[Samba] After host name change: Failed to add user ... with error: The account's primary group is invalid

2010-12-01 Thread Holger Rauch 
Hi,

I've got Samba 3.5.6 (SerNet .deb packages) running as a standalone
file server on Debian Lenny. User information is stored in LDAP via
ldapsam:editposix. I had to change both the host name and the workgroup
name as I had to move the host to a new internal subnet.

I noticed that a new sambaDomainName entry was created (containing a new
sambaSID). Unfortunately, the Administrator user still contains both the old
sambaSID and the old sambaPrimaryGroupSID and thus does not have any rights.
I tried to perform the following steps:

net -U Administrator%myadminpass -I localhost rpc user add myuser

and got the error message mentioned in the subject line. Consequently, the
other steps failed:

net -U Administrator%myadminpass -I localhost sam createdomaingroup grmyuser
net -U Administrator%myadminpass -I localhost sam addmem grmyuser myuser

Even after I changed the relevant part of both the sambaSID and the
sambaPrimaryGroupSID in my LDAP DIT and restarting the Samba daemons smbd
and nmbd, I still get the error message mentioned error.

What else do I have to in addition to that (I want to avoid having to
recreate all my Samba accounts (starting from scratch) by running net sam
provision? Is there any way to get around this and reuse the already
existing configuration by making a few adjustments? 

What's the correct procedure to get the Administrator account working again
after a host name/workgroup name change so that I can continue to add more
users?

Thanks in advance for any hints  kind regards,

   Holger


signature.asc
Description: Digital signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] After host name change: Failed to add user ... with error: The account's primary group is invalid

2010-11-19 Thread Holger Rauch 
Hi,

I've got Samba 3.5.6 (SerNet packages) running on Debian Lenny. User 
information is stored in LDAP via ldapsam:editposix. I changed both the host 
name and the workgroup name as I had to move the host to a new internal subnet.

I noticed that a new sambaDomainName entry was created (containing a new 
sambaSID). Unfortunately, the Administrator user still contains both the old 
sambaSID and the old sambaPrimaryGroupSID and thus does not have any rights. I 
tried to perform the following steps:

net -U Administrator%myadminpass -I localhost rpc user add myuser

and got the error message mentioned in the subject line. Consequently, the 
other steps failed:

net -U Administrator%myadminpass -I localhost sam createdomaingroup grmyuser
net -U Administrator%myadminpass -I localhost sam addmem grmyuser myuser

What's the correct procedure to get the Administrator account working again 
after a host name/workgroup name change so that I can continue to add more 
users?

Thanks in advance for any hints  kind regards,

   Holger

THE standard software for Aviation Authorities

**
IMPORTANT NOTICE / WICHTIGER HINWEIS
This communication contains information which is confidential and may also be 
privileged. It is for the 
exclusive use of the intended recipient(s). If you are not the intended 
recipient(s) please note that any 
distribution, copying or use of this communication or the information in it is 
strictly prohibited. If you have 
received this communication in error please notify us immediately by email or 
by telephone and then delete 
this email and any copies of it.
Diese E-Mail koennte vertrauliche und/oder rechtlich geschuetzte Informationen 
enthalten. Wenn Sie nicht 
der richtige Adressat sind oder diese E-Mail irrtuemlich erhalten haben, 
informieren Sie bitte sofort den 
Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die 
unbefugte Weitergabe dieser 
Mail sind nicht gestattet.
**

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba Transfer Efficiency (undocumented perf hint for Win7 gives 10X write speeds)

2010-06-21 Thread Holger Rauch 
Hi Linda,

thanks a lot for sharing your params; IMHO it's very useful to them in
combination (Win registry, Samba config, Linux sysctls).
Would you mind telling us a bit about your client and server HW,
the Samba server OS and version you use so that your test results
obtained with dd appear in some context and can be judged better?

Thanks in advance  Kind regards,

Holger


signature.asc
Description: Digital signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba Transfer Efficiency

2010-06-20 Thread Holger Rauch 
Hi Linda,

On Sun, 20 Jun 2010, Linda W wrote:

 [...] 
 Make sure your tcp stack is tuned on your linux server.  My distro had set my 
 max TCP window size and
 memory usage set way lower than needed for good Gigabit performance.

Could you please share your parameters (sysctl values, etc.) for tuning you 
Linux server's
TCP/IP stack?

Thanks in advance  kind regards,

   Holger


signature.asc
Description: Digital signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] [OT] Adding InetOrgPerson schema when using ldapsam:editposix module

2010-06-15 Thread Holger Rauch 
Hi,

I admit that this is OT, at least slightly.
While I've successfully used the ldapsam:editposix module in
conjunction with the net sam and net rpc toolchain, which provides
me with both the POSIX and the Samba account info for each account
stored centrally in an LDAP DIT, I would like to have the info related
to an InetOrgPerson as well.

What's the easiest (preferred) way of adding that schema to a number
of existing LDAP accounts (there are around 25 of these accounts in my
DIT)?

Thanks in advance  kind regards,

   Holger
   

signature.asc
Description: Digital signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] ldapsam:editposix: Which samba.schema attributes are modified when using smbpasswd -a?

2009-10-26 Thread Holger Rauch 
Hi,

I'm using Samba 3.2.5 on Debian Lenny in conjunction with MIT
Kerberos. LDAP user accounts have already been added prior to the
Samba installation using the ldapscripts package (also included in
Debian).

I understand that I have to run smbpasswd -a as root on the Samba
server for each user that's supposed to be visible to (and usable by)
Samba as well (a whole bunch of SambaSam* attributes gets added to a
user's attribute set).

What's not obvious to me is whether the userPassword attribute is
changed after one has provided the passwd to the smbpasswd utility.
(In conjunction with Kerberos, the value for the userPassword
attribute always has a fixed notation like

{KERBEROS}name-of-principal@kerberos-realm

and thus that value should remain unmodified). In cases where the
Kerberos database is also stored in LDAP, a different attribute is
modified when changing a user's password (starting with krb5 in the
attribute name).

Is this taken into account by smbpasswd? Or is the passwd specified
upon smbpasswd invocation just useless for kerberized Samba setups?

Does a smbpasswd -a invocation modify the value of the userPassword
attribute of a particular user's LDAP entry?

Thanks for clarifying this  kind regards,

   Holger


signature.asc
Description: Digital signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Ldapsam:editposix: How to continue once it's setup

2009-10-21 Thread Holger Rauch 
Hi to everybody,

I managed to setup ldapsam:editposix for Debian Lenny
as described here:

http://wiki.samba.org/index.php/Ldapsam_Editposix

and had the impression that in order to add a Samba Unix client, it
would be best to continue here:

http://www.samba.org/samba/docs/man/Samba-Guide/unixclients.html

However, in the ldapsam:editposix tutorial, the Administrator is
mentioned instead of root (judging from what I've read so far, the
Administrator user is only used for real Windows client PCs).

My smb.conf is setup so that no NetBIOS stuff is used (no wins, only
port 445, netbios disabled).

Before running net sam provision, there were already user accounts
present in LDAP. Do I have to execute smbpasswd, even though I
intend to use MIT Kerberos (the value for the userPassword attribute in
LDAP looks like this
  
{KERBEROS}user@kerberos-realm

???
  
(This especially applies to the root user since this account doesn't
seem to be created during net sam provision).

By the way, the Kerberos database is also stored in LDAP.

What do I have to do so that the remaining users in LDAP also get the
Samba specific LDAP attributes added to their account info and can be
used for Kerberized Samba sessions (either from Windows or smbclient
setups from Unix)?

getent passwd, getent group, kinit all work as expected, i. e.
they return the accounts and groups stored in LDAP and I can obtain
Kerberos tickets. I can also use these tickets for passwordless SSH
logins and create files as that user, including changing group
membership to an auxiliary group using newgrp. So, Kerberos works.

In case you need any additional info (etc. smb.conf) I will surely
provide it, but I didn't want to make this mail too long.

Any help is greatly appreciated!

Thanks  kind regards,

   Holger
   

signature.asc
Description: Digital signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba