[Samba] Accessing the root file system in a share.
My goal is to access / in a share for backup purposes. My samba has an LDAP password backend and has been working for some time with every other user. I created the following user in LDAP: root:x:0:0:Root User:/root:/bin/bash And then the following entry in samba: [slashroot] writeable = no path = / browseable = yes valid users = root And the system sees it and I can log in to it via samba. However, I cannot see all of the files. I thought the root user had permissions to see everything. Did I miss a step? Thanks. -- Mike A. Leonetti As warm as green tea -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Roaming profile on Windows 7 not loading computer was not able to set up a secure session with a domain controller
After following this guide http://wiki.samba.org/index.php/Windows7 to get Windows 7 on a Samba domain and the profile actually syncing for a user first I get the following error. I tried disjoining and rejoining to the domain and that works fine. However, logging in seems to result in not syncing the profile. This is with samba version 3.4.6. Log Name: System Source: NETLOGON Date: 8/19/2010 12:56:34 PM Event ID: 5719 Task Category: None Level: Error Keywords: Classic User: N/A Computer: CE-MAUREEN.CONTRACTORS Description: This computer was not able to set up a secure session with a domain controller in domain CONTRACTORS due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. Event Xml: Event xmlns=http://schemas.microsoft.com/win/2004/08/events/event; System Provider Name=NETLOGON / EventID Qualifiers=05719/EventID Level2/Level Task0/Task Keywords0x80/Keywords TimeCreated SystemTime=2010-08-19T16:56:34.0Z / EventRecordID8420/EventRecordID ChannelSystem/Channel ComputerCE-MAUREEN.CONTRACTORS/Computer Security / /System EventData DataCONTRACTORS/Data Data%%1311/Data Binary5EC0/Binary /EventData /Event -- Mike A. Leonetti As warm as green tea -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Drive becomes unusable with The group name could not be found
Gentoo Linux. Mike A. Leonetti As warm as green tea On 05/20/10 16:54, Gaiseric Vandal wrote: What OS? Solaris has 16 group limit. On 05/20/2010 02:43 PM, Mike A. Leonetti wrote: Out of nowhere the share neil share disappeared for one user and the user got the error The group name could not be found. The user was a part of the group that was necessary to access the share. Just restarting the samba services allowed the users to get back in to the share. Not sure what the issue was until then... Samba version 3.5.2. smb.conf (with omits) [global] name resolve order = wins lmhosts hosts bcast ldap ssl = no delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g time server = Yes dns proxy = No workgroup = falm os level = 65 ldap admin dn = cn=admin,dc=directory,dc=server security = user add machine script = /usr/sbin/smbldap-useradd -w '%u' max log size = 50 log file = /var/log/samba/log.%m ldap user suffix = ou=People add group script = /usr/sbin/smbldap-groupadd -p %g hide unreadable = Yes add user to group script = /usr/sbin/smbldap-groupmod -m %u %g ldap password sync = yes logon drive = H: domain master = Yes preferred master = yes local master = yes encrypt passwords = yes logon home = \\%L\%U passdb backend = ldapsam:ldap://127.0.0.1/ wins support = true ldap delete dn = Yes ldap machine suffix = ou=Computers ldap group suffix = ou=Group server string = Evolution Origin Server ldap suffix = dc=directory,dc=server #log level = 3 logon path = \\%L\profiles add user script = /usr/sbin/smbldap-useradd -m %u set primary group script = /usr/sbin/smbldap-usermod -g %g %u ldap idmap suffix = ou=Idmap domain logons = Yes hosts allow = 192.168.1.0/24 127.0.0.0/8 interfaces = 192.168.1.0/24 logon script = %U.bat ... [neil share] writeable = yes path = /var/shares/neil share force directory mode = 770 force group = neilshare force create mode = 660 comment = Neil Share valid users = @neilshare create mode = 660 directory mode = 770 ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Drive becomes unusable with The group name could not be found
Out of nowhere the share neil share disappeared for one user and the user got the error The group name could not be found. The user was a part of the group that was necessary to access the share. Just restarting the samba services allowed the users to get back in to the share. Not sure what the issue was until then... Samba version 3.5.2. smb.conf (with omits) [global] name resolve order = wins lmhosts hosts bcast ldap ssl = no delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g time server = Yes dns proxy = No workgroup = falm os level = 65 ldap admin dn = cn=admin,dc=directory,dc=server security = user add machine script = /usr/sbin/smbldap-useradd -w '%u' max log size = 50 log file = /var/log/samba/log.%m ldap user suffix = ou=People add group script = /usr/sbin/smbldap-groupadd -p %g hide unreadable = Yes add user to group script = /usr/sbin/smbldap-groupmod -m %u %g ldap password sync = yes logon drive = H: domain master = Yes preferred master = yes local master = yes encrypt passwords = yes logon home = \\%L\%U passdb backend = ldapsam:ldap://127.0.0.1/ wins support = true ldap delete dn = Yes ldap machine suffix = ou=Computers ldap group suffix = ou=Group server string = Evolution Origin Server ldap suffix = dc=directory,dc=server #log level = 3 logon path = \\%L\profiles add user script = /usr/sbin/smbldap-useradd -m %u set primary group script = /usr/sbin/smbldap-usermod -g %g %u ldap idmap suffix = ou=Idmap domain logons = Yes hosts allow = 192.168.1.0/24 127.0.0.0/8 interfaces = 192.168.1.0/24 logon script = %U.bat ... [neil share] writeable = yes path = /var/shares/neil share force directory mode = 770 force group = neilshare force create mode = 660 comment = Neil Share valid users = @neilshare create mode = 660 directory mode = 770 ... -- Mike A. Leonetti As warm as green tea -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] The user name could not be found when joining a samba domain
Actually, what was my ldap.conf had nss_base_passwdou=Computers,dc=directory,dc=server?sub nss_base_passwd ou=People,dc=directory,dc=server?sub But SAMBA was creating posix users for each computer it registered to the domain and the uids were getting mixed with the system users. So for example user1 and machine1 would have the same uid. Horrible things happened. So I commented the first line and then machines couldn't join the domain anymore. So my question is, can I now move or rename the uids of the machines that were created by /usr/sbin/smbldap-useradd -w script without dejoining the workstations from the domain? Above all, what is the best practice for managing both computers and domain users in LDAP? I think I got confused somewhere. Mike A. Leonetti As warm as green tea On 05/01/10 13:09, Damien Dye wrote: humm cn: workstation75$ description: Computer gecos: Computer gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false objectClass: top, account, posixAccount uid: workstation75$ uidNumber: 1068 looks like the samba account has not been created only the unix account. does the join work if you have a samba account for the machine defined first ? -- Damien Dye BSC(hon) On 30 April 2010 01:10, Michael Leonetti mleone...@evolutionce.com wrote: Using LDAP and the smbldap-tools. When attempting to join the domain with an administrative user, the computer gets added to the Computers list in LDAP with the following attributes: cn: workstation75$ description: Computer gecos: Computer gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false objectClass: top, account, posixAccount uid: workstation75$ uidNumber: 1068 Then the workstation displays this message: the following error occurred attempting to join the domain falm the user name could not be found Then the workstation log outputs this at log level 3 [2010/04/29 19:52:33.724539, 3] smbd/process.c:1485(process_smb) Transaction 0 of length 137 (0 toread) [2010/04/29 19:52:33.724570, 3] smbd/process.c:1294(switch_message) switch message SMBnegprot (pid 1986) conn 0x0 [2010/04/29 19:52:33.724593, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/29 19:52:33.724661, 3] smbd/negprot.c:586(reply_negprot) Requested protocol [PC NETWORK PROGRAM 1.0] [2010/04/29 19:52:33.724679, 3] smbd/negprot.c:586(reply_negprot) Requested protocol [LANMAN1.0] [2010/04/29 19:52:33.724692, 3] smbd/negprot.c:586(reply_negprot) Requested protocol [Windows for Workgroups 3.1a] [2010/04/29 19:52:33.724706, 3] smbd/negprot.c:586(reply_negprot) Requested protocol [LM1.2X002] [2010/04/29 19:52:33.724724, 3] smbd/negprot.c:586(reply_negprot) Requested protocol [LANMAN2.1] [2010/04/29 19:52:33.724742, 3] smbd/negprot.c:586(reply_negprot) Requested protocol [NT LM 0.12] [2010/04/29 19:52:33.724846, 3] smbd/negprot.c:404(reply_nt1) using SPNEGO [2010/04/29 19:52:33.724862, 3] smbd/negprot.c:691(reply_negprot) Selected protocol NT LM 0.12 [2010/04/29 19:52:33.736749, 3] smbd/process.c:1485(process_smb) Transaction 1 of length 240 (0 toread) [2010/04/29 19:52:33.736799, 3] smbd/process.c:1294(switch_message) switch message SMBsesssetupX (pid 1986) conn 0x0 [2010/04/29 19:52:33.736880, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/29 19:52:33.736930, 3] smbd/sesssetup.c:1435(reply_sesssetup_and_X) wct=12 flg2=0xc807 [2010/04/29 19:52:33.736952, 2] smbd/sesssetup.c:1390(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2010/04/29 19:52:33.737021, 3] smbd/sesssetup.c:1189(reply_sesssetup_and_X_spnego) Doing spnego session setup [2010/04/29 19:52:33.737086, 3] smbd/sesssetup.c:1231(reply_sesssetup_and_X_spnego) NativeOS=[Windows 2002 Service Pack 3 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] [2010/04/29 19:52:33.737157, 3] smbd/sesssetup.c:805(reply_spnego_negotiate) reply_spnego_negotiate: Got secblob of size 40 [2010/04/29 19:52:33.737254, 3] libsmb/ntlmssp.c:65(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0xa2088207 [2010/04/29 19:52:33.738057, 3] smbd/process.c:1485(process_smb) Transaction 2 of length 358 (0 toread) [2010/04/29 19:52:33.738121, 3] smbd/process.c:1294(switch_message) switch message SMBsesssetupX (pid 1986) conn 0x0 [2010/04/29 19:52:33.738185, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/29 19:52:33.738244, 3] smbd/sesssetup.c:1435(reply_sesssetup_and_X) wct=12 flg2=0xc807 [2010/04/29 19:52:33.738285, 2] smbd/sesssetup.c:1390(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2010/04/29 19:52:33.738337, 3] smbd/sesssetup.c:1189(reply_sesssetup_and_X_spnego) Doing spnego session setup
Re: [Samba] The user name could not be found when joining a samba domain
2010/4/29 Michael Leonetti mleonetti at evolutionce.com https://lists.samba.org/mailman/listinfo/samba: / The problem is the log doesn't give me any information on what's going on and this happened out of nowhere. Any help would really be appreciated. // / and your smb.conf? Most of the time, add machine script has '%u' (or %u), remove the quotes (or add them; depends on versions, and if a butterfly is flying somewhere in Japan) and it will work. HTH, Norberto Sorry. My e-mail server is acting up. Following your reply I tried single quotes, double quotes, and no quotes. No luck. My smb.conf [global] name resolve order = wins lmhosts hosts bcast ldap ssl = no delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g time server = Yes dns proxy = No workgroup = falm os level = 65 ldap admin dn = cn=admin,dc=directory,dc=server security = user add machine script = /usr/sbin/smbldap-useradd -w '%u' max log size = 50 log file = /var/log/samba/log.%m ldap user suffix = ou=People add group script = /usr/sbin/smbldap-groupadd -p %g hide unreadable = Yes add user to group script = /usr/sbin/smbldap-groupmod -m %u %g ldap password sync = yes logon drive = H: domain master = Yes preferred master = yes local master = yes encrypt passwords = yes logon home = \\%L\%U passdb backend = ldapsam:ldap://127.0.0.1/ wins support = true ldap delete dn = Yes ldap machine suffix = ou=Computers ldap group suffix = ou=Group server string = Evolution Origin Server ldap suffix = dc=directory,dc=server log level = 3 logon path = \\%L\profiles add user script = /usr/sbin/smbldap-useradd -m %u set primary group script = /usr/sbin/smbldap-usermod -g %g %u ldap idmap suffix = ou=Idmap domain logons = Yes hosts allow = 192.168.1.0/24 127.0.0.0/8 interfaces = 192.168.1.0/24 logon script = %U.bat [Homes] comment = Home directory read only = No create mask = 0600 browseable = No directory mask = 0700 path = /home/%u/windows #hide files = /Maildir/ [netlogon] path = /var/lib/samba/netlogon write list = root guest ok = Yes browseable = No [profiles] path = /home/%u/.profile writable = yes create mask = 0644 guest ok = Yes browseable = No directory mask = 0755 [neil share] writeable = yes path = /var/shares/neil share force directory mode = 770 force group = neilshare force create mode = 660 comment = Neil Share valid users = @neilshare create mode = 660 directory mode = 770 and the rest is just about thirty more shares like the one above this one. -- Mike A. Leonetti As warm as green tea -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] 212GB log file generated for a workstation
Had a server fill up completely with a samba workstation log file. The log file repeatedly had this information [2010/04/29 04:00:01, 0] smbd/notify_inotify.c:inotify_handler(240) No data on inotify fd?! about a billion times. In my smb.conf Ihave max log size = 50 set, so I was hoping the log file wouldn't get that big. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] The user name could not be found when joining a samba domain
2010/4/29 Michael Leonetti mleonetti at evolutionce.com https://lists.samba.org/mailman/listinfo/samba: / The problem is the log doesn't give me any information on what's going on and this happened out of nowhere. Any help would really be appreciated. // / and your smb.conf? Most of the time, add machine script has '%u' (or %u), remove the quotes (or add them; depends on versions, and if a butterfly is flying somewhere in Japan) and it will work. HTH, Norberto Sorry. My e-mail server is acting up. Following your reply I tried single quotes, double quotes, and no quotes. No luck. My smb.conf [global] name resolve order = wins lmhosts hosts bcast ldap ssl = no delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g time server = Yes dns proxy = No workgroup = falm os level = 65 ldap admin dn = cn=admin,dc=directory,dc=server security = user add machine script = /usr/sbin/smbldap-useradd -w '%u' max log size = 50 log file = /var/log/samba/log.%m ldap user suffix = ou=People add group script = /usr/sbin/smbldap-groupadd -p %g hide unreadable = Yes add user to group script = /usr/sbin/smbldap-groupmod -m %u %g ldap password sync = yes logon drive = H: domain master = Yes preferred master = yes local master = yes encrypt passwords = yes logon home = \\%L\%U passdb backend = ldapsam:ldap://127.0.0.1/ wins support = true ldap delete dn = Yes ldap machine suffix = ou=Computers ldap group suffix = ou=Group server string = Evolution Origin Server ldap suffix = dc=directory,dc=server log level = 3 logon path = \\%L\profiles add user script = /usr/sbin/smbldap-useradd -m %u set primary group script = /usr/sbin/smbldap-usermod -g %g %u ldap idmap suffix = ou=Idmap domain logons = Yes hosts allow = 192.168.1.0/24 127.0.0.0/8 interfaces = 192.168.1.0/24 logon script = %U.bat [Homes] comment = Home directory read only = No create mask = 0600 browseable = No directory mask = 0700 path = /home/%u/windows #hide files = /Maildir/ [netlogon] path = /var/lib/samba/netlogon write list = root guest ok = Yes browseable = No [profiles] path = /home/%u/.profile writable = yes create mask = 0644 guest ok = Yes browseable = No directory mask = 0755 [neil share] writeable = yes path = /var/shares/neil share force directory mode = 770 force group = neilshare force create mode = 660 comment = Neil Share valid users = @neilshare create mode = 660 directory mode = 770 and the rest is just about thirty more shares like the one above this one. -- Mike A. Leonetti As warm as green tea -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba over VPN
The VPN is a site-to-site VPN. It's a Linux-Sonicwall VPN. Other users can join other Windows domains no problem. I created an lmhosts file on the Windows 2003 server with this: 10.1.1.1 fortissimo #PRE #DOM:crcomputer 10.1.1.1 CRCOMPUTER \0x1b 10.1.1.1 CRCOMPUTER \0x1c However, when I go to create a share and assign domain users to it, it cannot find the domain. Mike A. Leonetti As warm as green tea Evolution CE 3468C Lawson Boulevard Oceanside, NY 11572 www.evolutionce.com 516-536-5006 ext 105 516-208-4679 (Direct) Gaiseric Vandal wrote: I had misread- I thought the DC was the one remote.I think -but am not sure- that WINS should have handled any netbios stuff including locating the DC. I could be wrong tho. Can you try editing the lmhosts file on the Win 2003 machine to provide the DC info? Is the sonicwall configured for a site-to-site VPN (i.e. the IP addresses at both ends are explicitly configured) or is the Win 2003 machine configured as a regular single user remote PC (what sonicwall calls a GroupVPN account.) Sonicwall may have some options to redirect netbios but I am pretty sure you should not need this. On 04/22/2010 04:26 PM, Mike A. Leonetti wrote: The W2K3 server is not the VPN client, the VPN client is a Sonicwall device. However, the side that has the DC (samba), the DC server also initiates the VPN (openswan). IPSec starts before samba. Leonardo Carneiro - Veltrac wrote: The W2K3 server is the VPN client or is a host behind a vpn client that have a route to the remote network? Is the server IS the vpn client, does the connection is being made by a service (prior to the user login) or you just connect to the VPN after login? Gaiseric Vandal wrote: How do the clients get IP addresses? You could try adding the WINS server value to the client ip address (either statically or via DHCP.) Then they should be able to get the necessary netbios name info even tho they are on a separate subnet. Why do you have the DC distant from the clients that it supports? On 04/22/2010 09:41 AM, Mike A. Leonetti wrote: Yeah. I don't think it's the VPN blocking traffic. I think my WINS server is not functioning properly. I'll keep working at it. Daniel Müller wrote: Are you sure, I thought with ipsec there could be netbios bypassing the tunnel. Shares and dns are always working. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: Mike A. Leonetti [mailto:mleone...@evolutionce.com] Gesendet: Mittwoch, 14. April 2010 16:47 An: muel...@tropenklinik.de Cc: samba Mailing Betreff: Re: AW: [Samba] Samba over VPN Daniel, I'm using ipsec for a VPN. Since all shares are working and name resolution all netbios packets seem to be traversing the VPN no problem. Thanks. Daniel Müller wrote: Hello, as far I know you need a vpn with netbios enabled. This can be done witch openvpn in briding mode. Or with a router having this option. Greetings Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Mike A. Leonetti Gesendet: Dienstag, 13. April 2010 22:27 An: Samba Mailing Betreff: [Samba] Samba over VPN Have a 2003 server located outside of the Domain network over a VPN. The server originally existed inside the network (10.1.1.0/24) but now exists on 10.10.12.0/24. I can access shares over the VPN to the domain controller, but when I try to log in as a domain user it says the domain is unavailable. I added the domain controller as a WINS server on the 2003 server. nbtstat -c on the 2003 does list the domain controller and the domain. Microsoft Windows [Version 5.2.3790] (C) Copyright 1985-2003 Microsoft Corp. C:\Documents and Settings\Administratornbtstat -c Local Area Connection 2: Node IpAddress: [10.10.12.244] Scope Id: [] NetBIOS Remote Cache Name Table Name Type Host AddressLife [sec] CRCOMPUTER1CGROUP 10.1.1.1390 CRCOMPUTER1BUNIQUE 10.1.1.1387 FORTISSIMO20UNIQUE 10.1.1.1430 C
Re: [Samba] Samba over VPN
Actually, strangely, what fixed this issue was adding this to the samba config: interfaces = 10.1.1.0/24 10.10.12.0/24 10.0.0.0/24 I just basically duplicated this line: hosts allow = 10.1.1.0/24 127.0.0.0/8 10.10.12.0/24 10.0.0.0/24 And took out the localhost. Now everything works as expected. Lennart Sorensen wrote: On Mon, Apr 26, 2010 at 02:21:47PM -0400, Mike A. Leonetti wrote: The VPN is a site-to-site VPN. It's a Linux-Sonicwall VPN. Other users can join other Windows domains no problem. I created an lmhosts file on the Windows 2003 server with this: 10.1.1.1 fortissimo #PRE #DOM:crcomputer 10.1.1.1 CRCOMPUTER \0x1b 10.1.1.1 CRCOMPUTER \0x1c However, when I go to create a share and assign domain users to it, it cannot find the domain. I didn't think you were supposed to have multiple lines with the same ip. Multiple names on one line is fine of course. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba over VPN
Yeah. I don't think it's the VPN blocking traffic. I think my WINS server is not functioning properly. I'll keep working at it. Daniel Müller wrote: Are you sure, I thought with ipsec there could be netbios bypassing the tunnel. Shares and dns are always working. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: Mike A. Leonetti [mailto:mleone...@evolutionce.com] Gesendet: Mittwoch, 14. April 2010 16:47 An: muel...@tropenklinik.de Cc: samba Mailing Betreff: Re: AW: [Samba] Samba over VPN Daniel, I'm using ipsec for a VPN. Since all shares are working and name resolution all netbios packets seem to be traversing the VPN no problem. Thanks. Daniel Müller wrote: Hello, as far I know you need a vpn with netbios enabled. This can be done witch openvpn in briding mode. Or with a router having this option. Greetings Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Mike A. Leonetti Gesendet: Dienstag, 13. April 2010 22:27 An: Samba Mailing Betreff: [Samba] Samba over VPN Have a 2003 server located outside of the Domain network over a VPN. The server originally existed inside the network (10.1.1.0/24) but now exists on 10.10.12.0/24. I can access shares over the VPN to the domain controller, but when I try to log in as a domain user it says the domain is unavailable. I added the domain controller as a WINS server on the 2003 server. nbtstat -c on the 2003 does list the domain controller and the domain. Microsoft Windows [Version 5.2.3790] (C) Copyright 1985-2003 Microsoft Corp. C:\Documents and Settings\Administratornbtstat -c Local Area Connection 2: Node IpAddress: [10.10.12.244] Scope Id: [] NetBIOS Remote Cache Name Table Name Type Host AddressLife [sec] CRCOMPUTER 1C GROUP 10.1.1.1390 CRCOMPUTER 1B UNIQUE 10.1.1.1387 FORTISSIMO 20 UNIQUE 10.1.1.1430 C:\Documents and Settings\Administrator Is there a way I can test the WINS server to definitely make sure it's working? Is it that SAMBA isn't broadcasting itself over the 10.10.12.0 (VPN) network? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba over VPN
I didn't really have a say in this one. They moved my virtual machine with a whole bunch of servers to a remote location. :( On a WinXP machine I tried setting the WINS server to 10.1.1.1 (the IP of the DC) and Enabled NetBIOS over TCP/IP. Then on the Linux server end I set up a Samba 3.5.2 server and added this to my smb.conf: wins support = true name resolve order = lmhosts hosts bcast Then I set my LMHOSTS to: 127.0.0.1 localhost 10.1.1.1FORTISSIMO#20 10.1.1.1CRCOMPUTER#1b 10.1.1.1CRCOMPUTER#1c 10.1.1.1CRCOMPUTER#1d 10.1.1.1CRCOMPUTER#1e Which of course fortissimo is the name of the DC and crcomputer is the name of the domain. I can access shares on the server no problem. But when I go to share a folder on the machine and find domain users, it doesn't even recognize the domain. I'm not sure which parts not working. Gaiseric Vandal wrote: How do the clients get IP addresses? You could try adding the WINS server value to the client ip address (either statically or via DHCP.) Then they should be able to get the necessary netbios name info even tho they are on a separate subnet. Why do you have the DC distant from the clients that it supports? On 04/22/2010 09:41 AM, Mike A. Leonetti wrote: Yeah. I don't think it's the VPN blocking traffic. I think my WINS server is not functioning properly. I'll keep working at it. Daniel Müller wrote: Are you sure, I thought with ipsec there could be netbios bypassing the tunnel. Shares and dns are always working. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: Mike A. Leonetti [mailto:mleone...@evolutionce.com] Gesendet: Mittwoch, 14. April 2010 16:47 An: muel...@tropenklinik.de Cc: samba Mailing Betreff: Re: AW: [Samba] Samba over VPN Daniel, I'm using ipsec for a VPN. Since all shares are working and name resolution all netbios packets seem to be traversing the VPN no problem. Thanks. Daniel Müller wrote: Hello, as far I know you need a vpn with netbios enabled. This can be done witch openvpn in briding mode. Or with a router having this option. Greetings Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Mike A. Leonetti Gesendet: Dienstag, 13. April 2010 22:27 An: Samba Mailing Betreff: [Samba] Samba over VPN Have a 2003 server located outside of the Domain network over a VPN. The server originally existed inside the network (10.1.1.0/24) but now exists on 10.10.12.0/24. I can access shares over the VPN to the domain controller, but when I try to log in as a domain user it says the domain is unavailable. I added the domain controller as a WINS server on the 2003 server. nbtstat -c on the 2003 does list the domain controller and the domain. Microsoft Windows [Version 5.2.3790] (C) Copyright 1985-2003 Microsoft Corp. C:\Documents and Settings\Administratornbtstat -c Local Area Connection 2: Node IpAddress: [10.10.12.244] Scope Id: [] NetBIOS Remote Cache Name Table Name Type Host AddressLife [sec] CRCOMPUTER1C GROUP 10.1.1.1390 CRCOMPUTER1B UNIQUE 10.1.1.1387 FORTISSIMO20 UNIQUE 10.1.1.1430 C:\Documents and Settings\Administrator Is there a way I can test the WINS server to definitely make sure it's working? Is it that SAMBA isn't broadcasting itself over the 10.10.12.0 (VPN) network? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba over VPN
The W2K3 server is not the VPN client, the VPN client is a Sonicwall device. However, the side that has the DC (samba), the DC server also initiates the VPN (openswan). IPSec starts before samba. Leonardo Carneiro - Veltrac wrote: The W2K3 server is the VPN client or is a host behind a vpn client that have a route to the remote network? Is the server IS the vpn client, does the connection is being made by a service (prior to the user login) or you just connect to the VPN after login? Gaiseric Vandal wrote: How do the clients get IP addresses? You could try adding the WINS server value to the client ip address (either statically or via DHCP.) Then they should be able to get the necessary netbios name info even tho they are on a separate subnet. Why do you have the DC distant from the clients that it supports? On 04/22/2010 09:41 AM, Mike A. Leonetti wrote: Yeah. I don't think it's the VPN blocking traffic. I think my WINS server is not functioning properly. I'll keep working at it. Daniel Müller wrote: Are you sure, I thought with ipsec there could be netbios bypassing the tunnel. Shares and dns are always working. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: Mike A. Leonetti [mailto:mleone...@evolutionce.com] Gesendet: Mittwoch, 14. April 2010 16:47 An: muel...@tropenklinik.de Cc: samba Mailing Betreff: Re: AW: [Samba] Samba over VPN Daniel, I'm using ipsec for a VPN. Since all shares are working and name resolution all netbios packets seem to be traversing the VPN no problem. Thanks. Daniel Müller wrote: Hello, as far I know you need a vpn with netbios enabled. This can be done witch openvpn in briding mode. Or with a router having this option. Greetings Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Mike A. Leonetti Gesendet: Dienstag, 13. April 2010 22:27 An: Samba Mailing Betreff: [Samba] Samba over VPN Have a 2003 server located outside of the Domain network over a VPN. The server originally existed inside the network (10.1.1.0/24) but now exists on 10.10.12.0/24. I can access shares over the VPN to the domain controller, but when I try to log in as a domain user it says the domain is unavailable. I added the domain controller as a WINS server on the 2003 server. nbtstat -c on the 2003 does list the domain controller and the domain. Microsoft Windows [Version 5.2.3790] (C) Copyright 1985-2003 Microsoft Corp. C:\Documents and Settings\Administratornbtstat -c Local Area Connection 2: Node IpAddress: [10.10.12.244] Scope Id: [] NetBIOS Remote Cache Name Table Name Type Host AddressLife [sec] CRCOMPUTER1C GROUP 10.1.1.1390 CRCOMPUTER1B UNIQUE 10.1.1.1387 FORTISSIMO20 UNIQUE 10.1.1.1430 C:\Documents and Settings\Administrator Is there a way I can test the WINS server to definitely make sure it's working? Is it that SAMBA isn't broadcasting itself over the 10.10.12.0 (VPN) network? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba over VPN
Daniel, I'm using ipsec for a VPN. Since all shares are working and name resolution all netbios packets seem to be traversing the VPN no problem. Thanks. Daniel Müller wrote: Hello, as far I know you need a vpn with netbios enabled. This can be done witch openvpn in briding mode. Or with a router having this option. Greetings Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Mike A. Leonetti Gesendet: Dienstag, 13. April 2010 22:27 An: Samba Mailing Betreff: [Samba] Samba over VPN Have a 2003 server located outside of the Domain network over a VPN. The server originally existed inside the network (10.1.1.0/24) but now exists on 10.10.12.0/24. I can access shares over the VPN to the domain controller, but when I try to log in as a domain user it says the domain is unavailable. I added the domain controller as a WINS server on the 2003 server. nbtstat -c on the 2003 does list the domain controller and the domain. Microsoft Windows [Version 5.2.3790] (C) Copyright 1985-2003 Microsoft Corp. C:\Documents and Settings\Administratornbtstat -c Local Area Connection 2: Node IpAddress: [10.10.12.244] Scope Id: [] NetBIOS Remote Cache Name Table Name Type Host AddressLife [sec] CRCOMPUTER 1C GROUP 10.1.1.1390 CRCOMPUTER 1B UNIQUE 10.1.1.1387 FORTISSIMO 20 UNIQUE 10.1.1.1430 C:\Documents and Settings\Administrator Is there a way I can test the WINS server to definitely make sure it's working? Is it that SAMBA isn't broadcasting itself over the 10.10.12.0 (VPN) network? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba over VPN
Have a 2003 server located outside of the Domain network over a VPN. The server originally existed inside the network (10.1.1.0/24) but now exists on 10.10.12.0/24. I can access shares over the VPN to the domain controller, but when I try to log in as a domain user it says the domain is unavailable. I added the domain controller as a WINS server on the 2003 server. nbtstat -c on the 2003 does list the domain controller and the domain. Microsoft Windows [Version 5.2.3790] (C) Copyright 1985-2003 Microsoft Corp. C:\Documents and Settings\Administratornbtstat -c Local Area Connection 2: Node IpAddress: [10.10.12.244] Scope Id: [] NetBIOS Remote Cache Name Table Name Type Host AddressLife [sec] CRCOMPUTER 1C GROUP 10.1.1.1390 CRCOMPUTER 1B UNIQUE 10.1.1.1387 FORTISSIMO 20 UNIQUE 10.1.1.1430 C:\Documents and Settings\Administrator Is there a way I can test the WINS server to definitely make sure it's working? Is it that SAMBA isn't broadcasting itself over the 10.10.12.0 (VPN) network? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] SMBLDAP tools reports modifications require authentication at /usr/sbin//smbldap_tools.pm but manually command works.
Mike A. Leonetti wrote: Every time I try and join a Vista system to the domain I get this error in the log: [2010/03/26 15:18:58, 0] smbd/service.c:make_connection(1191) april (192.168.1.194) couldn't find service public Error: modifications require authentication at /usr/sbin//smbldap_tools.pm line 1083. [2010/03/26 15:19:16, 0] passdb/pdb_interface.c:pdb_default_create_user(329) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w april$' gave 1 But when I run the command above manually it works fine: evoserver ~ # /usr/sbin/smbldap-useradd -w april$ Cannot confirm uidNumber 1014 is free: checking for the next one Cannot confirm uidNumber 1015 is free: checking for the next one Cannot confirm uidNumber 1016 is free: checking for the next one Cannot confirm uidNumber 1017 is free: checking for the next one evoserver ~ # /usr/sbin/smbldap-useradd -w april$ /usr/sbin/smbldap-useradd: user april$ exists What could be the difference from what Samba does and what I do? After adding the machine myself I got the following error: smbldap_open: cannot access LDAP when not root.. Which was solved by updating samba to 3.3.10. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] SMBLDAP tools reports modifications require authentication at /usr/sbin//smbldap_tools.pm but manually command works.
Every time I try and join a Vista system to the domain I get this error in the log: [2010/03/26 15:18:58, 0] smbd/service.c:make_connection(1191) april (192.168.1.194) couldn't find service public Error: modifications require authentication at /usr/sbin//smbldap_tools.pm line 1083. [2010/03/26 15:19:16, 0] passdb/pdb_interface.c:pdb_default_create_user(329) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w april$' gave 1 But when I run the command above manually it works fine: evoserver ~ # /usr/sbin/smbldap-useradd -w april$ Cannot confirm uidNumber 1014 is free: checking for the next one Cannot confirm uidNumber 1015 is free: checking for the next one Cannot confirm uidNumber 1016 is free: checking for the next one Cannot confirm uidNumber 1017 is free: checking for the next one evoserver ~ # /usr/sbin/smbldap-useradd -w april$ /usr/sbin/smbldap-useradd: user april$ exists What could be the difference from what Samba does and what I do? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] MMC snap in Active Directory Users and Groups failing
My goal is to set up User/Group/Computer policies to load up at login. I downloaded the adminpak from Microsoft and installed it on an XP Pro machine that was on the domain. I logged in as an Administrative user. Samba is set up with LDAP Users and Groups. I followed the directions on http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/PolicyMgmt.html#id2659443 and added the MMC snap in and when I do that I get an error saying Naming information cannot be located because: The specified domain either does not exist or could not be contacted. Now, this computer has successfully joined itself to the domain and users can log in fine. Alternatively, I was able to find a version of POLEDIT.EXE that will generate a .POL file, but the latest .adm files from Microsoft fail to load on it. I am not really fixed on one option or the other. As long as one works. Here is the workstation logfile on loglevel 4: [2010/02/15 12:17:43, 3] smbd/process.c:process_smb(1083) Transaction 9 of length 45 [2010/02/15 12:17:43, 3] smbd/process.c:switch_message(932) switch message SMBclose (pid 32303) conn 0xb8138640 [2010/02/15 12:17:43, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2010/02/15 12:17:43, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1271) search for pipe pnum=776d [2010/02/15 12:17:43, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1169) closed pipe name NETLOGON pnum=776d (pipes_open=0) [2010/02/15 12:17:54, 3] smbd/process.c:process_smb(1083) Transaction 10 of length 43 [2010/02/15 12:17:54, 3] smbd/process.c:switch_message(932) switch message SMBulogoffX (pid 32303) conn 0x0 [2010/02/15 12:17:54, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/02/15 12:17:54, 3] smbd/reply.c:reply_ulogoffX(1560) ulogoffX vuid=101 [2010/02/15 12:17:54, 3] smbd/process.c:process_smb(1083) Transaction 11 of length 39 [2010/02/15 12:17:54, 3] smbd/process.c:switch_message(932) switch message SMBtdis (pid 32303) conn 0xb8138640 [2010/02/15 12:17:54, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/02/15 12:17:54, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/02/15 12:17:54, 3] smbd/service.c:close_cnum(1239) flywheel (192.168.1.3) closed connection to service IPC$ [2010/02/15 12:17:54, 3] smbd/connection.c:yield_connection(69) Yielding connection to IPC$ [2010/02/15 12:17:54, 4] smbd/vfs.c:vfs_ChDir(665) vfs_ChDir to / [2010/02/15 12:17:54, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/02/15 12:17:54, 3] smbd/process.c:timeout_processing(1343) timeout_processing: End of file from client (client has disconnected). [2010/02/15 12:17:54, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/02/15 12:17:54, 3] smbd/connection.c:yield_connection(69) Yielding connection to [2010/02/15 12:17:54, 3] smbd/server.c:exit_server_common(766) Server exit (normal exit) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba