[Samba] Samba only quotas?
Is it possible to setup quotas only on the samba level? So samba is enforcing the quotas, but not the underlying OS? I can't seem to find anything in the docs about it. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] inotify_handler No data on inotify fd?
I've got a samba server that's occasionally spewing inotify errors. The classic, smbd/notify_inotify.c:inotify_handler No data on inotify fd? type errors solved by kernel change notify = false Now, everything is working perfectly on this box unless one or two users leave files open from specific machines (this is as far as I can tell, it's hard to get good info from the users sometimes, but it's what the logs indicate). Because of this, I would rather not put in the kernel change notify = false line, so I'm wondering if there's another good solution. When I logged into the server, lsof told me the offending client had a single Excel file open about 1300 times, and I found their samba process had been running for 14 hours. What if I set limits, lets say hard and soft limits for open files to 512, or 128, and cpu time limits of 4 hours or so. Would that cause issues for my users? Would that have killed the misbehaving client, or at least kept it from choking my system? Will samba behave OK, if a user's samba process runs out of open file handles, or will it instead fill my logs even faster? Thanks --Kyle -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to use local profiles in samba PDC?
On Tue, Jul 28, 2009 at 5:38 PM, Miguel Medalhamiguelmeda...@sapo.pt wrote: Ah. I thought that the stanza would just disable roaming profiles. logon path = I misunderstood your question because your subject line says How to use local profiles in samba PDC. Well, you must have a netlogon share containing a Default User profile. The process is described in the Samba documents I pointed you to. I was hoping to use a mix, and not just one or the other. I did try having a Default User profile in netlogon, and in profiles, but it didn't do anything. I tried with various permissions and ownerships, with a blank directory, with a blank directory tree (empty dirs for the common things like My documents, etc), and with a copy of the Default User directory from an XP Pro box. None of the combinations seemed to work. I'm not positive I tried all combinations in both netlogon and profiles though. The samba PDC will replace an old NT domain we have here, so to start with, it needs to support local profiles. I'd like to move to roaming, with the redirection, but the important part right now is that local work. So far the only way I've gotten local profiles to work is by disabling roaming via the logon path = line you suggested. Before disabling them I was playing with the redirected folders via an NTConfig.POL file I made using the custom.adm template from http://www.pcc-services.com/custom_poledit.html . The results were mixed, but that was probably due to my being new to it. Anyway I digress. You say that if I enable roaming profiles, and have a Default User profile in netlogon, I should be able to have a mix of local and roaming profiles? --Kyle -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] How to use local profiles in samba PDC?
How do you enable local profile creation on machines connected to a samba PDC? I thought it would be automatic, but it doesn't seem to be. If there isn't a roving profile, windows complains it can't find your profile on the server, then instead of creating a local one, it throws up this message: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off. I thought perhaps it needed a Default User profile served over the network, but adding such a profile to my config didn't help anything. I wouldn't think it was something to do in my smb.conf, but it's below, just in case it helps. Thanks --Kyle [global] workgroup = DEVDOMAIN passdb backend = ldapsam log level = 1 name resolve order = wins lmhosts hosts bcast logon script = logon.bat #This is used for roaming profiles logon path = \\dvpdc01.testcompany.com\profiles\%U logon drive = U: logon home = \\dvpdc01.testcompany.com\%U domain logons = Yes os level = 64 preferred master = Yes domain master = Yes wins support = Yes ldap admin dn = cn=admin,dc=devdomain,dc=com ldap delete dn = Yes ldap group suffix = ou=groups ldap idmap suffix = ou=idmap ldap machine suffix = ou=computers ldap suffix = dc=devdomain,dc=com ldap user suffix = ou=users ldap password sync = yes idmap domains = DEVDOMAIN idmap backend = ldap:ldap://localhost idmap alloc backend = ldap winbind use default domain = Yes idmap alloc config:range = 5-50 idmap alloc config:ldap_url = ldap://localhost idmap alloc config:ldap_user_dn = cn=admin,dc=devdomain,dc=com idmap alloc config:ldap_base_dn = ou=idmap,dc= devdomain,dc=com idmap config DEVDOMAIN:range = 5-50 idmap config DEVDOMAIN:ldap_url = ldap://localhost idmap config DEVDOMAIN:ldap_user_dn = cn=admin,dc= devdomain,dc=com idmap config DEVDOMAIN:ldap_base_dn = ou=idmap,dc= devdomain,dc=com idmap config DEVDOMAIN:default = yes idmap config DEVDOMAIN:readonly = no idmap config DEVDOMAIN:backend = ldap ldapsam:editposix = yes ldapsam:trusted = yes #Templates template homedir = /home/%U template shell = /bin/false [homes] comment = Home Directories valid users = %S read only = No create mask = 0640 directory mask = 0750 browseable = No [IT] path = /home/IT comment= IT stuff valid users = @IT read only = no create mask = 0660 directory mask = 0770 browseable = yes [netlogon] path = /var/lib/samba/netlogon browseable = no write list = @wheel @domadmins [profiles] path = /var/lib/samba/profiles writeable = yes create mask = 0700 directory mask = 0700 browsable = no valid users = @wheel @domusers @domadmins -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to use local profiles in samba PDC?
On Tue, Jul 28, 2009 at 3:56 PM, Miguel Medalhamiguelmeda...@sapo.pt wrote: How do you enable local profile creation on machines connected to a samba PDC? In smb.conf: logon path = [meaning nothing after the = sign] Ah. I thought that the stanza would just disable roaming profiles. logon path = Do I take it that there is no good way to have a mix of local roaming profiles? IE: where if the user has a profile on the server they get it, otherwise they use a local? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Only administrator works in ldapsam:editposix domain
On Wed, Jul 22, 2009 at 3:08 PM, Norberto Bensanbe...@gmail.com wrote: Always CC the list. Didn't realize I didn't.. Oops. It needs LDAP for itself. Samba needs unix accounts and groups. Read the docs. The docs are sadly sparse (at least the ones I've found), but I'm working through it. (right now it's defaulting to /home/DOMAIN/username). Use template homedir in smb.conf Ahh! Thanks! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Only administrator works in ldapsam:editposix domain
Nevermind, I found it. I needed to add the user to the group in unix (or unix/ldap) first, then to the nt group. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Only administrator works in ldapsam:editposix domain
I tried setting up a samba/ldap domain using the ldapsam:editposix feature, using the brief instructions at http://wiki.samba.org/index.php/Ldapsam_Editposix. Everything goes rather smoothly, and I can add XP machines and log into them as the Administrative user. I added a user to the server, then to samba/ldap using smbpasswd -a newuser ldapsearch -x shows the user encrypted password, so I figure I'm good to go. When log in with my new (non admin) user, I get an error about catastrophic failure, Unable to complete the requested operation because of either a catastrophic media failure or a data structure corruption on the disk. Hu, maybe the user isn't in the domain users group yet? net rpc group addmem Domain Users newuser Could not add newuser to Domain Users: NT_STATUS_NO_SUCH_MEMBER I tried a bunch of variations with the domain before one part or another, and got pretty much the same error messages over and over. What am I doing wrong? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Adding Printer drivers with rpcclient
Hello. I'm having issues trying to add printer drivers using the rpcclient I've got the drivers for one of the printers in the appropriate share, but every time I've tried, I get NT_STATUS_UNSUCCESSFUL So far I've put the drivers under W32X86, W32X86/2 and W32X86/3, to no avail Every time I run the adddriver command, I receive the NT_STATUS_UNSUCCESSFUL, and in the debug message, a rather curious WERR_ACCESS_DENIED error. rpcclient -U root -c 'adddriver Windows NT x86 dellcolor:dlxcrzim.dll :dlxcrzp.ddd:dlxcrziu.dll:dlxcrz.hlp:NULL:RAW:dlxcrjdm.dll,dlxcrzir.xrs,dllzjnie.dll,dlzddmif.dll,dlzdhb32.dll,dllznie1.dll,dlzpmc2.dll,dlzadcmn.dll,dlzarl32.dll,dlzc5102.dll,dlxcrz.cfg,dlxcrz.cnt,dlxcrz.xrs,dlxcrz.cdd ' lxtrfs03 -d 100 Any help would be greatly appreciated. --Kyle -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Importing Accounts from Windows?
Is there some automated system to import windows accounts into a samba or a samba ldap situation? I've got a few hundred users on an NT domain, and I'd like to migrate them sometime before the last piece of hardware supported by NT4 rusts. Right now several linux based samba servers are doing all of the heavy lifting (shared files printers etc), but they are all looking at the domain controller for authentication. Considering the multiple vulns for NT, I know I could just run a password cracker against it, then create new accounts for everyone with their old passwords, but I'm reluctant to do that. Is there a way to transfer the account info from the PDC to samba then just shut the old thing off? Thanks, Kyle -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Adding a machine account to Samba PCD + LDAP?
Adam, thanks a ton for that. To further my curiosity, do you know if that last set of numbers (the 2006 calculated to 1000+(503*2) ) just needs to be unique, or if it needs to follow that pattern? Thanks, Kyle On Tue, Feb 26, 2008 at 12:45 PM, Adam Williams [EMAIL PROTECTED] wrote: figure out your sid (net getdomainsid) then take the posix UID of the user, multiply it by 2, then add 1000. for example, the RID in my test lab for user with UID 503 is: S-1-5-21-2139886109-2393431639-217723040-2006 Kyle Schmitt wrote: Sadique, Thanks. That got me where I need I think. Now, to pester further, how does one determine a users sid if one were to manually generate an ldif to add samba users to ldap? In the meanwhile I'm digging through the docs, but to little avail. Thanks, Kyle -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [SAMBA] how to make smbpasswd use or import system passwords?
Seriously, eww. First off, your system isn't too small to take advantage of ldap. Not by a long shot. Just for ease of use administration I've setup ldap+samba on my home network, where the only user accounts are me, my wife and a few family members. It's really not that hard. Now, lets assume you don't want to use ldap set all that up. Fine. You can use straight samba to keep those in sync, using the unix password sync option. To do that, you add something like this to your smb.conf: unix password sync = yes passwd program = /bin/passwd %u The upside of this is that changing their samba password will change their unix password. The downside, is that to keep things in sync, they can't use passwd to change their unix password anymore, they'll need to use smbpasswd. Not a big deal really. Now, lets say you did that, and now are having issues with one user writing to a share, and the next user not being able to read what they wrote (I'm just going to guess you'll run into this problem based on what you've said so far). Lets say you defined a share named APPS, and you have a unix group APPS, to which these users belong. In your share definition you need to make sure the create mask the directory mask allow reading/writing/executing by that group, and you need to use the force group parameter. So the whole share definition would look something like this (after you set this up, you may have to chown -R root:APPS that directory). [APPS] comment = Applications path = /var/samba/shares/APPS valid users = @APPS @admin public = no writable = yes create mask = 0770 directory mask = 2770 force group = APPS Hope all that helps. --Kyle On Wed, Feb 27, 2008 at 6:52 AM, Maginot Junior [EMAIL PROTECTED] wrote: Well this isnt possible, because all my share are sector specific with group restriction ... So ... what I came across is to use mysql (ldap is to big to my network with less them 100 users) to sync all passwords, Im going to make a db with mysql and inside create a simple login, passwd, full name, homedir table and populate it with the same postfix password that users uses to access email and make through pam it work with my ltsp server, email and hopefully with samba too, -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Adding a machine account to Samba PCD + LDAP?
Sadique, Thanks. That got me where I need I think. Now, to pester further, how does one determine a users sid if one were to manually generate an ldif to add samba users to ldap? In the meanwhile I'm digging through the docs, but to little avail. Thanks, Kyle -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Adding a machine account to Samba PCD + LDAP?
It doesn't need sambaSamAccount as part of it's ldap entry? I thought it was needed. Or is it only needed if there is no corresponding unix account? --Kyle On Tue, Feb 26, 2008 at 11:50 AM, Sadique Puthen [EMAIL PROTECTED] wrote: Kyle Schmitt wrote: Sadique, Thanks. That got me where I need I think. Now, to pester further, how does one determine a users sid if one were to manually generate an ldif to add samba users to ldap? I use the below script to add a samba user to ldap database. #!/bin/bash uid=`cat /etc/samba/userid` nextuid=$(($uid + 1)) echo $nextuid /etc/samba/userid read -p Please enter the user name : choice /usr/bin/ldapmodify -a -x -H ldap://ip -D cn=admin,dc=samba,dc=example,dc=com -w redsmb EOF dn: uid=$choice,ou=People,dc=samba,dc=example,dc=com uid: $choice cn: $choice Account objectClass: account objectClass: posixAccount objectClass: top objectClass: shadowAccount userPassword: {crypt}!! shadowLastChange: 13904 shadowMax: 9 shadowWarning: 7 loginShell: /sbin/nologin uidNumber: $uid gidNumber: 2515 homeDirectory: /dev/null EOF smbpasswd -a $choice See the last smbpasswd -a $choice command. You don't have to worry about the sids for users. smbpasswd command would pick the next available sid and add that as an attribute for that user. --Sadique In the meanwhile I'm digging through the docs, but to little avail. Thanks, Kyle -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Adding a machine account to Samba PCD + LDAP?
How does one go about adding a machine account, or even a normal samba account, on a Samba PDC with LDAP back end? I wanted to avoid using something like smbldap-useradd, because I want to actually understand what's going on. I'm assuming it's just some sort of small ldif to add, like I would for adding user, am I wrong? Thanks, Kyle -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] mount -o remount /mnt/samba creates duplicate mount
This is a repost, since I'd really like to get some info about whats going on. when using, mount -o remount on an linux box, I get a duplicate mount instead of a proper remount. /proc/mounts backs me up: the system really does have multiple mounts in the same place, of the same drive. The version of samba installed is 3.0.10, the distro is RedHat Enterprise Linux 4, kernel is 2.6.9-42.EL. Thanks, Kyle -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Multiple mount instead of remount?
I'm having issues trying to remount any shares using samba. Super Short version mount -o remount /some_windows_share creates a duplicate mount instead of properly remounting. Full details... I have many shares served off of NT4 boxes, mounted via samba on a linux box (RHEL 4). Since long dormant (12 hour) shares from one server in particular always have problems for a few seconds when accessing files, I altered my scripts to mount -o remount. I expected it would freshen the mount. Instead of doing a remount however, it appears to be mounting _over_ the original. Not really what I wanted. Any idea why it's doing this? I wanted to avoid doing an unmount then a mount, as some of these scripts may, on occasion, be run in parallel. I know at least on local drives remounting while in use (at least for read operations), doesn't appear to cause problems.. Thanks, Kyle PS: I seem to be having trouble posting to this list, so if this message appears (in various forms) more than once, I apologize. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Multiple mounts instead of remounting?
I'm having issues trying to remount any shares using samba. Super Short version mount -o remount /some_windows_share creates a duplicate mount instead of properly remounting. Full details... I have many shares served off of NT4 boxes, mounted via samba on a linux box (RHEL 4). Since long dormant (12 hour) shares from one server in particular always have problems for a few seconds when accessing files, I altered my scripts to mount -o remount. I expected it would freshen the mount. Instead of doing a remount however, it appears to be mounting _over_ the original. Not really what I wanted. Any idea why it's doing this? I wanted to avoid doing an unmount then a mount, as some of these scripts may, on ocasion, be run in parallel. I know at least on local drives remounting while in use (at least for read operations), doesn't appear to cause problems.. Thanks, Kyle -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Multiple mounts instead of remounting?
I'm having issues trying to remount any shares using samba. Super Short version mount -o remount /some_windows_share creates a duplicate mount instead of properly remounting. Full details... I have many shares served off of NT4 boxes, mounted via samba on a linux box (RHEL 4). Since long dormant (12 hour) shares from one server in particular always have problems for a few seconds when accessing files, I altered my scripts to mount -o remount. I expected it would freshen the mount. Instead of doing a remount however, it appears to be mounting _over_ the original. Not really what I wanted. Any idea why it's doing this? I wanted to avoid doing an unmount then a mount, as some of these scripts may, on ocasion, be run in parallel. I know at least on local drives remounting while in use (at least for read operations), doesn't appear to cause problems.. Thanks, Kyle -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba