[Samba] After host name change: Failed to add user ... with error: The account's primary group is invalid
Hi, I've got Samba 3.5.6 (SerNet .deb packages) running as a standalone file server on Debian Lenny. User information is stored in LDAP via ldapsam:editposix. I had to change both the host name and the workgroup name as I had to move the host to a new internal subnet. I noticed that a new sambaDomainName entry was created (containing a new sambaSID). Unfortunately, the Administrator user still contains both the old sambaSID and the old sambaPrimaryGroupSID and thus does not have any rights. I tried to perform the following steps: net -U Administrator%myadminpass -I localhost rpc user add myuser and got the error message mentioned in the subject line. Consequently, the other steps failed: net -U Administrator%myadminpass -I localhost sam createdomaingroup grmyuser net -U Administrator%myadminpass -I localhost sam addmem grmyuser myuser Even after I changed the relevant part of both the sambaSID and the sambaPrimaryGroupSID in my LDAP DIT and restarting the Samba daemons smbd and nmbd, I still get the error message mentioned error. What else do I have to in addition to that (I want to avoid having to recreate all my Samba accounts (starting from scratch) by running net sam provision? Is there any way to get around this and reuse the already existing configuration by making a few adjustments? What's the correct procedure to get the Administrator account working again after a host name/workgroup name change so that I can continue to add more users? Thanks in advance for any hints kind regards, Holger signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] After host name change: Failed to add user ... with error: The account's primary group is invalid
Hi, I've got Samba 3.5.6 (SerNet packages) running on Debian Lenny. User information is stored in LDAP via ldapsam:editposix. I changed both the host name and the workgroup name as I had to move the host to a new internal subnet. I noticed that a new sambaDomainName entry was created (containing a new sambaSID). Unfortunately, the Administrator user still contains both the old sambaSID and the old sambaPrimaryGroupSID and thus does not have any rights. I tried to perform the following steps: net -U Administrator%myadminpass -I localhost rpc user add myuser and got the error message mentioned in the subject line. Consequently, the other steps failed: net -U Administrator%myadminpass -I localhost sam createdomaingroup grmyuser net -U Administrator%myadminpass -I localhost sam addmem grmyuser myuser What's the correct procedure to get the Administrator account working again after a host name/workgroup name change so that I can continue to add more users? Thanks in advance for any hints kind regards, Holger THE standard software for Aviation Authorities ** IMPORTANT NOTICE / WICHTIGER HINWEIS This communication contains information which is confidential and may also be privileged. It is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s) please note that any distribution, copying or use of this communication or the information in it is strictly prohibited. If you have received this communication in error please notify us immediately by email or by telephone and then delete this email and any copies of it. Diese E-Mail koennte vertrauliche und/oder rechtlich geschuetzte Informationen enthalten. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtuemlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail sind nicht gestattet. ** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Transfer Efficiency (undocumented perf hint for Win7 gives 10X write speeds)
Hi Linda, thanks a lot for sharing your params; IMHO it's very useful to them in combination (Win registry, Samba config, Linux sysctls). Would you mind telling us a bit about your client and server HW, the Samba server OS and version you use so that your test results obtained with dd appear in some context and can be judged better? Thanks in advance Kind regards, Holger signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Transfer Efficiency
Hi Linda, On Sun, 20 Jun 2010, Linda W wrote: [...] Make sure your tcp stack is tuned on your linux server. My distro had set my max TCP window size and memory usage set way lower than needed for good Gigabit performance. Could you please share your parameters (sysctl values, etc.) for tuning you Linux server's TCP/IP stack? Thanks in advance kind regards, Holger signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [OT] Adding InetOrgPerson schema when using ldapsam:editposix module
Hi, I admit that this is OT, at least slightly. While I've successfully used the ldapsam:editposix module in conjunction with the net sam and net rpc toolchain, which provides me with both the POSIX and the Samba account info for each account stored centrally in an LDAP DIT, I would like to have the info related to an InetOrgPerson as well. What's the easiest (preferred) way of adding that schema to a number of existing LDAP accounts (there are around 25 of these accounts in my DIT)? Thanks in advance kind regards, Holger signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ldapsam:editposix: Which samba.schema attributes are modified when using smbpasswd -a?
Hi, I'm using Samba 3.2.5 on Debian Lenny in conjunction with MIT Kerberos. LDAP user accounts have already been added prior to the Samba installation using the ldapscripts package (also included in Debian). I understand that I have to run smbpasswd -a as root on the Samba server for each user that's supposed to be visible to (and usable by) Samba as well (a whole bunch of SambaSam* attributes gets added to a user's attribute set). What's not obvious to me is whether the userPassword attribute is changed after one has provided the passwd to the smbpasswd utility. (In conjunction with Kerberos, the value for the userPassword attribute always has a fixed notation like {KERBEROS}name-of-principal@kerberos-realm and thus that value should remain unmodified). In cases where the Kerberos database is also stored in LDAP, a different attribute is modified when changing a user's password (starting with krb5 in the attribute name). Is this taken into account by smbpasswd? Or is the passwd specified upon smbpasswd invocation just useless for kerberized Samba setups? Does a smbpasswd -a invocation modify the value of the userPassword attribute of a particular user's LDAP entry? Thanks for clarifying this kind regards, Holger signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Ldapsam:editposix: How to continue once it's setup
Hi to everybody, I managed to setup ldapsam:editposix for Debian Lenny as described here: http://wiki.samba.org/index.php/Ldapsam_Editposix and had the impression that in order to add a Samba Unix client, it would be best to continue here: http://www.samba.org/samba/docs/man/Samba-Guide/unixclients.html However, in the ldapsam:editposix tutorial, the Administrator is mentioned instead of root (judging from what I've read so far, the Administrator user is only used for real Windows client PCs). My smb.conf is setup so that no NetBIOS stuff is used (no wins, only port 445, netbios disabled). Before running net sam provision, there were already user accounts present in LDAP. Do I have to execute smbpasswd, even though I intend to use MIT Kerberos (the value for the userPassword attribute in LDAP looks like this {KERBEROS}user@kerberos-realm ??? (This especially applies to the root user since this account doesn't seem to be created during net sam provision). By the way, the Kerberos database is also stored in LDAP. What do I have to do so that the remaining users in LDAP also get the Samba specific LDAP attributes added to their account info and can be used for Kerberized Samba sessions (either from Windows or smbclient setups from Unix)? getent passwd, getent group, kinit all work as expected, i. e. they return the accounts and groups stored in LDAP and I can obtain Kerberos tickets. I can also use these tickets for passwordless SSH logins and create files as that user, including changing group membership to an auxiliary group using newgrp. So, Kerberos works. In case you need any additional info (etc. smb.conf) I will surely provide it, but I didn't want to make this mail too long. Any help is greatly appreciated! Thanks kind regards, Holger signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba