Re: [Samba] domain provision error
Hello Greg, On Fri, Jan 25, 2013 at 7:03 AM, Greg Sloop < gr...@sloop.net> wrote: > > Has anyone gotten it to compile, install and provision properly on Ubuntu > 12.04? Yes. Have you installed libacl1-dev, libattr1-dev, attr, acl? Regards, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Move from roaming to local profiles
Hello, first, I'm sorry for making you wait for so long. I had some personal problems that required my attention. On Fri, Jan 11, 2013 at 12:32 PM, Donny Brooks wrote: > 1. Log in as user on old domain, verify stuff works > 2. Log out and in as local administrator > 3. Change from olddomain to newdomain, reboot Ok > 4. Log in as user on newdomain, creates new profile (obviously since it is a > "new user") Nope. You should remain logged as administrator, change permissions on the user folder to the user of the newdomain. Then, from regedit, load the user registry and change its permissions. > 5. Reboot to make sure profile is not locked and log in as local administrator Yes. Everything else is unnecessary, just login as the user in the new domain and it should work. HTH, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Move from roaming to local profiles
On Wed, Jan 9, 2013 at 6:57 PM, Donny Brooks wrote: > > Ok, I tested this on a couple of our windows 7 machines. I did as you said > and changed the profile to a local one, removed it from the existing domain, > added it to the new domain, and logged in as the user again. It gave me a new > profile. Looking in C:\Users I see the username folder and > username.NEWDOMAIN. It is creating a new profile for the same user on the new > domain. Is there a way to do this? I have searched but only see directions > for doing local profiles to roaming. Figures I would be going against the > grain here. Add the machine to the new domain. Change permisions on the username folder. Also, you'll need to load the user's registry and change permissions. I really can't remember if you also need to change something else in the user's registry. I'll ask our technicians tomorrow and I'll let you know. BTW, the same username in two domains is a different user (different SID). That's why you see username.NEWDOMAIN. Regards, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Extending AD schema
Hello, from: https://wiki.samba.org/index.php/Samba4/FAQ """ Will it also be possible in the future to extend the server by loading user defined schema's? Yes, user-defined schema may be loaded into the Samba 4.0 AD DC. It is experimental, so you must set dsdb:schema update allowed = yes in the smb.conf to permit it. """ My question is: what does it mean "it is experimental"? I'm asking because I'm in the process of migrating an existing s3+ldap domain, which has some custom classes and attributes. While I can emulate some of our functionality using AD attributes and classes, some others cannot (or I just haven't find the way yet). I have already added our custom schemas to s4, and everything seems to be fine, but I'd like to know beforehand what (maybe) won't work. Many thanks in advance, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4, classicupgrade: set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_INVALID_OWNER
Hello Andrew, 2012/10/10 Andrew Bartlett : > > A patch is in GIT master (to paper over the issue), which may be > backported to the 4.0 release stream once folks confirm it works > properly. And so I pulled from master, and now it correctly upgrades the test domain. Thank very much!! Regards, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba4, classicupgrade: set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_INVALID_OWNER
Hello, I'm testing samba4. I've setup a small samba3+ldap pdc, and then I tried a classicupgrade, but I can't pass step 4 of the howto. ubuntu@samba4:~/samba4$ /usr/local/samba/sbin/samba -V Version 4.1.0pre1-GIT-899cdc4 ubuntu@samba4:~/samba4$ sudo /usr/local/samba/bin/samba-tool domain classicupgrade --realm=example.com --dbdir=/root/samba /root/samba/smb.conf Reading smb.conf Provisioning Exporting account policy Exporting groups Exporting users Skipping wellknown rid=500 (for username=Administrator) Skipping wellknown rid=501 (for username=nobody) Demoting BDC account trust for samba3, this DC must be elevated to an AD DC using 'samba-tool domain promote' Next rid = 1009 Exporting posix attributes Reading WINS database Cannot open wins database, Ignoring: [Errno 2] No such file or directory: '/root/samba/wins.dat' Looking up IPv4 addresses Looking up IPv6 addresses No IPv6 address will be assigned Setting up share.ldb Setting up secrets.ldb Setting up the registry Setting up the privileges database Setting up idmap db Setting up SAM db Setting up sam.ldb partitions and settings Setting up sam.ldb rootDSE Pre-loading the Samba 4 and AD schema Adding DomainDN: DC=example,DC=com Adding configuration container Setting up sam.ldb schema Setting up sam.ldb configuration data Setting up display specifiers Adding users container Modifying users container Adding computers container Modifying computers container Setting up sam.ldb data Setting up well known security principals Setting up sam.ldb users and groups Setting up self join Setting acl on sysvol skipped Adding DNS accounts Creating CN=MicrosoftDNS,CN=System,DC=example,DC=com Creating DomainDnsZones and ForestDnsZones partitions Populating DomainDnsZones and ForestDnsZones partitions Setting up sam.ldb rootDSE marking as synchronized Fixing provision GUIDs A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf Setting up fake yp server settings Once the above files are installed, your Samba4 server will be ready to use Admin password:,mlY4&4K(WD&G(O7a_-.6M@E Server Role: active directory domain controller Hostname: samba4 NetBIOS Domain:EXAMPLE DNS Domain:example.com DOMAIN SID:S-1-5-21-831389399-4071795767-414191908 A phpLDAPadmin configuration file suitable for administering the Samba 4 LDAP server has been created in /usr/local/samba/private/phpldapadmin-config.php. Importing WINS database Importing Account policy Importing idmap database Cannot open idmap database, Ignoring: [Errno 2] No such file or directory Importing groups Group already exists sid=S-1-5-21-831389399-4071795767-414191908-513, groupname=Domain Users existing_groupname=Domain Users, Ignoring. Group already exists sid=S-1-5-21-831389399-4071795767-414191908-512, groupname=Domain Admins existing_groupname=Domain Admins, Ignoring. Group already exists sid=S-1-5-21-831389399-4071795767-414191908-514, groupname=Domain Guests existing_groupname=Domain Guests, Ignoring. Group already exists sid=S-1-5-32-544, groupname=Administrators existing_groupname=Administrators, Ignoring. Group already exists sid=S-1-5-32-545, groupname=Users existing_groupname=Users, Ignoring. Group already exists sid=S-1-5-32-546, groupname=Guests existing_groupname=Guests, Ignoring. Importing users Adding users to groups set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_INVALID_OWNER. ERROR(runtime): uncaught exception - (-1073741734, 'NT_STATUS_INVALID_OWNER') File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 170, in _run return self.run(*args, **kwargs) File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py", line 1321, in run useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs) File "/usr/local/samba/lib/python2.7/site-packages/samba/upgrade.py", line 913, in upgrade_from_samba3 result.names.domaindn, result.lp, use_ntvfs) File "/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py", line 1468, in setsysvolacl set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, use_ntvfs) File "/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py", line 1405, in set_gpos_acl str(domainsid), use_ntvfs) File "/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py", line 1369, in set_dir_acl setntacl(lp, path, acl, domsid, use_ntvfs=use_ntvfs) File "/usr/local/samba/lib/python2.7/site-packages/samba/ntacls.py", line 108, in setntacl smbd.set_nt_acl(file, security.SECINFO_OWNER | security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd) ubuntu@samba4:~/samba4$ sudo testparm /root/samba/smb.conf [global] workgroup = EXAMPLE passdb backend = ldapsam:ldap://localhost/ domain logons = Yes os level = 33 preferred master = Yes domain master = Yes ldap admin dn = cn=admin,
Re: [Samba] Problem integrating Samba with External LDAP
2010/8/13 Cool The Breezer : > On restarting smb service, I am getting following error > Failed to retrieve password from secrets.tdb did you run: # smbpasswd -W ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ldap ssl = off ??
I'm sure that setting is there only to simplify the how to El 03/08/2010 18:20, "Clark Johnston" escribió: * * ldap ssl = off In the how to for setting up samba-ldap http://www.howtoforge.com/centos-5.x-samba-domain-controller-with-ldap-backend-p2 * * the author writes that you need ldap ssl = off* *for samba 3.x am I interpreting this incorrectly? I interpreted 'ldap ssl = off' as being that the communication from the samba server to ldap server was not encrypted or not using tls and has nothing to do with the communication with client computers in the domain. Is this a change in the 3.x versions which requires that you explicitly state you are not using ssl/tls. * * -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] User security and public shares
2010/7/18 Lord Devi : > have tried to create a configuration in which two shares exist ( [data], and > [apps] ) that require user authentication to access. While at the same time > there exists a share, [public] which I want to be browseable and connectable > by everyone with NO password. read "map to guest" in man smb.conf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] hidden share
On Sun, Aug 16, 2009 at 12:54 PM, Helmut Hullen wrote: > browseable = no hint: man smb.conf regards, norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] problem with samba and ldap
On Wed, Aug 5, 2009 at 4:28 PM, Theodoro wrote: > Does anybody know what might be happening? In /etc/ldap.conf, I bet your nss_base_passwd is "ou=users,dc=test,dc=com,dc=br". It should be "dc=test,dc=com,dc=br". -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to use local profiles in samba PDC?
On Wed, Jul 29, 2009 at 10:52 AM, Christopher Perry wrote: > A) Only allowing local profiles and disabling roaming profiles: > (start->run->gpedit.msc->Local Computer Policy->Computer > Configuration->Administratrive Templates->System->User Profiles Why don't you just use pdbedit? smb.conf: logon path = /path/to/logon Then: # pdbedit -p "" user-with-no-roaming-profile The default is to have a roaming profile. You disable it for certain users. I remember doing this once for a customer. It worked perfectly. HTH, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] couldn't find service netlogo
On Fri, Jul 24, 2009 at 2:37 PM, Christopher Perry wrote: > it truncates netlogo in the log file, unless it actually thinks it's looking > for netlogo. > > Has anyone experienced this, or have any ideas? Yes; but with other shares. The AV software in the client was the culprit in our case. HTH, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Only administrator works in ldapsam:editposix domain
Always CC the list. On Wed, Jul 22, 2009 at 10:20 AM, Kyle Schmitt wrote: > On Tue, Jul 21, 2009 at 10:36 PM, Norberto Bensa wrote: >> If you use ldapsam:editposix, that's is automatically done for you >> with the net command. Are you sure your nsswitch.conf is configured >> correctly? > > At first I didn't have the nsswitch.conf setup, because I intended the > server to handle LDAP & samba for remote systems, but not for itself > (something I've done before quite successfully with straight LDAP > setups). It needs LDAP for itself. Samba needs unix accounts and groups. Read the docs. > The only issue now is getting the unix password/shadow information in > LDAP, /etc/nsswitch.conf /etc/ldap.conf /etc/ldap.secret /etc/ldap/ldap.conf (paths are for Debian based distros) > and somehow getting the correct homeDirectory entry by default > (right now it's defaulting to /home//). Use "template homedir" in smb.conf Regards, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Only administrator works in ldapsam:editposix domain
On Tue, Jul 21, 2009 at 6:53 PM, Kyle Schmitt wrote: > Nevermind, I found it. I needed to add the user to the group in unix > (or unix/ldap) first, then to the nt group. If you use ldapsam:editposix, that's is automatically done for you with the net command. Are you sure your nsswitch.conf is configured correctly? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Deploying apps via policy
On Mon, Jul 20, 2009 at 5:27 PM, Marcio Merlone wrote: > Mister Olli escreveu: >> >> see http://wiki.samba.org/index.php/Franky. >> > > At this point of samba4 devel, is it possible to run a small network without > the Frank stuff, i.e. a pure samba4 setup without samba3? I just need an AD, > file sharing and a couple of Windows server members, no printers, no nothing > fancy. I've just tried samba4 in a small virtualized environment (3 vms) using ubuntu karmic (9.10 alpha) as server and windows 2k and xp as clients. I could add machines and users to the domain, access shares in the server, but I couldn't browse the network. smbclient doesn't work for browsing either, it shows a "REWRITE: browsing not implemented" or something like that. HTH, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to migrate samba to new box
On Mon, Jul 20, 2009 at 4:55 AM, Gary Greene wrote: > If you're having problems with mailing list handling, I'm not. But I have tens of emails in my in-box that *should* be on the list. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to migrate samba to new box
On Sun, Jul 19, 2009 at 1:20 PM, Tri Trinh wrote: > Thanks Norberto, since we need to map Windows groups to linux groups, > and create linux users whenever we create Windows users, do I need to > re-create all linux groups and users on the new box as well? If yes, > please advise if the user and group id must be the same on 2 boxes. > Rgds, > Tri > Oh yes. You can copy the users from /etc/passwd and groups from /etc/groups. Don't copy the whole files, just copy & paste the entries you need. Regards, Norberto PS: list admins. Can you please modify the reply-to header to point to the list? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to migrate samba to new box
On Sun, Jul 19, 2009 at 12:54 PM, Tri Trinh wrote: > Dear list, > > I have samba 3.0.21 on a fedora 5 box. I would like to migrate the > whole things to a new box which runs CentOS 5.3. Is there any way to > migrate samba verbatim to a new box? It's not hard. I've done it many times. You need to move /etc/samba, /var/lib/samba, /var/cache/samba, /var/spool/samba, and your shares of course. HTH, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Change the OS Level of Windows
On Sat, Jul 18, 2009 at 3:34 PM, Richard Lamboj wrote: > is there a way of changing the OS Level of Windows XP? Some time ago i have > seen a strange thing. We have running 70 Windows XP Clients and we have three > trusted domains with Samba. Sometimes logons on trusted domains are very slow > or doesnt work. So i have searched and searched. I have turned one windows xp > client after one off. I have found three Windows XP Computer that makes > troubles. If this three Windows XP Clients are online, than trusted domain > logins doesnt work! I have formated those Computers and reinstalled Windows > XP, now it works. So is there a way to manipulate the "OS Level" of Windows? > And why got a Windows XP Pro client Domain Logon Requests? Strange... I have experienced something like that. One day ONE Windows XP wrongly configured (workgroup instead of domain member) took the place of the PDC. Lots of bad things started to happen. For example, we couldn't add machines to the domain, etc. We have to shutdown every workstation and the server. > Is there a way to tell the WINS Server wich PDC is responsible for a Domain? domain logons = yes HTH, Norberto PS: fix your email client. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Deploying apps via policy
On Fri, Jul 17, 2009 at 8:35 AM, Mister Olli wrote: > It's a guide on how to install fonts using WinInstall. This one creates > a MSI package that you can install via GPO. GPO? With Samba? I'm interested. What version are you using? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Backup Server
On Fri, Jul 17, 2009 at 9:29 AM, Adam Del Vecchio wrote: > Suggestions would be great. Take a look at the following projects: drbd heartbeat HTH, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba users can still login after password change
On Tue, Jul 14, 2009 at 7:05 PM, David Christensen wrote: > Anyone know why a user can still use their old password to login to a > samba domain when the sambaNTPassword and sambaLMPassword that are > stored in the ldap backend have been changed? Weird theory here: clients lost connection with logon server, so they use the cached password (the old one) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] VFS recycle & force user
On Mon, Jul 13, 2009 at 9:06 AM, Lukas Deseyve wrote: > > Hi, > > i tried Samba 3.4.0 but with same result:( >From what I understand, Jeremy says you should downgrade to 3.3.6 to restore the behavior you want. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] login.bat has error?
On Thu, Jul 9, 2009 at 8:31 AM, Mohsen Pahlevanzadeh wrote: > ldap suffix = dc=example,dc=com Ohh... Your smb.conf is wrong. That one should read: ldap suffix = dc=mylove -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] login.bat has error?
On Fri, Jul 10, 2009 at 4:23 PM, Mohsen Pahlevanzadeh wrote: > I have configure all of them.But you remind me hash of > smbldap_bind.conf, i input clear text password.May i input hash of my > password? AFAIK, you need clear text passwords. What about your ACLs? Does DN have permission to write? Are you sure you have not made a typo somewhere? Do you have the samba.schema in place? The error you posted is -apparently- from Samba. When you run smbldap-useradd from CLI, does it gives an error? Can you run "smbldap-useradd somebody"? Remember that computers are users too, so nss_base_passwd (/etc/ldap.conf) must be configured so it can return entries in ou=users and ou=computers (in your case it must be nss_base_passwd dc=mylove?sub) BTW, are you running: smbldap-useradd -w debian$ or smbldap-useradd -w debian ? Regards, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] login.bat has error?
On Fri, Jul 10, 2009 at 6:42 AM, Mohsen Pahlevanzadeh wrote: > Oh,I found following log in log.debian: > Error: modifications require authentication > at /usr/share/perl5/smbldap_tools.pm line 1083. Looking up the code of smbldap_tools.pm, it looks like it is trying to make a modification to the tree, but it doesn't have the required permissions (it wants to update $sambaUnixIdPooldn) Have you configured all these files ? : /etc/ldap/slapd.conf /etc/ldap/ldap.conf /etc/ldap.conf /etc/nsswitch.conf /etc/smbldap-tools/smbldap-tools.conf /etc/smbldap-tools/smbldap_bind.conf /etc/samba/smb.conf Have you ran smbldap-populate ? Does samba know the "ldap admin dn" password (smbpasswd -W) ? Can you run "smbldap-useradd -w workstation"? Does it succeed? HTH, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Simple group question...
2009/7/10 Regis Niggemann : > IF (and it's a big IF) a user HAS to have admin rights on the local machine, > then grant that user those rights only on their primary machine. I > acknowledge that it can be a pain to administer if you have a lot of users > that use different machines. But in most circumstances, a single user uses > a single machine and it's manageable. If you're talking about one user on one specific machine, then yes, give him rights on their box. I don't know why but I thought that we were talking about a group of people. IT staff for example usually needs admin right in every computer in an organization. Regards, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Simple group question...
2009/7/10 Regis Niggemann : > Of course the problem with this method is you are granting that group admin > rights to all those computers. If a single account in that group with those > rights becomes infected with some malware, it is possible for that malware > to infect ALL the computers. > Do you know a better way? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Simple group question...
On Fri, Jul 10, 2009 at 2:18 AM, supha...@gmx.com wrote: > Hi, > This works for me ,you can try. > > After join computer to domain then log on to Windows Xp with local > administrator account and go to control panel -> addusers (select > account from your domain) -> Grant access level to your domain account > as "Administrator". > That's the admin nightmare :-) If you have 500 computers to admin, how do you remove Tom's admin rights? The best way is: - Create a new domain group. - Add users to new domain group. - Add this new domain group to the local administrators group on each machine. Now, every user in "new domain group" will have admin rights in the computers. If for some reason you think John Doe does not need admin rights anymore, you just remove him from the "new domain group" -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] login.bat has error?
Forwarding this one to the list: On Thu, Jul 9, 2009 at 8:16 PM, Mohsen Pahlevanzadeh wrote: > Mylove is my netbios name & my workgroup name. Oh... That's a violation of the smb protocol :-) Your netbios name can't be your workgroup/domain name. Try that on Windows if you don't believe me. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] bash change from "r...@myserver" to "administra...@myserver"
On Thu, Jul 9, 2009 at 4:18 AM, supha...@gmx.com wrote: > Thank you for the clarification . > Does it help if I add ROOT in a group of invalid user ? > I don't know. I never tried. Why don't you just modify the uid for Administrator? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re: (FIXED) editposix: winbind -u: Error looking up domain users
On Wed, Jul 8, 2009 at 3:48 PM, Norberto Bensa wrote: > http://wiki.samba.org/index.php/Ldapsam_Editposix > > > Everything works. I can add users, list users, delete users (and > groups) with "net rpc user..." I can join clients, etc. > > *But* wbinfo -u and -g gives: > > zool...@kvm-test-samba1:~$ wbinfo -u > Error looking up domain users > zool...@kvm-test-samba1:~$ wbinfo -g > BUILTIN\administrators > BUILTIN\users Well guys. I missed one _small_ detail. This VM was running hardy (samba 3.0.28a) After upgrading it to interpid (samba 3.2.3) wbinfo works: zool...@kvm-test-samba1:~$ wbinfo -t checking the trust secret via RPC calls succeeded zool...@kvm-test-samba1:~$ wbinfo -m BUILTIN PRUEBA zool...@kvm-test-samba1:~$ wbinfo -u nobody nbensa marisa diego zool...@kvm-test-samba1:~$ wbinfo -g BUILTIN\administrators BUILTIN\users domain users domain admins domain guests Thanks Dale for your time! HTH someone, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] bash change from "r...@myserver" to "administra...@myserver"
On Thu, Jul 9, 2009 at 1:28 AM, supha...@gmx.com wrote: > Hello Norberto, > > Why it change back and forth automatically between root and Administrator ? sometimes nss reads from /etc/password and sometimes from ldap. I don't know why. > Will it lead to any problem in the future? Maybe. If you do: id root id Administrator you'll get back uid=0 So who is uid=0, root or administrator? You know they are the same entity, but machines are too stupid. Regards, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] editposix: winbind -u: Error looking up domain users
On Wed, Jul 8, 2009 at 11:29 PM, Aaron Jambu wrote: > Just wondering why you are using winbind. > > When I use ldap to pull info from Active Directory I dont need to use winbind. > please, read my first post -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] editposix: winbind -u: Error looking up domain users
On Wed, Jul 8, 2009 at 6:38 PM, Dale Schroeder wrote: > According to the creator, you do configure nss for both ldap and winbind. > http://lists.samba.org/archive/samba-technical/2006-March/045787.html Many thanks for the link but I tried that and nope: wbinfo -u still can't list users. Oh well. Maybe it works like this. Don't worry, this is only a test, not a production box. Best regards, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] editposix: winbind -u: Error looking up domain users
On Wed, Jul 8, 2009 at 5:11 PM, Dale Schroeder wrote: > A question for you - the link does not mention nsswitch.conf. Is it > required to list both ldap and winbind > for passwd and group? For example, > passwd: compat ldap winbind > group: compat ldap winbind I don't know. That's why I'm asking. As I said, everything works except "wbinfo -u" and "wbinfo -g". Maybe it's normal with editposix, but I want to be sure. > I would be curious to know the answer. Me too :-) > If you're using PAM, I assume that is configured for ldap and winbind also. Nope. I'm not using PAM as I don't authenticate users via PAM in this machine. However, I use LDAP in nss. Thanks for your help. Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] editposix: winbind -u: Error looking up domain users
On Wed, Jul 8, 2009 at 4:29 PM, Dale Schroeder wrote: > Are you in a domain trust? Otherwise, for a single domain, pdc's don't need > winbind. Nope. This is a PDC. But from the link I posted: "A running winbind daemon is required to use ldapsam:editposix EVEN ON A SAMBA PDC." Also. On this list someone told me that I "need windbind for ACL to work correctly" Oh BTW, "winbind enum users = yes" didn't do anything. zool...@kvm-test-samba1:/var/log/samba$ wbinfo -p Ping to winbindd succeeded on fd 3 zool...@kvm-test-samba1:/var/log/samba$ wbinfo -t checking the trust secret via RPC calls succeeded zool...@kvm-test-samba1:/var/log/samba$ wbinfo -g BUILTIN\administrators BUILTIN\users zool...@kvm-test-samba1:/var/log/samba$ wbinfo -u Error looking up domain users zool...@kvm-test-samba1:/var/log/samba$ testparm -s | grep winbind winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] editposix: winbind -u: Error looking up domain users
Hello list, I'm trying this configuration: http://wiki.samba.org/index.php/Ldapsam_Editposix Everything works. I can add users, list users, delete users (and groups) with "net rpc user..." I can join clients, etc. *But* wbinfo -u and -g gives: zool...@kvm-test-samba1:~$ wbinfo -u Error looking up domain users zool...@kvm-test-samba1:~$ wbinfo -g BUILTIN\administrators BUILTIN\users Is this normal behavior? Many thanks in advance, Norberto PS: smb.conf just in case: [global] workgroup = PRUEBA passdb backend = ldapsam domain logons = Yes os level = 65 domain master = Yes wins support = Yes ldap admin dn = cn=admin,dc=prueba,dc=dominio ldap delete dn = Yes ldap group suffix = ou=groups ldap machine suffix = ou=computers ldap suffix = dc=prueba,dc=dominio ldap user suffix = ou=users idmap domains = DEFAULT idmap alloc backend = ldap idmap alloc config:range = 5-50 idmap alloc config:ldap_url = ldap://localhost idmap alloc config:ldap_user_dn = cn=admin,dc=prueba,dc=dominio idmap alloc config:ldap_base_dn = ou=idmap,dc=prueba,dc=dominio idmap config DEFAULT:range = 5-50 idmap config DEFAULT:ldap_url = ldap://localhost idmap config DEFAULT:ldap_user_dn = cn=admin,dc=prueba,dc=dominio idmap config DEFAULT:ldap_base_dn = ou=idmap,dc=prueba,dc=dominio idmap config DEFAULT:default = yes idmap config DEFAULT:readonly = no idmap config DEFAULT:backend = ldap ldapsam:editposix = yes ldapsam:trusted = yes winbind use default domain = yes ea support = Yes map acl inherit = Yes hide unreadable = Yes map archive = No map readonly = no store dos attributes = Yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba configuration error
On Wed, Jul 8, 2009 at 11:41 AM, David Christensen wrote: >>> I took a look at the /var/log/message log and see: >> >> with ldap ssl = off ??? > > Yes, as soon as I enable ldapsam as the password DB, even with ldap ssl > = off, smb keeps trying to do a StartTLS. I'm out of ideas and I don't use Fedora. Maybe you want to post your config files. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba configuration error
On Tue, Jul 7, 2009 at 8:52 PM, David Christensen wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Norberto Bensa wrote: >> On Tue, Jul 7, 2009 at 8:27 PM, Norberto Bensa wrote: >>> On Tue, Jul 7, 2009 at 8:18 PM, David >>> Christensen wrote: >>>> passdb backend = ldapsam:ldap://127.0.0.1 >>> That should be plain. I.e. no tls/ssl. >> >> I'm sorry. That could be TLS if the server supports it. > > I took a look at the /var/log/message log and see: with ldap ssl = off ??? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba configuration error
On Tue, Jul 7, 2009 at 8:27 PM, Norberto Bensa wrote: > On Tue, Jul 7, 2009 at 8:18 PM, David > Christensen wrote: >> passdb backend = ldapsam:ldap://127.0.0.1 > > That should be plain. I.e. no tls/ssl. I'm sorry. That could be TLS if the server supports it. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba configuration error
On Tue, Jul 7, 2009 at 8:18 PM, David Christensen wrote: > passdb backend = ldapsam:ldap://127.0.0.1 That should be plain. I.e. no tls/ssl. > I intend to deploy with SSL just didn't want to use it during my initial > tests. So by default with nothing specified in smb.conf TLS is on? If > so something must have been broken in f9 because it was not explicitly > stated. Maybe the behavior of ldap ssl changed between f9/10 and 11. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba configuration error
On Tue, Jul 7, 2009 at 7:52 PM, David Christensen wrote: > I am using FDS, it does support TLS, but I never configured either to > use TLS as part of my testing. I am using ldapsam. password backend = ldapsam:ldaps://something or just ldapsam ? > Does using ldapsam from the > gate require TLS? I always use SSL for ldap. you can configure samba ldap secure behavior with: ldap ssl = yes | off | start tls (default is start tls) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] group access to a share
On Wed, Jul 1, 2009 at 11:32 AM, Gabriel Petrescu wrote: > I checked using my user which is part of administrators group, and > administrators group is part of marketing group. Oh. Nested groups. > Theoretically should work , but it seems I made a mistake. Do you use nss winbind ? Do you get back your members with "getent group marketing"? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba configuration error
On Tue, Jul 7, 2009 at 7:20 PM, David Christensen wrote: > Does anyone know what this error means: > > [r...@ldap2 samba]# net getlocalsid > [2009/07/07 17:04:00, 0] lib/smbldap.c:smb_ldap_start_tls(600) > Failed to issue the StartTLS instruction: Protocol error What version is your ldap server? Does it support TLS? What is your password backend? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind 3.3.6 + windows 2008 ad
On Tue, Jul 7, 2009 at 9:46 AM, Christoph Kaminski wrote: > [realms] > CHAOS.LOCAL = { > kdc = beelzebub.chaos.local > admin_server = beelzebub.chaos.local > master_kdc = beelzebub.chaos.local > default_domain = chaos.local I used to have problems with Ubuntu when my domains ended in .local and /etc/nsswitch.conf included mdns4 or mdns4_minimal. I don't know it Debian Sid uses mdns4 but you should check that. HTH, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Re: Samba Windows resolve issue
On Tue, Jul 7, 2009 at 3:44 PM, Doug Coats wrote: > Does anybody have a clue what the issue might be? Maybe. > Maybe even a hint as to > what I could look into? ip forwarding? routes? > Is there more information that I could supply that > would help? ifconfig and route from h1 and h3 would help but this a samba list, and your problem has nothing to do with samba. It's a network issue. Regards, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows XP login
On Tue, Jun 30, 2009 at 12:17 PM, David Christensen wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Norberto Bensa wrote: >> On Mon, Jun 29, 2009 at 9:59 PM, John Drescher wrote: >>>>> This desktop.ini file is a hidden file that windows places in all >>>>> folders of your system to store the preferences of your explorer view. >>>>> The problem here is samba is making this hidden file in the startup >>>>> folder of the start menu visible instead of default hidden. >>>>> >>>>> John >>>> Thanks for info, what do I need to modify or configure in order for this >>>> file to remain hidden on all clients? >>> I have not solved that myself. >>> >>> look at the documentation for hidden file mapping and veto files >> >> I have. Using the user_xattr mount option and (IIRC) "store dos >> attributes". Here is an excerpt from my smb.conf >> >> profile acls = Yes >> hide unreadable = Yes >> map acl inherit = Yes >> store dos attributes = Yes >> map archive = No >> map read only = No >> >> >> HTH, >> Norberto > Norberto, > > Were these attributes added to the [profile] share or are they global? In my smb.conf they are in [global]. Regards, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Linux member server, or something else?
On Tue, Jun 30, 2009 at 10:39 AM, John Drescher wrote: >> On Tue, Jun 30, 2009 at 7:29 AM, David Markey >> wrote: >>> It's possible to use nss_ldap and idmap backend = nss and no winbind, like >>> you are describing. >> >> Why do I need idmap? I mean, from what I understand, idmap only >> purpose is to help winbind ensure uid and gid are the same across >> servers. If I use LDAP to store users accounts and groups, these id >> are the same. >> > > Without idmap ACLs do not work on member servers. I mean changing ACLs > on files in windows does not work as expected. > Ok. So, is this "idmap backend = nss" a valid option? I can't find information about it in "man smb.conf" I'm using samba-3.0.28a (ubuntu hardy). > John M. Drescher > Thanks! Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Linux member server, or something else?
On Tue, Jun 30, 2009 at 7:29 AM, David Markey wrote: > It's possible to use nss_ldap and idmap backend = nss and no winbind, like > you are describing. Why do I need idmap? I mean, from what I understand, idmap only purpose is to help winbind ensure uid and gid are the same across servers. If I use LDAP to store users accounts and groups, these id are the same. > It's also possible to use nss_winbind and no nss_ldap, however there has > been a bug on the server side that has stopped this from working. So the > option above is your only option unless you have a version of samba on the > server side that isn't affected by the bug. In the past, winbind used to give headaches. I want to avoid it if I can :-) > Regards, > > David Thanks! Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Linux member server, or something else?
Hello, On Mon, Jun 29, 2009 at 11:11 PM, John Drescher wrote: >> I have a Samba PDC with an LDAP backend password database, against which >> WinXP clients authenticate. I also have a Ubuntu workstation, which >> authenticates directly to the same LDAP password database (no Samba). >> >> I now wish to have the WinXP clients be able to map shares on the Ubuntu >> workstation, so I obviously need to get Samba working on it. I can slog >> through the technical details, but I want to make sure I have the concept >> properly figured out - will the Ubuntu workstation be a "member server", >> configured as such per the Samba documentation using Winbind, or is there a >> different way I should be thinking about this? >> >> Thanks for any general pointers. >> > > That is what I have with my samba setup. I mean I have a PDC, a BDC, 3 > to 5 LDAP servers and 5 or so member servers. On my PDC and BDC there > are no real file shares. The member servers have that. My member > servers have winbind. At work, we're in the process of starting a migration of our Windows XP clients to Ubuntu. My PDC is a Samba server running on Ubuntu Hardy with LDAP backend. I'm testing with my workstation (Ubuntu Jaunty). Samba uses the PDC as a password server. Users and groups are read from LDAP via nsswitch (i.e. nothing about LDAP in smb.conf on the client). Also, no winbind. It seems to work, but I want to know if I'm missing something. Why should I run winbind? If I need to run winbind, does it need to run on server _and_ clients? Many thanks in advance, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows XP login
On Mon, Jun 29, 2009 at 9:59 PM, John Drescher wrote: >>> This desktop.ini file is a hidden file that windows places in all >>> folders of your system to store the preferences of your explorer view. >>> The problem here is samba is making this hidden file in the startup >>> folder of the start menu visible instead of default hidden. >>> >>> John >> >> Thanks for info, what do I need to modify or configure in order for this >> file to remain hidden on all clients? > > I have not solved that myself. > > look at the documentation for hidden file mapping and veto files I have. Using the user_xattr mount option and (IIRC) "store dos attributes". Here is an excerpt from my smb.conf profile acls = Yes hide unreadable = Yes map acl inherit = Yes store dos attributes = Yes map archive = No map read only = No HTH, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba in VirtualBox
On Thursday January 1 2009 09:45:06 Christian Wansart wrote: > Is there any way to get in the same network so I can test/use Samba with > my VirtualBox? Yes. This is OT to Samba, read the VirtualBox documentation or ask their forums and/or mailing list. Search for "Host Networking." If you downloaded VBox 2.1, then you have it way easiest ;-) Regards, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] how 2003 domain can force samba to use ADS mode
Quoting [EMAIL PROTECTED]: My question is where & how is the 2003 domain forcing the use of kerberos authentication to join a domain? Maybe your AD is running in native mode This message was sent using IMP, the Internet Messaging Program. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] testparm output vs documentation
On Sunday November 9 2008 08:00:25 FC Mario Patty wrote: > Maybe the reason behind "testparm not showing them up" because they are all > come with default values. For example I set parameter "security = user". OP ran testparm with -v Regards, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] machine policy?
Quoting Adam Williams <[EMAIL PROTECTED]>: however, Vista ignores NTConfig.POL, so for vista PCs you will need to use WPKG. So, Samba only supports ntconfig.pol? Can't it run scripts besides "logon script"? Thanks, Norberto This message was sent using IMP, the Internet Messaging Program. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] machine policy?
Hello list, Is it possible to implement machine policies with Samba-3.0.x? Is so, how? I'm asking because I need to update registry settings and tz info for the computers on the domain, but the logon script is executed by the user (which doesn't have privileges to modify the registry entries nor date/time/tz configuration.) Many thanks in advance, Norberto This message was sent using IMP, the Internet Messaging Program. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] pdc
Jason, I don't know who are you replying to. Quoting "Jason A. Nunnelley" <[EMAIL PROTECTED]>: Norberto Bensa wrote: On Friday October 24 2008 11:50:53 Steven Geerts wrote: workgroup = LOCALDOMAIN.BE Are "." valid in workgroup names? I remember having problems with mine, so I changed the dot to a "_" It depends on if .be is the TLD, and in many cases I would think this is not what you mean to do. If it's a local domain, I'd make it just localdomain. If you're using just a LAN network, the .whatever TLD is not necessary and will likely promote confusion in your network. Some folks add .local, but some systems automatically do that in their add scripts (Windows). Be mindful about this. Keep in mind that blah.some.tld makes blah a different domain than some.tld, so if you put a dot in any name (before the tld) you're establishing a unique domain. -- Jason A. Nunnelley JasonN.com is my website - all opinions expressed were mine at some point. This message was sent using IMP, the Internet Messaging Program. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] pdc
On Friday October 24 2008 11:50:53 Steven Geerts wrote: > workgroup = LOCALDOMAIN.BE Are "." valid in workgroup names? I remember having problems with mine, so I changed the dot to a "_" -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Question about switching from Windows 2k Server to SAMBA 3 under Centos
On Tuesday October 21 2008 05:03:05 Michael Heydon wrote: > >> My understanding is that vampire will NOT work with a Windows 2k server, > >> only an NT4 server... > > > > That's my understanding too. Samba (3.x) can't act as a AD domain > > server. It can be a member of an AD domain, thou. > > I've never actually tried this myself, so take it with a grain of salt, > but isn't 2k capable or running in two different modes? One where it is > pure AD and one where it is compatible with NT4? If it was in NT4 mode > then might not vampire have a chance? Mixed and native modes. I don't know this for sure but AFAIK w2k in mixed mode can only be a BDC for a NT4-style domain. Regards, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Question about switching from Windows 2k Server to SAMBA 3 under Centos
On Monday October 20 2008 22:38:56 Matthew Delves wrote: > are there any > documents as to how this can be done? > http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-bdc.html Active Directory Domain Control As of the release of MS Windows 2000 and Active Directory, this information is now stored in a directory that can be replicated and for which partial or full administrative control can be delegated. Samba-3 is not able to be a domain controller within an Active Directory tree, and it cannot be an Active Directory server. This means that Samba-3 also cannot act as a BDC to an Active Directory domain controller. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Question about switching from Windows 2k Server to SAMBA 3 under Centos
On Monday October 20 2008 22:38:56 Matthew Delves wrote: > is it possible to setup the server as a BDC and > transfer the information that way. Nope. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Closing sessions and smbstatus
Quoting Jeremy Allison <[EMAIL PROTECTED]>: On Mon, Oct 20, 2008 at 10:03:46PM -0200, Norberto Bensa wrote: Locked files: Pid UidDenyMode Access R/WOplock SharePath Name Time -- 747 4036 DENY_ALL 0x2019f RDWR NONE /home/mjoddone .Correo/retina/addr2a3a.pmr Thu Oct 16 17:44:15 2008 Can you gdb and break at print_share_mode() and see why the call at : Hm. I'm affraid I don't know gdb good enough, and BTW, and correct me if I'm wrong, but shouldn't I be running a debug-enabled binary of smbstatus to do what you're asking me for? Thanks! Norberto This message was sent using IMP, the Internet Messaging Program. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Closing sessions and smbstatus
Quoting Jeremy Allison <[EMAIL PROTECTED]>: When you find a process in this state attach using strace -p (on Linux) to see what it's up to. [EMAIL PROTECTED]:~$ sudo smbstatus Unknown parameter encountered: "change notify timeout" Ignoring unknown parameter "change notify timeout" Samba version 3.0.28a PID Username Group Machine --- Service pid machine Connected at --- Locked files: Pid UidDenyMode Access R/WOplock SharePath Name Time -- 747 4036 DENY_ALL 0x2019f RDWR NONE /home/mjoddone .Correo/retina/addr2a3a.pmr Thu Oct 16 17:44:15 2008 [EMAIL PROTECTED]:~$ sudo strace -p 747 attach: ptrace(PTRACE_ATTACH, ...): No such process I have no stale sessions. My problem seems different (my memory seems to be falling lately) I have stale locks. Is that normal? Thanks, Norberto This message was sent using IMP, the Internet Messaging Program. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Closing sessions and smbstatus
Hello list, On Monday October 20 2008 18:01:10 Jeremy Allison wrote: > On Mon, Oct 20, 2008 at 12:52:57PM -0700, Steve Rippl wrote: > > Is this just happening to > > me on our particular setup or is this normal behavior? I'm having this problem too. Ubuntu 8.04.1. Samba 3.0.28A (IIRC) > No, that's not normal behavior, ... [snip] ... > When you find a process in this state attach using > strace -p (on Linux) to see what it's up to. I'll do tomorrow. and I'll report back. > Jeremy. Thanks! Regards, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Question about switching from Windows 2k Server to SAMBA 3 under Centos
Quoting Charles Marcus <[EMAIL PROTECTED]>: On 10/20/2008, Matthew Delves ([EMAIL PROTECTED]) wrote: My questions are: 1) What is required for the smb.conf to get it talking to the windows 2k server? My understanding is that vampire will NOT work with a Windows 2k server, only an NT4 server... That's my understanding too. Samba (3.x) can't act as a AD domain server. It can be a member of an AD domain, thou. Regards, Norberto This message was sent using IMP, the Internet Messaging Program. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Change of server - Backup Help
Quoting Iarly Selbir <[EMAIL PROTECTED]>: There are other files to backup? *I* would also backup /var/{cache,lib,spool}/samba just in case. Regards, Norberto This message was sent using IMP, the Internet Messaging Program. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] one ldap server and multiple samba PDC domains
Quoting "Jorge Concha C." <[EMAIL PROTECTED]>: All my users can log in at all my 3 domains. Of course. All your domains have the same SID... Why did you chose this setup instead of domain trusts? Wouldn't a two-way trust give the same functionality? Thanks! Norberto This message was sent using IMP, the Internet Messaging Program. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] one ldap server and multiple samba PDC domains
Quoting "Jorge Concha C." <[EMAIL PROTECTED]>: You must have multiple sambaDomainName entries, all with same SID value. What sambaSID do your users have? What does "net getdomainsid" return on your domains? I'm asking because I have 4 domains (long history, don't ask) and I'm currently moving them from tdbsam to ldapsam. I have no problems with my users because no user is repeated in two domains except for one "soporte". I need this user "soporte" to be able to log in my 4 domains. Thanks, Norberto This message was sent using IMP, the Internet Messaging Program. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Newbie question for samba 3.0.28 configuration
On Monday October 20 2008 06:47:27 Lunix1618 wrote: > I tried "security = user" and "guest ok = yes" in [global] try removing that and add "guest ok = Yes" in [PUBLIC]. Regards, -- Norberto Bensa Linux 2.6.27-gentoo Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz 09:01:17 up 18:46, 1 user, load average: 0.01, 0.07, 0.08 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Multiple Samba accounts with the rights of a single Unix account?
Quoting Peter Petrov <[EMAIL PROTECTED]>: On Mon, Oct 13, 2008 at 4:35 AM, Norberto Bensa <[EMAIL PROTECTED]> wrote: Quoting Peter Petrov <[EMAIL PROTECTED]>: Is it possible to have a standalone Samba server map different username/password pairs to a single Unix account? force user/group? "force user/group" almost works. But smbd still tries to find a matching Unix account for each username, failing with errors like this: Well, yes. Samba needs to map each username to a unix uid. I've re-read your original post and AFAIK, what you want to do is not possible. You'll still need to create the unix users. This message was sent using IMP, the Internet Messaging Program. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Multiple Samba accounts with the rights of a single Unix account?
Quoting Peter Petrov <[EMAIL PROTECTED]>: Is it possible to have a standalone Samba server map different username/password pairs to a single Unix account? force user/group? This message was sent using IMP, the Internet Messaging Program. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] ldapsam:editposix
Hello list, I'm trying to setup Samba to use: ldapsam:editposix = yes but I'm having problems to add users via "smbpasswd -a". It seems smbpasswd tries to modify an existing entry (and falling of course) instead of adding a new entry. Is that a bug, a configuration problem, or intended behavior? Do I need to create a postixaccount entry prior to use "smbpasswd -a"? Thanks in advance, Norberto This message was sent using IMP, the Internet Messaging Program. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] LDAP, SASL, Invalid credentials???
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I'm sorry for this but it's driving me crzzyy My setup: samba: 2.2.7 openldap: 2.0.25 sasl: 1.5.27 I've configured my LDAP server (for testing purposes only) with SASL/DIGEST-MD5 auth. In slapd.conf rootdn [EMAIL PROTECTED] sasl-realm bensa.ar # saslpasswd -u bensa.ar -c root (I've set 'admin' as the password for root) ldapsearch, ldapadd, ldapdelete, etc., do work. in smb.conf ldap admin dn = [EMAIL PROTECTED] # smbpasswd -w admin Setting stored password for "[EMAIL PROTECTED]" in secrets.tdb # smbpasswd -D 15 -a nbensa . . . New SMB password: Retype new SMB password: ldap_open_connection: starting... Initializing connection to ldap.bensa.ar on port 389 ldap_open_connection: connection opened ldap_connect_system: Binding to ldap server as "[EMAIL PROTECTED]" Bind failed: Invalid credentials ldap_open_connection: starting... Initializing connection to ldap.bensa.ar on port 389 ldap_open_connection: connection opened ldap_connect_system: Binding to ldap server as "[EMAIL PROTECTED]" Bind failed: Invalid credentials Failed to add entry for user nbensa. Failed to modify password entry for user nbensa Why??? Am I missing something here or is there a bug in smbpasswd when using SASL in OpenLDAP, or it just doesn't work??? TIA, Norberto -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+BciLnRsXzlfuYhwRAvD8AJ9R3+cs2tedPjH+9vwxIy0tPbVoYgCgk8dL cziZfDARoHohrEwkfZbh6I4= =DQA/ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba