Re: [Samba] Thunderbird 24.0 for Windows seems to ignore Samba4.0.9 permissions settings
Kevin Field wrote: Hi, I have a CentOS 6.4 fileserver running SerNet Samba 4.0.9 with these global settings (not overridden): read only = No force create mode = 0777 force directory mode = 0777 inherit acls = yes inherit owner = yes inherit permissions = yes On a Windows client, I have Thunderbird 24.0 storing its profile and mail on the Samba share. The perms on everything in the share were chmod -R 777'd. Then I get mail, compact a folder, whatever, and it looks like this: -rwxrwxrwx. 1 1128 5130 Oct 18 2012 Archives -rwxrwxrwx. 1 1128 513 3158 Sep 25 13:20 Archives.msf drwxrwxrwx. 2 1128 513 4096 Sep 25 09:12 Archives.sbd -rwxrwx---+ 1 1128 5130 Sep 25 13:49 Drafts -rwxrwx---+ 1 1128 513 2450 Sep 25 13:50 Drafts.msf -rwxrwx---+ 1 1128 5130 Sep 25 13:08 Inbox -rwxrwx---+ 1 1128 513 2317 Sep 25 13:50 Inbox.msf drwxrwxrwx. 3 1128 513 4096 May 28 09:26 Inbox.sbd -rwxrwxrwx. 1 1128 513 1268 Apr 12 2007 Junk.msf -rwxrwxrwx. 1 1128 513 28 Oct 2 2012 msgFilterRules.dat -rwxrwxrwx 1 1128 51313736 Sep 25 13:50 popstate.dat -rwxrwxrwx 1 1128 513 96061164 Sep 25 13:21 Sent -rwxrwx---+ 1 1128 513 2988277 Sep 25 13:21 Sent.msf -rwxrwxrwx. 1 1128 5130 Mar 25 2010 Templates -rwxrwxrwx. 1 1128 513 2684 Sep 25 13:20 Templates.msf -rwxrwx---+ 1 1128 5130 Sep 25 13:50 Trash -rwxrwx---+ 1 1128 513 2223 Sep 25 13:50 Trash.msf Whatever it touches is now 770. How can that be, when the parent of this folder is 777, Samba is set to inherit and force 0777? Is this Samba misbehaving, or Thunderbird? Thanks, Kev It looks like the you have acl's active, hence the + after the permissions rwxrwx---+ . These acls overrule the local permissions set by samba. Not samba not thundebird is misbehaving. regards Johan Hendriks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Winbind strip domain from username?
Hello Folks, This directive works with Samba3 but does not seem to work with Samba-4.0.5: winbind use default domain = Yes I want to get a username that does not contain the domain (GIGL). Instead here's what I get: [root@roquefort ~]# getent passwd | grep GIGL GIGL\Administrator:*:0:100::/usagers/%U:/bin/bash GIGL\Guest:*:302:303::/usagers/%U:/bin/bash GIGL\krbtgt:*:307:100::/usagers/%U:/bin/bash GIGL\dns-stilton:*:308:100::/usagers/%U:/bin/bash GIGL\testuser:*:309:100::/usagers/%U:/bin/bash GIGL\llalonde:*:310:100::/usagers/%U:/bin/bash How do I remove the 'GIGL\' from the username? This is causing me problems mounting the user's home directory at logon with 'PAM_MOUNT' What am I missing? Thank You! -- Luc Lalonde, analyste - Département de génie informatique: École polytechnique de Montréal (514) 340-4711 x5049 luc.lalo...@polymtl.ca - I had something similar, but i can not look what it was from where i am now, but i think i did change the %U in %u in my home share regards Johan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Printer drivers
Hi Fabian, Yes - here is (excerpt from) my setup. You also need to set permissions on shares so printer admins can write driver files and everybody can print. I think you need arcitecture foldres under print$ (W32X86 etc) and set SePrintOperatorPrivilege for users to set up printers. I got it all working OK (samba 3.5.6), but I do still have troubles with printer properties in some drivers. I suspect it might work better in samba3.3 and older but have not got as far as testing this. Jim [global] .. load printers = yes printing = cups printcap name = cups #show add printer wizard = no use client driver = no force printername = yes # cups options = raw [print$] comment = windows printer drivers path = /var/lib/samba/printers browseable = no guest ok = yes read only = no create mask = 0664 directory mask = 775 force group = print operators [printers] comment = all printers path = /var/spool/samba printable = yes writeable = no guest ok = no create mask = 0700 browseable = no On 18 March 2013 04:46, Fabian von Romberg fromberg...@hotmail.com wrote: Hi, is it possible to have printer driver on samba and when the user wants to use a particular printer can install the drivers automatically from samba? Thanks in advance and regards, Fabian -- Well on samba 3.6.x i got it working also, but on samba4 i do not get the printers and faxes share. Whatever i do. I do get the printer itself. Is the documentation not right and do i need to use the printer share it self. regards Johan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Printer drivers
Zitat von Fabian von Romberg fromberg...@hotmail.com: Hi, is it possible to have printer driver on samba and when the user wants to use a particular printer can install the drivers automatically from samba? Thanks in advance and regards, Fabian Do you mean like this: https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO#Point_and_Print_Drivers regards Lukas Sorry if i hyjack I am trying to get this to work also. The problem i have is that i do not see a printers and faxes share. So i can not connect to it this is my smb4.conf # Global parameters [global] workgroup = TESTBOOM realm = TESTBOOM.LOCAL netbios name = SMB-FILER01 server role = active directory domain controller dns forwarder = 8.8.8.8 nsupdate command = /usr/local/bin/samba-nsupdate -g # Printers load printers = yes printing = cups printcap name = cups force printername = yes cups options = raw [printers] comment = All Printers path = /usr/local/samba/var/spool browseable = Yes guest ok = yes read only = No printable = Yes [print$] comment = Point and Print Printer Drivers path = /usr/local/samba/var/print read only = No use client driver = yes write list = administrator, @domain admins regards johan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Mixed profiles - how to?
Hi. I have roaming profiles enabled in my Samba domain. But it's a nightmare for some users (who never uses a different machine and has a lot of data in the profile). To the others users it's simply the best. Is that possible to disable the roaming profile feature to a single user (or group)? How can I do that? Can you write an example? Thanks! []s Alexander .Brazil - Rio de Janeiro This should do it http://softpixel.com/~cwright/programming/samba/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] IDMAP dump and restore for second server.
Thanks for the reply.
probably my lack of understanding the whole thing is making it a little
confusing for me.
Is there a way to get the same id's on a second server.
Now i have the same config on both servers, only the id numbers are different.
Must i change
idmap config DOMAIN1 : backend = rid
idmap config DOMAIN1 : base_rid = 500
idmap config DOMAIN1 : range = 1 - 2
idmap config DOMAIN2 : backend = rid
idmap config DOMAIN2 : base_rid = 500
idmap config DOMAIN2 : range = 3 - 4
TO
idmap config DOMAIN1 : backend = tdb
idmap config DOMAIN1 : base_rid = 500
idmap config DOMAIN1 : range = 1 - 2
idmap config DOMAIN2 : backend = tdb
idmap config DOMAIN2 : base_rid = 500
idmap config DOMAIN2 : range = 3 - 4
thanks again.
regards
Johan Hendriks
Hi,
everything is fine:
You are using the rid backend for your domains (DOMAIN1 and DOMAIN2). This is a
purely algorithmical method for doing id mappings. These mappings are not
stored in databases but calculated each time (at least when the cache entries
expire).
The default backend tdb is only used for anything but
DOMAIN1 and DOMAIN2. Apparently you don't have a third real domain around,
which is why there are so few mappings in the db and hence in the dump.
Hope this helps.
Cheers - Michael
Johan Hendriks wrote:
Hello all.
I use Samba 3.6.3 on FreeBSD in combination with ZFS, and it all works fine.
I use zfs send to receive my store on a backup machine and i want the users
id to be the same as on the master server so to say.
Keeps my backups easy accessable with samba!
Now i know i can dump the IDMAP database using the following: net idmap dump.
I expect a whole bunch of lines,but i get the following, we around 70
users
filer01 ~ # net idmap dump
dumping id mapping from /var/db/samba/winbindd_idmap.tdb GID 150004
S-1-5-11 GID 150005 S-1-5-32-546 USER HWM 15 GID 150002 S-1-1-0
GID 150003 S-1-5-2 GROUP HWM 150006
filer01 ~ #
Also a tdbdump /var/db/samba/winbind_idmap.tdb gives me a small amount of
Lines.
tdbdump /var/db/samba/winbindd_idmap.tdb {
key(11) = GID 150002\00
data(8) = S-1-1-0\00
}
{
key(9) = S-1-5-11\00
data(11) = GID 150004\00
}
{
key(13) = S-1-5-32-546\00
data(11) = GID 150005\00
}
{
key(11) = GID 150005\00
data(13) = S-1-5-32-546\00
}
{
key(11) = GID 150003\00
data(8) = S-1-5-2\00
}
{
key(9) = USER HWM\00
data(4) = \F0I\02\00
}
{
key(8) = S-1-1-0\00
data(11) = GID 150002\00
}
{
key(11) = GID 150004\00
data(9) = S-1-5-11\00
}
{
key(8) = S-1-5-2\00
data(11) = GID 150003\00
}
{
key(10) = GROUP HWM\00
data(4) = \F6I\02\00
}
{
key(14) = IDMAP_VERSION\00
data(4) = \02\00\00\00
}
wbinfo -u and wbinfo -g as id username all works fine.
The relevant config part (as far as i know)
template homedir = /sanstorage/sambashare/home/%U winbind use default
domain = yes winbind cache time = 3600 winbind nested groups = yes
winbind separator = | winbind offline logon = yes winbind enum users =
yes winbind enum groups = yes winbind refresh tickets = yes allow
trusted domains = yes
idmap config * : backend = tdb
idmap config * : range = 1-8
idmap config DOMAIN1 : backend = rid
idmap config DOMAIN1 : base_rid = 500
idmap config DOMAIN1 : range = 1 - 2
idmap config DOMAIN2 : backend = rid
idmap config DOMAIN2 : base_rid = 500
idmap config DOMAIN2 : range = 3 - 4
Is there a problem , or am i missing something.
I have been googling a lot, but could not find something related.
Thanks for your time
Regards
Johan Hendriks
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
[Samba] IDMAP dump and restore for second server.
Hello all.
I use Samba 3.6.3 on FreeBSD in combination with ZFS, and it all works fine.
I use zfs send to receive my store on a backup machine and i want the users id
to be the same as on the master server so to say.
Keeps my backups easy accessable with samba!
Now i know i can dump the IDMAP database using the following: net idmap dump.
I expect a whole bunch of lines,but i get the following, we around 70 users
filer01 ~ # net idmap dump
dumping id mapping from /var/db/samba/winbindd_idmap.tdb
GID 150004 S-1-5-11
GID 150005 S-1-5-32-546
USER HWM 15
GID 150002 S-1-1-0
GID 150003 S-1-5-2
GROUP HWM 150006
filer01 ~ #
Also a tdbdump /var/db/samba/winbind_idmap.tdb gives me a small amount of Lines.
tdbdump /var/db/samba/winbindd_idmap.tdb
{
key(11) = GID 150002\00
data(8) = S-1-1-0\00
}
{
key(9) = S-1-5-11\00
data(11) = GID 150004\00
}
{
key(13) = S-1-5-32-546\00
data(11) = GID 150005\00
}
{
key(11) = GID 150005\00
data(13) = S-1-5-32-546\00
}
{
key(11) = GID 150003\00
data(8) = S-1-5-2\00
}
{
key(9) = USER HWM\00
data(4) = \F0I\02\00
}
{
key(8) = S-1-1-0\00
data(11) = GID 150002\00
}
{
key(11) = GID 150004\00
data(9) = S-1-5-11\00
}
{
key(8) = S-1-5-2\00
data(11) = GID 150003\00
}
{
key(10) = GROUP HWM\00
data(4) = \F6I\02\00
}
{
key(14) = IDMAP_VERSION\00
data(4) = \02\00\00\00
}
wbinfo -u and wbinfo -g as id username all works fine.
The relevant config part (as far as i know)
template homedir = /sanstorage/sambashare/home/%U
winbind use default domain = yes
winbind cache time = 3600
winbind nested groups = yes
winbind separator = |
winbind offline logon = yes
winbind enum users = yes
winbind enum groups = yes
winbind refresh tickets = yes
allow trusted domains = yes
idmap config * : backend = tdb
idmap config * : range = 1-8
idmap config DOMAIN1 : backend = rid
idmap config DOMAIN1 : base_rid = 500
idmap config DOMAIN1 : range = 1 - 2
idmap config DOMAIN2 : backend = rid
idmap config DOMAIN2 : base_rid = 500
idmap config DOMAIN2 : range = 3 - 4
Is there a problem , or am i missing something.
I have been googling a lot, but could not find something related.
Thanks for your time
Regards
Johan Hendriks
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ldap backend and usrmgr.exe
This is a case in your smbldap-tools: add user script= /usr/local/sbin/smbldap-useradd -m %u Put in the right arguments that fit your system. I think also your passwd change wont work this way: passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %nn *ReType*new*UNIX*password* %nn * passwd This has to be: ldap passwd sync = Yes passwd program = /usr/local/sbin/smbldap-passwd -u %u --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- Thank you for your kind reply. I do not clearly know what you mean with the First answer. I tried almost every option. -a -P -m %u and so on. If i use /usr/local/sbin/smbldap-useradd -m test The user test is added to the system, and i can see it with usrmgr.exe.. Could you be more specific what i need to change. Thanks again. ps i am out of the office till thuesday, so no message does not mean that i am not thankfull :D Regards, Johan Hendriks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ldap backend and usrmgr.exe
Hello all, i have made a howto on how to install samba as a PDC with an LDAP backend. The howto is here http://www.xs4all.nl/~doub/samba-ldap/index.html http://www.xs4all.nl/%7Edoub/samba-ldap/index.html It all works well, domain logons work, and adding users to the system works also from the command line. But when i want to use usrmgr , i get the famous error A device attached to the system is not functioning. I have search the whole day for a solution, but could not find a way to solve this. I am sorry if i over looked the answer. Could someone please tell me what i am missing. Thanks for your time Regards, Johan Hendriks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Old application very slow
Adam Williams schreef: you might try adding: socket options = IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=65536 SO_SNDBUF=65536 SO_KEEPALIVE READ_SIZE=65536 use mmap = No use sendfile = Yes blocking locks = No read raw = no write raw = no kernel oplocks = no oplocks = yes level2 oplocks = yes Thanks for your responses. I tried some of those suggestions, others are recommended not to modify in the documentations. But no improvement in speed. I also dissolved the bond between two NIC's I had, with no solution. Anyone has other suggestions ? Regards, Koenraad Lelong. A long shot, interfaces = 192.168.0.0/20, lo bind interfaces only = Yes try to set interfaces to just the interface name and the ipadres. Maybe it is a network problem. Regards, Johan No virus found in this outgoing message. Checked by AVG - www.avg.com Version: 8.5.423 / Virus Database: 270.14.24/2449 - Release Date: 10/20/09 18:42:00 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Is there a console tool to monitorcontrollognotify the print queue information?
I setup a central Fedora 11 printer server in a big office for 80+ windows clients due to the max 10 connections limitation of windows 2000/xp. 2 physical printers are connected to the server, and I configured 3 CUPS printers(1 printer with 2 different printer drivers) in Fedora 11. Is there a console tool to 1. Monitor the print queue(s) in real-time like windows system? A history windows hold some recent printed jobs information, and a real-time window hold the current printing/queueing jobs information. The current printing/queueing job information contains the information like windows system provided such as: Document Name, Status, Owner, Pages, File Size, Submit Time, Port. 2. Control the print queue(s). Everyone who stand in front of Fedora 11 can cancel any print job. 3. Log the job informations. Log job information to database, especially the 'Pages' and 'Owner' info of a job, so that I get a total Pages/Papers consumed in a month. CUPS can't provide a correct Pages value if job comes from Samba. 4. Notify the Owner when the job is finished via windows messenger mechanism. Many workmates(especially workmates from HR department) often print documents which have hundreds of pages. Their office is 30+ meters far from the printer, they rarely watch the print queue in their windows workstation, and watching a 'hundreds of pages' print job is boring. So, if owner can be notified when print job is finished, it will be very convenient. (hmmm, it's a weird idea that job information been notified via windows messenger mechanism, but windows messenger service comes with windows 2000+ system, so client users don't need install other softwares to receive notification.) ps: (1). the printer server is an old computer (Celeron 900MHz, 128M+32M memory), so it's not good to run GUI desktop. (2). Document name contains Chinese characters, all I know is: there's an open source project named zhCon to deal the display/input of Chinese/Japanese/Korean characters in text console mode. And the encoding of zhCon may be different to the linux system (I mean, the linux system may have LANG=en_US.UTF-8, but zhCon may working with zh_CN.GBK), so the encoding can be configurable. :working: If there's no such a tool, can anybody guide me how to get these print queue information from Samba? Any hint will be appreciated! :) Can't you use the webbased frontend of CUPS Like http://your-printserver:631/admin You need to edit the cups config file to allow other machine's other then localhost to acces the web gui. Here you find some info http://www.cups.org/doc-1.1/sam.html#5_3 regards, Johan No virus found in this outgoing message. Checked by AVG - www.avg.com Version: 8.5.392 / Virus Database: 270.13.49/2293 - Release Date: 08/09/09 18:10:00 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Strange samba problem with Win XP
Hello list, I don't know what is breaking my samba box but I am really very worried and confused !! My samba server has no problem with linux client. smbclient -L samba IP -U samba user runs well. No problem at all. But whenever I try to access the shares from Win-XP it reports that path not found. And after repeatedly trying the same Win-XP managed to get the share after waiting a long time. But it lost the shares after say 15/20 min. More over a mapped samba drive Immediately disconnected after restart !!! I am really really confused. All Linux clients are running so well but Win-XP. I have checked the nmbd.log and found errors like ``` process_node_status_request: status request for name ENTERPRISE1b from IP 192.168.1.41 on subnet UNICAST_SUBNET - name not found. [2009/07/17 15:43:03, 1] snip nmbd/nmbd_incomingrequests.c:process_node_status_request(328) Here is my smb.conf `` [global] unix password sync = yes force create mode =0774 utmp = no smb ports = 139 #domain logons = no domain master = no os level = 65 ocal master = yes preferred master = yes passwd program = /usr/sbin/userpasswd %u passwd chat = *password:* %n\n *password:* %n\n *successfully.* netbios name = Clarkconnect workgroup = Enterprise server string = ClarkConnect samba bind interfaces only = yes interfaces = lo eth0 eth1 use client driver = yes snip . force user = apache deadtime = 10 testparm does not show any error. Please enlighten me what is wrong/missing here. eagerly waiting for a kind response. Thanks I see you have 2 network interfaces in your smb.conf file. Are they both in the same subnet. If so remove one of them, and see if the problem goes away. regards, Johan Checked by AVG - www.avg.com Version: 8.5.387 / Virus Database: 270.13.16/2240 - Release Date: 07/16/09 18:00:00 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba ldap problem
Hi, we had this setup working for quite some time but after upgrading the samba package things look different: we now have the following samba/ldap setup: samba-3.0.34p1-cups-ldap openldap-server-2.3.43 the samba-ldap configuration is: doing parameter ldap suffix = dc=foo,dc=ch doing parameter ldap machine suffix = ou=Computers,ou=Samba,ou=system snip in this state we don't see any packets going to the ldap server anymore. Have you seen this behaviour or do you have any hints how we could debug this better? Very strange is also teh fact, that the first connection works, but gets interrupted in the middle somehow and then all subsequent attempts using smbclient fail: root:13# pgrep smbd 4268 30945 root:14# smbclient -U mbalmer -L tesla Password: Domain=[EDUBS] OS=[Unix] Server=[Samba 3.0.34] snip .. This is on OpenBSD 4.4/i386, btw. - Marc Did you copy the new samba schema file from the new samba version to the openldap scheme directory? I had some strange problems once after a update and that was the case in my situation. Regards, Johan Checked by AVG - www.avg.com Version: 8.5.387 / Virus Database: 270.13.16/2240 - Release Date: 07/16/09 18:00:00 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba ldap problem
Hi, we had this setup working for quite some time but after upgrading the samba package things look different: we now have the following samba/ldap setup: samba-3.0.34p1-cups-ldap openldap-server-2.3.43 the samba-ldap configuration is: doing parameter ldap suffix = dc=foo,dc=ch doing parameter ldap machine suffix = ou=Computers,ou=Samba,ou=system snip in this state we don't see any packets going to the ldap server anymore. Have you seen this behaviour or do you have any hints how we could debug this better? Very strange is also teh fact, that the first connection works, but gets interrupted in the middle somehow and then all subsequent attempts using smbclient fail: root:13# pgrep smbd 4268 30945 root:14# smbclient -U mbalmer -L tesla Password: Domain=[EDUBS] OS=[Unix] Server=[Samba 3.0.34] snip .. This is on OpenBSD 4.4/i386, btw. - Marc Did you copy the new samba schema file from the new samba version to the openldap scheme directory? I had some strange problems once after a update and that was the case in my situation. Yes I did that, but of course the additional fields in the SambaDomain object are empty. Do I need to full them with some values? - Marc As far as i know not, in my case the copy of schema file was enough, i could not imagine why it needs altering. I mean this file (On FreeBSD). /usr/local/share/examples/samba/LDAP/samba.schema And that needs to be copied to the loaction mentioned in your slapd.conf file: in my case: include /usr/local/etc/openldap/schema/samba.schema regards, Johan Checked by AVG - www.avg.com Version: 8.5.387 / Virus Database: 270.13.16/2240 - Release Date: 07/16/09 18:00:00 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Use windows to set file permissions.
I have searched for a howto, but could not find one. Is it possible to use a windows workstation to set ACL attributes on files, or the share itself. Regards, Johan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
RE: [Samba] Use windows to set file permissions.
And you need winbind to fetch the fetch out of the domain, otherwise windows could not known the samba-users. vishesh kumar wrote: If you mount ext3 formatted partition, with support of acl then it is possible to set acl permission using windows Thanks 2009/6/22 Björn Meier bjoern.me...@googlemail.com mailto:bjoern.me...@googlemail.com Of course, it works. I use it in my domain with ACL-support. 赵老师 wrote: Windows? no way~~ 2009/6/22 Johan Hendriks jo...@double-l.nl mailto:jo...@double-l.nl I have searched for a howto, but could not find one. Is it possible to use a windows workstation to set ACL attributes on files, or the share itself. Regards, Johan Ok i knew it was possible, i use winbind against a win2003 Server, i compiled Samba with ACL support, the only thin is i use FreeBSD as a server. It has ACL support on the filesystem. Are there any config options needed within smb.conf that must exist to use this feature? Regards, Johan No virus found in this outgoing message. Checked by AVG - www.avg.com Version: 8.5.339 / Virus Database: 270.12.83/2191 - Release Date: 06/21/09 20:02:00 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
RE: [Samba] attempted upgrade this weekend
Morning, This weekend I attempted an upgrade of my primary samba server from 3.0.24 to 3.3.3. When testing this primary server after the upgrade I had a few issues, so rolled back the upgrade until I can find solutions. This server also has the OpenLDAP server local to and co-located with samba. The two things that initially didn't seem right are that each time I logged into a windows XP box I was told my password had exprired and must be changed, and my roaming profile could not be accessed. Even after changing my password, when I logged out and back in I got the same password expired message. I had another event scheduled and couldn't diagnose the issue. I hope the issue is simply a difference in the configuration (smb.conf) between 3.0.24 and 3.3.3. I've attached a sanitized version of my config below. Does anyone see any issues? Samba is the first of a series of upgrades. After samba is Cyrus then OpenLDAP. Samba is compiled locally on this box, so it pulls in the current library versions, etc. The output of the smbd-3.0.24 and smbd-3.3.3 (both -b) seem the same to me. Thanks for having a look at this. I'll try another upgrade this coming weekend. Mike Did you copy the samba schema file from samba 3.3.3 to the schema dir of openldap, replacing the old one from samba 3.0.24 I once had the same issue after a upgrade from 3.0.x to 3.3.x, i did not have the password issue but the roaming profile issue i remember quite well ;-) After the copy (which is a pretty normal thing, but easy to forget) things where running as before. Regards, Johan Hendriks Double L Automatisering No virus found in this outgoing message. Checked by AVG - www.avg.com Version: 8.5.287 / Virus Database: 270.12.5/2083 - Release Date: 04/27/09 18:00:00 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
RE: [Samba] Trying to get uid and gid to match and getent to work
[EMAIL PROTECTED] wrote: I am using the following in my smb.conf on samba-3.0.28-0.el5.8 . snip . Okay, I was able to get getent to work. had to go back to ldconfig to get the library files to load the variants of libnss_winbind. So now am trying to get it to allow domain users to login and get the uid's and gid's to match across servers. The way to do this is to use an ldap backend on the file servers On one Member server the ldap is the master, and on all the others the ldap servers are slave's I have not tested this (my network is not that large). but this is also mentioned in the following doc http://us3.samba.org/samba/docs/man/Samba-Guide/ Then in chapter 7 at the end there is the following: What are the benefits of using LDAP for my domain member servers? The key benefit of using LDAP is that the UID of all users and the GID of all groups are globally consistent on domain controllers as well as on domain member servers. This means that it is possible to copy/replicate files across servers without loss of identity. When use is made of account identity resolution via winbind, even when an IDMAP backend is stored in LDAP, the UID/GID on domain member servers is consistent, but differs from the ID that the user/group has on domain controllers. The winbind allocated UID/GID that is stored in LDAP (or locally) will be in the numeric range specified in the idmap uid/gid in the smb.conf file. On domain controllers, the UID/GID is that of the POSIX value assigned in the LDAP directory as part of the POSIX account information. One more thing if you use the guide in chapter 7 and you come to the part of editing the nsswitch.conf file, do not use ldap there but winbind The guide tells you to do this. Edit the NSS control file /etc/nsswitch.conf so it has the following entries: ... passwd: files ldap shadow: files ldap group: files ldap ... hosts: files wins Use this instead. Edit the NSS control file /etc/nsswitch.conf so it has the following entries: ... passwd: files winbind shadow: files winbind group: files winbind ... hosts: files wins I hope this helps.. regards, Johan Hendriks Double L Automatisering -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] win2003 member netlogon.
Hello ! I have joined my samba 3.0.32 samba server to a windows 2003 domain controller. All works well and all users are mapped etc etc. Now is the server situated on a remote location. My question is can it handle domain logons for the remote location or can this only be done by the 2003 server. the reason is that the connection between both locations is sometimes out of order. Regards, Johan Hendriks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] win2003 member netlogon.
Hi Johan
I tried to do the same thing, but I was less successful.
Can you give a configuration file for your samba setup? I was stuck add
getting my users authenticated against my samba domain controller (although
my pc was registered in my domain)
Thanks
steven
Here are my config files
I used the samba3 by example, it it all Works very well, I also use a ldap
backend.
The only thing that has a error is the nsswitch.conf file in the by example
doc, it tells you to use ldap but you must use winbind.
My config is from a FreeBSD 7.1 PRERELEASE machine.
If you leave out the ldap settings you should be able to use the tdb backend.
My win2003 server is server01 my Samba server is server02
What is important is the /etc/krb5.conf file and the /etc/nsswitch.conf file
#
#/usr/local/etc/smb.conf file
#
[global]
workgroup = SMBDOMAIN
realm = SMBDOMAIN.LOCAL
netbios name = server02
interfaces = bce0 lo0
server string = %L
security = ads
# ldap backend
ldap admin dn = cn=Manager,dc=smbdomain,dc=local
ldap idmap suffix = ou=Idmap
ldap suffix = dc=smbdomain,dc=local
idmap backend = ldap:ldap://ldap.smbdomain.local
# end ldap backend
idmap uid = 5000-10
idmap gid = 5000-10
template homedir = /usr/home/%U
template shell = /bin/sh
#winbind cache time = 3600
#winbind nested groups = yes
winbind use default domain = yes
winbind separator = +
winbind enum users = yes
winbind enum groups = yes
#password server = server01.smbdomain.local
#wins server = server01.smbdomain.local
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
use sendfile = yes
local master = no
domain logons = no
domain master = no
preferred master = no
dns proxy = no
username map = /usr/local/samba/usermap
nt acl support = yes
# Printing
load printers = yes
printing = cups
printcap name = cups
# LOGGING
syslog only = Yes
log file = /var/log/samba/%m
loglevel = 1 ads:10 auth:10 sam:10 rpc:10
#log level = 3
max log size = 1000
syslog = 2
# logon options
logon script = logon.bat
# logon path = \\%L\profiles\%u
logon path =
logon home = \\server02\%U
logon drive = H:
# Share Definitions ==
[homes]
root preexec = /usr/local/samba/scripts/firslogon
comment = Home Directories
valid users = SMBDOMAIN+%S
read only = no
browseable = no
[Data]
comment = Data
path = /usr/local/samba/data
browseable = yes
writeable = yes
create mode = 0755
directory mode = 0755
#
#/etc/krb5.conf file (Capitol letters are important)
#
[libdefaults]
default_realm = SMBDOMAIN.LOCAL
clockskew = 300
[realms]
SMBDOMAIN.LOCAL = {
kdc = server01.smbdomain.local
}
[domain_realm]
.smbdomain.local = SMBDOMAIN.LOCAL
#
#/etc/nsswitch.conf file
# The important stuff is group: and passwd:
#
#
# nsswitch.conf(5) - name service switch configuration file
# $FreeBSD: src/etc/nsswitch.conf,v 1.1 2006/05/03 15:14:47 ume Exp $
#
group: files winbind
group_compat: nis
hosts: files dns
networks: files
passwd: files winbind
passwd_compat: nis
shells: files
services: compat
services_compat: nis
protocols: files
rpc: files
Hope this helps.
Regards,
Johan
No virus found in this outgoing message.
Checked by AVG - http://www.avg.com
Version: 8.0.175 / Virus Database: 270.8.6/1769 - Release Date: 5-11-2008 7:17
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] samba idmap ldap backend
Well that did it, thank you very very much. Did I read the documentation wrong or is it the documentation that need to be adjusted. I read this http://us1.samba.org/samba/docs/man/Samba-Guide/unixclients.html#adssdm and then the section IDMAP Storage in LDAP using Winbind regards, Johan Hendriks No virus found in this outgoing message. Checked by AVG - http://www.avg.com Version: 8.0.175 / Virus Database: 270.8.2/1741 - Release Date: 23-10-2008 7:54 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba idmap ldap backend
Hello all
First of all Sorry for the long e-mail
I am trying to get samba working as a domain member and store the idmap in a
ldap database.
The join is successful and all commands are working like it should wbinfo –u,
wbinfo –g kinit enz
But the id administrator command gives me the following
# id administrator
id: administrator: no such user
If I do not use the ldap backend it works well.
This is on FreeBSD 7_RELEASE with samba 3.0.32 and openldap 2.3.43
I did do all the things mentioned in chapter 7 of the by example doc.
Also the smbpasswd –w 12345
I am working on this for over 3 days now but my ldap understanding is not that
much I guess.
What am I forgetting or doing wrong.
Best regards,
Johan Hendriks
My slapd.conf file
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/misc.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/openldap.schema
include /usr/local/etc/openldap/schema/samba.schema
loglevel 256
pidfile /var/run/openldap/slapd.pid
argsfile/var/run/openldap/slapd.args
# Load dynamic backend modules:
modulepath /usr/local/libexec/openldap
moduleload back_bdb
###
# BDB database definitions
###
databasebdb
suffix dc=double-l,dc=local
rootdn cn=Manager,dc=double-l,dc=local
rootpw = 12345
directory /usr/local/var/db/openldap-data
# Indices to maintain
index objectClass eq
index cn pres,sub,eq
index sn pres,sub,eq
index uid pres,sub,eq
index displayName pres,sub,eq
index uidNumber eq
index gidNumber eq
index memberUID eq
index sambaSIDeq
index sambaPrimaryGroupSIDeq
index sambaDomainName eq
index default sub
my ldap.con and nss_ldap.conf file
base dc=double-l,dc=local
binddn cn=Manager,dc=double-l,dc=local
bindpw 12345
pam_password exop
bind_policy soft
bind_timelimit 10
host 127.0.0.1
idle_timelimit 3600
ldap_version 3
nss_base_group ou=Groups,dc=double-l,dc=local?one
nss_base_passwd ou=People,dc=double-l,dc=local?one
nss_base_shadow ou=People,dc=double-l,dc=local?one
nss_connect_policy persist
nss_paged_results yes
pagesize 1000
port 389
timelimit 30
my vi /etc/nsswitch.conf
group: files ldap
group_compat: nis
hosts: files dns
networks: files
passwd: files ldap
passwd_compat: nis
shells: files
services: compat
services_compat: nis
protocols: files
rpc: files
my idmap.ldiff file
dn: dc=snowshow,dc=com
objectClass: dcObject
objectClass: organization
dc: snowshow
o: The Greatest Snow Show in Singapore.
description: Posix and Samba LDAP Identity Database
dn: cn=Manager,dc=snowshow,dc=com
objectClass: organizationalRole
cn: Manager
description: Directory Manager
dn: ou=Idmap,dc=snowshow,dc=com
objectClass: organizationalUnit
ou: idmap
and finally my smb.conf file
[global]
workgroup = DOUBLE-L
netbios name = BEASTY
realm = DOUBLE-L.LOCAL
server string = Samba Server
security = ADS
log level = 1 ads:10 auth:10 sam:10 rpc:10
ldap admin dn = cn=Manager,dc=DOUBLE-L,dc=LOCAL
ldap idmap suffix = ou=Idmap
ldap suffix = dc=DOUBLE-L,dc=LOCAL
idmap backend = ldap:ldap://127.0.0.1
idmap uid = 15-55
idmap gid = 15-55
template shell = /usr/local/bin/bash
winbind use default domain = Yes
[share1]
comment = Data Directory
path = /mnt
#write list = @mr70
read only = no
create mask = 0777
directory mask = 0777
and my /etc/krb5.conf file
[libdefaults]
default_realm = DOUBLE-l.LOCAL
clockskew = 300
[realms]
DOUBLE-l.LOCAL = {
kdc = w2003s01.double-l.local
}
[domain_realm]
.double-l.local = DOUBLE-l.LOCAL
This is a part of my slapd.log file after a restart of samba and a id
administrator command
Oct 21 16:47:34 beasty slapd[60723]: conn=7 fd=13 closed (connection lost)
Oct 21 16:47:34 beasty slapd[60723]: conn=8 fd=15 closed (connection lost)
Oct 21 16:47:34 beasty slapd[60723]: conn=6 fd=12 closed (connection lost)
Oct 21 16:47:35 beasty slapd[60723]: conn=13 fd=12 ACCEPT from
IP=127.0.0.1:58176 (IP=127.0.0.1:389)
Oct 21 16:47:35 beasty slapd[60723]: conn=13 op=0 BIND
dn=cn=Manager,dc=double-l,dc=local method=128
Oct 21 16:47:35 beasty
