Re: [Samba] [PATCH] Re: Samba 4, Winbind RFC2307
Hi Andrew Am 26.12.2012 10:54, schrieb Andrew Bartlett: Attached is an interim patch. Before we get this into master, I need to write a series of tests, because having this code untested is just causing us trouble. However, the attached should work, and so I would appreciate some testing if you have time. unfortunately your patch did not solve the problem. I found a second appearance of posixAccount and posixGroup in idmap.c and removed it and after that it works Here the diff: [root@merlot winbind]# diff idmap.c idmap.c_org 440c440,441 (|(uidNumber=*)(gidNumber=*))), --- (|(uidNumber=*)(gidNumber=*)) (|(objectClass=posixAccount)(objectClass=posixGroup))), I have no knowledge in c and no idea of the logic of the code, so just take that as feedback and not as a solution. Regards Hansjörg Thanks, Andrew Bartlett This body part will be downloaded on demand. -- Dr. Hansjörg Maurer itsystems Deutschland AG Linprunstraße 10 80335 München Tel: +49-89-52 04 68-41 Fax: +49-89-52 04 68-59 E-Mail: hansjoerg.mau...@itsd.de Web:http://www.itsd.de Amtsgericht München HRB 132146 USt-IdNr. DE 812991301 Steuer-Nr. 143/100/81575 Aufsichtsratsvorsitzender: Stefan Adam Vorstand: Dr. Michael Krocka Dr. Hansjörg Maurer -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4, Winbind RFC2307
Hi Am 16.12.2012 23:06, schrieb Andrew Bartlett: On Sun, 2012-12-16 at 16:51 -0500, Thomas Simmons wrote: Hello Andrew, If functionality is not there, I certainly understand and can work around it. I just want to make sure I am not misunderstanding something. When you say I should set idmap_ldb:use rfc2307=yes in smb.conf on the DC, do you mean that by doing so I can use winbind (and the rfc2307 attributes) for *nix authentication on the DC? I am confused because I already have idmap_ldb:use rfc2307 = yes in my smb.conf (it gets added automatically with the classicupgrade and I always provision my clean test setup with --use-rfc2307). That actually works fine - the rfc2307 attributes are there and I can modify them in ADUC. If I configure the server to use NSS+LDAP for authentication, my users's uid number, gid number, shell, etc are what I have specified in ADUC. When I try using winbind, it is not using the rfc2307 information from AD. That's odd, but remember that only the UID and GID values will be used (not the shell or homedir, which is handled in a different bit of the code). However, your output below clearly shows that isn't happening :-( I got it working with 4.0.0 with some manual interaction Steps to reproduce: - add a user to a domain provisioned with --use-rfc2307 samba-tool user add testuser - add a group testgroup to the domain - set unix attributes with MMC for user and group - put user into windows group using MMC and assign testgroup as windows primary group (not under unix attributes) - set idmap_ldb:use rfc2307=Yes in smb.conf Like reported before, the user and the group did not show up in getent passwd and getent group with the uid and gid set in MMC but with a random number testgroup:*:322: S4HJ\testuser:*:313:100::/home/testuser:/bin/bash If I do a ldbedit -e vi -H /etc/samba/sam.ldb and manually add objectClass: posixGroup to testgroup and objectClass: posixAccount to testuser it works fine [root@merlot samba-4.0.0]# getent passwd testuser S4HJ\testuser:*:1:10001::/home/testuser:/bin/bash [root@merlot samba-4.0.0]# getent group testgroup testgroup:*:1: [root@merlot samba-4.0.0]# id -a S4HJ\\testuser uid=1(S4HJ\testuser) gid=10001(testgroup2) Gruppen=10001(testgroup2),100(users),1(testgroup) Is ther a way to add this objectclass automatically? Regards Hansjörg -- Dr. Hansjörg Maurer itsystems Deutschland AG Linprunstraße 10 80335 München Tel: +49-89-52 04 68-41 Fax: +49-89-52 04 68-59 E-Mail: hansjoerg.mau...@itsd.de Web:http://www.itsd.de Amtsgericht München HRB 132146 USt-IdNr. DE 812991301 Steuer-Nr. 143/100/81575 Aufsichtsratsvorsitzender: Stefan Adam Vorstand: Dr. Michael Krocka Dr. Hansjörg Maurer -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4, Winbind RFC2307
Hi Andrew Please file a bug, so it isn't lost over the Christmas season, but clearly I need to change the code not to rely on posixAccount and posixGroup. The steps you performed are reasonable, and while we can improve our tool to add that objectClass, if AD isn't adding it using the standard GUI tools, we shouldn't require it either. done https://bugzilla.samba.org/show_bug.cgi?id=9520 Thank you very much Regrads Hansjörg Andrew Bartlett -- Dr. Hansjörg Maurer itsystems Deutschland AG Linprunstraße 10 80335 München Tel: +49-89-52 04 68-41 Fax: +49-89-52 04 68-59 E-Mail: hansjoerg.mau...@itsd.de Web:http://www.itsd.de Amtsgericht München HRB 132146 USt-IdNr. DE 812991301 Steuer-Nr. 143/100/81575 Aufsichtsratsvorsitzender: Stefan Adam Vorstand: Dr. Michael Krocka Dr. Hansjörg Maurer -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Delete pending after open in M.Office
Hi Am 16.08.2012 17:33, schrieb Volker Lendecke: O Seems so. We have tried to reproduce the problem here without success. Are there exact instructions out there somewhere (smb.conf, Windows versions etc) to reproduce the issue reliably? the logs I provided in the bugzilla report are from samba 3.6.6 on Centos-6.3 x86_64 as AD member smb.conf below But I habe also problem reports from opensuse 11.x and Centos 5 as PDC In the case below clients are Windows 7 x64 and max protocol = smb2 regards Hansjörg [global] workgroup = XXX realm = INTRA.XXX.DE netbios name = FTPSERVER server string = RM-FTP-Server interfaces = 127.0.0.1, eth0 bind interfaces only = Yes security = ADS password server = * username map = /etc/samba/smbusers log level = 1 syslog = 0 log file = /var/log/samba/log.%m printcap name = /dev/null machine password timeout = 604800 os level = 25 preferred master = No local master = No domain master = No dns proxy = No encrypt passwords = yes idmap config * : backend = tdb idmap config * : range = 101-199 idmap config XXX : backend = ad idmap config XXX : schema_mode = rfc2307 idmap config XXX : readonly = yes idmap config XXX : range = 1000-100 max protocol = smb2 wins server = create mask = 0664 directory mask = 0775 use sendfile = Yes hide dot files = No map archive = No dont descend = lost+found load printers= no printing = bsd printcap name = /dev/null [tmp] path = /home_local/tmp comment = tmp-Share browseable = yes writeable = yes wide links = no Volker -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Migrate tdb to ctdb ?
Hi I want to replace a samba AD member file and printserver to a ctdb based clustered system. Is there a chance to migrate the old TDB Files (with printer settings, winbind user mapping) to the new clusterd TDB? Regards Hansjörg -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] %a switch for windows7 und w2008 server?
Hi I have found this switch for seperating profiles in a mixed windows version environment You can also take full advantage of Samba's Variable Substitutions and further separate User's profiles, such as by architecture. Using the directive: * logon path = \\%L\profiles\%U\%a will separate the user's profiles relating to each version of Windows, such as WinXP, WinNT, etc. This is extremely helpful if you have users that jump from computer to computer that have different versions of Windows on them. This can solve a whole slew of problems relating to the registry on different versions of Windows, especially when running different version of Internet Explorer. Separating profiles in this way can be a very powerful feature, especially when you include Folder Redirection into the mix. In smb.conf (3.4.8) I found, that %a only recognizes Windows Versions up to Vista Are windows7 und w2008 server recognized to or stated as unknown? %a The architecture of the remote machine. It currently recognizes Samba (Samba), the Linux CIFS file system (CIFSFS), OS/2, (OS2), Windows for Workgroups (WfWg), Windows 9x/ME (Win95), Windows NT (WinNT), Windows 2000 (Win2K), Windows XP (WinXP), Windows XP 64-bit(WinXP64), Windows 2003 including 2003R2 (Win2K3), and Windows Vista (Vista). Anything else will be known as UNKNOWN. Regards Hansjörg -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba with acl support as member auf a samba controlled domain?
Hi I am running a Samba PDC and a Samba member server in his domain. The member server acts as a file server with unix acl's working. Is it possible to get these acl's working under samba to? The docs seem to say, that acl's are only possible if samba is a memberserver in an NT-Domain using winbind. In my case the PDC acts as a LDAP Server and the Member server is gets the unix account information from Ldap. I am running samba 3.0.4 and had no sucesse with this setup. The windows client shows acls not as for the domain\user but for the memberserver\user Here is my smb.conf [global] log file = /var/log/samba/log.%m log level =2 security = domain workgroup = ITSYSTEMS encrypt passwords = yes netbios name = chardonnay server string = Install-Server password server = 192.168.0.1 machine password timeout = 60480 guest account = gast os level=25 wins support = no wins server = 192.168.0.1 dns proxy = no username map = /etc/smbusers preferred master = no domain master = no local master = no name resolve order = wins hosts socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 hosts allow = 192.168.0. bind interfaces only = Yes deadtime=180 keepalive = 3600 unix charset = iso8859-15 display charset = iso8859-15 [install] comment = Install Verzeichnis path = /install read only = no public = yes Thank you very much Hansjörg Maurer -- Dr. Hansjörg Maurer itsystems Deutschland AG Linprunstr. 10 D-80335 München Ph/Fax +49 89 52 04 68-41/-59 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba