Re: [Samba] wbinfo -u Don't show users from trusted(ing) domain on domain member server
Of course. I can view own samba domain users. Wed, 16 Mar 2011 08:58:48 -0700 письмо от Bob Miller : > Hi, > Did you join your DMS to the domain? > > > > On Wed, 2011-03-16 at 12:35 +0300, Wasil wrote: > > Hi, All! > > > > I Have Samba (3.5.6) domain witch have trust relations with ADS (Named TEST) > Win2008 (2008 domain mode) > > On PDC all working very good. > > I have also Domain Member server in my samba Domain. > > When i trying type wbinfo -u, or getent passwd on samba PDC (Named BINKLG) > I see all, including ADS users. > > When I trying do it on Domain Member Server I don't see users from ADS > > Is it possible to view thats users (from trusted domain) on DMS (not BDC)? > > > > Samba 3.5.6 > > > > after typing wbinfo -u: > > > > suspicious strings in log files > > > > loglevel 10: > > log.wb-TEST > > [2011/03/16 10:55:56.466417, 10] > winbindd/winbindd_util.c:1337(winbindd_can_contact_domain) > > winbindd_can_contact_domain: TEST is an AD domain and we have no inbound > trust. > > [2011/03/16 10:55:56.466470, 10] winbindd/winbindd_rpc.c:55(query_user_list) > > query_user_list: No incoming trust for domain TEST > > > > loglevel 3: > > log.wb-TEST > > [2011/03/16 11:07:23.731615, 3] winbindd/winbindd_cm.c:1633(connection_ok) > > connection_ok: Connection to KLG-PDC1 for domain BINKLG is not connected > > [2011/03/16 11:07:23.731717, 3] > winbindd/winbindd_cm.c:1736(set_dc_type_and_flags_trustinfo) > > set_dc_type_and_flags_trustinfo: No connection to our domain! > > [2011/03/16 11:07:23.742157, 3] winbindd/winbindd_rpc.c:48(query_user_list) > > rpc: query_user_list > > > > smb.conf > > [global] > > workgroup = BINKLG > > security = domain > > netbios name = DW-DEBIAN > > username map = /etc/samba/smbusers > > log level= 10 > > syslog = 0 > > log file = /var/log/samba/%m > > max log size = 0 > > #smb ports = 139 > > name resolve order = wins bcast hosts > > wins server = xx.xx.xx.xx > > idmap uid = 1 - 2 > > idmap gid = 1 - 2 > > template shell = /bin/bash > > #winbind separator = + > > realm = XXX..XXX > > encrypt passwords = yes > > winbind use default domain = yes > > winbind enum users = yes > > winbind enum groups = yes > > allow trusted domains = yes > > winbind nested groups = yes > > #client use spnego = no > > password server = KLG-PDC1 > > > > nsswitch.conf > > passwd: files ldap winbind > > group: files ldap winbind > > shadow: files ldap winbind > > hosts: files wins dns > > networks: files > > protocols: db files > > services: db files > > ethers: db files > > rpc:db files > > publickey:nisplus > > netgroup: files > > > > libnss_ldap.conf > > host xx.xx.xx.xx > > base dc=xxx,dc=x,dc=xxx > > binddn cn=Administrator,dc=xxx,dc=x,dc=xxx > > bindpw xxx > > timelimit 50 > > bind_timelimit 50 > > bind_policy hard > > idle_timelimit 3600 > > pam_password exop > > nss_base_passwd dc=xxx,dc=x,dc=xxx > > nss_base_shadow dc=xxx,dc=x,dc=xxx > > nss_base_group dc=xxx,dc=x,dc=xxx > > ssl off > > > > Thank you, > > Wasil. > > > > Bob Miller > 334-7117/660-5315 > http://computerisms.ca > b...@computerisms.ca > Network, Internet, Server, > and Open Source Solutions -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
You must add "root preexec" to the Section [profiles] my section [profiles]: comment = Network Profiles Service #path = %H path = /data2/profiles read only = No store dos attributes = Yes create mask = 0600 directory mask = 0700 write list = @DomainUsers @root root preexec = /usr/local/bin/mkprofile.sh %u %g Wed, 16 Mar 2011 12:04:40 +0100 письмо от "J. Echter" : > Am 16.03.2011 11:33, schrieb Wasil: > > Hi > > You must have something like this: > > > > in smb.conf^ > > [profiles] > > . > > root preexec = /usr/local/bin/mkprofile.sh %u %g > > > > > > mkprofile.sh: > > > > #!/bin/sh > > PROFILE=/data2/profiles/$1 > > if [ ! -e $PROFILE ]; then > > mkdir -pm700 $PROFILE > > chown $1:$2 $PROFILE > > fi > > > > Wed, 16 Mar 2011 11:09:59 +0100 письмо от "J. > Echter": > > > >> Hi, > >> > >> i have a Samba PDC (no LDAP) and added add user script to my config. > >> > >> I can create the user with no problems, login is possible but the > >> /home/samba/profile/user dir is not created. > >> > >> Any hints on that? > >> > >> script commands i added: > >> > >> add user script = /usr/sbin/useradd -m '%u' -g ntusers -G ntusers -s > >> /bin/false > >> delete user script = /usr/sbin/userdel -r '%u' > >> add group script = /usr/sbin/groupadd '%g' > >> delete group script = /usr/sbin/groupdel '%g' > >> add user to group script = /usr/sbin/usermod -G '%g' '%u' > >> add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody > >> '%u' -g machines > >> > >> > >> this is running on Ubuntu 10.04-LTS server > >> > >> > >> greetings > >> > >> Juergen. > >> -- > >> To unsubscribe from this list go to the following URL and read the > >> instructions: https://lists.samba.org/mailman/options/samba > Hi, thanks for the hint. > > but the profile dir doesn't get created. > > i edited the path in the script and gave it chmod u+x (to be sure :) ) > > still nothing created. > > if i run the script by hand it works. > -- > To unsubscribe from this list go to the following URL and read the > instructions: > https://lists.samba.org/mailman/options/samba -- Мой Мир@Mail.Ru в твоем мобильном! Просто зайди с телефона на m.mail.ru -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
Hi You must have something like this: in smb.conf^ [profiles] . root preexec = /usr/local/bin/mkprofile.sh %u %g mkprofile.sh: #!/bin/sh PROFILE=/data2/profiles/$1 if [ ! -e $PROFILE ]; then mkdir -pm700 $PROFILE chown $1:$2 $PROFILE fi Wed, 16 Mar 2011 11:09:59 +0100 письмо от "J. Echter" : > Hi, > > i have a Samba PDC (no LDAP) and added add user script to my config. > > I can create the user with no problems, login is possible but the > /home/samba/profile/user dir is not created. > > Any hints on that? > > script commands i added: > > add user script = /usr/sbin/useradd -m '%u' -g ntusers -G ntusers -s > /bin/false > delete user script = /usr/sbin/userdel -r '%u' > add group script = /usr/sbin/groupadd '%g' > delete group script = /usr/sbin/groupdel '%g' > add user to group script = /usr/sbin/usermod -G '%g' '%u' > add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody > '%u' -g machines > > > this is running on Ubuntu 10.04-LTS server > > > greetings > > Juergen. > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] wbinfo -u Don't show users from trusted(ing) domain on domain member server
Hi, All! I Have Samba (3.5.6) domain witch have trust relations with ADS (Named TEST) Win2008 (2008 domain mode) On PDC all working very good. I have also Domain Member server in my samba Domain. When i trying type wbinfo -u, or getent passwd on samba PDC (Named BINKLG) I see all, including ADS users. When I trying do it on Domain Member Server I don't see users from ADS Is it possible to view thats users (from trusted domain) on DMS (not BDC)? Samba 3.5.6 after typing wbinfo -u: suspicious strings in log files loglevel 10: log.wb-TEST [2011/03/16 10:55:56.466417, 10] winbindd/winbindd_util.c:1337(winbindd_can_contact_domain) winbindd_can_contact_domain: TEST is an AD domain and we have no inbound trust. [2011/03/16 10:55:56.466470, 10] winbindd/winbindd_rpc.c:55(query_user_list) query_user_list: No incoming trust for domain TEST loglevel 3: log.wb-TEST [2011/03/16 11:07:23.731615, 3] winbindd/winbindd_cm.c:1633(connection_ok) connection_ok: Connection to KLG-PDC1 for domain BINKLG is not connected [2011/03/16 11:07:23.731717, 3] winbindd/winbindd_cm.c:1736(set_dc_type_and_flags_trustinfo) set_dc_type_and_flags_trustinfo: No connection to our domain! [2011/03/16 11:07:23.742157, 3] winbindd/winbindd_rpc.c:48(query_user_list) rpc: query_user_list smb.conf [global] workgroup = BINKLG security = domain netbios name = DW-DEBIAN username map = /etc/samba/smbusers log level= 10 syslog = 0 log file = /var/log/samba/%m max log size = 0 #smb ports = 139 name resolve order = wins bcast hosts wins server = xx.xx.xx.xx idmap uid = 1 - 2 idmap gid = 1 - 2 template shell = /bin/bash #winbind separator = + realm = XXX..XXX encrypt passwords = yes winbind use default domain = yes winbind enum users = yes winbind enum groups = yes allow trusted domains = yes winbind nested groups = yes #client use spnego = no password server = KLG-PDC1 nsswitch.conf passwd: files ldap winbind group: files ldap winbind shadow: files ldap winbind hosts: files wins dns networks: files protocols: db files services: db files ethers: db files rpc:db files publickey:nisplus netgroup: files libnss_ldap.conf host xx.xx.xx.xx base dc=xxx,dc=x,dc=xxx binddn cn=Administrator,dc=xxx,dc=x,dc=xxx bindpw xxx timelimit 50 bind_timelimit 50 bind_policy hard idle_timelimit 3600 pam_password exop nss_base_passwd dc=xxx,dc=x,dc=xxx nss_base_shadow dc=xxx,dc=x,dc=xxx nss_base_group dc=xxx,dc=x,dc=xxx ssl off Thank you, Wasil. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba