[Samba] Samba only quotas?

[Kyle Schmitt]

Is it possible to setup quotas only on the samba level?  So samba is
enforcing the quotas, but not the underlying OS?

I can't seem to find anything in the docs about it.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] inotify_handler No data on inotify fd?

[Kyle Schmitt]

I've got a samba server that's occasionally spewing inotify errors.

The classic, smbd/notify_inotify.c:inotify_handler No data on inotify
fd? type errors solved by
kernel change notify = false

Now, everything is working perfectly on this box unless one or two
users leave files open from specific machines (this is as far as I can
tell, it's hard to get good info from the users sometimes, but it's
what the logs indicate).

Because of this, I would rather not put in the kernel change notify =
false line, so I'm wondering if there's another good solution.

When I logged into the server, lsof told me the offending client had a
single Excel file open about 1300 times, and I found their samba
process had been running for 14 hours.

What if I set limits, lets say hard and soft limits for open files to
512, or 128, and cpu time limits of 4 hours or so.
Would that cause issues for my users?
Would that have killed the misbehaving client, or at least kept it
from choking my system?
Will samba behave OK, if a user's samba process runs out of open file
handles, or will it instead fill my logs even faster?

Thanks
--Kyle
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] How to use local profiles in samba PDC?

[Kyle Schmitt]

On Tue, Jul 28, 2009 at 5:38 PM, Miguel Medalhamiguelmeda...@sapo.pt wrote:
 Ah. I thought that the stanza would just disable roaming profiles.
 logon path =
 I misunderstood your question because your subject line says How to use
 local profiles in samba PDC.

 Well, you must have a netlogon share containing a Default User profile.
 The process is described in the Samba documents I pointed you to.

I was hoping to use a mix, and not just one or the other.  I did try
having a Default User profile in netlogon, and in profiles, but it
didn't do anything.  I tried with various permissions and ownerships,
with a blank directory, with a blank directory tree (empty dirs for
the common things like My documents, etc), and with a copy of the
Default User directory from an XP Pro box.  None of the combinations
seemed to work.  I'm not positive I tried all combinations in both
netlogon and profiles though.

The samba PDC will replace an old NT domain we have here, so to start
with, it needs to support local profiles.  I'd like to move to
roaming, with the redirection, but the important part right now is
that local work.

So far the only way I've gotten local profiles to work is by disabling
roaming via the logon path =  line you suggested.  Before disabling
them I was playing with the redirected folders via an NTConfig.POL
file I made using the custom.adm template from
http://www.pcc-services.com/custom_poledit.html .  The results were
mixed, but that was probably due to my being new to it.

Anyway I digress.  You say that if I enable roaming profiles, and have
a Default User profile in netlogon, I should be able to have a mix
of local and roaming profiles?

--Kyle
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] How to use local profiles in samba PDC?

[Kyle Schmitt]

How do you enable local profile creation on machines connected to a samba PDC?

I thought it would be automatic, but it doesn't seem to be.  If there
isn't a roving profile, windows complains it can't find your profile
on the server, then instead of creating a local one, it throws up this
message:

Windows cannot find the local profile and is logging you on with a
temporary profile. Changes you make to this profile will be lost when
you log off.


I thought perhaps it needed a Default User profile served over the
network, but adding such a profile to my config didn't help anything.

I wouldn't think it was something to do in my smb.conf, but it's
below, just in case it helps.

Thanks
--Kyle

[global]
workgroup = DEVDOMAIN
passdb backend = ldapsam
log level = 1
name resolve order = wins lmhosts hosts bcast
logon script = logon.bat
#This is used for roaming profiles
logon path = \\dvpdc01.testcompany.com\profiles\%U
logon drive = U:
logon home = \\dvpdc01.testcompany.com\%U
domain logons = Yes
os level = 64
preferred master = Yes
domain master = Yes
wins support = Yes
ldap admin dn = cn=admin,dc=devdomain,dc=com
ldap delete dn = Yes
ldap group suffix = ou=groups
ldap idmap suffix = ou=idmap
ldap machine suffix = ou=computers
ldap suffix = dc=devdomain,dc=com
ldap user suffix = ou=users
ldap password sync = yes
idmap domains = DEVDOMAIN
idmap backend = ldap:ldap://localhost
idmap alloc backend = ldap
winbind use default domain = Yes
idmap alloc config:range = 5-50
idmap alloc config:ldap_url = ldap://localhost
idmap alloc config:ldap_user_dn = cn=admin,dc=devdomain,dc=com
idmap alloc config:ldap_base_dn = ou=idmap,dc= devdomain,dc=com
idmap config DEVDOMAIN:range = 5-50
idmap config DEVDOMAIN:ldap_url = ldap://localhost
idmap config DEVDOMAIN:ldap_user_dn = cn=admin,dc= devdomain,dc=com
idmap config DEVDOMAIN:ldap_base_dn = ou=idmap,dc= devdomain,dc=com
idmap config DEVDOMAIN:default = yes
idmap config DEVDOMAIN:readonly = no
idmap config DEVDOMAIN:backend = ldap
ldapsam:editposix = yes
ldapsam:trusted = yes
#Templates
template homedir = /home/%U
template shell = /bin/false

[homes]
comment = Home Directories
valid users = %S
read only = No
create mask = 0640
directory mask = 0750
browseable = No

[IT]
path = /home/IT
comment= IT stuff
valid users = @IT
read only = no
create mask = 0660
directory mask = 0770
browseable = yes

[netlogon]
path = /var/lib/samba/netlogon
browseable = no
write list = @wheel @domadmins

[profiles]
path = /var/lib/samba/profiles
writeable = yes
create mask = 0700
directory mask = 0700
browsable = no
valid users = @wheel @domusers @domadmins
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] How to use local profiles in samba PDC?

[Kyle Schmitt]

On Tue, Jul 28, 2009 at 3:56 PM, Miguel Medalhamiguelmeda...@sapo.pt wrote:

 How do you enable local profile creation on machines connected to a samba
 PDC?


 In smb.conf:

 logon path = [meaning nothing after the = sign]

Ah. I thought that the stanza would just disable roaming profiles.
logon path =

Do I take it that there is no good way to have a mix of local 
roaming profiles?
IE: where if the user has a profile on the server they get it,
otherwise they use a local?
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Only administrator works in ldapsam:editposix domain

[Kyle Schmitt]

On Wed, Jul 22, 2009 at 3:08 PM, Norberto Bensanbe...@gmail.com wrote:
 Always CC the list.
Didn't realize I didn't.. Oops.


 It needs LDAP for itself. Samba needs unix accounts and groups. Read the docs.
The docs are sadly sparse (at least the ones I've found), but I'm
working through it.


 (right now it's defaulting to /home/DOMAIN/username).

 Use template homedir in smb.conf
Ahh!  Thanks!
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Only administrator works in ldapsam:editposix domain

[Kyle Schmitt]

Nevermind, I found it.  I needed to add the user to the group in unix
(or unix/ldap) first, then to the nt group.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Only administrator works in ldapsam:editposix domain

[Kyle Schmitt]

I tried setting up a samba/ldap domain using the ldapsam:editposix
feature, using the brief instructions at
http://wiki.samba.org/index.php/Ldapsam_Editposix.

Everything goes rather smoothly, and I can add XP machines and log
into them as the Administrative user.

I added a user to the server, then to samba/ldap using smbpasswd -a newuser
ldapsearch -x shows the user  encrypted password, so I figure I'm good to go.

When log in with my new (non admin) user, I get an error about
catastrophic failure,
Unable to complete the requested operation because of either a
catastrophic media failure or a data structure corruption on the
disk.

Hu, maybe the user isn't in the domain users group yet?

net rpc group addmem Domain Users newuser
Could not add newuser  to Domain Users: NT_STATUS_NO_SUCH_MEMBER
I tried a bunch of variations with the domain before one part or
another, and got pretty much the same error messages over and over.

What am I doing wrong?
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Adding Printer drivers with rpcclient

[Kyle Schmitt]

Hello.
   I'm having issues trying to add printer drivers using the rpcclient

I've got the drivers for one of the printers in the appropriate share,
but every time I've tried, I get NT_STATUS_UNSUCCESSFUL

So far I've put the drivers under W32X86, W32X86/2 and W32X86/3, to no avail

Every time I run the adddriver command, I receive the
NT_STATUS_UNSUCCESSFUL, and in the debug message, a rather curious
WERR_ACCESS_DENIED error.


rpcclient -U root -c 'adddriver Windows NT x86
dellcolor:dlxcrzim.dll
:dlxcrzp.ddd:dlxcrziu.dll:dlxcrz.hlp:NULL:RAW:dlxcrjdm.dll,dlxcrzir.xrs,dllzjnie.dll,dlzddmif.dll,dlzdhb32.dll,dllznie1.dll,dlzpmc2.dll,dlzadcmn.dll,dlzarl32.dll,dlzc5102.dll,dlxcrz.cfg,dlxcrz.cnt,dlxcrz.xrs,dlxcrz.cdd
' lxtrfs03  -d 100

Any help would be greatly appreciated.

--Kyle
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Importing Accounts from Windows?

[Kyle Schmitt]

Is there some automated system to import windows accounts into a samba
or a samba ldap situation?

I've got a few hundred users on an NT domain, and I'd like to migrate
them sometime before the last piece of hardware supported by NT4
rusts.
Right now several linux based samba servers are doing all of the heavy
lifting (shared files printers etc), but they are all looking at the
domain controller for authentication.

Considering the multiple vulns for NT, I know I could just run a
password cracker against it, then create new accounts for everyone
with their old passwords, but I'm reluctant to do that.

Is there a way to transfer the account info from the PDC to samba then
just shut the old thing off?

Thanks,
Kyle
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Adding a machine account to Samba PCD + LDAP?

[Kyle Schmitt]

Adam,  thanks a ton for that.  To further my curiosity, do you know if
that last set of numbers (the 2006 calculated to 1000+(503*2) ) just
needs to be unique, or if it needs to follow that pattern?

Thanks,
Kyle

On Tue, Feb 26, 2008 at 12:45 PM, Adam Williams
[EMAIL PROTECTED] wrote:
 figure out your sid (net getdomainsid)

  then take the posix UID of the user, multiply it by 2, then add 1000.

  for example, the RID in my test lab for user with UID 503 is:

  S-1-5-21-2139886109-2393431639-217723040-2006




  Kyle Schmitt wrote:
   Sadique,
  Thanks.  That got me where I need I think.  Now, to pester
   further, how does one determine a users sid if one were to manually
   generate an ldif to add samba users to ldap?
  
   In the meanwhile I'm digging through the docs, but to little avail.
  
   Thanks,
Kyle
  


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [SAMBA] how to make smbpasswd use or import system passwords?

[Kyle Schmitt]

Seriously, eww.  First off, your system isn't too small to take
advantage of ldap.  Not by a long shot.  Just for ease of use 
administration I've setup ldap+samba on my home network, where the
only user accounts are me, my wife and a few family members.
It's really not that hard.

Now, lets assume you don't want to use ldap  set all that up.  Fine.
You can use straight samba to keep those in sync, using the unix
password sync option.  To do that, you add something like this to your
smb.conf:

unix password sync = yes
passwd program = /bin/passwd %u

The upside of this is that changing their samba password will change
their unix password.  The downside, is that to keep things in sync,
they can't use passwd to change their unix password anymore, they'll
need to use smbpasswd.
Not a big deal really.

Now, lets say you did that, and now are having issues with one user
writing to a share, and the next user not being able to read what they
wrote (I'm just going to guess you'll run into this problem based on
what you've said so far).
Lets say you defined a share named APPS, and you have a unix group
APPS, to which these users belong.
In your share definition you need to make sure the create mask  the
directory mask allow reading/writing/executing by that group, and you
need to use the force group parameter.  So the whole share
definition would look something like this (after you set this up, you
may have to chown -R root:APPS that directory).
[APPS]
comment = Applications
path = /var/samba/shares/APPS
valid users = @APPS @admin
public = no
writable = yes
create mask = 0770
directory mask = 2770
force group = APPS


Hope all that helps.
--Kyle

On Wed, Feb 27, 2008 at 6:52 AM, Maginot Junior
[EMAIL PROTECTED] wrote:
 Well  this isnt possible, because all my share are sector specific
  with group restriction ... So ... what I came across is to use mysql
  (ldap is to big to my network with less them 100 users) to sync all
  passwords, Im going to make a db with mysql and inside create a simple
  login, passwd, full name, homedir table and populate it with the
  same postfix password that users uses to access email and make through
  pam it work with my ltsp server, email and hopefully with samba too,
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Adding a machine account to Samba PCD + LDAP?

[Kyle Schmitt]

Sadique,
   Thanks.  That got me where I need I think.  Now, to pester
further, how does one determine a users sid if one were to manually
generate an ldif to add samba users to ldap?

In the meanwhile I'm digging through the docs, but to little avail.

Thanks,
 Kyle
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Adding a machine account to Samba PCD + LDAP?

[Kyle Schmitt]

It doesn't need sambaSamAccount as part of it's ldap entry?
I thought it was needed.  Or is it only needed if there is no
corresponding unix account?

--Kyle
On Tue, Feb 26, 2008 at 11:50 AM, Sadique Puthen [EMAIL PROTECTED] wrote:
 Kyle Schmitt wrote:
   Sadique,
  Thanks.  That got me where I need I think.  Now, to pester
   further, how does one determine a users sid if one were to manually
   generate an ldif to add samba users to ldap?
  

  I use the below script to add a samba user to ldap database.

  #!/bin/bash
  uid=`cat /etc/samba/userid`
  nextuid=$(($uid + 1))
  echo $nextuid   /etc/samba/userid
  read -p  Please enter the user name  :   choice

 /usr/bin/ldapmodify -a -x -H ldap://ip -D
  cn=admin,dc=samba,dc=example,dc=com -w redsmb   EOF
  dn: uid=$choice,ou=People,dc=samba,dc=example,dc=com

 uid: $choice
  cn: $choice Account
  objectClass: account
  objectClass: posixAccount
  objectClass: top
  objectClass: shadowAccount
  userPassword: {crypt}!!
  shadowLastChange: 13904
  shadowMax: 9
  shadowWarning: 7

 loginShell: /sbin/nologin
  uidNumber: $uid
  gidNumber: 2515
  homeDirectory: /dev/null
  EOF
  smbpasswd -a $choice


  See the last smbpasswd -a $choice command. You don't have to worry
  about the sids for users. smbpasswd command would pick the next
  available sid and add that as an attribute for that user.

  --Sadique


  In the meanwhile I'm digging through the docs, but to little avail.
  
   Thanks,
Kyle
  


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Adding a machine account to Samba PCD + LDAP?

[Kyle Schmitt]

How does one go about adding a machine account, or even a normal samba
account, on a Samba PDC with LDAP back end?

I wanted to avoid using something like smbldap-useradd, because I want
to actually understand what's going on.  I'm assuming it's just some
sort of small ldif to add, like I would for adding user, am I wrong?

Thanks,
   Kyle
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] mount -o remount /mnt/samba creates duplicate mount

[Kyle Schmitt]

This is a repost, since I'd really like to get some info about whats going on.
when using, mount -o remount on an linux box, I get a duplicate
mount instead of a proper remount.
/proc/mounts backs me up: the system really does have multiple mounts
in the same place, of the same drive.

The version of samba installed is 3.0.10, the distro is RedHat
Enterprise Linux 4, kernel is 2.6.9-42.EL.

Thanks,
Kyle
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Multiple mount instead of remount?

[Kyle Schmitt]

I'm having issues trying to remount any shares using samba.

Super Short version
mount -o remount /some_windows_share creates a duplicate mount instead
of properly remounting.

Full details...
I have many shares served off of NT4 boxes, mounted via samba on a
linux box (RHEL 4).
Since long dormant (12 hour) shares from one server in particular
always have problems for a few seconds when accessing files, I altered
my scripts to mount -o remount.  I expected it would freshen the
mount.  Instead of doing a remount however, it appears to be mounting
_over_ the original.   Not really what I wanted.  Any idea why it's
doing this?  I wanted to avoid doing an unmount then a mount, as some
of these scripts may, on occasion, be run in parallel.  I know at
least on local drives remounting while in use (at least for read
operations), doesn't appear to cause problems..

Thanks,
Kyle

PS: I seem to be having trouble posting to this list, so if this
message appears (in various forms) more than once, I apologize.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Multiple mounts instead of remounting?

[Kyle Schmitt]

I'm having issues trying to remount any shares using samba.

Super Short version
mount -o remount /some_windows_share creates a duplicate mount instead
of properly remounting.

Full details...
I have many shares served off of NT4 boxes, mounted via samba on a
linux box (RHEL 4).
Since long dormant (12 hour) shares from one server in particular
always have problems for a few seconds when accessing files, I altered
my scripts to mount -o remount.  I expected it would freshen the
mount.  Instead of doing a remount however, it appears to be mounting
_over_ the original.   Not really what I wanted.  Any idea why it's
doing this?  I wanted to avoid doing an unmount then a mount, as some
of these scripts may, on ocasion, be run in parallel.  I know at least
on local drives remounting while in use (at least for read
operations), doesn't appear to cause problems..

Thanks,
 Kyle
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Multiple mounts instead of remounting?

[Kyle Schmitt]

I'm having issues trying to remount any shares using samba.

Super Short version
mount -o remount /some_windows_share creates a duplicate mount instead
of properly remounting.

Full details...
I have many shares served off of NT4 boxes, mounted via samba on a
linux box (RHEL 4).
Since long dormant (12 hour) shares from one server in particular
always have problems for a few seconds when accessing files, I altered
my scripts to mount -o remount.  I expected it would freshen the
mount.  Instead of doing a remount however, it appears to be mounting
_over_ the original.   Not really what I wanted.  Any idea why it's
doing this?  I wanted to avoid doing an unmount then a mount, as some
of these scripts may, on ocasion, be run in parallel.  I know at least
on local drives remounting while in use (at least for read
operations), doesn't appear to cause problems..

Thanks,
 Kyle
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba