Re: [Samba] User Addition Automatically
Original Message - From: "David Lucas" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, October 22, 2003 11:12 PM Subject: [Samba] User Addition Automatically > > I would like to be able to have this set up so that when I add a user on the > Windows 2000 domain that the user gets added on the Linux box automatically. > I'd like the user to also be authenticated off the windows domain. So if a > user changes their password on windows then everything is synced up. If > someone can point me in the direction to get this done that'd be great. I'm > not even sure if I can do this. The thing you are looking for is winbind. The Samba HOW-TO collection (http://us1.samba.org/samba/docs/Samba-HOWTO-Collection.pdf) has an entire section on winbind and how to set it up. I have been successful in setting this up in a test environment, however I am having a bit of trouble making it work in a production environment because my production server has something different going on than my test server. I can give you my sample config if you want it, however I am just using what is listed in the howto. Rich -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] WIN XP Logging on after joining domain
- Original Message - From: "Gerald (Jerry) Carter" <[EMAIL PROTECTED]> To: "Rich Webb" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Tuesday, October 21, 2003 9:49 AM Subject: Re: [Samba] WIN XP Logging on after joining domain -- possible bug? > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Rich Webb wrote: > > | I am running samba version 3.0.1pre1 > | > | I was able to join my XP machine to my samba domain without problems, > | however after joining, I cannot log in. > ... > | [2003/10/16 19:50:46, 1] auth/auth_util.c:make_server_info_sam(821) > | User nobody in passdb, but getpwnam() fails! > ~ > error message is pretty clear here. Looks like your have > a problem with your guest account. Thanks Jerry, that was the fix. This might be a clear message to you, however I did not know (and I don't know if it is clear in the docs) that samba uses the "nobody" account for guest. Further, I am running this on a home built linux from scratch (LFS)box that prior to tonight did not have a "nobody" account. Most all the documentation assumes that the user is running some main line distribution of linux (which probably most are) and leaves out some details that are important, yet are "default" in a main line distro. In any case, I really appreciate you helping me out with this one. I can now log in. The fix was that I created a "nobody" user in my /etc/passwd and added it to my samba passdb, however now that I think about it, I probably don't need it in the passdb as the error says it is already there. Thanks Again! Rich. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Help with Office / Samba samba-2.2.7a on FreeBSD 4.9-RC
- Original Message - From: "J. Nyhuis" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: "Scottie Swenson" <[EMAIL PROTECTED]> Sent: Monday, October 20, 2003 8:17 PM Subject: [Samba] Help with Office / Samba samba-2.2.7a on FreeBSD 4.9-RC > Greetings, > > System: FreeBSD 4.9-RC > Samba: 2.2.7a > > I have a weird SAMBA problem. On my XP Pro box against our Samba server (been > online and such for long time) from Office XP only when ever I save a document > it gets set as read only. Hence I only get one save for any given document. > This is a new problem and is affecting only office XP. Other accounts other > then mine do not have this problem. > > I have tried adding in things like force create mask, force security, etc. No > help at all. Have you played around with the file locking options? Rich -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] WIN XP Logging on after joining domain -- possible bug?
I am running samba version 3.0.1pre1 I was able to join my XP machine to my samba domain without problems, however after joining, I cannot log in. Nmbd is running and smbd is set at debug level 2. Here is an excerpt from the log: [2003/10/16 19:50:44, 2] smbd/reply.c:reply_special(105) netbios connect: name1=OTHELLO name2=ROMEO [2003/10/16 19:50:44, 2] smbd/reply.c:reply_special(112) netbios connect: local=othello remote=romeo, name type = 0 [2003/10/16 19:50:44, 2] smbd/sesssetup.c:setup_new_vc_session(535) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2003/10/16 19:50:44, 2] smbd/sesssetup.c:setup_new_vc_session(535) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2003/10/16 19:50:44, 1] auth/auth_util.c:make_server_info_sam(821) User nobody in passdb, but getpwnam() fails! [2003/10/16 19:50:44, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: Authentication for user [] -> [] FAILED with error NT_STATUS_NO_SUCH_USER [2003/10/16 19:50:46, 2] smbd/reply.c:reply_special(105) netbios connect: name1=OTHELLO name2=ROMEO [2003/10/16 19:50:46, 2] smbd/reply.c:reply_special(112) netbios connect: local=othello remote=romeo, name type = 0 [2003/10/16 19:50:46, 2] smbd/sesssetup.c:setup_new_vc_session(535) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2003/10/16 19:50:46, 2] smbd/sesssetup.c:setup_new_vc_session(535) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2003/10/16 19:50:46, 1] auth/auth_util.c:make_server_info_sam(821) User nobody in passdb, but getpwnam() fails! [2003/10/16 19:50:46, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: Authentication for user [] -> [] FAILED with error NT_STATUS_NO_SUCH_USER [2003/10/16 19:50:46, 2] smbd/server.c:exit_server(558) Closing connections Othello is my server and Romeo is my workstation. I notice that in the section about check_ntlm_password there is no name in the [] and I would expect there to be. Any suggestions? Here is the important stuff in my config: [global] netbios name = othello workgroup = webbhq passdb backend = tdbsam os level = 33 preferred master = yes domain master = yes local master = yes security = user domain logons = yes logon path = \\othello\profiles\%u logon drive = h: add machine script = /usr/sbin/useradd -d /dev/null -g 101 -s /bin/false -M %u [netlogon] path = /server/netlogon read only = yes write list = ntadmin [profiles] path = /server/profiles read only = no create mask = 600 directory mask = 0700 Any help would be greatly appreciated. Thanks -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] "winbind use default domain" doesn't work on samba 3.0.0
- Original Message - From: "Fabrice Clerc" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, October 15, 2003 12:01 PM Subject: [Samba] "winbind use default domain" doesn't work on samba 3.0.0 > Hi, > > On my 2 Debian boxes the option "winbind use default domain = yes" > doesn't make any difference any more where as it dit work just before > the rest works fine, but not this option in smb.conf. > > I've discussed the matter on the French Samba mailing-list and I seem > not to be the only one who's got this problem. The other person uses > winbind with ADS, where as i'm still using it in mixed mode. > > So do you guys have the same problem? Samba 3 + winbinbd. Could you try > to tell me if it's a bug or not. > The problem is fixed in Samba-3.0.1pre1. rich -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: domain groups accessing samba share
- Original Message - From: "Gavin Davenport" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, October 15, 2003 12:14 PM Subject: RE: [Samba] Re: domain groups accessing samba share > Ok - I replaced my /etc/pam.d/login with the one you've posted. > > getent still lists me just local machine users and groups. > Do you have the following in your /etc/nsswitch.conf: passwdfileswinbind groupfileswinbind shadowfiles Rich -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: domain groups accessing samba share
- Original Message - From: "Gavin Davenport" <[EMAIL PROTECTED]> To: "John H Terpstra" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Tuesday, October 14, 2003 4:13 AM Subject: RE: [Samba] Re: domain groups accessing samba share > Hi there > > Make this: > valid users = @LABOR\"domain admins" > > > write list = @LABOR\domain admins > write useres = @LABOR\"domain admins" > > What if the domain user doesn't have a local user on the unix machine ? > > How do I get round that ?? That is where winbind comes in. You use winbind to allow your domain users from your NT/2k server to be "seen" by the samba box as normal unix users. Rich -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0 as Active Directory Domain Controller withMIT Kerberos
> I plan to update the winbind section significantly over the next month or > two. Thanks for the input. > Just to let you know, per Andrew Bartlett I tried the newest version (3.0.1pre1) and it fixes the problem I talked about. I can now just specify the group and use the "winbind use default domain=yes" Rich -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0 as Active Directory Domain ControllerwithMIT Kerberos
>Did you try: >@group >Also, check with the current code, I think there were some bugs fixed >here. But this isn't a documentation flaw, it's just a bug - file it in >bugzilla.samba.org if you can reproduce on 3.0.1pre1. Yep.. I tried @group @DOMAIN+group @DOMAIN\group +group +DOMAIN\group. It only worked when I removed the "winbind use default domain = yes" and then used "@DOMAIN\group" I also had to remove "winbind seperator = +" which from what I have been reading, the + seems to be a bad idea anyway. Rich -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0 as Active Directory Domain Controller withMIT Kerberos
- Original Message - From: "John H Terpstra" <[EMAIL PROTECTED]> To: "Jane Deer" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Sunday, October 12, 2003 3:38 PM > What is inaccurate please? I am ready to fix it! > You are apparently one of the authors of the samba HOWTO collection. I would just first like to say thank you for an awesome document. It helped immensly for resolving my weekend of hair pulling. I was wondering if perhaps you could add something in the winbind section about how to configure a samba share using NT or 2k domain groups. I found out the hard way that if I leave the configuration directive "winbind use default domain = yes" then I cannot in any way specify a domain group as the valid users for a share (unless there is a way that I don't know). I tried just the group name, I tried the domain name+group name, then I removed the + as the seperator and tried domain name\group name. Nothing worked. Once I removed the use default domain directive, I was able to fully specify a group and it worked great! This just means that logging into the linux box as a windows user is a little more painful. Rich. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 & ADS: nobody can log in
- Original Message - From: "Ron Gage" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, October 12, 2003 1:32 PM > Well, I got past the part about the "ads server" parameter... :) > > Now, it appears that nobody in the AD Domain can log into (and use) any > resources on the Samba share. > > If I set "security = ads" on Samba, then nobody can log into the server - > period. > > A couple of silly questions at this point (before I go completely mad)... > > 1) Is there any requirement that LDAP be functioning on the Samba machine? > 2) Are there any hidden dependancies (like PAM) that are required to make this > work? > > More background: The Samba machine has successfully joined the domain (it > shows up in AD Users and Computers), kinit works fine when logging in as > Administrator. > The way I understand it, LDAP and Kerberos need to be functioning for Samba ADS integration to work. Is there a compelling reason to use it in ADS mode? I use PAM and Winbind so I can control access from windows 2k. That works quite well. Rich -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: PAM-Winbind authentication working but can't use domain groups (FIXED)
- Original Message - From: "Rich Webb" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, October 11, 2003 8:17 PM > I am having trouble trying to figure out how to set up access to a samba > share based on an Active Directory group. Here is my smb.conf file: In order to make it work, I had to take out the lines "winbind use default domain = yes", and "winbind seperator = +" and then fully specify the domain group in my share definition as such: [shared] path = /svr/shared valid users = @TESTSYS\shared (or @TESTSYS\"Domain Users" if there are spaces in the group) writeable = yes browseable = yes force group = TESTSYS\shared I think this could be a bug that it does not accept only "valid users = shared" while "winbind use default domain = yes". It appears that samba is not correctly matching the group the domain controllers group. The + is not a good seperator because if you read about the "valid users" directive, it uses a + to specify a unix group. Hope this helps someone! Rich -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] PAM-Winbind authentication working but can't use domain groups
I have successfully set up samba 3.0, PAM, Winbind and joined my samba server to a windows 2000 domain. I can log into my linux box as a domain user and that all works fine. I am having trouble trying to figure out how to set up access to a samba share based on an Active Directory group. Here is my smb.conf file: [global] winbind separator = ` idmap uid = 1-2 winbind gid = 1-2 winbind enum users = yes winbind enum groups = yes workgroup = testsys security = domain password server = testdc template shell = /bin/bash template homedir = /home/%U winbind use default domain = yes [shared] path = /svr/shared valid users = +TESTSYS`Shared writeable = yes browseable = yes Now in the shared section, I have tried the following for valid users: valid users = @Shared valid users = @TESTSYS+Shared(with the seperator being a +) valid users = +Shared (with seperator being a `) valid users = +TESTSYS`Shared All attempts to access the share failed. The permissions on the directory are: drwxr-xr-x2 rwebbShared 4096 Oct 11 15:44 shared When trying to access this share from the win2k server, it pops up the "Connect As" box and does not let me proceed. Any help would be greatly appreciated. Rich -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba as a replacement for ftp
"Francis Lau" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hi all, > > My organization is thinking of using samba to replace the current ftp > service that we offer, because it is very easy to use and encrypted > passwords are built in Windows (for authentication). > > We are running a Solaris 5.8 machine with Samba 2.2 installed. > > We tested samba in our LAN and it works great. However, this service > is meant for users to connect from home. What do we have to do to make > samba work over a routed network? Should we use a WINS server (using > samba), special DNS server? I am very new to samba so please have a > little patience in my basic questions. =) I would recommend setting up a vpn server and dole out a private IP address to the remote users. Once they are on your network, browsing should work fine. Rich -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba and windows 2000 server
"Thiruvarasu" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Help needed > > Currenly i'm running samba on a RedHat 7.3 system. The primary domain contreller in the network in a windows 2000 server machine. I'm using the windows 2000 server to authenticate my users in the domain. Each time a new user is created in windows 2000, i have to create the same user in linux inorder to allow the user to have access to the samba shares. Is the re a script or method that can automatically create users in linux as new users being created in windows 2000 ? > > Thanks > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > man smb.conf Have a look at the password server directive. It allows samba to get it's username/passwords from a remote server. Rich -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Compile problem (2.2.7a)
in /usr/src/samba-2.2.7a/source I typed the following command: ./configure --prefix=/usr --sysconfdir=/etc/samba I get an error: checking configure summary... configure: error: summary failure. Aborting config Last 20 lines of config.log: configure:14091: checking whether struct passwd has pw_age configure:14104: gcc -c -O -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE conftest.c 1>&5 configure: In function `main': configure:14100: structure has no member named `pw_age' configure: failed program was: #line 14097 "configure" #include "confdefs.h" #include int main() { struct passwd p; p.pw_age; ; return 0; } configure:14143: checking for poptGetContext in -lpopt configure:14162: gcc -o conftest -O -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE conftest.c -lpopt -ldl -lnsl -lcrypt 1>&5 configure:14186: checking whether to use included popt configure:14201: checking configure summary configure:14210: gcc -o conftest -O -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE conftest.c -ldl -lnsl -lcrypt -lpopt 1>&5 configure: failed program was: #line 14206 "configure" #include "confdefs.h" #include "./tests/summary.c" Any help would be greatly appreciated. Thanks Rich -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba