[Samba] GPFS Samba CTDB cluster how to
Hi List, I've created an extensive how to for setup of clustered Samba on GPFS using CTDB . Can anyone suggest an appropriate forum to share this information . Perhaps the Samba Wiki ?. Ian Clancy IS Department Valeo Vision Systems (VVS) This e-mail message is intended only for the use of the intended recipient(s). The information contained therein may be confidential or privileged, and its disclosure or reproduction is strictly prohibited. If you are not the intended recipient, please return it immediately to its sender at the above address and destroy it. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Share not accessible from Windows 7 after upgrade from 4.0.9 to 4.0.10
Hi Samba Users, I upgraded my version of Samba from 4.0.9 to 4.0.10 on my test system this morning using the Sernet RPM's for Centos 6 . I got the following error when trying to access shares on the server from Win 7. \\servername\gpfstest is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions. The process cannot access the file because it is being used by another process. I can still access the share from Win XP so i'm guessing this is and SMB2 issue. In the server logs is see the following error : [2013/10/09 10:30:30.593372, 1] ../source3/locking/share_mode_lock.c:137(parse_share_modes) ndr_pull_share_mode_lock failed: Bad Array Size [2013/10/09 10:30:30.593402, 0] ../source3/smbd/open.c:2238(open_file_ntcreate) Could not get share mode lock [2013/10/09 10:30:30.594086, 3] ../source3/smbd/vfs.c:1140(check_reduced_name) check_reduced_name [.] [/gpfstest] [2013/10/09 10:30:30.594130, 3] ../source3/smbd/vfs.c:1270(check_reduced_name) check_reduced_name: . reduced to /gpfstest [2013/10/09 10:30:30.594372, 3] ../source3/smbd/dosmode.c:160(unix_mode) unix_mode(.) returning 0770 [2013/10/09 10:30:30.594446, 1] ../librpc/ndr/ndr.c:412(ndr_pull_error) ndr_pull_error(1): non-zero array offset 10 My Samba install is running atop a GPFS Cluster and i'm using acl's so maybe these are contributing factors. I took a peek at the code but can't see anything obvious. Maybe it is related to the Bug fix for #10106 ? For now i have downgraded to 4.0.9 and all is well :) Rgds Ian Clancy IS Department Valeo Vision Systems (VVS) This e-mail message is intended only for the use of the intended recipient(s). The information contained therein may be confidential or privileged, and its disclosure or reproduction is strictly prohibited. If you are not the intended recipient, please return it immediately to its sender at the above address and destroy it. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Excel 'Document not saved' Error when using SMB2 Protocol
Hi Samba Users, I'm in the process of building a Samba4 CTDB /GPFS Cluster joined as a member server to AD that also supports ACL's . It has taken some time but almost everything is working now :) . My one outstanding issue is editing files using Excel 2007 on Windows 7 results in a 'Document not saved' error. I believe this is an issue with the SMB2 protocol as I can edit the same files with the same user and version of Excel on a Windows XP workstation. Using Wireshark i can see that communication between the Windows 7 client is using SMB2 . Excel is quite a strange beast, it creates temporary files etc.. As a test i have set the parameter client max protocol = NT1 in the smb.conf of my cluster members but the Win 7 clients continue to use the SMB2 protocol. Looking more closely at the communication between the Win 7 client and the Samba Servers when i attempt a file save in Excel i see that the Client issues a FILE_INFO/SMB2_FILE_RENAME_INFO request and the samba server returns a STATUS_ACCESS_DENIED response. I suspect disabling ACL's would resolve the issue but unfortunately these are necessary for the project . Ideally i would be able to use SMB2 but it is not a show stopper if i could force Win 7 clients to use SMB1. I'm currently using samba 4.0.9 / CTDB 2.4 on Centos 6.4 with GPFS 3.4.0-14. my smb.conf is pasted below. Thanks in advance for any comment of feedback. Ian Clancy IS Department Valeo Vision Systems (VVS) [global] workgroup = MYNET realm = MYNET.BALEO.COM netbios name = TESTCLUSTER security = ADS map to guest = Bad User client max protocol = NT1 unix extensions = No clustering = Yes winbind cache time = 900 winbind use default domain = Yes idmap config *:range = 1000-9 idmap config * : backend = tdb2 force unknown acl user = Yes ea support = Yes map archive = No map readonly = no mangled names = No store dos attributes = Yes [gpfstest] comment = GPFS File System path = /gpfstest read only = No create mask = 0770 force create mode = 0770 nt acl support = No vfs objects = shadow_copy2, gpfs, fileid fileid:algorithm = fsname shadow:fixinodes = yes shadow:basedir = /gpfstest shadow:snapdir = /gpfstest/.snapshots nfs4:acedup = merge nfs4:chown = yes nfs4:mode = special gpfs:winattr = yes gpfs:sharemodes = yes This e-mail message is intended only for the use of the intended recipient(s). The information contained therein may be confidential or privileged, and its disclosure or reproduction is strictly prohibited. If you are not the intended recipient, please return it immediately to its sender at the above address and destroy it. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Excel 'Document not saved' Error when using SMB2 Protocol
Dan, Thanks very much !. Your suggestion worked a treat. For everyone else's benefit . You need to set the cifsBypassShareLocksOnRename flag on your GPFS Cluster. You can do this by running the following command against the GPFS Cluster. mmchconfig cifsBypassShareLocksOnRename=yes -i Rgds Ian Clancy IS Department Valeo Vision Systems (VVS) On 8 October 2013 16:36, Dan Cohen1 dan...@il.ibm.com wrote: Hi Ian, You should verify that the following GPFS configuration flag is set to 'yes': cifsBypassShareLocksOnRename This flag is not very well documented, but you can get some more details here: *http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004008*http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004008. Cheers, Dan Cohen IBM - XIV, Israel NAS Development Team From:Ian CLANCY ian.cla...@valeo.com To:samba@lists.samba.org, Date:08/10/2013 17:37 Subject:[Samba] Excel 'Document not saved' Error when using SMB2 Protocol Sent by:samba-boun...@lists.samba.org -- Hi Samba Users, I'm in the process of building a Samba4 CTDB /GPFS Cluster joined as a member server to AD that also supports ACL's . It has taken some time but almost everything is working now :) . My one outstanding issue is editing files using Excel 2007 on Windows 7 results in a 'Document not saved' error. I believe this is an issue with the SMB2 protocol as I can edit the same files with the same user and version of Excel on a Windows XP workstation. Using Wireshark i can see that communication between the Windows 7 client is using SMB2 . Excel is quite a strange beast, it creates temporary files etc.. As a test i have set the parameter client max protocol = NT1 in the smb.conf of my cluster members but the Win 7 clients continue to use the SMB2 protocol. Looking more closely at the communication between the Win 7 client and the Samba Servers when i attempt a file save in Excel i see that the Client issues a FILE_INFO/SMB2_FILE_RENAME_INFO request and the samba server returns a STATUS_ACCESS_DENIED response. I suspect disabling ACL's would resolve the issue but unfortunately these are necessary for the project . Ideally i would be able to use SMB2 but it is not a show stopper if i could force Win 7 clients to use SMB1. I'm currently using samba 4.0.9 / CTDB 2.4 on Centos 6.4 with GPFS 3.4.0-14. my smb.conf is pasted below. Thanks in advance for any comment of feedback. Ian Clancy IS Department Valeo Vision Systems (VVS) [global] workgroup = MYNET realm = MYNET.BALEO.COM netbios name = TESTCLUSTER security = ADS map to guest = Bad User client max protocol = NT1 unix extensions = No clustering = Yes winbind cache time = 900 winbind use default domain = Yes idmap config *:range = 1000-9 idmap config * : backend = tdb2 force unknown acl user = Yes ea support = Yes map archive = No map readonly = no mangled names = No store dos attributes = Yes [gpfstest] comment = GPFS File System path = /gpfstest read only = No create mask = 0770 force create mode = 0770 nt acl support = No vfs objects = shadow_copy2, gpfs, fileid fileid:algorithm = fsname shadow:fixinodes = yes shadow:basedir = /gpfstest shadow:snapdir = /gpfstest/.snapshots nfs4:acedup = merge nfs4:chown = yes nfs4:mode = special gpfs:winattr = yes gpfs:sharemodes = yes This e-mail message is intended only for the use of the intended recipient(s). The information contained therein may be confidential or privileged, and its disclosure or reproduction is strictly prohibited. If you are not the intended recipient, please return it immediately to its sender at the above address and destroy it. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba This e-mail message is intended only for the use of the intended recipient(s). The information contained therein may be confidential or privileged, and its disclosure or reproduction is strictly prohibited. If you are not the intended recipient, please return it immediately to its sender at the above address and destroy it. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] 3.0.25b problem joining 3.0.23d domain..
Marcin, Did you have any luck resolving this issue ?. I am having the same problem. I ran ethereal on my domain controller and the join appeared to fail at RPC_NETLOGON NetrServerAuthenticate2 where the domain controller returned a STATUS_ACCESS_DENIED response. Regards -- Ian Clancy IT Co-ordinator Marcin Giedz wrote: Hi, My PDC is running on 3.0.23d. I have more than 50+ users (Win XP , Linux) connected to it. Today I've downloaded 3.0.25b and wanted to add to domain new server. For a while I was wondering if 3.0.25b can join to elder 3.0.23d but gave it goal. This message I got during joining: /opt/samba-3.0.25b/bin/net rpc join -U user1%pass1 Starting service: samba [2007/07/20 13:02:35, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(304) error setting trust account password: NT code 0x1c010002 Unable to join domain PDC. My smb.conf for this new test server is as follows: [global] netbios name = test workgroup = PDC server string = TEST Samba Server security = domain hosts allow = 192.168.89. 127. 10.9. load printers = no log file = /opt/samba-3.0.25b/var/log.%m max log size = 1 log level = 5 interfaces = 192.168.89.0/24 wins server = 192.168.89.3 Has it changed something related to joining process since 3.0.23d? Should I keep 3.0.23d on all servers including a new one or should I upgrade my PDC to 3.0.25b - if this is the case - should I expect any problems with changing PDC. As a backend for PDC I use LDAPv3 - 2.3.35. Best regards, Marcin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba ACLs?
Hi, This is actually quite a complex topic. Basically ... * Linux (and other *nix) generally support Posix ACL's . These are similar to but not exactly the same as Window ACL's. I use the ext3 filesystem on Linux and this supports ACL's. * Get familiar with posix ACL's . Play around with getfacl and setfacl on your unix box. Here is a good article on ACL's on Linux http://www.vanemery.com/Linux/ACL/linux-acl.html . * Samba attempts to map Posix ACL's to Windows ACL's . This would explain the difference in permissions you are seeing when creating a file locally or remotely via windows. You'll find the specific documentation on the on the samba website. There are a number of paremeters in the smb.conf which control this specific behaviour . Hope that helps. -- Ian Clancy IT Co-ordinator Connaught Electronics Ltd. Dunmore Rd, Tuam, Co. Galway, Ireland. P : ++353 93 23151 F : ++353 93 23110 E : mailto:[EMAIL PROTECTED] W : http://www.cel-europe.com Chuck Kollars wrote: How exactly do Samba 3.x and ACLs interrelate? With the mount parameter I've turned on ACLs on the whole filesystem that Samba has various pointers into (including all the home directories and the netlogon). I started out naively assuming that the *nix uidNumber/gidNumber Samba mapped the end user to would behave exactly the same whether they were a Samba user or were logged on locally. But my experience is a file created through Samba and a file created locally by `touch` do _not_ necessarily have the exact same permissions/ACLs. Most likely there's some pattern to what permissions/ACLs are actually created by Samba; but I haven't succeeded in figuring it out. What's the recipe for figuring out exactly what permissions/ACLs a file created through Samba will actually be given? thanks! __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: Fw: [Samba] computer outside domain can access resource to inside
Syamsu, If you read the Handling of Foreign SIDs in Chapter 23 of the how to http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html#id2622804 this will explain why you need winbind. If you have winbind running then yes, your theory is correct (with the exception that more recent versions of samba allow you to delegate the addition of users to the domain to other users). Hope this helps. -- Ian Clancy IT Co-ordinator Connaught Electronics Ltd. Dunmore Rd, Tuam, Co. Galway, Ireland. P : ++353 93 23151 F : ++353 93 23110 E : mailto:[EMAIL PROTECTED] W : http://www.cel-europe.com syamsu alam wrote: Thank's for you Guys, Wolfgang and Ian, I think I will try to read about Winbind and implement it in my PDC. But, what do you think about my theory. Is it right ? Users cannot access resources in the network if they don't join to Domain. And, only administrator with root user+password can make users joined to Domain Thanks SA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] computer outside domain can access resource to inside
Syamsu, You need to have winbind running on your PDC and also on any of your domain member servers. Otherwise, anyone with a username on their private PC that already exists on the Domain will be able to access resources as this user. -- Ian Clancy IT Co-ordinator Connaught Electronics Ltd. Dunmore Rd, Tuam, Co. Galway, Ireland. P : ++353 93 23151 F : ++353 93 23110 E : mailto:[EMAIL PROTECTED] W : http://www.cel-europe.com [EMAIL PROTECTED] wrote: Dear, I have PDC Server running under Redhat 9 and use samba 2.2.7. It has running until now. That I know, users cannot access resources in the network if they don't join to Domain. And, only administrator with root user+password can make users joined to Domain. But, I have one problem. There is one user, bring the private notebook. He create ip address (same with his office-computer), local account and password (same with his account in PDC) in his notebook.Then he un-plug LAN cable from his office-computer and plug-in to his private-notebook. And he can access share-file in other computer. What's wrong ? Please help me. Thanks, SA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ACLs and EXT3
Hi Daniel, You need to read up on Default ACLs. This article should cover what you need to know. http://www.vanemery.com/Linux/ACL/linux-acl.html regards, Ian Daniel Haas wrote: Hi List, I am working with ACLs and the EXT3 Filesystem and I have the same problem how already discussed in several NGs. If I move a file from one directory into another, the file do not change the persmissons. So the users who should be authorize to access the file, do not have these permissons. This is a great problem in my data structure because we have to exchange a lot of files. I know that this is the way the filesystems works. But I think there are more people who wants to work in the discribed way. So is there a filesystem which have another way to handle the scrolling of files and directories? Is there really no chance to inherit the permissions from the parent-directory? Or do anybody know a workaround to mange my problem? How do other administrators handle this? for info: I am working with Samba 3.0.13 under SuSE 9.3 The service of the smb.conf for tests: [data] comment = Daten path = /data writeable = yes create mask = 0770 directory mask = 0770 valid users = @samba Test with inherit permissions and inherit ACL was not successful. Thanks for your help Daniel __ Verschicken Sie romantische, coole und witzige Bilder per SMS! Jetzt bei WEB.DE FreeMail: http://f.web.de/?mc=021193 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] wbinfo -t not working on BDC
All, An update on the following problem below. I've updated to 3.0.20 today and the problem remains. I think my problem lies with the NetrServerAuthenticate2 call that the BDC makes to the PDC. The bdc seems to be attempting to authenticate to the pdc using the account mydomainname$ instead of mybdcname? . The account domainname$ does not exist of course. Another thing i noticed is that it takes two attempts to join the domain. The first attempt returns Creation of workstation account failed . At the second attempt Joined domain DOMAINNAME. is returned. Does anybody know where i can find more info about the NetrServerAuthenticate2 protocol ?. regards, Ian Ian Clancy wrote: Hi, I just can't seem to get winbind to work on my BDC. I'm using FC3 and samba 3.0.20rc2. My PDC is RHEL4 running Samba 3.0.14a. / Openldap. I can join the BDC to the domain successfully using net rpc join... , but when i enter wbinfo -t to check the trust relationship i get checking the trust secret via RPC calls failed error code was (0x0) Could not check secret I placed a packet sniffer on the PDC to see what was happening and captured the folloing RPM_NETLOGON communication between the BDC and the PDC (see attached ethereal dump file). It appears to fail when the BDC looks for an account of the same name as the my domain - CEL. The question is , Do i need to create a trust account for my own domain ?. thanks for reading :) Ian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Access to shares from a machine with no trust account
Hi Michael, It sound like you are not using winbind. See the Handling of Foreign SIDs section of Chapter 23 in the how to for more info. http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html#id2632948 regards -- Ian Clancy IT Systems Engineer Connaught Electronics Ltd. Dunmore Rd, Tuam, Co. Galway, Ireland. P : ++353 93 23151 F : ++353 93 23110 E : mailto:[EMAIL PROTECTED] W : http://www.cel-europe.com Michael Free wrote: Hi folks I don't understand why it is possible to access a share on the samba server from a pc that hasn't a Trust Account on the samba server. All i do is to log in on the pc with a local login account (not in the domain). Then i can access the shares in the following way on the server: \\server\MyShare pc asks for username/password -- i login with a valid combination -- i get access to shares security level is set to user (not to shares!) Can anybody explain what's going on here? Thanks. Michael -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Binding to Tun0 device
Lonnie wrote: Hello all, We have a few aliased Ethernet addresses on our server and if I do not use the Bind statement in the Global section then the NMBD seems to try to bind to all of the addresses. We are actually using OpenVPN which make the connections just fine on a 172.16.x.x subnet to tun0 device. The problem is that Samba does not seem to find the tun0 device and reports that there are no network cards available if I use the: Bind Interfaces Only = True Interfaces tun0 172.16.0.1 How can I just bind Samba to the tun0 device? Also, with my home machine on the 192.168.x.x subnet and can see another Samba server just fine in the WORKGROUP but I cannot see the workgroup on the 172.16.x.x subnet through the VPN connection. Any ideas on how to be able to see the other workgroup as well? Lonnie, The cleanest way to do this is to set up a single WINS server for all your subnets and domains. also, check out the remote announce parameter in smb.conf . Maybe a search on the openvpn list will help you with the other problem. regards, Ian -- Ian Clancy IT Systems Engineer Connaught Electronics Ltd. Dunmore Rd, Tuam, Co. Galway, Ireland. P : ++353 93 23151 F : ++353 93 23110 E : mailto:[EMAIL PROTECTED] W : http://www.cel-europe.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Question on BDC secrets.tdb file
Hi, I am having problems getting winbind on a BDC to work in a Samba3 /LDAP Enviornment and have one straightforward question. Should the secrets.tdb file on the BDC contain an entry with the name of the BDC , e.g. where BACKUP is the name of the BDC ?. { key = SECRETS/SID/BACKUP data = \01\04\00\00\00\00\00\05\15\00\00\00\CE/\8B\B05\AF\A5\D4h\C0\DB\04\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00 } All my other domain member servers contain an entry similar to this, but not the BDC. This is why i think winbind is failing. Thanks, -- Ian Clancy IT Systems Engineer Connaught Electronics Ltd. Dunmore Rd, Tuam, Co. Galway, Ireland. P : ++353 93 23151 F : ++353 93 23110 E : mailto:[EMAIL PROTECTED] W : http://www.cel-europe.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] wbinfo -t not working on BDC (Attempt to bind using schannel without successful serverauth2)
Hi, Further to this. I'm recieving the following error in the log's of the BDC: Attempt to bind using schannel without successful serverauth2 regards, Ian Ian Clancy wrote: Hi, I just can't seem to get winbind to work on my BDC. I'm using FC3 and samba 3.0.20rc2. My PDC is RHEL4 running Samba 3.0.14a. / Openldap. I can join the BDC to the domain successfully using net rpc join... , but when i enter wbinfo -t to check the trust relationship i get checking the trust secret via RPC calls failed error code was (0x0) Could not check secret I placed a packet sniffer on the PDC to see what was happening and captured the folloing RPM_NETLOGON communication between the BDC and the PDC (see attached ethereal dump file). It appears to fail when the BDC looks for an account of the same name as the my domain - CEL. The question is , Do i need to create a trust account for my own domain ?. thanks for reading :) Ian -- Ian Clancy IT Systems Engineer Connaught Electronics Ltd. Dunmore Rd, Tuam, Co. Galway, Ireland. P : ++353 93 23151 F : ++353 93 23110 E : mailto:[EMAIL PROTECTED] W : http://www.cel-europe.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RPM SPEC rebuild errors
Lonnie, Had a similar problem to you. This should help http://www.rpm.org/hintskinks/unpackaged-files/ -- Ian Clancy IT Systems Engineer Connaught Electronics Ltd. Dunmore Rd, Tuam, Co. Galway, Ireland. P : ++353 93 23151 F : ++353 93 23110 E : mailto:[EMAIL PROTECTED] W : http://www.cel-europe.com Lonnie wrote: Hello All, I have been trying all afternoon to rebuild the Samba RPM for my Fedora 3 with the MySQL passdb support and from what I can see it only needs the inclusion of --with-expsam=mysql in the SPEC file in addition to the regular ones. The problem is that no matter what version of Samba I try to rebuild, it always gice an error at the same place: --- Processing files: samba-client-3.0.10-1.fc3 Requires(rpmlib): rpmlib(CompressedFileNames) = 3.0.4-1 rpmlib(PayloadFilesHavePrefix) = 4.0-1 Requires: /bin/sh /usr/bin/perl libc.so.6 libc.so.6(GLIBC_2.0) libc.so.6(GLIBC_2.1) libc.so.6(GLIBC_2.1.3) libc.so.6(GLIBC_2.2) libc.so.6(GLIBC_2.2.3) libc.so.6(GLIBC_2.3) libcom_err.so.2 libcrypt.so.1 libdl.so.2 libdl.so.2(GLIBC_2.0) libdl.so.2(GLIBC_2.1) libgssapi_krb5.so.2 libk5crypto.so.3 libkrb5.so.3 liblber-2.2.so.7 libldap-2.2.so.7 libncurses.so.5 libnsl.so.1 libnsl.so.1(GLIBC_2.0) libpopt.so.0 libreadline.so.4 libresolv.so.2 samba-common = 0:3.0.10 Obsoletes: smbfs Processing files: samba-common-3.0.10-1.fc3 Provides: CP437.so CP850.so config(samba-common) = 0:3.0.10-1.fc3 libnss_winbind.so libnss_wins.so libsmbclient.so.0 pam_winbind.so Requires(interp): /bin/sh /bin/sh /bin/sh Requires(rpmlib): rpmlib(CompressedFileNames) = 3.0.4-1 rpmlib(PayloadFilesHavePrefix) = 4.0-1 Requires(post): /bin/sh Requires(preun): /bin/sh Requires(postun): /bin/sh Requires: /bin/sh config(samba-common) = 0:3.0.10-1.fc3 libc.so.6 libc.so.6(GLIBC_2.0) libc.so.6(GLIBC_2.1) libc.so.6(GLIBC_2.1.3) libc.so.6(GLIBC_2.2) libc.so.6(GLIBC_2.2.3) libc.so.6(GLIBC_2.3) libcom_err.so.2 libcrypt.so.1 libcrypto.so.4 libcups.so.2 libdl.so.2 libdl.so.2(GLIBC_2.0) libdl.so.2(GLIBC_2.1) libgssapi_krb5.so.2 libk5crypto.so.3 libkrb5.so.3 liblber-2.2.so.7 libldap-2.2.so.7 libnsl.so.1 libnsl.so.1(GLIBC_2.0) libpam.so.0 libpopt.so.0 libresolv.so.2 libssl.so.4 Processing files: samba-swat-3.0.10-1.fc3 Provides: config(samba-swat) = 0:3.0.10-1.fc3 Requires(rpmlib): rpmlib(CompressedFileNames) = 3.0.4-1 rpmlib(PayloadFilesHavePrefix) = 4.0-1 Requires: config(samba-swat) = 0:3.0.10-1.fc3 libc.so.6 libc.so.6(GLIBC_2.0) libc.so.6(GLIBC_2.1) libc.so.6(GLIBC_2.1.3) libc.so.6(GLIBC_2.2) libc.so.6(GLIBC_2.2.3) libc.so.6(GLIBC_2.3) libcom_err.so.2 libcrypt.so.1 libcrypto.so.4 libcups.so.2 libdl.so.2 libdl.so.2(GLIBC_2.0) libdl.so.2(GLIBC_2.1) libgssapi_krb5.so.2 libk5crypto.so.3 libkrb5.so.3 liblber-2.2.so.7 libldap-2.2.so.7 libnsl.so.1 libnsl.so.1(GLIBC_2.0) libpam.so.0 libpopt.so.0 libresolv.so.2 libssl.so.4 samba = 0:3.0.10 xinetd Processing files: samba-debuginfo-3.0.10-1.fc3 Provides: CP437.so.debug CP850.so.debug audit.so.debug cap.so.debug default_quota.so.debug expand_msdfs.so.debug extd_audit.so.debug fake_perms.so.debug full_audit.so.debug libnss_winbind.so.2.debug libnss_wins.so.2.debug libsmbclient.so.debug mysql.so.debug net.debug netatalk.so.debug nmbd.debug nmblookup.debug ntlm_auth.debug pam_smbpass.so.debug pam_winbind.so.debug pdbedit.debug profiles.debug readonly.so.debug recycle.so.debug rpcclient.debug shadow_copy.so.debug smbcacls.debug smbclient.debug smbcontrol.debug smbcquotas.debug smbd.debug smbmnt.debug smbmount.debug smbpasswd.debug smbspool.debug smbstatus.debug smbtree.debug smbumount.debug swat.debug tdbbackup.debug tdbdump.debug tdbtool.debug testparm.debug testprns.debug wbinfo.debug winbindd.debug Requires(rpmlib): rpmlib(CompressedFileNames) = 3.0.4-1 rpmlib(PayloadFilesHavePrefix) = 4.0-1 Checking for unpackaged file(s): /usr/lib/rpm/check-files /var/tmp/samba-3.0.10-root error: Installed (but unpackaged) file(s) found: /usr/lib/samba/pdb/mysql.so RPM build errors: Installed (but unpackaged) file(s) found: /usr/lib/samba/pdb/mysql.so This /usr/lib/samba/pdb/mysql.so does not exist and if I understnd this error then it is saying that it keeps finding it. Can someone please tell me what is happening here? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbldap-tools unresovled problem.
Hi, Correct me if i am wrong, but i think an account (user or computer) does not have to be listed as a member of a group if it's gid is that group. I had the same problem joining PC's to the domain as yourself and wrote a patch to fix this in smbldap-useradd (attached). I appears to be working fine. regards, Ian Markus Markert wrote: i found the problem in the smbldap-tools. the problem in my case is, that if i add a workstation with smbldap-useradd -w test, that the computer is added in computers, but the id of this computer is not set in the group Domain Computers in the field memberUid. hope this is the global failure of the scripts. can somebody confirm this? Am Freitag, 12. August 2005 14:46 schrieb Markus Markert: hi, have the same problem with the smbldap-tools v0.9.0 , but on suse 9.3. if i say: ./smbldap-useradd -w -a xxx it only adds the posix stuff, not the samba things. i have read, that computers should not be in the computers dn in ldap. it should be in the users dn. is that right? http://marc.theaimsgroup.com/?l=sambam=108439612826440w=2 can somebody send the filechanges from smb.conf, nss???... greetings markus Am Freitag, 12. August 2005 12:17 schrieb Chris Ong: Geert Stappers wrote: Recently changed the LDAP master account passwd in phpldapadmin? Did you also update it the samba side? ( smbpasswd -w ) Nope. The LDAP master account passwd has never been changed since the implementation. -- Regards, C. K. Ong (Chris) Linux System Engineer, RHCT Cert No: 603004347692007 http://www.redhat.com/rhce/rhce603004347692007.html My Directory Sdn. Bhd. Your Open Source Partner. http://www.md.com.my http://www.net.my 2005 --- After watching Gentoo in Antartica, I decided to go home with RedHat on my head. --- * **POWERED BY BYNARI INSIGHT SERVER* * * The Enterprise Email Server That Rocks! * * -- Ian Clancy IT Systems Engineer Connaught Electronics Ltd. Dunmore Rd, Tuam, Co. Galway, Ireland. P : ++353 93 23151 F : ++353 93 23110 E : mailto:[EMAIL PROTECTED] W : http://www.cel-europe.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] wbinfo -t not working on BDC
Hi, I just can't seem to get winbind to work on my BDC. I'm using FC3 and samba 3.0.20rc2. My PDC is RHEL4 running Samba 3.0.14a. / Openldap. I can join the BDC to the domain successfully using net rpc join... , but when i enter wbinfo -t to check the trust relationship i get checking the trust secret via RPC calls failed error code was (0x0) Could not check secret I placed a packet sniffer on the PDC to see what was happening and captured the folloing RPM_NETLOGON communication between the BDC and the PDC (see attached ethereal dump file). It appears to fail when the BDC looks for an account of the same name as the my domain - CEL. The question is , Do i need to create a trust account for my own domain ?. thanks for reading :) Ian -- Ian Clancy IT Systems Engineer Connaught Electronics Ltd. Dunmore Rd, Tuam, Co. Galway, Ireland. P : ++353 93 23151 F : ++353 93 23110 E : mailto:[EMAIL PROTECTED] W : http://www.cel-europe.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] wbinfo -t not working on BDC
Ian Clancy wrote: Hi, I just can't seem to get winbind to work on my BDC. I'm using FC3 and samba 3.0.20rc2. My PDC is RHEL4 running Samba 3.0.14a. / Openldap. I can join the BDC to the domain successfully using net rpc join... , but when i enter wbinfo -t to check the trust relationship i get checking the trust secret via RPC calls failed error code was (0x0) Could not check secret I placed a packet sniffer on the PDC to see what was happening and captured the folloing RPM_NETLOGON communication between the BDC and the PDC (see attached ethereal dump file). It appears to fail when the BDC looks for an account of the same name as the my domain - CEL. The question is , Do i need to create a trust account for my own domain ?. thanks for reading :) Ian Forgot to attach the file. BTW, this is the log entry from my PDC. [2005/08/12 18:18:48, 5] rpc_parse/parse_prs.c:prs_debug(82) get_md4pw: Workstation CEL$: no account in domain [2005/08/12 18:18:48, 0] rpc_server/srv_netlog_nt.c:get_md4pw(244) 005c neg_flags: 400701ff -- Ian Clancy IT Systems Engineer Connaught Electronics Ltd. Dunmore Rd, Tuam, Co. Galway, Ireland. P : ++353 93 23151 F : ++353 93 23110 E : mailto:[EMAIL PROTECTED] W : http://www.cel-europe.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba-3.0.20pre2 rpms very BIG
Hi, I just downloaded the fedora samba-3.0.20pre2 source rpm. I built the binary RPM's using the rpmbuild -bb samba-spec command. I hav'nt installed the new rpm's yet but noticed they are much bigger than previous rpms. see below: -rw-r--r-- 1 root root 23M Jun 14 20:12 samba-3.0.14a-4.i386.rpm -rw-r--r-- 1 root root 25M Jun 30 19:04 samba-3.0.20pre1-1.i386.rpm -rw-r--r-- 1 root root 79M Jul 13 21:35 samba-3.0.20pre2-1.i386.rpm -rw-r--r-- 1 root root 3.7M Jun 14 20:12 samba-client-3.0.14a-4.i386.rpm -rw-r--r-- 1 root root 3.9M Jun 30 19:04 samba-client-3.0.20pre1-1.i386.rpm -rw-r--r-- 1 root root 98M Jul 13 21:39 samba-client-3.0.20pre2-1.i386.rpm -rw-r--r-- 1 root root 26M Jun 14 20:13 samba-common-3.0.14a-4.i386.rpm -rw-r--r-- 1 root root 29M Jun 30 19:05 samba-common-3.0.20pre1-1.i386.rpm -rw-r--r-- 1 root root 103M Jul 13 21:42 samba-common-3.0.20pre2-1.i386.rpm -rw-r--r-- 1 root root 6.7M Jun 14 20:13 samba-swat-3.0.14a-4.i386.rpm -rw-r--r-- 1 root root 3.4M Jun 30 19:05 samba-swat-3.0.20pre1-1.i386.rpm -rw-r--r-- 1 root root 19M Jul 13 21:43 samba-swat-3.0.20pre2-1.i386.rpm -- Ian Clancy IT Systems Engineer Connaught Electronics Ltd. Dunmore Rd, Tuam, Co. Galway, Ireland. P : ++353 93 23151 F : ++353 93 23110 E : mailto:[EMAIL PROTECTED] W : http://www.cel-europe.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind creating duplicate users
Hi again, In responce to queries for more info here is the smb.conf (- shares) of my pdc : workgroup = ted netbios name = tedDC server string = SAMBA-LDAP %v PDC Server domain logons = Yes domain master = Yes preferred master = Yes local master = Yes interfaces = lo, eth0 bind interfaces only = Yes logon script = scripts\tedmap.bat logon home = logon path = wins support = Yes name resolve order = lmhosts host wins bcast remote announce = 192.168.2.2 log level = 1 auth:1 winbind:5 passdb:2 printing = cups printcap name = CUPS printer admin = Administrator show add printer wizard = Yes passdb backend = ldapsam:ldap://127.0.0.1; ldap passwd sync = Yes ldap idmap suffix = ou=Idmap ldap admin dn = cn=Manager,dc=ted,dc=org ldap suffix = dc=ted,dc=org ldap group suffix = ou=Groups ldap user suffix = ou=People ldap machine suffix = ou=Computers idmap backend = ldap:ldap://127.0.0.1 idmap uid = 1-15000 idmap gid = 1-15000 winbind separator = + winbind use default domain = Yes add machine script = /usr/sbin/smbldap-useradd -w %u add user script = /usr/sbin/smbldap-useradd -m %u ldap delete dn = Yes delete user script = /usr/sbin/smbldap-userdel %u add machine script = /usr/sbin/smbldap-useradd -w %u add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u Dos charset = 850 Unix charset = ISO8859-1 here is the smb.conf of a typical domain member server : workgroup = TED netbios name = TEDFS02 server string = Samba %v on Fedora Core 2 security = DOMAIN encrypt passwords = Yes password server = * interfaces = lo, eth0 bind interfaces only = Yes unix extensions = Yes username map = /etc/samba/smbusers wins server = 192.0.2.14 winbind separator = + winbind use default domain = Yes idmap backend = ldap:ldap://teddc.ted idmap uid = 1-15000 idmap gid = 1-15000 ldap admin dn = cn=Manager,dc=ted,dc=org ldap suffix = dc=ted,dc=org ldap machine suffix = ou=Computers ldap user suffix = ou=People ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap log file = /var/log/samba/log.%m log level = 1 max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 Ian Clancy wrote: Hi everybody, I'm having a problem with winbind creating 2 entries for some of my users that really wrecking my head ;-/ . My situation is as follows : I have a typical Samba (3.0.14a)/LDAP setup. I have a trusted domain (another Samba/LDAP setup) and use winbind to map the users from the foreign domain, with the UID to SID mappings stored in LDAP . This works very well. The relevant part of my nsswitch.conf file is as follows : passwd: files ldap winbind shadow: files ldap winbind group: files ldap winbind When i 'getent passwd' on a domain member server the following are listed: 1.) local user accounts 2.) accounts resolved via LDAP (UID 5'000+) 3.) winbind resolved accounts from the foreign domain (i.e. FDOMAIN+user) UID = 10'000 + This was all working fine for a while. However, recently i noticed that winbind began storing additional UID to SID mappings for members of the local domain in LDAP. So when i ran e.g. 'getent passwd | grep brightstop' i would get 2 entries for the 1 user account, 1 resolved from LDAP, the other from winbind brightstor:x:5586:513:System User:/home/brightstor:/bin/false brightstor:x:10168:513:Brightstor:/home/CEL/brightstor:/bin/false This occurs for some accounts but not others: pdbedit on this account returns : [EMAIL PROTECTED] etc]# pdbedit -Lv brightstor init_sam_from_ldap: Entry found for user: brightstor Unix username:brightstor NT username: brightstor Account Flags:[UX ] User SID: S-1-5-21-193554404-1789558652-91453608-12172 Primary Group SID:S-1-5-21-193554404-1789558652-91453608-513 Full Name:Brightstor Home Directory: HomeDir Drive: Logon Script: scripts\tedmap.bat Profile Path: Domain: TED Account desc: System User Workstations: Munged dial: Logon time: 0 Logoff time: Tue, 19 Jan 2038 03:14:07 GMT Kickoff time: Tue, 19 Jan 2038 03:14:07 GMT Password last set:Tue, 28 Jun 2005 10:53:57 GMT Password can change: Tue, 28 Jun 2005 10:53:57 GMT Password must change: Tue, 19 Jan 2038 03:14:07 GMT Last bad password : 0 Bad password count : 0 Logon hours : FF Even when i stop winbind, delete winbindd_cache.tdb and winbindd_idmap.tdb and delete the bad entries from the LDAP Directory the problem returns ?. Can anone make sence of this behaviour ?. Thanks -- Ian Clancy IT Systems
Re: [Samba] winbind creating duplicate users
Hi, I've been working on this for the last couple of hours and think i have found the root of the problem. Users that do not have a problem with have an SID such as the following : S-1-5-21-193554404-1789558652-91453608-1264 However, any users that i have created recently have an SID similar to the following : S-1-5-21-193554404-1789558652-91453608-12188 As you may have noticed the value of the last user part of the SID seems to have jumped considerably , another digit has been added. This seems to be messing up winbind somehow and winbind is allocating the SID a UID from the idmap pool. Can anyone explain how the SID is generated ?. Is there some kind of Algorithm ? thanks, Ian Ian Clancy wrote: Hi again, In responce to queries for more info here is the smb.conf (- shares) of my pdc : workgroup = ted netbios name = tedDC server string = SAMBA-LDAP %v PDC Server domain logons = Yes domain master = Yes preferred master = Yes local master = Yes interfaces = lo, eth0 bind interfaces only = Yes logon script = scripts\tedmap.bat logon home = logon path = wins support = Yes name resolve order = lmhosts host wins bcast remote announce = 192.168.2.2 log level = 1 auth:1 winbind:5 passdb:2 printing = cups printcap name = CUPS printer admin = Administrator show add printer wizard = Yes passdb backend = ldapsam:ldap://127.0.0.1; ldap passwd sync = Yes ldap idmap suffix = ou=Idmap ldap admin dn = cn=Manager,dc=ted,dc=org ldap suffix = dc=ted,dc=org ldap group suffix = ou=Groups ldap user suffix = ou=People ldap machine suffix = ou=Computers idmap backend = ldap:ldap://127.0.0.1 idmap uid = 1-15000 idmap gid = 1-15000 winbind separator = + winbind use default domain = Yes add machine script = /usr/sbin/smbldap-useradd -w %u add user script = /usr/sbin/smbldap-useradd -m %u ldap delete dn = Yes delete user script = /usr/sbin/smbldap-userdel %u add machine script = /usr/sbin/smbldap-useradd -w %u add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u Dos charset = 850 Unix charset = ISO8859-1 here is the smb.conf of a typical domain member server : workgroup = TED netbios name = TEDFS02 server string = Samba %v on Fedora Core 2 security = DOMAIN encrypt passwords = Yes password server = * interfaces = lo, eth0 bind interfaces only = Yes unix extensions = Yes username map = /etc/samba/smbusers wins server = 192.0.2.14 winbind separator = + winbind use default domain = Yes idmap backend = ldap:ldap://teddc.ted idmap uid = 1-15000 idmap gid = 1-15000 ldap admin dn = cn=Manager,dc=ted,dc=org ldap suffix = dc=ted,dc=org ldap machine suffix = ou=Computers ldap user suffix = ou=People ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap log file = /var/log/samba/log.%m log level = 1 max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 Ian Clancy wrote: Hi everybody, I'm having a problem with winbind creating 2 entries for some of my users that really wrecking my head ;-/ . My situation is as follows : I have a typical Samba (3.0.14a)/LDAP setup. I have a trusted domain (another Samba/LDAP setup) and use winbind to map the users from the foreign domain, with the UID to SID mappings stored in LDAP . This works very well. The relevant part of my nsswitch.conf file is as follows : passwd: files ldap winbind shadow: files ldap winbind group: files ldap winbind When i 'getent passwd' on a domain member server the following are listed: 1.) local user accounts 2.) accounts resolved via LDAP (UID 5'000+) 3.) winbind resolved accounts from the foreign domain (i.e. FDOMAIN+user) UID = 10'000 + This was all working fine for a while. However, recently i noticed that winbind began storing additional UID to SID mappings for members of the local domain in LDAP. So when i ran e.g. 'getent passwd | grep brightstop' i would get 2 entries for the 1 user account, 1 resolved from LDAP, the other from winbind brightstor:x:5586:513:System User:/home/brightstor:/bin/false brightstor:x:10168:513:Brightstor:/home/CEL/brightstor:/bin/false This occurs for some accounts but not others: pdbedit on this account returns : [EMAIL PROTECTED] etc]# pdbedit -Lv brightstor init_sam_from_ldap: Entry found for user: brightstor Unix username:brightstor NT username: brightstor Account Flags:[UX ] User SID: S-1-5-21-193554404-1789558652-91453608-12172 Primary Group SID:S-1-5-21-193554404-1789558652-91453608-513 Full Name:Brightstor Home Directory: HomeDir Drive: Logon Script: scripts\tedmap.bat Profile
[Samba] winbind creating duplicate users
Hi everybody, I'm having a problem with winbind creating 2 entries for some of my users that really wrecking my head ;-/ . My situation is as follows : I have a typical Samba (3.0.14a)/LDAP setup. I have a trusted domain (another Samba/LDAP setup) and use winbind to map the users from the foreign domain, with the UID to SID mappings stored in LDAP . This works very well. The relevant part of my nsswitch.conf file is as follows : passwd: files ldap winbind shadow: files ldap winbind group: files ldap winbind When i 'getent passwd' on a domain member server the following are listed: 1.) local user accounts 2.) accounts resolved via LDAP (UID 5'000+) 3.) winbind resolved accounts from the foreign domain (i.e. FDOMAIN+user) UID = 10'000 + This was all working fine for a while. However, recently i noticed that winbind began storing additional UID to SID mappings for members of the local domain in LDAP. So when i ran e.g. 'getent passwd | grep brightstop' i would get 2 entries for the 1 user account, 1 resolved from LDAP, the other from winbind brightstor:x:5586:513:System User:/home/brightstor:/bin/false brightstor:x:10168:513:Brightstor:/home/CEL/brightstor:/bin/false This occurs for some accounts but not others: pdbedit on this account returns : [EMAIL PROTECTED] etc]# pdbedit -Lv brightstor init_sam_from_ldap: Entry found for user: brightstor Unix username:brightstor NT username: brightstor Account Flags:[UX ] User SID: S-1-5-21-193554404-1789558652-91453608-12172 Primary Group SID:S-1-5-21-193554404-1789558652-91453608-513 Full Name:Brightstor Home Directory: HomeDir Drive: Logon Script: scripts\tedmap.bat Profile Path: Domain: TED Account desc: System User Workstations: Munged dial: Logon time: 0 Logoff time: Tue, 19 Jan 2038 03:14:07 GMT Kickoff time: Tue, 19 Jan 2038 03:14:07 GMT Password last set:Tue, 28 Jun 2005 10:53:57 GMT Password can change: Tue, 28 Jun 2005 10:53:57 GMT Password must change: Tue, 19 Jan 2038 03:14:07 GMT Last bad password : 0 Bad password count : 0 Logon hours : FF Even when i stop winbind, delete winbindd_cache.tdb and winbindd_idmap.tdb and delete the bad entries from the LDAP Directory the problem returns ?. Can anone make sence of this behaviour ?. Thanks -- Ian Clancy IT Systems Engineer Connaught Electronics Ltd. Dunmore Rd, Tuam, Co. Galway, Ireland. P : ++353 93 23151 F : ++353 93 23110 E : mailto:[EMAIL PROTECTED] W : http://www.cel-europe.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Exchange 5.5 not seeing new Domain accounts - lsass.exe searching local SAM
Hi, First of all, The problem i am having is not directly related to Samba. So apologies, however there are a lot of people on this list who know a good deal about how windows (and related technologies) work so i'm hoping they can shed some light on the matter. Background : I successfully completed a migration from a Windows NT4 Domain to s Samba domain with LDAP backend about 2 months. The old NT4 PDC also hosted an exchange 5.5 sp4 email server so i could not just rubbish it. Once the migration was complete i used a tool called UPromote to demote the old PDC and rejoined it to the new domain (Same Domain Name). All appeared to work well... However, When a added new account to the system they could not access their email using their domain account whereas existing accounts were working fine. The mail server reported this error (from event log): -- A logon attempt failed because an attempt to look up Windows NT account information failed. Error 1332. -- The new accounts worked perfectly in every other sense. Even at the old PDC i could log on with the new accounts, see the new accounts in usrmgr.exe, and select them as the Primary Windows NT account for the associated mailbox in the Exchange admin program. So i though, Maybe exchange is somehow looking on the old PDC for account data. I was able to confirm my suspicion using an application called regmon which records access to the registry. From the following out put i can see the lsass.exe program searching the SAM portion of the registry for the user account. Output using the regmon utility --- 20490 160.25828604lsass.exe:48OpenKey HKLM\SAM\SAM\DOMAINS\Account\Groups\2F6ANOTFOUND 20491 160.25839958lsass.exe:48OpenKey HKLM\SAM\SAM\DOMAINS\Account\Aliases\2F6A NOTFOUND 20492 160.25852070lsass.exe:48OpenKey HKLM\SAM\SAM\DOMAINS\Account\Users\2F6A NOTFOUND - Finally (and thanks for your patience :) ). How do i get Exchange (or lsass.exe) to search the domain for accounts and not the local registry (HKEY_LOCAL_MACHINE) ?. Any suggestion welcome, thanks -- Ian Clancy IT Systems Engineer Connaught Electronics Ltd. Dunmore Rd, Tuam, Co. Galway, Ireland. P : ++353 93 23151 F : ++353 93 23110 E : mailto:[EMAIL PROTECTED] W : http://www.cel-europe.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Proper behavior of Interdomain Trust uid mappings
Robert Kelly wrote: Hi there, I'm running Samba 3.0.14a-sernet on Suse 9.1 using ldapsam. I've got an interdomain trust setup across a vpn connection with a 2k3sp1 domain (DOMB). The trust works. Robert, I have a similar setup to yourself except i have 2 samba domains accross a VPN. What is strange is that a user from DOMB can't access any shares until they browse a share on our domain controller, say netlogon, then samba creates a new posix account for them in the ou=users base. I spent quite a while myself trying to figure this out. I'm not sure if what i have done is correct but in nsswitch.conf i have : passwd: files ldap winbind shadow: files ldap winbind group: files ldap winbind - winbind is used to give the foreign sid's from the trusted domain uid on your PDC or Domain member Server I have nsswitch.conf using ldap, and samba configured to use winbind as per the howto. Same wins etc. What isn't clear to me is why the user account gets created as a regular account and not in the ou=idmap base. I had this same problem until i added winbind to the nsswitch.conf file. Can you see the users from the trusted domain when you enter 'wbinfo -u ' at the shell ? Shouldn't just a sambaIdmapEntry object be created in ou=IdMap and not a posixaccount in ou=users? The account gets created with a uid from the regular users range not from the idmap uid range and still gets created when winbind is stopped. I've read Chapter 18. Interdomain Trust Relationships over and over again, but need some suggestions on the correct way to setup winbind on a domain controller when using a trust. Any clues? The book is not very clear on this. It took me some time to figure it out Thanks, Rob -- Ian Clancy IT Systems Engineer Connaught Electronics Ltd. Dunmore Rd, Tuam, Co. Galway, Ireland. P : ++353 93 23151 F : ++353 93 23110 E : mailto:[EMAIL PROTECTED] W : http://www.cel-europe.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba BDC for Backup
Hiu Yen Onn wrote: Hiu Yen Onn wrote: hi, i have no experience in configure any of the BDC before. just curious to ask, if i have configured a BDC, then if any fail down of my PDC, does BDC will take turn automatically??? stupid question but, i didnt know it... sorry another question 1. I have a master ldap tree for my PDC, likewise my BDC also having a slave ldap tree, do i need to replicate the master ldap to the slave ldap? In a word, Yes. If you are using openldap you will find plenty of documentation on the Internet about how to do this. 2. How about the sid number??? does PDC sid have to be similar to the BDC sid??? what is sid? what does is working for??? dun understand... pls enlighten.. thanks.. The PDC and the BDC have the same SID number. Usually each computer / users has a unique SID. However domain controllers are a unique case. You can import the SID into a BDC using the 'net rpc getsid DOMAINNAME' command. -- Ian Clancy IT Systems Engineer Connaught Electronics Ltd. Dunmore Rd, Tuam, Co. Galway, Ireland. P : ++353 93 23151 F : ++353 93 23110 E : mailto:[EMAIL PROTECTED] W : http://www.cel-europe.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] updating samba via rpm
Stuart Highlander wrote: good afternoon, current status: samba pdc running samba 3.0.10-1.fc3 on fedora core 3 on a dell server. clients are windows 2000 pro workstations. authentication is via tdbsam. pretty vanilla setup. no active directory, ldap, winbind, etc. i have downloaded the rpm's from samba.org for current stable release samba 3.0.14a-1. usually i perform upgrades to samba server using rpm -Fvh samba-*, with this set of rpm's the update does not run using the rpm -Fvh command. i do recall list traffic that did not recommend upgrading this way, but have not had any problems in the past doing it this way. could someone steer me to documentation that would help me upgrade the samba software via rpm? i have downloaded and read the samba pdf manuls by john terpstra, jelmer vernooij, and jerry carter (excellent reading), but did not find my specific issue. thank you, stuart Stuart, I understand your predicament. Redhat/ Fedora package Samba in a different way than the rpm you just downloaded from the site. You can usually find 3 or 4 samba rpm's installed on Fedora 3 : samba-common-3.0.10-1.fc3 samba-3.0.10-1.fc3 samba-client-3.0.10-1.fc3 I can't remember exactly, but i think gnome-vfs2-smb depends on samba-common. Other gnome rpm's depend on gnome-vfs2-smb etc The rpm from the site provides one rpm package : samba-3.0.14a-1 If your not bothered about using gnome you can uninstall the Fedora Samba rpm's (stop samba first of course): rpm --nodeps -e samba samba-common samba-client then install the rpm from samba.org rpm -Uvh samba-3.0.14a-1.i386.rpm One thing to look out for. What was previously located in /var/cache/samba is now located in /var/lib/samba. regards -- Ian Clancy IT Systems Engineer Connaught Electronics Ltd. Dunmore Rd, Tuam, Co. Galway, Ireland. P : ++353 93 23151 F : ++353 93 23110 E : mailto:[EMAIL PROTECTED] W : http://www.cel-europe.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba trusted domains and access control lists problem (cannot delete or rename)
Hi, I am having difficuly deleting and renaming files with users from a foreign domain using acls. My setup is as follows : I have two Samba (3.0.14a)/LDAP domains connected via a VPN (OpenVPN) with a bi-directional trust relationship established. The trust relationship appears to be working correctly. I can log on onto PC's at either end on either Domain :) and the browse lists of both domains are syncronising properly. I am using the same WINS server for both domains and this is located in DomA on the Primary Domain Controller. I want users on DomB to be able to access shares on Domain Member servers on DomA. Winbind is running on my fileservers and i am using ldap as an idmap backend. Users from DomA are mapped on my Domain member server using ldap and DomB users are mapped using winbind. I have the following entry in my nsswitch.conf file: passwd: files ldap winbind shadow: files ldap winbind group: files ldap winbind I have not seen anyone else do this so i am not sure if it is correct :). It appears to work however as 'getent passwd' and 'getent group' return users from both Domains. Users of DomB are prepended with DomB+ (as expected). So far so good ... The following is a share on one of my Domain member server on DomA [Materials] comment = Materials Share path = /var/shares/Materials read only = No inherit permissions = Yes inherit acls = Yes I can successfully set the acls's from the shell using setfacl. The permissions on the above share are as follows # file: Materials # owner: root # group: DomA Users user::rwx group::rwx group:DomB+DomB users:rwx mask::rwx other::--- default:user::rwx default:user:root:rwx default:group::rwx default:group:DomA Users:rwx default:group:DomB+DomB users:rwx default:mask::rwx default:other::--- Users from DomB can successfully access the share. They can even create files as follows in the root directory of the above share : # file: New Text Document.txt # owner: DomB+yorketom # group: DomB+domain users user::rwx user:root:rwx #effective:rw- group::rwx #effective:rw- group:DomA Users:rwx #effective:rw- group:DomB+DomB users:rwx #effective:rw- mask::rw- other::--- However, I cannot delete or rename this file ?!. So to summerise i have two main questions: 1. Why are the effective permissions on the file above 'rw-' ? 2. In windows i can see permissions for the owner, group and also Everyone but none of the other permissions, for example 'group:DomA Users:rwx #effective:rw-' as listed above ? If you've managed to get this far, thanks for reading :). regards, Ian -- Ian Clancy IT Systems Engineer Connaught Electronics Ltd. Dunmore Rd, Tuam, Co. Galway, Ireland. P : ++353 93 23151 F : ++353 93 23110 E : mailto:[EMAIL PROTECTED] W : http://www.cel-europe.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] failing WINS test #1
Hi Samba users, I'm using a typical Samba 3.0.14a PDC/Ldap setup. The pdc is also the WINS server. The wins server is working perfectly with one exception. The server cannot query itself. I searched through log.nmbd and this is what i found : [2005/05/26 17:06:55, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) find_name_on_subnet: on subnet 192.0.2.14 - name CELCZPDC00 NOT FOUND [2005/05/26 17:06:55, 9] nmbd/nmbd_namelistdb.c:find_name_on_subnet(129) 1 == memcmp( CELCZPDC00, CEL1e, 84 ) nmbd_subnetdb:namelist_entry_compare() [2005/05/26 17:06:55, 10] nmbd/nmbd_subnetdb.c:namelist_entry_compare(69) -1 == memcmp( CELCZPDC00, CELDC00, 84 ) nmbd_subnetdb:namelist_entry_compare() [2005/05/26 17:06:55, 10] nmbd/nmbd_subnetdb.c:namelist_entry_compare(69) -1 == memcmp( CELCZPDC00, CELDC20, 84 ) nmbd_subnetdb:namelist_entry_compare() [2005/05/26 17:06:55, 10] nmbd/nmbd_subnetdb.c:namelist_entry_compare(69) 1 == memcmp( CELCZPDC00, CEL1d, 84 ) nmbd_subnetdb:namelist_entry_compare() [2005/05/26 17:06:55, 10] nmbd/nmbd_subnetdb.c:namelist_entry_compare(69) process_name_query_request: Name query from 192.0.2.14 on subnet 192.0.2.14 for name CELCZPDC00 [2005/05/26 17:06:55, 3] nmbd/nmbd_incomingrequests.c:process_name_query_request(454) packet_is_for_wins_server: failing WINS test #1. [2005/05/26 17:06:55, 10] nmbd/nmbd_winsserver.c:packet_is_for_wins_server(155) question: q_name=CELCZPDC00 q_type=32 q_class=1 header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=0 header: flags: bcast=Yes rec_avail=No rec_des=Yes trunc=No auth=No nmb packet from 192.0.2.14(42713) header: id=327 opcode=Query(0) response=No [2005/05/26 17:06:55, 4] libsmb/nmblib.c:debug_nmb_packet(109) Received a packet of len 50 from (192.0.2.14) port 42713 Anybody know what failing WINS test #1 means ? thanks, -- Ian Clancy IT Systems Engineer Connaught Electronics Ltd. Dunmore Rd, Tuam, Co. Galway, Ireland. P : ++353 93 23151 F : ++353 93 23110 E : mailto:[EMAIL PROTECTED] W : http://www.cel-europe.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Can't join PC's to Domain - object class 'sambaSamAccount' requires attribute 'sambaSID'
Hi Samba Admins, I have a problem with my new Samba3.0.14a/LDAP domain. I can no longer join computers to the domain using the normal procedure in windows. I wetnt to the domain controller to investigate. When i run # pdbedit -m -a mambo50 i am returned the following error init_ldap_from_sam: Setting entry for user: mambo50$ ldapsam_modify_entry: Failed to add user dn= uid=mambo50$,ou=Computers,dc=zed,dc=org with: Object class violation object class 'sambaSamAccount' requires attribute 'sambaSID' ldapsam_add_sam_account: failed to modify/add user with uid = mambo50$ (dn = uid=mambo50$,ou=Computers,dc=zel,dc=org) Unable to add machine! (does it already exist?) I have checked and the previous machine does not already exist. I use the IDEALX tools to manage my Domain, when i try to add the PC with the following command : smbldap-useradd -w mambo50$ This creates the entry in my Directory. However, only the posix user attributes are created, SambaSamAccount is not present. Last week , I accidentally deleted the sambaDomainName branch of my Directory. I restored this part of the tree in a couple of minutes without any problems. This is where the SambaSID attribute is stored so i wounder if this has in some way upset my samba setup. Does anyone know how i can test this ? Thanks for your help. I will repost if i resove this issue myself. regards, -- Ian Clancy IT Systems Engineer Connaught Electronics Ltd. Dunmore Rd, Tuam, Co. Galway, Ireland. P : ++353 93 23151 F : ++353 93 23110 E : mailto:[EMAIL PROTECTED] W : http://www.cel-europe.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] WINS resolution not working on WINS Server
Hi Samba Users, I'm using a typical Samba/LDAP Solution. My PDC is running samba 3.0.14a on RHEL4. This is also my acting WINS server. WINS resolution appears to be working fine for all other PC's on the network. It works for my BDC, and Domain member servers and the various windows clients on the network. However WINS does not appear to work on the PDC itself. On the pdc i have the following line in nsswitch.conf: hosts: files wins dns The following output from log.nmbd show an unsuccessful wins lookup by the PDC (in reverse using tac). I can see CELCZPDC00 clearly in the wins.dat file: find_name_on_subnet: on subnet 192.0.2.14 - name CELCZPDC00 NOT FOUND [2005/05/24 09:43:09, 9] nmbd/nmbd_namelistdb.c:find_name_on_subnet(129) -1 == memcmp( CELCZPDC00, CELDC00, 84 ) nmbd_subnetdb:namelist_entry_compare() [2005/05/24 09:43:09, 10] nmbd/nmbd_subnetdb.c:namelist_entry_compare(69) -1 == memcmp( CELCZPDC00, CELDC03, 84 ) nmbd_subnetdb:namelist_entry_compare() [2005/05/24 09:43:09, 10] nmbd/nmbd_subnetdb.c:namelist_entry_compare(69) 1 == memcmp( CELCZPDC00, CEL1e, 84 ) nmbd_subnetdb:namelist_entry_compare() [2005/05/24 09:43:09, 10] nmbd/nmbd_subnetdb.c:namelist_entry_compare(69) -1 == memcmp( CELCZPDC00, CELDC20, 84 ) nmbd_subnetdb:namelist_entry_compare() [2005/05/24 09:43:09, 10] nmbd/nmbd_subnetdb.c:namelist_entry_compare(69) 1 == memcmp( CELCZPDC00, CEL1d, 84 ) nmbd_subnetdb:namelist_entry_compare() [2005/05/24 09:43:09, 10] nmbd/nmbd_subnetdb.c:namelist_entry_compare(69) process_name_query_request: Name query from 192.0.2.14 on subnet 192.0.2.14 for name CELCZPDC00 [2005/05/24 09:43:09, 3] nmbd/nmbd_incomingrequests.c:process_name_query_request(454) Here is a copy of my smb.conf : # Global parameters [global] dos charset = 850 unix charset = ISO8859-1 workgroup = CEL server string = SAMBA-LDAP %v PDC Server interfaces = lo, eth0 bind interfaces only = Yes passdb backend = ldapsam:ldap://127.0.0.1 enable privileges = Yes passwd program = /usr/sbin/smbldap-passwd -u %u log level = 1 auth:3 winbind:5 passdb:5 name resolve order = lmhosts host wins bcast printcap name = CUPS add user script = /opt/IDEALX/sbin/smbldap-useradd -m %u delete user script = /opt/IDEALX/sbin/smbldap-userdel %u add group script = /opt/IDEALX/sbin/smbldap-groupadd -p %g delete group script = /opt/IDEALX/sbin/smbldap-groupdel %g add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m %u %g delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x %u %g set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g %g %u add machine script = /opt/IDEALX/sbin/smbldap-useradd -w %u logon script = scripts\celmap.bat logon path = logon home = domain logons = Yes preferred master = Yes domain master = Yes wins support = Yes ldap admin dn = cn=Manager,dc=cel,dc=org ldap delete dn = Yes ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Computers ldap passwd sync = Yes ldap suffix = dc=cel,dc=org ldap user suffix = ou=People remote announce = 192.168.2.2 idmap backend = ldap:ldap://127.0.0.1 idmap uid = 1-15000 idmap gid = 1-15000 winbind separator = + winbind use default domain = Yes winbind trusted domains only = Yes printer admin = Administrator I need wins to work on the PDC to implement trusted domains . Anyone got any idea's as to what could be wrong. regards, -- Ian Clancy IT Systems Engineer Connaught Electronics Ltd. Dunmore Rd, Tuam, Co. Galway, Ireland. P : ++353 93 23151 F : ++353 93 23110 E : mailto:[EMAIL PROTECTED] W : http://www.cel-europe.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Exchange 5.5 on a Samba Domain
Hi, I recently migrated from an NT4 Domain to a Samba domain with LDAP backend. We use Exchange 5.5 on NT4 as our mail/groupware. All existing users on the domain appear to be using the Exchange Server without any problems. However, when i create new users they cannot access their mail box'es from Outlook. The Event log on the Exchange Server reports the following error : A logon attempt failed because an attempt to look up Windows NT account information failed. Error 1332. The new user accounts appear to work perfectly otherwise. They can log onto the Domain and the Exchange NT4 Serve itself. They can even check their mail using squirrelmail webmail which connects to the exchange server using IMAP. I sniffed the communication between the Exchange server and the Samba Domain server with ethereal and the only communication i can see is a couple of DCERPC packets. Anyone had this problem before ?. Thanks, -- Ian Clancy IT Systems Engineer Connaught Electronics Ltd. Dunmore Rd, Tuam, Co. Galway, Ireland. P : ++353 93 23151 F : ++353 93 23110 E : mailto:[EMAIL PROTECTED] W : http://www.cel-europe.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Exchange 5.5 on a Samba Domain - Further Information
Ian Clancy wrote: Hi, I recently migrated from an NT4 Domain to a Samba domain with LDAP backend. We use Exchange 5.5 on NT4 as our mail/groupware. All existing users on the domain appear to be using the Exchange Server without any problems. However, when i create new users they cannot access their mail box'es from Outlook. The Event log on the Exchange Server reports the following error : A logon attempt failed because an attempt to look up Windows NT account information failed. Error 1332. The new user accounts appear to work perfectly otherwise. They can log onto the Domain and the Exchange NT4 Serve itself. They can even check their mail using squirrelmail webmail which connects to the exchange server using IMAP. I sniffed the communication between the Exchange server and the Samba Domain server with ethereal and the only communication i can see is a couple of DCERPC packets. Anyone had this problem before ?. Thanks, Hi Again, Some further information to add. My samba PDC is running RHEL4 with samba version 3.0.10 (red hat rpm) and OpenLDAP 2.2.13. Exchange 5.5 SP4 Build 2653.23 on NT4 SP6. I have created the Domain user accounts with usrmgr.exe and the smbldap tools with the same results. The samba domain is working apart from 1 other problem, adding computer accounts to the domain. When i attempt to add a PC to the domain from windows only a posix account is created in the directory. Creating the computer account with the smbldap tools works fine though so i am using this as a workaround for the moment. Thanks, Ian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Exchange 5.5 on a Samba Domain - Further Information
Guenther Deschner wrote: Date: Thu, 12 May 2005 10:52:51 +0100 Hi, On Thu, May 12, 2005 at 10:29:52AM +0100, Ian Clancy wrote: Hi Again, Some further information to add. My samba PDC is running RHEL4 with samba version 3.0.10 (red hat rpm) and OpenLDAP 2.2.13. Exchange 5.5 SP4 Build 2653.23 on NT4 SP6. I have created the Domain user accounts with usrmgr.exe and the smbldap tools with the same results. to first concentrate on your Exchange issues: You have to use Samba Version 3.0.11 when using Exchange 5.5 on NT4 with a Samba DC. In Samba 3.0.11 there have been added a couple of fixes w.r.t Exchange 5.5. Let us know if an update solves your Exchange-problems. I'm not sure if RedHat provides official Samba package updates, you could also use RedHat rpms from SerNet. Hope that helps, Guenther Guenther, I would like to upgrade to the latest version 3.0.14a. Red hat tend to only update samba when a security vulnerability is discovered so i will probably have to use the SerNet rpm's. I would have used Sernet rpms originally but had issues with winbind that i won't go into here. Does any body percieve any difficult in upgrading from samba version 3.0.10 (red hat rpm) to 3.0.14 SerNet rpm's ? -- Ian Clancy IT Systems Engineer Connaught Electronics Ltd. Dunmore Rd, Tuam, Co. Galway, Ireland. P : ++353 93 23151 F : ++353 93 23110 E : mailto:[EMAIL PROTECTED] W : http://www.cel-europe.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] nscd, ldap and the root/Administrator account
Hi, I'm using Samba 3 as a PDC with an Openldap backend and also have a number of Samba domain member servers that lookup the ldap directory for their account information. I use ssh to perform various administration tasks. There is an account called Administrator in the LDAP directory that has a UID of 0 . However, after nscd has been started, the next time i login to one of the member servers using the root account my username is reported as Administrator and not as root as expected. This causes various issues with ssh keys etc.. I have the following lines in my nsswitch.conf file. passwd: files ldap shadow: files ldap group: files ldap grepping the output of 'getent passwd' for x:0: root:x:0:0:root:/root:/bin/bash Administrator:x:0:5001:Netbios Domain Administrator:/home/Administrator:/bin/bash When i stop the nscd service the behaviour of the system returns to normal. I apologise if this topic is not directly samba related. However, i'm sure somebody else must have come accross this behaviour. Thanks, Ian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] nscd, ldap and the root/Administrator account
Adam Tauno Williams wrote: I'm using Samba 3 as a PDC with an Openldap backend and also have a number of Samba domain member servers that lookup the ldap directory for their account information. I use ssh to perform various administration tasks. There is an account called Administrator in the LDAP directory that has a UID of 0 . However, after nscd has been started, the next time i login to one of the member servers using the root account my username is reported as Administrator and not as root as expected. This causes various issues with ssh keys etc.. It only works when you're not running nscd because you're lucky. NSS will return the first matching entry for a uidnumber={0} lookup. I would have though that it works because i have 'files' before 'ldap' in the nsswitch.conf file It doesn't really support multiple accounts with the same uidnumber, id suggest not having a Administration;uidnumber=0 account. Simply map Administrator = root in Samba if this is the behaviour you want. I'm not sure how to map Administrator = root. Sounds like a good idea. I will have to look into this. I have the following lines in my nsswitch.conf file. passwd: files ldap shadow: files ldap group: files ldap grepping the output of 'getent passwd' for x:0: root:x:0:0:root:/root:/bin/bash Administrator:x:0:5001:Netbios Domain Administrator:/home/Administrator:/bin/bash When i stop the nscd service the behaviour of the system returns to normal. I apologise if this topic is not directly samba related. However, i'm sure somebody else must have come accross this behaviour. nscd is just a dumb cache, you're getting the results of a uidnumber=0 lookup into its cache. Thanks for your reply -- Ian Clancy IT Systems Engineer Connaught Electronics Ltd. Dunmore Rd, Tuam, Co. Galway, Ireland. P : ++353 93 23151 F : ++353 93 23110 E : mailto:[EMAIL PROTECTED] W : http://www.cel-europe.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Migrating from NT4 to Samba/LDAP - Demoting PDC to domain member
Hello All, I'm looking for some advice \ shared past experiences of users on the list. I am in the process of planning a migration from an existing NT Domain to a Samba 3 / LDAP based domain. However, the existing NT4 PDC is also home to our Exchange 5.5 email server which we would like to keep in service. I imagine what i need to do is add the old NT4 PDC server to the new Samba Domain once i have completed the migration. I am not sure how to do this ?. I have found this software (U Promote ) at http://www.purenetworking.net/Products/UPromote/UPromote.htm that may do the trick. Has anyone out there performed a task similar to this or used this product ? or is it even necessary. Is there another (free) way ?. Thanks, Ian Clancy Legal Disclaimer: Any views expressed by the sender of this message are not necessarily those of Connaught Electronics Ltd. Information in this e-mail may be confidential and is for the use of the intended recipient only, no mistake in transmission is intended to waive or compromise such privilege. Please advise the sender if you receive this e-mail by mistake. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] allowing users to change system time
Greetings Samba users, I'm the proud administrator of a samba 3 domain with openldap backend. All is well but for one niggling little problem which i hope somebody could help me with ?. My pdc is set up as a time server time server = yes and I have created a logon script with the following entry : net time \\mypdc /set /yes Now, when i logon to a windows 2k domain client as Administrator the above command sync's the time on the client with the server, no problems. However when ordinary users logon they get the following error : System error 1314 has occurred. A required privilege is not held by the client. I would like to give the users the privilege to change the time on their systems. Does anyone know how i could go about doing this ?. Using the usrmgr.exe program i can make a number of changes to the samba domain, usfortunately their is not an option to do this ? All help , ideas welcome. Thanks for your time. Ian Clancy Legal Disclaimer: Any views expressed by the sender of this message are not necessarily those of Connaught Electronics Ltd. Information in this e-mail may be confidential and is for the use of the intended recipient only, no mistake in transmission is intended to waive or compromise such privilege. Please advise the sender if you receive this e-mail by mistake. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] allowing users to change system time
Stu, Thank you for your incredibly quick response. What you describle below works great, thanks very much. Now i could be barking up the wrong tree but does anybody know if it would be possible to place this setting somehow into NTConfig.POL so this setting could be changed on all users PC's as they log in ?. Ian -Original Message- From: Stuart Highlander To: Ian Clancy; [EMAIL PROTECTED] Sent: 12/1/2004 10:38 PM Subject: Re: [Samba] allowing users to change system time ian, your problem is probably with the local computer policy on the w2k boxes. on the win2k box, go to start, run, gpedit.msc, Local Computer Policy, Computer Configuration, Windows Settings, Securty Settings, Local Policies, User Rights Assignments, Change the System Time. Add users or authenticated users to this key. there may be an easier way, but works for me. stu - Original Message - From: Ian Clancy [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, December 01, 2004 4:07 PM Subject: [Samba] allowing users to change system time Greetings Samba users, I'm the proud administrator of a samba 3 domain with openldap backend. All is well but for one niggling little problem which i hope somebody could help me with ?. My pdc is set up as a time server time server = yes and I have created a logon script with the following entry : net time \\mypdc /set /yes Now, when i logon to a windows 2k domain client as Administrator the above command sync's the time on the client with the server, no problems. However when ordinary users logon they get the following error : System error 1314 has occurred. A required privilege is not held by the client. I would like to give the users the privilege to change the time on their systems. Does anyone know how i could go about doing this ?. Using the usrmgr.exe program i can make a number of changes to the samba domain, usfortunately their is not an option to do this ? All help , ideas welcome. Thanks for your time. Ian Clancy Legal Disclaimer: Any views expressed by the sender of this message are not necessarily those of Connaught Electronics Ltd. Information in this e-mail may be confidential and is for the use of the intended recipient only, no mistake in transmission is intended to waive or compromise such privilege. Please advise the sender if you receive this e-mail by mistake. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba Legal Disclaimer: Any views expressed by the sender of this message are not necessarily those of Connaught Electronics Ltd. Information in this e-mail may be confidential and is for the use of the intended recipient only, no mistake in transmission is intended to waive or compromise such privilege. Please advise the sender if you receive this e-mail by mistake. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Using Winbind with Squid
Hello, I've configured a squid proxy server to use the wb_auth module to authenticate NT Users . I'm aware that this is not the squid users mailing list but since the wb_auth modle uses the winbind application i thought this might be a good place to look for some help. Basically, the wb_auth module asks winbind to authenticate a users. Winbind then returns a '0' if the authentication was successful, or a '1' if the authentication was unsuccessful. This is working perfectly except for one problem. I want to be able to authenticate only specified users or groups. At the moment every domain user is able to use the proxy server. Can anyone think of a way to get winbind to only authenticate members of an 'Internet Users' group ?. Has anyone any previous experience of the setup ? All help much appreciated. Ian Legal Disclaimer: Any views expressed by the sender of this message are not necessarily those of Connaught Electronics Ltd. Information in this e-mail may be confidential and is for the use of the intended recipient only, no mistake in transmission is intended to waive or compromise such privilege. Please advise the sender if you receive this e-mail by mistake. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Using PAM - Logging into Linux using an NT Domain account
Hello Samba Users, I work for the IT Department of a small company and we've already replaced our NT4 File Servers with Linux servers running Samba. We'd like to replace some of our windows workstations also. It would be really cool if employee's could log into the Linux workstations using their existing NT accounts ! Has anybody had much luck using winbind and PAM to allow log on to Linux worksataions using a windows NT Domain acount ?. Any info, or past experiences shared will be helpful and much appriciated Ian Clancy Legal Disclaimer: Any views expressed by the sender of this message are not necessarily those of Connaught Electronics Ltd. Information in this e-mail may be confidential and is for the use of the intended recipient only, no mistake in transmission is intended to waive or compromise such privilege. Please advise the sender if you receive this e-mail by mistake. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] NEWBIE : Problem saving M$ word documents on samba fileserver
Hi, The users of my company's NT4 domain have their home drives located on a RH8 machine running Samba 2.2.7. Anytime a user saves a Microsoft Office document from a windows 2000 client to their home drive they lose write and execute permissions. Thus users can no longer edit their files (a serious problem!). I want users to have RWX permissions on their own files but it appears that office is changing the permissions of the files. This problem does not occur on windows 95/98 clients, or for users of Open Office. Thanks in advance for your help. Ian Clancy Legal Disclaimer: Any views expressed by the sender of this message are not necessarily those of Connaught Electronics Ltd. Information in this e-mail may be confidential and is for the use of the intended recipient only, no mistake in transmission is intended to waive or compromise such privilege. Please advise the sender if you receive this e-mail by mistake. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba