RE: [Samba] Converting a school district to Samba DCs
Bill Greene wrote: > I'm helping a small grade school district convert to Samba servers, > more specifically, replace the existing NT domain controllers. > JHT has written a specific chapter on migrating NT4 to samba in the Samba Guide. I would gather that you may have already read it. > The district has 3 schools and about 1,700 students and staff members. > There is one domain. Currently there are four NT4 DCs, a PDC and 3 > BDCs, one in each school. The BDCs act as file servers. There are > also several Linux machines running Samba as file servers for > specific applications. Finally, there are about 450 client machines, > with a mix of Windows 98, 2000, and XP. > Try to get all of your machines upgraded to the same OS and version > Every student and staff member has a login and a home directory on > their "local" BDC. In the vast majority of cases users are logging > in to the local server. It would be rare, for example, that a > student from school A would log in while physically at school B. > However, it does happen, and there are staff members who do that > regularly, so it needs to be accommodated. > > Most of what is required is fairly straight forward - there would > still be a file server in each school, and probably a dedicated > machine for the "PDC" function of holding the user database. The > trick is account management. From what I've read so far in the Samba > Guide, how-tos, and various news postings, there are 482 different > ways of doing this (OK, I made up 482, but there are a lot). Most of > the existing docs assume you know what you want to do, and tell how > to do it. Unfortunately, I'm still at the first step. > The most robust seems to be to have your PDC machine also be a master LDP server and then have LDAP replicate to slaves on the rest of your sites that are also BDC's. Make you BDC's point to the slave ldap servers in your smb.conf. > So I'm looking for some general guidance on the overall organization. > For > example: Should I be using LDAP? Probably > What about the MySQL backend? Nope too hard. Not enough info unless you are guru status. > How does winbind fit into this? Do I need to create all users on all > servers, or just on the one holding their home directory? How are you doing it with your current setup? Does this meet your needs? > Whatquestions am I not asking that I should be asking? > > If you have answers, great! But just pointing at some links would be > a big help, too. > > Thanks! > > -- bill I'm kind of assuming that you have looked at the Samba Guide. A combination of the Happy users chapter with some of the components of the distributed 2000 users network chapter, and a slight sojourn into the NT4 migration chapter with some DHCP and dns configs pulled from chapter 3 & 4 should do the trick. All the best, from a fellow migrator. Regards Geoff Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Troubles setting up winbind for nt4 style samba domain
I'm getting these errors on starting up winbindd, and I am not sure if this is normal in my situation, I have no trust accounts, I don't deal in AD domains. Can somone tell me if I need to worry about this?: [2005/07/08 11:23:24, 1] lib/smbldap.c:another_ldap_try(1011) Connection to LDAP server failed for the 15 try! [2005/07/08 11:23:25, 0] lib/smbldap.c:smbldap_open_connection(599) ldap_initialize: Time limit exceeded [2005/07/08 11:23:25, 0] sam/idmap.c:idmap_init(138) idmap_init: failed to initialize remote backend! [2005/07/08 11:23:25, 1] nsswitch/winbindd.c:main(897) Could not init idmap -- netlogon proxy only The ldap backend has idmap in it as entered by the smbldap-populate tools: dn: ou=Idmap,ou=OxObjects,dc=guestsfurniturehire,dc=com,dc=au objectClass: organizationalUnit ou: Idmap structuralObjectClass: organizationalUnit entryUUID: ae4d1d72-6847-1029-9f4f-fbdbb9cf79d8 And I have what I believe are the relevant enries in my smb.conf: ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Users ldap passwd sync = Yes ldap suffix = ou=OxObjects,dc=guestsfurniturehire,dc=com,dc=au ldap user suffix = ou=Users idmap backend = ldap://mail.guestsfurniturehire.com.au idmap uid = 1-2 idmap gid = 1-2 What gives? Regards Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba as a BDC for W2K3
Pau Garcia i Quiles wrote: > Hello, > > After having read a bunch of documentation on Samba's site, I guess > the answer is "no", but here comes my question anyway. > Yup, your right. > What I have: > - A central office with a Windows 2003 Server with Active Directory > - A foreign office, where I will set up a Samba server > - Every client is a Windows XP Professional, in both offices > - A 512 Kbps VPN that links the two offices > > I'd like the Samba server to join the same domain the Windows 2003 is > and I'd like the clients in the remote office to log on against the > Samba server (so I need the Samba server to be a AD domain > controller). Is it possible yet? No > Will it be possible in a near > future? :-? > Whenever samba4 is released. When will it be released? How long is a piece of string? > Thank you. Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] remove wins entries - samba 3
Eric Hines wrote: > Geoff, > > Sorry about the hour; I didn't realize you were still up--I went to > bed > I'm in Australia, GMT+10. You think I'm a party animal? Nah, I'm just at work. ;-) > A number of questions, and some updates. I can find no evidence of > active named logging, although I did find one log with named entries. > In particular, what is the relevant log(s)? There is no syslog or The relevant log is whatever had instances of named logging to it, in your case from below it would appear to be /var/log/messages. > > In the files below, why all the changes to mail from lserver1? I > thought from John's examples these were supposed to be the server > name? You had an MX record in there. If you are going to learn to configure an MTA then the mailserver shouldn't be a cname. And seeing as you had mail.XXX.XXX CNAME'd to lserver1 I switched it around. It is considered bad form from what I have read, to use a CNAME for a mail server. > In log /var/log/messages, named starts successfully, loads all the > zone files OK, and it outputs the log entry "lame server resolving > 'lserver1.test.biz' (in 'test.biz'?): 206.16.250.17#53, also ... > .18#53 several times. These are owned by a company in Barcelona, > Spain. There also are cases (fewer) of resolving OK. So your machine doesn't look to itself as being the master of that domain. John provides enough info for you to figure out why. > According to log.nmbd, Samba server LSERVER1 and samba name server LSERVER1 > repeatedly became domain master browser and local master browser, > respectively, on 192.168.1.103. tail -f log.nmbd also did not > respond to an unsuccessful ping of lserver1. > > You asked whether I could tell my router/firewall not to send dhcp > stuff to lserver1 only. That would take a specific MAC address > exclusion capability, and this router/firewall does not have that. No, I asked if you could turn off the DHCP server on your router / firewall completely and use the dhcp server on your samba server to deal with your local networks needs. > Can I, instead, tell lserver1 not to look to the router/firewall, but > only to look to itself (/e.g./, via the dhcpd.conf or via lserver1's > System As people have said to you *many* times the easiest way to do this is by using a static ip on your server. USE A STATIC IP! CONFIGURE THINGS STATICALLY. > Settings|Network GUI, using the DNS and/or hosts tab)? Or would that > lock lserver1 into itself, never to get access to the Internet? > > I've done some other poking around in response to the DNS doc for > which > you sent me the URL last night, and noticed these things: > /etc/sysconfig/networking/devices/ifcfg-eth0 is set as follows > (emphasis added) >DEVICE=eth0 >BOOTPROTO=dhcp >ONBOOT=yes >TYPE=Ethernet >DHCP_HOSTNAME=*lserver1* > I have the same thing for eth1 (there are two NIC chips on the > motherboard), except it's turned off. > This is why I said to you originally to use the gui. It's easier to do it with the GUI, then poke around your system and see what's been changed. You need to read more about the basic configuration of your Linux flavour before you start on these tasks. That way you would know exactly what files control what configurations and where exactly to find them. > or lserver1.test.biz--unknown host in both cases. > It looks like your server doesn't "think" it's the authoritative master for your internal DNS. Or something is wrong with your zone files. Read the DNS docs again. And again. And again Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] remove wins entries - samba 3
Eric Hines wrote: > Geoff Scott wrote: > >> Eric Hines wrote: >> >> The over view is this: >> The way out of this mess from my point of veiw is to switch off dhcp >> from the router/firewall. >> >> > How? I can't switch off the router/firewall. > No of course not. You mean to say that you can't get access to a web interface or commandline on the router to configure it? You might need to look at getting better hardware / strongarming your ISP for info on the router if it is ISP provided. Can you show us your zone files for test.biz & 192.168.1.0? What do your logs say for bind starting up? Can you restart bind and watch your logs? Do you have any errors for it? Regards Geoff Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] remove wins entries - samba 3
Eric Hines wrote: > > My DNS server sits on lserver1. I'm trying to ping lserver1 from Do: ping lserver1.test.biz Response is? > lserver1. With nsswitch set only to files or only to wins (/e.g./, > hosts: files), this is successful. With nsswitch set only to dns, I > cannot get name resolution, although I can successfully ping by IP > address. I can ping lserver1 by name or by IP successfully from > mustelidae. > > Where is lserver1 pointing in terms of DNS? How do I tell? At this John also mentions setting in resolv.conf nameserver 127.0.0.1(this is your loopback address) nameserver 192.168.0.2 (this should be the ip of your router/firewall) (you can have a maximum of 3 nameserver listed > point, all I can say is that I've set up named.conf (and dhcpd.conf) > as John has them in his Chapt 3 example, with the sole differences > being that I'm using one subnet and not two (a DHCP issue), I'm > calling my server lserver1.test.biz, vice diamond.abmas.biz, and > lserver1's IP address is 192.168.1.103, vice the one John's using in > his example. > Aside from these edits, named.conf (and dhcpd.conf) are cut and > pastes from John's latest on line. Is /etc/resolv.conf part of this > answer? YES! > > My named.conf and dhcpd.conf are built from John's example, as > mentioned above. /Etc/hosts has the IP address/name pairs he calls > for. I think that means I'm running a local name server. > No. The hosts file bypasses dns eg. Nsswitch is usually set to "files dns wins" Check files 1st then dns, then wins to find names on your lan Files is your hosts files the rest should be self explanitory > As you can see, I have very little understanding of what's going on > here; I've rather slavishly followed John's example, and I'm clearly > making mistakes I'm not recognizing. > You need to learn about DNS elsewhere. Go here, and read this: http://www.novell.com/documentation/suse91/suselinux-adminguide/html/ch14.ht ml Particularly this: http://www.novell.com/documentation/suse91/suselinux-adminguide/html/ch14s06 .html Then apply it to your situation. > Thanks > > Eric Hines The over view is this: The way out of this mess from my point of veiw is to switch off dhcp from the router/firewall. Your samba server needs to know it can be a dns server. It finds this out from the resolv.conf file. Make it have a static ip. Any windows machine that is obtaining an IP address via DHCP needs to have the wins server ipaddress handed to it otherwise it will use broadcasts. You can see how to do this if your samba server becomes the dhcp server on your lan, from john's section on configuring the dhcpd. It sounds like the samba server is correctly configured for wins. (really you should show us your resolv.conf and your smb.conf + your nsswitch.conf) Most real servers have static IP's for fairly obvious reasons. And then other things should start to fall into place for you. Regards Geoff Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] David Trask (Mailbox or Conference is full.)
Can we get this guy removed? There is no way for me to contact the mailbox owner. It's getting annoying having this bounce back spam every time one posts to the list. Regards Geoff Scott -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] remove wins entries - samba 3
Eric Hines wrote: > Hi, Farshad, > > I'm too new at this to be of much help. My WINS seems to be working, > but I'm clueless as to why, just as I'm clueless as to why my DNS is > not working. > > Eric Hines > The questions you need to ask yourself are simple. Where is my DNS server? Where is my machine that I am pinging from pointing to in terms of DNS? Does that DNS server have the records to do with my "lserver1" samba server? Are you running a local name server as per JHT's docs? Are you pointing your DNS on your "lserver1" samba server to an external name server? Answer each of these questions for us and we'll see where we can help. Regards Geoff Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] [Fwd: Samba-3 By Ex Chapt 3]
Eric Hines wrote: > One more thing I forgot to mention. The chapter calls for editing > /etc/resolv.conf, but in my case it won't stay edited--it keeps > getting set back to an original form (for searching my ISP) on every > reboot. > Use the GUI tools if you don't want to go hunting around for the config files that control everything. That is assuming that there is such a tool that deals with your resolve order. I wouldn't know myself, I have chosen Debeian for it's usually straightforward layout. > Thanks again. > > Eric Hines > > Original Message > Subject: Samba-3 By Ex Chapt 3 > Date: Tue, 05 Jul 2005 17:47:09 -0500 > From: Eric Hines <[EMAIL PROTECTED]> > To: Samba > > > > I guess I'm ate up with dumb because I'm having a great deal of > difficulty with this chapter. > > I'm running Samba v 3.0.14a on an FC3 machine. I've got two basic > problems: one centers on my DNS set up and the other is an > authenticated logon problem. With /etc/nsswitch.conf set to "hosts: > dns," I cannot ping my samba server--"Host not found." There shouldn't be any comma in there it should be : hosts: files dns wins Where are you pinging from? From your windows workstation? From the server? > Nor does lserver1.test.biz> (which appears in my /etc/hosts file) resolve the > name (incidentally, "host -f ..." just tells me the f is an illegal > option). WINS seems to resolve OK (at least the test for that in the > chapter passes). I've checked my files several times, and I can find > no error in them. > For what is below, are you doing this from your test server as well? > The other problem is running smbclient //lserver1/accounts -U ehines. > I'm invited to give the password, so that part is OK, but when I do, > I just get an NT_STATUS_LOGON_FAILURE message. ehines is the owner > of accounts and a member of the group that owns accounts. I think > this goes back to my logon file in /scripts (per the smb.conf set > up), but I'm clueless as to what should be in that file. That file > currently has the following contents: > > net time \\lserver1 /set /yes > net use h: /home > net use p: \\lserver1\accounts > > > Any help on these two would be greatly appreciated. There was a thread titled logon.bat that started a bit before this one. Have a look at that for example logon script settings. Regards Geoff Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] newbie - samba as PDC
Winanjaya - PBXSoftwares wrote: > Hi all, > > I am very new with samba, I am trying to configure my samba as PDC, > my samba is running on FC2, I have configured my /etc/samba/smb.conf > as below: now, I cannot login to my samba .. I am very sure that I > already missed something.. please advise what's am I missing? > many thanks in advance > Regards > Winanjaya > Have look at the log in /var/log/samba/log."machinename" Google for info on the errors you see and if you can't work it out for yourself post the errors back to this list. Regards Geoff Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Annoying lpq commands appear after testparm
I am using a master-smb.conf with one other include for the shares file. Every time that I do a testparm -s master-smb.conf and then check the resulting file I see these config directives, which I haven't defined: printing = cups print command = lpq command = %p lprm command = But this is after I have defined "printing = cups", any ideas why? Or is this standard behaviour? Contents of the master-smb.conf for this BDC follow: [global] netbios aliases = GUESTS2 workgroup = GUESTSHIRE passdb backend = ldapsam:ldap://127.0.0.1 username map = /etc/samba/smbusers log level = 1 syslog = 0 log file = /var/log/samba/log.%m max log size = 50 smb ports = 139 445 name resolve order = wins bcast hosts show add printer wizard = No logon script = logon.bat logon path = \\fpmelb\profiles\%U logon drive = Z: logon home = \\fpmelb\%U domain logons = Yes domain master = No wins server = 192.168.31.5 ldap admin dn = cn=Manager,ou=Users,ou=OxObjects,dc=guestsfurniturehire,dc=com,dc=au ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Users ldap suffix = ou=OxObjects,dc=guestsfurniturehire,dc=com,dc=au ldap user suffix = ou=Users idmap backend = ldap://fpmelb.guestsfurniturehire.com.au idmap uid = 1-2 idmap gid = 1-2 printer admin = root ea support = Yes map acl inherit = Yes printing = cups printcap name = CUPS Regards Geoff Scott -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba3-ByExample
Jason Greene wrote: > The example states the following > > Example 5.4.1. LDAP DB_CONFIG File > set_cachesize 0 15000 1 > set_lg_regionmax 262144 > set_lg_bsize 2097152 > #set_lg_dir /var/log/bdb > set_flags DB_LOG_AUTOREMOVE > > > What is the name I should call this file? DB_CONFIG? Yep. DB_CONFIG Regards Geoff Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] How to I change server=[Samba 3.04.14a-2] to somethin gelse?
AWC Lists wrote: > Paul Gienger wrote: >> The real reason I bothered to reply though, is that the windows >> clients will hold on to that server string for a LONG time, like >> forever. When I took over sysadmin here, the server's comment was >> 'samba mania' running like 2.2.0 or something. A year later, I had >> gone up to something in the range of 2.2.8a and re-commented the >> server to something like 'Fargo server', but every machine that >> hadn't >> been replaced or rebuilt still had "ntapps on samba >> mainia(fgoserv)(N:)" or whatever the format of that line is, as >> their drive mappings. >> > > I'll second that. I just tried connecting to the server in question > with a machine that had never connected to the samba server yet. > When I browse the shares and such, the server name is correctly > listed when browsing as ROI Fileserver (ie: server string = ROI > Fileserver) even when browsing shares. > John T told me that this is a windows issue. You have to delete the resource list from the network neighbourhood on each and every box with old server descritpions, to get rid of all old descriptions. Regards Geoff Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] How to I change server=[Samba 3.04.14a-2] to somethin g else?
John H Terpstra wrote: > On Wednesday 22 June 2005 22:53, Geoff Scott wrote: >> populations IT knowledge!) > > > In your smb.conf [global] set: > > server string = MADMAX > > That will stop display of the samba version info. You will have to > clear the connection history from ALL Windows clients - they remember > the old server string and do not refresh it. > > - John T. Yep, I had a server string in there for a week already. And did a reload, but nothing changed. It's been showing "Samba 3.0.7" in the window title bars for ages even though I've been on 3.0.14a for a while. So do I completely restart all smbd processes, or do I have to restart every windows box before the server string (windows title bar) changes? Regards Geoff Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] How to I change server=[Samba 3.04.14a-2] to somethin g else?
> It would be much nicer to see: > "Office on 'DataServer (roipdc)' (G:)" > > Heck I could even live with: > "Office on 'Samba (roipdc)' (G:)" > I personally do not see the need for end users to have the version > number announced to them to be honest. > > I was hoping there was a simple not well documented setting in > smb.conf that would be able to do this. If not, I would personally > like to have that ability added. > > Anyone else care to comment or have any ideas? > > Gerry, thanks for the suggestion - I'll likely play around with it on > a non-production test machine sometime soon. But I am always > hesitant to deploy a non-standard hack like this into a production > machine. > > Cheers. Perhaps the dev people are justifiably proud of what they have created. So they want everyone to know what is running on the server. But I agree with the original poster that it is annoying having to explain to my users what Samba is, what it does etc Currently they look at me blankly when I say things like "have you mapped the network drive" (just to give you an idea of my user populations IT knowledge!) Regards Geoff Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Slightly OT: Making Windows Aps Think Mapped Drives a re Local
[EMAIL PROTECTED] wrote: > I pose this question because I have a number of multimedia > applications that will only store and access media files (sound, > video, etc.) if those files are located on a "local drive". However, > I am quite sure that ALL of these applications will work fine if the > media files are on a network drive. > > Good hints or clues or suggestions would be very much appreciated. > > Andy Liebman It sounds to me like these applications are forcing you to use the environment of choice for best performance, for media rich content. Why not use the local hard drive and then copy files to a network share for backups if needed? Regards Geoff Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Exchange 5.5 not seeing new Domain accounts - lsass.e xe searching local SAM
Ian Clancy wrote: > Hi, > Once the migration was complete i used a tool called UPromote to > demote the old PDC and rejoined it to the new domain (Same Domain > Name). All appeared to work well... > Just curious, but when you use this tool does it turn the exchange server into a domain member server or a BDC? Regards Geoff Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3 + DNS(SRV records) + Active Directory Clients
How have you done 'mydomain' I recall a post earlier saying that if you do 'mydomain' as 'mydomain.tld.com' instead of just 'mydomain' the Xp boxes think that they are in an AD domain which samba3 can't deal with..... Just a suggestion. Regards Geoff Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba, OS X Tiger 10.4 plain text password, username null-padded?
Elizabeth Schwartz wrote: > On 6/15/05, Geoff Scott <[EMAIL PROTECTED]> wrote: >> This list deals with the samba server side. The smbmount stuff for >> linux is kernel code and so is dealt with on another list. But >> whatever Apple have done to the code you need to ask Apple. Don't >> expect any response though. > > Er... ok. No linux in this picture though, Yep I know. My point is that this list only deals with the Samba server. > Samba server on Solaris > and OS X Tiger client. > I'm wondering if this is a bug in OS X, or in Samba, and/or if anyone > else has seen this and gotten Samba to work with OS X and plaintext > passwords > IIRC you said you could connect with smbclient but not with finder? Then this is a finder problem. > Maybe we're the last ones still using plaintext passwords > > thanks Betsy And the other part of it was that you would get more help pertinent to your problem from Apple. There have been quite a few problems that people have had and asked about on this list to do with upgrading to Tiger. Apple makes quite a few changes to code that the upstream developers in many FOSS projects seem to find unuseable for the main project, and that they are not party to. Because your problem seems to stem from Tiger I am being helpful in (unhelpfully) suggesting that you ask Apple. Regards Geoff Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba, OS X Tiger 10.4 plain text password, username null-padded?
Elizabeth Schwartz wrote: > Once this was done, snooping an smbclient connection, I see the plain > text password and the username but they are null-padded. > Authentication works. But when Tiger attempts to mount an smb share > via the GUI, I see the password NOT null-padded and the username > PADDED, and this fails. > thanks Betsy This list deals with the samba server side. The smbmount stuff for linux is kernel code and so is dealt with on another list. But whatever Apple have done to the code you need to ask Apple. Don't expect any response though. Yours, longtime Mac user. Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Solution to smbldap-tools not adding sambaSAMAccount
Tony Earnshaw wrote: > ons, 15.06.2005 kl. 21.53 skrev Ryan Braun: > >> Now the problem was that the nss_ldap library was searching in Users >> only, and apparently the samba server needs to be able to resolve the >> Computers tree aswell to add the sambaSAMAccount objectclass. > > > I don't want to upset you unduly, but nss has nothing to do with this > and it's not necessary to have the computers dn under the users dn to > make things work. It's all those "/&@¥{# idealx scripts and peoples' > basic ignorance of how LDAP works at all that fsck up the otherwise > brilliant Samba daemon, ldapsam and command line utilities.How on > earth something so banal as the idealx scripts can have been packaged > together with these brilliant utilities stupefies me. > Bullshit Tony. Utter bullshit. You spread FUD about the smbldap tools. The smbldap tools now handle user accounts (which includes computer accounts) in multiple ou's but nss has to know where the base starts that's the problem. The solution supplied by Ryan is fine. > At my site (3.0.14a) I have masses (5) of different user dns in > different places in my tree, And how have you configured nss? Do you point it at a common root for those accounts? > goodness knows how many group dns and a > single computers dn way down deep in the tree, far apart from the > users. So does Adam Tuano Williams. But we don't hear him ranting on this list every five seconds about how crap the smbldap tools scripts are. He has designed his own schema for morrison industries. Written his own scripts. He is more competant than you, yet we don't hear him cramming his own opinion down other peoples throats. In fact I've noticed traffic on this list go down since you came onto it. If you want to know anything about how cyrus, or xfs, or quite a few other useful things work you can find it on Adam's site. Not everyone gets an erection about how good GQ is either. Even if it is that good. > > It's the way the Samba people treat LDAP, as if it were a breeding > ground for morons. LDAP is a never-empty Pandora's box, It is if you are only using it for samba. > It is the basis of a network-wide authentication system that > should be installed and understood long before one has even begun to > think about Samba or any other service whatsoever. And who has time to do that? > I realize that the > Samba people have attempted to, and largely attained, the aim of > supplying an out-of-the box solution for averagely intelligent > Windows-minded people (the Samba people have written this > themselves), but it would perhaps be as well if they drew peoples' > attention to the importance of, and wealth of possibilities of, LDAP > as a basic sovereign multi-OS, multi-vendor service on which Samba is > dependent, rather than the idea they convey at the moment that it is > some kind of an add-on purely present to satisfy samba's needs. > > Yudda, yudda, yudda. So it goes every fortnight. Smbldap tools are crap. You are far more intelligent than anyone else. Yet have we seen you post an alternative toolset? Nope. When you are challenged to do something about your claims you withdraw and say things about how disjointed your user management scripts are, and that you wouldn't post them onto the web. Etc, etc I for one, am sick and tired of it. Please stop it. Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Adduser failing to accept 'username$'
Casper Helenius wrote: > Hi group, > > For some odd reason - most likely my current level of n00bness - my > useradd refuses to accept the $ in the machine name, when adding a > Windows machine to my Samba 3 installation. > > I'm running Red Hat linux with a newly compiled version of Samba > 3.0.14a. What passdb backend are you using? Ldapsam tdbsam etc? Have you read through the Samba Guide in the documantation aprt of the web site? Regards Geoff Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Re: Re: Problems with testing Openldapservertelnetloc alhost 389
Andreas Bauer wrote: >>> But I need smbpasswd accounts? > > Tony Earnshaw schrieb >> All the accounts go into LDAP. All users, machines, groups, are in >> LDAP. Nothing should go into /etc/passwd. > > I do not mean in /etc/passwd, but create an account like smbpasswd -a > -u user in /etc/samba/ or with pdbedit -a -u user. Because, I need a > password to log in as a LDAPuser from my windows client in LDAP > Server. > > Many thanks > Andreas > Andreas, it seems like you are getting plenty of help and in the process the person who is helping you is reinventing the wheel. I know how hard it is getting to grips with all the things that go into making a successful samba domain with an ldapsam backend but it really seems like you haven't taken the time to read the samba guide: http://www.samba.org/samba/docs/man/Samba-Guide/ It has some hearty recipes that can really help you. The answer to the above is that you use some scripts to add users to the ldap backend. The smbldap-tools, despite what Tony Earnshaw thinks of them, work fine in the majority of situations. Particularly the 8.9 series. Please read the guide to see how to put it all together. Come back with questions saying things like " I got to the happy users chapter section x.x.x and my logs show this is happening: How do I resolve this? Regards Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] need help in samba
Nizam Ali wrote: > Hi, > u have recently installed Redhat linux 8.0 ...i want to access net > work sharing ...but i don't know how set up samba plz completely > guide me thnx > Use a more up to date distro. Read the samba guide in the samba website. Then ask about whatever it is that you don't understand. Regards Geoff Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] ldap and active directory
Paolo wrote: > Hello to all, > I0m trying to do something like "vampire" for an NT4 domain, but > using Ldap and active directory. Someone have already did it? > If you have any idea please wrote me. > By Paolo I don't think that's possible. Man net says: VAMPIRE Export users, aliases and groups from remote server to local server. Can only be run an a BDC. By inference you can't have Samba be a BDC on an AD Domain. Regards Geoff Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] multiple domain
Kiran Kakulte wrote: > Dear all, > > I want to configure more than one PDC on a Fedora core 3 linux. But > is it possible to do this ? > Yes. But AD style domains are not yet possible > Actually I want domain1, domain2, ... so that I can classify windows > machines in this domain. This is possible. Read the samba guide in the documentation section to get an idea of basic through to complex set ups Regards Geoff Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problems with testing Openldapserver telnet localhost 389
Tony Earnshaw wrote: >> I didn't found any logfile about openldap in my /etc/openldap folder >> and over "files searching" in the konqueror. >> Thats my openldap folder: > > slapd will output to logfacility local4. By default that will go to > syslog, under Linux that's /var/log/messages. Many people edit > syslog.conf to output local4 logging to another file - I use > /var/log/slapd.log. How to do this: man syslog.conf, edit syslog.conf > to output to a new log, kill -HUP syslogd. > > slapd logs at loglevel 256, which should go far in telling you why > slapd is not running. > > --Tonni JHT added a section on configuring ldap logging and troubleshooting. See: http://au1.samba.org/samba/docs/man/Samba-Guide/happy.html#id2554156 Look at the section titled "Debugging Ldap" Regards Geoff Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] creating local Windows users with Samba username/passwords?
Paul Griffith wrote: > Greetings, > > I have a little project I am working on. I need to provide a IIS > server hosting ASP.NET pages for a new course. Since users will be > ftping their files to their web home on the IIS server I would like > them to have the same Linux and Windows password. > > So the question is it possible to export users/password from Samba > and have them created (imported) on Windows with the same password? > > Thanks > Paul Why not create a samba domain and have the IIS server as a member server authing against the samba server? Very simple and easily followed from the samba guide on the nearest mirror samba site under documentation. Regards Geoff Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Broken Samba in OS X. Any Alternatives?
Jeremy Allison wrote: > On Sat, Jun 04, 2005 at 11:51:44AM -0500, Kichigai Mentat wrote: >> We all know that in Mac OS X 10.4, and in the upgrade 10.4.1, Apple >> managed to break Samba. Now, I am at a great loss for remote >> filesystem mounting. Not only is Samba broken, but NFS is >> questionable (I can never seem to get rid of that "incorrect >> username/ password" error and retain read/write abilities). Also, >> I'm have trouble with netatalkd for Debian. Are there any other >> filesystem sharing systems that could work with OS X? I mean until >> Samba gets fixed. > > Is there a reason you can't just compile Samba source from samba.org > on OS X to fix the problem ? > > Jeremy. Jeremy, I could have sworn I'd seen you commenting here on how much you disliked the way that Apple had hacked the Samba code.. But on the Postfix list and anywhere else that Apple seems to use FOSS, the code from the upstream never seems to compile cleanly on Mac OS X. As a long time Mac user I always wait for the Apple update to fix the problem. Or you can go to opendarwin.org and see if they have any suggestions. I just checked for binaries for you, fink's samba seems to be very old, & there is no Samba in the darwinports. So it looks like you can either wrestle with the source from opendarwin: http://darwinsource.opendarwin.org/tarballs/other/samba-92.9.tar.gz or wait for Apple Regards Geoff Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Problem reading docs in .pdf
Roger Merritt wrote: > At 11:51 AM 5/26/2005 -0600, you wrote: >> On Thursday 26 May 2005 07:22, Jason Lavetan wrote: > > > >>> Am I missing something?? >> >> Documentation! You are missing documentation. Please read the chapter >> on Updating/Upgrading Samba in the book "Samba-3 by Example" (aka. >> Samba-Guide). It is chapter 8, and your copy is waiting for you at: >> http://www.samba.org/samba/docs/Samba-Guide.pdf > > I don't mean to complain, mind you. I'd really rather not read the > .pdf, but wanted to let you know. > > -- > Roger Hi Roger, You simply need to go up a level to: http://www.samba.org/samba/docs/ You'll see html versions waiting for you to peruse Regards Geoff Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] samba4 openldap
Geoff Scott wrote: > Sorry for the cross posting but I think it's important that the > Openexchange guys see this. > > Tony Earnshaw wrote: >> man, 23.05.2005 kl. 17.50 skrev Caleb O'Connell: I just had the opportunity to give John Terpstra a hit a round the head with the "what the hell is going to happen" stick. He responded by slapping me with a "clue-by-four". I've been doing a little bit to help out on the Samba documentation. And I hit the panic button because I didn't want all the effort that I put into building a Samba domain controller, and looking for obvious mistakes in the docs to be wasted. And it won't be. Basically, Tony, you should be given a slap around the head with a "clue-by-four" as well. Here's a small history lesson. If you take into account (as I already knew) that the reason there was a fork in the Samba code a few years ago. Was that one of the team members wanted to do more experimental, and risky from a business users perspective, things with the Samba code. Tridge didn't want this. From what I have read it would appear that the Samba team members take very seriously their duty of care toward the installed Samba user base. They won't do anything to damage the installations that are already there. Samba 3 took years to release. And during all that time samba 2 was actively maintianed to support the users. Samba 4 as you can see in the docs that are available, is very limited in features. There is no security yet, no management tools yet and no printing support yet. Contemplating whether it can do what you want when the early alpha release is ages away is just silly. I think this thread should be left to die. Regards Geoff Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] samba4 openldap
Sorry for the cross posting but I think it's important that the Openexchange guys see this. Tony Earnshaw wrote: > man, 23.05.2005 kl. 17.50 skrev Caleb O'Connell: > >> Is there a change however you can just choose a different datastore >> in the config file though? so you can choose to use the built in >> ldap or to just use an openLDAP datastore. The ldap scheme I >> imagine would >> stay the same, just the database itself and the ldap program itself >> ldb samba4 is going to be using. I was just curious for obvious >> reasons. > > There won't be a schema any more. During the weekend I googled for > Samba4 docs and subscribed to the tecchie list. What came up was > enough to ensure that I'll keep my mouth shut about Samba4 and LDAP > until they're there. > UH OH. > There will basically probably be a complete LDAP and total database > rethink (keyword is "ldb"). Unless people are *very* familiar with > OpenLDAP's (2.2 and 2.3) meta backend and proxy concepts, unless the > Samba crew is willing to do it all for one, one'd better forget > everything one ever learned about integrating Samba and any present > OpenLDAP DSE. This leaves me very worried as a sysadmin for a small company. I will explain why further down. > So either go out digging for docs to find out what is going to > overwhelm you, or lie back and be prepared to let it do so ;) > I've dug for docs. I found Tridges recent thoughts on Samba4 on the personal section for him on the samba site a couple of weeks ago. To people of the lay class, such as myself, it doesn't explain much about whether there is going to be some sort of ldap schema translation. It's all as abartlett says in recent posts "I hope" "I think" "maybe", which is very worrying. I've read 2/3 Linux journals where JRA has said, IIRC, that one of the key reasons companies don't adopt samba is due to the corporate reliance on MS Exchange. So for years I have been searching for something that will replace it. The 2 projects that come close to completely replacing MS Exchange are opengroupware.org and openexchange. Both of these projects have a reliance on their own LDAP schemas and POSIX account attributes. I personally chose to use openexchange due to the storage of personal & public addressbooks in LDAP. (which naturally allows plenty of other applications to use them, rather than as OGO does putting them in a "proper" db backend, and yes I know that a very competent sysadmin can expose that db through LDAP. After having read Adam Tuano Williams docs on it, I don't want to go there). Now I have hacked the smbldap tools to allow me to vampire over an old windows NT domain with all of the users having openexchange attributes added to them in ldap automatically. I did this last night and basically the implementation looks fine. So in a week I will start to migrate email accounts over and smarthost the system for the old exchange server and users still on that. But, I will only go ahead if there is going to be a way to keep the integration between these 2 projects going. So please can those on this list tell me with any great detail what will happen with Samba4 and LDAP schemas? Either I jettison this implementation and switch to MS 2003 with Exchange, or other projects find a way to integrate with what the Samba team is doing, or the Samba team finds a way to maintain some sort of compatibility with other FOSS projects using openldap. The only reason I ask is that I would still like to have a job in a year or 2. I don't want to go down the samba / openexchange road. And then get sacked / told to move everything back to Microsoft products by my bosses, because the integrated solution that was a very close fit to a windows domain with MS Exchange, doesn't work anymore. Regards Geoff Scott FWIW. Please find below what a typical user ends up with in LDAP for their user account and private address book: dn: uid=gfhoffice,ou=Users,ou=OxObjects,dc=guestsfurniturehire,dc=com,dc=au objectClass: top objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount objectClass: OXUserObject objectClass: person objectClass: sambaSamAccount cn: gfhoffice sn: gfhoffice uid: gfhoffice uidNumber: 2041 gidNumber: 513 homeDirectory: /home/gfhoffice loginShell: /bin/bash gecos: System User userPassword:: e2NyeXB0fXg= structuralObjectClass: inetOrgPerson entryUUID: 528ef8f0-5fa7-1029-95d2-aae0cf82c0df creatorsName: cn=Manager,ou=Users,ou=OxObjects,dc=guestsfurniturehire,dc=com,d c=au createTimestamp: 20050523072336Z OpenLDAPaci: 1#entry#grant;r,w,s,c;cn,initials,mail,title,ou,l,birthday,description,stree t,postalcode,st,c,oxtimezone,homephone,mobile,pager,facsimiletelephonenumber ,telephonenumber,labeleduri,jpegphoto,loginDes
RE: [Samba] I could really use some help here (SAMBA PDC)
John Zakhar wrote: > The log files are attached, I have NEVER had so much trouble with a > samba PDC before. I need to turn in my unix admin license, this is > pathetic... > > Why have all your ldifs got spaces in the dn's ? In your slapd.log you have this: "o=ventusnetworks.com,dc=na" NO SPACES. Yet all your ldifs have this: uid=administrator,ou=Staff,o=ventusnetworks.com,dc=na . I don't think that's gonna work, I hope it's a typo. Because what I quoted from the log is your search base. I'm not particularly proficient in ldap but your search base is different to what potentially is in ldap... Are you vampiring accounts of an old windows server? Or is this a network from scratch. Regards Geoff Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] samba-3.0.6 on Redhat AS3
Greg Wiggill wrote: > > [global] > >workgroup = blah >server string = blah >cup options = raw >log file = /var/log/samba/%m.log >max log size = 50 >security = user >encrypt passwords = yes >smb passwd file = /etc/samba/smbpasswd >os level = 0 >dns proxy = no >dos filetime resolution = yes > Mr Wiggill, why the need for dos filetime resolution = yes ? The default is no. Comment (#) that line out and see if it speeds things up for you. By the way if this works, does this mean I get a discount on Pronto support? ;-) Regards Geoff Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Does or doesn't vampiring users add them into multipl e groups at the same time?
Geoff Scott wrote: > John H Terpstra wrote: >> On Tuesday 10 May 2005 01:33, Geoff Scott wrote: >>> Hi all, >>> >>> The new NT migration chapter of Samba guide seems to indicate in the >>> migration Log Validation (section 9.3.1.1) that users get added to >>> all the same groups that they were in under the NT4 domain. However >>> I am not seeing this despite having had a seemingly successful >>> migration. All my users get added into the Domain User group but >>> not into any other group. Is the text below now wrong or right >> >> If you use version 3.0.12 or later, for most migrations the >> multi-group info should transfer OK. I am now aware that if the NT4 >> domain is post SP5 on some migrations multi-group info is not >> transferred and some account (both user and machine) password >> entries are not transferred either. >> >> Maybe Andrew Bartlett will chime in on this? > > OK. After testing this out on a vanilla system that I built to test > out the changes to chapter 9 for you John, it appears that on a > system configured like this: > Ubuntu Hoary > All ldap, nss_ldap, etc obtained from Ubuntu sources Samba 3.0.13 > Debian stable from samba.planetmirror.com smbldap-tools-0.8.7.tgz > Users in ou=People,dc=guestshire,dc=com etc And the adduser script > like this: > add user script = /opt/IDEALX/sbin/smbldap-useradd -m '%u' > NT4 server system SP6a > > vampiring users works %100, there are absolutely no errors in the > error log, and the vampire log show the users being added to the > multiple groups successfully. The users all have sambaLMPassword & > sambaNTPassword set properly and *all* old settings are brought > across. > > So what is the difference between the 2 servers? The differences are > these: > > The "add user script =" has "smbldap-useradd -a -m '%u'" I added a > "-a" > after looking at the output of "smbldap-useradd -?" as that coupled > with The *OLD* version of the NT migration chapter (I thought that > the omission of that in the NEW sample chapter 9 smb.conf was a typo) > seemed to indicate that only POSIX attributes would be added if the > "-a" was left out. > However, adding the "-a" to the smbldap-useradd script in the > smb.conf results in errors along the lines of "user already exists > with samba attributes" in the vampire error log and no multiple group > membership, no passwords, no sambaHomeDrive, no sambaMungedDial and > so on. > > My users are in > ou=Users,ou=OxObjects,dc=guestsfurniturehire,dc=com,dc=au to fit in > with OpenExchange. > > I am using samba 3.0.14a > > I am using smbldap-tools-0.8.8.tgz (which as you mentioned to me > recently appear to be broken) > > The questions I now ask are these: > Is the subtraction of "-a" for the smbldap-useradd script only for > the migration? Does it need to be added back in later? > Can the smbldap-tools cope with an extra "ou" ? > If after testing some of my findings on the non-vanilla server and > finding them to work can I set the NetBIOS aliases to include the old > server name as the sambaHomeDrive directive in LDAP after vampiring > lists the path as \\oldserver\username . How can I work around old > settings such as these? > > I will now go and test against the non-vanilla server. > The other thing that I forgot to ask was this. I understand for reasons of efficency and simplicity why it is that we generally put the machine accounts into ou=People,dc=domain,dc=com. But on Both systems after vampiring the computers end up with an entry in ldap of gidNumber: 513 and a sambaPrimaryGroupSID: that ends in -513 this is even though I have defaultComputerGid="515" set in smbldap.conf. Can I provide any further info to help figure out what is going on? Regards Geoff Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Does or doesn't vampiring users add them into multipl e groups at the same time?
John H Terpstra wrote: > On Tuesday 10 May 2005 01:33, Geoff Scott wrote: >> Hi all, >> >> The new NT migration chapter of Samba guide seems to indicate in the >> migration Log Validation (section 9.3.1.1) that users get added to >> all >> the same groups that they were in under the NT4 domain. However I am >> not seeing this despite having had a seemingly successful migration. >> All my users get added into the Domain User group but not into any >> other group. Is the text below now wrong or right > > If you use version 3.0.12 or later, for most migrations the > multi-group info should transfer OK. I am now aware that if the NT4 > domain is post SP5 on some migrations multi-group info is not > transferred and some account (both user and machine) password entries > are not transferred either. > > Maybe Andrew Bartlett will chime in on this? OK. After testing this out on a vanilla system that I built to test out the changes to chapter 9 for you John, it appears that on a system configured like this: Ubuntu Hoary All ldap, nss_ldap, etc obtained from Ubuntu sources Samba 3.0.13 Debian stable from samba.planetmirror.com smbldap-tools-0.8.7.tgz Users in ou=People,dc=guestshire,dc=com etc And the adduser script like this: add user script = /opt/IDEALX/sbin/smbldap-useradd -m '%u' NT4 server system SP6a vampiring users works %100, there are absolutely no errors in the error log, and the vampire log show the users being added to the multiple groups successfully. The users all have sambaLMPassword & sambaNTPassword set properly and *all* old settings are brought across. So what is the difference between the 2 servers? The differences are these: The "add user script =" has "smbldap-useradd -a -m '%u'" I added a "-a" after looking at the output of "smbldap-useradd -?" as that coupled with The *OLD* version of the NT migration chapter (I thought that the omission of that in the NEW sample chapter 9 smb.conf was a typo) seemed to indicate that only POSIX attributes would be added if the "-a" was left out. However, adding the "-a" to the smbldap-useradd script in the smb.conf results in errors along the lines of "user already exists with samba attributes" in the vampire error log and no multiple group membership, no passwords, no sambaHomeDrive, no sambaMungedDial and so on. My users are in ou=Users,ou=OxObjects,dc=guestsfurniturehire,dc=com,dc=au to fit in with OpenExchange. I am using samba 3.0.14a I am using smbldap-tools-0.8.8.tgz (which as you mentioned to me recently appear to be broken) The questions I now ask are these: Is the subtraction of "-a" for the smbldap-useradd script only for the migration? Does it need to be added back in later? Can the smbldap-tools cope with an extra "ou" ? If after testing some of my findings on the non-vanilla server and finding them to work can I set the NetBIOS aliases to include the old server name as the sambaHomeDrive directive in LDAP after vampiring lists the path as \\oldserver\username . How can I work around old settings such as these? I will now go and test against the non-vanilla server. Regards Geoff Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Are the following cockups in ldap entries or normal behaviour now ?
When doing a vampire all my PC's are shown in the resulting log as being members of the Domain Users group and none of my "real users" are shown yet in Ldap all my users are shown with memberUid in the domain users group and no computers are shown eg: dn: cn=Domain Users,ou=Groups, objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 513 cn: Domain Users description: All domain users memberUid: administrator memberUid: deloitte memberUid: iusr_guests memberUid: template My machines all have a SID that ends in 513 the domain users RID: sambaPrimaryGroupSID: S-1-5-21--513 My users have no passwords set eg: dn: uid=deloitte,ou=Users sambaLMPassword: XXX sambaPrimaryGroupSID: S-1-5-21--513 sambaNTPassword: XXX Is this expected behaviour when vampiring from an NT server using the smbldap-tools-0.8.8.tgz ? Or does it appear that I have stuffed up badly? Regards Geoff Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Does or doesn't vampiring users add them into multiple groups at the same time?
Hi all, The new NT migration chapter of Samba guide seems to indicate in the migration Log Validation (section 9.3.1.1) that users get added to all the same groups that they were in under the NT4 domain. However I am not seeing this despite having had a seemingly successful migration. All my users get added into the Domain User group but not into any other group. Is the text below now wrong or right " 7. Q: After merging multiple NT4 Domains into a Samba-3 Domain, I lost all multiple group mappings. Why? A: Samba-3 currently does not implement multiple group membership internally. If you use the Windows NT4 Domain User Manager to manage accounts and you have an LDAP backend, the multiple group membership is stored in the Posix groups area. If you use either tdbsam or smbpasswd backend, then multiple group membership is handled through the UNIX groups file. When you dump the user accounts no group account information is provided. When you edit (change) UIDs and GIDs in each file to which you migrated the NT4 Domain data, do not forget to edit the UNIX /etc/passwd and /etc/group information also. That is where the multiple group information is most closely at your fingertips. " Regards Geoff Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] sambaDomainName=DOMAIN for next free id
Tony Earnshaw wrote: > man, 09.05.2005 kl. 05.51 skrev Geoff Scott: > >> I'm following JHT's example doc off the web. I just applied a patch >> for the confiure.pl script for the smbldap-tools that John gave me. >> It now makes the sambaUnixIdPooldn object default to: >> cn=sambaDomainName=DOMAIN whereas the output of the configure.pl >> script given in Chapter 9 of the book is shown as: >> sambaDomainName=DOMAIN > > cn doesn't exist as an attribute in this objectClass. sambaDomain is > the objectClass, sambaDomainName and sambaSID are required > attributes, sambaNextRID, sambaNextGroupRID, sambaNextUserRID and > sambaAlgorithmicRidBase are allowedattributes. > Thank you Tony. Regards Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] XP SP2 - winlogon.exe crashes
Sol Tutaki wrote: > i've even tried to repair my windows installation. > today i'm going to reformat and then reinstall windows. installing > windows to a different directory hoping to negate the "the memory > could not be "read"" winlogon.exe error Hope This Helps, but the last time I had something like this on a box when logging on was to do with the users details in ldap having invalid info. Like the logon drive having 2 colons in ldap eg, H:: or having set the logon home to \\%L\%U\Documents and then not having the Documents Dir set up in the homedir etc etc. Do an ldapsearch for the particular user that is crashing and look at the attributes that are part of that user. I bet you'll find it's a problem with your users entry in ldap, not a problem with windows. Regards Geoff Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] sambaDomainName=DOMAIN for next free id
Hi, I'm following JHT's example doc off the web. I just applied a patch for the confiure.pl script for the smbldap-tools that John gave me. It now makes the sambaUnixIdPooldn object default to: cn=sambaDomainName=DOMAIN whereas the output of the configure.pl script given in Chapter 9 of the book is shown as: sambaDomainName=DOMAIN I now have the first version of the sambaUnixIdPooldn in my smbldap-tools.conf file but the second version of the sambaUnixIdPooldn in Ldap. If I change what is in the conf file to match what is in ldap will this come back and bite me later? I guess that it is more correct to have cn=sambaDomainName=DOMAIN. But does it matter? Regards Geoff Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba docs
taso wrote: > Tony Earnshaw wrote: >> >> - That every single instance of Windows point-'n-click is reviewed. >> Many of the step-wise instructions are simply not valid. At least, >> they aren't for my XP Pro ws; > > My suggestion is to use audio & video clips to document procedures > involving a GUI. It is truly painful documenting GUI dynamics on > printed media. I think it's time we added another string to our > documentation fiddle. > > > > -- > Taso Hatzi And you guys are volunteering? The old man can't do it all by himself. Why don't you guys have a crack at doing some of the docs yourselves? Misty Stanley Jones has contributed a chapter, and she only started on this list 6/7 months ago It is possible to help as well as criticise. Regards Geoff Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] slow logon from wireless network (roaming profiles)
Tony Mullen wrote: > Hi, > > We also have a wireless network that is running on a different subnet > and is connected to the main network using a vpn tunnel. The > delimiting factor here would be the 10Mbs cards in the VPN devices so > I would expect some reduction in speed. However, logging on and off > is REALLY slow - a lot more than ten times slower - the record being > 2 hours on a PC that has a lot of data on it (it took around 3 or 4 > minutes when cabled on the same PC). > > I know it is roaming profiles causing the issue because setting the > PC to local profiles only solves it. However this is not an > acceptable solution for us and I am trying to find out why it would > be so much slower. > > > Anyone come accross this or got any ideas what to try? > > > thanks in advance, > > tony So I take it that you have already looked into profiles redirection as per the Samba by example guide and the howto guides? If you haven't that would probably be a good place to start to see how to redirect "bulky" directories within a users profile to network shares. Apart fromm that no other suggestions here as to how to fix the problem. Regards Geoff Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] samba errors
Michael Lavocat wrote: > Thanks for the tip, however > > darwin:~ Mike$ smbclient 10.1.1.100\\test > > still results in... > session request to 10.1.1.100 failed (Call returned zero bytes (EOF)) > session request to 10 failed (Call returned zero bytes (EOF)) session > request to *SMBSERVER failed (Call returned zero bytes (EOF)) > > > -Mike > > > On 5/1/05, Geoff Scott <[EMAIL PROTECTED]> wrote: >> Michael Lavocat wrote: >>> Hey all, >> >>> darwin:~ Mike$ smbclient \\10.1.1.100\test >>> >>> \10.1.1.100test: Not enough '\' characters in service >>> >> >> :$ smbclient 10.1.1.100\\test >> >> Escape your backslashes. with \\ you are only showing one to >> smbclient via the shell. >> >> Regards Geoff Scott And you've checked the basics: no firewalls blocking the ports you need to access, samba daemons running, etc etc Regards Geoff Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] New list user, couple of questions and looking for existi ng examples
Chuck Campbell wrote: > I'm a new list subscriber with a couple of questions: > > I have a few objectives with samba that I think can be accomplished. > If I am wrong, someone please indicate my errors before I go a long > way down a dead end path. > > I need to put all of my PC users home directories onto a samba share > so centralized backups can be done to capture email, docs, etc. > These are all WinXP Pro boxes. We use a work-group, and not a > windows domain. Read the first few chapters of this: http://www.samba.org/samba/docs/man/Samba-Guide/ Download the book in pdf ( there are links if you look on the main samba site under a heading called "LEARN SAMBA") Or preferably work you way through the first few chapters, note down exactly what you can't figure out, email [EMAIL PROTECTED] so that he can make the docs better, then when the most recent version of the book is released onto the bookshelves BUY IT, (fyi for 1 years full work, john has only made $11K US on this book, which is just depressing.) Like a lot of people on this list I wouldn't be attempting to use Samba without documentaion as good as this. John needs more support, not just whinging about the docs > I need to ensure that those users files are accessible by only those > users. > It appears that this means I need each user to have a Linux user > account on the samba server. Is this correct? > > I need some groups of users to have a shared pool of r/w files, that > other > group(s) cannot access. I assume this requires using Linux group, > correct? > > Do my above re1uirements mean I need to learn about and implement > LDAP, or is there a simpler solution? Unless you have distributed offices/ large numbers of users, you can get by quite nicely with a tdbsam > None of the printers and plotters is on a Linux box, they are all > attached to WinXP machines. I believe I can still use Linux/samba as > a print server in some fashion?? Read the guide, read the guide, read the guide. > Is there a general "examples of ..." available, besides the samba FAQ? http://www.samba.org/samba/docs/man/Samba-Guide/ > Is there a search-able list archive (if so, where)? I think there were instructions included with your welcome to the list email message about how to use google to search the archives. Also under the heading TALK SAMBA you should have seen the sub heading ARCHIVES if you had clicked on that link you would have found this on that page: "Search the Lists Inportant: Currently the Samba mailing list archives hosted here on samba.org do not support searching. However, you can access a searchable copy of the archives at http://marc.theaimsgroup.com/, groups.google.com, and mail-archive.com." > thanks in advance, > -chuck We all start with baby steps. Regards Geoff Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] ips and netbios name on the logs
Geoff Scott wrote: > Guido Lorenzutti wrote: >> Hi people, does someone know how to only log the name of the machine >> and not the name of the machine AND the ip? Let me explain this: >> > > This from an old memory is behaviour by design. Last time I saw > Jerry comment on this I don't think the answer was that you could > turn it off. > Well that not very clear is it? You can't turn this behaviour off. Regards Geoff Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] ips and netbios name on the logs
Guido Lorenzutti wrote: > Hi people, does someone know how to only log the name of the machine > and not the name of the machine AND the ip? Let me explain this: > This from an old memory is behaviour by design. Last time I saw Jerry comment on this I don't think the answer was that you could turn it off. Regards Geoff Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] accessing windows shares from Linux
ankush grover wrote: > hey friends, > > I have configured samba as BDC to Windows 2003 domain controller > which is acting as PDC. I hope that's only for migration. Samba can't be a permanent BDC to anything except a samba PDC > Now the problem is that I am able to see the > Linux shares from the windows but from the Linux I am not able to see > the windows shares. You need to refer this to the linux.cifs mailing list. They will help you with your problem. Regards Geoff Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Description of LDAP-attribute sambaSIDList
Tony Earnshaw wrote: > tor, 21.04.2005 kl. 18.40 skrev Matthias Eichler: > >> Well thanks, but thats just the schema-file and does not really says >> what infomation is stored in that attribute... > > Nonsense. > We all can read. But sometimes we need others to help us to comprehend what it is that we are looking at. Have you considered that the OP is asking you for help to understand what it is he is looking at Not how to look at it. Regards Geoff Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] linux client accessing Samba domain
This is part of an old thread from 31/12/04 that I participated in. It's along the lines of what you have already been advised. A bit more googling would have found it for you. BTW these questions should really go to the linux.cifs mailing list: FYI John, If you wish to automount shares when you login, you can try pam_mount. It should be a package on the mdk 10.1 CDs. You can set it to mount windows cifs and smb shares to your mandrake box. It's possible because Linux supports pluggable auth modules(PAM) I used it along with winbind auth to mount all my windows shares from servers at work to my Linux mandrake workstation (laptop) When ever I ssh'd in, the shares mounted. It can be set to mount based on preferred authentication system (local password file, winbind, nis, etc) and protocol. ie. mount windows shares if you login via ssh, or even if you login through the kde desktop (warning: kde requires special files relocated when mounting home directories). Having said that and seeing as how you are new, I believe Geoff's solution is a much easier way to go. You may however wish to read up on pam_mount anyway. For more info do a google on pam_mount Chris Regards Geoff Scott --- Geoff Scott writes: > What about NFS? unsecure (some users need root on their linux clients) I know, that this calls for AFS, but the most users are on windows and I don't want an other fileserver type currently. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Review Request: Samba-3 by Example Update
John H Terpstra wrote: > On Thursday 14 April 2005 19:05, Geoff Scott wrote: >> John H Terpstra wrote: >>> On Wednesday 24 November 2004 17:00, Geoff Scott wrote: >>>>> The issue of this thread was authenticating machine accounts if I >>>>> remember correctly... >>>> >>>> No I was just having a hard time getting the smbldap tools to work >>>> properly. It all came down to me not knowing at what point you >>>> switch from chapter 6 of the example book to chapter 8 to vampire >>>> accounts of the NT server. Of course if you vampire accounts >>>> straight after you use the preload.ldif then you end up with >>>> different GID's than what the smbldap tools expect in their >>>> defaults. therefore the vampire fails as the expected GID for the >>>> group is different to what vampire sets up as it creates the >>>> groups from the NT server. It would be nice if John could add to >>>> chapter 8 something like: >>>> Build the Base server the same as in Chapter 6 including step ? >>>> "using the smbldap-populate script" then continue with vampiring >>>> the accounts. >>> >>> I'll consider this when I do the update in January. >> >> This was a thread titled "vampire fails because of Debian >> smbldap-tools problem" >> >> This was a personal bugbear of mine that caused me a week of grief. >> I >> have noticed about three job ads in the local job search web sites in >> the past 2 weeks asking for someone to help migrate large companies >> from NT4 to Samba, so having something like what I suggested above in >> the NT4 Migration chapter is still relevant. Please John would you >> consider it? >> >> Regards Geoff Scott > > You win! The documentation is wrong. I am updating it now. Sheesh! > How did that get past me? Doh! > > - John T. And I bugged you about it privately, a month or 2 ago. You naughty, naughty documenter you ;-) As to whether your documentation is useful, it certainly is if you live in Australia and most of the list replies come from the other side of the world. Try fixing something urgently during work hours when no one else is awake. Regards Geoff Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Mounting a Windows Share with UTF8 files
Cassar, Adam wrote: > Can anyone advise if this is possible ?? > > I really don't want to revert to Windows for my solution... Linux is > just gaining some momentum in my firm, and if this is not possible, > then it will likely be dropped for all future implementations. > > thanks > > > Adam Cassar > I know this doesn't really help you now, but you may get better help from the specialised linux-cifs mailing list. You can get to it from here: http://linux-cifs.samba.org/ and here: https://lists.samba.org/mailman/listinfo/linux-cifs-client Smbfs is considered deprecated by the team. Regards Geoff Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Review Request: Samba-3 by Example Update
John H Terpstra wrote: > On Wednesday 24 November 2004 17:00, Geoff Scott wrote: >>> The issue of this thread was authenticating machine accounts if I >>> remember correctly... >> >> No I was just having a hard time getting the smbldap tools to work >> properly. It all came down to me not knowing at what point you switch >> from chapter 6 of the example book to chapter 8 to vampire accounts >> of the NT server. Of course if you vampire accounts straight after >> you use the preload.ldif then you end up with different GID's than >> what the smbldap tools expect in their defaults. therefore the >> vampire fails as the expected GID for the group is different to what >> vampire sets up as it creates the groups from the NT server. >> It would be nice if John could add to chapter 8 something like: >> Build the Base server the same as in Chapter 6 including step ? >> "using the smbldap-populate script" then continue with vampiring the >> accounts. > > I'll consider this when I do the update in January. This was a thread titled "vampire fails because of Debian smbldap-tools problem" This was a personal bugbear of mine that caused me a week of grief. I have noticed about three job ads in the local job search web sites in the past 2 weeks asking for someone to help migrate large companies from NT4 to Samba, so having something like what I suggested above in the NT4 Migration chapter is still relevant. Please John would you consider it? Regards Geoff Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Hula-project and Samba
James Ruthven wrote: > Hello, > > Has anyone run Hula Server (http://www.hula-project.org) and Samba on > the same server and got the user authentication to sync? > > I imagine this would involve configuring Samba to use eDirectory > (Novell) which Hula is using for store. > > I have searched everywhere for documentation referencing Hula and > Samba integration/authentication but only found one article > announcing that Novell has contributed its eDirectory APIs to the > Samba Project. > > Have these APIs been implemented yet? > > Please could someone point me in the right direction? > > Many thanks in advance. > James It's probably going to be an easier job to use Open-xchange. I have done some prliminary work on integrating Samba 3.0.10 and OX 0.7.5. this is documented on the OX wiki. Most of the Doc is copied and pasted from JHT's work but adapted for Debian. It hasn't been updated for the OX 0.8beta4 release or for Samba 3.0.11 but the basics are there to create a Win2K SBS replacement. (I'm just waiting for a more stable release of Oxlook to sync outlook with OX) Regards Geoff Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbumount hangs
Michael H. Warfield wrote: > On Thu, 2005-02-24 at 13:13 +1100, Geoff Scott wrote: >> Nina Pham wrote: >>> I'm using rehat9, kernel2.4.20-18.9, samba2.2.7a-7.9.0. I have >>> smbumount hangs most of the time. Any idea? > >> Although this is SMB related this is the wrong list for this >> problem. This is a SAMBA list not an SMBMOUNT list. > > Oh? Being one of the former maintainers of smbmount/smbumount and > smbfs in the kernel, last I looked smbmount and smbumount were part > of the Samba package and have been since before I was managing it > (and I handed off to someone else on the team years ago). Is there > some other place where people are discussing smbmount, smbumount, > and smbfs now? > > Hmmm... What's on Fedora Core 3 seems to be part of the Samba > package: > > [EMAIL PROTECTED] ~]# rpm -qf /usr/bin/smbumount > samba-client-3.0.10-1.fc3 > >> Regards Geoff Scott > > Mike The opinions that I have seen on this list before is that smbmount is deprecated. linux.cifs should be used instead, and for that people should go here and subscribe: https://lists.samba.org/mailman/listinfo/linux-cifs-client The other thing that I have seen is that because smbmount is kernel related users should go to the kernel lists, or something like that. Did I get that all wrong? Am I just shooting my mouth off again? Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] smbumount hangs
Nina Pham wrote: > I'm using rehat9, kernel2.4.20-18.9, samba2.2.7a-7.9.0. I have > smbumount hangs most of the time. Any idea? Although this is SMB related this is the wrong list for this problem. This is a SAMBA list not an SMBMOUNT list. Regards Geoff Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] upgrading samba on a Xserver 10.2.8
[EMAIL PROTECTED] wrote: > Hi > > Can anyone advise me, I have a Mac OS 10.2.8 Server. The server is > running Samba version 2. I need to upgrade to Samba version 3 because > of windows XP problems. Is there a stand alone installer version of > Samba V3 that I can download onto my Mac Xserver and install to > update my version of Samba. > I am new to the Samba world and know little about Samba any advise > would be used. > Regards Mark Upgrade the server software eg mac OS X server 10.3. there is no easy way for you to deal with the nasty hacks that Apple do to make Samba work with OS X. Upgrade your OS. Regards Geoff Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba on my machine wi
Hello, I run Konfabulator under OS X 10.3.7 with a proxy connection to the internet and I use an IP address identifier widget. It shows from time to time incoming and outgoing traffic on a Samba server(s). This appearance is extremely brief. I don¹t know anything about Samba and have never knowingly used it on my machine. Can you fill me in on this? Is this malicious activity? Mac OS X as you probably know is based on a version of *NIX. Therefore it runs Samba (windows OS file sharing & printing ++ software), albeit a nastily hacked up version according to some team members. Do you have windows file sharing turned on? If you don't need it, turn it off and firewall those ports. Do you access windows servers? Perhaps this software of yours is reporting both types of windows file sharing servers as "Samba". Without knowing what your environment is probably no one can answer that question about it being malicious activity. Regards Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba LDAP and add machine script problems
> Geoff Scott: > > [...] > > > tell us what happens. > > What happens is, that RHAS3 gets all mixed upo (Openldap 2.2.20) as to > what's root and what's administrator. > > This is a *LOUSY* solution and worthy by all men of utter condemnation. > > --Tonni hmmm. I was just quoting from JHT's book samba by example: Making Users Happy step 11# In the above listing, you can see that the user Administrator has been given UID=998. This means that operations conducted from a Windows client using tools such as the Domain User Manager fails under UNIX because the management of user and group accounts requires that the UID=0. You decide to rectify this immediately as demonstrated here: root# cd /var/lib/samba/sbin root# ./smbldap-usermod.pl -u 0 Administrator OK. I see the criticism, but where's your solution? You know, on the postfix user lists those guys will tell you you're a dweeb and then tell you where to RTFM, but at least they tell you where in the README's to find the info. I've posted here a number of times and never gotten a response. I don't think that my questions were that silly. But rather than let someone else sit around wondering how to fix a problem, I am trying to help. What have you done to help this fellow lister? Look, I don't want to flame But do something constructive. I can't help this guy anymore. His problem is beyond me. It looks like you can tho So please do. Regards Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba LDAP and add machine script problems
> > I'm trying to integrate Openldap with Samba version 3.0.10. I have > populated > my LDAP server via smbldap-populate.pl and I've gotten PAM to recognize > LDAP > as an authentication mechanism. Thus, I can add a user with smbldap- > useradd.pl > and su to that user. Can you do a straight login / ssh as that new user? > The problem I am having is when I attempt to add a computer from MS > Windoze XP. > When I attempt to join my domain XP prompts me for a user ID and password. > If I > enter a user ID of "root" with either my box's actual root password or the > password for the LDAP user > "uid=Administrator,ou=Users,dc=somedomain,dc=org" > I get the following: "unknown user or bad password". I suppose this > makes sense > because there are only two users in ou=Users (Administrator and nobody) > neither > of which is "root". Alternatively, if I attempt to join the domain > with a user ID > of "Administrator" I get "Access is denied". Somewhere in those howto's and example books that JHT, et al, has written he says to set the uid of the Administrator to 0. what UID does your administrator have? I believe from vague memory that the smbldap-populate script automatically sets the uid of the Administrator to 0. Just use smbldap-passwd Administrator to make sure that the password is set. then try adding your Machine again. This worked for me last night when I got the same error. tell us what happens. Regards Geoff. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] XP SP2 - winlogon.exe crashes
== The problem: == I am in the testing stages of implementing a Samba domain. My user is logging on to a standard win xp SP2 desktop, with the samba pdc, supplying the credentials. The logon screen disappears and an "SAS window: winlogon.exe - Application Error" box pops up on the Win XP screen. If I click OK the machine reboots. My user can log onto the Debian Sarge server using ssh fine. My other users in the same ldap Users container can log onto the open-xchange part of this server fine. == My attempts at problem solving == reset the users password removed the XP machine from the domain and added it again. added the " use sendfile = no" directive to smb.conf shutdown the firewalls on both the XP machine and the server == technical details == Samba version: Version 3.0.10-Debian Linux flavour: debian Sarge XP version SP2 Ldap with bdb backend (users can log on with other applications) = The questions = Can anyone point me in the direction of docs that I can use to fix this? Can anyone decrypt the content of the error message from the logs below and point me in the right direction? == The Errors from log === [2005/01/20 16:02:01, 0] lib/util_sock.c:get_peer_addr(1000) getpeername failed. Error was Transport endpoint is not connected [2005/01/20 16:02:01, 0] lib/util_sock.c:write_socket_data(430) write_socket_data: write failure. Error = Connection reset by peer [2005/01/20 16:02:01, 0] lib/util_sock.c:write_socket(455) write_socket: Error writing 4 bytes to socket 24: ERRNO = Connection reset by peer [2005/01/20 16:02:01, 0] lib/util_sock.c:send_smb(647) Error writing 4 bytes to client. -1. (Connection reset by peer) [2005/01/20 17:24:12, 0] lib/util_sock.c:get_peer_addr(1000) getpeername failed. Error was Transport endpoint is not connected [2005/01/20 17:24:12, 0] lib/util_sock.c:write_socket_data(430) write_socket_data: write failure. Error = Connection reset by peer [2005/01/20 17:24:12, 0] lib/util_sock.c:write_socket(455) write_socket: Error writing 4 bytes to socket 5: ERRNO = Connection reset by peer [2005/01/20 17:24:12, 0] lib/util_sock.c:send_smb(647) Error writing 4 bytes to client. -1. (Connection reset by peer) smb.conf - global section # Global parameters [global] unix charset = LOCALE workgroup = guestshire netbios name = guests1 interfaces = eth1, lo bind interfaces only = Yes passdb backend = ldapsam:ldap://guests1.guestsfurniturehire.com.au # username map = /etc/samba/smbusers log level = 1 syslog = 0 log file = /var/log/samba/log.%m max log size = 50 smb ports = 139 445 name resolve order = wins bcast hosts time server = Yes printcap name = CUPS show add printer wizard = No add user script = /usr/sbin/samba/smbldap-useradd -a -m '%u' delete user script = /usr/sbin/samba/smbldap-userdel '%u' add group script = /usr/sbin/samba/smbldap-groupadd -p '%g' delete group script = /usr/sbin/samba/smbldap-groupdel '%g' add user to group script = /usr/sbin/samba/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/samba/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/samba/smbldap-usermod -g '%g' '%u' add machine script = /usr/sbin/samba/smbldap-useradd -w '%u' #shutdown script = /var/lib/samba/scripts/shutdown.sh #abort shutdown script = /sbin/shutdown -c logon script = scripts\logon.bat logon path = \\%L\profiles\%U logon drive = X: domain logons = Yes preferred master = Yes wins support = Yes ldap suffix = dc=guestsfurniturehire,dc=com,dc=au ldap machine suffix = ou=Users,ou=OxObjects ldap user suffix = ou=Users,ou=OxObjects ldap group suffix = ou=Groups,ou=OxObjects ldap idmap suffix = ou=Idmap ldap admin dn = cn=Manager,ou=Users,ou=OxObjects,dc=guestsfurniturehire,dc=com,dc=au idmap backend = ldap://guests1.guestsfurniturehire.com.au idmap uid = 1000-2 idmap gid = 1000-2 map acl inherit = Yes printing = cups printer admin = Administrator, geoffs use sendfile = no What else can I do to give more information? Regards Geoff Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] international characters + user mountable share - is it possible?
This probably better addressed to the smbfs list or the cifs list depending on which you are using . This list doesn't actually deal with these issues. cheers GS -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Windows XP machine cannot be accessed
> | these things are best done manually on the command line first to see if > all > | is working well, from memory: > | > | mount -t smbfs //server/windowsshare /path/to/mntdir -o username=geoff > | > | If the above manual stuff works then it must be another problem. > | > | Tell us what you see. > | > | Regards Geoff > | > If I use mount at the console in the format you suggest I get asked for my > password and the XP share mounts and can be accessed (also through > Konqueror > etc.) When I attempt to write the equivalent into fstab, the folder > appears but > is empty. No messages. It has not auto generated a credentials file for > the XP > machine as it has for the other machines. Inserting user=john in fstab is > OK > for the WinME machine, but XP must want more. I guess if it cannot see the > machine then it will not auto generate the needed access files. > Regards > John. I manually created the credentials file. Create one yourself and point the fstab entry to that, as I mentioned before. (rejig it so it suits your needs of course) eg. username=john password=winXPlocalpassword workgroup=winxpWorkgroup once you have that plus an entry in fstab plus you have made a mount point do: mount /mnt/winXpmountpoint take a look at any errors that you get. Maybe smbmount needs to be Suid root for your mandrake user to mount it properly. Regards Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Windows XP machine cannot be accessed
> All of the Windows machines have no problems accessing shares on each > other and > Mandrake. The Mandrake machine accesses the WinME an Win2K machines > readily, > but the WinXP machine is not visible on any utility I have tried. I can > ping it > OK. I have disabled firewalls etc in case this was the problem but no > change. OK so Samba is working fine? yes? The windows machines can mount the samba share off of the mandrake box? they get asked for a password and username which you supply and then you can browse the shares from the windows machines? > I manually edited fstab and inserted what seemed an appropriate entry for > a > share on the XP machine. In Konqueror for instance an icon appeared for > the > share but when clicked up in was empty. I don't have a linux desktop machine any more but I used to do this in fstab (note that if the above is correct and samba works then this is an smbfs problem, and appropriate to that list, not this one) : #Samba filesystems, not auto mounted and any user. //ukldnfs05/shared_area /mnt/smb/ukldnfs05/shared_area smbfs noauto,users,credentials=/home/geoff/Crap/smbcred 0 0 //ukldninstall03/allsoftware$ /mnt/smb/ukldninstall03/allsoftware smbfs noauto,users,credentials=/home/geoff/Crap/smbcred 0 0 then inside of /home/geoff/Crap/smbcred I had: username=geoff password=doggyp00 workgroup=dudenet > I have almost convinced myself that it must be some kind of authentication > problem, probably something basic I have overlooked and so simple I cannot > see > it. Can anybody give me some ideas please? > John these things are best done manually on the command line first to see if all is working well, from memory: mount -t smbfs //server/windowsshare /path/to/mntdir -o username=geoff If the above manual stuff works then it must be another problem. Tell us what you see. Regards Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: [proposal] Samba Software Foundation
> > Yes it realy sounds wonderful, and the basic idea probably is, but I > dislike the reiteration of personal tastes, and dislikes. > Imposing "if xy would say something negative about me I'll take my ball > with me and won't play again with you until you would force him to > leave" IMHO sounds too childish in an OSS software organizations ruleset > :-( > > Cheers, > > Geza Gemes > > Luke Kenneth Casson Leighton wrote: I think the fact that the guy uses his full name says it all Regards, Sir Tiddlywinks Saturn Brigator Uranus Excelsior (yeh, I know it's childish but it made me laugh) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Vampire deletes user from groups
I've seen this question before but no answer. Can anyone explain why when you vampire accounts off the nt server, it will, for some people, create users and groups just fine and then go and delete users from every single group? Regards Geoff Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] smbfs Unicode patch for 2.4.x kernel
The samba list deals only with Samba not smbfs. Other list members have said in the past to people with queries like yours that there is a specific list for smbfs/cifs. Regards Geoff Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] ldap machine suffix = ou=Computers vs ou=Users
There's a discussion of this from last month here: http://lists.samba.org/archive/samba/2004-November/096287.html and here: http://lists.samba.org/archive/samba/2004-November/096342.html read through the threads and you'll find your answers. HTH Geoff -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] W2k fails to join samba domain
> > Attached is the capture of what is on the wire when this win2k box is > trying to > join the domain. It was given user "root" and password "dork" to join the > domain "aussec". The win2k box just comes up with unknown user or bad > password... > I must be missing something as another linux box can join the domain > properly > and it automatically gets the machine account created and so forth. There wasn't an attachment Tom it was empty. Stick the stuff in the body of the message. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] vampire fails because of Debian smbldap-tools problem
> The issue of this thread was authenticating machine accounts if I remember > correctly... > No I was just having a hard time getting the smbldap tools to work properly. It all came down to me not knowing at what point you switch from chapter 6 of the example book to chapter 8 to vampire accounts of the NT server. Of course if you vampire accounts straight after you use the preload.ldif then you end up with different GID's than what the smbldap tools expect in their defaults. therefore the vampire fails as the expected GID for the group is different to what vampire sets up as it creates the groups from the NT server. It would be nice if John could add to chapter 8 something like: Build the Base server the same as in Chapter 6 including step ? "using the smbldap-populate script" then continue with vampiring the accounts. Regards Geoff -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] vampire fails because of Debian smbldap-tools problem
> > BTW i use tgz version of smbldap-tools on debian, they are more > > up-to-date, and aparently better packaged. > > > > OK so I gave up on the .DEB version and downloaded the .tgz version. I > put > the scripts in /usr/sbin/samba. I copied the 2 .conf files into > /etc/smbldap-tools/ and just to be sure that I didn't get any typos I used > the configure.pl script that comes with the tgz file. It seems to run > fine > and produce 2 good .conf files. It does output this part way through > though: > > Use of uninitialized value in scalar chomp at /usr/sbin/samba/configure.pl > line138, line 17. > Use of uninitialized value in hash element at /usr/sbin/samba/configure.pl > line140, line 17. > Use of uninitialized value in concatenation (.) or string at > /usr/sbin/samba/configure.pl line 144, line 17. > Use of uninitialized value in string at /usr/sbin/samba/configure.pl line > 145, line 17. > > Then when you Vampire accounts this happens: > > Fetching DOMAIN database > SAM_DELTA_DOMAIN_INFO not handled > Creating unix group: 'Domain Admins' > Creating unix group: 'Domain Users' > Creating unix group: 'Domain Guests' > Creating unix group: 'QLD Consultants' > Creating account: administrator > Can't call method "get_value" on an undefined value at > /usr/sbin/samba/smbldap-useradd line 168, line 283. > Could not create posix account info for 'administrator' > Creating account: deloitte > Can't call method "get_value" on an undefined value at I thought that I would give it another go. This time just adding a user with smbldap-useradd only. The error that I got back was that the group gid 513 didn't exist. I did a slapcat and looked for the domain users and the gid was like 10001 or something the reason for this was that I had followed chapter 8 of JHT's example book and it doesn't explicitly state in that chapter where you follow on from chapter 6. If you use the smbldap tools they set the domain users gid to 513 and the default group of your users to the domain users. So if you follow chapter 8 don't just use the preload.ldif and then follow that up with a vampire off the NT server, you probably want to use smbldap-populate after you join the domain and before you vampire accounts, as it will create the Domain Users group with gid 513, the same as is the default for the smbldap scripts. I hope this helps other people. Regards Geoff -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] net getlocalsid as opposed to rpc info
If I can do one but not the other, is this something that I should be worried about? testparm -s reveals no errors in my smb.conf . Should I fix it? is it critical? foobar1:/usr/sbin/samba# net getlocalsid [2004/11/24 13:38:25, 0] utils/net.c:net_getlocalsid(486) Can't fetch domain SID for name: FOOBAR1 foobar1:/usr/sbin/samba# net rpc info Domain Name: FOOBAR Domain SID: S-1-5-21-1766222747-123456826-1539857752 Sequence number: 1101264348 Num users: 0 Num domain groups: 19 Num local groups: 0 foobar1:/usr/sbin/samba# Regards Geoff Scott -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] vampire fails because of Debian smbldap-tools problem
> > BTW i use tgz version of smbldap-tools on debian, they are more > up-to-date, and aparently better packaged. > OK so I gave up on the .DEB version and downloaded the .tgz version. I put the scripts in /usr/sbin/samba. I copied the 2 .conf files into /etc/smbldap-tools/ and just to be sure that I didn't get any typos I used the configure.pl script that comes with the tgz file. It seems to run fine and produce 2 good .conf files. It does output this part way through though: Use of uninitialized value in scalar chomp at /usr/sbin/samba/configure.pl line138, line 17. Use of uninitialized value in hash element at /usr/sbin/samba/configure.pl line140, line 17. Use of uninitialized value in concatenation (.) or string at /usr/sbin/samba/configure.pl line 144, line 17. Use of uninitialized value in string at /usr/sbin/samba/configure.pl line 145, line 17. Then when you Vampire accounts this happens: Fetching DOMAIN database SAM_DELTA_DOMAIN_INFO not handled Creating unix group: 'Domain Admins' Creating unix group: 'Domain Users' Creating unix group: 'Domain Guests' Creating unix group: 'Sofa Workshop' Creating unix group: 'Family' Creating unix group: 'Payroll' Creating unix group: 'PA' Creating unix group: 'Accounting' Creating unix group: 'GHAccounts' Creating unix group: 'Hire Accounting' Creating unix group: 'Seagate Info' Creating unix group: 'MTS Trusted Impersonators' Creating unix group: 'TopTools' Creating unix group: 'Melb Consultants' Creating unix group: 'Melb Accounts' Creating unix group: 'Manager Reporting' Creating unix group: 'NSW Consultants' Creating unix group: 'Actif' Creating unix group: 'QLD Consultants' Creating account: administrator Can't call method "get_value" on an undefined value at /usr/sbin/samba/smbldap-useradd line 168, line 283. Could not create posix account info for 'administrator' Creating account: deloitte Can't call method "get_value" on an undefined value at /usr/sbin/samba/smbldap-useradd line 168, line 283. Could not create posix account info for 'deloitte' Creating account: iusr_guests Can't call method "get_value" on an undefined value at /usr/sbin/samba/smbldap-useradd line 168, line 283. Could not create posix account info for 'iusr_guests' So everything works fine till you get to creating proper users. I've checked and checked the smbldap.conf file for errors, which I can't see. Can anyone see anything glaringly obvious that I have missed? Oh, and the reason that I am putting users etc into ou=Users,ou=OxObjects is that I am trying to integrate Samba with Open Exchange. Is there something hardcoded into Samba that will stop me from doing this? Regards Geoff The smbldap.conf file that I am currently using is below: # General Configuration # Put your own SID # to obtain this number do: net getlocalsid SID="S-1-5-21-1766222747-101449826-1539857752" # LDAP Configuration slaveLDAP="127.0.0.1" slavePort="389" # Master LDAP : needed for write operations # Ex: masterLDAP=127.0.0.1 masterLDAP="127.0.0.1" masterPort="389" # Use TLS for LDAP # If set to 1, this option will use start_tls for connection # (you should also used the port 389) ldapTLS="0" # How to verify the server's certificate (none, optional or require) # see "man Net::LDAP" in start_tls section for more details verify="" # CA certificate # see "man Net::LDAP" in start_tls section for more details cafile="" # certificate to use to connect to the ldap server # see "man Net::LDAP" in start_tls section for more details clientcert="" # key certificate to use to connect to the ldap server # see "man Net::LDAP" in start_tls section for more details clientkey="" # LDAP Suffix # Ex: suffix=dc=IDEALX,dc=ORG suffix="dc=foobar,dc=com,dc=au" # Where are stored Users # Ex: usersdn="ou=Users,dc=IDEALX,dc=ORG" usersdn="ou=Users,ou=OxObjects,${suffix}" # Where are stored Computers # Ex: computersdn="ou=Computers,dc=IDEALX,dc=ORG" computersdn="ou=Users,ou=OxObjects,${suffix}" # Where are stored Groups # Ex groupsdn="ou=Groups,dc=IDEALX,dc=ORG" groupsdn="ou=Groups,ou=OxObjects,${suffix}" # Where are stored Idmap entries (used if samba is a domain member server) # Ex groupsdn="ou=Idmap,dc=IDEALX,dc=ORG" idmapdn="ou=Idmap,${suffix}" # Where to store next uidNumber and gidNumber available sambaUnixIdPooldn="cn=NextFreeUnixId,${suffix}" # Default scope Used scope="sub" # Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA) hash_encrypt="MD5" # if hash_encrypt is set to CRYPT, you may set a salt format. # default is "%s", but many systems will generate MD5 hashed # passwords if you use "$1$%.8s". This parameter is optional! crypt_salt_format="%s" ## # # Unix Accounts Configuration # ## # Login defs # Default Login Shell # Ex: userLoginShell="/bin/bash" userLoginShell="/bin/bash" # Home directory # Ex: userHome="/home/%U" userHome="/ho
[Samba] vampire fails because of Debian smbldap-tools problem
Hi people, As usual I've tried a number of different approaches to this problem and can't figure it out. I don't have enough knowledge. Every time I do net rpc vampire I get this crap spewed at me: Use of uninitialized value in substitution (s///) at /usr/share/perl5/smbldap_tools.pm line 106, line 233. Use of uninitialized value in substitution (s///) at /usr/share/perl5/smbldap_tools.pm line 106, line 245. Use of uninitialized value in string at /usr/share/perl5/smbldap_tools.pm line 153. Use of uninitialized value in string at /usr/share/perl5/smbldap_tools.pm line 153. erreur LDAP: Can't contact master ldap server (IO::Socket::INET: Bad hostname '' ) at /usr/share/perl5/smbldap_tools.pm line 153. Creating unix group: 'Hire Accounting' I've got this in my smbldap.conf file: # Master LDAP : needed for write operations # Ex: $masterLDAP = "127.0.0.1"; $masterLDAP = "guests1.guestsfurniturehire.com.au"; $masterPort = "389"; And /usr/share/perl5/smbldap_tools.pm line 106, has this: 101 sub subst_configvar 102 { 103 my $value = shift; 104 my $vars = shift; 105 106 $value =~ s/\$\{([^}]+)\}/$vars->{$1} ? $vars->{$1} : $1/eg; 107 return $value; 108 } 109 /usr/share/perl5/smbldap_tools.pm line 153 Says this: 150 sub connect_ldap_master 151 { 152 # bind to a directory with dn and password 153 my $ldap_master = Net::LDAP->new( 154 154 "$config{masterLDAP}", These are the files provided by Debian sarge with an apt-get install smbldap-tools. And libnet-ldap-perl has been installed. I don't know what to do next. I'm hoping that someone can please help me figure out what is missing. Regards Geoff Scott -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] nss and pam with ssl and sarge debian
I'm working from the samba 3 how-to and creating my own how-to so that I get everything straight in my head. I'm trying to make an exchange replacement with samba + ldap + open-xchange + cyrus + postfix + postgresql etc etc. At the minute I'm trying to find out if Sarge has ssl already enabled in it's PAM and NSS packages, instead of me trying to compile it myself. Anyone know the answer of the top of their heads? Or point me to somewhere where this is documented? Regards Geoff Scott IT Systems Administrator Guests Furniture Hire Pty Ltd Tel: 03 9426 9143 Fax: 03 9428 7605 Mob: 0437 037 421 Email: [EMAIL PROTECTED] IMPORTANT NOTICE: Electronic mail is not secure and there is a risk that messages may be corrupted in transmission. It is the user's responsibility to check any attachments to this e-mail for viruses before use. This message and any attachments are confidential and may be subject to legal or other professional privilege. Any confidentiality or privilege is not waived or lost because this e-mail has been sent to you by mistake. If you have received this transmission in error, please notify us by reply e-mail and delete our e-mail. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba server authenticating to NetWare server?
> Subject: Re: [Samba] Samba server authenticating to NetWare server? > > Le mardi 21 Septembre 2004 15:29, Chris Richardson a écrit : > > Can someone confirm that I can't do what I want to do: > > > > - Have a SuSE 9.1 Linux box running Samba 3.0 exporting shares by SMB. > > - Have users log into Windows boxes running a NetWare client, > > authenticating by NDS to a Netware 6.5 server. Or if you want to wait a bit Novell are going to bring out Open server which syncs POSIX, samba sids (samba 3.x) & Netware credentials in edirectory. But you will apparently have to wait till after Jan 2005. How much work do you want to do? Geoff. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Hot to configure Samba 3 as PDC and BDC for a Windows network
> -Original Message- > From: Charlie [mailto:[EMAIL PROTECTED] > > I hoping someone out there might be able to tell my how to configure and > Samba > box to be a PDC and BDC for a windows network? I'd like to use the LDAP > backend, but and too new to the Unix world to understand how this is > accomplished. Any help would be greatly appreciated. > There is nothing in the samba world relating to PDC and BDC functionality that is point and click. You will need to go the hard yards and study thoroughly how *nix works. If you really want to follow through on this then the path that I would recommend is: Go to www.lpi.org and study the LPIC-1 certification material listed. This will give you the relevant knowledge to enable you to get out of common *nix problems. Some of the free course material out there that is good is written by Daniel Robbins who is the Chief Architect of Gentoo Linux. You can find it at ibm.com/developerWorks John Terpstra has written the samba 3 by example book which can be found on the docs section of the samba web page. Or can be purchased in book form, I'm sure John would appreciate you purchasing the book as it means he gets fed. ;-) That book is excellent: http://www.samba.org/samba/docs/man/Samba-Guide/ Read chapter 6 in particular: Making users happy It's faster of course if you go to your relevant mirror. It doesn't help you understand basic LDAP or DNS though, it just helps you get up and running. So as a nice little primer I would recommend reading the relevant sections in this Suse PDF: http://www.novell.com/documentation/suse91/pdfdoc/adm91-screen/adm91-screen. pdf And also after that the LDAP docs at: http://www.openldap.org/doc/ Treat Linux and samba like a giant Salami. It looks horribly greasy and disgusting from the outside if you attempt to eat it in one hit, but if you slice it up wafer thin you'll find that each little slice is delicious! ;-) >From one relative newbie to an even greener one, Geoff. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] documentation for samba + Novel edirectory NLS
HI, I've been lurking for a while hoping to come across some information on setting up Samba 3.X and edirectory. I've got both the how-to book and the example book by JHT and have read the example book cover to cover. John refers his readers to the lists & Novell, to get setup info for edirectory. So far, from googling groups, lists www, and Novell. There seems to be none Does anyone know of any samba.sch files that I can use to extend the edir schema? I tried using the samba.schema file apparently it's got a different format and the novel supplied tool bombs out. Compared to the most of you my knowledge is basic so if anyone can spare a little time and perhaps add to the world wide knowledge base (available through Google) I'd appreciate some fairly detailed instructions. Cheers Geoff Scott -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba