Re: [Samba] CentOS samba upgrade
Thank you so much for your help. the packages on http://enterprisesamba.com/site worked/installed fine. these are the packages I installed libsmbclient-3.0.23d-30.i386.rpm samba3-client-3.0.23d-30.i386.rpm samba3-3.0.23d-30.i386.rpm On 2/6/07, Miles, Noal <[EMAIL PROTECTED]> wrote: http://enterprisesamba.com/ is linked off of the samba site and has compiled binaries for RHEL/CentOS... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of M Azer Sent: Monday, February 05, 2007 9:41 PM To: samba Subject: [Samba] CentOS samba upgrade Centos samba version is 3.0.10 which is the package that comes with the disto - is the only way to upgrade to the latest samba 3.0.24 is to recompile the samba source? I have tried "yum update samba" however it says 3.0.10 is the latest so i downloaded 3.0.24 and tried rpm -Uvh or yum localinstall but i get the following dependency errors to # yum install samba-common-3.0.24-1.i386.rpm Setting up Install Process Setting up repositories Reading repository metadata in from local files Parsing package install arguments Examining samba-common-3.0.24-1.i386.rpm: samba-common - 3.0.24-1.i386 Marking samba-common-3.0.24-1.i386.rpm as an update to samba-common - 3.0.10-1.4E.9.i386 Resolving Dependencies --> Populating transaction set with selected packages. Please wait. ---> Package samba-common.i386 0:3.0.24-1 set to be updated --> Running transaction check --> Processing Dependency: libc.so.6(GLIBC_2.4) for package: --> samba-common Processing Dependency: libkrb5.so.3(krb5_3_MIT) for --> package: samba-common --> Processing Dependency: libgssapi_krb5.so.2(gssapi_krb5_2_MIT) for package: samba-common --> Processing Dependency: libldap-2.3.so.0 for package: samba-common --> Processing Dependency: libpam.so.0(LIBPAM_1.0) for package: --> samba-common Processing Dependency: liblber-2.3.so.0 for package: --> samba-common Processing Dependency: samba-common = 0:3.0.10 for --> package: samba-client Processing Dependency: rtld(GNU_HASH) for --> package: samba-common Processing Dependency: --> libk5crypto.so.3(k5crypto_3_MIT) for package: samba-common --> Finished Dependency Resolution *Error: Missing Dependency: libc.so.6(GLIBC_2.4) is needed by package samba-common Error: Missing Dependency: libkrb5.so.3(krb5_3_MIT) is needed by package samba-common Error: Missing Dependency: libgssapi_krb5.so.2(gssapi_krb5_2_MIT) is needed by package samba-common Error: Missing Dependency: libldap-2.3.so.0 is needed by package samba-common Error: Missing Dependency: libpam.so.0(LIBPAM_1.0) is needed by package samba-common Error: Missing Dependency: liblber-2.3.so.0 is needed by package samba-common Error: Missing Dependency: samba-common = 0:3.0.10 is needed by package samba-client Error: Missing Dependency: rtld(GNU_HASH) is needed by package samba-common Error: Missing Dependency: libk5crypto.so.3(k5crypto_3_MIT) is needed by package samba-common* -- "Unless you try to do something beyond what you have already mastered, you will never grow." Ronald E. Osborn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- "Unless you try to do something beyond what you have already mastered, you will never grow." Ronald E. Osborn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] CentOS samba upgrade
Centos samba version is 3.0.10 which is the package that comes with the disto - is the only way to upgrade to the latest samba 3.0.24 is to recompile the samba source? I have tried "yum update samba" however it says 3.0.10 is the latest so i downloaded 3.0.24 and tried rpm -Uvh or yum localinstall but i get the following dependency errors to # yum install samba-common-3.0.24-1.i386.rpm Setting up Install Process Setting up repositories Reading repository metadata in from local files Parsing package install arguments Examining samba-common-3.0.24-1.i386.rpm: samba-common - 3.0.24-1.i386 Marking samba-common-3.0.24-1.i386.rpm as an update to samba-common - 3.0.10-1.4E.9.i386 Resolving Dependencies --> Populating transaction set with selected packages. Please wait. ---> Package samba-common.i386 0:3.0.24-1 set to be updated --> Running transaction check --> Processing Dependency: libc.so.6(GLIBC_2.4) for package: samba-common --> Processing Dependency: libkrb5.so.3(krb5_3_MIT) for package: samba-common --> Processing Dependency: libgssapi_krb5.so.2(gssapi_krb5_2_MIT) for package: samba-common --> Processing Dependency: libldap-2.3.so.0 for package: samba-common --> Processing Dependency: libpam.so.0(LIBPAM_1.0) for package: samba-common --> Processing Dependency: liblber-2.3.so.0 for package: samba-common --> Processing Dependency: samba-common = 0:3.0.10 for package: samba-client --> Processing Dependency: rtld(GNU_HASH) for package: samba-common --> Processing Dependency: libk5crypto.so.3(k5crypto_3_MIT) for package: samba-common --> Finished Dependency Resolution *Error: Missing Dependency: libc.so.6(GLIBC_2.4) is needed by package samba-common Error: Missing Dependency: libkrb5.so.3(krb5_3_MIT) is needed by package samba-common Error: Missing Dependency: libgssapi_krb5.so.2(gssapi_krb5_2_MIT) is needed by package samba-common Error: Missing Dependency: libldap-2.3.so.0 is needed by package samba-common Error: Missing Dependency: libpam.so.0(LIBPAM_1.0) is needed by package samba-common Error: Missing Dependency: liblber-2.3.so.0 is needed by package samba-common Error: Missing Dependency: samba-common = 0:3.0.10 is needed by package samba-client Error: Missing Dependency: rtld(GNU_HASH) is needed by package samba-common Error: Missing Dependency: libk5crypto.so.3(k5crypto_3_MIT) is needed by package samba-common* -- "Unless you try to do something beyond what you have already mastered, you will never grow." Ronald E. Osborn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Move Vs Copy
I assign the pub share a different a drive letter in my login script: P: public H: userhome y: Dept share and the MOVE command worked as the COPY command. now when i mv folders/files between the three different shares the folders/files get assigned the appropriate permissions as well as the appropriate group ownership and it doesn't retain the original permissions and ownership. On 2/1/07, Toby Bluhm <[EMAIL PROTECTED]> wrote: Apparently, when you use MOVE or drag-n-drop in Explorer and the source dir and dest dir on the samba server are in the same filesystem, smb will essentially do a Unix mv command. Thus the file will retain the original permissions and ownership. As long as the user could write to the dir, it would ignore setguid, share modes, ACLs, etc. We had a special directory setup to pass docs on to another group and occasionally users would forget to COPY and not MOVE the files there. I used a dnotify script on the samba server to monitor that dir and change perms when new stuff showed up. The other group could then delete the files. M Azer wrote: > [shares] >comment = Deptartments Share >path = /shares/ >public = no >browseable = yes >writable = yes >directory mask = 0770 >create mask = 0770 > > under [share] i have the following 4 folders: > > [EMAIL PROTECTED] shares]# ls -l > drwxrws--- 2 root devel 4096 Jan 31 17:41 devel > drwxrws--- 3 root finance 4096 Jan 31 16:49 fin > drwxrws--- 4 root it4096 Jan 31 17:22 it > drwxrws--- 4 root Domain Users 4096 Jan 31 17:41 pub > > as you can see each folder is owned by its group and chmod g+s is set > on all > the folders to keep the group ownership to newly created folders/files > > Thanks for the reply > > On 2/1/07, Felipe Augusto van de Wiel <[EMAIL PROTECTED]> wrote: >> >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> >> On 01/31/2007 08:49 PM, M Azer wrote: >> > when "MOVE"ing folders/files from dept share to pub share the >> > folder/files retain the dept group ownership however if I >> > "COPY" instead of using "Move" the folders/files group >> > ownership will change to the pub group >> > >> > How do I get the same behavior to work with "Move"? >> >> How is your smb.conf with regards to these shares? >> >> >> Kind regards, >> >> - -- >> Felipe Augusto van de Wiel <[EMAIL PROTECTED]> >> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE >> http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) >> -BEGIN PGP SIGNATURE- >> Version: GnuPG v1.4.6 (GNU/Linux) >> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org >> >> iD8DBQFFwepECj65ZxU4gPQRAq1+AJ9sQotC1QBv77RIsOhlDjQIf5IECwCgs17x >> 5dnV6kPbdIEsEgkxeRfi5xA= >> =sce3 >> -END PGP SIGNATURE- >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/listinfo/samba >> > > > -- -Toby -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- "Unless you try to do something beyond what you have already mastered, you will never grow." Ronald E. Osborn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Move Vs Copy
[shares] comment = Deptartments Share path = /shares/ public = no browseable = yes writable = yes directory mask = 0770 create mask = 0770 under [share] i have the following 4 folders: [EMAIL PROTECTED] shares]# ls -l drwxrws--- 2 root devel 4096 Jan 31 17:41 devel drwxrws--- 3 root finance 4096 Jan 31 16:49 fin drwxrws--- 4 root it4096 Jan 31 17:22 it drwxrws--- 4 root Domain Users 4096 Jan 31 17:41 pub as you can see each folder is owned by its group and chmod g+s is set on all the folders to keep the group ownership to newly created folders/files Thanks for the reply On 2/1/07, Felipe Augusto van de Wiel <[EMAIL PROTECTED]> wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/31/2007 08:49 PM, M Azer wrote: > when "MOVE"ing folders/files from dept share to pub share the > folder/files retain the dept group ownership however if I > "COPY" instead of using "Move" the folders/files group > ownership will change to the pub group > > How do I get the same behavior to work with "Move"? How is your smb.conf with regards to these shares? Kind regards, - -- Felipe Augusto van de Wiel <[EMAIL PROTECTED]> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFwepECj65ZxU4gPQRAq1+AJ9sQotC1QBv77RIsOhlDjQIf5IECwCgs17x 5dnV6kPbdIEsEgkxeRfi5xA= =sce3 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- "Unless you try to do something beyond what you have already mastered, you will never grow." Ronald E. Osborn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Move Vs Copy
when "MOVE"ing folders/files from dept share to pub share the folder/files retain the dept group ownership however if I "COPY" instead of using "Move" the folders/files group ownership will change to the pub group How do I get the same behavior to work with "Move"? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] winbind users template shell
I have "template shell = /sbin/nologin" in my Global smb.conf - How do I give certain domain users access to the shell for example: getent passwd cat cat:*:10016:10002:cat:/home/CAD/cat:/sbin/nologin how do I give user "cat" access to the shell " /bin/bash" ? usermod -s /bin/bash cat will not work since the user is not local to the linux machine -- "Unless you try to do something beyond what you have already mastered, you will never grow." Ronald E. Osborn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Multiple Filesystems on one path stmt in smb.conf
can you hide symlinks from appearing to users with no access to certain folders? For example multi symlinks to IT, Fin, Marketing, Devel all under the share folder when a user from Devel group login the user will see the other 3 folders but won't have access to them. is there any way to hide those folders based on permission? Thanks On 1/27/07, John Drescher <[EMAIL PROTECTED]> wrote: > What I did at my site was to share out a directory filled with > symlinks. These symlinks link to various actual directories on > different filesystems. > I do this on my network and it works very well. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- "Unless you try to do something beyond what you have already mastered, you will never grow." Ronald E. Osborn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba from outside
would WINscp be a good secure choice to access samba from the internet? On 1/24/07, Joachim Kieferle <[EMAIL PROTECTED]> wrote: Dear Jous, for security reasons this might not be the best idea. I wouldn't open a Windows share to the internet if not necessary. However you might tunnel your traffic e.g. with "putty" from the Windows clients to the server and then connect to the Samba-server internally. Hope that helps, Joachim Ismail M. Settenda wrote: > 139 and 445, both udp and tcp. And port 901 (tcp) for swat. > > -- > Ismail > > > > On 1/24/07, Josu Lazkano Lete <[EMAIL PROTECTED]> wrote: >> >> hello, i have installed samba on my network and i can access it by >> \\192.168.1.2 >> >> but i want to acces from internet, wich port i have to open in the >> router? >> >> just typing my internet public IP. >> >> thanks for all and sorry about my english >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/listinfo/samba >> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- "Unless you try to do something beyond what you have already mastered, you will never grow." Ronald E. Osborn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Login and logout scripts
I have samba setup as PDC with win 2003 AD so what i did is i setup login/logout scripts using "group policy" On 1/23/07, Mauricio Szabo <[EMAIL PROTECTED]> wrote: Is there a way to run a script on my samba PDC machine when a user logs in and logs out? Thanks in advance. -- Air conditioners and Computers are the same - they both crash when you open Windows. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- "Unless you try to do something beyond what you have already mastered, you will never grow." Ronald E. Osborn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] access users homes share
I hope this is what you are looking for. basically you need to set the sticky bit for the owner - I assume that the user1 home folder is owned by user1. chmod u+s "user1 home folder" this way any file/folder gets created will be owed by user1. http://www.zzee.com/solutions/chmod-help.shtml On 1/23/07, Sascha <[EMAIL PROTECTED]> wrote: now theres another problem: when i access a share and create a file the user will be forced to %U and not to the user who owns the homes share. when i set force user =%S then everyone can connect to the share. is there a chance that when i give user1 the rights to connect to user2 homes share (via setfacl) and user1 creates a file that this file will be chown to user2. i dont want to create a special share or groups because when i do it that way i would have 50 extra shares in my smb.conf. thanks for your help again and best regards - Original Message From: Sascha <[EMAIL PROTECTED]> To: samba@lists.samba.org Sent: Tuesday, January 23, 2007 12:39:20 PM Subject: Re: [Samba] access users homes share thanks for your help. i just did a setfacl on the users home directory and i could access it. really nice :) thanks again for the help best regards - Original Message From: Maurício Szabo <[EMAIL PROTECTED]> To: Sascha <[EMAIL PROTECTED]> Sent: Tuesday, January 23, 2007 12:27:32 PM Subject: Re: [Samba] access users homes share You can add user1 to a group that user2 is currently in, and set permissions of the user2 home share to be "group-readable". For example, user2 is a member of the group "foo", so you can add user1 to "foo" group, add user2's home share to "foo" group, and finally do a chmod g+wxr to user2's home folder. On 1/23/07, Sascha <[EMAIL PROTECTED]> wrote: hey list, we are currently migrating our users from novell to samba. now we have one problem: in novell we could give e.g. user1 access to users2 home share so he could modify, delete or add files on this share. in samba we defined a global homes share that is mapped on logon. so how can we give user1 the needed rights? here is the definition of the homes share in smb.conf: [homes] comment = user share browseable = no writeable = yes write list = %U create mask = 0600 directory mask = 0700 force user = %U force group = Administrators oplocks = true do we need to add a special share and group? thanks for help and best regards Don't pick lemons. See all the new 2007 cars at Yahoo! Autos. http://autos.yahoo.com/new_cars.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Air conditioners and Computers are the same - they both crash when you open Windows. 8:00? 8:25? 8:40? Find a flick in no time with the Yahoo! Search movie showtime shortcut. http://tools.search.yahoo.com/shortcuts/#news -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Looking for earth-friendly autos? Browse Top Cars by "Green Rating" at Yahoo! Autos' Green Center. http://autos.yahoo.com/green_center/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- "Unless you try to do something beyond what you have already mastered, you will never grow." Ronald E. Osborn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Prevent windows users from changing file/folder permission
how do i prevent windows users from changing file/folder permission? In my smb.conf i have directory security mask = security mask = force security mode = 777 but I am still able to change the files attributes "read-only" "Hidden" "Archive" -- "Unless you try to do something beyond what you have already mastered, you will never grow." Ronald E. Osborn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Multi share point to the same drive letter
This what i did. Not what i was looking for but it works fine - now when users logon they see 3 shares Home, Public and their group share. Not sure if this is the way everybody is doing it but if there is a better way please let me know /Shares drwxrws--- 4 root devel 4096 Jan 22 12:50 devel drwxrws--- 4 root finance 4096 Jan 22 10:51 fin drwxrws--- 3 root it4096 Jan 22 11:39 it drwxrwx--- 5 root Domain Users 4096 Jan 22 12:50 pub Login script: net use H: "\\itbox\%username%" /persistent:no net use P: "\\itbox\Public Share" /persistent:no net use O: "\\itbox\Development Dept Share" /persistent:no net use F: "\\itbox\Finance Dept Share" /persistent:no net use I: "\\itbox\Info Sys Dept Share" /persistent:no smb.conf [homes] comment = Users Home Directories read only = no browseable = no [Development Dept Share] comment = Development Dept Share path = /shares/devel public = no browseable = yes writable = yes directory mask = 0770 create mask = 0770 [Finance Dept Share] comment = Finance Dept Share path = /shares/fin public = no browseable = yes writable = yes directory mask = 0770 create mask = 0770 [Info Sys Dept Share] comment = IT Dept Share path = /shares/it public = no browseable = yes writable = yes directory mask = 0770 create mask = 0770 [Public Share] comment = CAD Public Share path = /shares/pub public = no browseable = yes writable = yes directory mask = 0770 create mask = 0770 On 1/22/07, Dale Schroeder <[EMAIL PROTECTED]> wrote: Have you tried valid users = hide unreadable = yes Would that work for you? M Azer wrote: I have the same setup where all of my Dept shares under a parent share for example finance, sales, IT are all under the shares folder and i have setup a one login script in the user profile to map to the parent share net use P: "\\samba\shares however if someone from the sales group log in he will see all 3 share but will only be permitted to go in the sales share same works with the other group members. What I am trying to do is when the sales user log in I only want the user to see the Sales folder 'share' only not the other two shares. I have set the right permission on all shares where the each group own the folder for example sales folder will be owned by the root and the group will be the sales group sales rwxrwx000 root sales however when someone not a member of the sales group logon they still see the sales folder 'share' On 1/20/07, Dale Schroeder <[EMAIL PROTECTED]> wrote: > > I did exactly that by creating a "super share". > For example, if you have shared directories /data/finance, /data/IT, and > /data/Devel, you can map the drive letter P to the shared directory > "/data". > Adjust the configurations of the super share and subshares to provide > the controlled access that you wish. > > Good luck, > Dale > > M Azer wrote: > > I have samba 3 setup up as ads for windows 2003 AD. is there any way > to > > create multiable shares in Samba that point to same drive letter. > > for instance: > > [finance] > > [IT] > > [Devel] > > > > what I want to accomplish is when the user double click "MY Computer" > 2 > > network drive exist > > > > H for user home > > P for Company shares which should show the 3 above shares > > > > Thanks > -- "Unless you try to do something beyond what you have already mastered, you will never grow." Ronald E. Osborn -- No virus found in this incoming message. Checked by AVG. Version: 7.5.441 / Virus Database: 268.17.4/644 - Release Date: 01/22/2007 07:30 AM -- "Unless you try to do something beyond what you have already mastered, you will never grow." Ronald E. Osborn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Assign different shells to
Thanks for the reply - your idea is exactly want i want to do . I am setting up default winbind to no shell "/sbin/false" - the question how do i accomplish the secaond have of your answer which is to give certain users access to the shell "/bin/bash" - winbind users don't appear in "/etc/passwd" thats why I can't just user " usermod -s /bin/bash username" does anybody know who to give certain winbind users access to the shell while the global setting in smb.conf is set to "/sbin/false" Thanks On 1/21/07, Tim Boneko <[EMAIL PROTECTED]> wrote: M Azer schrieb: > However, there are some users that require shell > access. How can I set a real shell for those domain > users that need a shell on the machine ? Hello! I don't have winbind installed and can't test it, but what about this idea: If winbind allowed to use some sort of default shell setting (like reading the shell from /etc/passwd), it should be possible to set a different shell for each user there and configure a "winbind default shell" like /bin/false for the rest of the users. The english section of my brain seems a bit sleepy today. Did you get my idea? And: is it any worth? timbo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- "Unless you try to do something beyond what you have already mastered, you will never grow." Ronald E. Osborn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Multi share point to the same drive letter
I have the same setup where all of my Dept shares under a parent share for example finance, sales, IT are all under the shares folder and i have setup a one login script in the user profile to map to the parent share net use P: "\\samba\shares however if someone from the sales group log in he will see all 3 share but will only be permitted to go in the sales share same works with the other group members. What I am trying to do is when the sales user log in I only want the user to see the Sales folder 'share' only not the other two shares. I have set the right permission on all shares where the each group own the folder for example sales folder will be owned by the root and the group will be the sales group sales rwxrwx000 root sales however when someone not a member of the sales group logon they still see the sales folder 'share' On 1/20/07, Dale Schroeder <[EMAIL PROTECTED]> wrote: I did exactly that by creating a "super share". For example, if you have shared directories /data/finance, /data/IT, and /data/Devel, you can map the drive letter P to the shared directory "/data". Adjust the configurations of the super share and subshares to provide the controlled access that you wish. Good luck, Dale M Azer wrote: > I have samba 3 setup up as ads for windows 2003 AD. is there any way to > create multiable shares in Samba that point to same drive letter. > for instance: > [finance] > [IT] > [Devel] > > what I want to accomplish is when the user double click "MY Computer" 2 > network drive exist > > H for user home > P for Company shares which should show the 3 above shares > > Thanks -- "Unless you try to do something beyond what you have already mastered, you will never grow." Ronald E. Osborn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Multi share point to the same drive letter
I have samba 3 setup up as ads for windows 2003 AD. is there any way to create multiable shares in Samba that point to same drive letter. for instance: [finance] [IT] [Devel] what I want to accomplish is when the user double click "MY Computer" 2 network drive exist H for user home P for Company shares which should show the 3 above shares Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Assign different shells to
I have Samba 3.0 running on SuSE 9.0 using winbindd to authenticate my users. Everthing works properly. I have set the template shell for winbind to /bin/false as I don't want to give everyone shell access to the server. However, there are some users that require shell access. How can I set a real shell for those domain users that need a shell on the machine ? What's the procedure for overriding the winbind default of /bin false for selected users? I am wondering if there is an option to assign different shells to specific users in a winbind setup. As far as I can see, the template shell option is an "all or nothing" scenario. Is this the case? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] windows 2003 can't map drives
did you create the share "webcal" on your samba machine if you didn't thats why you getting this message. also make sure if its a share for all of you windows domain users that the "webcal" share is ownd by the "domain users" group drwxrwx--- 4 root Domain Users 4096 Jan 17 17:43 webcal chgrp -R 'domain users' webcal On 1/18/07, Larry Adamiec <[EMAIL PROTECTED]> wrote: I am running Samba Version 3.0.23a on a Solaris 10 machine. On Windows XP I can map a drive to \\www\webcal I can't do this on a WIndows 2003 machine. I get an error message stating "The drive couldn't be mapped because no network was found" I have not been able to find a solution for this. Larry -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Users shell
since i am using "template shell = /bin/bash" in my smb.conf all of our users have access to the shell. how do i prevent certain users from being able to login using the shell getent passwd cat cat:*:10016:10002:cat:/home/CAD/cat:/bin/bash how do i change the user "cat" shell to /sbin/nologin I know if the user was a local user /etc/passwd i could use "usermode -s /sbin/nologin cat -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Auto Create user home directory
when i add obey pam restrictions = yes to smb.conf. users home dir is created when the user login for the first time BUT i also noticed that the machine name is also being created under the home directory - i sent out another email with this question but I didn't get any replies [EMAIL PROTECTED] CAD]$ ls -l total 20 drwx-- 3 ad01$ Domain Computers 4096 Jan 17 17:57 ad01_ drwx-- 3 administrator Domain Users 4096 Jan 17 17:59 administrator drwx-- 3 cat Domain Users 4096 Jan 17 18:07 cat drwx-- 4 mina.azer Domain Users 4096 Jan 17 17:57 mina.azer drwx-- 3 vdc2$ as u can see the first and last item are machine accounts .. is that right?? smb.conf [global] security = ADS workgroup = CAD realm = CAD.TESTDOMAIN netbios name = itbox preferred master = no password server = 192.168.1.6 client use spnego = yes server signing = auto encrypt passwords = yes nt acl support = no obey pam restrictions = yes winbind separator = + idmap uid = 1000-2 idmap gid = 1000-2 winbind enum users = yes winbind enum groups = yes winbind use default domain = yes winbind cache time = 0 winbind nested groups = yes template homedir = /home/%D/%U template shell = /bin/bash log file = /var/log/samba/%m.log log level = 3 max log size= 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 hosts allow = 192.168.1. 192.168.0. 127. [homes] comment = Home Directories read only = No browseable = No directory mask = 0700 create mask = 0700 On 1/15/07, Ed Plese <[EMAIL PROTECTED]> wrote: On Mon, Jan 15, 2007 at 12:11:29PM -0500, M Azer wrote: > now that all permissions are right - if i create a new user on the win 2003 > active directory and specify a home user under profile i will get " the home > folder could not be created because: the network name cannot be found" I > know for sure I am getting that error because the user home folder doesn't > exist yet on the samba machine - is there any way to get the user home > created automatically once a new user are added to active directory. > > Note: If the new user log in the linux terminal the home user will be > created automatically because i am using session required > /lib/security/$ISA/pam_mkhomedir.so skel=/etc/skel umask=0077 > in my pam.d/system_auth. how do i get the same thing working when i create a > user with active directory. You might try adding the following to your smb.conf file: [global] obey pam restrictions = yes Ed Plese -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Machine account in Users home
Hello, Am i suppose to see win machine names in users home? they are created when users login using their workstations here is my home directory [EMAIL PROTECTED] CAD]$ ls -l total 20 drwx-- 3 ad01$ Domain Computers 4096 Jan 17 17:57 ad01_ drwx-- 3 administrator Domain Users 4096 Jan 17 17:59 administrator drwx-- 3 cat Domain Users 4096 Jan 17 18:07 cat drwx-- 4 mina.azer Domain Users 4096 Jan 17 17:57 mina.azer drwx-- 3 vdc2$ as u can see the first and last item are machine accounts .. is that right?? smb.conf [global] security = ADS workgroup = CAD realm = CAD.TESTDOMAIN netbios name = itbox preferred master = no password server = 192.168.1.6 client use spnego = yes server signing = auto encrypt passwords = yes nt acl support = no obey pam restrictions = yes winbind separator = + idmap uid = 1000-2 idmap gid = 1000-2 winbind enum users = yes winbind enum groups = yes winbind use default domain = yes winbind cache time = 0 winbind nested groups = yes template homedir = /home/%D/%U template shell = /bin/bash log file = /var/log/samba/%m.log log level = 3 max log size= 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 hosts allow = 192.168.1. 192.168.0. 127. [homes] comment = Home Directories read only = No browseable = No directory mask = 0700 create mask = 0700 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] user home dir
I still can't create the user home directory while creating the user account under win2003 AD. once i put the path in for the home directory "\\server\%username%" i get "the home folder could not be created because: the network name cannot be found" I am sure somebody must came across creating users home before - can anybody help please smb.conf [global] security = ADS workgroup = CAD realm = CAD.TESTDOMAIN netbios name = itbox preferred master = no password server = 192.168.1.6 client use spnego = yes server signing = auto encrypt passwords = yes nt acl support = no obey pam restrictions = yes winbind separator = + idmap uid = 1000-2 idmap gid = 1000-2 winbind enum users = yes winbind enum groups = yes winbind use default domain = yes winbind cache time = 0 winbind nested groups = yes template homedir = /home/%D/%U template shell = /bin/bash log file = /var/log/samba/%m.log log level = 3 max log size= 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 hosts allow = 192.168.1. 192.168.0. 127. [homes] comment = Home Directories read only = No browseable = No directory mask = 0700 create mask = 0700 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] prevent windows users from changing the share permission
how do i prevent windows users from changing the share permission? I used "security mask = 0" as so many google links point to as well as the samba documentation page 324 however when users logon they still see the permission and they are able to change them -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Auto Create user home directory
I have created the Domain folder "CAD" where all the users home should be created under. however I still can't create a new user in win 2003 AD and have the home folder be created automatically - I still have to create the home folder first then create the user. does it have anything to do with pam.d directory? any modification need to be done there? On 1/15/07, Jason Haar <[EMAIL PROTECTED]> wrote: Dale Schroeder wrote: > I see you have "template homedir = /home/%D/%U". Did you create the > directory /home/CAD? It is not created automatically, and that is one > thing that seems to be left out of the how-to's. I set the directory > permissions to 770, owned by root*:*"DOMAIN+Domain Users". After > doing this, all my user home directories were created on 1st login. I think that should be reported as a bug. As "%D" is dynamic and may change with time (as new domains are added to an existing site), expecting it to be manually created beforehand is a bit odd. If "%U" can be created on the fly - why not anything else? -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] User permissions
I just discovered that from windows client with a domain user logged in. i could right click on any share, samba shares, go to the security tab and change all the security. How do I prevent users from changing permissions? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Auto Create user home directory
now that all permissions are right - if i create a new user on the win 2003 active directory and specify a home user under profile i will get " the home folder could not be created because: the network name cannot be found" I know for sure I am getting that error because the user home folder doesn't exist yet on the samba machine - is there any way to get the user home created automatically once a new user are added to active directory. Note: If the new user log in the linux terminal the home user will be created automatically because i am using session required /lib/security/$ISA/pam_mkhomedir.so skel=/etc/skel umask=0077 in my pam.d/system_auth. how do i get the same thing working when i create a user with active directory. Thanks for you help ___ I removed the "valid users = %S" and it worked - Thanks for you help On 1/15/07, M Azer <[EMAIL PROTECTED] > wrote:Hello all, I am running samba-3.0.23c-2 on Redhat 3 enterprise as ADS. I am able to see the windows users and groups with wbinfo. [EMAIL PROTECTED] /]# getent passwd windowuser windowuser:*:1:10002:windowuser:/home/CAD/windowuser:/bin/bash when i log to the network with one of the xp client machine i see home share as well as a public share but i get access denied to both even after giving the public share chmod 777 to everything on. from the linux terminal i tried to: [EMAIL PROTECTED] /]# smbclient //itbox/windowuser -U windowuser Password: session setup failed: NT_STATUS_UNEXPECTED_NETWORK_ERROR the second time I ran the same command i got: [EMAIL PROTECTED] /]# smbclient //itbox/windowuser -U windowuser Password: Domain=[CAD] OS=[Unix] Server=[Samba 3.0.23c-2] tree connect failed: NT_STATUS_ACCESS_DENIED all of my windows users are able to logon the linux termainl with their windows username and password [global] #ADS security = ADS workgroup = CAD realm = CAD.TESTDOMAIN netbios name = itbox preferred master = no password server = 192.168.1.6 client use spnego = yes server signing = auto encrypt passwords = yes #winbind winbind separator = + idmap uid = 1000-2 idmap gid = 1000-2 winbind enum users = yes winbind enum groups = yes winbind use default domain = yes winbind cache time = 0 winbind nested groups = yes template homedir = /home/%D/%U template shell = /bin/bash #logs log file = /var/log/samba/%m.log log level = 3 max log size= 50 #extras socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 hosts allow = 192.168.1. 192.168.0. 127. [homes] comment = Home Directories valid users = %S read only = No browseable = No [data] path = /data public = yes writable = yes browseable = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: NT_STATUS_UNEXPECTED_NETWORK_ERROR - Solved
I removed the "valid users = %S" and it worked - Thanks for you help On 1/15/07, M Azer <[EMAIL PROTECTED]> wrote: Hello all, I am running samba-3.0.23c-2 on Redhat 3 enterprise as ADS. I am able to see the windows users and groups with wbinfo. [EMAIL PROTECTED] /]# getent passwd windowuser windowuser:*:1:10002:windowuser:/home/CAD/windowuser:/bin/bash when i log to the network with one of the xp client machine i see home share as well as a public share but i get access denied to both even after giving the public share chmod 777 to everything on. from the linux terminal i tried to: [EMAIL PROTECTED] /]# smbclient //itbox/windowuser -U windowuser Password: session setup failed: NT_STATUS_UNEXPECTED_NETWORK_ERROR the second time I ran the same command i got: [EMAIL PROTECTED] /]# smbclient //itbox/windowuser -U windowuser Password: Domain=[CAD] OS=[Unix] Server=[Samba 3.0.23c-2] tree connect failed: NT_STATUS_ACCESS_DENIED all of my windows users are able to logon the linux termainl with their windows username and password [global] #ADS security = ADS workgroup = CAD realm = CAD.TESTDOMAIN netbios name = itbox preferred master = no password server = 192.168.1.6 client use spnego = yes server signing = auto encrypt passwords = yes #winbind winbind separator = + idmap uid = 1000-2 idmap gid = 1000-2 winbind enum users = yes winbind enum groups = yes winbind use default domain = yes winbind cache time = 0 winbind nested groups = yes template homedir = /home/%D/%U template shell = /bin/bash #logs log file = /var/log/samba/%m.log log level = 3 max log size= 50 #extras socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 hosts allow = 192.168.1. 192.168.0. 127. [homes] comment = Home Directories valid users = %S read only = No browseable = No [data] path = /data public = yes writable = yes browseable = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] NT_STATUS_UNEXPECTED_NETWORK_ERROR
Hello all, I am running samba-3.0.23c-2 on Redhat 3 enterprise as ADS. I am able to see the windows users and groups with wbinfo. [EMAIL PROTECTED] /]# getent passwd windowuser windowuser:*:1:10002:windowuser:/home/CAD/windowuser:/bin/bash when i log to the network with one of the xp client machine i see home share as well as a public share but i get access denied to both even after giving the public share chmod 777 to everything on. from the linux terminal i tried to: [EMAIL PROTECTED] /]# smbclient //itbox/windowuser -U windowuser Password: session setup failed: NT_STATUS_UNEXPECTED_NETWORK_ERROR the second time I ran the same command i got: [EMAIL PROTECTED] /]# smbclient //itbox/windowuser -U windowuser Password: Domain=[CAD] OS=[Unix] Server=[Samba 3.0.23c-2] tree connect failed: NT_STATUS_ACCESS_DENIED all of my windows users are able to logon the linux termainl with their windows username and password [global] #ADS security = ADS workgroup = CAD realm = CAD.TESTDOMAIN netbios name = itbox preferred master = no password server = 192.168.1.6 client use spnego = yes server signing = auto encrypt passwords = yes #winbind winbind separator = + idmap uid = 1000-2 idmap gid = 1000-2 winbind enum users = yes winbind enum groups = yes winbind use default domain = yes winbind cache time = 0 winbind nested groups = yes template homedir = /home/%D/%U template shell = /bin/bash #logs log file = /var/log/samba/%m.log log level = 3 max log size= 50 #extras socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 hosts allow = 192.168.1. 192.168.0. 127. [homes] comment = Home Directories valid users = %S read only = No browseable = No [data] path = /data public = yes writable = yes browseable = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] net ads problem
this is my smb.conf *smb.conf* [global] workgroup = CAD netbios name = itbox hosts allow = 192.168.1. 192.168.0. 127. winbind separator = + idmap uid = 1-2 idmap gid = 1-2 winbind enum users = yes winbind enum groups = yes winbind use default domain = yes winbind cache time = 10 template homedir = /home/%D/%U template shell = /bin/bash security = ADS realm = CAD.TESTDOMAIN password server = vdc2.CAD.TESTDOMAIN encrypt passwords = yes log file = /var/log/samba/%m.log log level = 10 max log size= 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 [homes] comment = Home Directories valid users = %S read only = No browseable = No directory mask = 0700 create mask = 0700 On 1/8/07, M Azer <[EMAIL PROTECTED]> wrote: Amin, In your smb.conf make sure that "security = ADS" I used the "net ads join -Uwinadmin%'passwd' to join the domain On 1/7/07, Warren Beldad <[EMAIL PROTECTED]> wrote: > > you have an incorrect samba configuration. please post your smb.conf so > that > others can help you or visit samba's homepage and take a look at > howto's, > its all there on how to join ads domain. > > thanks, > warren > > On 1/8/07, Azher Amin <[EMAIL PROTECTED]> wrote: > > > > Hi, > > > > I am trying to join a server to AD domain and getting the following > error: > > > > [EMAIL PROTECTED] ~]# net ads join -S mnsvr.my.edu.pk -U rev > > Host is not configured as a member server. > > Invalid configuration. Exiting > > [EMAIL PROTECTED] ~]# > > > > > > Plz suggest, what can be the possible errors. > > > > Regards > > -Azher > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/listinfo/samba > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] net ads problem
Amin, In your smb.conf make sure that "security = ADS" I used the "net ads join -Uwinadmin%'passwd' to join the domain On 1/7/07, Warren Beldad <[EMAIL PROTECTED]> wrote: you have an incorrect samba configuration. please post your smb.conf so that others can help you or visit samba's homepage and take a look at howto's, its all there on how to join ads domain. thanks, warren On 1/8/07, Azher Amin <[EMAIL PROTECTED]> wrote: > > Hi, > > I am trying to join a server to AD domain and getting the following error: > > [EMAIL PROTECTED] ~]# net ads join -S mnsvr.my.edu.pk -U rev > Host is not configured as a member server. > Invalid configuration. Exiting > [EMAIL PROTECTED] ~]# > > > Plz suggest, what can be the possible errors. > > Regards > -Azher > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Kerberos and PAM
when setting winbind to auth windows 2003 AD users do i need to configure
pam.d/login or pam.d/system_auth?
On 1/6/07, M Azer <[EMAIL PROTECTED]> wrote:
Thank you all for your replies. i have read the samba docs and followed it
to the letter i have supplied my configurations please let me know if i am
missing anything -
*smb.conf*
[global]
workgroup = CAD
netbios name = itbox
hosts allow = 192.168.1. 192.168.0. 127.
winbind separator = +
idmap uid = 1-2
idmap gid = 1-2
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind cache time = 10
template homedir = /home/%D/%U
template shell = /bin/bash
security = ADS
realm = CAD.TESTDOMAIN
password server = vdc2.CAD.TESTDOMAIN
encrypt passwords = yes
log file = /var/log/samba/%m.log
log level = 10
max log size= 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
[homes]
comment = Home Directories
valid users = %S
read only = No
browseable = No
directory mask = 0700
create mask = 0700
[data]
comment = Doc Samba Server
path = /data
read only = yes
guest only = yes
*nsswitch.conf*
passwd: files winbind
shadow: files winbind
group: files winbind
*krb5.conf*
[libdefaults]
default_realm = CAD.TESTDOMAIN
[realms]
CAD.TESTDOMAIN = {
kdc = vdc2.cad.testdomain
}
[domain_realms]
.kerberos.server = CAD.TESTDOMAIN
*pam.d/login*
#%PAM-1.0
auth required pam_securetty.so
auth sufficient pam_winbind.so
auth sufficient pam_unix.so use_first_pass
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
account sufficient pam_winbind.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
session optional pam_console.so
*pam.d/samba*
#%PAM-1.0
auth required pam_nologin.so
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
[EMAIL PROTECTED] pam.d]$ wbinfo -t
checking the trust secret via RPC calls succeeded
[EMAIL PROTECTED] pam.d]$ wbinfo -m
itbox
CAD
[EMAIL PROTECTED] pam.d]$ getent passwd admin_mina
admin_mina:*:10001:10002:admin mina:/home/CAD/admin_mina:/bin/bash
[EMAIL PROTECTED] pam.d]# /usr/bin/net ads join -Uadministrator
administrator's password:
Using short domain name -- CAD
Joined 'ITBOX' to realm 'CAD.TESTDOMAIN'
wbinfo -u, wbinfo -g all work fine
ps aux | grep winbind
root 2965 0.0 0.3 10188 2848 ? Ss Jan05 0:00 winbindd
root 2966 0.0 0.4 10676 3292 ? S Jan05 0:00 winbindd
smbclient -L itbox
Password:
session setup failed: NT_STATUS_LOGON_FAILURE
when i use a xp client machine to login i see the share, data and home
directory, i am able to open data however when i click on homedir windows
logon screen comes up requesting username and password - always says wrong
username and password please try again
any help will be appreciated.
On 1/5/07, kk <[EMAIL PROTECTED]> wrote:
>
> Refer this :
> http://kbase.redhat.com/faq/FAQ_85_5787.shtm
>
>
> Regards,
> Kaustubh
> --- M Azer <[EMAIL PROTECTED] > wrote:
>
> > I am new to samba. I followed the docs on samba.com
> > to configure samba as
> > "domain member", security = domain, and to user
> > winbind to authenticate
> > users against windows 2003 AD. well, my question is
> > the steps mentioned the
> > use of PAM to do the authentications against the AD
> > but it doesn't work - do
> > I also need to configure kerberos for this type of
> > installation?
> >
> > [EMAIL PROTECTED] john]# smbclient -L testbox
> > Password:
> > session setup failed: *NT_STATUS_LOGON_FAILURE*
> >
> > client machines XP pro are able to browse the
> > network and
> > get to see my share (user share) however when i
> > double click it i get a
> > login asking for the user name and password
> >
> > smb.conf:
> > [global]
> > workgroup = CAD
> > netbios name = itbox
> > security = DOMAIN
> > encrypt passwords = yes
> > winbind separator = +
> > idmap uid = 1-2
> > idmap gid = 1-2
> > winbind enum users = yes
> > winbind enum groups = yes
> > winbind use default domain = yes
> > [homes]
> > comment = Home Directories
> > valid users = %S
> > read only = No
> > browseable = No
> >
> > pam.d/samba
> > #%PAM-1.0
> > auth required pam_nologin.so
> > auth required pam_stack.so service=system-auth
> > auth required pam_winbind.so
> > account required pam_winbind.so
> > account required pam_stack.so service=system-auth
> > session required pam_mkhomedir.so
> > skel=/etc/samba/skel umask=0022
Re: [Samba] Kerberos and PAM
Thank you all for your replies. i have read the samba docs and followed it
to the letter i have supplied my configurations please let me know if i am
missing anything -
*smb.conf*
[global]
workgroup = CAD
netbios name = itbox
hosts allow = 192.168.1. 192.168.0. 127.
winbind separator = +
idmap uid = 1-2
idmap gid = 1-2
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind cache time = 10
template homedir = /home/%D/%U
template shell = /bin/bash
security = ADS
realm = CAD.TESTDOMAIN
password server = vdc2.CAD.TESTDOMAIN
encrypt passwords = yes
log file = /var/log/samba/%m.log
log level = 10
max log size= 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
[homes]
comment = Home Directories
valid users = %S
read only = No
browseable = No
directory mask = 0700
create mask = 0700
[data]
comment = Doc Samba Server
path = /data
read only = yes
guest only = yes
*nsswitch.conf*
passwd: files winbind
shadow: files winbind
group: files winbind
*krb5.conf*
[libdefaults]
default_realm = CAD.TESTDOMAIN
[realms]
CAD.TESTDOMAIN = {
kdc = vdc2.cad.testdomain
}
[domain_realms]
.kerberos.server = CAD.TESTDOMAIN
*pam.d/login*
#%PAM-1.0
auth required pam_securetty.so
auth sufficient pam_winbind.so
auth sufficient pam_unix.so use_first_pass
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
account sufficient pam_winbind.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
session optional pam_console.so
*pam.d/samba*
#%PAM-1.0
auth required pam_nologin.so
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
[EMAIL PROTECTED] pam.d]$ wbinfo -t
checking the trust secret via RPC calls succeeded
[EMAIL PROTECTED] pam.d]$ wbinfo -m
itbox
CAD
[EMAIL PROTECTED] pam.d]$ getent passwd admin_mina
admin_mina:*:10001:10002:admin mina:/home/CAD/admin_mina:/bin/bash
[EMAIL PROTECTED] pam.d]# /usr/bin/net ads join -Uadministrator
administrator's password:
Using short domain name -- CAD
Joined 'ITBOX' to realm 'CAD.TESTDOMAIN'
wbinfo -u, wbinfo -g all work fine
ps aux | grep winbind
root 2965 0.0 0.3 10188 2848 ? Ss Jan05 0:00 winbindd
root 2966 0.0 0.4 10676 3292 ? S Jan05 0:00 winbindd
smbclient -L itbox
Password:
session setup failed: NT_STATUS_LOGON_FAILURE
when i use a xp client machine to login i see the share, data and home
directory, i am able to open data however when i click on homedir windows
logon screen comes up requesting username and password - always says wrong
username and password please try again
any help will be appreciated.
On 1/5/07, kk <[EMAIL PROTECTED]> wrote:
Refer this :
http://kbase.redhat.com/faq/FAQ_85_5787.shtm
Regards,
Kaustubh
--- M Azer <[EMAIL PROTECTED]> wrote:
> I am new to samba. I followed the docs on samba.com
> to configure samba as
> "domain member", security = domain, and to user
> winbind to authenticate
> users against windows 2003 AD. well, my question is
> the steps mentioned the
> use of PAM to do the authentications against the AD
> but it doesn't work - do
> I also need to configure kerberos for this type of
> installation?
>
> [EMAIL PROTECTED] john]# smbclient -L testbox
> Password:
> session setup failed: *NT_STATUS_LOGON_FAILURE*
>
> client machines XP pro are able to browse the
> network and
> get to see my share (user share) however when i
> double click it i get a
> login asking for the user name and password
>
> smb.conf:
> [global]
> workgroup = CAD
> netbios name = itbox
> security = DOMAIN
> encrypt passwords = yes
> winbind separator = +
> idmap uid = 1-2
> idmap gid = 1-2
> winbind enum users = yes
> winbind enum groups = yes
> winbind use default domain = yes
> [homes]
> comment = Home Directories
> valid users = %S
> read only = No
> browseable = No
>
> pam.d/samba
> #%PAM-1.0
> auth required pam_nologin.so
> auth required pam_stack.so service=system-auth
> auth required pam_winbind.so
> account required pam_winbind.so
> account required pam_stack.so service=system-auth
> session required pam_mkhomedir.so
> skel=/etc/samba/skel umask=0022
> session required pam_stack.so service=system-auth
> password required pam_stack.so service=system-auth
> --
> To unsubscribe from this list go to the following
> URL and read the
> instructions:
> https://lists.samba.org/mailman/listinfo/samba
>
Do not go where the path may lead, go instead where there is no path and
leave a trail. -
KK
__
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] PAM configuration
when setting up samba with winbind as "security = domain" to user 2003 AD users for authentications. do i need to configure pam.d/samba pam.d/login pam.d/auth Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Kerberos and PAM
I am new to samba. I followed the docs on samba.com to configure samba as "domain member", security = domain, and to user winbind to authenticate users against windows 2003 AD. well, my question is the steps mentioned the use of PAM to do the authentications against the AD but it doesn't work - do I also need to configure kerberos for this type of installation? [EMAIL PROTECTED] john]# smbclient -L testbox Password: session setup failed: *NT_STATUS_LOGON_FAILURE* client machines XP pro are able to browse the network and get to see my share (user share) however when i double click it i get a login asking for the user name and password smb.conf: [global] workgroup = CAD netbios name = itbox security = DOMAIN encrypt passwords = yes winbind separator = + idmap uid = 1-2 idmap gid = 1-2 winbind enum users = yes winbind enum groups = yes winbind use default domain = yes [homes] comment = Home Directories valid users = %S read only = No browseable = No pam.d/samba #%PAM-1.0 auth required pam_nologin.so auth required pam_stack.so service=system-auth auth required pam_winbind.so account required pam_winbind.so account required pam_stack.so service=system-auth session required pam_mkhomedir.so skel=/etc/samba/skel umask=0022 session required pam_stack.so service=system-auth password required pam_stack.so service=system-auth -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] how do i tell winbind to use PAM
quick question how do i tell winbind to use PAM to authenticate user against 03 AD? vi /etc/pam.d/samba #%PAM-1.0 auth required pam_nologin.so auth required pam_stack.so service=system-auth auth required pam_winbind.so accountrequired pam_winbind.so accountrequired pam_stack.so service=system-auth sessionrequired pam_mkhomedir.so skel=/etc/samba/skel umask=0022 sessionrequired pam_stack.so service=system-auth password required pam_stack.so service=system-auth smb.conf [global] workgroup = CAD netbios name = itbox security = DOMAIN encrypt passwords = yes winbind separator = + idmap uid = 1-2 idmap gid = 1-2 winbind enum users = yes winbind enum groups = yes winbind use default domain = yes [homes] comment = Home Directories valid users = %S read only = No browseable = No -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind/samba domain logon
Hello all, I am setting up samba 3.0.23c as a domain member of win2003 active directory- the following steps were successful: 1-join the domain (Joined domain CAD) 2-nmbd, smbd and winbindd were started fine 3-edited nsswich.conf a-passwd files winbind b-group files winbind 4-wbinfo -u and -g worked fine i could see the users and the groups as well as getnet passwd user -all fine 5- wbinfo -t return* checking the trust secret via RPC calls succeeded* First question: when I created a folder on samba then changed the owner to be one of the AD users the ls -l that folder i get -rw-r--r-- 1 *10002* root 0 Jan 4 12:15 file *INSTEAD OF* -rw-r--r-- 1 *John* root 0 Jan 4 12:15 file so instead of getting back the owner name i get the owner UID? Second question which the more important one is on my client machine XP pro i could browse the network and get to see my share (user share) however when i double click it i get a login asking for the user name and password I am missing something because i thought that winbind should authenticate the user against the windows 2003 AD once i login? smb.conf: [global] workgroup = CAD netbios name = testbox security = DOMAIN idmap uid = 15000-2 idmap gid = 15000-2 winbind use default domain = yes [homes] comment = Home Directories valid users = %S read only = No browseable = No -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Could not authenticate user user%password with plaintext password
Hello, I am new to samba however i am trying configure samba to attach to 2003 AD as ADS which worked ok however i am getting this error message: [EMAIL PROTECTED] user]# wbinfo -a user%password plaintext password authentication failed error code was NT_STATUS_ACCESS_DENIED (0xc022) error messsage was: Access denied Could not authenticate user user%password with plaintext password challenge/response password authentication succeeded I am able to run wbinfo -g and wbinfo -u and from windows xp client machine i am able to browse the network and see the samba server but its not accessible. you might not have permission error. my smb.conf is [global] workgroup = CAD security = ADS realm = CAD.TESTDOMAIN client use spnego = no server signing = auto netbios name = linux winbind use default domain = yes winbind separator = + encrypt passwords = yes log level = 3 log file = /var/log/samba/%m max log size = 50 password server = VDC2.CAD.TESTDOMAIN template shell = /bin/bash [test] comment = Test Share using Active Directory path = /data valid users = @"VDC2\Users" writeable = yes browseable = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] XP client doesn't save/retain share passwords
I am using xp pro SP2 to map a share on samba 3.0.10/redhat enterprise4 - i choose to reconnect as different user + reconnect at logon it works fine however when i reboot the xp machine it loses the password to the share and i have to re-enter it again. is this a normal behavior? did anyone come across something like that? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] new to samba question
Hello all, I am using samba 3.0.10 on redhat. I am getting the following error when i run "testparm" eventhough i have a "smbpasswd" file. [EMAIL PROTECTED] samba]# testparm Load smb config files from /etc/samba/smb.conf Processing section "[homes]" Processing section "[public]" Loaded services file OK. ERROR: the 'unix password sync' parameter is set and the 'passwd program' () cannot be executed (error was No such file or directory). ERROR: the 'passwd program' () requires a '%u' parameter. Server role: ROLE_STANDALONE # Global parameters [global] workgroup = ITGROUP netbios name = ITBOX server string = Samba Test Server smb passwd file = /etc/samba/smbpasswd %u username map = /etc/samba/smbusers unix password sync = Yes log file = /var/log/samba/%m.log max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 invalid users = root hosts allow = 192.168.1., 192.168.0., 127. [homes] comment = %u Home Directory path = /home/%u read only = No browseable = No [public] comment = Public path = /shares/public valid users = @public -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Netbios Problem
does your xp machine have the same workgroup as the samba server netbois? if not you might want to change the XP workgroup name to the samba server Netbois name, restart XP and try to re-browse the network again. On 11/12/06, S. J. van Harmelen <[EMAIL PROTECTED]> wrote: Are your workstations and your server on the same subnet? Is your nmbd service running? On Sun, 2006-11-12 at 08:42 -0600, Jeff Herbeck wrote: > Thanks! That worked, but that just seems like a way to "trick" it > into working. > > I have a unbuntu workstation that can't "see" www and another XP > machine that can't see www. > > Even with the change to my hosts file on this XP box, I still can't go > into network neighborhood and see www. Every other time I have setup > samba it was browseable and worked from any other computer with no > configuration > > Jeff > > On 11/12/06, S. J. van Harmelen <[EMAIL PROTECTED]> > wrote: > Jeff, > > Sounds like a name resolution problem on your XP workstation. > Make sure > the following line is in C:\WINDOWS\System32\Drivers\etc\hosts > on you XP > workstation: > > 192.168.1.1 www > > Then try to ping the www from your workstation again. If it > pings, then > \\www sould also work. > > Sander > > > On Sun, 2006-11-12 at 07:10 -0600, Jeff Herbeck wrote: > > Hello Everyone, > > > > I have recently built a new CentOS 4 server and I am having > trouble with > > Samba and specifically Netbios names. The server also acts > as a router, > > firewall, dhcp, and so on. > > > > I have a very simple setup and no matter what I try, I can't > get to my samba > > server by name. > > > > The servers IP is: > > > > 192.168.1.1 > > > > The server name is: > > > > www > > > > > > I can not ping www (my XP workstation says "could not find > host www") > > I can not access my samba shares with \\www > > > > If I type in \\192.168.1.1 everything works fine > > > > I kept thinking it was my firewall (shorewall configured > with webmin), but > > even when I turn the firewall off, I still have the same > problem. > > > > I have tried many combinations of opened ports on my > firewall with no > > success. Right now I have: > > > > loc to firewall open on UDP 137 > > loc to firewall open on TCP 137, 138, 139 > > loc to firewall open on TCP 445 > > > > I had a fedora server in the past and samba worked like a > dream. > > > > I'm down to a really simple smb.conf. Here that is: > > > > [global] > > workgroup = workgroup > > # netbios name = WWW(I have tried it with > and without this > > line) > > security = user > > encrypt passwords = yes > > > > [homes] > > > > browseable = yes > > writeable = yes > > > > Here is my hosts file > > 127.0.0.1 www.mydomain.com www > localhost.localdomain localhost > > 192.168.1.1 www > > > > Does anyone have any ideas? > > > > Thanks in advance, > > > > Jeff > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Backup Exec 10.0 & Samba samba-3.0.6-2.3E
Hello all, I have a quick question. the backup software, EXEC 10, does not change the archive bits on Samba share. so when we ran our Full back up it was fine and it was suppose to change the archive bits then when we ran our *incremental back it ran a full back because the archive bits didn't change.* Have anybody run into the same issues. Any suggestions will be greatly appreciated. Thank you very much -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
