[Samba] samba 3.0.23b - cannot create builtin accounts
Hi, I installed a fresh server (SLES9 SP3) with Samba 3.0.23b as an ADS member server. It all seems to work fine, but it doesn't create the builtin accounts (only complains about it). Do they have to be created manually now ? Is there documentation about this ? smb.conf and net manpage doesn't say anything. Full config logs attached. My conf is: [global] workgroup = CORPORIS realm = CORPORIS.X security = ads smb ports = 445 disable spoolss = yes usershare allow guests = Yes idmap backend = rid:BUILTIN=9000-,CORPORIS=1-1 idmap gid = 9000-1 idmap uid = 9000-1 allow trusted domains = No template shell = /bin/bash template homedir = /home/%U winbind refresh tickets = Yes And the error message is: [2006/08/17 18:20:08, 0] auth/auth_util.c:create_builtin_administrators(762) create_builtin_administrators: Failed to create Administrators [2006/08/17 18:20:08, 0] auth/auth_util.c:create_local_nt_token(876) create_local_nt_token: Failed to create BUILTIN\Administrators group! [2006/08/17 18:20:08, 0] auth/auth_util.c:create_builtin_users(728) create_builtin_users: Failed to create Users [2006/08/17 18:20:08, 0] auth/auth_util.c:create_local_nt_token(903) create_local_nt_token: Failed to create BUILTIN\Administrators group! [2006/08/17 18:20:08, 1] lib/account_pol.c:account_policy_get(329) account_policy_get: tdb_fetch_uint32 failed for field 1 (min password length), returning 0 [2006/08/17 18:20:08, 1] lib/account_pol.c:account_policy_get(329) account_policy_get: tdb_fetch_uint32 failed for field 2 (password history), returning 0 [2006/08/17 18:20:08, 1] lib/account_pol.c:account_policy_get(329) account_policy_get: tdb_fetch_uint32 failed for field 3 (user must logon to change password), returning 0 [2006/08/17 18:20:08, 1] lib/account_pol.c:account_policy_get(329) account_policy_get: tdb_fetch_uint32 failed for field 4 (maximum password age), returning 0 [2006/08/17 18:20:08, 1] lib/account_pol.c:account_policy_get(329) account_policy_get: tdb_fetch_uint32 failed for field 5 (minimum password age), returning 0 [2006/08/17 18:20:08, 1] lib/account_pol.c:account_policy_get(329) account_policy_get: tdb_fetch_uint32 failed for field 6 (lockout duration), returning 0 [2006/08/17 18:20:08, 1] lib/account_pol.c:account_policy_get(329) account_policy_get: tdb_fetch_uint32 failed for field 7 (reset count minutes), returning 0 [2006/08/17 18:20:08, 1] lib/account_pol.c:account_policy_get(329) account_policy_get: tdb_fetch_uint32 failed for field 8 (bad lockout attempt), returning 0 [2006/08/17 18:20:08, 1] lib/account_pol.c:account_policy_get(329) account_policy_get: tdb_fetch_uint32 failed for field 9 (disconnect time), returning 0 [2006/08/17 18:20:08, 1] lib/account_pol.c:account_policy_get(329) account_policy_get: tdb_fetch_uint32 failed for field 10 (refuse machine password change), returning 0 [2006/08/17 18:20:09, 0] auth/auth_util.c:create_builtin_administrators(762) create_builtin_administrators: Failed to create Administrators [2006/08/17 18:20:09, 0] auth/auth_util.c:create_local_nt_token(876) create_local_nt_token: Failed to create BUILTIN\Administrators group! [2006/08/17 18:20:09, 0] auth/auth_util.c:create_builtin_users(728) create_builtin_users: Failed to create Users [2006/08/17 18:20:09, 0] auth/auth_util.c:create_local_nt_token(903) create_local_nt_token: Failed to create BUILTIN\Administrators group! Also, what are those error messages about the account_policy_get ??? Thanks for any help !!! Schlomo Schapiro-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] copy error big files from xp to linux
Hi, On Tue, 25 Apr 2006, Luiz Campos wrote: Hi I am running samba on suse 10 with a client XP professional. I can copy files from suse to xp normally, but I can only copy small files (~1k) when writing to a suse share from XP . Files big as 500 k are getting an error message Error copying the file.. Path is too extent... Sorry, but as long as you don't supply some information about your system, nobody will be able to help you. Versions, Log files, level 10 logs, ... that kinf of thing. And, make sure that you don't have a problem with networking hardware and settings, like a differing MTU size, cabling problems, lousy NICs, ... add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody - /bin/false %m$ should read: add machine script = /usr/sbin/useradd -g computers -c Machine -d /var/lib/empty -s /bin/false %u -- Regards, Schlomo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Stateful Takeover in a Cluster environment
Hi, funny - just today I talked to Jeremy about this question and maybe there will be some development in Samba 3 in the near future in this area. Apparently there has been some progress in the internal workings of Samba recently that makes the whole cluster thing more feasable. So, stay tuned. Schlomo PS: I have heard, that IBM is running a clustered version of Samba internally over GPFS - maybe you should check inhouse. PPS: Everybody who doesn't come to the SambaXP conference should really think about it. It is really worthwhile. On Mon, 24 Apr 2006, Kai Suchomel1 wrote: Hey I am new to Samba and have a few queries. How can you archieve Stateful Takeover for a Samba Session My goal is to get a samba service running over a cluster. For the client it is transparent to witch server he connects. If a node in the cluster dies, the connection will move with all the states over to another node. I know Samba 3 is not clusteraware, perhaps anybody knows something about the clusterawarness in Samba 4. I am pleaseful for every answer. Anybody having any idea, please comment. Regards Kai Suchomel === -- Regards, Schlomo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] AD Rules in Samba
On Tue, 26 Apr 2005, Tony Earnshaw wrote: Actually, that's not quite correct. There is at least one commercial tool available for Samba that makes it possible to use mmc (the Microsoft Management Console) and many of its snapins (especially Group Policy, but some others work too) to write policy to netlogon and read it in at user logon time. Obviously Samba has to support these :) I have seen such a tool at the CeBIT last year - but they had a GPO-like system that worked besides Samba, basically they re-implemented the GPO stuff independantly of a Domain Controller. -- Regards, Schlomo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unix to SMB Password Sync using PAM
Hi, I used this module sucessfully, but in the auth part, not passwd. That way the Samba password is set on each login. I noticed however, that it is set only if there is no existing password. The source shows that this is intended, but can be easily amended with your favourite C compiler ... Apparantly the pam_smbpasswd module is primarily intended for migration scenarios where people want to move from unix passwords to Samba passwords. In general, if all your unix users hava a Samba password, there is no reason to keep both passwords anyway, just use the Samba password also for Unix access, e.g. with pam_smb Regards, Schlomo On Thu, 7 Apr 2005, Charles McLaughlin wrote: Hello, I would like to configure PAM to sync Unix passwords to Samba passwords. When I add a new Unix user or change an existing Unix user's password, I want the same password to be stored in /etc/smbpasswd. I'm trying to follow these instructions: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/pam.html#id2606200 It sounds like this is what I want to do: A sample PAM configuration that shows the use of pam_smbpass to make sure private/smbpasswd is kept in sync when /etc/passwd (/etc/shadow) is changed. I created the file /etc/pam.d/passwd-sync and pasted the following: # %PAM-1.0 # password-sync # auth requisitepam_nologin.so auth required pam_unix.so accountrequired pam_unix.so password requisitepam_cracklib.so retry=3 password requisitepam_unix.so shadow md5 use_authtok try_first_pass password required pam_smbpass.so nullok use_authtok try_first_pass sessionrequired pam_unix.s Then I rebooted and changed my Unix password using passwd, but that didn't change my smbpassd. I checked to make sure I have all of the needed PAM modules, but other than that I don't know what to look for. Am I missing something? Any ideas? Thanks in advance. Charles -- Regards, Schlomo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Group auth with ntlm_auth
Hi, good question. I am also standing in front of the same question, with the added point of needing transparent proxy authentication for Windows clients. Can you maybe tell me how far you got on this topic ? Thanks, Schlomo On Wed, 6 Apr 2005, Altrock, Jens wrote: Hi there, I am trying to set up a Squid proxy using group authentication via samba ntlm. So I thought about using ntlm_auth, which can authenticate groups since Samba version 3.0.4 as I read. So anyone knows if it is possible to authenticate against different groups? Problem is we got 4 domains, each has it's own group called WWW and only members of that group are allowed to use the proxy. Domains all got trusted bidirectional relationships. Regards, Jens Altrock ### Diese Nachricht wurde von F-Secure Anti-Virus gescannt. This message has been scanned by F-Secure Anti-Virus. -- Regards, Schlomo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 2.2 vs. 3: Domain Member Winbind quick question
Hi, search the list archives of samba-users for my name, I posted a patch to winbindd a couple of years ago that solved this problem for me back then. HTH, Schlomo On Thu, 17 Mar 2005, Tyler Thueson wrote: I have a Samba 2.2 box set up as a member server in a Windows domain. Any random Windows domain user can connect and a local Linux system account is created on the fly, as it should. I am trying to do the same on another box with Samba 3. However, when I connect from a Windows domain member, I get prompted for credentials. If I enter domain\username and my password, I connect and a local Linux system account is created on the fly, and all is good. But 2.2 doesn't prompt, and I don't want to be prompted by 3.0! #/etc/samba/smb.conf [global] workgroup = DOMAIN server string = Samba Server security = DOMAIN passdb backend = tdbsam:/etc/samba/private/passdb.tdb log file = /var/log/samba.%m max log size = 50 add user script = /usr/sbin/useradd -g users %u dns proxy = No wins server = 1.2.3.4, 2.3.4.5 ldap ssl = no idmap uid = 1-20 idmap gid = 1-20 winbind use default domain = Yes netbios name = SERVER password server = * #/etc/nsswitch.conf passwd: compat winbind group: compat winbind hosts: files dns networks: files services: files protocols: files rpc:files ethers: files netmasks: files netgroup: files bootparams: files automount: files aliases:files When Windows makes the initial connection before I get prompted in Windows: #/var/log/samba.clienthostname [2005/03/16 11:37:22, 0] auth/auth_util.c:make_server_info_info3(1120) make_server_info_info3: pdb_init_sam failed! useradd: invalid user name 'USERNAME' useradd: invalid user name 'USERNAME' useradd: invalid user name 'USERNAME' After I enter domain\username in Windows prompt: #/var/log/samba.clienthostname [2005/03/16 15:27:41, 1] smbd/service.c:make_connection_snum(619) clienthostname (1.2.3.4) connect to service sharename initially as user username (uid=1000, gid=100) (pid 1016) It almost seems as if the initial connection by Windows is sending the naked username, without the domain\ in front. Is there a way to tell Winbind to add domain\ in front of naked usernames or something? As you can see above I turned on 'winbind use default domain' but obviously that does not fix the problem. Help? -- Regards, Schlomo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind, pam_mkhomedir.so problem with long usernames
Hi, read the recent thread on vampire, there we discussed the question, if usernames with spaces work on Linux. For example useradd hello world won't work on any Linux system around me here (various SuSE). So maybe you just have bad luck (sorry to tell you, but having usernames with spaces can be only a MS invention) ? Or maybe you can use the username map feature to map Jon Doe to Jon_Doe in Samba ? Or maybe write a patch to do that on a lower level ? Regards, Schlomo On Thu, 17 Mar 2005, Horacio Vico wrote: Hi, I've been succesfully connecting my SuSE Linux (since version 9.0) to my organization's NT domain using Samba's Winbind. The thing is multiple users use my PC, not only myself. Though it was also necessary to setup my pam.d to automatically create their home folders at first logon (using pam_mkhomedir.so). My NT user is something like jdoe but there are some users that have this kind of usernames: John Doe (notice the space between John an Doe). When I log into a terminal with this kind of users the home folder is created successfully and I can log in and work normally. The problem is with KDM, when I try to log in with this users it just does not work, it tries to look for preferences into /home/john instead of /home/john\ doe . That is really annoying because I cannot manuallyassign a home folder for every user that could work on this PC. I am the only user inside this organization that uses Linux on its computer, and if I cannot make this work I'll have to switch to Windows :=( . Please help -- Regards, Schlomo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] vampire question
Hi John, On Mon, 14 Mar 2005, John H Terpstra wrote: On Monday 14 March 2005 14:29, Schlomo Schapiro wrote: Hi, aren't posix account names supposed to be without blanks ? I would be most surprised if a machine account with a blank would work with Samba ! Is this no blank specified in any standards? It seems someone has decided that Linux should no longer permit blanks in user names and/or group names. Just tried on my SuSE 9.0: # useradd hello world useradd: Invalid user name `hello world'. So I assume that usernames with blanks are not a good idea - in the way that most Linux tools don't cope with them, even if maybe the NSS library calls do cope with them. Doesn't Samba also use the platform useradd command to add accounts in most setups ? rpc vampire -S ntserver -U Administrator%stacy182 --- everything seems to run fine however I do get could not create posix account info for 'machine name$' -- Regards, Schlomo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] vampire question
Hi, aren't posix account names supposed to be without blanks ? I would be most surprised if a machine account with a blank would work with Samba ! Schlomo On Mon, 14 Mar 2005, Phil Dawson wrote: Hi Kurt, Don't know if this is any help. We currently have a similar problem on RHAS 3 4. RedHat bug report: https://www.redhat.com/archives/fedora-test-list/2004-November/msg01576.html Phil Kurt A. Brust [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 11/03/2005 18:34 To [EMAIL PROTECTED] cc Subject [Samba] vampire question . when running net rpc vampire -S ntserver -U Administrator%stacy182 --- everything seems to run fine however I do get could not create posix account info for 'machine name$' -- Regards, Schlomo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba3 By Example - Suggested Update (Correction?) And Two Winbind Defects
Hi, probably your problem was caused by SuSE's .local problem. They patched their glibc to do a multicast DNS lookup (AKA Apple ZeroConf) for all .local domains. A fix is supposed to come soon ( I pushed them to make one :-), but if you have support try to ask for it directly. Unfortunateley I am not allowed to distribute this patch myself. Using IP Addresses only of course also serves as a workaround, but with DNS-rooted domains this is a pain in the ass. Regards, Schlomo PS: Look for previous traffic on this list regarding SuSE 9.1 On Wed, 13 Oct 2004, L. Mark Stone wrote: We were trying to build a SuSE 9.1 box in a lab as a Domain Member server in a Windows Active Directory domain where the AD server was running Windows 2000 Server. We found that the instructions in Chapter 9.3.3 were, at least in our case, incomplete. The AD server was managing a private domain, so following the Windows Configure My Server wizard the domain was setup as smelug.local. When we attempted to have the Linux box (running SuSE 9.1 (fully patched) with the Samba 3.0.7 rpm packages from the SuSE ftp site) join the domain, we got an error indicating the Linux box could not find the Kerberos server. After Googling, we saw that others experiencing this problem had as the root cause either a DNS configuration problem or a misconfigured realm in krb5.conf. We checked DNS on the W2K server and on the Linux box, added entries in the Linux and Windows hosts files, and then watched the packets go back and forth with Ethereal between the Windows 2K AD server and the SuSE box, but we still got the error. The two boxes were clearly exchanging packets, so we felt pretty good that we didn't have any DNS configuration errors. Next, we undid all of the above changes, and simply edited the krb5.conf file to include the realm information and the IP:port info for the AD server. The join was successful now. May I therefore suggest that configuring the krb5.conf file be added to Chapter 9.3.3 in S3BE? Separately, we found two winbind errors during testing: First, we found that winbind does not shut down cleanly during a reboot (we used the SuSE runlevel editor in YaST to have smb, nmb and winbind startup automagically during boot up). Winbind leaves /var/run/samba/winbindd.pid in place, which we must remove manually before we can start winbind. Second, even after starting/stopping/restarting winbind manually, wbinfo -u (and -g) do not work at first. We found we needed to run net ads info first, and then wbinfo -whatever would work just fine. Please let me know if you would like me to file bugzilla reports on these errors, or if you would like more detail. We are not programmers so we don't know how to narrow this down further. With best regards, Mark P.S. The lab machines are VMware 4.5.2 guests, running on a SuSE Linux 8.2 host. We can make the virtual machine files available to you if you would like to run these machines locally for testing (assuming you have VMware and a Windows 2000 Server license). -- Regards, Schlomo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] backup posix-acl shares
Hi, while your Q is somewhat OT, here some ideas: * use star or any other ACL awar tar replacement * use a proper backup program, like Arkeia (free for 1 server) * NFS can do ACLs, if properly patched. For example all SuSE systems do that very fine. * backup files and ACLs separately (tar and getfacl/setfacl). * use rsync with the ACL patch (http://lists.samba.org/archive/rsync/2004-May/009466.html) * use Mondo Rescue (www.mondorescue.org), it does ACLs HTH, Schlomo PS: Mounting anything but NFS will give you suboptimal performance, anyway. On Mon, 11 Oct 2004, Collen Blijenberg MLHJ wrote: good day... well just need some good input on how to backup a samba server, and to preserve the posix-acl's.. got 1 pdc and 1 bdc running, but it seems that there isn't a good way to make a backup with acl.. nfs4 doesn't have anny good support for acl's (yet) so i tried to mount a samba share with mount -t smbfs.. no acl's there ?? so please is there a protocol/service that i can use, to backup my servers with posix acl. greetings.. - Collen Blijenberg (Systeem/Netwerk Beheerder) Montessori Lyceum Herman Jordan Zeist -- Regards, Schlomo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SuSE 9.1 Pro
Hi, btw, SuSE support will likely soon release an updated glibc RPM to addresss the .local problem (there you can switch off the MDNS lookups). Schlomo PS: For iptables you could try http://www.fwbuilder.org/ - it is quite nice. On Tue, 5 Oct 2004, rruegner wrote: Chuck Chauvin schrieb: Is anyone aware of any specific problems with SuSE 9.1 Pro in regards to running Samba as a domain controller? I have been trying for a couple of weeks to get it setup but keep running into one roadblock or another. Half of the time I can't see the DC at all unless I disable the SuSE Firewall altogether, other times I am able to see the DC just not connect if I have ports 137, 138, 139 and 445 open. I haven't been able to find much help online or in the various forums that I frequent and was wondering if anyone knew of any specific probelms with SuSE 9.1 that I might not be aware of. Thanks in advance. -- Chuck Chauvin Network Administrator [EMAIL PROTECTED] Hi, the simple answer is dont use suse firewall,( iptables scripts are easy to google ) and study more chapters from Samba Browsing I run many samba server under suse without any special problems what you should now is taht you should not use a .local dns domain on your internal nameserver , which is highly recommend for a private network, in suse 9.1 this dns domains are resolved by multicast for miracle reason, without having the magic to disable it. Regards -- Regards, Schlomo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and Terminal Server
Hi, look at www.codeweavers.com. With their Server version you turn your Linux Terminal Server into one that runs also many Windows programs. Schlomo On Tue, 1 Jun 2004, Adam Tauno WIlliams wrote: Is Samba only a Windows File Server/Domain Controller, or can it act as terminal server for windows clients too? No, you need a M$ OS to be a M$ Terminal server (if you intend to run M$ apps). -- Regards, Schlomo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Help Samba Virtual Servers (Host aliases) configuration problem
Hi, use the include feature together with the %L parameter, like in smb.conf(5): %L the NetBIOS name of the server. This allows you to change your config based on what the client calls you. Your server can have a dual personality. Note that this paramater is not available when Samba listens on port 445, as clients no longer send this information So if you use port 445, then it won't work. You can still try to use another of the many % variables. Another way is to define IP aliases and start several smbd each for a different IP alias. See the following parameters: bind interfaces only interfaces (Note that only one should have 127.0.0.1 and you might have to set that one as the master and the others as security=server and password server=127.0.0.1 so that the many smbd daemons won't step on their respective feet) Schlomo On Tue, 18 May 2004, Romeyn Prescott wrote: I'm replying to this old message just to say that I am trying to do the same thing and it's not working. I have done everything as this person has, and no matter which host a Windows box visits, they see the same shares. Is it not possible to set up netbios aliases which each present separate shares? Thanks, ...ROMeyn At 4:58 PM +0200 7/8/03, Poletto Davide scribbled: Hi, I need to create one or more NetBIOS host alias of my unique SAMBA server version 2.27 which is running on a RedHat Linux 8.0 box acting as a simple file-sharing machine for our WORKGROUP. I need that my clients see three differents host more than the real fileserver; I think the scope of virtual server was based on which virtual host I'll contact I'll see the relative share: so everyone will see FILESERVER share, everyone who conntacts ALIAS1 will see ALIAS1 share (and FILESERVER share due to include mechanism...) and so on. This is part of my actual smb.conf file on /etc/samba directory: [global] workgroup = WORKGROUP netbios name = FILESERVER netbios aliases = ALIAS1 ALIAS2 ALIAS3 include = /etc/samba/smb.conf.%L server string = SAMBA %v on %h [SHARE] comment = FILESERVER share path = /home/share printable = no writable = yes valid users = @filesharing write list = @filesharing ...then I have edited three separate smb.conf.%L (%L substituted with each alias NetBIOS name) under /etc/samba directory: smb.conf.ALIAS1 smb.conf.ALIAS2 smb.conf.ALIAS3 each of theese configuration files has only a share section (No [global] section) with this style: smb.conf.ALIAS1 has [ALIAS1] comment = ALIAS1 share path = /home/share_alias1 printable = no writable = yes valid users = @filesharing write list = @filesharing smb.conf.ALIAS2 has [ALIAS2] comment = ALIAS2 share path = /home/share_alias2 printable = no writable = yes valid users = @filesharing write list = @filesharing and so on for ALIAS3. It doesn't work properly because it seems that the variable %L will not set as it would by the client connect request. Each client inside my workgroup see effectively three different hosts (virual hosts) ALIAS1, ALIAS2 and ALIAS3 plus the real fileserver FILESERVER but if I'll try to connect with ALIAS1 I'll see only the /home/share of SHARE and not this one plus/and ALIAS1 /home/share_alias1 of ALIAS1! The same if I'll trying to connect to ALIAS2 or ALIAS3... It seems that include mechanism doesn't work properly. Could anyone help me setting up this configuration files properly? Davide Poletto -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- Regards, Schlomo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Workaround found, .Xauthority and SMB, Mounting home directory
Hi, AFAIK SMBFS etc. don't support locking, sockets, fifo, ... (oftenly also symlinks). My guess regsarding the xhost thing is still, that the .Xauthority file has trouble. To find out you could attach an strace -ff to the running display manager and look which files it and the subproceccesses try to use. Look especially for the usage of xauth. Regards, Schlomo PS: I don't have so many users, but managing even many shouldn't be so much of a problem. If need to, put it on a separate fileserver and use automount to mount it. On Tue, 27 Apr 2004, Ben Ford - Bio-Logic Aqua Technologies wrote: On Tuesday 27 April 2004 04:09 am, Schlomo wrote: the display manager (GDM, ...) usually stores the XAUTHORITY cookie in the .Xauthority file in the users' home dir. If you mount that on-the-fly, maybe you mount it too late ? So that .Xauthority in the user home dir is not accessible at this stage ? This could be true, good point. But, note this FACT: with the home directory mounted as SMBFS ( ?which doesn't support locking?) you cannot run X with the .Xauthority being written in your home directory. You get the following error: xauth: error in locking authority file /home/ben_ford/.Xauthority I've tested this thoroughly in runlevel 3: **NOTE: In this test, I have eliminated pam_mount and a graphical login.** a) Before the user has logged in, I mounted /home/ben_ford manually. b) After logging in, I can successfully browse my remote home directory. c) issuing a `startx` command results in the locking error: xauth: error in locking authority file /home/ben_ford/.Xauthority Now, if I set the following environment variables my .bash_profile: export XAUTHORITY=/tmp/.Xauthority export ICEAUTHORITY=/tmp/.ICEauthority Logout, and log back in, and re-do the exact test, I can start X fine!!! Similar setup but using NFS does NOT require this workaround. SMBFS doesn't allow locking perhaps? With the xhost +localhost you effectively circumvent X security. Still with the previous workaround in effect, Graphical login does NOT work. When I use the `xhost +localhost` command as noted in my previous email, I can successfully login with GDM. I'm sure that issue the `xhost` command could be done in any place, but the /etc/X11/gdm/PreSession/Default seemed very effective. I had a similar case here (though with Novell servers) and solved it and the KDE / GNOME problem you describe by keeping the homedir local and mounting the server homedir in a subdirectory of the homedir. This way the Linux stuff stays on the Linux side and the personal files and data stays on the server side. I considered this solution at first, but disregarded for some reason. Your fix is a lot cleaner then moving files ( via my changes to /usr/bin/startkde ) outside the home directory. How many clients do you use? Does having the home directory completely local make administering those machines difficult? This was one of our concerns. -- Regards, Schlomo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Workaround found, .Xauthority and SMB, Mounting home directory
Hi, just an idea: the display manager (GDM, ...) usually stores the XAUTHORITY cookie in the .Xauthority file in the users' home dir. If you mount that on-the-fly, maybe you mount it too late ? So that .Xauthority in the user home dir is not accessible at this stage ? With the xhost +localhost you effectively circumvent X security. I had a similar case here (though with Novell servers) and solved it and the KDE / GNOME problem you describe by keeping the homedir local and mounting the server homedir in a subdirectory of the homedir. This way the Linux stuff stays on the Linux side and the personal files and data stays on the server side. Regards, Schlomo PS: BTW. If you use XDM as display manager, you can debug better because it is much simpler than any other display manager. PPS: Tell please, if this helps. On Mon, 26 Apr 2004, Ben Ford - Bio-Logic Aqua Technologies wrote: Hi, Finally got this working!! I have found a potential Workaround to the following error: /etc/X11/gdm/PreSession/Default: Registering your session with wtmp and utmp /etc/X11/gdm/PreSession/Default: running: /usr/bin/X11/sessreg -a -w /var/log/wtmp -u /var/run/utmp -x /var/gdm/:0.Xservers -h -1 :0 test Xlib: connection to :0.0 refused by server Xlib: No protocol specified Some prerequisites: I'm running Fedora Core 1 ( stock install ) with pam_mount mounting my home directory on the PDC. I'm reluctantly using GDM ( not my favorite but it will do ) Last, I'm using KDE, but GNOME works too. First, I followed suggestions from previous posts, and did a little tweaking on my own, which include the following: a) I've added the following to the user's .bash_profile: export XAUTHORITY=/tmp/.Xauthority export ICEAUTHORITY=/tmp/.ICEauthority b) NOTE: gnome doesn't require this step. I did some editing of my /usr/bin/startkde script to move all .kde and .kderc etc... files OUT of the home directory. From what I can tell, limits in the SMBFS are not allowing kde to start successfully. (sockets??) This is a heavy workaround, but works nicely in our environment. If you would like details on this fix let me know. **Despite these changes, the above mentioned error was still appearing.** **Here is what I've done:** 1) add the following to the file: /etc/X11/gdm/PreSession/Default XHOST=`which xhost 2/dev/null` if [ x$XHOST != x ] ; then echo Executing xhost +localhost.. exec $XHOST +localhost fi I think it's important to add this before the following line: SESSREG=`which sessreg 2/dev/null` ... Essentially, I'm executing the following command: xhost +localhost. I used their conventions for running a command, hence the if statement etc... 2) I'm pretty sure you need to restart GDM. 3) now go ahead and log in. It will work perfectly!!! I don't know enough about X to give you a complete explanation for the fix, but using xhost in this fashion allows any user on the host localhost to connect to the X server. Without it, the connection is refused, hence the error you were getting. I would gladly accept any feedback or comments on this fix. I'm also very curious if anybody else tried running a GUI with their home directory mounted via SMBFS or NFS? I've attempted both and found SMBFS to be a adequate. This issue was the last to get over. Now I must go through and refine different aspects -- Regards, Schlomo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Sync UNIX and SMB users
Hi, you can use the pam_smbpass module for that. User's password will be written to the Samba password system when a user logs on. Unfortunately the stock pam_smbpass module will update the password only once (e.g. only when the Samba password is EMPTY). I modified the pam_smbpass module to always update the Samba password, ask me if you need this feature. (NCP is the password source here and I need to keep the Samba password in-sync with it). Schlomo On Mon, 19 Apr 2004, Tim Mektrakarn wrote: Hi, I'm new to Samba so I apologize if this topic has been covered in the past. I want to sync my UNIX users from /etc/shadow to my Samba users in /etc/samba/smbpasswd How can I do this automatically? Thanks! Tim Mektrakarn Systems Engineer Loud Packet, Inc. 27455 Tierra Alta Way, Suite A Temecula, CA 92590 Mobile: 909.757.5129 Office: 714.263.9090 Fax: 714.263.9001 Email: [EMAIL PROTECTED] Website: www.loudpacket.com *** http://www.VoIP-Forums.com *** *** http://www.SIP-Forums.com *** -- Regards, Schlomo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] LDAP Q: What for use Containers
Hi, I am planning a Samba3+LDAP installation and was wondering about the use of putting users into different containers on the LDAP server (similar to what people do on NDS/eDirectory). Is it possible to then assign rights, options, ... to the containers and have the users inherit these rights ? I observed that e.g. SuSE Enterprise server and other SuSE products put all users in the same context, thereby using the LDAP only as a better flat-file storage. Having worked a lot in a Novell environment I of course got used to the convenience of assigning rights to containers. Is there currently any support for this in Samba ? Is there something planned to facilitate this feature ? I guess it will also have to go with the host file system ... Any input appreciated, Schlomo -- Regards, Schlomo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LDAP Q: What for use Containers
Hi, well, on NDS and Netware you could give file system access rights to a container and then all users in that container would inherit these rights. BTW, Windows and AD also cannot do this. Basically it is a way to not use groups but assign information to objects based on their position in the LDAP tree. I can imagine many more uses, e.g. default servers, logon servers, share access rights, ... The point is, is there any use of the hierarchical structure of the LDAP directory for Samba ? Or does Samba use the LDAP dir only like flat file or SQL DB ? AFAIK there is not yet much or maybe any support for such settings, but I want to discuss why not and wether others find it a useful thing to have. Regards, Schlomo On Tue, 20 Apr 2004, Paul Gienger wrote: Schlomo Schapiro wrote: Hi, I am planning a Samba3+LDAP installation and was wondering about the use of putting users into different containers on the LDAP server (similar to what people do on NDS/eDirectory). Is it possible to then assign rights, options, ... to the containers and have the users inherit these rights ? What type of 'rights, options,...' are you looking for here? Perhaps you are looking for a feature that could be given via groups, but more specifics are necessary. Having worked a lot in a Novell environment I of course got used to the convenience of assigning rights to containers. Is there currently any support for this in Samba ? Is there something planned to facilitate this feature ? I guess it will also have to go with the host file system ... Any input appreciated, Schlomo -- Regards, Schlomo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Data Migration NT - Linux
Hi, do you use rsync on Windows and sync between the disk and a samba share or do you run an rsync server and use rsync in client-server mode ? Another option would be to use another syncing tool, like http://www.cis.upenn.edu/~bcpierce/unison/ or http://www.fileware.com/products.htm#CmdSync Maybe better even just turn off the old PDC and put the HDs into the linux box (or did you span one partition over multiple disks ?) and then copy locally under Linux - Your Terabyte will be copied in a few hours. Schlomo On Mon, 29 Mar 2004 [EMAIL PROTECTED] wrote: Quoting Michael Gasch [EMAIL PROTECTED]: hi after successfully migrating users and groups from NT to Samba v3 i'm looking for a way to transfer some 1TB data from our old NT PDC to the newer one - Samba just copying the data doesn't work, because we have to ensure data consictency (and we can't switch the NT PDC off on a weekend to copy it, because it would take too long [some old MAC shares included and the PDC just has a 100MBit interface] ) our thought was: rsyncing it slightly over some weeks and then, on one weekend, take the NT PDC from the net and copy the last modified data (apromimately 100GB) - so we could be in time but i red about some problems running rsync between different operating systems, so i want to ask, which way you prefered (and walked) ?!?! permissions and so on don't matter, we need just raw files thx in advance greez I just wanted to confirm the strange issues when using rsync to copy files over samba between different operating systems. I was the author of that post, and I think I posted it three times here. Unfortunately I never got any useful replies, and as of now, I have found I can't rely on it. I am not sure if the problem is in samba, rsync, or a combination of both, or maybe something on the windows machine. If you have some time to try checking into this, please let me know, I'm very anxious to figure out what's going on here. I still have my notes if you want those. -- Regards, Schlomo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Newbie samba3/smbldap-tools questions...
Hi, try lam.sourceforge.net Schlomo On Tue, 30 Mar 2004, Per olof Ljungmark wrote: Hi all, I have set up a test configuration with Samba 3.0.2a and ldapsam/nss on FreeBSD 5.2.1, one PDC and two BDC's on different subnets. Most is now humming along quite well and I need to get a grip on the administrative side of it. - Is it possible to use the NT4 usrmgr.exe to administer accounts? Have people used to nothing but Windows who needs to add/delete users. I have tried but never got it working properly, lots of rpc errors. smb.conf is set up to point to the scripts and it works fine from a unix terminal. - Are there other better (graphical) tools (usable under windows) one can use for this task? Thanks for your input here, Per olof -- Regards, Schlomo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba