Re: [Samba] Printer drivers
Hi, is this a bug in Samba 4? Regards, Fabian On 03/21/2013 06:29 AM, Johan Hendriks wrote: Hi Fabian, Yes - here is (excerpt from) my setup. You also need to set permissions on shares so printer admins can write driver files and everybody can print. I think you need arcitecture foldres under print$ (W32X86 etc) and set SePrintOperatorPrivilege for users to set up printers. I got it all working OK (samba 3.5.6), but I do still have troubles with printer properties in some drivers. I suspect it might work better in samba3.3 and older but have not got as far as testing this. Jim [global] .. load printers = yes printing = cups printcap name = cups #show add printer wizard = no use client driver = no force printername = yes # cups options = raw [print$] comment = windows printer drivers path = /var/lib/samba/printers browseable = no guest ok = yes read only = no create mask = 0664 directory mask = 775 force group = print operators [printers] comment = all printers path = /var/spool/samba printable = yes writeable = no guest ok = no create mask = 0700 browseable = no On 18 March 2013 04:46, Fabian von Romberg fromberg...@hotmail.com wrote: Hi, is it possible to have printer driver on samba and when the user wants to use a particular printer can install the drivers automatically from samba? Thanks in advance and regards, Fabian -- Well on samba 3.6.x i got it working also, but on samba4 i do not get the printers and faxes share. Whatever i do. I do get the printer itself. Is the documentation not right and do i need to use the printer share it self. regards Johan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Printer drivers
Hi Johan, I had the same proble where I could not see any share. I solved it by putting the following under [print$] browseable = yes I dont know if this is the only way. If there is any other alternative, please let anybody know. Thanks and regards, Fabian On 03/18/2013 06:14 AM, Johan Hendriks wrote: Zitat von Fabian von Romberg fromberg...@hotmail.com: Hi, is it possible to have printer driver on samba and when the user wants to use a particular printer can install the drivers automatically from samba? Thanks in advance and regards, Fabian Do you mean like this: https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO#Point_and_Print_Drivers regards Lukas Sorry if i hyjack I am trying to get this to work also. The problem i have is that i do not see a printers and faxes share. So i can not connect to it this is my smb4.conf # Global parameters [global] workgroup = TESTBOOM realm = TESTBOOM.LOCAL netbios name = SMB-FILER01 server role = active directory domain controller dns forwarder = 8.8.8.8 nsupdate command = /usr/local/bin/samba-nsupdate -g # Printers load printers = yes printing = cups printcap name = cups force printername = yes cups options = raw [printers] comment = All Printers path = /usr/local/samba/var/spool browseable = Yes guest ok = yes read only = No printable = Yes [print$] comment = Point and Print Printer Drivers path = /usr/local/samba/var/print read only = No use client driver = yes write list = administrator, @domain admins regards johan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Printer drivers
Hi, is it possible to have printer driver on samba and when the user wants to use a particular printer can install the drivers automatically from samba? Thanks in advance and regards, Fabian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Printers Sharing
Hi, Im running samba4.0.3. I added a new printer named HP via CUPS administration interface. I can see the printer as shared and I can print also, but what calls my attention is that on debugging information I keep getting the following constantly: winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP already exists Below is my smb.conf parts: [printers] comment = All Printers path = /usr/local/samba/var/spool browseable = Yes read only = No printable = Yes [print$] comment = Point and Print Printer Drivers path = /usr/local/samba/var/print browseable = yes read only = yes guest ok = yes Is this already exists message normal? Thanks and regards, Fabian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] access based shared enum = yes
Hi Takahashi, thanks for your reply. Actually I tried that under the share definition. Please see my smb.conf: [global] workgroup = MYDOMAIN realm = MYDOMAIN.COM netbios name = PDC server role = active directory domain controller server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate log level = 2 max log size = 0 [netlogon] path = /usr/local/samba/var/locks/sysvol/expomediosgye.com/scripts read only = No [sysvol] path = /usr/local/samba/var/locks/sysvol read only = No [shared2] path = /shared/share2 read only = No access based share enum = yes hide unreadable = yes With the administrator account I have set privileges to the user Administrator only. When I login with another user Im still able to see the share, however when I want to open it I get an access denied error which is correct, the thing is that I want to hide the share when the user has no access to it. Thanks and regards, Fabian On 02/16/2013 08:30 AM, TAKAHASHI Motonobu wrote: From: Fabian von Romberg fromberg...@hotmail.com Date: Fri, 15 Feb 2013 22:41:52 -0500 how can accomplish access based shared enum = yes in Samba4? I want to hide a share to a user who has not read access. I read that this is possible in Samba3. As far as I examined in Samba 4.0.1, it works. My smb.conf is: - [global] # access based share enum = yes [tmp] writeable = yes path = /tmp - Remember that you set tmp share's access rights via Windows GUI (not via Samba parameters such as valid users). -- TAKAHASHI Motonobu mo...@monyo.com / @damemonyo facebook.com/takahashi.motonobu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] access based shared enum = yes
Hi, how can accomplish access based shared enum = yes in Samba4? I want to hide a share to a user who has not read access. I read that this is possible in Samba3. Thanks in advance and regards, Fabian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4: Extending the Schema
Hi Bob, could you please share the link where you found in google how to enable it. Regards, Fabian On 02/11/2013 04:50 PM, Bob Miller wrote: On Mon, 2013-02-11 at 20:11 +0100, Gémes Géza wrote: 2013-02-11 20:04 keltezéssel, Varoujan Avanessians írta: Hi We are thinking of Developing a corporate Directory application the would pull user information from Samba4 Ad. However for our needs we need some additional User attributes that don't seem to be available as part of the AD-schema, such as Hire Date or Emergancy contact information, so it seems to me that I would need to Extend the Schema to make this user attributes available. My question is: Can this be done? and if so has anyone done something similar and can direct me to the right place for information? Any help is greatly appreciated. Hi, As a jump-start: https://wiki.samba.org/index.php/Samba4/Schema_extenstions Regards Geza Gemes One thing that is not on that page that I found useful was the schema snap in. Google will show you how to enable it. It is very labour intensive if you are going to be adding tens or hundreds of attributes, but for adding two or three attributes, I found it much faster and easier to use than ldifs. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] s3fs or ntvfs
Hi, how can I what filer server is currently running in samba4, s3fs or ntvfs? My smb.conf looks like this: server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate, web dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver Im asking as when looging from a Windows 7 client im seing in debug the following: /usr/local/samba/sbin/smbd: Initialising default vfs hooks /usr/local/samba/sbin/smbd: Initialising custom vfs hooks from [/[Default VFS]/] /usr/local/samba/sbin/smbd: Initialising custom vfs hooks from [acl_xattr] /usr/local/samba/sbin/smbd: Initialising custom vfs hooks from [dfs_samba4] /usr/local/samba/sbin/smbd: connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service IPC$ Regards, Fabian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] s3fs or ntvfs
Thanks Ricky. On 02/12/2013 10:08 PM, Ricky Nance wrote: In more recent versions of samba, the server services line is typically omitted (as is the dcerpc endpoint servers). If you have +smb, -s3fs, you are using ntvfs, otherwise +s3fs does just what it says (and in your line there is no smb either, which is good if you are running s3fs). As far as I remember, these lines are no longer generated by provision (since early betas I think). Also, if you start samba and see smbd running (ps ax | grep smbd), then you are using s3fs, and according to your mail, this is the case. Ricky On Tue, Feb 12, 2013 at 6:58 PM, Fabian von Romberg fromberg...@hotmail.com wrote: Hi, how can I what filer server is currently running in samba4, s3fs or ntvfs? My smb.conf looks like this: server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate, web dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver Im asking as when looging from a Windows 7 client im seing in debug the following: /usr/local/samba/sbin/smbd: Initialising default vfs hooks /usr/local/samba/sbin/smbd: Initialising custom vfs hooks from [/[Default VFS]/] /usr/local/samba/sbin/smbd: Initialising custom vfs hooks from [acl_xattr] /usr/local/samba/sbin/smbd: Initialising custom vfs hooks from [dfs_samba4] /usr/local/samba/sbin/smbd: connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service IPC$ Regards, Fabian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] fileserver.conf
I just did a samba-tool domain provision as AD DC. I read that if --use-ntvfs is not specified, samba4 will run as s3fs. I read also that a fileserver.conf should be generated, however I dont see that file. Is this important? Im running samba 4.0.3 Regards, Fabian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Error PA-DATA
Hi, Im getting the following error from my samba4 server when authenticating from a Windows XP client: Kerberos: Failed to decrypt PA-DATA -- none-0bbd9e655e$@MYDOMAIN.COM What does this mean? Thanks and regards, Fabian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Server Under Microsoft Windows Network
Hi Hleb, thank you very much for the tip. I have another question. As you might see Im just setting up my samba4 server as an active directory domain controller. When I login from XP, everything works fine, but when I tried to open a shared folder on my samba server I get asked for username and password. I type the same username and password as I do on the login, but it keeps asking for username and password. Im running samba in debug level 3. It is funny, every time I try with username and password, I dont see on the console that what I put as username/password is validated. For your reference my smb.conf as follows: [global] workgroup = MYDOMAIN realm = MYDOMAIN.COM netbios name = PDC server role = active directory domain controller server services = rpc, nbt, wrepl, ldap, cldap, drepl, kdc, ntp_signd, kcc, dnsupdate, smb dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver, winreg, srvsvc [netlogon] path = /var/lib/samba/sysvol/expomediosgye.com/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No [shared] path = /var/lib/samba/usershares read only = No On 02/03/2013 03:35 AM, Hleb Valoshka wrote: On 2/3/13, Fabian von Romberg fromberg...@hotmail.com wrote: Im running a samba4 server. When I logged onto the server from a XP Machine and then I go to My Network Places - Microsoft Windows Network - Mydomain my samba4 server is not listed. It's well known and documented limitation of current samba. What could be the reason? Should I set up anything on my XP machine? I know workaround: 1) Use windows or samba3 (or samba4 configured as classic server) boxes to serve as netbios browsers. Set os level=1 in your smb.conf, this sh'ld be enough. 2) Start on your samba4 AD server nmbd from any 3.* series. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 Authentication
Hi Andrew, thanks for your reply. I suspected it was a DNS issue. It seems there was a conflict with my kerberos. Im running Samba 4.0.0 release. I installed separately Kerberos 5. When I do a samba domain provision, the smb.conf is generated and one configuration under [global] is the following: server services = rpc, nbt, wrepl, ldap, cldap, drepl, kdc, ntp_signd, kcc, dnsupdate, smb As you can see there is kdc. So I suspected there was a conflict. So I stopped the service of Kerberos5 I installed separately and restarted samba. After this the loggin was very fast and by debugging I could see the authentication was done via kerberos. Now Im having another problem. If you can help me I would appreciate. From a XP machine and after a successful login, I want to access the following shared folder: [shared] path = /var/lib/samba/usershares read only = No I see the folder shared on windows explorer, thats fine, but when I want to open it, Im asked again for username and password. I put the same username and password I used for the login, but nothing happens I get asked again and again for username and password, it seems my xp machine does not connect to samba for user validation, I dont even see on the debug (level 3) from samba that the username and password is validated. What could be the reason? Any help or tip would be much appreciated. Thanks and regards, Fabian On 02/03/2013 07:46 AM, Andrew Bartlett wrote: On Sun, 2013-02-03 at 00:27 -0500, Fabian von Romberg wrote: Hi, when I logon from windows machine, the username is validated against samdb. How can user be validated against Kerberos5 (principals)? Clients of a Samba 4.0 AD DC will use kerberos for the domain login when network configurations permit it (such as correct DNS). This is validated by the KDC against the same database (samdb) that NTLM logins work against, to ensure consistent behaviour for the user. Andrew Bartlett -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Rejoining a windows client
Hi, I have a windows client that was joined to mydomain.com samba4 ad dc. I reinstalled my samba4 server. My question is if it is possible to rejoin a windows client from the samba4 server so I dont have to do it from the client? Is this possible? Thanks and regards, Fabian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Slow Logon To Samba4
Hi All, I just set up my samba4 server. Im able to login from a Windows XP Machine, but the logon takes around 20 seconds. Is this normal or logon process should be much faster? What could be the reasons? Thanks in advance and regards, Fabian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba Server Under Microsoft Windows Network
Hi All, Im running a samba4 server. When I logged onto the server from a XP Machine and then I go to My Network Places - Microsoft Windows Network - Mydomain my samba4 server is not listed. What could be the reason? Should I set up anything on my XP machine? Your help will be appreciated. Thanks and regards, Fabian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 Authentication
Hi, when I logon from windows machine, the username is validated against samdb. How can user be validated against Kerberos5 (principals)? Thanks and regards, Fabian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Authentication With Kerberos
Hi Andrew, it is Samba 4 and the server role is active directory domain controller. Thanks and regards, Fabian On 28/01/2013 9:32, Andrew Bartlett wrote: On Sun, 2013-01-27 at 11:48 -0500, Fabian von Romberg wrote: Hi All, Im thrying to setup a server with Samba4 with Kerberos. When I want to see list all shares with smbclient with samba authentication, everything works fine. But when I try to authenticate using Kerberos, I get and error. To be clear, is this Samba 4.0 as an AD DC, or as a member server in another AD domain? The command I execute is: smbclient -L localhost -k The error message from Samba is: using SPNEGO Selected protocol [8][NT LANMAN 1.0] GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Decrypt integrity check failed for checksum type hmac-sha1-96-aes256, key type aes256-cts-hmac-sha1-96 SPNEGO(gssapi_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE SPNEGO login failed: NT_STATUS_LOGON_FAILURE smbclient should never do kerberos to localhost because we can never know which localhost that is. If you have somehow registered a 'localhost' as a servicePrincipalName, then this is likely the cause of the issue. (This error indicates that the key you got from the KDC is not the key that the server has in it's secrets database/keytab.) Andrew Bartlett -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Authentication With Kerberos
Hi Andrew, it is Samba 4 and the server role is active directory domain controller. Thanks and regards, Fabian On 28/01/2013 9:32, Andrew Bartlett wrote: On Sun, 2013-01-27 at 11:48 -0500, Fabian von Romberg wrote: Hi All, Im thrying to setup a server with Samba4 with Kerberos. When I want to see list all shares with smbclient with samba authentication, everything works fine. But when I try to authenticate using Kerberos, I get and error. To be clear, is this Samba 4.0 as an AD DC, or as a member server in another AD domain? The command I execute is: smbclient -L localhost -k The error message from Samba is: using SPNEGO Selected protocol [8][NT LANMAN 1.0] GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Decrypt integrity check failed for checksum type hmac-sha1-96-aes256, key type aes256-cts-hmac-sha1-96 SPNEGO(gssapi_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE SPNEGO login failed: NT_STATUS_LOGON_FAILURE smbclient should never do kerberos to localhost because we can never know which localhost that is. If you have somehow registered a 'localhost' as a servicePrincipalName, then this is likely the cause of the issue. (This error indicates that the key you got from the KDC is not the key that the server has in it's secrets database/keytab.) Andrew Bartlett -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba Authentication With Kerberos
Hi All, Im thrying to setup a server with Samba4 with Kerberos. When I want to see list all shares with smbclient with samba authentication, everything works fine. But when I try to authenticate using Kerberos, I get and error. The command I execute is: smbclient -L localhost -k The error message from Samba is: using SPNEGO Selected protocol [8][NT LANMAN 1.0] GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Decrypt integrity check failed for checksum type hmac-sha1-96-aes256, key type aes256-cts-hmac-sha1-96 SPNEGO(gssapi_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE SPNEGO login failed: NT_STATUS_LOGON_FAILURE Any help will be appreciated. Thanks and regards, -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
