - Original Message - From: ""M. Müller"" <[EMAIL PROTECTED]> To: "David Wilson" <[EMAIL PROTECTED]>; Sent: Monday, January 31, 2005 11:56 AM Subject: Re: [Samba] Veto files applied per group ReHi, You could also include just a students.conf or students-home.conf in the [home] Definition: [home] path=/home ... include %G-home.conf If there is no %G-home.conf e.g. teachers-home.conf, then nothing is included. Otherwise the definitions are overwritten or extended by the %G-home.conf. You just have to write less lines. HTH, Malte Mueller David Wilson schrieb: Hi guys, I use "veto files = /.mp3/.mpg/" etc. on the [homes] share to prevent users from storing media files on a Samba server in the home directories. My client now wishes to make this restriction apply to users who are members of only certain groups. E.g. This restriction must apply to users who are members of the "Students" group and not apply to users in the "Teachers" group. I was thinking of having a blank smb.conf file with only the following in it: include = /etc/samba/smb.conf.%G Then having two smb.conf files, namely smb.conf.Teachers and smb.conf.Students. The smb.conf.Students file would have the entire config file and the "veto files" parameter. The smb.conf.Teachers file would have the entire config file but without the "veto files" parameter. Makes sense ? Is there perhaps a better way to do this ? Many thanks Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba log analysis and report
Hi Ilia, Thanks for your reply. Ah, of course ! Thank you so much. I'll give it a try. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." - Original Message - From: "Ilia Chipitsine" <[EMAIL PROTECTED]> To: "David Wilson" <[EMAIL PROTECTED]> Cc: "Steven Kurylo" <[EMAIL PROTECTED]>; Sent: Wednesday, February 02, 2005 8:56 AM Subject: Re: [Samba] Samba log analysis and report Hi Steven, Thanks for your reply. That sounds like a good idea. When you say "connects at logon" do you mean users map a drive to the "time" share ? What would prevent a user from manually disconnecting the mapped drive ? This will be implemented in a school, you know how kids are ? :) you can put "net use k: \\server\share /yes /persistent" to logon script it will definetly keep people from manually disconnecting drives Thank you for your assistance so far, greatly appreciated. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." - Original Message - From: "Steven Kurylo" <[EMAIL PROTECTED]> To: "David Wilson" <[EMAIL PROTECTED]> Sent: Monday, January 31, 2005 11:20 PM Subject: Re: [Samba] Samba log analysis and report David Wilson wrote: Hi Malte, Thanks for helping me out with this. My preexec script on netlogon is working well for logging logins etc. Any ideas how I could log logoffs ? If I get users to always shutdown their PCs ? For windows XP I've added a user logoff script which disconnects from the share time (which they connect to on log on). The share time has pre/post scripts attached to it which log the user, time, and machine. The share isn't used for anything else. Its working well for us. -- Steven Kurylo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba log analysis and report
Hi Aaron, Thanks for your reply. Wow ! That's brilliant ! I've now implemented the "deadtime" option and my utmp stats are working nicely. I'm using a Slackware-10.0 Linux server with OpenLDAP as the backend. Thank you so much for your help, greatly appreciated ! Keep well. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." - Original Message - From: "Aaron J. Zirbes" <[EMAIL PROTECTED]> To: "David Wilson" <[EMAIL PROTECTED]> Cc: Sent: Tuesday, February 01, 2005 5:15 PM Subject: Re: [Samba] Samba log analysis and report Dave, I use the --with-utmp support (if your system supports it). You can then view logon times using `last` I know on my FreeBSD server (PDC) I can save my accounting info, and get monthly summary totals for all my user's usage rates (who's hitting the server the most via the `ac` command) My RedHat server don't seem to have this installed, but I'm sure that with a google you could get it running on a Linux machine as well. I use this in combo w/ the deadtime = 10 option in smb.conf to automatically disconnect inactive sessions so my utmp, and wtmp logs are a little more accurate. P.S. the acccounting department loves these because they bill users computing support ISOs according to different usage levels. I combine this with data from my SQL server logs, and wala... I can see who my power users are, and who my technophobes are. -- Aaron Zirbes David Wilson wrote: Hi guys, Does anyone know of some decent Samba log analysis software that will report things like user logon/logoff times, computer names etc. ? Thanks in advance. Kindest regards David Wilson -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba log analysis and report
Hi Steven, Thanks for your reply. That sounds like a good idea. When you say "connects at logon" do you mean users map a drive to the "time" share ? What would prevent a user from manually disconnecting the mapped drive ? This will be implemented in a school, you know how kids are ? :) Thank you for your assistance so far, greatly appreciated. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." - Original Message - From: "Steven Kurylo" <[EMAIL PROTECTED]> To: "David Wilson" <[EMAIL PROTECTED]> Sent: Monday, January 31, 2005 11:20 PM Subject: Re: [Samba] Samba log analysis and report David Wilson wrote: Hi Malte, Thanks for helping me out with this. My preexec script on netlogon is working well for logging logins etc. Any ideas how I could log logoffs ? If I get users to always shutdown their PCs ? For windows XP I've added a user logoff script which disconnects from the share time (which they connect to on log on). The share time has pre/post scripts attached to it which log the user, time, and machine. The share isn't used for anything else. Its working well for us. -- Steven Kurylo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba log analysis and report
Hi Malte, Thanks for helping me out with this. My preexec script on netlogon is working well for logging logins etc. Any ideas how I could log logoffs ? If I get users to always shutdown their PCs ? Thank you for all your assistance so far. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." - Original Message - From: ""M. Müller"" <[EMAIL PROTECTED]> To: "David Wilson" <[EMAIL PROTECTED]>; Sent: Monday, January 31, 2005 12:01 PM Subject: Re: [Samba] Samba log analysis and report Hi, you could also use the [netlogon] and execute a preexec script there that writes %U, %I and whatever in a database. You will never get logoff times reliably, only if you could convince all your users to allways shutdown their PC and not simply switch it off. Kind regards, Malte Mueller David Wilson schrieb: Hi guys, Does anyone know of some decent Samba log analysis software that will report things like user logon/logoff times, computer names etc. ? Thanks in advance. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Veto files applied per group
Hi Malte, Sorry to bug you with this, but I've tried it and it does not seem to work - perhaps something I've missed ? Running "testparm" gives me the following error: "Can't find include file /usr/local/samba/lib/%g-smb.conf" In my smb.conf I have the following: comment = Home Directories read only = no create mask = 0600 directory mask = 0700 browseable = no include = /usr/local/samba/lib/%g-smb.conf In the /usr/local/samba/lib/students-smb.conf file I have only the following: veto files = /*.mp3/*.avi/*.mpg/ Running smbmount and mounting the share as the user who is a student and writing a .mp3 file to the share works perfectly when it should be denied. When I do this I get the same "can't find include file..." error before smbmount actually mounts the share. I've tried various things including "%G" instead of "%g" etc. It just seems that Samba is not expanding the %G or %g variables. Any ideas ? Thank you for your assistance. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." ----- Original Message - From: ""M. Müller"" <[EMAIL PROTECTED]> To: "David Wilson" <[EMAIL PROTECTED]>; Sent: Monday, January 31, 2005 11:56 AM Subject: Re: [Samba] Veto files applied per group ReHi, You could also include just a students.conf or students-home.conf in the [home] Definition: [home] path=/home ... include %G-home.conf If there is no %G-home.conf e.g. teachers-home.conf, then nothing is included. Otherwise the definitions are overwritten or extended by the %G-home.conf. You just have to write less lines. HTH, Malte Mueller David Wilson schrieb: Hi guys, I use "veto files = /.mp3/.mpg/" etc. on the [homes] share to prevent users from storing media files on a Samba server in the home directories. My client now wishes to make this restriction apply to users who are members of only certain groups. E.g. This restriction must apply to users who are members of the "Students" group and not apply to users in the "Teachers" group. I was thinking of having a blank smb.conf file with only the following in it: include = /etc/samba/smb.conf.%G Then having two smb.conf files, namely smb.conf.Teachers and smb.conf.Students. The smb.conf.Students file would have the entire config file and the "veto files" parameter. The smb.conf.Teachers file would have the entire config file but without the "veto files" parameter. Makes sense ? Is there perhaps a better way to do this ? Many thanks Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba log analysis and report
Hi Malte, Thanks for your reply. That sounds like another good way to do things. Thank you for your help again. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." - Original Message - From: ""M. Müller"" <[EMAIL PROTECTED]> To: "David Wilson" <[EMAIL PROTECTED]>; Sent: Monday, January 31, 2005 12:01 PM Subject: Re: [Samba] Samba log analysis and report Hi, you could also use the [netlogon] and execute a preexec script there that writes %U, %I and whatever in a database. You will never get logoff times reliably, only if you could convince all your users to allways shutdown their PC and not simply switch it off. Kind regards, Malte Mueller David Wilson schrieb: Hi guys, Does anyone know of some decent Samba log analysis software that will report things like user logon/logoff times, computer names etc. ? Thanks in advance. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Veto files applied per group
Brilliant ! Thanks Malte. That does make sense and seems to be the best route to follow. Thank you for your assistance, greatly appreciated. Keep well. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." - Original Message - From: ""M. Müller"" <[EMAIL PROTECTED]> To: "David Wilson" <[EMAIL PROTECTED]>; Sent: Monday, January 31, 2005 11:56 AM Subject: Re: [Samba] Veto files applied per group ReHi, You could also include just a students.conf or students-home.conf in the [home] Definition: [home] path=/home ... include %G-home.conf If there is no %G-home.conf e.g. teachers-home.conf, then nothing is included. Otherwise the definitions are overwritten or extended by the %G-home.conf. You just have to write less lines. HTH, Malte Mueller David Wilson schrieb: Hi guys, I use "veto files = /.mp3/.mpg/" etc. on the [homes] share to prevent users from storing media files on a Samba server in the home directories. My client now wishes to make this restriction apply to users who are members of only certain groups. E.g. This restriction must apply to users who are members of the "Students" group and not apply to users in the "Teachers" group. I was thinking of having a blank smb.conf file with only the following in it: include = /etc/samba/smb.conf.%G Then having two smb.conf files, namely smb.conf.Teachers and smb.conf.Students. The smb.conf.Students file would have the entire config file and the "veto files" parameter. The smb.conf.Teachers file would have the entire config file but without the "veto files" parameter. Makes sense ? Is there perhaps a better way to do this ? Many thanks Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba log analysis and report
Hi Tony, Thanks for your reply. Ok, that's excellent ! I will look into setting that up. Does anyone know of some reporting tool that generates web-based reports from Samba logs ? Or perhaps a way to get it to log to NT's event viewer ? Perhaps a plug in for Awstats (http://www.awstats.org) ? Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." - Original Message - From: "Tony Breeds" <[EMAIL PROTECTED]> To: "David Wilson" <[EMAIL PROTECTED]> Cc: Sent: Monday, January 31, 2005 9:09 AM Subject: Re: [Samba] Samba log analysis and report On Mon, Jan 31, 2005 at 09:02:28AM +0200, David Wilson wrote: Hi guys, Does anyone know of some decent Samba log analysis software that will report things like user logon/logoff times, computer names etc. ? Thanks in advance. Enabling wtmp should give you the basics of what you're after. see: http://us1.samba.org/samba/docs/man/smb.conf.5.html#WTMPDIRECTORY Yours Tony linux.conf.au http://linux.conf.au/ || http://lca2005.linux.org.au/ Apr 18-23 2005 The Australian Linux Technical Conference! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Veto files applied per group
Hi guys, I use "veto files = /.mp3/.mpg/" etc. on the [homes] share to prevent users from storing media files on a Samba server in the home directories. My client now wishes to make this restriction apply to users who are members of only certain groups. E.g. This restriction must apply to users who are members of the "Students" group and not apply to users in the "Teachers" group. I was thinking of having a blank smb.conf file with only the following in it: include = /etc/samba/smb.conf.%G Then having two smb.conf files, namely smb.conf.Teachers and smb.conf.Students. The smb.conf.Students file would have the entire config file and the "veto files" parameter. The smb.conf.Teachers file would have the entire config file but without the "veto files" parameter. Makes sense ? Is there perhaps a better way to do this ? Many thanks Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba log analysis and report
Hi guys, Does anyone know of some decent Samba log analysis software that will report things like user logon/logoff times, computer names etc. ? Thanks in advance. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Logon Hours problems (really stuck)
Hi David, Nice name ! :) Thanks for your reply. I'm pretty sure I did restart Samba, to double check I will restart it again this evening. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." - Original Message - From: "david rankin" <[EMAIL PROTECTED]> To: "samba" Sent: Saturday, January 29, 2005 5:40 PM Subject: Re: [Samba] Re: Logon Hours problems (really stuck) Hi guys, The "time offset" option unfortunately did not solve my problem. Users that are meant to be kicked off at 21:00 keep getting kicked off at 19:00. The time on the server is right. What else could be causing my problem ? If you made changes, did you remember to restart samba? (stranger things have happened) -- David C. Rankin, J.D., P.E. RANKIN LAW FIRM, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 (936) 715-9333 (936) 715-9339 fax www.rankin-bertin.com -- - Original Message - From: "David Wilson" <[EMAIL PROTECTED]> To: Sent: Saturday, January 29, 2005 5:01 AM Subject: [Samba] Re: Logon Hours problems (really stuck) Hi guys, I'm really sorry to bother you with this but I'm really battling and can't find any info to solve my problem. Please have a look at my issue below and give me some guidance as to what could be causing it. Thanks in advance. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." - Original Message - From: David Wilson To: samba@lists.samba.org Sent: Thursday, January 27, 2005 3:43 PM Subject: Re: Logon Hours problems Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." - Original Message - From: David Wilson To: samba@lists.samba.org Sent: Tuesday, January 25, 2005 10:16 PM Subject: Re: Logon Hours problems I've found the "time offset" option from the smb.conf man page. In South Africa we are GMT+2, so I've set "time offset = 120" in my smb.conf. Do you think this is the right thing to do ? Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." - Original Message - From: David Wilson To: samba@lists.samba.org Sent: Tuesday, January 25, 2005 2:11 PM Subject: Logon Hours problems More information on my problem below. It seems that users that were only meant to kicked off at 21:00 were kicked off at 19:00. I've checked the time and timezone on the Linux server and all seems correct. I think I've messed up something somewhere to do with Samba and time and Logon Hours restrictions. Please point me in the right direction. Many thanks David Wilson From: "David Wilson" <[EMAIL PROTECTED]> To: Sent: Sunday, January 23, 2005 6:26 PM Subject: [Samba] Logon hours Hi guys, Sorry to bug you on this. Any ideas on my query below ? I saw something about all samba-3.x versions requiring a patch to implement the logon hours restrictions 100% ? Thanks in advance. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ - Original Message - From: "David Wilson" <[EMAIL PROTECTED]> To: Sent: Friday, January 21, 2005 11:02 AM Subject: Logon hours Hi guys, Another quick question: I'm running Samba-3.0.9 with an LDAP backend. User logon restrictions, in terms of allowed logon hours are set by using NT's "User Manager.exe" which connects to the Samba controlled domain. The restrictions appear to work OK except when there are multiple rules for the logon hours. .e.g Logon restrictions work pefectly if the logon time is: 13:00-17:00, but not when there is more than one 'rule' e.g. 13:00-14:00 and 15:00-17:00. As soon as there is more than one rule users cannot log on and if I try to use smbclient I get something like and error like INVALID_LOGON_HOURS. Any ideas ? Your assi
[Samba] Re: Logon Hours problems (really stuck)
Hi guys, I'm really sorry to bother you with this but I'm really battling and can't find any info to solve my problem. Please have a look at my issue below and give me some guidance as to what could be causing it. Thanks in advance. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." - Original Message - From: David Wilson To: samba@lists.samba.org Sent: Thursday, January 27, 2005 3:43 PM Subject: Re: Logon Hours problems Hi guys, The "time offset" option unfortunately did not solve my problem. Users that are meant to be kicked off at 21:00 keep getting kicked off at 19:00. The time on the server is right. What else could be causing my problem ? Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." ----- Original Message - From: David Wilson To: samba@lists.samba.org Sent: Tuesday, January 25, 2005 10:16 PM Subject: Re: Logon Hours problems I've found the "time offset" option from the smb.conf man page. In South Africa we are GMT+2, so I've set "time offset = 120" in my smb.conf. Do you think this is the right thing to do ? Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." - Original Message - From: David Wilson To: samba@lists.samba.org Sent: Tuesday, January 25, 2005 2:11 PM Subject: Logon Hours problems More information on my problem below. It seems that users that were only meant to kicked off at 21:00 were kicked off at 19:00. I've checked the time and timezone on the Linux server and all seems correct. I think I've messed up something somewhere to do with Samba and time and Logon Hours restrictions. Please point me in the right direction. Many thanks David Wilson From: "David Wilson" <[EMAIL PROTECTED]> To: Sent: Sunday, January 23, 2005 6:26 PM Subject: [Samba] Logon hours > Hi guys, > > Sorry to bug you on this. > Any ideas on my query below ? I saw something about all samba-3.x versions > requiring a patch to implement the logon hours restrictions 100% ? > > Thanks in advance. > Kindest regards > David Wilson > ___ > D c D a t a > Tel +27 33 342 7003 > Fax +27 33 345 4155 > Cell +27 82 4147413 > http://www.dcdata.co.za > [EMAIL PROTECTED] > Powered by Linux, driven by passion ! > ___ > > - Original Message - > From: "David Wilson" <[EMAIL PROTECTED]> > To: > Sent: Friday, January 21, 2005 11:02 AM > Subject: Logon hours > > >> Hi guys, >> >> Another quick question: >> I'm running Samba-3.0.9 with an LDAP backend. >> User logon restrictions, in terms of allowed logon hours are set by using >> NT's "User Manager.exe" which connects to the Samba controlled domain. >> The restrictions appear to work OK except when there are multiple rules >> for the logon hours. >> .e.g >> Logon restrictions work pefectly if the logon time is: 13:00-17:00, but >> not when there is more than one 'rule' e.g. 13:00-14:00 and 15:00-17:00. >> As soon as there is more than one rule users cannot log on and if I try >> to use smbclient I get something like and error like INVALID_LOGON_HOURS. >> >> Any ideas ? >> Your assistance is greatly appreciated. >> >> >> >> Kindest regards >> David Wilson >> ___ >> D c D a t a >> Tel +27 33 342 7003 >> Fax +27 33 345 4155 >> Cell +27 82 4147413 >> http://www.dcdata.co.za >> [EMAIL PROTECTED] >> Powered by Linux, driven by passion ! >> ___ > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Inherit permissions question (Please help)
Hi Thomas, Thanks for your reply. Yea, it looks like ACLs aren't going to really help me with this issue. I think the best is just to get the Domain Admin to manually change the permissions after copying files to users' profile folders. This should hopefully not have to happen to often. Thank you so much for your time, input and assistance. It's greatly appreciated. Keep well. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." - Original Message - From: "Thomas Reiss" <[EMAIL PROTECTED]> To: Sent: Friday, January 28, 2005 7:12 PM Subject: Re: [Samba] Inherit permissions question (Please help) Hallo David Wilson, M... I wonder what else I could try ? Perhaps it would easier if I configure ACL support and just set the permissions manually each time a new file is copied to the users' areas by a Domain Admin ? I think you doesn't need in this case ACL support because the Problem is still the same, or not ? Manually change the Permission seems to be the only way. Must you do this very often ? When yes, write a little Skript that change the Permissions for you on all userx/ Directory (maybe as a post exec script in the Share Definition). Greetings Thomas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Inherit permissions question (Please help)
Hi David, Thanks for your reply. That would work but then because it's on the share for user's profiles each user would then be able to access everyone elses profile. Please correct me if I'm wrong. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." - Original Message - From: "david rankin" <[EMAIL PROTECTED]> To: "samba" Sent: Friday, January 28, 2005 6:13 AM Subject: Re: [Samba] Inherit permissions question (Please help) Sorry I'm late on this thread, but would 'force user = ' force group = ' work? -- David C. Rankin, J.D., P.E. RANKIN LAW FIRM, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 (936) 715-9333 (936) 715-9339 fax www.rankin-bertin.com -- - Original Message - From: "David Wilson" <[EMAIL PROTECTED]> To: "Craig White" <[EMAIL PROTECTED]>; Sent: Wednesday, January 26, 2005 3:26 AM Subject: Re: [Samba] Inherit permissions question (Please help) Hi Craig, Thanks for your reply. My suggestions for using a preexec script is a sort of "last resort" option. I could rather configure a job in cron that checks permissions. Ideally I need the "inherit permissions" option but with the ability to also include user & group ownership. To get this done samba would require root privileges to change the ownership of files to that of the parent folder - which probably wouldn't be a good idea ? Thanks for your help so far. Any assistance/input would be greatly appreciated. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." - Original Message - From: "Craig White" <[EMAIL PROTECTED]> To: Sent: Wednesday, January 26, 2005 10:41 AM Subject: Re: [Samba] Inherit permissions question (Please help) Am I the only one that thinks it's a terrible idea? When I need to make changes to user profiles, I use things like... logon script perl/shell script updates on actual samba server but I suppose that you could have a 'pre-exec' script that changes the ownership of all files in a person's profile be changed upon login. Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Logon Hours problems
Hi guys, The "time offset" option unfortunately did not solve my problem. Users that are meant to be kicked off at 21:00 keep getting kicked off at 19:00. The time on the server is right. What else could be causing my problem ? Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." - Original Message - From: David Wilson To: samba@lists.samba.org Sent: Tuesday, January 25, 2005 10:16 PM Subject: Re: Logon Hours problems I've found the "time offset" option from the smb.conf man page. In South Africa we are GMT+2, so I've set "time offset = 120" in my smb.conf. Do you think this is the right thing to do ? Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." - Original Message - From: David Wilson To: samba@lists.samba.org Sent: Tuesday, January 25, 2005 2:11 PM Subject: Logon Hours problems More information on my problem below. It seems that users that were only meant to kicked off at 21:00 were kicked off at 19:00. I've checked the time and timezone on the Linux server and all seems correct. I think I've messed up something somewhere to do with Samba and time and Logon Hours restrictions. Please point me in the right direction. Many thanks David Wilson From: "David Wilson" <[EMAIL PROTECTED]> To: Sent: Sunday, January 23, 2005 6:26 PM Subject: [Samba] Logon hours > Hi guys, > > Sorry to bug you on this. > Any ideas on my query below ? I saw something about all samba-3.x versions > requiring a patch to implement the logon hours restrictions 100% ? > > Thanks in advance. > Kindest regards > David Wilson > ___ > D c D a t a > Tel +27 33 342 7003 > Fax +27 33 345 4155 > Cell +27 82 4147413 > http://www.dcdata.co.za > [EMAIL PROTECTED] > Powered by Linux, driven by passion ! > ___ > > - Original Message - > From: "David Wilson" <[EMAIL PROTECTED]> > To: > Sent: Friday, January 21, 2005 11:02 AM > Subject: Logon hours > > >> Hi guys, >> >> Another quick question: >> I'm running Samba-3.0.9 with an LDAP backend. >> User logon restrictions, in terms of allowed logon hours are set by using >> NT's "User Manager.exe" which connects to the Samba controlled domain. >> The restrictions appear to work OK except when there are multiple rules >> for the logon hours. >> .e.g >> Logon restrictions work pefectly if the logon time is: 13:00-17:00, but >> not when there is more than one 'rule' e.g. 13:00-14:00 and 15:00-17:00. >> As soon as there is more than one rule users cannot log on and if I try >> to use smbclient I get something like and error like INVALID_LOGON_HOURS. >> >> Any ideas ? >> Your assistance is greatly appreciated. >> >> >> >> Kindest regards >> David Wilson >> ___ >> D c D a t a >> Tel +27 33 342 7003 >> Fax +27 33 345 4155 >> Cell +27 82 4147413 >> http://www.dcdata.co.za >> [EMAIL PROTECTED] >> Powered by Linux, driven by passion ! >> ___ > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Inherit permissions question (Please help)
Hi Thomas, Thank you for your reply and for the information and ideas. I think your option would work ok, but as you said a bit hairy with a lot of users. :) We have about 700 users that we are running off this Samba box so it would be a bit of a mission to keep maintained. M... I wonder what else I could try ? Perhaps it would easier if I configure ACL support and just set the permissions manually each time a new file is copied to the users' areas by a Domain Admin ? Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." - Original Message - From: "Thomas Reiss" <[EMAIL PROTECTED]> To: "David Wilson" <[EMAIL PROTECTED]> Sent: Wednesday, January 26, 2005 7:42 PM Subject: Re: [Samba] Inherit permissions question (Please help) Hallo David Wilson, Hi Thomas, Thank you for your reply and the information. Will the "s"-Bit cause all new files that are written by a "Domain Admin" to the user1/ folder to be owned by "user1" ? No, cause only that the Group was always "Domain Admin". My problem is that "Domain Admins" can write to users' folders in the [userprofile] share but then the respective user who owns the folder can't access the new data in it. The "inherit permisions" would solve my problem except that it does not allow user/group ownership to be passed down onto files. Any ideas ? :) hmm, can you set the "s"-Bit on the UID with chmod u+s user1/ ? Ok it make a testhmm seems not funktional. I see in the Section of "inherit permissions" in "man smb.conf": Note that the setuid bit is never set via inheritance (the code explicitly prohibits this) --- Hmmm...i think the only way is to make a group "user1" and add the respective "Admin"-User to this Group and set the Permission to 770 and the Group to "user1-Group" of user1/ Folder. Additional add the "s"-bit to the Group and set "inherit permissions = yes" in smb.conf. But, this would be hairy on 2000 Users Greetings Thomas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Inherit permissions question (Please help)
Hi Craig, Thanks for your reply. My suggestions for using a preexec script is a sort of "last resort" option. I could rather configure a job in cron that checks permissions. Ideally I need the "inherit permissions" option but with the ability to also include user & group ownership. To get this done samba would require root privileges to change the ownership of files to that of the parent folder - which probably wouldn't be a good idea ? Thanks for your help so far. Any assistance/input would be greatly appreciated. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." - Original Message - From: "Craig White" <[EMAIL PROTECTED]> To: Sent: Wednesday, January 26, 2005 10:41 AM Subject: Re: [Samba] Inherit permissions question (Please help) Am I the only one that thinks it's a terrible idea? When I need to make changes to user profiles, I use things like... logon script perl/shell script updates on actual samba server but I suppose that you could have a 'pre-exec' script that changes the ownership of all files in a person's profile be changed upon login. Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Inherit permissions question (Please help)
Any other ideas ? Pehaps this could be added as a feature to Samba ? Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." - Original Message - From: "David Wilson" <[EMAIL PROTECTED]> To: ; "Gerald (Jerry) Carter" <[EMAIL PROTECTED]>; "Thomas Reiss" <[EMAIL PROTECTED]> Sent: Tuesday, January 25, 2005 2:03 PM Subject: Re: [Samba] Inherit permissions question (Please help) Hi Thomas, Thank you for your reply and the information. Will the "s"-Bit cause all new files that are written by a "Domain Admin" to the user1/ folder to be owned by "user1" ? My problem is that "Domain Admins" can write to users' folders in the [userprofile] share but then the respective user who owns the folder can't access the new data in it. The "inherit permisions" would solve my problem except that it does not allow user/group ownership to be passed down onto files. Any ideas ? :) Thank you for your help so far. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." - Original Message - From: "Thomas Reiss" <[EMAIL PROTECTED]> To: ; "Gerald (Jerry) Carter" <[EMAIL PROTECTED]> Sent: Tuesday, January 25, 2005 9:56 AM Subject: Re: [Samba] Inherit permissions question (Please help) Hallo David Wilson, If the administrator(root) had to write a file (test.txt) to the user1 folder and I had "inherit permissions" turned on, then file would be written as: rwx-- 16 root Domain Admins 0 2005-01-21 07:07 test.txt Unfortunately I need "user1" to own the file, just like it's parent directory, which is as follows: drwx- 16 user1 users 4096 2005-01-21 user1/ I thing it makes Life easyer when you change the Group Owner to "Domain Admins" and set the "s"-Bit and the Permissions to 770 on the userx/ Directorys. So every "Domain Admin" can write files on the directorys. Try this (or do this on a higher Directory Level): drwxrws-- 16 user1 Domain Admins 4096 2005-01-21 user1/ Hope it helps. Greetings Thomas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Logon Hours problems
I've found the "time offset" option from the smb.conf man page. In South Africa we are GMT+2, so I've set "time offset = 120" in my smb.conf. Do you think this is the right thing to do ? Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." ----- Original Message - From: David Wilson To: samba@lists.samba.org Sent: Tuesday, January 25, 2005 2:11 PM Subject: Logon Hours problems More information on my problem below. It seems that users that were only meant to kicked off at 21:00 were kicked off at 19:00. I've checked the time and timezone on the Linux server and all seems correct. I think I've messed up something somewhere to do with Samba and time and Logon Hours restrictions. Please point me in the right direction. Many thanks David Wilson From: "David Wilson" <[EMAIL PROTECTED]> To: Sent: Sunday, January 23, 2005 6:26 PM Subject: [Samba] Logon hours > Hi guys, > > Sorry to bug you on this. > Any ideas on my query below ? I saw something about all samba-3.x versions > requiring a patch to implement the logon hours restrictions 100% ? > > Thanks in advance. > Kindest regards > David Wilson > ___ > D c D a t a > Tel +27 33 342 7003 > Fax +27 33 345 4155 > Cell +27 82 4147413 > http://www.dcdata.co.za > [EMAIL PROTECTED] > Powered by Linux, driven by passion ! > ___ > > - Original Message - > From: "David Wilson" <[EMAIL PROTECTED]> > To: > Sent: Friday, January 21, 2005 11:02 AM > Subject: Logon hours > > >> Hi guys, >> >> Another quick question: >> I'm running Samba-3.0.9 with an LDAP backend. >> User logon restrictions, in terms of allowed logon hours are set by using >> NT's "User Manager.exe" which connects to the Samba controlled domain. >> The restrictions appear to work OK except when there are multiple rules >> for the logon hours. >> .e.g >> Logon restrictions work pefectly if the logon time is: 13:00-17:00, but >> not when there is more than one 'rule' e.g. 13:00-14:00 and 15:00-17:00. >> As soon as there is more than one rule users cannot log on and if I try >> to use smbclient I get something like and error like INVALID_LOGON_HOURS. >> >> Any ideas ? >> Your assistance is greatly appreciated. >> >> >> >> Kindest regards >> David Wilson >> ___ >> D c D a t a >> Tel +27 33 342 7003 >> Fax +27 33 345 4155 >> Cell +27 82 4147413 >> http://www.dcdata.co.za >> [EMAIL PROTECTED] >> Powered by Linux, driven by passion ! >> ___ > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Logon Hours problems
More information on my problem below. It seems that users that were only meant to kicked off at 21:00 were kicked off at 19:00. I've checked the time and timezone on the Linux server and all seems correct. I think I've messed up something somewhere to do with Samba and time and Logon Hours restrictions. Please point me in the right direction. Many thanks David Wilson From: "David Wilson" <[EMAIL PROTECTED]> To: Sent: Sunday, January 23, 2005 6:26 PM Subject: [Samba] Logon hours > Hi guys, > > Sorry to bug you on this. > Any ideas on my query below ? I saw something about all samba-3.x versions > requiring a patch to implement the logon hours restrictions 100% ? > > Thanks in advance. > Kindest regards > David Wilson > ___ > D c D a t a > Tel +27 33 342 7003 > Fax +27 33 345 4155 > Cell +27 82 4147413 > http://www.dcdata.co.za > [EMAIL PROTECTED] > Powered by Linux, driven by passion ! > ___ > > - Original Message - > From: "David Wilson" <[EMAIL PROTECTED]> > To: > Sent: Friday, January 21, 2005 11:02 AM > Subject: Logon hours > > >> Hi guys, >> >> Another quick question: >> I'm running Samba-3.0.9 with an LDAP backend. >> User logon restrictions, in terms of allowed logon hours are set by using >> NT's "User Manager.exe" which connects to the Samba controlled domain. >> The restrictions appear to work OK except when there are multiple rules >> for the logon hours. >> .e.g >> Logon restrictions work pefectly if the logon time is: 13:00-17:00, but >> not when there is more than one 'rule' e.g. 13:00-14:00 and 15:00-17:00. >> As soon as there is more than one rule users cannot log on and if I try >> to use smbclient I get something like and error like INVALID_LOGON_HOURS. >> >> Any ideas ? >> Your assistance is greatly appreciated. >> >> >> >> Kindest regards >> David Wilson >> ___ >> D c D a t a >> Tel +27 33 342 7003 >> Fax +27 33 345 4155 >> Cell +27 82 4147413 >> http://www.dcdata.co.za >> [EMAIL PROTECTED] >> Powered by Linux, driven by passion ! >> ___ > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Inherit permissions question (Please help)
Hi Thomas, Thank you for your reply and the information. Will the "s"-Bit cause all new files that are written by a "Domain Admin" to the user1/ folder to be owned by "user1" ? My problem is that "Domain Admins" can write to users' folders in the [userprofile] share but then the respective user who owns the folder can't access the new data in it. The "inherit permisions" would solve my problem except that it does not allow user/group ownership to be passed down onto files. Any ideas ? :) Thank you for your help so far. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." - Original Message - From: "Thomas Reiss" <[EMAIL PROTECTED]> To: ; "Gerald (Jerry) Carter" <[EMAIL PROTECTED]> Sent: Tuesday, January 25, 2005 9:56 AM Subject: Re: [Samba] Inherit permissions question (Please help) Hallo David Wilson, If the administrator(root) had to write a file (test.txt) to the user1 folder and I had "inherit permissions" turned on, then file would be written as: rwx-- 16 root Domain Admins 0 2005-01-21 07:07 test.txt Unfortunately I need "user1" to own the file, just like it's parent directory, which is as follows: drwx- 16 user1 users 4096 2005-01-21 user1/ I thing it makes Life easyer when you change the Group Owner to "Domain Admins" and set the "s"-Bit and the Permissions to 770 on the userx/ Directorys. So every "Domain Admin" can write files on the directorys. Try this (or do this on a higher Directory Level): drwxrws-- 16 user1 Domain Admins 4096 2005-01-21 user1/ Hope it helps. Greetings Thomas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Inherit permissions question (Please help)
Hi Gerry, Thanks for your reply. OK, that makes sense. Unfortunately I can't use the "force user" option on the share due to the sub folders in the share being owned separately by other users (600+ of them). If the administrator(root) had to write a file (test.txt) to the user1 folder and I had "inherit permissions" turned on, then file would be written as: rwx-- 16 root Domain Admins 0 2005-01-21 07:07 test.txt Unfortunately I need "user1" to own the file, just like it's parent directory, which is as follows: drwx- 16 user1 users 4096 2005-01-21 user1/ The problem is that I have other users in the same "userprofile" share, which each need to own their own profile folder and files in them. Perhaps configuring filesystem ACLs and turning on "inherit acls" would help ? Any ideas ? :) Perhaps I need to write a "postexec" script that looks at the user's folder name, which corresponds to the username and does a "chmod -R [user] [user]" on the folder after data is written to it ? Thank you for your assistance so far, greatly appreciated ! Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." ----- Original Message - From: "Gerald (Jerry) Carter" <[EMAIL PROTECTED]> To: "David Wilson" <[EMAIL PROTECTED]> Cc: Sent: Monday, January 24, 2005 3:53 PM Subject: Re: [Samba] Inherit permissions question (Please help) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David Wilson wrote: |>> If the administrator connects to \\server\userprofile\user1 and |>> writes a file named "test.txt" into the directory the permissions |>> from the directory "user1" are not propagated down to the new file. |>> My permissions on the "user1" directory are set as follows: |>> drwx- 16 user1 users 4096 2005-01-21 user1/ |>> |>> The file "test.txt" gets written with the following permissions: |>> -rw-- 16 root Domain Admins 0 2005-01-21 07:07 test.txt |>> |>> Any ideas on how I get samba to write it so that the owner of the |>> folder propagates to new files written into the folder even if a |>> domain admin writes them there ? Inherit permissions set file bits not the owner. You might have more luck with the 'force user' option. But be careful of granting more access than you intend. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc "I never saved anything for the swim back." Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB9P27IR7qMdg1EfYRAiuxAKCJe/tse4/vSzm/gVKReTetXR8SBACbBFt9 Z+dkBSAOYjtEuyxY8ayd4rk= =W/Fd -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Logon hours (Please help)
Please help with this. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." - Original Message - From: "David Wilson" <[EMAIL PROTECTED]> To: Sent: Sunday, January 23, 2005 6:26 PM Subject: [Samba] Logon hours Hi guys, Sorry to bug you on this. Any ideas on my query below ? I saw something about all samba-3.x versions requiring a patch to implement the logon hours restrictions 100% ? Thanks in advance. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ - Original Message - From: "David Wilson" <[EMAIL PROTECTED]> To: Sent: Friday, January 21, 2005 11:02 AM Subject: Logon hours Hi guys, Another quick question: I'm running Samba-3.0.9 with an LDAP backend. User logon restrictions, in terms of allowed logon hours are set by using NT's "User Manager.exe" which connects to the Samba controlled domain. The restrictions appear to work OK except when there are multiple rules for the logon hours. .e.g Logon restrictions work pefectly if the logon time is: 13:00-17:00, but not when there is more than one 'rule' e.g. 13:00-14:00 and 15:00-17:00. As soon as there is more than one rule users cannot log on and if I try to use smbclient I get something like and error like INVALID_LOGON_HOURS. Any ideas ? Your assistance is greatly appreciated. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Inherit permissions question (Please help)
Any ideas ?? Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ "Computers are not intelligent. They only think they are." - Original Message - From: "David Wilson" <[EMAIL PROTECTED]> To: Sent: Sunday, January 23, 2005 6:28 PM Subject: [Samba] Inherit permissions question Hi guys, Unfortunately I'm still battling with this. Perhaps I've missed something ? Your assistance would be greatly appreciated. Thanks in advance. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ - Original Message - From: "David Wilson" <[EMAIL PROTECTED]> To: Sent: Friday, January 21, 2005 7:17 AM Subject: Inherit permissions question Hi guys, How are you ? We have a share named [userprofile] on our Samba-3.0.9 server where each users' profile is stored. Fairly often a user which is not the user that owns the profile i.e and admin, needs to copy files into other users' profile folders. The problem which then arises is that the user who owns the profile is unable to access the new files, due to the UNIX permissions being set to the person who copied the files into the directory. I've looked through the smb.conf and found the "inherit permissions" parameter and tried it but cannot seem to get it to work ? In my smb.conf for the [userprofile] share I have the following: [userprofile] path = /data/userprofile read only = no guest ok = yes profile acls = yes browseable = no csc policy = disable share modes = no inherit permissions = yes If the administrator connects to \\server\userprofile\user1 and writes a file named "test.txt" into the directory the permissions from the directory "user1" are not propagated down to the new file. My permissions on the "user1" directory are set as follows: drwx- 16 user1 users 4096 2005-01-21 user1/ The file "test.txt" gets written with the following permissions: -rw-- 16 root Domain Admins 0 2005-01-21 07:07 test.txt Any ideas on how I get samba to write it so that the owner of the folder propagates to new files written into the folder even if a domain admin writes them there ? Many thanks. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Inherit permissions question
Hi guys, Unfortunately I'm still battling with this. Perhaps I've missed something ? Your assistance would be greatly appreciated. Thanks in advance. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ - Original Message - From: "David Wilson" <[EMAIL PROTECTED]> To: Sent: Friday, January 21, 2005 7:17 AM Subject: Inherit permissions question Hi guys, How are you ? We have a share named [userprofile] on our Samba-3.0.9 server where each users' profile is stored. Fairly often a user which is not the user that owns the profile i.e and admin, needs to copy files into other users' profile folders. The problem which then arises is that the user who owns the profile is unable to access the new files, due to the UNIX permissions being set to the person who copied the files into the directory. I've looked through the smb.conf and found the "inherit permissions" parameter and tried it but cannot seem to get it to work ? In my smb.conf for the [userprofile] share I have the following: [userprofile] path = /data/userprofile read only = no guest ok = yes profile acls = yes browseable = no csc policy = disable share modes = no inherit permissions = yes If the administrator connects to \\server\userprofile\user1 and writes a file named "test.txt" into the directory the permissions from the directory "user1" are not propagated down to the new file. My permissions on the "user1" directory are set as follows: drwx- 16 user1 users 4096 2005-01-21 user1/ The file "test.txt" gets written with the following permissions: -rw-- 16 root Domain Admins 0 2005-01-21 07:07 test.txt Any ideas on how I get samba to write it so that the owner of the folder propagates to new files written into the folder even if a domain admin writes them there ? Many thanks. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Logon hours
Hi guys, Sorry to bug you on this. Any ideas on my query below ? I saw something about all samba-3.x versions requiring a patch to implement the logon hours restrictions 100% ? Thanks in advance. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ - Original Message - From: "David Wilson" <[EMAIL PROTECTED]> To: Sent: Friday, January 21, 2005 11:02 AM Subject: Logon hours Hi guys, Another quick question: I'm running Samba-3.0.9 with an LDAP backend. User logon restrictions, in terms of allowed logon hours are set by using NT's "User Manager.exe" which connects to the Samba controlled domain. The restrictions appear to work OK except when there are multiple rules for the logon hours. .e.g Logon restrictions work pefectly if the logon time is: 13:00-17:00, but not when there is more than one 'rule' e.g. 13:00-14:00 and 15:00-17:00. As soon as there is more than one rule users cannot log on and if I try to use smbclient I get something like and error like INVALID_LOGON_HOURS. Any ideas ? Your assistance is greatly appreciated. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Logon hours
Hi guys, Another quick question: I'm running Samba-3.0.9 with an LDAP backend. User logon restrictions, in terms of allowed logon hours are set by using NT's "User Manager.exe" which connects to the Samba controlled domain. The restrictions appear to work OK except when there are multiple rules for the logon hours. .e.g Logon restrictions work pefectly if the logon time is: 13:00-17:00, but not when there is more than one 'rule' e.g. 13:00-14:00 and 15:00-17:00. As soon as there is more than one rule users cannot log on and if I try to use smbclient I get something like and error like INVALID_LOGON_HOURS. Any ideas ? Your assistance is greatly appreciated. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Inherit permissions question
Hi guys, How are you ? We have a share named [userprofile] on our Samba-3.0.9 server where each users' profile is stored. Fairly often a user which is not the user that owns the profile i.e and admin, needs to copy files into other users' profile folders. The problem which then arises is that the user who owns the profile is unable to access the new files, due to the UNIX permissions being set to the person who copied the files into the directory. I've looked through the smb.conf and found the "inherit permissions" parameter and tried it but cannot seem to get it to work ? In my smb.conf for the [userprofile] share I have the following: [userprofile] path = /data/userprofile read only = no guest ok = yes profile acls = yes browseable = no csc policy = disable share modes = no inherit permissions = yes If the administrator connects to \\server\userprofile\user1 and writes a file named "test.txt" into the directory the permissions from the directory "user1" are not propagated down to the new file. My permissions on the "user1" directory are set as follows: drwx- 16 user1 users 4096 2005-01-21 user1/ The file "test.txt" gets written with the following permissions: -rw-- 16 root Domain Admins 0 2005-01-21 07:07 test.txt Any ideas on how I get samba to write it so that the owner of the folder propagates to new files written into the folder even if a domain admin writes them there ? Many thanks. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Fwd: Re: [Samba] Intermittent "Network name cannot be found" error
Hi Mac, Thanks for your reply. I did try "profile acls = yes" on the Profiles share. This does seem to have helped but has not totally resolved the problem. Users still seem to pick up the same error now and again when logging on. Most of the time it works perfectly, though perhaps 2 out of 10 times the error will pop up. David. Mac wrote: Hi guys, Unfortunately I've still made no progress on this. Is disabling the roaming profile permission checking in XP the only way to fix this ? Will any future versions of Samba have something that we can do in Samba on the server side to work around this ? Have you tried the setting called:- profile acls Mac Assistant Systems Adminstrator @nibsc.ac.uk [EMAIL PROTECTED] Work: +44 1707 641565 Everything else: +44 7956 237670 (anytime) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Fwd: Re: [Samba] Intermittent "Network name cannot be found" error when accessing XP roaming profile]
Hi guys, Unfortunately I've still made no progress on this. Is disabling the roaming profile permission checking in XP the only way to fix this ? Will any future versions of Samba have something that we can do in Samba on the server side to work around this ? Many thanks David -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Intermittent "Network name cannot be found" error when accessing XP roaming profile
Further to my email earlier I've come across http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/ProfileMgmt.html#id2577285 This explains that a group policy must be set up so that "Do not check for user ownership of Roaming Profile Folders" is enabled. Does anyone know of another way to do this other than doing it through active directory or on each XP workstation ? Could this be what's causing the problem I'm experiencing ? Thank you in advance. David. David Wilson wrote: Hi guys, How are you ? I've installed samba-3.0.7 from source on a Slackware Linux 10.0 server configured with "--with-ldap" as a backend (OpenLDAP-2.2.13) and with nss_ldap installed. I have my profiles share configured as follows: [profiles] comment = Profile Share path = /data/profiles writeable = yes guest ok = yes browseable = no profile acls = yes csc policy = disable Permissions on a user's profile folder: drwxrwxr-x 12 pupil Domain Admins 424 2004-10-14 13:46 pupil Most of the time logins from Windows X.P. (SP1) PCs work perfectly and the roaming profile comes across, however sometimes an error "Cannot access roaming profile ... ... .. network name cannot be found" comes up. The error is intermittent and does not seem to stick to any sort of pattern. I've looked all over and found that other people have experienced the same problem but I can't seem to find a solid fix for it. Perhaps installing X.P. Service Pack 2 will sort it out ? Can anyone point me in the right direction on how I can resolve this problem ? Thank you for your time. David. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Intermittent "Network name cannot be found" error when accessing XP roaming profile
Hi guys, How are you ? I've installed samba-3.0.7 from source on a Slackware Linux 10.0 server configured with "--with-ldap" as a backend (OpenLDAP-2.2.13) and with nss_ldap installed. I have my profiles share configured as follows: [profiles] comment = Profile Share path = /data/profiles writeable = yes guest ok = yes browseable = no profile acls = yes csc policy = disable Permissions on a user's profile folder: drwxrwxr-x 12 pupil Domain Admins 424 2004-10-14 13:46 pupil Most of the time logins from Windows X.P. (SP1) PCs work perfectly and the roaming profile comes across, however sometimes an error "Cannot access roaming profile ... ... .. network name cannot be found" comes up. The error is intermittent and does not seem to stick to any sort of pattern. I've looked all over and found that other people have experienced the same problem but I can't seem to find a solid fix for it. Perhaps installing X.P. Service Pack 2 will sort it out ? Can anyone point me in the right direction on how I can resolve this problem ? Thank you for your time. David. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Fw: smb_proc_readdir_long error
Hi guys, Sorry to bug you ... Does nobody have any info on this ? Kindest regards David Wilson D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 MSN: [EMAIL PROTECTED] http://www.dcdata.co.za [EMAIL PROTECTED] [EMAIL PROTECTED] KZN's first and only pure Linux solution provider LinuxBox S.A.: Africa's shell provider. Powered by Linux and DcData - driven by passion ! http://www.linuxbox.co.za - Original Message ----- From: David Wilson To: [EMAIL PROTECTED] Sent: Monday, October 11, 2004 9:31 AM Subject: Fw: smb_proc_readdir_long error Hi guys, Does anyone have any ideas on my questions below ? Kindest regards David Wilson D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 MSN: [EMAIL PROTECTED] http://www.dcdata.co.za [EMAIL PROTECTED] [EMAIL PROTECTED] KZN's first and only pure Linux solution provider LinuxBox S.A.: Africa's shell provider. Powered by Linux and DcData - driven by passion ! http://www.linuxbox.co.za - Original Message - From: David Wilson To: [EMAIL PROTECTED] Sent: Thursday, October 07, 2004 11:25 AM Subject: smb_proc_readdir_long error Hi guys, Sorry to bug you with this. Does anyone have any idea what this error below means ? Kindest regards David Wilson D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 MSN: [EMAIL PROTECTED] http://www.dcdata.co.za [EMAIL PROTECTED] [EMAIL PROTECTED] KZN's first and only pure Linux solution provider LinuxBox S.A.: Africa's shell provider. Powered by Linux and DcData - driven by passion ! http://www.linuxbox.co.za - Original Message - From: David Wilson To: [EMAIL PROTECTED] Sent: Wednesday, October 06, 2004 1:15 PM Subject: smb_proc_readdir_long error Hi guys/girls, How are you ? I'm running "Linux 2.4.22 SMP" with Samba-3.0.4 and pick up the following message in my syslog when accessing a mounted NT4 share: kernel: smb_proc_readdir_long: name=\OLAP Services\Data\GreatPlains\*, result=-13, rcls=1, err=5 Any ideas what this is ? Your assistance is greatly appreciated. Many thanks. Kindest regards David Wilson D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 MSN: [EMAIL PROTECTED] http://www.dcdata.co.za [EMAIL PROTECTED] [EMAIL PROTECTED] KZN's first and only pure Linux solution provider LinuxBox S.A.: Africa's shell provider. Powered by Linux and DcData - driven by passion ! http://www.linuxbox.co.za -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Fw: smb_proc_readdir_long error
Hi guys, Does anyone have any ideas on my questions below ? Kindest regards David Wilson D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 MSN: [EMAIL PROTECTED] http://www.dcdata.co.za [EMAIL PROTECTED] [EMAIL PROTECTED] KZN's first and only pure Linux solution provider LinuxBox S.A.: Africa's shell provider. Powered by Linux and DcData - driven by passion ! http://www.linuxbox.co.za - Original Message ----- From: David Wilson To: [EMAIL PROTECTED] Sent: Thursday, October 07, 2004 11:25 AM Subject: smb_proc_readdir_long error Hi guys, Sorry to bug you with this. Does anyone have any idea what this error below means ? Kindest regards David Wilson D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 MSN: [EMAIL PROTECTED] http://www.dcdata.co.za [EMAIL PROTECTED] [EMAIL PROTECTED] KZN's first and only pure Linux solution provider LinuxBox S.A.: Africa's shell provider. Powered by Linux and DcData - driven by passion ! http://www.linuxbox.co.za - Original Message - From: David Wilson To: [EMAIL PROTECTED] Sent: Wednesday, October 06, 2004 1:15 PM Subject: smb_proc_readdir_long error Hi guys/girls, How are you ? I'm running "Linux 2.4.22 SMP" with Samba-3.0.4 and pick up the following message in my syslog when accessing a mounted NT4 share: kernel: smb_proc_readdir_long: name=\OLAP Services\Data\GreatPlains\*, result=-13, rcls=1, err=5 Any ideas what this is ? Your assistance is greatly appreciated. Many thanks. Kindest regards David Wilson D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 MSN: [EMAIL PROTECTED] http://www.dcdata.co.za [EMAIL PROTECTED] [EMAIL PROTECTED] KZN's first and only pure Linux solution provider LinuxBox S.A.: Africa's shell provider. Powered by Linux and DcData - driven by passion ! http://www.linuxbox.co.za -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smb_proc_readdir_long error
Hi guys, Sorry to bug you with this. Does anyone have any idea what this error below means ? Kindest regards David Wilson D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 MSN: [EMAIL PROTECTED] http://www.dcdata.co.za [EMAIL PROTECTED] [EMAIL PROTECTED] KZN's first and only pure Linux solution provider LinuxBox S.A.: Africa's shell provider. Powered by Linux and DcData - driven by passion ! http://www.linuxbox.co.za - Original Message ----- From: David Wilson To: [EMAIL PROTECTED] Sent: Wednesday, October 06, 2004 1:15 PM Subject: smb_proc_readdir_long error Hi guys/girls, How are you ? I'm running "Linux 2.4.22 SMP" with Samba-3.0.4 and pick up the following message in my syslog when accessing a mounted NT4 share: kernel: smb_proc_readdir_long: name=\OLAP Services\Data\GreatPlains\*, result=-13, rcls=1, err=5 Any ideas what this is ? Your assistance is greatly appreciated. Many thanks. Kindest regards David Wilson D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 MSN: [EMAIL PROTECTED] http://www.dcdata.co.za [EMAIL PROTECTED] [EMAIL PROTECTED] KZN's first and only pure Linux solution provider LinuxBox S.A.: Africa's shell provider. Powered by Linux and DcData - driven by passion ! http://www.linuxbox.co.za -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smb_proc_readdir_long error
Hi guys/girls, How are you ? I'm running "Linux 2.4.22 SMP" with Samba-3.0.4 and pick up the following message in my syslog when accessing a mounted NT4 share: kernel: smb_proc_readdir_long: name=\OLAP Services\Data\GreatPlains\*, result=-13, rcls=1, err=5 Any ideas what this is ? Your assistance is greatly appreciated. Many thanks. Kindest regards David Wilson D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 MSN: [EMAIL PROTECTED] http://www.dcdata.co.za [EMAIL PROTECTED] [EMAIL PROTECTED] KZN's first and only pure Linux solution provider LinuxBox S.A.: Africa's shell provider. Powered by Linux and DcData - driven by passion ! http://www.linuxbox.co.za -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Migrate Samba 3.0x tdb to Samba-3.0.2a ldapsam
Ah brilliant ! Thanks for your help Clint and Adam. Got it working 100%. My config: Slackware-9.1 OpenLDAP nss_ldap Samba-3.0.2a Kindest regards David Wilson D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 83 267 7500 http://www.dcdata.co.za [EMAIL PROTECTED] [EMAIL PROTECTED] KZN's first and only pure Linux solution provider LinuxBox S.A.: Africa's shell provider. Powered by Linux and DcData - driven by passion ! http://www.linuxbox.co.za - Original Message - From: "Clint Sharp" <[EMAIL PROTECTED]> To: "David Wilson" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Monday, April 19, 2004 11:33 PM Subject: Re: [Samba] Migrate Samba 3.0x tdb to Samba-3.0.2a ldapsam > On Mon, 2004-04-19 at 01:37, David Wilson wrote: > > Hi guys/girls, > > > > How are you ? > > > > I'm looking at migrating my Samba-3.0.1 server which has the standard tdb > > backend to Samba-3.0.2a with an LDAP backend. > > I plan to use nss_ldap too. > > > > What would be the best way of doing this ? Any assistance would be greatly > > appreciated. > > > > Kindest regards > > David Wilson > > > > D c D a t a > > Tel +27 33 342 7003 > > Fax +27 33 345 4155 > > Cell +27 83 267 7500 > > http://www.dcdata.co.za > > [EMAIL PROTECTED] > > [EMAIL PROTECTED] > > KZN's first and only pure Linux solution provider > > > > LinuxBox S.A.: Africa's shell provider. > > Powered by Linux and DcData - driven by passion ! > > http://www.linuxbox.co.za > > Make sure you have migrated the UNIX users to your LDAP backend. PADL's > migration scripts come in very handy here. Then, you should be able to > do something like: > > pdbedit -i tdbsam: -e ldapsam:ldap:// > > You should already have ldapsam in your passdb backend and have test > accounts created and tested. I think pdbedit might create posixAccount > structures for the users if they're not there, but it's probably best to > use the PADL scripts (http://www.padl.com/OSS/MigrationTools.html) to do > it. > > Clint > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Migrate Samba 3.0x tdb to Samba-3.0.2a ldapsam
Thanks Clint, greatly appreciated. I'll give it a try. Kindest regards David Wilson D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 83 267 7500 http://www.dcdata.co.za [EMAIL PROTECTED] [EMAIL PROTECTED] KZN's first and only pure Linux solution provider LinuxBox S.A.: Africa's shell provider. Powered by Linux and DcData - driven by passion ! http://www.linuxbox.co.za - Original Message - From: "Clint Sharp" <[EMAIL PROTECTED]> To: "David Wilson" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Monday, April 19, 2004 11:33 PM Subject: Re: [Samba] Migrate Samba 3.0x tdb to Samba-3.0.2a ldapsam > On Mon, 2004-04-19 at 01:37, David Wilson wrote: > > Hi guys/girls, > > > > How are you ? > > > > I'm looking at migrating my Samba-3.0.1 server which has the standard tdb > > backend to Samba-3.0.2a with an LDAP backend. > > I plan to use nss_ldap too. > > > > What would be the best way of doing this ? Any assistance would be greatly > > appreciated. > > > > Kindest regards > > David Wilson > > > > D c D a t a > > Tel +27 33 342 7003 > > Fax +27 33 345 4155 > > Cell +27 83 267 7500 > > http://www.dcdata.co.za > > [EMAIL PROTECTED] > > [EMAIL PROTECTED] > > KZN's first and only pure Linux solution provider > > > > LinuxBox S.A.: Africa's shell provider. > > Powered by Linux and DcData - driven by passion ! > > http://www.linuxbox.co.za > > Make sure you have migrated the UNIX users to your LDAP backend. PADL's > migration scripts come in very handy here. Then, you should be able to > do something like: > > pdbedit -i tdbsam: -e ldapsam:ldap:// > > You should already have ldapsam in your passdb backend and have test > accounts created and tested. I think pdbedit might create posixAccount > structures for the users if they're not there, but it's probably best to > use the PADL scripts (http://www.padl.com/OSS/MigrationTools.html) to do > it. > > Clint > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Migrate Samba accounts to LDAP
Ah excellent ! Thanks Adam. I'll give it a try. Greatly appreciated. Kindest regards David Wilson D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 83 267 7500 http://www.dcdata.co.za [EMAIL PROTECTED] [EMAIL PROTECTED] KZN's first and only pure Linux solution provider LinuxBox S.A.: Africa's shell provider. Powered by Linux and DcData - driven by passion ! http://www.linuxbox.co.za - Original Message - From: "Adam Tauno Williams" <[EMAIL PROTECTED]> To: "David Wilson" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Monday, April 19, 2004 4:53 PM Subject: Re: [Samba] Migrate Samba accounts to LDAP > > How are you ? > > Is tdb the standard passwd backend (/usr/local/samba/private/smbpasswd) ? > > I suppose. > > > I'm looking at migrating my Samba-3.0.1 server which has the standard tdb > > backend to Samba-3.0.2a with an LDAP backend. > > I plan to use nss_ldap too. > > What would be the best way of doing this ? Any assistance would be greatly > > appreciated. > > Get the LDAP backend all setup (add user, etc...) then use pdbedit's > import/export functionality. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Migrate Samba accounts to LDAP
Hi guys/girls, How are you ? Is tdb the standard passwd backend (/usr/local/samba/private/smbpasswd) ? I'm looking at migrating my Samba-3.0.1 server which has the standard tdb backend to Samba-3.0.2a with an LDAP backend. I plan to use nss_ldap too. What would be the best way of doing this ? Any assistance would be greatly appreciated. Kindest regards David Wilson D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 83 267 7500 http://www.dcdata.co.za [EMAIL PROTECTED] [EMAIL PROTECTED] KZN's first and only pure Linux solution provider LinuxBox S.A.: Africa's shell provider. Powered by Linux and DcData - driven by passion ! http://www.linuxbox.co.za -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Migrate Samba 3.0x tdb to Samba-3.0.2a ldapsam
Hi guys/girls, How are you ? I'm looking at migrating my Samba-3.0.1 server which has the standard tdb backend to Samba-3.0.2a with an LDAP backend. I plan to use nss_ldap too. What would be the best way of doing this ? Any assistance would be greatly appreciated. Kindest regards David Wilson D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 83 267 7500 http://www.dcdata.co.za [EMAIL PROTECTED] [EMAIL PROTECTED] KZN's first and only pure Linux solution provider LinuxBox S.A.: Africa's shell provider. Powered by Linux and DcData - driven by passion ! http://www.linuxbox.co.za -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba-3.0.2 PDC LDAP: Add computer to domain.... Working !
Hi Robert, Yes ! It's working !! Thank you kindly for your assistance, greatly appreciated ! Keep well. -- Many thanks and kind regards, David Wilson D c D a t a +27 33 3427003 +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] KZN's first and only pure Linux solution provider LinuxBox S.A.: Africa's shell provider. Powered by Linux and DcData - driven by passion ! http://www.linuxbox.co.za -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba-3.0.2 PDC LDAP: Add computer to domain issue with smbldap-tools
Hi guys, I've installed openldap-2.1.25 and Samba-3.0.2 and configured everything with no TLS on a Slackware-9.1 Linux box. To manage the LDAP backed I've used smbldap-tools-0.8.4. After populating the database with smbldap-populate I was able to first add users to /etc/passwd etc. and then to LDAP with smbldap-useradd -a and access the server via Windows PCs. Everything appeared to be working correctly. My only problem is that I cannot seem to get a machine account added correctly. I've added the PC name to /etc/passwd etc. with "useradd -s /bin/false -g computers pc1$" and also run "smbldap-useradd -w pc1". When the computer attempts to join the domain it receives an "unable to join domain" error. It seems that "smbldap-useradd -w pc1" seems to add only a posix account to the LDAP backend ?: --- pc1$, Computers, domain.net dn: uid=pc1$,ou=Computers,dc=domain,dc=net objectClass: top objectClass: inetOrgPerson objectClass: posixAccount cn: pc1$ sn: pc1$ uid: pc1$ uidNumber: 1007 gidNumber: 553 homeDirectory: /dev/null loginShell: /bin/false description: Computer - I've missed something somewhere for sure ? Perhaps I need nss_ldap ? I've also tried using the smbldap-tools that come with samba-3.0.2. Any suggestions would be greatly appreciated. Thank you kindly. -- Many thanks and kind regards, David Wilson D c D a t a +27 33 3427003 +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] KZN's first and only pure Linux solution provider LinuxBox S.A.: Africa's shell provider. Powered by Linux and DcData - driven by passion ! http://www.linuxbox.co.za -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba-3.0.2 PDC LDAP: Add computer to domain issue withsmbldap-tools
Hi Robert, Thank you kindly for your response. Before I run /usr/local/sbin/smbldap-useradd.pl -w "%u", do I need to have the computer account in /etc/passwd ? e.g. useradd -s /bin/false -g computers pc1$ ? Thank you for your assistance so far. -- Many thanks and kind regards, David Wilson D c D a t a +27 33 3427003 +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] KZN's first and only pure Linux solution provider LinuxBox S.A.: Africa's shell provider. Powered by Linux and DcData - driven by passion ! http://www.linuxbox.co.za -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba-3.0.2 PDC LDAP: Add computer to domain issuewithsmbldap-tools
Hi Rob, Wow !! Thanks for all that info. I'll give it a try and let you know how it goes. Thanks for all your assistance. -- Many thanks and kind regards, David Wilson D c D a t a +27 33 3427003 +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] KZN's first and only pure Linux solution provider LinuxBox S.A.: Africa's shell provider. Powered by Linux and DcData - driven by passion ! http://www.linuxbox.co.za -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: Re[2]: [Samba] pdbedit and password expiry
Ah, ok thanks Craig. -- Many thanks and kind regards, David Wilson D c D a t a +27 33 3427003 +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] LinuxBox S.A.: Africa's shell provider. Powered by Linux and DcData - driven by passion ! http://www.linuxbox.co.za -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: Re[2]: [Samba] pdbedit and password expiry
Hi Collen, Thanks for your reply. The MySQL backend sounds good, though I think LDAP may be a bit easier for us. I suppose SQL may be a better option when a VERY large user base is used ? Nevertheless I will keep your email in mind. >From what Andrew has said, I think the password expiry option can only be applied to all users, exactly the same as Windows NT ? -- Many thanks and kind regards, David Wilson D c D a t a +27 33 3427003 +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] LinuxBox S.A.: Africa's shell provider. Powered by Linux and DcData - driven by passion ! http://www.linuxbox.co.za -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] pdbedit and password expiry
Hi Andrew, Thanks for your reply. >and to push people to the wonderful (horrible) world of >LDAP ;-) Lol ! Ok, excellent ! I will read the samba-pdc-ldap howto and give it a try. Thank you very much for your assistance. ! Keep well. -- Many thanks and kind regards, David Wilson D c D a t a +27 33 3427003 +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] LinuxBox S.A.: Africa's shell provider. Powered by Linux and DcData - driven by passion ! http://www.linuxbox.co.za -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] pdbedit and password expiry
Hi guys/girls, How are you ? I've been struggling to get my users' passwords to expire. My configuration is samba-3.0 running with the standard smbpasswd back-end. Everything that I can find on the web says I should set the following to expire my users passwords after 28 days.: pdbedit -v -P 'minimum password age' -C 300 pdbedit -v -P 'maximum password age' -C 2419200 Unfortunately my users never get prompted for a new password. When I do a "pdbedit -v -u " all the details come up, however what I find interesting is the following: Password can change: Wed, 04 Feb 2004 16:59:54 GMT Password must change: Fri, 13 Dec 1901 22:45:51 GMT What ever I try I cannot change the "Password must change:" line. Perhaps I've missed something really simple here ? Does this feature perhaps require an LDAP back-end ? Any assistance would be greatly appreciated, thank you in advance. -- Many thanks and kind regards, David Wilson D c D a t a +27 33 3427003 +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] LinuxBox S.A.: Africa's shell provider. Powered by Linux and DcData - driven by passion ! http://www.linuxbox.co.za -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows 2000 password change with smbpasswd - login problem
Hi Andre, Thanks for your reply. Yes, apparently this does work. Any ideas why it doesn't work with smbpasswd ? Is there another way to work around this other than using ctrl+alt+del ? Thank you for your assistance so far. -- Many thanks and kind regards, David Wilson D c D a t a +27 33 3427003 +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] LinuxBox S.A.: Africa's shell provider. Powered by Linux and DcData - driven by passion ! http://www.linuxbox.co.za -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Windows 2000 password change with smbpasswd - login problem
Hello, Any ideas on this one ? Hopefully not being too pesky ? :) --- Hi guys, How are you ? My setup is as follows: Samba-3.0.0 PDC on a Slackware-9.0 box, with mixed N.T. and Windows 2000 clients. Everything has been running perfectly for months however now, it seems I've picked up a bit of a weird problem when changing a users password via smbpasswd. This problem only appears to affect users who log onto the Samba domain using a Windows 2000 PC. i.e If I change a password for an N.T. 4.0 user the user merely has to log out of N.T. and log back on with his new password, everything works perfectly. If I change a password for a Windows 2000 user, the user logs off Windows 2000, tries to login again, but receives and incorrect username/password error. Ever come across this before ? Any assistance would be greatly appreciated. -- Many thanks and kind regards, David Wilson D c D a t a +27 33 3427003 +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] LinuxBox S.A.: Africa's largest free shell provider. Powered by Linux and DcData - driven by passion ! http://www.linuxbox.co.za -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Windows 2000 password change with smbpasswd - login problem
Hi guys, How are you ? My setup is as follows: Samba-3.0.0 PDC on a Slackware-9.0 box, with mixed N.T. and Windows 2000 clients. Everything has been running perfectly for months however now, it seems I've picked up a bit of a weird problem when changing a users password via smbpasswd. This problem only appears to affect users who log onto the Samba domain using a Windows 2000 PC. i.e If I change a password for an N.T. 4.0 user the user merely has to log out of N.T. and log back on with his new password, everything works perfectly. If I change a password for a Windows 2000 user, the user logs off Windows 2000, tries to login again, but receives and incorrect username/password error. Ever come across this before ? Any assistance would be greatly appreciated. -- Many thanks and kind regards, David Wilson D c D a t a +27 33 3427003 +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] LinuxBox S.A.: Africa's largest free shell provider. Powered by Linux and DcData - driven by passion ! http://www.linuxbox.co.za -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] -Please assist with Machine password change failed-
Hi guys and girls, I run a Samba-3.0 PDC for about 30 N.T. workstations on a Slackware Linux box. I often see the following error in the N.T. workstation's event log: Changing machine account password for account "x$" failed with the following error: The handle is invalid. I'm not using PAM in any way. Any ideas what this could be ? Any assistance would be greatly appreciated. -- Many thanks and kind regards, David Wilson D c D a t a +27 33 3427003 +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] LinuxBox S.A.: Africa's largest free shell provider. Powered by Linux and DcData - driven by passion ! http://www.linuxbox.co.za -- Many thanks and kind regards, David Wilson D c D a t a +27 33 3427003 +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] LinuxBox S.A.: Africa's largest free shell provider. Powered by Linux and DcData - driven by passion ! http://www.linuxbox.co.za -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Machine account pasword change failed (NT 4)
Hi guys and girls, I run a Samba-3.0 PDC for N.T. workstations on a Slackware Linux box. I often see the following error in the N.T. workstation's event log: Changing machine account password for account "x$" failed with the following error: The handle is invalid. Any ideas what this could be ? I'm not using PAM in any way. Any assistance would be greatly appreciated. -- Many thanks and kind regards, David Wilson D c D a t a +27 33 3427003 +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] LinuxBox S.A.: Africa's largest free shell provider. Powered by Linux and DcData - driven by passion ! http://www.linuxbox.co.za -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Machine account password change failed in N.T. 4 event log ?
Hi guys and girls, I run a Samba-3.0 PDC for N.T. workstations on a Slackware Linux box. I often see the following error in the N.T. workstation's event log: Changing machine account password for account "x$" failed with the following error: The handle is invalid. Any ideas what this could be ? I'm not using PAM in any way. Any assistance would be greatly appreciated. -- Many thanks and kind regards, David Wilson D c D a t a +27 33 3427003 +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] LinuxBox S.A.: Africa's largest free shell provider. Powered by Linux and DcData - driven by passion ! http://www.linuxbox.co.za -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Large (3000+ users) NT to Samba migration
Thanks Gerald Many thanks and kind regards. David Wilson DcData/LinuxBox S.A. +27 83 787 7424 ICQ#: 114636368 http://www.dcdata.co.za http://www.linuxbox.co.za NOTICE: Please note that as of 31/01/2003 all service requests must be sent to [EMAIL PROTECTED] - Original Message - From: "Gerald (Jerry) Carter" <[EMAIL PROTECTED]> To: "Jim" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: 04 March 2003 03:37 Subject: Re: [Samba] Re: Large (3000+ users) NT to Samba migration > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On Mon, 24 Feb 2003, Jim wrote: > > > What is the platform (i.e. what distrobution of Linux)? > > > > > A client of mine is seriously investigating migrating their 7 NT servers and > > > 3000+ users to Linux running Samba. > > > I've read one or two documents so far about the migration, but I'm still a > > > little unclear about a number of things. > > > > > > When you have a chance I'd really appreciate your guidance on the following > > > items. > > > 1.) LDAP, /etc/passwd or MySQL backend (if supported). > > > > The standard backend should be ldbm. I would reccomend sticking with it > > unless you have specific needs that dictate otherwise. Custom front > > ends can be written using Java. > > Assuming you are referring to OpenLDAP. In that case, the Berkeley > backend (bdb) is now the recommended one. > > > > 4.) Configuration of BDC(s). > > > > That is out of my area. > > There's a HOWTO included with Samba. > > > > > cheers, jerry > -- > Hewlett-Packard- http://www.hp.com > SAMBA Team -- http://www.samba.org > GnuPG Key http://www.plainjoe.org/gpg_public.asc > "You can never go home again, Oatman, but I guess you can shop there." > --John Cusack - "Grosse Point Blank" (1997) > > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.2.0 (GNU/Linux) > Comment: For info see http://quantumlab.net/pine_privacy_guard/ > > iD8DBQE+ZKwcIR7qMdg1EfYRAkvkAKDhNuAUQ+D8FBqoflhMhZHD7FFkWACfSOiM > rmV9v0ZEpfMiHeVUgd7NyWA= > =OPy3 > -END PGP SIGNATURE- > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Large (3000+ users) NT to Samba migration
Hi Mikko, Thanks for your response. My client will only be migrating their servers to Linux, workstations will remain as is, a mixture of NT workstation, Win98 & Win2000Pro PCs. Many thanks and kind regards. David Wilson DcData/LinuxBox S.A. +27 83 787 7424 ICQ#: 114636368 http://www.dcdata.co.za http://www.linuxbox.co.za NOTICE: Please note that as of 31/01/2003 all service requests must be sent to [EMAIL PROTECTED] - Original Message - From: "Mikko Rautiainen" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: 25 February 2003 10:17 Subject: Re: [Samba] Large (3000+ users) NT to Samba migration > David Wilson wrote: > > >Hi guys and girls, > > > >A client of mine is seriously investigating migrating their 7 NT servers and > >3000+ users to Linux running Samba. > >I've read one or two documents so far about the migration, but I'm still a > >little unclear about a number of things. > > > >When you have a chance I'd really appreciate your guidance on the following > >items. > >1.) LDAP, /etc/passwd or MySQL backend (if supported). > >2.) User/machine account migration utilities. > >3.) Front-ends for adding user/machine accounts. > >4.) Configuration of BDC(s). > > > >Or any links to the information would be great. > > > >Many thanks and kind regards. > > > >David Wilson > >DcData/LinuxBox S.A. > >+27 83 787 7424 > >ICQ#: 114636368 > >http://www.dcdata.co.za > >http://www.linuxbox.co.za > > > >NOTICE: Please note that as of 31/01/2003 > >all service requests must be sent to > >[EMAIL PROTECTED] > > > > > > > Hi, > > Here are two things that came to my mind. > > 1. Are they migrating all computers (workstations and servers) to linux. > If they are migrating all then I am not sure is samba the right choise. > > 2. If I have understood right samba 2.2.x doesn't support BDC's. But the 3.0 > version will support BDC's. > > > > Mikko Rautiainen > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Large (3000+ users) NT to Samba migration
Hi Jim, Thank you for your response - apologies for the delay in getting back to you. I've been supporting Slackware Linux for years and will probably ask my client to stick with it - unless you can recommend another distribution ? Many thanks and kind regards. David Wilson DcData/LinuxBox S.A. +27 83 787 7424 ICQ#: 114636368 http://www.dcdata.co.za http://www.linuxbox.co.za NOTICE: Please note that as of 31/01/2003 all service requests must be sent to [EMAIL PROTECTED] - Original Message - From: "Jim" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: 25 February 2003 12:51 Subject: [Samba] Re: Large (3000+ users) NT to Samba migration > What is the platform (i.e. what distrobution of Linux)? > > > A client of mine is seriously investigating migrating their 7 NT servers and > > 3000+ users to Linux running Samba. > > I've read one or two documents so far about the migration, but I'm still a > > little unclear about a number of things. > > > > When you have a chance I'd really appreciate your guidance on the following > > items. > > 1.) LDAP, /etc/passwd or MySQL backend (if supported). > > The standard backend should be ldbm. I would reccomend sticking with it > unless you have specific needs that dictate otherwise. Custom front > ends can be written using Java. > > > 2.) User/machine account migration utilities. > > There is a script package called smbldap-tools that might contain a > script for this. These days it is usually packaged with the server and > is usually found in '/usr/local/samba/scripts'. slapcat is another > alternative although I am uncertain as how to go about using it on a > remote M$ system. > > > 3.) Front-ends for adding user/machine accounts. > > There is a script for it in smbldap-tools. Would probably be quite easy > to rig up a secured web page as a front end for it. There is also such > tools as 'directory_administrator', gq, and I believe Mandrake's > UserDrake also will access an LDAP directory. > > > 4.) Configuration of BDC(s). > > That is out of my area. > > > Or any links to the information would be great. > > > > Many thanks and kind regards. > > > > David Wilson > > DcData/LinuxBox S.A. > > +27 83 787 7424 > > ICQ#: 114636368 > > http://www.dcdata.co.za > > http://www.linuxbox.co.za > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Large (3000+ users) NT to Samba migration
Hi guys and girls, A client of mine is seriously investigating migrating their 7 NT servers and 3000+ users to Linux running Samba. I've read one or two documents so far about the migration, but I'm still a little unclear about a number of things. When you have a chance I'd really appreciate your guidance on the following items. 1.) LDAP, /etc/passwd or MySQL backend (if supported). 2.) User/machine account migration utilities. 3.) Front-ends for adding user/machine accounts. 4.) Configuration of BDC(s). Or any links to the information would be great. Many thanks and kind regards. David Wilson DcData/LinuxBox S.A. +27 83 787 7424 ICQ#: 114636368 http://www.dcdata.co.za http://www.linuxbox.co.za NOTICE: Please note that as of 31/01/2003 all service requests must be sent to [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
