Re: [Samba] SAMBA implementation for DOS ?
Zitat von czezz cz...@o2.pl: Hello Samba users, I use FreeDOS with MS Client to map a network drive. However MS Client is a memory hog and prevents me to run all applications I need. Therefore I would like to ask here is there SAMBA implementation for DOS ? What do you mean by that? You're looking for a SMB-Client implementation? Samba is a SMB/CIFS Server... regards Lukas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Replacing Win2000 DC with Samba4 - Success!
Zitat von Andrew Bartlett abart...@samba.org: On Wed, 2013-05-01 at 14:42 +, Lukas Gradl wrote: Hi! Did you record the details of why this didn't work? While I've expressed some hesitation at Windows 2000 support here previously, the one exception to that is for this kind of migration. This has worked in the past - indeed, the script has a special case in it to do a password change the way Windows 2000 will accept. Sorry - i didn't record all the steps. I posted some questions to this list - they should be in the archives. We had some problems with replication and i think with LDAP - but I don't remember all the problems we had and where I found the W2k-does-not-work-information... regards Lukas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Replacing Win2000 DC with Samba4 - Success!
Hi! Just wanted to share a little success story: We where asked to replace a Win2000 DC deployed by another company which is'nt existing any more. As our focus is software development on linux we wanted to deploy a Samba-server instead of Windows. So after some trial and error and a lot of reading and asking (many thanks to all that tried to help!) in mailing-lists and forums we managed to do the migration in several steps: Samba4 is not able to migrate from Win2000 directly - we think this problem is not sufficiently addressed in the docs and in the wiki. So our first attempts to do so did not succeed. Next step was to set up a Win2012R2 Server (the trial version is enough, no need to activate) and move over from Win2k to Win2012. How to do that is documented in the MS-Docs. Upgrade the Win2k ldap-schemes, add win2012 to domain, demote win2k, done. Then we installed Samba4 and promoted it as an additional DC to the domain. This worked quite well, only little problems syncing the dns-Server. But I'm not shure if that was a problem with Samba4 but with our a little special bind9-setup instead - so no reason to worry about this in this mailing list. After that we discovered that Win2012 can not be easyly removed from the domain - there seem to be some (known) Problems regarding demotion of Win2012 from a samba-domain. So we had to manually remove the win2012-Server from the domain. That was (including some tests) app. an hour of work - so no problem. As an addtional benefit over a direct migration from win2k to samba4 we could use the same name as the win2k-DC for the samba-server. so no need to change scripts using shares with the servername in it or desktop-shortcuts on the client machines! The whole task (without copying the data stored on the fileserver) for replacing a single Win2k DC with Samba4 serving 25 Clients needed app. 10 Hours including a lot of research in the mailing lists and taking several snapshots of the (virtualized) Servers involved to prevent dataloss. Thanks to all involved for the perfect work! Regards Lukas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Remove Win2008R2 from Domain, remove missing DC from domain
Hi! I'm almost done with a migration from Win2k to Samba4. To get this going I had to install a Win2008R2 Server as an intermediate server, now I want to get rid of it. I found a bug that Win2008R2 can not be demoted from Samba Domain - so I think I've to remove it somehow else. But I couldn't find anything about that in the docs and on google. So anyone out there with a little help on that topic? regars Lukas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Printer drivers
Zitat von Fabian von Romberg fromberg...@hotmail.com: Hi, is it possible to have printer driver on samba and when the user wants to use a particular printer can install the drivers automatically from samba? Thanks in advance and regards, Fabian Do you mean like this: https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO#Point_and_Print_Drivers regards Lukas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Migrating Win2000 PDC to Samba4 AD
Zitat von fe...@epepm.cupet.cu: Hi! We want to replace an old Win2000 Server (PDC). As we've already some Samba4 AD-Controllers up and running we would like to migrate to that setup. I think this is what you're looking for: https://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC Felix. Thanks for all that helped - afaik the join of the domain worked, the servers will see each other, I can see the samba4-server in Domain Controllers tab in AD. Two problem still exist: How to move the DNS-Server from the Win2k-DC to the Samba4-Server? Ideally to a bind9-installation on the samba4-Server? When provisioning samba4 with a new domain I get the Bind9 config templates which work quite well. But on joining the exitent Win2k-Domain I didn't get these... And when running samba-tool drs showrepl the INBOUND NEIGHBORS and OUTBOUND NEIGHBORS are both empty - otherwise the output seems to look ok. Is this ok? Perhaps someone is able to help me over that last things. regards Lukas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Migrating Win2000 PDC to Samba4 AD
Hi! We want to replace an old Win2000 Server (PDC). As we've already some Samba4 AD-Controllers up and running we would like to migrate to that setup. Unfortunatly we're not really good at Windows-Stuff - our main Focus ist Linux. So perhaps someone could point as to a good (and ideally painless :-)) way to migrate. So the current setup is: A single Win2000 PDC used mainly as File- and Printserver on some ancient Hardware. Clients run WinXP and Win7. What we want to achieve: A Samba4 AD server offering File- and Printservices on new Hardware. (Later on we add another Samba4 Server in the same AD which we've already done on another Installation, so no problem here) What we consider as possibly helpful things we have available: A Windows 2003 License and a Win2008R2 License which is currently unused. All new hardware is virtualized, so it's no problem to setup some additional server as intermediate step if necessary. So, any Windows-Guru available that can help us with that task and without having to recreate the whole Windows domain with all it's users and rejoining and reconfiguring all client-PCs? regards Lukas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Migrating Win2000 PDC to Samba4 AD
Zitat von fe...@epepm.cupet.cu: Hi! We want to replace an old Win2000 Server (PDC). As we've already some Samba4 AD-Controllers up and running we would like to migrate to that setup. Unfortunatly we're not really good at Windows-Stuff - our main Focus ist Linux. So perhaps someone could point as to a good (and ideally painless :-)) way to migrate. So the current setup is: A single Win2000 PDC used mainly as File- and Printserver on some ancient Hardware. Clients run WinXP and Win7. What we want to achieve: A Samba4 AD server offering File- and Printservices on new Hardware. (Later on we add another Samba4 Server in the same AD which we've already done on another Installation, so no problem here) What we consider as possibly helpful things we have available: A Windows 2003 License and a Win2008R2 License which is currently unused. All new hardware is virtualized, so it's no problem to setup some additional server as intermediate step if necessary. So, any Windows-Guru available that can help us with that task and without having to recreate the whole Windows domain with all it's users and rejoining and reconfiguring all client-PCs? I think this is what you're looking for: https://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC Felix. Felix, Thanks for your response. This is for joining to an existing AD-Controller. Does this work for Win2000 as well? As I said - we're not really good at Windows stuff and thought Win2000 is not Active Directory but the old PDC/BDC scheme. The Server shows The Computer is a Domain-Controller when checking in My Computer/Properties/Network. Does that mean this is an AD-Controller? Regards Lukas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to set ACLs with Samba4 AD?
Zitat von Lee Allen l...@leecallen.com: I apologize if this is very beginner/basic. In my defense, I can't get the Samba4 documentation to compile on my system, and I can't find the man pages online (a pointer to them would be extremely helpful). And in general, I am having difficulty sorting through the documentation on the wiki because much of it is clearly pre-Samba4 and therefore obsolete, or at least questionable. It's hard to know what is relevant. Most of the posts I see here seem to be much better informed than I am. I would love to know how they obtained their knowledge. So here is my question: I am running Samba4 as an AD and file server. How do I define ACLs for the samba shares, for domain users groups? These users and groups are not defined on the underlying OS (CentOS 6.3). It seems the answer is to do it via the underlying filesystem, but how is that possible when the domain users groups are not defined in the OS? I see samba-tool has some ACL get/set capability. Is that the answer? Or is there some special magic to get CentOS to control file access by referring to the Samba4 AD? Many thanks in advance for any help. And I would be very grateful for pointers to Samba4 introductory or background material (I have used the HOW-TOs extensively). I second that - it took me some time to learn that after setting acls by write user for years I can now use the Windows tools. So perhaps someone could add a few lines about setting acls in the howto? regards Lukas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 AD Groups Problem
OK, after some other hours of surfing through the net I stubled accross the needed information: It looks like to try setting ACLs in smb.conf like it was done on Samba3 is obsolete in Samba4. You do everything by setting the ACLs on the share by Windows-GUI. [testshare] Comment = Test share path = /space/testshare read only = No is all you need to specify in smb.conf... regards Lukas Zitat von Lukas Gradl samba@ssn.at: Hi! I created a Samba4 Demo Server to test AD functionality. Basically it's a Debian Wheezy machine with a manually compiled Samba4 (smbstatus -V: Version 4.1.0pre1-GIT-051a1a9) according to https://wiki.samba.org/index.php/Samba4/HOWTO but adjusted the paths to a more debian way. I can Manage the Server with the Windows Domain Utilities, add users, add groups, add Machines and so on. I created some printers and managed to set up Point and Print Drivers using print$. So I think the Server basically works as expected. Now I'm trying to set up a share which can be read by everyone and written by Domain Admins only. I can see the share on my server as well as a file created in there on the linux command line, but I'm not able to enable write Permission for Domain Admins. I created a directory on the server /space/testshare and did a chmod 777 /space/testshare to be shure there's no problem on the linux file system. When I set read only = no on the share I can create a file there without any problem. But setting read only = yes and write list = @TEST\Domain Admins doesn't work - I get access denied on the windows host, despite I'm logged on as TEST\Administrator Some additional information: root@samba:~# smbstatus -V == Version 4.1.0pre1-GIT-051a1a9 root@samba:~# wbinfo -u === Administrator Guest krbtgt dns-samba testuser root@samba:~# wbinfo -g === Enterprise Read-Only Domain Controllers Domain Admins Domain Users Domain Guests Domain Computers Domain Controllers Schema Admins Enterprise Admins Group Policy Creator Owners Read-Only Domain Controllers DnsUpdateProxy Testgroup root@samba:~# cat /etc/samba/smb.conf = # Global parameters [global] workgroup = TEST server string = realm = TEST.LOCAL netbios name = SAMBA server role = active directory domain controller server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate log level = 3 [netlogon] path = /var/lib/samba/sysvol/test.local/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No [printers] comment = Printer path = /var/spool/samba/spool browseable = Yes read only = No printable = Yes [print$] path = /var/spool/samba/driver read only = No [testshare] Comment = Test share path = /space/testshare read only = Yes write list = @TEST\Domain Admins Any help what to do next? regards Lukas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 AD Groups Problem
Hi! I created a Samba4 Demo Server to test AD functionality. Basically it's a Debian Wheezy machine with a manually compiled Samba4 (smbstatus -V: Version 4.1.0pre1-GIT-051a1a9) according to https://wiki.samba.org/index.php/Samba4/HOWTO but adjusted the paths to a more debian way. I can Manage the Server with the Windows Domain Utilities, add users, add groups, add Machines and so on. I created some printers and managed to set up Point and Print Drivers using print$. So I think the Server basically works as expected. Now I'm trying to set up a share which can be read by everyone and written by Domain Admins only. I can see the share on my server as well as a file created in there on the linux command line, but I'm not able to enable write Permission for Domain Admins. I created a directory on the server /space/testshare and did a chmod 777 /space/testshare to be shure there's no problem on the linux file system. When I set read only = no on the share I can create a file there without any problem. But setting read only = yes and write list = @TEST\Domain Admins doesn't work - I get access denied on the windows host, despite I'm logged on as TEST\Administrator Some additional information: root@samba:~# smbstatus -V == Version 4.1.0pre1-GIT-051a1a9 root@samba:~# wbinfo -u === Administrator Guest krbtgt dns-samba testuser root@samba:~# wbinfo -g === Enterprise Read-Only Domain Controllers Domain Admins Domain Users Domain Guests Domain Computers Domain Controllers Schema Admins Enterprise Admins Group Policy Creator Owners Read-Only Domain Controllers DnsUpdateProxy Testgroup root@samba:~# cat /etc/samba/smb.conf = # Global parameters [global] workgroup = TEST server string = realm = TEST.LOCAL netbios name = SAMBA server role = active directory domain controller server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate log level = 3 [netlogon] path = /var/lib/samba/sysvol/test.local/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No [printers] comment = Printer path = /var/spool/samba/spool browseable = Yes read only = No printable = Yes [print$] path = /var/spool/samba/driver read only = No [testshare] Comment = Test share path = /space/testshare read only = Yes write list = @TEST\Domain Admins Any help what to do next? regards Lukas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 AD Groups Problem
Zitat von Nishant Sharma codemarau...@gmail.com: Hi Lukas, On Monday 14 January 2013 07:48 PM, Lukas Gradl wrote: there without any problem. But setting read only = yes and write list = @TEST\Domain Admins doesn't work - I get access denied on the windows host, despite I'm logged on as TEST\Administrator [testshare] Comment = Test share path = /space/testshare read only = Yes write list = @TEST\Domain Admins Change it to: write list = @Domain Admins,TEST\Administrators,administrator With the same result. I tried several combinations with the @ before and after the , with and without the TEST\ in Front - no result. regards Lukas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 AD Groups Problem
Zitat von Nishant Sharma codemarau...@gmail.com: Hi Lukas, On Monday 14 January 2013 07:48 PM, Lukas Gradl wrote: there without any problem. But setting read only = yes and write list = @TEST\Domain Admins doesn't work - I get access denied on the windows host, despite I'm logged on as TEST\Administrator [testshare] Comment = Test share path = /space/testshare read only = Yes write list = @TEST\Domain Admins Change it to: write list = @Domain Admins,TEST\Administrators,administrator OK, little correction: I tried: write list = @Domain Admins,@TEST\Administrators (notice the additional @ before TEST\Administrators) This worked for users in the Administrators group. Added adminstrator then the administrator User itself can access the share. But @TEST\Domain Admins doesn't work... Additionaly I discovered that the Point and Print share works for the Administrator allone. Another User out of the Domain Admins Group is not allowed to add a printer driver. regards Lukas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 AD Groups Problem
Zitat von Nishant Sharma codemarau...@gmail.com: Sorry for the top post, my mobile is old world's! What about public = yes guest = yes browseable = yes Which would make the share world writeable afaik. But that's not what I want - i want it writeable by Domain Admins only. Regards Lukas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 AD Groups Problem
Zitat von Bob Miller b...@computerisms.ca: On Mon, 2013-01-14 at 16:26 +, Lukas Gradl wrote: Zitat von Nishant Sharma codemarau...@gmail.com: Hi Lukas, On Monday 14 January 2013 07:48 PM, Lukas Gradl wrote: there without any problem. But setting read only = yes and write list = @TEST\Domain Admins doesn't work - I get access denied on the windows host, despite I'm logged on as TEST\Administrator [testshare] Comment = Test share path = /space/testshare read only = Yes write list = @TEST\Domain Admins Change it to: write list = @Domain Admins,TEST\Administrators,administrator With the same result. I tried several combinations with the @ before and after the , with and without the TEST\ in Front - no result. Maybe this is stating the obvious, but did you make sure the actual file system permissions are correct? (ie chgrp -R Domain Admins /home/testshare) As written in the original post: I did a chmod 777 /home/testshare. So file system permissions should not be the problem. Additionally i can write through samba when I do a read only = no - so file system should be ok... But I want to write as a Domain Admins group member only... regards Lukas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba