[Samba] Firewall rules to block other's computers browse list
Hi All, My Samba server/firewall has three (two real, one virtual) network cards: eth0.5: connects to a terminal server eth0: internal network with about 10 XP workstations eth1: the Internet Samba is set to talk to only 12.0.0.1, eth0.5 and eth0. I have my firewall iptables rules set so that users on eth0.5 can only use the samba server on my server. They can not share with any other user on eth0. Tested and it works. So far so good. Problem: users on eth0.5 can still see eth0 workstations on their browse list. Even though they can not do anything with them, I would still be nice if eth0.5 users could not see them at all. I do believe the offending rules: VlanNic="eth0.5" Vlan_mask="24" Vlan_net="192.168.254.0/$Vlan_mask" Vlan_Broadcast=192.168.254.255 $tbls -A Vlan-in -i $VlanNic -p udp -s $Vlan_net -d \ $Vlan_Broadcast --dport netbios-ns-j ACCEPT $tbls -A Vlan-in -i $VlanNic -p udp -s $Vlan_net -d \ $Vlan_Broadcast --dport netbios-dgm -j ACCEPT I have found that if I do not open up these two rules, domain users on eth0.5 can not get past their user name and password prompts. How do I block eth0 workstations from eth0.5's browse list? Many thanks, -T -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba on RHEL issue
Shuaib Ilyas (shilyas) wrote: Hi, I am trying to install samba on the RHEL. The installation completes but after that I get the smbd dead message upon checking the status: [r...@usps-dc1-pc12 share]# [r...@usps-dc1-pc12 share]# service smb status smbd dead but pid file exists nmbd (pid 8078) is running... [r...@usps-dc1-pc12 share]# Hi Shuaib, Seems to me I had the same problem on CentOS 5.2 a few months back. Try this: 1) stop the service: /etc/rc.d/init.d/smb stop 2) erase any stray PID's: rm /var/run/smbd.pid rm /var/run/nmbd.pid 3) restart the service: /etc/rc.d/init.d/smb start If that does not work, try rebooting. HTH, -T -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] "No data on inotify fd" error
Volker Lendecke wrote: On Fri, Jun 26, 2009 at 03:45:32PM -0700, MargoAndTodd wrote: My poor /var/log/messages is getting hammered with: smbd[16076]: No data on inotify fd?! smbd[16076]: [2009/06/25 13:21:18, 0] \ smbd/notify_inotify.c:inotify_handler(249) Everything else seems to be working fine. Any idea what this is all about? Is there any way to reproduce this? Till we really fix this, can you try the attached workaround patch? This will reduce the number of messages a lot. Hi Volker, What triggered this was my root partition filling. I go to this customer on Wednesdays or Thursdays. I get a nightly backup report, which I have included a "df" on my hard drives. My root partition went from typical 56% capacity to 86%. After cleaning everything up, it dropped to 46%. So, I installed a months worth of YUM updates, including a kernel update. Since this is a running server, I could not reboot after the kernel update. So I set it to reboot at 8:00 PM (20:00). Since then, with the fine offices of logrotate, my root partition has dropped to 27%. So there is a very big possibility that the kernel update and/or the reboot did the trick. But, I will check next Tuesday or Thursday. I am not sure how to duplicate this. And, am a bit cautious about sending this to Samba's bugzilla, being that it is older Red Hat Enterprise stuff. If I can duplicate this, I should report it to Red Hat. -T -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Is "net groupmap add ntgroup" Volatile?
Hi All, I have three of these command I use to map my UNIX groups to Windows: net groupmap add ntgroup="Remote Desktop Users" \ unixgroup=TermServ rid=5001 type=d Problem: I seem to have to re-enter this every so often. I am presuming after a kernel update and reboot. It may have been after stopping and restarting smb. Is "net groupmap add ntgroup" volatile? Do I have to run this out of my rc.local? Every time I stop and restart smb? What am I missing? Many thanks, -T $ cat /etc/redhat-release CentOS release 5.3 (Final) $ uname -r 2.6.18-128.1.14.el5 $ rpm -qa \*samba\* samba-common-3.0.33-3.7.el5 system-config-samba-1.2.41-3.el5 samba-3.0.33-3.7.el5 samba-client-3.0.33-3.7.el5 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] "No data on inotify fd" error
Hi All, My poor /var/log/messages is getting hammered with: smbd[16076]: No data on inotify fd?! smbd[16076]: [2009/06/25 13:21:18, 0] \ smbd/notify_inotify.c:inotify_handler(249) Everything else seems to be working fine. Any idea what this is all about? Many thanks, -T # uname -r 2.6.18-92.1.22.el5 # cat /etc/redhat-release CentOS release 5.3 (Final) # rpm -qa \*samba\* samba-client-3.0.33-3.7.el5 samba-common-3.0.33-3.7.el5 samba-3.0.33-3.7.el5 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Please translate M$ speak: create a new organizational unit
Hi All, I am a bit new to Samba PDC. When a M$ tech article says: "Use Active Directory Users and Computers to create a new organizational unit (OU)". What does this mean in Samba PDC talk? Please translate. Many thanks, -T I have a lot of guesses, but I want to hear it from someone who has already done it. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] group mapping question
Peter Ulrich Kruppa wrote: Am Samstag, den 09.05.2009, 13:00 -0700 schrieb MargoAndTodd: Miguel Medalha wrote: net groupmap add ntgroup="Domain Admins" unixgroup=domadm rid=512 type=d Question 1: if my previous /etc/group names already match the ntgroup names, do I still need to run the above command? Yes. Okay, Now I am really confused. I have three users in my PDC that exist no where else. In /etc/groups they are assigned to "users" (100). My smb.conf restricts users to group "users". These three users are able to use my shares. Sorry, perhaps my answer wasn't clear enough: Sambas user/group database is completely seperate from your unix user/group system. So all samba groups have to be mapped to unix groups. You have to check your system of permissions carefully, since samba can't allow things that are forbidden to unix users. Greetings, Uli. Hi Uli, Is this a difference between workgroup samba and pdc SAMBA? I have a workgroup Samba customer with about 15 /etc/groups controlling who sees what. Works perfectly. Confused, -T -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] group mapping question
Miguel Medalha wrote: net groupmap add ntgroup="Domain Admins" unixgroup=domadm rid=512 type=d Question 1: if my previous /etc/group names already match the ntgroup names, do I still need to run the above command? Yes. Okay, Now I am really confused. I have three users in my PDC that exist no where else. In /etc/groups they are assigned to "users" (100). My smb.conf restricts users to group "users". These three users are able to use my shares. Why does this work? I thought "net groupmap add" was only to be used when named differed? What am I missing? -T -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] group mapping question
Hi All, Just a general question about groups. I am upgrading a Samba workgroup, server to a PDC. I have been reading: http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/groupmapping.html#id2589321 In this link, they tell of how to map a windows group to a Samba group net groupmap add ntgroup="Domain Admins" unixgroup=domadm rid=512 type=d Question 1: if my previous /etc/group names already match the ntgroup names, do I still need to run the above command? Question 2: once I have mapped these groups, where are they stored, so I can back them up? Many thanks, -T -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Win2008 TS and Samba question
Hi All, I have a Samba PDC, a Win 2008 Terminal Server (TS), and a bunch of XP workstations. "Supposedly", all I have to do to enable "certain" users on my PDC to use my TS from their XP workstations is to create a group on my PDC, populate it with users, then go to the "Security" tab on my TS and add the group from my PDC. When I do this, I get asked for the user on the PDC with administrators privileges. I put in "root". It waits a bit and then tells me it can not find the "object". If you are using TS with Samba, who did you get yours to work? Many thanks, -T -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] PDC and "group" question
Hi All, I just upgraded a workstation server to a PDC server. I am using tbdsam as my user database. Question 1: As a workgroup server, I created my groups in /etc/group (groupadd). Is this still the case? Do I also need to tell Samba about a different database for groups? Question 2: occasionally I get asked for the user with "administrator's" privileges. Do I need to create a group called "administrators" (with an "s") and populate it with "root", "todd" (me), etc.? Many thanks, -T -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Did I screw up my PDC on this Terminal Services problem?
John Drescher wrote: On Wed, Apr 22, 2009 at 11:38 PM, MargoAndTodd wrote: Hi All, I am upgrading my samba server from a workgroup to PDC server. I am doing this to make a Windows 2008 Terminal server happy. Eventually there will be a bank of them (thank you Virtual Box). Anyway, in my test bed, I have a Samba PDC (newly updated to PDC), a Windows 2008 server, and XP-Pro-SP3. Both Windows machines are able to join the domain and log in as users only in the Samba database. Both Windows machines have "$" machine names in the samba database and /etc/passwd. Problem: the XP machine can only run a TS *.rdp program on the 2008 server if it logs in as "administrator". (I made a *.rdp out of the calculator program.) This is why I think I may has screwed up my new PDC. This is the error log on the 2008 server when a regular user tries to run the same TS *.rdp program: Oh crap, I did not get a copy of the error report. If I remember correctly, it said the user's SID was NULL. Did I screw up my PDC or is this a Terminal Services issue? Are you using samba 3.0.34 or greater? John $ uname -r 2.6.18-128.1.6.el5 $ cat /etc/redhat-release CentOS release 5.3 (Final) $ rpm -qa \*samba\* samba-common-3.0.33-3.7.el5 system-config-samba-1.2.41-3.el5 samba-3.0.33-3.7.el5 samba-client-3.0.33-3.7.el5 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Did I screw up my PDC on this Terminal Services problem?
Hi All, I am upgrading my samba server from a workgroup to PDC server. I am doing this to make a Windows 2008 Terminal server happy. Eventually there will be a bank of them (thank you Virtual Box). Anyway, in my test bed, I have a Samba PDC (newly updated to PDC), a Windows 2008 server, and XP-Pro-SP3. Both Windows machines are able to join the domain and log in as users only in the Samba database. Both Windows machines have "$" machine names in the samba database and /etc/passwd. Problem: the XP machine can only run a TS *.rdp program on the 2008 server if it logs in as "administrator". (I made a *.rdp out of the calculator program.) This is why I think I may has screwed up my new PDC. This is the error log on the 2008 server when a regular user tries to run the same TS *.rdp program: Oh crap, I did not get a copy of the error report. If I remember correctly, it said the user's SID was NULL. Did I screw up my PDC or is this a Terminal Services issue? Many thanks, -T -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Administrator can not see network shaes
Hi All, I am upgrading my Samba server to a PDC. On my test bed, I have a M$ Windows 2008 server (no *dc anything). This server can look at network shares with any user, except the Administrator. When I browse a file share as administrator, Windows asks me for my user name and password. It reject all users, user or administrator. I have tested by logging out as administrator and logging back in as one of the rejected users (and it woks perfectly). Samba's logs are complete quiet when the users are being rejected. What am I doing wrong? Many thanks, -T $ cat smbusers # Unix_name = SMB_name1 SMB_name2 ... # Escape names with spaces in them with quotes root = administrator admin nobody = guest pcguest smbguest -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] With a PDC, is homes mapping automatic?
Hi All, I am upgrading my Samba server to a PDC from a work group server. Question: when a client computer joins as a domain member, is his "My Documents" automatically mapped to his [homes} directory? Or, is it something I do optionally? (In my test bed, My Documents is getting mapped to his "C:\Documents and Settings...") Many thanks, -T -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] where is the machine name used?
Hi All, Just a bit of PDC confusion on my part. 1) I do not give machine names a password. Am I correct? 2) I am presuming that machine names are used to limit what machine user names can have access to to the samba server. If Foo has an smb username and computer A has a machine name, but computer B does not, then Foo can enter only through computer A. Am I correct? 3) If I am correct on #2 above, the machines that do not have a samba user can get around this by entering as a workgroup. Am I correct? 4) When joining a domain, the user name and password requested is the root's or whatever alias that smbusers points to and not the machine's name. Am I correct? Many thanks, -T -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Re: nss_wins: create_builtin_users: Failed to create Users
John Drescher wrote: To answer my own question, I severely misunderstood what "man smb.conf" was saying about "idmap uid" and "idmap uid". I was trying to match them up with my current user numbers and group numbers. Placing my idmaps in this range cured the error message. idmap uid = 15000-2 idmap gid = 15000-2 I was going to mention that your ids looked unusually low but I was too busy at the day job and I hoped someone who understood the full implications of that would chime in.. John Hi John, Thank you for all the help. I know I ask a bazillion questions. This is where I got screwed up in "man smb.conf" idmap uid (G) The idmap uid parameter specifies the range of user ids that are allocated for use in mapping UNIX users to NT user SIDs. It was the "mapping" that made me think I had to map the existing UID's/GID's to the "idmap uid/gid" parameter. It was this next sentence that made me start to think: This range of ids should have no existing local or NIS users within it as strange conflicts can occur otherwise. It was the "strange conflicts" that got me. I am writing this rather weird synopsis as I searched the Internet in vain trying to find an answer and I wanted to get it salted in the archives so as to help someone else. Again thank you for all the help. -T -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re: winbindd: idmap_init: Ignoring domain
MargoAndTodd wrote: Hi All, When I restart smbd and winbindd, I see the following error message: rn1 winbindd[8289]: Initializing idmap domains Apr 6 15:15:13 rn1 winbindd[8289]: [2009/04/06 15:15:13, 0] nsswitch/idmap.c:idmap_init(388) rn1 winbindd[8289]: idmap_init: Ignoring domain FOO How do I stop/correct this error message? Many thanks, -T Figured this out. It is a bogus error. Winbindd freaks out when your shut down smbd. This following command line fixed that: (cd /etc/rc.d/init.d; ./winbind stop; ./smb restart; ./winbind start) -T -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re: nss_wins: create_builtin_users: Failed to create Users
MargoAndTodd wrote: Hi All, I am getting the following error in /var/log/messages when an XP Pro client enters the network: nss_wins[8369]: [2009/04/06 15:17:23, 0] auth/auth_util.c:create_builtin_users(810) Apr 6 15:17:23 rn1 nss_wins[8369]: create_builtin_users: Failed to create Users I have been told in the past to add "idmap uid" and "idmap gid" to my smb.conf and I have (no symptom change). Anyone know how to stop/cure this error message? Many thanks, -T To answer my own question, I severely misunderstood what "man smb.conf" was saying about "idmap uid" and "idmap uid". I was trying to match them up with my current user numbers and group numbers. Placing my idmaps in this range cured the error message. idmap uid = 15000-2 idmap gid = 15000-2 -T -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] nss_wins: create_builtin_users: Failed to create Users
Hi All, I am getting the following error in /var/log/messages when an XP Pro client enters the network: nss_wins[8369]: [2009/04/06 15:17:23, 0] auth/auth_util.c:create_builtin_users(810) Apr 6 15:17:23 rn1 nss_wins[8369]: create_builtin_users: Failed to create Users I have been told in the past to add "idmap uid" and "idmap gid" to my smb.conf and I have (no symptom change). Anyone know how to stop/cure this error message? Many thanks, -T Two file (smb.conf, nsswitch.conf): testparm -s | more [global] workgroup = FOO netbios name = SERVER server string = Samba Server interfaces = eth0, 127.0.0.1 null passwords = Yes passdb backend = tdbsam guest account = pcguest passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* username map = /etc/samba/smbusers unix password sync = Yes syslog = 2 log file = /var/log/samba/samba-log.%m max log size = 50 name resolve order = host wins deadtime = 20160 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = /etc/printcap add user script = /usr/sbin/useradd -m -G users '%u' delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/usermod -A '%g' '%u' add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody '%u' logon script = scripts\logon.bat logon path = logon drive = X: domain logons = Yes os level = 65 preferred master = Yes domain master = Yes wins support = Yes lock directory = /var/lock/samba idmap uid = 500-700 idmap gid = 100-300 comment = Samba (NetBIOS) Server on rn1.FOO.local hosts allow = 192.168.255., 127.0.0. hosts deny = ALL printing = bsd print command = lpr -r -P'%p' %s lpq command = lpq -P'%p' lprm command = lprm -P'%p' %j strict locking = No volume = CentOS, %v wide links = No ~~/etc/nsswitch.conf passwd: files winbind shadow: files winbind group: files winbind hosts: files wins dns bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files rpc:files services: files netgroup: nisplus publickey: nisplus automount: files nisplus aliases:files nisplus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] winbindd: idmap_init: Ignoring domain
Hi All, When I restart smbd and winbindd, I see the following error message: rn1 winbindd[8289]: Initializing idmap domains Apr 6 15:15:13 rn1 winbindd[8289]: [2009/04/06 15:15:13, 0] nsswitch/idmap.c:idmap_init(388) rn1 winbindd[8289]: idmap_init: Ignoring domain FOO How do I stop/correct this error message? Many thanks, -T Two file (smb.conf, nsswitch.conf): testparm -s | more [global] workgroup = FOO netbios name = SERVER server string = Samba Server interfaces = eth0, 127.0.0.1 null passwords = Yes passdb backend = tdbsam guest account = pcguest passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* username map = /etc/samba/smbusers unix password sync = Yes syslog = 2 log file = /var/log/samba/samba-log.%m max log size = 50 name resolve order = host wins deadtime = 20160 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = /etc/printcap add user script = /usr/sbin/useradd -m -G users '%u' delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/usermod -A '%g' '%u' add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody '%u' logon script = scripts\logon.bat logon path = logon drive = X: domain logons = Yes os level = 65 preferred master = Yes domain master = Yes wins support = Yes lock directory = /var/lock/samba idmap uid = 500-700 idmap gid = 100-300 comment = Samba (NetBIOS) Server on rn1.FOO.local hosts allow = 192.168.255., 127.0.0. hosts deny = ALL printing = bsd print command = lpr -r -P'%p' %s lpq command = lpq -P'%p' lprm command = lprm -P'%p' %j strict locking = No volume = CentOS, %v wide links = No ~~/etc/nsswitch.conf passwd: files winbind shadow: files winbind group: files winbind hosts: files wins dns bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files rpc:files services: files netgroup: nisplus publickey: nisplus automount: files nisplus aliases:files nisplus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Is it permissible to file bugs on old versions?
Hi All, I am using CentOS 5.3 (Red Hat Enterprise Linux 5.3 clone). CentOS and RHEL being what they are, they always use old stuff to maintain enterprise stability. $rpm -qa \*samba\* samba-common-3.0.33-3.7.el5 system-config-samba-1.2.41-3.el5 samba-3.0.33-3.7.el5 samba-client-3.0.33-3.7.el5 Is it permissible to file bugs on these old version, seeing as Samba is up to 3.3.3? (And, no, I can not upgrade until CentOS puts it in YUM.) Many thanks, -T -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] idmap uid range missing or invalid
John Drescher wrote: On Thu, Apr 2, 2009 at 10:40 PM, MargoAndTodd wrote: Hi All, What causes this error in /var/log/messages when on XP-Pro client boots up? winbindd[4041]: idmap uid range missing or invalid winbindd[4041]: idmap will be unable to map foreign SIDs winbindd[4041]: [2009/04/02 19:38:22, 0] nsswitch/idmap.c:idmap_alloc_init(820) rn1 winbindd[4041]: ERROR: Initialization failed for alloc backend, deferred! And did you check what it told you? I mean your setting for the idmap uid range. John Hi John, You probably did. I have severe burn out at the moment: I have been fighting with my Fed taxes for two days now. Are you the one that told me to go read http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-pdc.html? Anyway, in smb.conf idmap uid idmap gid From "man smb.conf" Default: idmap gid = Default: idmap uid = confuses me. I thought that leaving them to the default meant everyone. Am I incorrect? testparm -s | grep -i idmap Load smb config files from /etc/samba/smb.conf Processing section "[OurStuff]" Processing section "[CDs]" Processing section "[mnt]" Processing section "[netlogon]" Processing section "[printers]" Loaded services file OK. Server role: ROLE_DOMAIN_PDC No "idmap". So, the defaults, I presume? Also, if it helps, in /var/log/messages Todd over on XP-Pro appeared as nss_wins[8213]: vb-winxp (192.168.255.197) connect to service OurStuff initially as user todd (uid=500, gid=100) (pid 8213) This is where I get confused. 1) todd's #cat /etc/passwd | grep -i todd todd:x:500:100:Todd Chester:/home/todd:/bin/bash # cat /etc/group | grep -i user users:x:100: Am I correct that the 500:100 I see in passwd and group are the same todd (uid=500, pid=100) I see in "messages"? 2) does the "500" have anything to do with XP-Pro's 500 administrator's account? (Todd has an administrators account over on the XP-Pro virtual machine.) 3) Where does winbindd get its uid/pid pairs? Do I need to populate anything? Do I need to create a database for it to read? How did winbindd know that "idmap uid range missing or invalid"? What did it compare it against? Sorry for all the confusion: my mind is not all here. Many thanks, -T -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] idmap uid range missing or invalid
John Drescher wrote: On Thu, Apr 2, 2009 at 10:40 PM, MargoAndTodd wrote: Hi All, What causes this error in /var/log/messages when on XP-Pro client boots up? winbindd[4041]: idmap uid range missing or invalid winbindd[4041]: idmap will be unable to map foreign SIDs winbindd[4041]: [2009/04/02 19:38:22, 0] nsswitch/idmap.c:idmap_alloc_init(820) rn1 winbindd[4041]: ERROR: Initialization failed for alloc backend, deferred! And did you check what it told you? I mean your setting for the idmap uid range. John Hi John, You probably did. I have severe burn out at the moment: I have been fighting with my Fed taxes for two days now. Are you the one that told me to go read http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-pdc.html? Anyway, in smb.conf idmap uid idmap gid From "man smb.conf" Default: idmap gid = Default: idmap uid = confuses me. I thought that leaving them to the default meant everyone. Am I incorrect? testparm -s | grep -i idmap Load smb config files from /etc/samba/smb.conf Processing section "[OurStuff]" Processing section "[CDs]" Processing section "[mnt]" Processing section "[netlogon]" Processing section "[printers]" Loaded services file OK. Server role: ROLE_DOMAIN_PDC No "idmap". So, the defaults, I presume? Also, if it helps, in /var/log/messages Todd over on XP-Pro appeared as nss_wins[8213]: vb-winxp (192.168.255.197) connect to service OurStuff initially as user todd (uid=500, gid=100) (pid 8213) This is where I get confused. 1) todd's #cat /etc/passwd | grep -i todd todd:x:500:100:Todd Chester:/home/todd:/bin/bash # cat /etc/group | grep -i user users:x:100: Am I correct that the 500:100 I see in passwd and group are the same todd (uid=500, pid=100) I see in "messages"? 2) does the "500" have anything to do with XP-Pro's 500 administrator's account? (Todd has an administrators account over on the XP-Pro virtual machine.) 3) Where does winbindd get its uid/pid pairs? Do I need to populate anything? Do I need to create a database for it to read? How did winbindd know that "idmap uid range missing or invalid"? What did it compare it against? Sorry for all the confusion: my mind is not all here. Many thanks, -T -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] nss_wins: Failed to create Users
Hi All, What causes this error message in /var/log/messages when an XP-Pro client boots up? nss_wins[27722]: create_builtin_users: Failed to create Users Many thanks, -T CentOS 5.3 $ rpm -qa \*samba\* samba-common-3.0.33-3.7.el5 system-config-samba-1.2.41-3.el5 samba-3.0.33-3.7.el5 samba-client-3.0.33-3.7.el5 $ uname -r 2.6.18-128.1.6.el5 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] idmap uid range missing or invalid
Hi All, What causes this error in /var/log/messages when on XP-Pro client boots up? winbindd[4041]: idmap uid range missing or invalid winbindd[4041]: idmap will be unable to map foreign SIDs winbindd[4041]: [2009/04/02 19:38:22, 0] nsswitch/idmap.c:idmap_alloc_init(820) rn1 winbindd[4041]: ERROR: Initialization failed for alloc backend, deferred! Many thanks, -T -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] failed to create users error
Dale Schroeder wrote: Todd, If you haven't already, you should read this section of the Samba How-to: http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/ServerType.html Hi Dale, I had a feeling I was mixing server types. I will read your reference. Thank you for the tip, -T -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re: failed to create users error
MargoAndTodd wrote: MargoAndTodd wrote: Hi All, When I have my smb.conf set to "passdb backend = tdbsam", I get the following errors when "foo" tried to browse a share: [2009/03/29 19:44:02, 0] auth/auth_util.c:create_builtin_administrators(792) create_builtin_administrators: Failed to create Administrators [2009/03/29 19:44:02, 0] auth/auth_util.c:create_builtin_users(758) create_builtin_users: Failed to create Users [2009/03/29 19:44:02, 0] auth/auth_util.c:create_builtin_administrators(792) create_builtin_administrators: Failed to create Administrators [2009/03/29 19:44:02, 0] auth/auth_util.c:create_builtin_users(758) create_builtin_users: Failed to create Users doing a "pdbedit -L" shows both the user that tried to browse and his machine name. I created my tdbsam backend with "pdbedit -i smbpasswd -e tdbsam". What am I missing? -T More info: I get the above error and XP users can not browser the shares (although they can see the share names) if I have in my smb.conf: passdb backend = tdbsam idmap backend = tdb If I comment out "idmap backend", happy camping returns. I should note here, I still get the errors in /var/log/samba/machine-name, but XP clients can now see inside the shares Since "man smb.conf" states that "idmap backend = tdb" is the default, I am MAJOR CONFUSED. :'( What is going one? Many thanks, -T -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re: failed to create users error
MargoAndTodd wrote: Hi All, When I have my smb.conf set to "passdb backend = tdbsam", I get the following errors when "foo" tried to browse a share: [2009/03/29 19:44:02, 0] auth/auth_util.c:create_builtin_administrators(792) create_builtin_administrators: Failed to create Administrators [2009/03/29 19:44:02, 0] auth/auth_util.c:create_builtin_users(758) create_builtin_users: Failed to create Users [2009/03/29 19:44:02, 0] auth/auth_util.c:create_builtin_administrators(792) create_builtin_administrators: Failed to create Administrators [2009/03/29 19:44:02, 0] auth/auth_util.c:create_builtin_users(758) create_builtin_users: Failed to create Users doing a "pdbedit -L" shows both the user that tried to browse and his machine name. I created my tdbsam backend with "pdbedit -i smbpasswd -e tdbsam". What am I missing? -T More info: I get the above error and XP users can not browser the shares (although they can see the share names) if I have in my smb.conf: passdb backend = tdbsam idmap backend = tdb If I comment out "idmap backend", happy camping returns. Since "man smb.conf" states that "idmap backend = tdb" is the default, I am MAJOR CONFUSED. :'( What is going one? Many thanks, -T -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Are tdbsam and smbpasswd linked?
Hi All, I just added three users to my tdbsam with "pdbedit -a -u username" (had to do "useradd" first). All three appeared in tdbsam as they should, as verified with "pdbedit -L". But, all three also appeared in /etc/samba/smbpasswd. This is not a mistake, they were not there before. Are "tdbsam" and "smbpasswd" linked? I am confused. Many thanks, -T -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] What is the purpose of "add user script"?
Hi All, I am confused. In one of the examples of a PDC, the following smb.conf parameter is given: add user script = /usr/sbin/useradd -m -G users '%u' If you have "passdb backend = tdbsam" and the way to add users to "tdbsam" is "pdbedit -a -u username", what is the purpose of the "add user script"? I am thinking it is to add the user to /etc/passwd, but "why"? I add my users from the command line. I invoke "useradd" then "pdbedit". What is the purpose of the "add user script"? Many thanks, -T -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] failed to create users error
Hi All, When I have my smb.conf set to "passdb backend = tdbsam", I get the following errors when "foo" tried to browse a share: [2009/03/29 19:44:02, 0] auth/auth_util.c:create_builtin_administrators(792) create_builtin_administrators: Failed to create Administrators [2009/03/29 19:44:02, 0] auth/auth_util.c:create_builtin_users(758) create_builtin_users: Failed to create Users [2009/03/29 19:44:02, 0] auth/auth_util.c:create_builtin_administrators(792) create_builtin_administrators: Failed to create Administrators [2009/03/29 19:44:02, 0] auth/auth_util.c:create_builtin_users(758) create_builtin_users: Failed to create Users doing a "pdbedit -L" shows both the user that tried to browse and his machine name. I created my tdbsam backend with "pdbedit -i smbpasswd -e tdbsam". What am I missing? -T -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Is this subnet stated correctly?
Hi All, When I reset smb (/etc/rc.d/init.d/smb restart), I notice the following im my /var/log/messages Mar 29 19:35:34 foo nmbd[11286]: Samba name server SERVER is now a local master browser for workgroup FOO on subnet 192.168.255.10 Should not it be stated as "192.168.255.0/24" instead of "192.168.255.10"? ".10" is a direct IP, not a subnet. Am I missing something here? Many thanks, -T -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] need good tdbsam reference
John H Terpstra - Samba Team wrote: Mar 27 22:12:03 rn1 nss_wins[6589]: [2009/03/27 22:12:03, 0] auth/auth_util.c:create_builtin_administrators(792) Mar 27 22:12:03 rn1 nss_wins[6589]: create_builtin_administrators: Failed to create Administrators By any chance does this mean someone tried to log in as "administrators", which I do remember doing, and "administrators" (with an "s") does not have an account? -T -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] need good tdbsam reference
John H Terpstra - Samba Team wrote: MargoAndTodd wrote: MargoAndTodd wrote: I keep feeling like I am missing something. Like This too: I think I failed to set up the database that winbindd and wins wants to read. /var/log/messages: Mar 27 22:12:03 rn1 winbindd[6580]: [2009/03/27 22:12:03, 0] nsswitch/idmap.c:idmap_alloc_init(820) Mar 27 22:12:03 rn1 winbindd[6580]: ERROR: Initialization failed for alloc backend, deferred! and Mar 27 22:12:03 rn1 nss_wins[6589]: [2009/03/27 22:12:03, 0] auth/auth_util.c:create_builtin_administrators(792) Mar 27 22:12:03 rn1 nss_wins[6589]: create_builtin_administrators: Failed to create Administrators Read: man smb.conf then type: /idmap You need modern examples. The docs are out of date on this. On the samba mailing list you may find lots of folk-lore that is meaningless info. But it's the best you will get until one of the samba core team members jumps in to assist. IDMAP is poorly documented. - John T. Hi John, From the man page: Default: idmap backend = tdb I also have a "man idmap_tdb", but it says nothing about manually creating a database. What is the relationship with "idmap" and "ERROR: Initialization failed for alloc backend, deferred!"? What am I missing? -T -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Does WINS need to be populated or configured?
. Original Message ... On Sat, 28 Mar 2009 20:51:37 -0700 "MargoAndTodd" wrote: Günter Kukkukk wrote: Am Sonntag, 29. März 2009 schrieb MargoAndTodd: Hi All, Now that I have winbind running and wins support = yes in my smb.conf, am I missing something? Like setting up WINS, configuring it, populating it, etc.? Can someone point me to documentation on what to do (administrate) WINS? Many thanks, -T Have a look here: http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/NetworkBrowsing.html#id2576622 Cheers, Günter Hi Gunter, Great reference! My wins.dat is located in /var/lock/samba/wins.dat and it is full of stuff (and now I know where it is located, so I can back it up). Also, wins.dat populates itself. (Much easier than bind, which required "vi" to administrate.) Thank you! -T -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Ryan Novosielski wrote: > You really don't need to back up that file. I'm not sure I could think of a potential advantage. > > You might want to have a look at the docs that talk about the .tdb files too. I forget what section, but it's very informative. > Hi Ryan, Upon greater pondering and reading your letter, I do believe that this database can repopulate itself, if I ever have to do a restore. I think I was just having a knee jerk reaction: database must be backed up. Thank you for the help! -T -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] pdbedit's add machine option
Hi All, I have been reading through "man pdedit". I came across the "-m" option: -m This option may only be used in conjunction with the -a option. It will make pdbedit to add a machine trust account instead of a user account (-u username will provide the machine name). Example: pdbedit -a -m -u w2k-wks Not to ask too stupid a question, but why would you want to have a "machine" account? Would not the user account suffice? Confused, -T -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Does WINS need to be populated or configured?
Günter Kukkukk wrote: Am Sonntag, 29. März 2009 schrieb MargoAndTodd: Hi All, Now that I have winbind running and wins support = yes in my smb.conf, am I missing something? Like setting up WINS, configuring it, populating it, etc.? Can someone point me to documentation on what to do (administrate) WINS? Many thanks, -T Have a look here: http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/NetworkBrowsing.html#id2576622 Cheers, Günter Hi Gunter, Great reference! My wins.dat is located in /var/lock/samba/wins.dat and it is full of stuff (and now I know where it is located, so I can back it up). Also, wins.dat populates itself. (Much easier than bind, which required "vi" to administrate.) Thank you! -T -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Does WINS need to be populated or configured?
Hi All, Now that I have winbind running and wins support = yes in my smb.conf, am I missing something? Like setting up WINS, configuring it, populating it, etc.? Can someone point me to documentation on what to do (administrate) WINS? Many thanks, -T -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] need good tdbsam reference
John H Terpstra - Samba Team wrote: MargoAndTodd wrote: Hi All, Can someone point me to a good reference on how to configure "tdbsam" ? Many thanks, -T In your smb.conf [global] passdb backend = tdbsam Done! It's in my example in Chapter 3 of Samba3-ByExample. The default is: passdb backend = smbpasswd So how do you find the default settings? a) smb.conf has jsut the following: [global] comment = Something b) Execute: testparm -sv | less _OR_ Check the man page for smb.conf: man smb.conf Then type: "/passdb backend" I keep feeling like I am missing something. Like 1) how do I populate passdb.tdb with my old smbpasswd and 2) where is passdb.tdb located, so I can back it up? Many thanks, -T -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] need good tdbsam reference
MargoAndTodd wrote: 1) how do I populate passdb.tdb with my old smbpasswd and 2) where is passdb.tdb located, so I can back it up? To answer question #2: /etc/samba/passdb.tdb And it is full of "B"'s. See no sign of a user name. It appeared after I had my first successful user log in as a domain member (the user did not exist on the Virtual XP machine). Still do not know how to populate the darned thing (question 1)! -T -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] need good tdbsam reference
MargoAndTodd wrote: I keep feeling like I am missing something. Like This too: I think I failed to set up the database that winbindd and wins wants to read. /var/log/messages: Mar 27 22:12:03 rn1 winbindd[6580]: [2009/03/27 22:12:03, 0] nsswitch/idmap.c:idmap_alloc_init(820) Mar 27 22:12:03 rn1 winbindd[6580]: ERROR: Initialization failed for alloc backend, deferred! and Mar 27 22:12:03 rn1 nss_wins[6589]: [2009/03/27 22:12:03, 0] auth/auth_util.c:create_builtin_administrators(792) Mar 27 22:12:03 rn1 nss_wins[6589]: create_builtin_administrators: Failed to create Administrators -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] need good tdbsam reference
MargoAndTodd wrote: I keep feeling like I am missing something. Like This too: I think I failed to set up the database that winbindd and wins wants to read. /var/log/messages: Mar 27 22:12:03 rn1 winbindd[6580]: [2009/03/27 22:12:03, 0] nsswitch/idmap.c:idmap_alloc_init(820) Mar 27 22:12:03 rn1 winbindd[6580]: ERROR: Initialization failed for alloc backend, deferred! and Mar 27 22:12:03 rn1 nss_wins[6589]: [2009/03/27 22:12:03, 0] auth/auth_util.c:create_builtin_administrators(792) Mar 27 22:12:03 rn1 nss_wins[6589]: create_builtin_administrators: Failed to create Administrators -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] need good tdbsam reference
John H Terpstra - Samba Team wrote: MargoAndTodd wrote: Hi All, Can someone point me to a good reference on how to configure "tdbsam" ? Many thanks, -T In your smb.conf [global] passdb backend = tdbsam Done! It's in my example in Chapter 3 of Samba3-ByExample. The default is: passdb backend = smbpasswd So how do you find the default settings? a) smb.conf has jsut the following: [global] comment = Something b) Execute: testparm -sv | less _OR_ Check the man page for smb.conf: man smb.conf Then type: "/passdb backend" I keep feeling like I am missing something. Like 1) how do I populate passdb.tdb with my old smbpasswd and 2) where is passdb.tdb located, so I can back it up? Many thanks, -T -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] What are these failed to create errors?
Hi All, What does these error message mean: Mar 27 22:38:44 rn1 nss_wins[7195]: create_builtin_administrators: Failed to create Administrators Mar 27 22:38:44 rn1 nss_wins[7195]: create_builtin_users: Failed to create Users Many thanks, -T -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] need good tdbsam reference
Hi All, Can someone point me to a good reference on how to configure "tdbsam" ? Many thanks, -T -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba