Re: [Samba] How to use --simple-bind-dn in samba-tool
Thank's Andrew, For the record, for other non-AD servers that don't do SASL and so can't use -U, --simple-bind-dn takes a DN, so cn=admin,dc=example,dc=com might be the admin DN on an OpenLDAP server. I tried: samba-tool user setpassword tata --newpassword=Ghij-1919 -d 10 -H ldap://fbsd35.cs.ait.ac.th/ --simple-bind-dn=cs=administrator,dc=cs,dc=ait,dc=ac,dc=th But it is still giving me the same error, so I suspect the DN is not correct. I could not find any documentation saying what the DN should be. Best regards, Olivier -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to bind to the LADP server in Samba 4
Thank you Julian, I will have to test that. Best regards, Olivier On Fri, Aug 9, 2013 at 3:32 PM, Julian Pilfold-Bagwell jpilfold-bagw...@bordengrammar.kent.sch.uk wrote: I have an OwnCloud server that binds to Samba 4's LDAP port using: cn=Administrator,cn=Users,dc=my,dc=domain,dc=local Obviously, change the my, domain and local to match you actual domain and use the password that you set for the AD administrator but that should work. On 09/08/13 05:48, Olivier Nicole wrote: Hi, I need to write a (Perl) script that will access the LDAP server that is bunddled in Samba 4. What DN should I use to authenticate? Best regards, Olivier -- Borden Grammar School, Avenue of Remembrance, Sittingbourne, Kent, ME10 4DB. Tel: 01795 424192 This e-mail is from Borden Grammar School Trust. This e-mail, together with any files transmitted with it, are confidential, and are intended solely for the use of the individual or entity to whom they are addressed. Any unauthorised dissemination or copying of this e-mail or its attachments, and any use or disclosure of any information contained in them, is strictly prohibited, and may also be illegal. If you are not the intended recipient you must not use, disclose, distribute, copy, print or relay this e-mail. Please note that any views expressed by an individual within this e-mail, do not necessarily reflect the views of the Borden Grammar School Trust. Borden Grammar School Trust has taken reasonable precautions to ensure no viruses are present in this e-mail, the Academy cannot accept responsibility for any loss or damage arising from the use of this e-mail and/or files attached. Registered office: Borden Grammar School, Avenue of Remembrance, Sittingbourne, Kent, ME10 4DB Registered in England: 07827591 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 using existing DNS and LDAP
Thank you Mattieu. What kind of updates does Samba need to perform to DNS? The one at the provisioning and the machine name that join the domain (this is already taken care of by DHCP). Is there anything I oversee? What about this question? What reccords are added in the DNS by Samba, beside all the SRV reccords? Well it depends, pretty much anything client asks to update, with bind-dlz or the internal DNS server DDNS from the client are controlled by the same kind of ACLs as a Windows client would have in a Windows AD domain. So most of the time clients update A, and PTR records but some also set SRV records (windows server with terminal server for instance) and well maybe exchange is setting up the MX record (I don't know). As long as ACL didn't prevent to do so you are able to do it. Normal clients are not allowed to update A, or PTR records, that's the role of DHCP. As for other services, I am glad I am not running any M$ server. I have seen that, but that was after I posted my question. I think I will resolve to keep both Samba and OL in parallel and update the accounts on bot at same time (it's just a minor change in the existing scripts used to update OL). You might want to have a script that is polling samba from time to time to see if OL needs update, the dirsync control is designed for that. There is a small test/demo script in source4/scripting/devel/demodirsync.py I was thinking rather the other way round, OL updating AD. My need for AD is very limited (centralized authentication for VMware ESXi) so I do not plan in a near future to give up the set-up I have and change everything for AD. Best regards, Olivier -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to use --simple-bind-dn in samba-tool
Thank's Andrew, For the record, for other non-AD servers that don't do SASL and so can't use -U, --simple-bind-dn takes a DN, so cn=admin,dc=example,dc=com might be the admin DN on an OpenLDAP server. I tried: samba-tool user setpassword tata --newpassword=Ghij-1919 -d 10 -H ldap://fbsd35.cs.ait.ac.th/ --simple-bind-dn=cs=administrator,dc=cs,dc=ait,dc=ac,dc=th But it is still giving me the same error, so I suspect the DN is not correct. I could not find any documentation saying what the DN should be. Best regards, Olivier -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] How to bind to the LADP server in Samba 4
Hi, I need to write a (Perl) script that will access the LDAP server that is bunddled in Samba 4. What DN should I use to authenticate? Best regards, Olivier -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 using existing DNS and LDAP
Thank you Matthieu, I have been using Samba3 (and 2) for years, with an openLDAP backend for authentication. This is working fine, my directory includes a number of local settings for my specific needs. Now I would like to move to Samba4. I understand that Samba4 comes with its own DNS and LDAP servers. By provisioning Samba4 with --dns-backend=NONE and including the necessary to my existing DNS zone, is that enough to get rid of the DNS server included with Samba4? Well you can use the bind-dlz plugins so that samba use bind instead of its own internal server. Another option is to configure your global DNS to use Samba as the source of authority just for the domain of your AD. What kind of updates does Samba need to perform to DNS? The one at the provisioning and the machine name that join the domain (this is already taken care of by DHCP). Is there anything I oversee? What about this question? What reccords are added in the DNS by Samba, beside all the SRV reccords? Now regarding LDAP, is there a way to tell Samba to replicate the directory from my existing openLDAP? No. Our LDAP Server support schema upgrade so if the stuff that you have in your OL has a schema that is compatible to Samba you can update Samba's schema and then load the data by export/import in Samba. Another way of doing is by using overlays in OL to present in the desired way the information coming from both OL and Samba 4. I have seen that, but that was after I posted my question. I think I will resolve to keep both Samba and OL in parallel and update the accounts on bot at same time (it's just a minor change in the existing scripts used to update OL). Best regards, Olivier -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] How to use --simple-bind-dn in samba-tool
Hi, I understand that using options -H and --simple-bind-dn one could run samba-tool remotely. But how should I specify the DN to use for simple bind? I tried many syntaxes: cn=Administrator cn=Administrator@domain domain all with the Administrator password, but it always fail with: Failed to bind - LDAP error 49 LDAP_INVALID_CREDENTIALS - Simple Bind Failed: NT_STATUS_LOGON_FAILURE Failed to connect to 'ldap://fbsd35.cs.ait.ac.th/' with backend 'ldap': (null) Can I use the command ldapsearch (from openLdap distribution) to access the LDAP directory maintained by Samba? If yes, what is the syntax in term of binding? Thakns in advance, Olivier -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 using existing DNS and LDAP
Hi, I have been using Samba3 (and 2) for years, with an openLDAP backend for authentication. This is working fine, my directory includes a number of local settings for my specific needs. Now I would like to move to Samba4. I understand that Samba4 comes with its own DNS and LDAP servers. By provisioning Samba4 with --dns-backend=NONE and including the necessary to my existing DNS zone, is that enough to get rid of the DNS server included with Samba4? What kind of updates does Samba need to perform to DNS? The one at the provisioning and the machine name that join the domain (this is already taken care of by DHCP). Is there anything I oversee? Now regarding LDAP, is there a way to tell Samba to replicate the directory from my existing openLDAP? Best regards, Olivier -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: Re: [Samba] Simple group question...
Hi, After join computer to domain then log on to Windows Xp with local administrator account and go to control panel - addusers (select account from your domain) - Grant access level to your domain account as Administrator. I missed the begining of the discussion, but I am using the following in the login.bat: net localgroup administrators samba\user /add Of course there is a problem of bootstrap as this command needs administrator privileges on the local to run. That I solved using vbrunas.vbe. Bests, olivier -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Re: can't access samba PDC after power cut
'smbclient -L 127.0.0.1 -U lscarneiro' returns me the following message: Connection to 127.0.0.1 failed (Error NT_STATUS_CONNECTION_REFUSED) To me too, but I think that your smbclient command is not valid. It should rather be -I 127.0.0.1 I think. By the way, are you sure that your Samba server should be responding to the loopback address? Here it is not. Try 'netstat -na|grep 445' and see what IP address is listening. You write that: the samba server indeed starts But does it successfully start? Is it still runninng? Try 'ps auwx|grep mdb' you should see the nmbd and smbd processes. Bests, Olivier -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba LDAP, with XP and Linux clients
Hi, Executing getent group on the Ubuntu client produces the expected results. Executing getent passwd does not; it only shows me a subset of the user accounts (notably, not my own account which was created prior to migration). I am running successfully with the user accounts having the objectClass: inetOrgPerson posixAccount shadowAccount top I think that posixAccount is necessary. Typically, objectClass person is not what you jneed to store a Unix account, you need to have home directory, shell, uid number, gid number, etc. and password to authenticate a Unix user with LDAP. Adding an objectClass or Attributes to an enxisting entry of your LDAP will not break anything that is already working. Bests, Olivier -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba LDAP, with XP and Linux clients
To add a bit more, my users typically look like: dn: uid=a103,ou=People,ou=csim,dc=cs,dc=ait,dc=ac,dc=th objectClass: inetOrgPerson objectClass: posixAccount objectClass: top objectClass: sambaSamAccount cn: a103 sn: x uid: a103 uidNumber: 5072 gidNumber: 95 homeDirectory: /home/a103 loginShell: /bin/sh mail: a...@cs.ait.ac.th givenName: gecos: userPassword: {md5}xx== sambaSID: S-1-5-21-x-y-z-11144 sambaAcctFlags: [U ] sambaPasswordHistory: sambaPwdLastSet: 1243416344 sambaNTPassword: y I think that Unix and samba authentication will not work with anything less. sambaLMPassord will be necessary too for Win9x/Me authentication. Olivier -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba printer and Vista
Hi, I have set-up a couple of printers and uploaded the driver on Samba server. Now Windows XP clients can add the printers and the driver is automatically installed. I have a problem with Vista clients, when trying to automatically install the driver it gets and error: Windows cannot connect to the printer. Operation could not be completed (error 0x0003e3) I suspect the reason could be that my samba server advertize the driver to be for Win2000 and WinXP. Can I associate more than one driver to one samba printer? Right now, I do not have Vista machine that could connect as root of Samba server and that could do this association, I can only do that from Unix; is that possible? It seems that rpcclient setdriver can only associate one driver to one printer. Best regards, Olivier -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] How to get rid of previous device settings for printer driver
Hi, I am in the process of changing the Samba printers from using client driver to using server driver. I think I finally got it working except that after I have uploaded the driver on Samba server and after I have configured the device settings for that driver (define duplex, additionnal tray, paper size), every time I install the printer on a new PC, it comes with a different setting. I think it may be due to the fact that the same orinter was existing previously on the client PC, but defined to use client driver, and there may be a mix-up between old and new configuration. How to forcefully remove any thing from the old driver before installing the new one? Old and new samba printers have the same name, use basically the same driver. TIA, Olivier -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem installing printer drivers in Samba
A bit of follow-up. I am using the how-to at http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/classicalprinting.html It goes fine up to installing drivers into [print$] using APW. I can see a list of drivers files growing into W32X86. But when I try to access the properties of a printer in \\samba\printers and faxs, it always tell me that there is no driver for that printer. When I try to connect any printer, it still says that I don't have the correct drivers installed and it offers to install the drivers on my Windows client. It is mentionned in the documentation above that Samba should keep a database of which driver corresponds to which printer. It could not see any such database, at least not in the .tdb files, I cannot find any ntdrivers.tdb in the Samba private directory. I found the tdb's but: ntdrivers.tdb seems OK, it lists the files used by each driver ntprinters.tdb seems not OK: - the data associated to each printer is the same (I don't know what it means, but it's the same string of hexanumerical) - it contains one entry with the Unix printacp name as key while I defined load printers=no - it contains an entry for only one of the Unix printcap printers, not the others When I add a printer driver to samba server [print$] I would expect to see the association of the printer and the drivers reflected in one of the tdb files, but apparently it never happens. Help would be greately appreciated. Bests, Olivier -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] * Reloading /etc/samba/smb.conf smbd only
not sure if this is a samba problem because i have only just ran across this on a fresh install of ubuntu 9.04 server... whats happening is that the message * Reloading /etc/samba/smb.conf smbd only is occurring every 3-5 minutes right no the command line. If I understood well, samba will reload the configuration file from time to time, and everytime a new connection is made to a share. So I would say it is normal behaviour. Bests, Olivier -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] * Reloading /etc/samba/smb.conf smbd only
but should the message *Reloading /etc/samba/smb.conf smbd only appear right on the command every five minutes? that surely cannot be normal behavior. Must be depending on how you started samba and what you configured as a log file. If you started samba on command line and have no log configured, all the messages will come on your command line... Olivier -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem installing printer drivers in Samba
Hi, After using the client driver for a long time, I want to give a try to the drivers installed on Samba server. I am using the how-to at http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/classicalprinting.html It goes fine up to installing drivers into [print$] using APW. I can see a list of drivers files growing into W32X86. But when I try to access the properties of a printer in \\samba\printers and faxs, it always tell me that there is no driver for that printer. When I try to connect any printer, it still says that I don't have the correct drivers installed and it offers to install the drivers on my Windows client. It is mentionned in the documentation above that Samba should keep a database of which driver corresponds to which printer. It could not see any such database, at least not in the .tdb files, I cannot find any ntdrivers.tdb in the Samba private directory. I have set-up Samba with LDAP, is this supposed to go into LDAP? I am lost here. TIA. Olivier -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Changing samba PDC version but keeping the same IP address
We are on the way to upgrade our PDC from 2.2.8 to 3.2.11 as we do not want to reconfigure the PDC IP address on several hundreds of windows XP clients we have chosen to keep the same IP address for the new PDC. Why not keeping the same name for your server? Then with same name and same IP you don't need to update anything. You may have to keep the Samba server SID too (keep the secrets.tdb file from one server to the other, transparent with LDAP I think). Besys, Olivier -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Changing samba PDC version but keeping the same IP address
Yes I know it now , it is logical captain but the preceding person which installed the old samba version has written the samba version in the server string statement !!! Ouch! and it would be very confusing for users and admins ... I don't think the users would notice, and maybe not even the admins. Of course the new server will have a generic name such as Samba server . Maybe you can have your netlogon script to edit the registry and delete the key that some other poster mentionned. That way no need to go and modify the 800++ stations. Bonne chance. Olivier -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Cannot delete files in Samba
Hi, I recently upgraded from Samba 3.0.31 to 3.3.2 on a FreeBSD 6.4 server, and since then, the Windows machines have no right to delete files unless the directory is chmod o+w I tried to play with map read only and 'store dos attribues but not to avail. My FreeBSD server is quite standard, the Samba cnfiguration too. I Googled with no succees. Any clue is much welcome. Best regards, Olivier -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba+Ldap problems
Hi, I'm trying to use it to login via ssh. This user cannot authenticate. Here is the result from auth.log and some configurations files This is not a samba problem but a SSH/Ubuntu/Ldap problem :) You need both packages pam_ldap AND nss_ldap. You need to configure both (configuration is very similar, but there may be some differences). To give a brief explanation: pam_ldap is used by ssh (you need to configure /etc/pam.d/ssh !) to accept the username and password nss_ldap is used by thing slike getent, or to show your correct username and group when you do a ls -l Now it much depends how your LDAP tree is organized, so I cannot give much more advise; what is the objectClass you use for your users? I am surprised to see that user and password belongs to different place in the LDAP tree. I am also surprised that the /etc/pam.d example you give do not contain a single reference to ldap... There are good how-to floating on Google, that work you step by step. Best regards, Olivier -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Some questions about Samba and LDAP
Hello, I have been using Samba for years (login onto the PC, files and printers sharing) and since recently I have a LDAP server running and serving authentication to few Unix systems (mail, web, Zope, ssh, etc.) Now that I set-up a new server to use with Samba, I would like to integrate Samba into the existing LDAP. All the doc I could find so far is about creating a LDAP service from scratch which is not my case. My questions are: - in slapd configuration, what are the minimum accesses (ACL) that should be granted to the various attributes of samba schema? By default my LDAP server is quite protected and allows no access to any attribute, unless specified otherwise. I could find: ## allow the ldap admin dn access, but deny everyone else access to attrs=SambaLMPassword,SambaNTPassword by dn=cn=Samba Admin,ou=People,dc=quenya,dc=org write by * none But what about the other attributes? - I have my users database existing in LDAP, how can I add Samba support? I understand that I should modify the objectClass of each user to include sambaSamAccount, but then each user must also have an attribute sambaSID. How can I generate that attribute? - Is there a way to implement filter on the list of users? Nss_ldap, pam_ldap for example allow to configure an optional filter, so only the users with the correct attribute will have access to a specific service (I separate the users that can log to their Unix account onto the machine from the suers that can use a specific service on that machine). Is there a similar filter with Samba or should I differenciate with the use/unuse of objectClass sambaSamAccount? - All what I read so far mention updating the sambaLMPassword and sambaNTPassword with the command smbpasswd. I already have a set of tools that I use to manage the users account (and that synchronize account/password on many systems (database, radius, etc)), what can I use to manage sambaLM/NTPassword within my local tools? Best regards, Olivier -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba