RE: [Samba] 2nd smb server
Ah ok, but it should work as you described. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Sven Buchstaller > Sent: Tuesday, June 10, 2008 12:39 PM > To: samba@lists.samba.org > Subject: AW: [Samba] 2nd smb server > > Hi Sasha > > I think Sacha aka tdy_shadow mean somthing else, i have setup this > scenario > for some weeks but i have some trouble, when you look > In my ask in this list like "second samba pdc". > First he must setup the second PDC on a seperate physikal machine, with > newest samba version for "trusted domains" ... > Then you must do on the LDAP the groupmaps for the second PDC for > windows > and unix, you can't use the same from the 1 PDC. > After them you can add user host groups. > Dont forget the SIDs must be the same from the hosts users and groups > for an > domain, only the RIDs must be not the same. > Then add the infos in your smb.conf, i use wins for netbios. > Winbind do you only when you authentifikate on Windows Server. > Thats was a crash info when you need more help send me an Email, today > i > have not much time sorry. > > P.S. The Second Domain works here > > Mit freundlichen Grüßen > > Sven > > Sorry for bad english > > > > > -Ursprüngliche Nachricht- > > Von: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] Im > > Auftrag von Sascha Bieler > > Gesendet: Dienstag, 10. Juni 2008 12:15 > > An: 'Sascha'; samba@lists.samba.org > > Betreff: RE: [Samba] 2nd smb server > > > > Take this as a hint: > > > > [global] > >interfaces = lo eth0 > >bind interfaces only = Yes > >name resolve order = wins bcast lmhosts host > >printing = cups > >printcap name = cups > >printcap cache time = 750 > >cups options = raw > >load printers = Yes > >unix charset = UTF-8 > >display charset = UTF-8 > >workgroup = DOMAIN > >netbios name = NETBIOSNAME > >admin users = @"Domain Admins" > >guest account = gast > >server string = FileServer %v > >security = user > >encrypt passwords = Yes > >log level = 1 vfs:1 > >log file = /var/log/samba/log.%m > >syslog = 0 > >max log size = 10 > >domain logons = No > >os level = 32 > >preferred master = No > >domain master = No > >local master = No > >wins server = 192.168.10.1 > >dns proxy = Yes > >time server = Yes > >#ldap## > >passdb backend = ldapsam:"ldap://192.168.10.1"; > >ldap admin dn = cn=admin,dc=domain,dc=name > >ldap suffix = dc=domain,dc=name > >ldap group suffix = ou=Groups > >ldap user suffix = ou=Users > >ldap machine suffix = ou=Computers > >ldap idmap suffix = ou=Users > >ldap ssl = no > >ldap delete dn = Yes > >ldap passwd sync = Yes > >utmp = Yes > >idmap uid = 1000-2 > >idmap gid = 1000-2 > >idmap backend = ldap:"ldap://192.168.10.1"; > >shutdown script = /sbin/shutdown > >abort shutdown script = /sbin/shutdown -c > >nt acl support = yes > >kernel oplocks = yes > >enable privileges = Yes > >template shell = /bin/false > >ldap passwd sync = Yes > >utmp = Yes > >idmap uid = 1000-2 > >idmap gid = 1000-2 > >idmap backend = ldap:"ldap://192.168.10.1"; > >shutdown script = /sbin/shutdown > >abort shutdown script = /sbin/shutdown -c > >nt acl support = yes > >kernel oplocks = yes > >enable privileges = Yes > >template shell = /bin/false > >logon script = > >logon path = > >logon home = > > > > > > > > > > > > /etc/samba/smbldap.conf > > > > slaveLDAP="192.168.10.1" > > slavePort="389" > > > > masterLDAP="192.168.10.1" > > masterPort="389" > > > > > > Also set your ldap.conf and nsswitch.conf to the appropiate values. > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/listinfo/samba > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] 2nd smb server
Take this as a hint: [global] interfaces = lo eth0 bind interfaces only = Yes name resolve order = wins bcast lmhosts host printing = cups printcap name = cups printcap cache time = 750 cups options = raw load printers = Yes unix charset = UTF-8 display charset = UTF-8 workgroup = DOMAIN netbios name = NETBIOSNAME admin users = @"Domain Admins" guest account = gast server string = FileServer %v security = user encrypt passwords = Yes log level = 1 vfs:1 log file = /var/log/samba/log.%m syslog = 0 max log size = 10 domain logons = No os level = 32 preferred master = No domain master = No local master = No wins server = 192.168.10.1 dns proxy = Yes time server = Yes #ldap## passdb backend = ldapsam:"ldap://192.168.10.1"; ldap admin dn = cn=admin,dc=domain,dc=name ldap suffix = dc=domain,dc=name ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap idmap suffix = ou=Users ldap ssl = no ldap delete dn = Yes ldap passwd sync = Yes utmp = Yes idmap uid = 1000-2 idmap gid = 1000-2 idmap backend = ldap:"ldap://192.168.10.1"; shutdown script = /sbin/shutdown abort shutdown script = /sbin/shutdown -c nt acl support = yes kernel oplocks = yes enable privileges = Yes template shell = /bin/false ldap passwd sync = Yes utmp = Yes idmap uid = 1000-2 idmap gid = 1000-2 idmap backend = ldap:"ldap://192.168.10.1"; shutdown script = /sbin/shutdown abort shutdown script = /sbin/shutdown -c nt acl support = yes kernel oplocks = yes enable privileges = Yes template shell = /bin/false logon script = logon path = logon home = /etc/samba/smbldap.conf slaveLDAP="192.168.10.1" slavePort="389" masterLDAP="192.168.10.1" masterPort="389" Also set your ldap.conf and nsswitch.conf to the appropiate values. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] samba-3.0.29
> On Fri, May 30, 2008 at 10:54:39AM +0200, Sascha Bieler wrote: > > I have a share and in this share I specified: > > > > write list = antivir > > > > And I am not able to write with this user to this share. Setting read > > only = no is a workaround for me but not wanted. > > From which version did you upgrade? Since 3.0.25 you need to prefix > "antivir" with the domain, such as > > write list = "DOMAIN\antivir" > > Volker Uuups, now I remember I read it somewhere. Tested. Works! Thank you for the hint! Sascha. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] samba-3.0.29
> > since I upgraded to samba 3.0.29 the parameter "write list" does no > longer > > work. > > Anyone else who has same experience? > > More specific examples of the problem please. > > Jeremy. I have a share and in this share I specified: write list = antivir And I am not able to write with this user to this share. Setting read only = no is a workaround for me but not wanted. Regards, Sascha. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba-3.0.29
Hi everyone, since I upgraded to samba 3.0.29 the parameter "write list" does no longer work. Anyone else who has same experience? Best regards, Sascha -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] shut off roaming profiles
And off course set logon home = in your smb.conf > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Christopher Perry > Sent: Wednesday, May 28, 2008 3:32 PM > To: samba@lists.samba.org > Subject: [Samba] shut off roaming profiles > > is there a definitive way to shut up roaming profile squawking. i.e. > Windows cannot copy roaming profile when logging in and out. > > I tried putting a null string in the netlogon share, but it still yaps: > logon path = "" > > > Any help on this would be appreciated. Thanks, > Chris > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] shut off roaming profiles
You have to change the profile type to "local" on the windows box and configure the user not to have a roaming profile. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Christopher Perry > Sent: Wednesday, May 28, 2008 3:32 PM > To: samba@lists.samba.org > Subject: [Samba] shut off roaming profiles > > is there a definitive way to shut up roaming profile squawking. i.e. > Windows cannot copy roaming profile when logging in and out. > > I tried putting a null string in the netlogon share, but it still yaps: > logon path = "" > > > Any help on this would be appreciated. Thanks, Chris > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Can not add machine to the domain
No problem, that's why we have this fabulous list here... Have fun. Sascha -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Boyd Sent: Thursday, May 24, 2007 2:04 PM To: samba@lists.samba.org Subject: RE: [Samba] Can not add machine to the domain That would be the very problem. Jaysus I don't know how I overlooked that...smbldap-useradd was in /usr/sbin/ Thanks a million -Original Message----- From: Sascha Bieler [mailto:[EMAIL PROTECTED] Sent: 24 May 2007 09:10 To: 'Chris Boyd '; samba@lists.samba.org Subject: RE: [Samba] Can not add machine to the domain This say it all, no?!? > /usr/local/smbldap-tools/smbldap-useradd: No such file or directory Your path is wrong! Smbldap-useradd is not available there. Check where your binaries are and try again. Best regards Sascha - This email message is intended only for the addressee(s) and contains information that may be confidential and/or copyrighted. If you are not the intended recipient please notify the sender by reply email and immediately delete this email. Use, disclosure or reproduction of this email by anyone other than the intended recipient(s) is strictly prohibited. USIT has scanned this email for viruses and dangerous content and believes it to be clean. However, virus scanning is ultimately the responsibility of the recipient. - USIT Ireland Ltd. Company No. 377526. Registered Office 19/21 Aston Quay Dublin 2. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Can not add machine to the domain
This say it all, no?!? > /usr/local/smbldap-tools/smbldap-useradd: No such file or directory Your path is wrong! Smbldap-useradd is not available there. Check where your binaries are and try again. Best regards Sascha -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Can not add machine to the domain
Did you modify /usr/share/perl5/smbldap_tools.pm and /etc/samba/smbldap.conf to fit your needs? Do you have a proper working DNS server? Does your PDC act as WinS server also? If not, do so. What does your logfile say??? Here's a working smb.conf from debian etch: [global] interfaces = lo eth3 bind interfaces only = Yes name resolve order = wins bcast lmhosts host printing = cups printcap name = cups printcap cache time = 750 cups options = raw load printers = Yes unix charset = UTF-8 display charset = UTF-8 workgroup = usit admin users = @"Domain Admins",MUSIC\Administrator guest account = nobody server string = %h %v security = user encrypt passwords = true log level = 2 vfs:2 log file = /var/log/samba/log.%m syslog = 0 max log size = 10 domain logons = Yes os level = 255 domain master = Yes local master = Yes wins support = Yes wins proxy = Yes dns proxy = Yes time server = Yes #ldap## passdb backend = ldapsam:"ldap://127.0.0.1/"; ldap admin dn = cn=admin,dc=usit,dc=ie ldap suffix = dc=usit,dc=ie ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap idmap suffix = ou=Users ldap ssl = no ldap delete dn = Yes add user script = /usr/sbin/smbldap-useradd -a -P "%u" delete user script = /usr/sbin/smbldap-userdel -r "%u"; rm -r /home/"%u"; rm -r /opt/profiles/"%u" # add machine script = /usr/sbin/smbldap-useradd -w "%u" add machine script = /usr/sbin/smbldap-useradd -w -d /dev/null -c 'Machine Account' -s /bin/false "%u" add group script = /usr/sbin/smbldap-groupadd "%g" delete group script = /usr/sbin/smbldap-groupdel "%g" add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" ldap passwd sync = Yes utmp = Yes idmap uid = 1-2 idmap gid = 1-2 idmap backend = ldap:ldap://127.0.0.1/ shutdown script = /sbin/shutdown abort shutdown script = /sbin/shutdown -c nt acl support = yes kernel oplocks = yes enable privileges = Yes template shell = /bin/false logon script = logon.bat logon path = logon home = Good Luck! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Boyd Sent: Wednesday, May 23, 2007 5:22 PM To: samba@lists.samba.org Subject: [Samba] Can not add machine to the domain Running samba-3.0.24 with ldap on debian etch. Whenever I try to add an xp pro machine to the domain I get (on the pc) "the username can not be found". I'm loggin in as admin. In the samba log I get (for this pc) " passdb/pdb_interface.c:pdb_default_create_user(368) _samr_create_user: Running the command `/usr/local/smbldap-tools/smbldap-useradd -w "gal_script$"' gave 127" I changed disabled the digital encryption for domain on the xp box in security policy. I can add the machine from the debian command line with no problems. Here is the smb.conf [global] workgroup = usit server string = %h server dns proxy = no interfaces = 127.0.0.0/8 eth0 log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d encrypt passwords = true passdb backend = ldapsam:ldap://10.133.1.21 ldap suffix = dc=usit,dc=ie ldap machine suffix = ou=machines ldap user suffix = ou=users ldap group suffix = ou=groups ldap admin dn = cn=admin,dc=usit,dc=ie ldap delete dn = no obey pam restrictions = yes ldap password sync = yes invalid users = root passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* . domain logons = yes enable privileges = yes logon path = \\%N\profiles\%U logon path = \\%N\%U\profile logon drive = H: logon home = \\%N\%U logon script = logon.cmd add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u add machine script = /usr/local/smbldap-tools/smbldap-useradd -w "%u" socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 domain master = yes preferred master = yes [homes] comment = Home Directories browseable = no writable = yes create mask = 0700 directory mask = 0700 valid users = %S [netlogon] comment = Network Logon Service path = /home/samba/netlogon guest ok = yes writable = no share modes = no smbldap_bind.conf: slaveDN="cn=admin,dc=usit,dc=ie" slavePw="" masterDN="cn=admin,dc=usit,dc=ie" masterPw="" nsswitch.conf: passwd: compa
RE: [Samba] can't create workstation account
Unfortunatly this does not help also. Still get message: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded. Using interface ppp1 Connect: ppp1 <--> /dev/pts/1 Winbind has declined authentication for user! NT_STATUS_CANT_ACCESS_DOMAIN_INFO Peer MUSIC\\pwm failed CHAP authentication Connection terminated. When trying to authenticate against SMB-Domain. Too bad... :-( Best regards Sascha -Original Message- From: Julian Pilfold-Bagwell [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 23, 2007 12:54 PM To: Sascha Bieler Cc: samba@lists.samba.org Subject: Re: [Samba] can't create workstation account Hi all, Found this thread while searching for the problem you have and have found a cure that works for me. Whenever joining the domain from a Windows XP machine it was only creating the Posix side of the account and not the sambaSamAccount that's required for a successful account creation. Found the following in another thread from 2005. Basically, change your add machine script in smb.conf from: smbldap-useradd -w "%u" to smbldap-useradd -w -d /dev/null -c 'Machine Account' -s /bin/false "%m" -d sets the home directory of the machine user to "non-existant" (/dev/null) -c sets the gecos and may not be strictly necessary (haven't tried without) -s disables sets a non-existent login shell and most importantly, %m sets the account name to the correct machine name parameter, not user name. Ironically, if I now run: smbldap-usershow jpb-laptop$ after successfully connecting my laptop to the domain, I get no entry returned. Slapcat'ing my ldap database however, shows the machine account with all the correct Samba and Posix entries and logins work fine. Let me know if this works for you and post it as [Solved] if it does. Cheers, Jools Sascha Bieler wrote: >> `/usr/sbin/smbldap-useradd -w "blackhawk$"' gave 9 >> > > >> The command smbldap-useradd exit with exit code 9, which means error. >> It should exit with error 9, try running something like this: >> > > I know, but this means just that account is created and normally it will be > overwritten. If I have a look inside ldap I see: > > dn: uid=blackhawk$,ou=Computers,dc=audio,dc=de > objectClass: top > objectClass: person > objectClass: organizationalPerson > objectClass: inetOrgPerson > objectClass: posixAccount > cn: blackhawk$ > sn: blackhawk$ > uid: blackhawk$ > uidNumber: 1016 > gidNumber: 515 > homeDirectory: /dev/null > loginShell: /bin/false > description: Computer > gecos: Computer > structuralObjectClass: inetOrgPerson > entryUUID: 7f9e7c88-9be3-102b-9a0c-c98dc3a52409 > creatorsName: cn=admin,dc=audio,dc=de > createTimestamp: 20070521123527Z > entryCSN: 20070521123527Z#01#00#00 > modifiersName: cn=admin,dc=audio,dc=de > modifyTimestamp: 20070521123527Z > > > >> /usr/sbin/smbldap-useradd -w "test123$" and see if there is an error >> > No error and account is added like this: > dn: uid=blackhawk$,ou=Computers,dc=audio,dc=de > objectClass: top > objectClass: person > objectClass: organizationalPerson > objectClass: inetOrgPerson > objectClass: posixAccount > cn: blackhawk$ > sn: blackhawk$ > uid: blackhawk$ > uidNumber: 1017 > gidNumber: 515 > homeDirectory: /dev/null > loginShell: /bin/false > description: Computer > gecos: Computer > structuralObjectClass: inetOrgPerson > entryUUID: a4194154-9c85-102b-9a0f-c98dc3a52409 > creatorsName: cn=admin,dc=audio,dc=de > createTimestamp: 20070522075607Z > entryCSN: 20070522075607Z#01#00#00 > modifiersName: cn=admin,dc=audio,dc=de > modifyTimestamp: 20070522075607Z > > > While doing net join from running BDC it works, also debian 4.0. Don't really > know what I've done wrong. > > Thanks for helping and thinking! > > Sascha > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] can't create workstation account
Found also this one in logs... _net_auth2: failed to get machine password for account BLACKHAWK$: NT_STATUS_ACCESS_DENIED Mmmmhh? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] can't create workstation account
>`/usr/sbin/smbldap-useradd -w "blackhawk$"' gave 9 > The command smbldap-useradd exit with exit code 9, which means error. > It should exit with error 9, try running something like this: I know, but this means just that account is created and normally it will be overwritten. If I have a look inside ldap I see: dn: uid=blackhawk$,ou=Computers,dc=audio,dc=de objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount cn: blackhawk$ sn: blackhawk$ uid: blackhawk$ uidNumber: 1016 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer structuralObjectClass: inetOrgPerson entryUUID: 7f9e7c88-9be3-102b-9a0c-c98dc3a52409 creatorsName: cn=admin,dc=audio,dc=de createTimestamp: 20070521123527Z entryCSN: 20070521123527Z#01#00#00 modifiersName: cn=admin,dc=audio,dc=de modifyTimestamp: 20070521123527Z > /usr/sbin/smbldap-useradd -w "test123$" and see if there is an error No error and account is added like this: dn: uid=blackhawk$,ou=Computers,dc=audio,dc=de objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount cn: blackhawk$ sn: blackhawk$ uid: blackhawk$ uidNumber: 1017 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer structuralObjectClass: inetOrgPerson entryUUID: a4194154-9c85-102b-9a0f-c98dc3a52409 creatorsName: cn=admin,dc=audio,dc=de createTimestamp: 20070522075607Z entryCSN: 20070522075607Z#01#00#00 modifiersName: cn=admin,dc=audio,dc=de modifyTimestamp: 20070522075607Z While doing net join from running BDC it works, also debian 4.0. Don't really know what I've done wrong. Thanks for helping and thinking! Sascha -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] can't create workstation account
Aham, I posted the log files, please hav a look again... -Original Message- From: Sascha Bieler [mailto:[EMAIL PROTECTED] Sent: Monday, May 21, 2007 6:53 PM To: 'Sascha Bieler' Subject: RE: [Samba] can't create workstation account net join -U Administrator gives: ==> log.192.168.100.222 <== [2007/05/21 18:51:58, 2] lib/smbldap.c:smbldap_open_connection(788) smbldap_open_connection: connection opened [2007/05/21 18:51:58, 2] passdb/pdb_ldap.c:init_group_from_ldap(2140) init_group_from_ldap: Entry found for group: 514 [2007/05/21 18:51:58, 2] passdb/pdb_ldap.c:init_group_from_ldap(2140) init_group_from_ldap: Entry found for group: 514 [2007/05/21 18:51:58, 2] passdb/pdb_ldap.c:init_group_from_ldap(2140) init_group_from_ldap: Entry found for group: 512 [2007/05/21 18:51:58, 2] passdb/pdb_ldap.c:init_sam_from_ldap(541) init_sam_from_ldap: Entry found for user: Administrator [2007/05/21 18:51:58, 2] passdb/pdb_ldap.c:init_group_from_ldap(2140) init_group_from_ldap: Entry found for group: 513 [2007/05/21 18:51:58, 2] smbd/reply.c:reply_tcon_and_X(711) Serving IPC$ as a Dfs root [2007/05/21 18:51:58, 0] rpc_server/srv_netlog_nt.c:get_md4pw(242) get_md4pw: Workstation BLACKHAWK$: no account in domain [2007/05/21 18:51:58, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(461) _net_auth2: failed to get machine password for account BLACKHAWK$: NT_STATUS_ACCESS_DENIED ==> log.blackhawk <== [2007/05/21 18:51:59, 0] passdb/pdb_interface.c:pdb_default_create_user(368) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w "blackhawk$"' gave 9 [2007/05/21 18:51:59, 2] smbd/utmp.c:sys_utmp_update(419) utmp_update: uname:/var/run/utmp wname:/var/log/wtmp and still cannot join the samba domain. What do I miss? Best regards Sascha -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] can't create workstation account
> Are you joining a Samba domain ? If so, that error msg is > probably not your problem. Yes, I try to... Does somebody have a hint form e, plz? Best regards Sascha -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] can't create workstation account
Hi there, trying to setup ntlm authentication for vpn-networking and now having trouble to get the machin in domain account trust state. wbinfo -u and -g works well smbclient works well also Starting winbind daemons generates following error: cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from remote machine MEATLOAF pipe \lsarpc fnum 0x75af! net join -U administrator -> Creation of workstation account failed Unable to join domain Having a look in the ldif extracted from slapcat says: dn: uid=blackhawk$,ou=Computers,dc=audio,dc=de objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount cn: blackhawk$ sn: blackhawk$ uid: blackhawk$ uidNumber: 1011 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer structuralObjectClass: inetOrgPerson entryUUID: f9b8d4d6-99a0-102b-9a06-c98dc3a52409 creatorsName: cn=admin,dc=audio,dc=de createTimestamp: 20070518153413Z entryCSN: 20070518153413Z#01#00#00 modifiersName: cn=admin,dc=audio,dc=de modifyTimestamp: 20070518153413Z So the machine account is "half alive"... smb.conf: [global] workgroup = MUSIC netbios name = BLACKHAWK security = domain server string = VPN Gateway %v password server = 192.168.100.1 wins support = no wins server = 192.168.100.1 max log size = 1 local master = no winbind enum users = yes winbind enum groups = yes #winbind use default domain = yes winbind separator = / idmap uid = 1-2 idmap gid = 1-2 template shell = /bin/false interfaces = lo, eth0 bind interfaces only = Yes syslog = 0 os level = 16 DNS works correctly. WINS too. # /etc/nsswitch.conf passwd: compat winbind group: compat winbind shadow: compat hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc:db files netgroup: nis Linux is debian 4.0 Has anyone a hint what may go wrong? Best regards Sascha -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] WinXp - Samba - Solaris Connection issue
Hi there, > [2007/03/28 14:47:01, 0] lib/util_sock.c:get_peer_addr(1229) > getpeername failed. Error was Invalid argument > [2007/03/28 14:47:01, 0] lib/util_sock.c:set_socket_options(261) > Failed to set socket option SO_KEEPALIVE (Error Invalid argument) > [2007/03/28 14:47:01, 0] lib/util_sock.c:set_socket_options(261) > Failed to set socket option TCP_NODELAY (Error Invalid argument) kick out your socket options or search for these entries in your conf SO_KEEPALIVE TCP_NODELAY and restart your samba daemons! Do you run a firewall on your boixes? Try to turn off. Configure wins and dns correctly. Please post you smb.conf, seems the biggest problem to me. Greetings sascha -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] LDAP machine accounts
Hi there, how can I import all the machine accounts with their valid sids from passwd to ldap? Best regards Sascha -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] PDC
Ok, solved the problem via the "Windows Repair Button" in network neighborhood. G. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Sascha Bieler > Sent: Friday, March 30, 2007 9:33 AM > To: samba@lists.samba.org > Subject: [Samba] PDC > > Hello, > > got some trouble with nameresolution I think, but need some help because > auf > starting blindness now. > > Server is resolveable by DNS forward and reverse. > Also I set up a WinS server in samba. > nmblookup -A and smbclient -L servername -N does work > > nbtstat -ac does just work with ipaddress and not with name of server, so > my > domain is not be found. > > Any suggestions? > > Best regards > > > Sascha > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] PDC
Hello, got some trouble with nameresolution I think, but need some help because auf starting blindness now. Server is resolveable by DNS forward and reverse. Also I set up a WinS server in samba. nmblookup -A and smbclient -L servername -N does work nbtstat -ac does just work with ipaddress and not with name of server, so my domain is not be found. Any suggestions? Best regards Sascha -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] NETLOGON samba-3.0.23c
Hi @all, I don't know why, but my PDC Stopps serving the netlogon service over the weekend. \\HUNTER\netlogon is avaliable and readeable! Here's output of nbtstat -ac HUNTER Name Typ Status - HUNTER <00> EINDEUTIG Registriert HUNTER <03> EINDEUTIG Registriert HUNTER <20> EINDEUTIG Registriert ..__MSBROWSE__.<01> GRUPPE Registriert SNEAKER<1D> EINDEUTIG Registriert SNEAKER<1B> EINDEUTIG Registriert SNEAKER<1C> GRUPPE Registriert SNEAKER<1E> GRUPPE Registriert SNEAKER<00> GRUPPE Registriert Smb.conf [global] interfaces = lo eth0 eth1 eth2 bind interfaces only = Yes name resolve order = wins bcast lmhosts host unix charset = ISO8859-1 display charset = ISO8859-1 workgroup = SNEAKER netbios name = HUNTER admin users = @"Domain Admins" guest account = nobody server string = SoundServer %v security = user encrypt passwords = Yes log level = 2 vfs:2 log file = /var/log/samba/%U.%m.log syslog = 0 max log size = 10 domain logons = Yes os level = 255 preferred master = Yes domain master = Yes local master = Yes wins support = Yes wins proxy = Yes dns proxy = Yes time server = Yes #ldap## passdb backend = ldapsam:"ldap://127.0.0.1/"; ldap admin dn = cn=Manager,dc=radiogong,dc=intern ldap suffix = dc=radiogong,dc=intern ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap idmap suffix = ou=Users ldap ssl = no ldap delete dn = Yes add user script = /usr/local/sbin/smbldap-useradd -a -P "%u" delete user script = /usr/local/sbin/smbldap-userdel -r "%u"; rm -r /home/"%u"; rm -r /opt/profiles/"%u" add machine script = /usr/local/sbin/smbldap-useradd -w "%u" add group script = /usr/local/sbin/smbldap-groupadd "%g" delete group script = /usr/local/sbin/smbldap-groupdel "%g" add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u" ldap passwd sync = Yes utmp = Yes idmap uid = 1000-2 idmap gid = 1000-2 idmap backend = ldap:ldap://127.0.0.1/ shutdown script = /sbin/shutdown abort shutdown script = /sbin/shutdown -c winbind enum users = yes winbind enum groups = yes winbind use default domain = yes winbind uid = 1000-2 winbind gid = 1000-2 winbind cache time = 10 nt acl support = yes kernel oplocks = yes enable privileges = Yes template shell = /bin/false logon script = logon.bat logon path = logon home = DNS is working fine, also WinS! Do you have any clues? Thanx in advance Sascha -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] 3.0.22 to 3.0.23a and sambaSID
Hi, I try to upgrade 3.0.22 to 3.0.23a and have read the RELEASE NOTES, but I cannot connect via windows after upgrading. So I copied the new samba.schema and added "index sambaSID sub" to slapd.conf. I stopped the ldap Server and ran slapindex. So after doing an smbldap-usershow on console I saw all informations about the wanted user, but I am not able to logon via windows. What did I miss? Greetings Sascha -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] LDAP Logon Problem
Hi everybody, I got a strange problem. I'm using fedora core 3 and openldap. Configured samba 3.0.11 to act as LDAP PDC and everything worked fine. But now creating a new user and trying to log on I get: check_ntlm_password: Authentication for user [florian] -> [florian] FAILED with error NT_STATUS_WRONG_PASSWORD In LDAP there seems to be everything fine, but I cannot manage to logon with a new user. The old ones are working fine. Greetings and thanks for helping out Sascha -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Fedora Core 3 update
Hi folks, since I updated my fedora core 3 yesterday samba seems to be very slow! Does anyone know if the bugfix for today will solve zhis problem? Greetings Sascha -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Migrate to LDAP
Ok, that seems just to work if u have the given accounts on your linux box, otherwise I get this error message: build_sam_account: smbpasswd database is corrupt! username sascha with uid 501 is not in unix passwd database! If sascha is a linux user account pdbedit will import it in ldap... Maybe I missed a flag!?! Greetings Sascha -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Migrate to LDAP
Hi there, does anybody now how to extract the machine accounts from existing smbpasswd or passwd and migrate them to LDAP? Greetings Sascha -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] NetBIOS-Remotecache
> Hi out there. > > I have not been able to solve the following problem yet. > > I configured samba-3.0.9 as LMB/PDC with correct DNS and WINS. > When I log on with my Windowsbox (no matter which version) and do > immidiatly > an "nbtstat -c" on the command-line I get: > snip>> > >> > > > NetBIOS-Remotecache-Namentabelle > > Name TypHostadresse Dauer [Sek.] > - > SNEAKER<1C> GRUPPE 192.168.10.1395 > << > < > > > When I now import lmhosts.sam with: > snip>> > >> > > > 192.168.10.1 hunter #PRE #DOM:sneaker > << > < > > I get the correct information: > snip>> > >> > > > NetBIOS-Remotecache-Namentabelle > > Name TypHostadresse Dauer [Sek.] > - > SNEAKER<1C> GRUPPE 192.168.10.1-1 > HUNTER <03> EINDEUTIG 192.168.10.1-1 > HUNTER <00> EINDEUTIG 192.168.10.1-1 > HUNTER <20> EINDEUTIG 192.168.10.1-1 > << > < > > What have I not configured correctly??? > > Greetings > > Sascha > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] NetBIOS-Remotecache
Hi out there. I have not been able to solve the following problem yet. I configured samba-3.0.9 as LMB/PDC with correct DNS and WINS. When I log on with my Windowsbox (no matter which version) and do immidiatly an "nbtstat -c" on the command-line I get: snip > NetBIOS-Remotecache-Namentabelle Name TypHostadresse Dauer [Sek.] - SNEAKER<1C> GRUPPE 192.168.10.1395 >>>snip > 192.168.10.1 hunter #PRE #DOM:sneaker >>>snip > NetBIOS-Remotecache-Namentabelle Name TypHostadresse Dauer [Sek.] - SNEAKER<1C> GRUPPE 192.168.10.1-1 HUNTER <03> EINDEUTIG 192.168.10.1-1 HUNTER <00> EINDEUTIG 192.168.10.1-1 HUNTER <20> EINDEUTIG 192.168.10.1-1 http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Old domain name an't delete record with tdbtool
Don't no much about this topic, just a hint... I had to change my domain too, also with windows servers and this is the normal behaviour. It's a kind of windows caching. If u wait a bit the name of the old domain is away from network neighborhood... Regards Sascha Am Montag, 31. Mai 2004 15:54 schrieb Keith Edmunds: > Samba V3, tdbsam backend. > > I've had to change the workgroup name in smb.conf on a Samba PDC (ie, I've > changed the domain name). However, the old domain name still shows up in > Windows PCs' "Microsoft Windows Network" (together with the new name, which > works just fine). I want to remove the old domain name, and I assume it is > still showing because it is still present in secrets.tdb. A "tdbdump > secrets.tdb" shows (actual domain names changed): > > key = "SECRETS/SID/OLDNAME" > data = > [deleted] > > key = "SECRETS/SID/NEWNAME" > data = > [deleted] > > So I tried to remove the old name with tdbtool: > > $ tdbtool secrets.tdb > tdb> delete SECRETS/SID/OLDNAME > delete failed > tdb> delete "SECRETS/SID/OLDNAME" > delete failed > tdb> > > Some questions: > > 1. Is the reason that the old domain name is showing because it is in > secrets.tdb? > 2. Is deleting it from secrets.tdb the right way to remove it? > 3. How do I delete it? > > Many thanks for any suggestions - > K. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] please help me.
I just wonder why port 445 is missing there... Greetings Sascha Am Montag, 31. Mai 2004 22:45 schrieb azeem ahmad: > hi > if i remove the rule for transparent redirection from my firewall script > then it works well. what can be the connection of transparent redirection > with samba > > please help me out. i m in a grate trouble. the detailed problem is below > > Regards > Azeem > > >From: "azeem ahmad" <[EMAIL PROTECTED]> > >To: [EMAIL PROTECTED] > >Subject: [Samba] iptables and samba > >Date: Thu, 27 May 2004 21:02:44 + > > > >hi > >i m using the script below > >-- > >--- iptables -F > >iptables -t nat -F > >iptables -P INPUT DROP > >iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > >iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT > >iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT > >iptables -A INPUT -i eth0 -p tcp --dport 53 -j ACCEPT > >iptables -A INPUT -i eth0 -p udp --dport 53 -j ACCEPT > >iptables -A INPUT -i eth0 -p udp --dport 137 -j ACCEPT > >iptables -A INPUT -i eth0 -p udp --dport 138 -j ACCEPT > >iptables -A INPUT -i eth0 -p tcp --dport 139 -j ACCEPT > > > >-- > >--- > > > >i have two shares on samba server "Soft and linux" in these shares there > >are many folders. whenever i run the above script and then i open the > > share it takes atleast 4 minutes to open the share. but it doesnt take > > time while browsing inside share. > >mean there is a folder on soft share like soft/adobe/acrobat/acrobat6 > >when i double click on soft it takes atleast 4 minutes but after that when > >i click on adobe then acrobat then acrobat6 it takes now time it just > >browse them normally. same problem is with the other share named linux. > >but if i dont run this script then all shares work fine with no delay > >this problem only occures first time. mean when i browse the share next > >time it doesnt occur > > > >Regards > >Azeem > > _ > Add photos to your e-mail with MSN 8. Get 2 months FREE*. > http://join.msn.com/?page=features/featuredemail -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] domain admin
Hello, I have configfured in /etc/samba/smusers: root = administrator and in /etc/group: root:x:0:root,administrator Further I have mapped the groups: Administrators (S-1-5-32-544) -> root Domain Admins (S-1-5-21-3965442966-3812898117-3611004146-512) -> root But my Windows XP Clients won't the the Administrator as domain admin. I can log in as administrator but I do not have the privilidges. Does anoyone know why? Greetings Sascha -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba-3.0.4
Hi, today I realized that my Inte dual XEON has 0% idle on all 4 processors. I removed samba-3.0.4 and installed 3.0.3 again. So idle-time is now 100% on three processors and 97% on one. BACK AGAIN to the normal workflow. But what went wrong??? Did I miss any new parameters? Or do I have a charsetproblem again as in 3.0.0??? Greetings Sascha -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Windows XP big Problems
I really don't know what to do. As I said, I have installed samba 3.0.0 rc 4 and since that my windows XP Prof. boxes don't like to log on correctly. If i got security = user, as is correctly for an PDC, the Windows XP Prof. boxes don't like to log on, because they don't find the sharenames. If i got security = domain or server or ads it works. Really think this is a bug. Hope somebody out there will help me, I am near to go completly mad. Thanx Sascha _ Radio Gong 2000 GmbH & Co. KG Franz-Joseph-Strasse 14 80801 München Fon: +49 (0) 89 / 38 166 - 0 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3alpha21
Hi there, I want to build a RPM for the SuSE 8.1 and get following error: aclocal: configure.in: 2097: macro `AM_PATH_MYSQL' not found in library Any clues. It's something about LDAP using MySQL and the new passdb/pdbedit - tool. Thanks Sascha -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] PDC and BDC
Hi @ all, can someone tell me please if I have to synchronise the samba-password-file when I have a PDC and a BDC running? Situation: All machines have trustee accounts on the pdc and like to log on the bdc. Does the bdc know about the users from pdc when I set up the 'password server'-parameter? Thanks for help Sascha -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] 3alpha21-release
Hi MastersOfSamba, at the weekend I felt a little bit like I have to help you in bug finding in the 3alpha21-release and I installed it over my pretty good working 2.2.7a. First of all I have to say that my samba is working as PDC emulating an NT4-DC. And i saw some very strange things. 1. Profiling is no longer working while using the same smb.conf as I used with 2.2.7a 2. In the shares I fond some new files, no one has created. Also I found some folders with the same names and this several times. For Example, I had 5 folders named 'K' or just three files named 'B'. I was not able to delete them and when I replaced the 3alpha21 against the old 2.2.7a the don't exist any longer. Greetings and hope this will help you a bit Sascha P.S.: If you like to have my smb.conf -> let me know Radio Gong 2000 GmbH & Co KG Sascha Bieler Technischer Leiter Franz-Joseph-Strasse 14 80801 München Fon: 089 - 38 166 181 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
