Re: [Samba] samba3.0.22 - net setlocalsid with no effect
Hi Doug, *, I was calling sernet support.. ;o)) Doug VanLeuven schrieb: [..] I used a VM machine, FC5, samba-3.0.23c-1.fc5 because it's the scratch machine I have. Here's what I did to reset the SID of the new PDC (hoping that's what you want to do) #On the PDC, smbd, nmbd, winbind stopped. I've no winbindd running.. [EMAIL PROTECTED] ~]# testparm -sv 21|less .. Server role: ROLE_DOMAIN_PDC .. [EMAIL PROTECTED] ~]# service smb start Starting SMB services: [ OK ] Starting NMB services: [ OK ] # List current unwanted SID [EMAIL PROTECTED] ~]# net getlocalsid SID for domain VMPDC is: S-1-5-21-893123068-2258791905-4052818733 ^^ .. doesn't hit the nail. machine would say the correct thing.. [EMAIL PROTECTED] samba]# net rpc info Password: Domain Name: VMWKGP ^^ This one is the domain.. Domain SID: S-1-5-21-893123068-2258791905-4052818733 Sequence number: 1207290693 Num users: 1 Num domain groups: 0 Num local groups: 0 #Change PDC SID to something else [EMAIL PROTECTED] samba]# net setlocalsid S-1-5-21-9-2258791905-4052818733 did work .. [EMAIL PROTECTED] samba]# net setdomainsid S-1-5-21-9-2258791905-4052818733 didn't work - command not recogized .. I succeeded manipulating the domain SID with following steps: On my ubuntu dapper box: #stop sambaservice: /etc/inid.d/samba stop /etc/init.d/samba stop * Stopping Samba daemons... [ OK ] mv /var/lib/samba/secrets.tdb /var/lib/samba/secrets.tdb.bak net setlocalsid SID_WANTED #new secrets.tdb is created net getdomainsid SID for domain PDC_MACHINE is: SID_WANTED SID for domain DOMAIN is: SID_WANTED Heureka!! And even better: moving secrets.tdb.bak to secrets.tdb showed the old values. Thus I can do some testing before really changing things. :o)) Ah not to forget: /etc/init.d/samba start * Starting Samba daemons [ OK ] [..] First step is done - now I have to go there at late hour, change things and do tests. Thanks for your help - I'll report more :o)) -- Friedrich beste Grüße/best regards von der/from the Sonnenalb - Germany -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Smbpasswd help101
Hi Cao, Minh, *, Cao, Minh schrieb: Hi, I am using samba 3 came with redhat 5.1 , samba-3.0.25b-0.el5.4 Please help to answer these questions 1/ How can I can smb.conf to use /etc/samba/smbpasswd file ? 2/ What is the default 'security' on samba 3 user ? 3/ Does the lines start with a ; (semi-colo) are default configuration ? example ; security = user The answers You will get calling man smb.conf on Your shell prompt This email contains confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message. really?? Then a public mailing list might not be a good place for it. :o)) -- Friedrich beste Grüße/best regards von der/from the Sonnenalb - Germany -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba3.0.22 - net setlocalsid with no effect
Hi Doug, *, again for whatever reason the listmail did not arrive in my mailbox. The private copy did! Hmmm. Doug VanLeuven schrieb: Friedrich Strohmaier wrote: Douglas VanLeuven schrieb: [..] I can't tell what you're trying to do from what you've described. It looks like you set the local machine sid and it worked. It was the SID of the machine acting as PDC .. [..] root# net setlocalsid SID_WANTED root# root# net getlocalsid SID for domain DOMAIN is: SID_WANTED here I read wrong: DOMAIN was'nt the Name of the domain but the pdc's hostname (and netbios name). Might try ~ net rpc getsid Which is supposed to fetch the domain sid into the local secrets.tdb Tried this but it fetched SID_NOT_WANTED into secrets.tdb I've never used these commands. I've always viewed them as either useful for recovery from crash without backup, or setting the SID of a backup samba PDC. Exactly what I want to do.. For a workstation, even if you manage to get the SID's to agree with a prior install, the machine password on the PDC and on the workstation wouldn't agree. If it's new workstation name, there won't be an account for the workstation on the PDC. Oh, aparently I did not explain well the configuration. All workstations are Win2k boxes. The one I tried to login with is one of about twenty waiting for the day they meet again a well prepaired samba PDC offering a domain with the same (SID) as it's father(+) did. All of them hold meanwhile locally one or more daily updated profiles which will be lost, if I don't succeed. Why not simply ~ net rpc join Join the PDC to the new domain with old name? and allow the normal mechanisms to work? Accidently two workstations where joined to the new domain (with old name) wich caused unwanted results. I called paid support which mentioned command net setdomainsid which sounds good. I got net getdomainsid to work which shows the difference between pdc's machine SID and domain's SID. Both commands aren't listed in man net of samba 3.0.22 and the first one is not recognized. :o(( I'll report further. Your help is highly apreciated. -- Friedrich beste Grüße/best regards von der/from the Sonnenalb - Germany -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba3.0.22 - net setlocalsid with no effect
Hi Doug, *, Sorry for my late answer - I discovered your mail, which never reached my box, on gmane.. Douglas VanLeuven schrieb: Friedrich Strohmaier wrote: [..] I can't tell what you're trying to do from what you've described. It looks like you set the local machine sid and it worked. It was the SID of the machine acting as PDC .. The local machine sid will be different than the domain sid. That's aparently the one problem I have (which is solving a different one..) :o)) A profile based on the local machine sid won't be a roaming profile it will be a local profile. As long as the local SID differs from the Domain SID?.. [..] root# net setlocalsid SID_WANTED root# root# net getlocalsid SID for domain DOMAIN is: SID_WANTED This output reflects, what I want to have but[1].. Result: Client with Roamingprofile based on SID_WANTED is not able to connect to DOMAIN but has access to shares. OOOoops! If the local user name and password are the same as the domain name and password, depending on the security model, it's an old trick to allow access to shares in a workgroup without being a domain member. Which is sort of what you describe. exactly More Tests found here: http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/NetComma nd.html#netmisc1 root# net rpc info Domain Name: DOMAIN Domain SID: SID_NOT_WANTED .. [1] differs from this one Sequence number: 1206493306 Num users: 37 Num domain groups: 0 Num local groups: 0 I would think zero groups with 37 users is a hint to a problem. May be, for I did not join the workstations to the _new_ domain's SID_NOT_WANTED but probably that's a completely different thing. The problem seems to be, that the Domain SID set by setlocalsid and confirmed by getlocalsid doesn't really arrive as the domain SID. That means that the How To described here: http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/NetCommand.html#id2600168 does not work as expected in my configuration for any reason. Thanx for Your answer. -- Friedrich beste Grüße/best regards von der/from the Sonnenalb - Germany -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba3.0.22 - net setlocalsid with no effect
Hi all, Really no one with a glue, what steps I could go?? Friedrich Strohmaier schrieb: [..] root# net setlocalsid SID_WANTED root# root# net getlocalsid SID for domain DOMAIN is: SID_WANTED Result: Client with Roamingprofile based on SID_WANTED is not able to connect to DOMAIN but has access to shares. OOOoops! More Tests found here: http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/NetCommand.html#netmisc1 root# net rpc info Domain Name: DOMAIN Domain SID: SID_NOT_WANTED Sequence number: 1206493306 Num users: 37 Num domain groups: 0 Num local groups: 0 root# [..] -- Friedrich beste Grüße/best regards von der/from the Sonnenalb - Germany -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba3.0.22 - net setlocalsid with no effect
Hello again, Here one more post to get my roaming profiles work. I want to change the SID of the Samba 3.0.22 PDC following this description: http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/NetCommand.html#id2600168 Results: first root# net getlocalsid error, which I can't remember or produce next step: root# net setlocalsid SID_WANTED root# root# net getlocalsid SID for domain DOMAIN is: SID_WANTED Result: Client with Roamingprofile based on SID_WANTED is not able to connect to DOMAIN but has access to shares. OOOoops! More Tests found here: http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/NetCommand.html#netmisc1 root# net rpc info Domain Name: DOMAIN Domain SID: SID_NOT_WANTED Sequence number: 1206493306 Num users: 37 Num domain groups: 0 Num local groups: 0 root# I read net manual but did not see one more command which can _change_ Domain's SID. But maybe there is and I did't understand. Any idea what to do or where to continue reading? More Info: Samba 3.0.22 ubuntu 6.06.1 LTS about 15 Win2000 clients, about 30 users. 3 Clients are accidently joined to DOMAIN with SID_NOT_WANTED and have problems to access files in shares. I expect to get this solved by fixing the Domain SID. Short story: I moved my samba configuration to a new machine, including an update of samba version (from 2.2.7 compiled from source to 3.0.22 ubuntu 6.06.1 LTS package). I met some pain described here: http://us1.samba.org/samba/docs/man/Samba-Guide/upgrades.html#id2596678 read some lines of documentation and did some tests to enlighten my dark (linux-) brain. Now I'm upto here. I posted the long story some time ago: http://lists.samba.org/archive/samba/2008-January/137770.html -- Friedrich beste Grüße/best regards von der/from the Sonnenalb - Germany -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] detailed info for profiles tool
Update.. Friedrich Strohmaier schrieb: Hello all, probably I got things wrong with profiles command. It does strange thins which I will describe, when I have more details of what it is intended to do. better: _how_ it is intended to work.. Does anyone know a link with more details than the man page is providing. or any other hint.. Searching for it gives many many hits! .. but no ones for the desired topic. -- Friedrich beste Grüße/best regards von der/from the Sonnenalb - Germany -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] detailed info for profiles tool
Hello all, probably I got things wrong with profiles command. It does strange thins which I will describe, when I have more details of what it is intended to do. Does anyone know a link with more details than the man page is providing. Searching for it gives many many hits! Thanks in advance -- Friedrich beste Grüße/best regards von der/from the Sonnenalb - Germany -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] roaming profiles moved to a new machine - big confusion
Hi Dale, thanks a lot for your hints, I suppose your accordance to be quotet on the mailinglist.. Dale Schroeder wrote: here is documentation to help you with the migration. http://us1.samba.org/samba/docs/man/Samba-Guide/upgrades.html aparently, I followed that _not_ todo step by step. I suppose it was written, because I'm not the only one. :o)) Roaming profiles: http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/ProfileMgmt.html#id425774 I'm digging that stuff while resting from keeping workstations beeing workstations. ;o)) Good luck, As far as I learned, this seems to be a main chapter in the manual of a Windows domain administrator. :o)) Thanks again. -- Friedrich beste Grüße/best regards von der/from the Sonnenalb - Germany -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] roaming profiles moved to a new machine - big confusion
Hello samba dancers, I'm Friedrich Strohmaier and new to this mailing list. More important: I'm (very) new to PDCing Computers in a network, and I ran in big troubles doing so. Try to tell a long story in short: I'm a fairly experienced administrator for linux systems, and was orderd to move a serverinstallation (SuSE7.0, Samba2.2.x) to a new machine. The old machine did stop serving anything more, before I could set up a a working system and finish tests. That's what I did: during the happy times both machines run: - I set up the new machine's samba with the cloned configuration from the old one for testing purposes (I didn't know better! :o|) - I disabled deprecated settings of samba 2.2.x according to the tesparm output. - Few days later I changed the new machine's domain entry from DOMAIN to DOMAINTEST (from this moment the new machine was no longer a second PDC in one domain. again: I didn't know better.. :o))) Everything went fine! - I run tests with one win2000 client, which I introduced to DOMAINTEST and noticed that problem of accessing files in the shares described below (that client is one of the two having problems of share files access) after the old machine stopped serving: - I imported all of the old machines files except samba3 adapted /etc/samba/smb.conf - I restarted samba service Now I have this: - A running linux-box ubuntu 6.06.1 dapper drake LTS - A running samba Version 3.0.22 - about 30 windows2000 clients which can't load their roaming profiles, but have acess to their shares - 2 windows2000 clients, which load their roaming profiles (after again beeing introduced to the domain), but have problems to access files of their shares (aparently the win user logged in, is not recognized as a welcome user to them) - a complete backup of the files from the old machine Now there are two tasks for me: 1) getting the roaming profiles work again _and_ have good access to the share files. The latter is the more important. Does anyone see the problem and probably the solution (and can give the hint for it ;o)))? 2) take care, that _before_ the profiles will be loaded properly _all_ of the meanwhile locally saved profiles are transferred in the samba servers profile directories. What to care for while transferring the profiles -except to adjust the unix permissions and ownership properly? What is the shortest way, to get all in a working state? Any help to get enlighted as well pointers to apropriate docu targets are much apreciated. :o)) btw.: If anyone reading this mail is located south part of Stuttart Germany (location is Nürtingen) can give local support - please contact me. Details: Output testparm Load smb config files from /etc/samba/smb.conf Processing section [netlogon] Processing section [homes] Processing section [cdrom] Processing section [printers] Processing section [leitung] Processing section [verwalt] Processing section [mitarb] Processing section [share] Loaded services file OK. Server role: ROLE_DOMAIN_PDC Press enter to see a dump of your service definitions [global] unix charset = CP850 workgroup = INBUS interfaces = 192.168.10.1/255.255.255.0, 127.0.0.1 map to guest = Bad User log level = 2 keepalive = 30 printcap name = /etc/printcap logon script = %U.bat domain logons = Yes os level = 65 domain master = Yes kernel oplocks = No passdb expand explicit = No [netlogon] comment = Login Verzeichnis mit Batch Dateien path = /netlogon username = @gf read only = No create mask = 0775 directory mask = 0775 browseable = No [homes] comment = Heimatverzeichnis read only = No create mask = 0750 browseable = No [cdrom] comment = Linux CD-ROM path = /cdrom guest only = Yes guest ok = Yes locking = No [printers] comment = All Printers path = /tmp create mask = 0700 printable = Yes browseable = No [leitung] comment = Geschaeftsleitung path = /usr/leitung valid users = @gf write list = @gf force group = gf read only = No create mask = 0770 force create mode = 0770 directory mask = 0770 force directory mode = 0770 browseable = No [verwalt] comment = Verwaltung path = /usr/verwalt valid users = @vw write list = @vw force group = vw read only = No create mask = 0770 force create mode = 0770 directory mask = 0770 force directory mode = 0770 browseable = No [mitarb] comment = Mitarbeiter path = /usr/mitarb username = @ma force group = ma read only = No create mask = 0770 directory mask = 0770 [share
