Re: [Samba] Corrent security mode settings to allow mess-windows XP behave!
Robert Heller wrote: At Tue, 6 Apr 2010 14:35:19 -0700 Jeremy Allison j...@samba.org wrote: Setting it to 'user' causes mess-windows to ask for a username and password to access the *anoymous* (guest ok = yes) printers and share! I don't use this type of share so I can't be exact, but I think if you Google 'samba map to guest' you'll find what you need... (or look it up in the docs). -- Steve Rippl Technology Director Woodland Public Schools 360 225 9451 x326 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to access shares via HTTP (apache2)
Daniel Müller wrote: Why do you need to access your shares via HTTP???!! THe only thing this might be usefull is from outside your lan over internet?! If you plan this, there ist the linux opensource solution OPENVPN!! With this mighty software you work with your shares and outlook from outside as if you were in your bureau. Take a look at it and give it a try! Daniel With all due respect (really!), why do you ask a question like that? Different people have different requirements. In my case I have 2000 secondary school students that I give access to their home folders from home so that they don't have to do everything via usb sticks. Should I manage 2000 certificates for this and complicate things for the students, or should I use a simple web based solution that can run from any browser on any machine? OpenVPN is great, I use it for my access to the network from outside, but it isn't the answer to everything! -- Steve Rippl Technology Director Woodland Public Schools 360 225 9451 x326 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to access shares via HTTP (apache2)
Martin Balint wrote: Hello, I configured samba fileserver as a member of samba domain. PDC and fileserver are different machines. It works great using windows sharing. Now, I need to set up apache to serve my shares, but I am having problem with permissions. Apache runs as www-user, and doesn't see content in shares. So I would like to ask, what is the proper way to use apache (or another http server) to serve files on file server. Using Ubuntu 9.10 and Samba 3.4.0-3ubuntu5.1. See thread just a few days back... smbwebclient is a simple PHP script that will run under apache to give web based access to file shares (via smbclient, permissions work flawlessly), Davenport is a Java based WebDAV server if you want the full WebDav thing (I could never get that to work but apparently others have)! -- Steve Rippl Technology Director Woodland Public Schools 360 225 9451 x326 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] web client for samba
jcflores wrote: Is there any way to access to samba server via web, I mean that the users windows can access to samba server via web. smbwebclient - works really nicely! http://freshmeat.net/projects/smbwebclient/ Drop the script in somewhere that the web server will run it. Install smbclient on the web server. At the top of the script you'll see where you have to point it at your file server. There are 2 other changes you'll need to make to get it to run... For smbclient = 3.2 Within smbwebclient.php need to change $cmdline = $this-cfgSmbClient.' '.$smbcmd.' '.$options.' -N '; to $cmdline = $this-cfgSmbClient.' '.$smbcmd.' '.$options; as the -N option now does something different!! ...and $cmdline .= ($dumpFile) ? '2/dev/null' : '21'; to $cmdline .= ($dumpFile) ? ' 2/dev/null' : ' 21'; -- Steve Rippl Technology Director Woodland Public Schools 360 225 9451 x326 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Status Davenport webdav gateway?
On Tue, 2009-11-03 at 10:34 +0200, Paul te Bokkel wrote: Any alternatives? :D We use smbwebclient.php (sourceforge project, http://sourceforge.net/projects/smbwebclient/ ), very simple and it works very well. For smbclient = 3.2 we had to make a couple of small changes as the options for smbclient seemed to change (and they hadn't updated smbwebclient last time I checked) --- Within smbwebclient.php need to change (line 1445) $cmdline = $this-cfgSmbClient.' '.$smbcmd.' '.$options.' -N '; to $cmdline = $this-cfgSmbClient.' '.$smbcmd.' '.$options; as the -N option now does something different!! and (line 1451) $cmdline .= ($dumpFile) ? '2/dev/null' : '21'; to $cmdline .= ($dumpFile) ? ' 2/dev/null' : ' 21'; -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] nss_winbind / offline logon
On Fri, 2009-10-16 at 14:37 +0300, Petteri Heinonen wrote: Hello list users, I have been struggling to make my AD integrated Debian Lenny box to work fluently also when network connectivity is down. What I would like to achieve: 1) When no network available, local user should still work normally 2) If possible, AD located users should still be able to login if they have previously logged in successfully (cached login) Number 2 is more like optional, but number 1 would be very much needed. However, it seems that winbind somehow blocks login process for local accounts too if it is not able to get network connection to AD during system boot. These are the relevant lines in my nsswitch.conf: passwd: files winbind group: files winbind shadow: files I think this does what you want allowing local account to still function... passwd: compat [!NOTFOUND=return] winbind group: compat winbind shadow: compat -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] smbd processes loaded onto one core
Hi, We're running 3.0.31 (yes, I know that's old!) on a dual core processor, our kernel has SMB support and the dual core processor is recognized correctly, yet all (300+) smbd process seem to be hitting the same core! Is this our OS, the version of samba, something else? Any pointers would be much appreciated! Thanks, Steve -- Steve Rippl Technology Director Woodland Public Schools 360 225 9451 x326 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] authenticate Linux users to AD on Windows 2003R2
Well, not exactly Samba related... but we have a file server that runs Samba for Windows clients and NFS for the Linux ones on the same folders. Both authenticate against AD (we're running 2003 with SFU 3.5, not R2). We have uid/gid/home folder info in AD. Linux machines mount the file share /home from the files server for all home folders (fstab on the local machine) and then we use ldap in nsswitch to get the correct path to the users home folder, which is then there for them and they have access to once they've logged in. _GOT_ to make sure your uid/gid info in AD matches the uid/gid info on the nfs share, we use wbinfo and idmap=rid in smb.conf to script consistent uid/gids for our folders (Perl is your friend!) We use ldap in nsswitch because we have a non-samba layout for our home folders, ie. it's not /home/yourdomain/username, but if you can have that setup then you can simplify things a bit by using winbind in nsswitch and you get the standard path for your home folder. As I said, just make sure you've already mounted the /home on the client through fstab. There are pretty good tutorials out there on most parts of this for Debian/Ubuntu if you Google it (probably other Distros too, I'm just biased!). Of course I'm running a Linux File server, you'll need to use Server 2003 R2's nfs abilities which I've never tried, but it claims to be able to do it. Or you could move your file server over to Linux/Samba/nfs!! Let me know how it works out! I can give you more specific details if you want, but probably best off list I would think as it's not exactly Samba... Steve James D. Parra wrote: Hello, I have enough details on how to have Linux users authenticate to a 2003r2 AD, but I need help getting their home dir's to automatically mount to a windows share. Any details would be greatly appreciated. Many thanks, James -- Steve Rippl Technology Director Woodland School District 360 225 9451 x326 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Hostname or alias question
disable netbios = yes I'm no expert on this, but just checking on the obvious... did you take this out of your smb.conf when you tried the netbios alias? -- Steve Rippl Technology Director Woodland School District 360 225 9451 x326 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Hostname or alias question
There's a global 'netbios aliases' parameter in smb.conf. Take a look at man smb.conf, might be what you need... Avron Gray wrote: Rephrasing my original question... I have a Red Hat host: Hostname - snswiki.domain.com I have samba 3.3.3 installed using ADS for authentication How can I make this host be available to Windows users as a different hostname? Actual hostname \\snswiki\docs AND Also Known As Alias hostname\\webservice\cocs Any suggestions that you can provide, would be great. This is similar to a question that I asked in January, but still do not have a solution. Prior to upgrade, a DNS alias provided this functionality. The security model does not seem to support it, but that does not change it's requirement. Just looking for ideas, folks... Here's my smb.conf: [global] realm= DOMAIN.COM security = ADS workgroup= DOMAIN encrypt passwords= yes server string= %h Samba %v smb ports= 445 disable netbios = yes name resolve order = host idmap uid= 1-2 idmap gid= 1-2 log file = /var/log/samba/samba_log.%m log level= 2 include = /usr/local/samba/lib/smb.conf.%h - Avron -- Steve Rippl Technology Director Woodland School District 360 225 9451 x326 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to delte a printer
[from our internal documentation...] 1. Remove the printer via the web interface in CUPS: 1. Manage Printers I. Delete Printer 2. Stop the CUPS daemon with /etc/init.d/cupsys stop (if debian) 3. Run the rpcclient command to manually reverse the integration process performed by cupsaddsmb 1. rpcclient localhost -U username -c ‘deldriverex printername’ Windows NT x86 2. If you wish to disassociate the driver for all architectures, and you do, then specifying the architecture via the Windows NT x86 statement is not necessary. 4. Start the CUPS daemon with /etc/init.d/cupsys start 5. Delete the PPD file created by cupsaddsmb for the printer you have removed from the [print$] share folder to avoid accumulation. On Fri, 2008-11-14 at 11:50 +0100, Marc Muehlfeld wrote: Hello, how can I delete a printer and it's driver completely out of samba? 1. Removing the entry out of smb.conf and reload samba. 2. Remove the driver over the windows serversettings dialog. But then there is a printing/printer-name.tdb left in the lock directory. Can I just delete this file? And how can I remove the corresponding entries out of ntprinters.tdb. And is there anything more to do? Regards Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Closing sessions and smbstatus
Hi, When are client sessions closed? Let me explain what I'm trying to do... we're in a School district and we try to stop kids logging more than once. They way I did this before was to dump the active sessions from our previous Server2003 fileserver into a file once a minute and process it with a Perl script to check who was connected from where, rebooting machines remotely as needed! This work well enough with the odd 'hung' session causing minor problems. So now I'm trying to do the same thing with our new Samba (3.0.31) fileserver using the output from smbstatus. However, in many cases sessions are still in there long after the user has logged out of the machine. I'm even seeing two sessions for different people on the same machine with the same pid number! How is this working? Why are not all sessions ending when the user logs off? Am I going to be able to use this for what I'm trying to do?!! The fileserver itself is working great, we have over 2000 users happily using it with less problems than we had on the Windows box. I really appreciate all the work the Samba team does! Many thanks, Steve Rippl Woodland School District -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Closing sessions and smbstatus
On Mon, 2008-10-20 at 21:10 +0200, Vlastimil Šetka wrote: Hi, When are client sessions closed? Let me explain what I'm trying to do... we're in a School district and we try to stop kids logging more than once. They way I did this before was to dump the active sessions from our previous Server2003 fileserver into a file once a minute and process it with a Perl script to check who was connected from where, rebooting machines remotely as needed! This work well enough with the odd 'hung' session causing minor problems. I'm in exactly the same situation. The school, PDC for ~100 computers, hundreds of users. We need to track the logon / logoff. I can't find any usable tools so I made my own system. I found that most reliable is the smbstatus output. Windows do strange thinks with connections during domain logons so use of preexec script is complicated. By the Perl script I run smbstatus every 5 seconds, scan the changes from previous run and write it to the MySQL DB. That's all woks fine. So now I'm trying to do the same thing with our new Samba (3.0.31) fileserver using the output from smbstatus. However, in many cases sessions are still in there long after the user has logged out of the machine. I'm even seeing two sessions for different people on the same machine with the same pid number! How is this working? Why are not all sessions ending when the user logs off? Am I going to be able to use this for what I'm trying to do?!! I have some problems with this too. See this thread: [Samba] smbstatus - switched off computers are sometimes showed http://lists.samba.org/archive/samba/2008-September/143701.html Now I get some new experience with it. The main problem is that samba sometimes doesn't update the sessionid.tdb file when the process exits. This records is not showed in smbstatus output, because smbstatus checks if the PID exists. I patched the smbstatus so it showed me that there is the records with no related PID. Then, maybe after 1 day or so, this PID is used for other proccess and I can see the ghost logon in my tracking system (and in most cases logoff at next run - after 5 seconds). On the list is now the thread [Samba] processes not closing where is described some self-repair function related do sessionid.tdf file. The samba process when writing to this file should check all records and delete it if the PID doesn't exist. It will be nice but In my situation it doesn't work. Maybe it's because of Samba version (3.0.24, official Debian Etch package). But checking our server I find that the processes DO still exist! So I'm getting a user session in smbstatus with a specific PID and when I ps -ef | grep PID there is the smbd process still running, yet the user has long since logged out (days ago)?! It's not just that the .tbd file hasn't been updated, it's that the /usr/local/bin/smbd process is still running. A restart of Samba clears them all up immediately, but why are they hanging around when the client is gone? Is this just happening to me on our particular setup or is this normal behavior? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] files disappearing from Samba server
Sorry if I'm pointing out something obvious that you've already checked, but are you sure it isn't a problem with the client machines failing to map the drive? I think if the home drive fails to map a windows client (XP at least, that's what we use here) defaults to using the local drive for the home directory without reporting anything. We get students saving things and complaining that the files aren't there (on the file server) when they're actually on the last machine they sat at! Steve Rippl Woodland School District On Thu, 2008-10-02 at 07:56 -0400, Robert Wickberg wrote: The files that are reported missing are missing if I log in an look via a shell, too. On Thu, Oct 2, 2008 at 2:24 AM, Helmut Hullen [EMAIL PROTECTED] wrote: Hallo, Robert, Du (rwickberg) meintest am 01.10.08: I'm the tech coordinator for a high school. Last year, we had a file server kids could save work to that was a generic Celeron 800 PC with an IDE hard drive. It ran Debian Sarge, with whatever version of Samba ships with that. It was down to a couple of gig of free disk space by the end of the year, so this year I took an old Compaq Proliant server (ML360 or something like that) with a three drive RAID 5 SCSI array and installed Debian Etch on that with whatever version of Samba is shipped with that. School's been in session a month now, and I've had dozens of kids come up to me and claim that they've written files to their mapped shares (P: maps to their home directory when they log onto a Windows machine), and the files have disappeared. Strange. I run a schoolserver (http://arktur.de) on many machines, in many schools without these problems. The servers use slackware - that's the only difference to your configuration; Samba has versions from 3.0.22 to 3.2.3 (that differs from school to school), there are at least two schools which run a Compaq Proliant. Clients: from Windows 9x to Windows XP. No such problems. Can you see the files under Linux on the server? Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] write only permissions
On Mon, 2008-09-15 at 15:40 -0700, Jeremy Allison wrote: On Mon, Sep 15, 2008 at 01:57:55PM -0700, Steve Rippl wrote: Hi, We've just put in a Samba fileserver to replace our windows box for our School District and it seems to be working great. I have a question about defining some specific permissions though. We set up 'Drop boxes' for teachers that kids can drag files into, but they don't have read permission so they can't read each others submitted work. Here's what is looks like on the fileserver [EMAIL PROTECTED]:/srv/materials/WHS/VanCleek# getfacl Drop_Box/ # file: Drop_Box # owner: admin # group: domain\040admins user::rwx user:vancleek:rwx group::rwx group:whs\040student:-wx mask::rwx other::--- default:user::rwx default:user:vancleek:rwx default:group::rwx default:group:whs\040student:-wx default:mask::rwx default:other::--- and the view through windows security tab shows Traverse folder/Create Files/Write Attributes/Write Extended Attributes/Read permissions. Needless to say this doesn't seem to work! The student account (in the right group) is not allowed to drop a file into that folder. If I add g:wsd\\whs\ Student:rwx then the student can do anything sucessfully, with -wx nothing?!! Can anyone help? Ok, the problem is that students need to be able to read the containing directory in order to be able to drag and drop new files there. The reason is that Samba needs to be able to scan the directory on their behalf in order to do case insensitive lookups. But so long as you don't mind allowing the students to see the names of each others files, you can set up a DropBox so that students can write into it (and their own files) but not edit or see others files. Firstly, you want to make sure that files created in the DropBox directory are not owned by the student's primary group, but by the group owner of the DropBox direcotry. So : chgrp teachers DropBox to make it owned by the teachers group. Then set the setgid bit on the DropBox directory to make sure that files created within there have an owning group of teachers. chmod g+s DropBox Then ensure that a file in DropBox can be renamed or deleted by only the owner of the file, or by the owner of the directory, or by root (same permissions that /tmp has). chmod +t DropBox Then allow students to write into the directory by adding an ACL setfacl -m g:students:rwx DropBox So long as the defaul acl is set so that others have no permissions, files written by a student into that directory will be owned by themselves but will have an owning group of teachers, and students will not be able to read each others files. If you need to be cause the files to be owned by the owner of the directory, not by the students who created them you need to set up a separate share as described above, but then add the share level parameter : inherit owner = yes which will cause files created within the directories in that share to be owned by the containing directory, not the creating owner. Hope this helps, Jeremy. Works like a charm! Many thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] write only permissions
Hi, We've just put in a Samba fileserver to replace our windows box for our School District and it seems to be working great. I have a question about defining some specific permissions though. We set up 'Drop boxes' for teachers that kids can drag files into, but they don't have read permission so they can't read each others submitted work. Here's what is looks like on the fileserver [EMAIL PROTECTED]:/srv/materials/WHS/VanCleek# getfacl Drop_Box/ # file: Drop_Box # owner: admin # group: domain\040admins user::rwx user:vancleek:rwx group::rwx group:whs\040student:-wx mask::rwx other::--- default:user::rwx default:user:vancleek:rwx default:group::rwx default:group:whs\040student:-wx default:mask::rwx default:other::--- and the view through windows security tab shows Traverse folder/Create Files/Write Attributes/Write Extended Attributes/Read permissions. Needless to say this doesn't seem to work! The student account (in the right group) is not allowed to drop a file into that folder. If I add g:wsd\\whs\ Student:rwx then the student can do anything sucessfully, with -wx nothing?!! Can anyone help? Many thanks, Steve Rippl Technology Director Woodland School District -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind/idmap/AD problem?
Thanks David, yes I have tried all these and nothing seems to be working! Here's where I'm at... libnss-ldap is working with my AD server, with just 'files ldap' in nsswitch.conf a getent passwd returns local users and users from AD, but they seem to be treated as local, ie they are 'admin' rather than 'wsd\admin'. So, on a windows client I go to my test share as a domain user, in the log I see that it picks up the uid/gid from AD, but in the security tab the user is 'Unix User \2009test' NOT 'wsd\2009test'. If I try to add a user through this tab they are wsd\username, and then I get [2008/07/23 09:30:45, 0] smbd/posix_acls.c:create_canon_ace_lists(1438) create_canon_ace_lists: unable to map SID S-1-5-21-3668144929-636610183-3299198910-1120 to uid or gid. in the log file when I hit apply. I'm also still getting [2008/07/23 09:30:45, 1] nsswitch/idmap_ad.c:idmap_ad_unixids_to_sids(294) ADS uninitialized in log.winbindd-idmap. If I add winbind to the list in nsswitch it makes no difference, if I have just 'file winbind' nothing works! This is all with idmap backend = ad, if I set it to tdb winbind does work correctly. What do I have to do to configure idmap backend = ad correctly I've now complied 3.0.31 with --with-shared-modules=idmap_ad, I've tried winbind nss info = sfu and leaving it out. Some people said use rfc2307 even though they claimed to be using SFU not R2, tried that and it didn't make any difference (I'm using SFU 3.5). David's references seem to be using ldap to store idmap info rather than getting uid/gid info from ad. Has someone out there got this working? The Samba-3 Howto for this says to just use 'files ldap' in nsswitch, but to reiterate, if I do that I'm not getting connected users recognised as domain user?!! Have you tried to add winbind at the file nsswitch.conf for the fields passwd, group and shadow? So, if you have SFU at your DC, you don't need winbind to authenticate users, you can configure the system for a LDAP binding. Read the PDFs of this web, the last 2 are very interesting for your problem: http://www.interopsystems.com/learning.htm They work with 2003 R2 and Fedora, but it's the same, because R2 version has the SFU integrated. And by the way, a time ago I tried to make a LDAP binding with an Ubuntu 7.10, but it didn't work. May be with Hardy it's different. Luck! David Molina On Fri, 2008-07-18 at 11:11 -0700, Steve Rippl wrote: Hi, I'm running 3.0.28a on Ubuntu 8.04 (their package). I've got security = ads and idmap backend = ad (smb.conf is posted below). I'm using libnss-ldap and have ldap in nsswitch.conf (also posted below) and ldap connected to the AD server. I have the drive mounted using acl and xattr_user options in fstab (acl is installed). I can connect to the share, I see in the logs that it's picking up the uid and gid from SFU in AD, however, when I go into the explorer security tab (on the client) and try to add a user it fails. I don't get an error message within windows (the user adding another user is the owner of the file/folder), the user just disappears from the list as it refreshes! On the server I'm seeing a lot of this in log.winbindd-idmap [2008/07/18 09:32:59, 1] nsswitch/idmap_ad.c:idmap_ad_unixids_to_sids(294) ADS uninitialized Now I don't know if this is related, but if I wbinfo -n wsd\\rippls I get a long SID number, if I do wbinfo -s [same SID number] I get wsd \rippls. However, if I do wbinfo -U [uid for same user] I get a different SID from before! I'm trying very hard this summer to make this work so I can retire our MS file server, so any help would be appreciated. I tried this initially in Etch, but I that version wasn't handling the connection to AD for nss and winbind very well at all, hence I'm trying in Ubuntu. Thanks! smb.conf= [global] workgroup = WSD realm = woodland.wednet.edu server string = %h server log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d security = ads encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes invalid users = root socket options = TCP_NODELAY idmap backend = ad winbind nss info = sfu winbind nested groups = yes winbind use default domain = yes [Student] path = /srv/Student read only = no store dos attributes = yes nt acl support = yes map acl inherit = yes inherit acls = yes acl map full control = yes dos filemode = yes =nsswitch.conf= passwd: files ldap group: files ldap shadow: files ldap hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 networks: files protocols: db files services: db files ethers: db files rpc
[Samba] winbind/idmap/AD problem?
Hi, I'm running 3.0.28a on Ubuntu 8.04 (their package). I've got security = ads and idmap backend = ad (smb.conf is posted below). I'm using libnss-ldap and have ldap in nsswitch.conf (also posted below) and ldap connected to the AD server. I have the drive mounted using acl and xattr_user options in fstab (acl is installed). I can connect to the share, I see in the logs that it's picking up the uid and gid from SFU in AD, however, when I go into the explorer security tab (on the client) and try to add a user it fails. I don't get an error message within windows (the user adding another user is the owner of the file/folder), the user just disappears from the list as it refreshes! On the server I'm seeing a lot of this in log.winbindd-idmap [2008/07/18 09:32:59, 1] nsswitch/idmap_ad.c:idmap_ad_unixids_to_sids(294) ADS uninitialized Now I don't know if this is related, but if I wbinfo -n wsd\\rippls I get a long SID number, if I do wbinfo -s [same SID number] I get wsd \rippls. However, if I do wbinfo -U [uid for same user] I get a different SID from before! I'm trying very hard this summer to make this work so I can retire our MS file server, so any help would be appreciated. I tried this initially in Etch, but I that version wasn't handling the connection to AD for nss and winbind very well at all, hence I'm trying in Ubuntu. Thanks! smb.conf= [global] workgroup = WSD realm = woodland.wednet.edu server string = %h server log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d security = ads encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes invalid users = root socket options = TCP_NODELAY idmap backend = ad winbind nss info = sfu winbind nested groups = yes winbind use default domain = yes [Student] path = /srv/Student read only = no store dos attributes = yes nt acl support = yes map acl inherit = yes inherit acls = yes acl map full control = yes dos filemode = yes =nsswitch.conf= passwd: files ldap group: files ldap shadow: files ldap hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 networks: files protocols: db files services: db files ethers: db files rpc:db files netgroup: nis -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba