[Samba] Winbind: disable UDP/137 broadcasts
I have a samba winbind server which is operating properly. I have the
firewall configured to DROP outbound traffic on UDP/137 and 139. The broadcast
traffic on these ports will not reach any pertinent machines due to subnetting,
and is unwanted traffic.
The server is working without this traffic hitting the network.
However, Winbindd is constantly trying to broadcast and logging that it can't.
I have "disable netbios = yes" in my smb.conf file. How do I stop winbind from
sending traffic to the broadcast address?
--
Tom Noonan II
ESTL Technician - Randstad
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
[Samba] Windows 7 attempting to access Samba over port 80
Good Morning: I'm running a domain-joined Samba 3.6 server. For the majority of users it is working as expected; they can log in without issue using their domain credentials and AD group ACLs are working. However, I have one Windows 7 user who is complaining he can't log in. When I looked on the server I see no logs for his machine. I did a initial traffic sniff and I see his machine is pinging the Samba server on port 80. I want to clearly state I don't think this is a samba problem. The overall majority of users are not complaining about this server. Based on the information I have today, Samba doesn't even come into play as the Win7 box pings the wrong port. I do still need to verify that the client is starting initially on port 80, and not trying 445, failing, caching the failure, and then falling back to 80 on subsequent attempts. So, I want to pose the following question to the list: has anyone seen this? I shoulder surfed and I don't believe it to be user error at this time. I have a sit-down with the user tomorrow to try and resolve this. However, I currently believe this is a client side issue and I don't know what to check client side. (I'm a Linux admin, not Windows) Can any of the Windows guys on this list advise? Thanks! -- Tom Noonan II ESTL Technician - Randstad -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] User's home folders
> - insert in /etc/fstab two line to mount the /user_data and /usersHomes? This is the method I prefer. Simply mount the disks on boot as you do with any other filesystem. If I'm understanding the question properly, samba and logins don't even come into play. This is just an issue of preparing the filesystems on boot. Unless these disks are some form of removable media, I don't see any reason to use autofs here. -- Tom Noonan II ESL Technician - Randstad On Wed, 2 May 2012 15:33:11 + zingalo wrote: > Thanks! > i have a second question. sorry if i didn't write before. > My server has samba, smbldap-tools and ldap installed. > On the server i have a public directory /user_data with some documents > available to everyone of domain and the directory i told you > "/usersHomes" where i'll make every directory for every user. (ex: > /usersHomes/username). /user_data doesn't need authentication but a user > can enter in his home directory only. > > I don't understand how these directory will be mount from the clients > after the user login. > What are the possibility? > - insert in /etc/fstab two line to mount the /user_data and /usersHomes? > - or autofs? > > Thanks again > > > On 05/02/2012 05:02 PM, Aaron E. wrote: > > No Problem You'll just need the proper filesystem iee ext3, ext4 on > > the partition your home folders will be on.. > > > > On 05/02/2012 10:52 AM, zingalo wrote: > >> Hi, > >> > >> i have a debian server with 2 hd, sda and sdb. > >> Debian is installed in sda1. > >> I'll create an home folder for every user. He will login into this from > >> the clients. Could be a problem creating and using on sdb where there is > >> not the operating system? > >> > >> Thanks > > > > > -- Tom Noonan II ESL Technician - Randstad -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Upgrade of IDMAP_VERSION from -1 to 2 is not possible with incomplete configuration
I saw this on CentOS 6 with winbind, not LikewiseOpen. The problem is that it expects configuration options to be present that are flagged as having (sane) defaults in the smb.conf man page. Once I added the following options for winbind to my smb.conf this problem went away: idmap backend idmap uid idmap gid I believe it was "idmap backend," but I didn't verify that. -- Tom Noonan II ESL Technician - Randstad On Fri, 16 Mar 2012 08:37:48 + Gregory Machin wrote: > Hi > > I'm running CentOS 6.2 with samba-3.5.10-114 , and LikewiseOpen 6.1 . > > How do I fix these errors ? > > Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: [2012/03/16 > 20:25:43.639871, 0] winbindd/idmap_tdb.c:287(idmap_tdb_open_db) > Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: Upgrade of IDMAP_VERSION > from -1 to 2 is not possible with incomplete configuration > Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: [2012/03/16 > 20:25:43.654353, 0] winbindd/idmap_tdb.c:287(idmap_tdb_open_db) > Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: Upgrade of IDMAP_VERSION > from -1 to 2 is not possible with incomplete configuration > Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: [2012/03/16 > 20:25:43.655811, 0] winbindd/idmap_tdb.c:287(idmap_tdb_open_db) > Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: Upgrade of IDMAP_VERSION > from -1 to 2 is not possible with incomplete configuration > Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: [2012/03/16 > 20:25:43.674267, 0] winbindd/idmap_tdb.c:287(idmap_tdb_open_db) > Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: Upgrade of IDMAP_VERSION > from -1 to 2 is not possible with incomplete configuration > Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: [2012/03/16 > 20:25:43.675524, 0] winbindd/idmap_tdb.c:287(idmap_tdb_open_db) > Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: Upgrade of IDMAP_VERSION > from -1 to 2 is not possible with incomplete configuration > Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: [2012/03/16 > 20:25:43.693888, 0] winbindd/idmap_tdb.c:287(idmap_tdb_open_db) > Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: Upgrade of IDMAP_VERSION > from -1 to 2 is not possible with incomplete configuration > Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: [2012/03/16 > 20:25:43.695097, 0] winbindd/idmap_tdb.c:287(idmap_tdb_open_db) > > Thanks > > Greg -- Tom Noonan II ESL Technician - Randstad -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Local group auth not working for domain members with SECURITY=ADS
I have a Samba 3.5.10 (Cent 6) server succesfully joined to the
domain. Domain logins and domain group control are working. I have a share
configured with "valid users = +unixgroup" that my domain user cannot access
but my local unix user can. The only group related error message is coming
from string_to_sid(), which I am confident is a red-herring.
My goal in this experiment is to try and get NSS based group access
working, so that I can expand to non-AD group lists. I have a rather
convoluted auth backend that I'm trying to glue Samba onto, and I don't control
the AD servers. I have tried "net sam mapunixgroup unixgroup" but that did not
change the result. I did not try adding users to the group via "net sam" as
that is not a workable solution for my end goal.
My question at this time is if this is behavior is expected. Will
Samba check the NSS groups for domain members? Also, I see samba calls
getgrouplist() samba3/lib/from system_smbd.c. Is this code executed for
domain member lookups?
Thanks in advance.
--
Tom Noonan II
ESL Technician - Randstad
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
[Samba] LDAP auth without LDAP Schema
I am working on configuring Samba 3.5.10 to use a common login framework, and I am still in the research phase. I have access to a LDAP server which I do not control. In researching this server I have found that is contains NT login fields, which I'm currently assuming contains a NT password hash, but not the Samba schemas. In my readings of the smb.conf man page I have not found options to map usernames, passwords, groups, and such to user specified LDAP search strings. Can Samba be custom configured to a non-Samba-standard LDAP schema? Thanks in advance. -- Tom Noonan II ESL Technician - Randstad -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
