[Samba] ntlm_auth patch for Cycrus SASL 2.1.22 Debian Lenny
Hello, Not sure if this is the right place for this. I downloaded on some page of samba site the patch to use ntlm_auth to provide ntlm and gssspnego authentication modules to Cyrus SASL.2.1.19 However, it did not work quite well with Debian sources. I manage to have it built with debian sources and did some minor modifications (with the downloaded patch, I had seg fault when freeing the smb_helper struct) and it finally worked. I made modification to the ntlm part only (as I dont use the gssspnego I cant test it). If anybody is interested in it, here it is. François -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming profiles
Maybe you could provide a level 10 log of when the first error happens (for a new user). Are all your users member of the group "users" ? Are all the underlying directories (/var /var/lib /var/lib/samba ...) set with at least the o+x permission on the file system ? François > Hi people. Im in need of help as far as roaming profiles are concerned. > Allow me as I know this issue has been discussed timelessly but let me > just > ask it because I have been unable to get it to work. > > My Samba + Ldap setup is fine and XP users can authenticate alright. Im > using samba 3.0.28. However when logging in for the first time, they get > the > message; > > Windows cannot locate a server copy-Access is denied > > When logging off, > > Windows cannot update your roaming profile... -Access is denied > > I copied the profiles across from another server, so the first error does > not come up except for new users and the old profiles are mapped onto the > users machines just fine. > > I think I've done everything for roaming profiles to work including > > mkdir -p /var/lib/samba/profiles > chown root:users /var/lib/samba/profiles > chmod 2775 /var/lib/samba/profiles > > chown -R user /var/lib/samba/profiles/user/ > > The samba logs don't show any errors. > > Below is my smb.conf file > [global] > workgroup = EXAMPLE > netbios name = EXAMPLE_SERVER > server string = Samba Server Version %v > passdb backend = ldapsam:ldap://example.org/ > log file = /var/log/samba/%m.log > max log size = 50 > add user script = /usr/sbin/adduser -m "%u" > add machine script = /usr/sbin/useradd -d /var/lib/nobody -g 100 > -s > /bin/false -M %u > logon script = %u.bat > logon path = \\EXAMPLE_SERVER\profiles\%U > logon home = \\EXAMPLE_SERVER\%U > domain logons = Yes > domain master = Yes > ldap admin dn = "cn=config" > ldap group suffix = ou=groups > ldap machine suffix = ou=machines > ldap passwd sync = Yes > ldap suffix = dc=example,dc=org > ldap user suffix = ou=people > cups options = raw > [homes] > comment = Home Directories > validusers = %S > read only = No > browseable = No > writable = Yes > create mask= 0700 > directory mask = 0700 > [netlogon] > comment = Network Logon Service > path = /var/lib/samba/netlogon > share modes = No > guest ok = Yes > [profiles] > path = /var/lib/samba/profiles > read only = No > writable = Yes > profile acls = Yes > comment = User profiles > create mask = 0600 > browsable = no > directory mask = 0700 > > My searches on the web have not helped much. I am running on a Red Hat > like > system (CentOS 5). > > Someone please help. I will be eternally grateful. > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Signing problem with trusted domain in 3.2.0
Hello I seem to be having signing problems with 3.2.0 I have 2 PDCs on 2 different sites (say A and B) both running 3.2.0, with the line server signing = auto in smb.conf. There is a one way trust (B trusting A) setup. While everything works correctly on both sites for local machines access to local shares (a site A user logged on a site A machine can perfectly access shares of site A PDC). The problem appears when one user logged on site A tries to access share on site B PDC, or a user of site A tries to log on site A domain from a site B machine. This problem disappears if server signing is set to No in smb.conf. I could make a level 10 log of smbd process while the problem appears, and could isolate the following lines : [2008/08/15 12:24:29, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 2 [2008/08/15 12:24:29, 0] libsmb/smb_signing.c:srv_check_incoming_message(754) srv_check_incoming_message: BAD SIG: seq 2 wanted SMB signature of [2008/08/15 12:24:29, 5] lib/util.c:dump_data(2226) [000] 52 70 FA 2C 55 E1 28 A4 Rp.,U.(. [2008/08/15 12:24:29, 0] libsmb/smb_signing.c:srv_check_incoming_message(758) srv_check_incoming_message: BAD SIG: seq 2 got SMB signature of [2008/08/15 12:24:29, 5] lib/util.c:dump_data(2226) [000] 8E 53 67 0F 36 6B FC DB .Sg.6k.. and then smbd seems to turn off signing : [2008/08/15 12:24:29, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 4294967293 [2008/08/15 12:24:29, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 4294967294 [2008/08/15 12:24:29, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 4294967295 [2008/08/15 12:24:29, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 0 [2008/08/15 12:24:29, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 1 [2008/08/15 12:24:29, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 2 [2008/08/15 12:24:29, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 3 [2008/08/15 12:24:29, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 4 [2008/08/15 12:24:29, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 5 [2008/08/15 12:24:29, 10] libsmb/smb_signing.c:simple_packet_signature(285) simple_packet_signature: sequence number 6 [2008/08/15 12:24:29, 5] libsmb/smb_signing.c:signing_good(243) srv_check_incoming_message: signing negotiated but not required and peer isn't sending correct signatures. Turning off. And at some point, the connexion is terminated (and windows pops up some error message saying the server is no more available): [2008/08/15 12:24:29, 10] lib/util.c:dump_data(2226) [000] 49 50 43 00 00 00 00 IPC [2008/08/15 12:24:29, 5] lib/util_sock.c:read_socket_with_timeout(928) read_socket_with_timeout: blocking read. EOF from client. [2008/08/15 12:24:29, 10] smbd/process.c:receive_smb_raw_talloc(276) receive_smb_raw: NT_STATUS_END_OF_FILE [2008/08/15 12:24:29, 3] smbd/process.c:smbd_process(2027) receive_message_or_smb failed: NT_STATUS_END_OF_FILE, exiting [2008/08/15 12:24:29, 5] lib/gencache.c:gencache_shutdown(93) Closing cache file The complete log is available at http://www.thom.fr.eu.org/log.smbd Anybody gone through similar problem ? Thanks François -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: SAMBA / CUPS
Hi I think this is pretty well documented in Samba Official Howto §21 - "Setting Device Modes on New Printers" François > Dear all, > > I am new to CUPS. I found an installation of CUPS with SAMBA that we > will deploy soon but there are a couple of problems I need to solve > beforehand and your help would be really appreciated. > > I have RedHat 5.1 installation with the following : > > CUPS 1.3.7 and SAMBA 3.0.25b > > My smb.conf relevant details looks like this : > > [global] > > ## GLOBAL SETTINGS > netbios name = TASSIN > server string = Samba Print Server > workgroup = DOM NAME > security = domain > encrypt passwords = yes > password server = P Z > > ## WINBIND SETTINGS > idmap uid = 1-2 > idmap gid = 1-2 > winbind separator = / > > ## LOG SETTINGS > log level = 2 > log file = /var/log/samba/log.%m > max log size = 1000 > > ## NETWORK SETTINGS > wins server = X , Y > name resolve order = hosts wins > interfaces = Z > smb ports = 139 > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > hosts allow = 10. 127. 172. 193. 192. > include = /etc/samba/jessie.conf > include = /etc/samba/janey.conf > > ## DOMAIN SETTINGS > domain master = no > local master = no > preferred master = no > os level = 0 > > ## PRINTER SETTINGS > load printers = yes > printing = cups > printcap name = cups > cups options = raw > > [printers] > comment = All printers > path = /var/spool/samba > browseable = no > public = yes > guest ok = yes > writable = yes > printable = yes > use client driver = no > printer admin = filled in properly > > [print$] > comment = Printer drivers > path = /var/lib/samba/printers > browseable = yes > guest ok = no > read only = yes > write list = filled in properly > create mask = 0664 > directory mask = 0775 > > > We use windows clients and I am trying to set all printers in duplex > mode. My problem is that I do it with a correct domain user but the > setting sometimes is kept and sometimes is lost after sometime. Can > someone tell me where these settings are stored ? > > Many thanks > Konrad > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- François Legal -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Setup of a new PDC with Samba 3.2.0]
I finally make it work. The problem was in my nss_ldap.conf file. I was missing a line indicating there were "user" accounts in two different OU : People and Machines. Once this was fixed, I could properly check the trust account with winbindd. in libnss_ldap.conf: nss_base_passwd = ou=People,dc=mydomain,dc=fr and after I added this line nss_base_passwd = ou=Machines,dc=mydomain,dc=fr It did work. > Ok, so I could finally get the level 10 log out of winbindd. > > I started it with winbindd -S -F -i -d 10 > log.winbindd > > The complete log file is available at > http://www.thom.fr.eu.org/log.winbindd > > By what I could see, it seem to get NT_STATUS_IO_TIMEOUT when trying to > connect to MYSERVER (name resolving seems OK there) then it says Receiving > SMB: Server stopped responding > > Any idea ? > >> On Sat, Jul 12, 2008 at 10:30:13AM +0200, [EMAIL PROTECTED] wrote: >>> Ok, >>> >>> I just missed this part from the documentation (by the way, could >>> anybody >>> spot me to the place where this is specified. I could see in Samba >>> Howto >>> chapter 13, but this is not obvious). >> >> No, I think you're correct. This is where it's specified. >> That's not really the right place. >> >> I'd like to take a look and fix this, but might take a >> while to get to the docs update. Anyone else willing to >> help ? >> >>> So I did successfully join the domain, and now I get the following >>> error >>> on wbinfo -t : >>> MYSERVER:~# wbinfo -t >>> checking the trust secret via RPC calls failed >>> error code was NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND (0xc233) >>> Could not check secret >>> >>> This looks like a resolver issue. I have >>> wins server = 10.212.254.254 >>> wins proxy = Yes >>> name resolve order = lmhosts wins host bcast >>> in smb.conf, and my lmhost file says >>> 10.211.254.253 MYDOMAIN >>> 10.211.254.253 MYSERVER >>> and anyway the nmblookup succeeds: >>> tls-srv-01:~# nmblookup -R -U 10.212.254.254 MYDOMAIN#1b >>> querying MYDOMAIN on 10.212.254.254 >>> 10.211.254.253 MYDOMAIN<1b> >>> tls-srv-01:~# nmblookup -R -U 10.212.254.254 MYDOMAIN#1c >>> querying MYDOMAIN on 10.212.254.254 >>> 10.211.254.253 MYDOMAIN<1c> >> >> Run winbindd -d10 and look at the core winbindd logs to >> help find out why it can't find the DC. >> >> Jeremy. >> > > > -- > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- François Legal -- François Legal -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems connecting to a NAS via Samba/Cifs Protokol
Hello, not sure if this is related to samba. Have you tried (as root) to mount (using mount.cifs) your shared nas folder in any other place than /media. You may have an automounter managing this directory and that could be wy you can't access it. François > Hello! > I am very new to this list and don't have much time to first watch the > list for the next two weeks (or so), because my problem is urgent. So > please don't flame me if i am acting unusual ;-) > > I come from Germany, so my english maybe wired sometimes, please be gentle > ;-) > > Ok, now to my problem: > I have a ubuntu linux hary heron with kde, so it'S actually an kubuntu. I > can recover and work with the network attached storage without problems if > i use konqueror with "smb:/". Also smb4k recovers my NAS and everything. > My problem ist now, that i want to integrate the samba resource into my > root tree. > It works using the ftp protokoll, but not very well (timeouts and multiple > transfers are too much for my nas). What i want ist that i can attach the > nas dynamical via batch script. In this script i want to mount the samba > ressources into "/media/nasbox". I tried to do this, but received the > message, that the folder nasbox did not exist, so i opened /media/ as root > and created the folder. Now i can see this folder only as normal user, but > not as root, which first of all is really wired, as the folder belongs to > root and so i can't acces it. But i need to be root to change this, and > root can't discouver this folder... > > How would be the correct way to attach this storage the right way. I think > i need a fstab entry, and a few other things. cifs sambafs and so on are > installed. Of course i need access to the files and folders as "normal" > user. To make things easier, i have now a complete fresh installation, so > there is no need to put up with missconfigured conf's, fstab entries and > so on. > > Thanks for your help > > Thomas > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- François Legal -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Setup of a new PDC with Samba 3.2.0
Ok, so I could finally get the level 10 log out of winbindd. I started it with winbindd -S -F -i -d 10 > log.winbindd The complete log file is available at http://www.thom.fr.eu.org/log.winbindd By what I could see, it seem to get NT_STATUS_IO_TIMEOUT when trying to connect to MYSERVER (name resolving seems OK there) then it says Receiving SMB: Server stopped responding Any idea ? > On Sat, Jul 12, 2008 at 10:30:13AM +0200, [EMAIL PROTECTED] wrote: >> Ok, >> >> I just missed this part from the documentation (by the way, could >> anybody >> spot me to the place where this is specified. I could see in Samba Howto >> chapter 13, but this is not obvious). > > No, I think you're correct. This is where it's specified. > That's not really the right place. > > I'd like to take a look and fix this, but might take a > while to get to the docs update. Anyone else willing to > help ? > >> So I did successfully join the domain, and now I get the following error >> on wbinfo -t : >> MYSERVER:~# wbinfo -t >> checking the trust secret via RPC calls failed >> error code was NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND (0xc233) >> Could not check secret >> >> This looks like a resolver issue. I have >> wins server = 10.212.254.254 >> wins proxy = Yes >> name resolve order = lmhosts wins host bcast >> in smb.conf, and my lmhost file says >> 10.211.254.253 MYDOMAIN >> 10.211.254.253 MYSERVER >> and anyway the nmblookup succeeds: >> tls-srv-01:~# nmblookup -R -U 10.212.254.254 MYDOMAIN#1b >> querying MYDOMAIN on 10.212.254.254 >> 10.211.254.253 MYDOMAIN<1b> >> tls-srv-01:~# nmblookup -R -U 10.212.254.254 MYDOMAIN#1c >> querying MYDOMAIN on 10.212.254.254 >> 10.211.254.253 MYDOMAIN<1c> > > Run winbindd -d10 and look at the core winbindd logs to > help find out why it can't find the DC. > > Jeremy. > -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Setup of a new PDC with Samba 3.2.0
Ok, I just missed this part from the documentation (by the way, could anybody spot me to the place where this is specified. I could see in Samba Howto chapter 13, but this is not obvious). So I did successfully join the domain, and now I get the following error on wbinfo -t : MYSERVER:~# wbinfo -t checking the trust secret via RPC calls failed error code was NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND (0xc233) Could not check secret This looks like a resolver issue. I have wins server = 10.212.254.254 wins proxy = Yes name resolve order = lmhosts wins host bcast in smb.conf, and my lmhost file says 10.211.254.253 MYDOMAIN 10.211.254.253 MYSERVER and anyway the nmblookup succeeds: tls-srv-01:~# nmblookup -R -U 10.212.254.254 MYDOMAIN#1b querying MYDOMAIN on 10.212.254.254 10.211.254.253 MYDOMAIN<1b> tls-srv-01:~# nmblookup -R -U 10.212.254.254 MYDOMAIN#1c querying MYDOMAIN on 10.212.254.254 10.211.254.253 MYDOMAIN<1c> > On Fri, Jul 11, 2008 at 04:50:55PM +0200, [EMAIL PROTECTED] wrote: >> Hello, >> >> I setting up a new PDC for a new domain using samba 3.2.0 >> I use LDAP as passwd/idmap backend. >> >> I started from scratch just creating the OU for the >> users/groups/machines/idmaps in the ldap directory, + a user used to >> bind >> to ldap. >> >> So from there I started winbind and ran net sam provision, which worked >> great. >> Now I plan this domain will have a one way trust with one other domain, >> and as I start playing with wbinfo to verify the local/builtin groups >> appear, I found that wbinfo -t fails to check secret with : >> myserver:/usr/local/samba/bin# wbinfo -t >> checking the trust secret via RPC calls failed >> error code was NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc0da) >> Could not check secret >> >> So, I'm wondering, do I need to create some kind of machine trust >> account >> for the PDC itself, or this reply from wbinfo -t is expected ? > > Yes, you need to "join" the machine to itself (the PDC) using net join > before winbindd will work in this way on the PDC. Sorry, rather > counterintuative I know but the way it works at present. > > Jeremy. > -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Setup of a new PDC with Samba 3.2.0
Hello, I setting up a new PDC for a new domain using samba 3.2.0 I use LDAP as passwd/idmap backend. I started from scratch just creating the OU for the users/groups/machines/idmaps in the ldap directory, + a user used to bind to ldap. So from there I started winbind and ran net sam provision, which worked great. Now I plan this domain will have a one way trust with one other domain, and as I start playing with wbinfo to verify the local/builtin groups appear, I found that wbinfo -t fails to check secret with : myserver:/usr/local/samba/bin# wbinfo -t checking the trust secret via RPC calls failed error code was NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc0da) Could not check secret So, I'm wondering, do I need to create some kind of machine trust account for the PDC itself, or this reply from wbinfo -t is expected ? [global] workgroup = EVENTLAB netbios name = TLS-SRV-01 server string = Samba for EventLab interfaces = eth1 lo bind interfaces only = Yes hosts allow = 10.211.0.0/16 10.212.0.0/16 127.0.0.1 socket address = 10.211.254.253 passdb backend = ldapsam:ldap://127.0.0.1:389 ldap admin dn = cn=SambaAdmin,dc=x-files,dc=fr ldap user suffix = ou=People ldap group suffix = ou=Groups ldap machine suffix = ou=Machines ldap suffix = dc=x-files,dc=fr ldapsam:trusted = Yes ldapsam:editposix = Yes time server = Yes map acl inherit = Yes nt acl support = Yes unix charset = UTF-8 # unix password sync = Yes # passwd chat = *new*password* %n\n*new*password* %n\n *updated* # pam password change = No passwd program = /usr/sbin/smbldap-passwd %u # username map = /etc/samba/username.map reset on zero vc = Yes use sendfile = Yes # # Logon options # domain logons = Yes logon drive = h: logon path = \\TLS-SRV-01\Profiles\%U logon home = \\TLS-SRV-01\%U logon script = Startup.bat # # Printing options # load printers = No # # Browsing options # os level = 65 announce version = 4.9 preferred master = No domain master = Yes local master = No # remote browse sync = 10.212.254.254 # remote announce = 10.212.254.254 # # WINS and resolver options # wins support = Yes # wins server = 10.212.254.254 wins proxy = Yes name resolve order = lmhosts wins host bcast # # Debug options # log level = 0 debug timestamp = No debug prefix timestamp = No debug hires timestamp = No debug pid = Yes debug uid = Yes # # Winbind options # winbind enum users = Yes winbind enum groups = Yes idmap domains = TRUSTEDDOM idmap config TRUSTEDDOM:backend = ldap idmap config TRUSTEDDOM:default = Yes idmap config TRUSTEDDOM:ldap_base_dn = ou=TRUSTEDDOM,ou=Idmaps,dc=x-files,dc=fr idmap config TRUSTEDDOM:ldap_user_dn = cn=SambaAdmin,dc=x-files,dc=fr idmap config TRUSTEDDOM:ldap_url = ldap://localhost/ idmap config TRUSTEDDOM:range= 1 - 10999 idmap alloc backend = ldap idmap alloc config:ldap_base_dn = ou=Idmaps,dc=x-files,dc=fr idmap alloc config:ldap_user_dn = cn=SambaAdmin,dc=x-files,dc=fr idmap alloc config:ldap_url = ldap://localhost/ idmap alloc config:range= 2 - 20999 template homedir = /home/home/%D/%U template shell = /bin/false winbind: rpc only = yes winbind nested groups = yes -- François Legal -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Setup of a new PDC with Samba 3.2.0
Hello, I setting up a new PDC for a new domain using samba 3.2.0 I use LDAP as passwd/idmap backend. I started from scratch just creating the OU for the users/groups/machines/idmaps in the ldap directory, + a user used to bind to ldap. So from there I started winbind and ran net sam provision, which worked great. Now I plan this domain will have a one way trust with one other domain, and as I start playing with wbinfo to verify the local/builtin groups appear, I found that wbinfo -t fails to check secret with : myserver:/usr/local/samba/bin# wbinfo -t checking the trust secret via RPC calls failed error code was NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc0da) Could not check secret So, I'm wondering, do I need to create some kind of machine trust account for the PDC itself, or this reply from wbinfo -t is expected ? [global] workgroup = EVENTLAB netbios name = TLS-SRV-01 server string = Samba for EventLab interfaces = eth1 lo bind interfaces only = Yes hosts allow = 10.211.0.0/16 10.212.0.0/16 127.0.0.1 socket address = 10.211.254.253 passdb backend = ldapsam:ldap://127.0.0.1:389 ldap admin dn = cn=SambaAdmin,dc=x-files,dc=fr ldap user suffix = ou=People ldap group suffix = ou=Groups ldap machine suffix = ou=Machines ldap suffix = dc=x-files,dc=fr ldapsam:trusted = Yes ldapsam:editposix = Yes time server = Yes map acl inherit = Yes nt acl support = Yes unix charset = UTF-8 # unix password sync = Yes # passwd chat = *new*password* %n\n*new*password* %n\n *updated* # pam password change = No passwd program = /usr/sbin/smbldap-passwd %u # username map = /etc/samba/username.map reset on zero vc = Yes use sendfile = Yes # # Logon options # domain logons = Yes logon drive = h: logon path = \\TLS-SRV-01\Profiles\%U logon home = \\TLS-SRV-01\%U logon script = Startup.bat # # Printing options # load printers = No # # Browsing options # os level = 65 announce version = 4.9 preferred master = No domain master = Yes local master = No # remote browse sync = 10.212.254.254 # remote announce = 10.212.254.254 # # WINS and resolver options # wins support = Yes # wins server = 10.212.254.254 wins proxy = Yes name resolve order = lmhosts wins host bcast # # Debug options # log level = 0 debug timestamp = No debug prefix timestamp = No debug hires timestamp = No debug pid = Yes debug uid = Yes # # Winbind options # winbind enum users = Yes winbind enum groups = Yes idmap domains = TRUSTEDDOM idmap config TRUSTEDDOM:backend = ldap idmap config TRUSTEDDOM:default = Yes idmap config TRUSTEDDOM:ldap_base_dn = ou=TRUSTEDDOM,ou=Idmaps,dc=x-files,dc=fr idmap config TRUSTEDDOM:ldap_user_dn = cn=SambaAdmin,dc=x-files,dc=fr idmap config TRUSTEDDOM:ldap_url = ldap://localhost/ idmap config TRUSTEDDOM:range= 1 - 10999 idmap alloc backend = ldap idmap alloc config:ldap_base_dn = ou=Idmaps,dc=x-files,dc=fr idmap alloc config:ldap_user_dn = cn=SambaAdmin,dc=x-files,dc=fr idmap alloc config:ldap_url = ldap://localhost/ idmap alloc config:range= 2 - 20999 template homedir = /home/home/%D/%U template shell = /bin/false winbind: rpc only = yes winbind nested groups = yes -- François Legal -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind and remote users
I think you're investigating in the wrong direction. As far as I understood (I may be mistaken too) a user of SANTARCANGELO domain, even if it logs on another domain's machine is still a SANTARCANGELO domain's user. That means, the user properties (home directory, profile path, ...) come from SANTARCANGELO domain PDC What you should check is wether the SANTARCANGELO domain's user logged on a CENTROSTORICO domain's machine can still access (by browsing the network neighbourhood for instance) his home directory (wherever it resides in the SANTARCANGELO domain) from this "foreign" machine. François > ciao. > > i'm using samba 3.0.30 from gentoo (emerge). > [ebuild R ] net-fs/samba-3.0.30 USE="acl cups ipv6 pam python > quotas readline winbind -ads -async -automount -caps -doc -examples - > fam -ldap (-selinux) -swat -syslog" LINGUAS="-ja -pl" 20,030 kB > > i didn't found many howto on this... > but i did red the howto > http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html > > the network is connected via openvpn, with a "central" wins server and > other > pdc client of it. > i didn't set up an ldap because the user base is very small (2-4 per > site). > i have set up the relationship between domains, and tested it with wbinfo. > also, getent passwd give me all the clients of all domains. > > now, an user A from domain SANTARCANGELO have to login in a CENTROSTORICO > domain member machine. > > the user is correctly authenticated, but it does not load the home > directory. > so i setted up: > --- > template homedir = /home/winbind/%D/%U > template shell = /bin/false > --- > so i have created directory SANTARCANGELO in /home/winbind/ of > CENTROSTORICO > and then i copied the whole profile inside SANTARCAGELO with rsync, and > chowned it. > does not work. > > so copied the home direcotry of user in /home of CENTROSTORICO. > does not work anyway. > > now i have commented the two "template" lines cause seems that thay are > only > needed to log in with telnet, ssh, and so on. > > i have installed inotify tools and seems that on local directory no files > are > opened. > in the domain master SANTARCAGELO instead there are at least one access in > the > home directory, but only in /home and /home/username. > > here the output of testparm, stripped of shares "comune", "printers" > e "print$". > > any help would be welcome, also rtfm and link to howto/manuals. > > config of santarcangelo: > --- > [global] > workgroup = SANTARCANGELO > netbios name = SANTARCANGELO > server string = Santarcangelo Samba Server > interfaces = 192.168.0.0/16 > username map = /etc/samba/smbusers > password level = 8 > username level = 8 > log file = /var/log/samba/log.%m > max log size = 1000 > name resolve order = wins host lmhosts bcast > unix extensions = No > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > printcap name = cups > add machine script = /usr/sbin/useradd -d /dev/null -g machines -c > 'Machine Account' -s /bin/false '%m$' > logon script = logon.bat > logon path = \\%L\%U\.ntprofile > logon drive = Z: > logon home = \\%L\%U > domain logons = Yes > os level = 33 > preferred master = Yes > domain master = Yes > wins support = Yes > idmap uid = 1-2 > idmap gid = 1-2 > winbind enum users = Yes > winbind enum groups = Yes > winbind use default domain = Yes > winbind trusted domains only = Yes > admin users = @root > hosts allow = 127.0.0.1, 192.168.0.0/16, 172.16.0.0/24 > hide unreadable = Yes > include = /etc/samba/smb.conf.santarcangelo-server > > [homes] > comment = Home Directory of %u > read only = No > create mask = 0644 > browseable = No > > [netlogon] > path = /var/lib/samba/netlogon/ > write list = @root > browseable = No > > [profiles] > path = /home/%u/.ntprofiles > read only = No > create mask = 0600 > directory mask = 0700 > --- > > config di centrostorico: > --- > [global] > workgroup = CENTROSTORICO > netbios name = CENTROSTORICO > server string = Centro Storico Samba Server > interfaces = 192.168.0.0/16 > username map = /etc/samba/smbusers > password level = 8 > username level = 8 > log file = /var/log/samba/log.%m > max log size = 1000 > name resolve order = wins host lmhosts bcast > unix extensions = No > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > printcap name = cups > add machine script = /usr/sbin/useradd -d /dev/null -g machines -c > 'Machine Account' -s /bin/false '%m$' > logon script = logon.bat > logon path = \\%L\%U\.ntprofile > logon drive = Z: >
Re: [Samba] Accessing member server prompts for credentials
Do you have the "unix password sync" set to yes in smb.conf If yes, maybe you're in trouble with the password chat. I had the problem on my debian systems were using the default "passwd chat" value did not work because it expects *changed* and my system returned updated. > I'm still struggling with this if anyone can help. > > I'm back tracking through the HOWTO and realised that I hadn't created > a machine trust account. > > So I've done: > # groupadd machines > # /usr/sbin/useradd -g machines -d /var/lib/nobody -c "Test Server" -s > /bin/false server1 > # passwd -l server1 > Locking password for user server1. > # smbpasswd -a -m server1 > Failed to modify password entry for user server1$ > > Please can anyone tell me why this last step fails? > >> >> From: Leon Stringer <[EMAIL PROTECTED]> >> Date: 2008/06/17 Tue AM 11:13:14 GMT >> To: >> Subject: [Samba] Accessing member server prompts for credentials >> >> Hi, >> >> I'm trying to join a server as an AD member but it isn't working. >> >> I do: >> >> kinit [EMAIL PROTECTED] >> >> which prompts for the password and displays nothing else. Then I do: >> >> net ads join -U Administrator%X >> >> which returns: >> >> Using short domain name -- DOMAIN1 >> Joined 'SERVER1' to realm 'DOMAIN1.CO.UK' >> >> So all looks OK, but when I try to browse the shares on \\server1 >> from another domain member I'm prompted for a username and password. Any >> valid domain credentials are rejected. >> >> The log file for the IP address for the computer I'm trying to connect >> from says: >> >> [2008/06/17 11:54:54, 1] smbd/sesssetup.c:reply_spnego_kerberos(316) >>Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE! >> >> log.smbd says: >> [2008/06/17 11:55:47, 0] >> auth/auth_util.c:create_builtin_administrators(792) >>create_builtin_administrators: Failed to create Administrators >> [2008/06/17 11:55:47, 0] auth/auth_util.c:create_builtin_users(758) >>create_builtin_users: Failed to create Users >> >> smb.conf says: >> [global] >> workgroup = DOMAIN1 >> realm = DOMAIN1.CO.UK >> security = ADS >> >> Samba 3.0.30 on Fedora 8. >> >> Can anyone tell me where I'm going wrong? >> > > - > Email sent from www.virginmedia.com/email > Virus-checked using McAfee(R) Software and scanned for spam > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > > > Message scanned by ClamAV engine (http://www.clamav.net) > > -- François Legal Message scanned by ClamAV engine (http://www.clamav.net) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] new clients in PDC
I think setting "profile acls = yes" in smb.conf does the trick > > hi all > > Every time I include some machine with Windows XP on my PDC domain, I get > the message say me > that the user is not the owner of profile folder... > > Then, I run MMC Console and add a snap-in, changing some parts in Computer > -> Administrative > Models -> Don't check owner profile folder and other function, called > "Always accept only > local profile"... > > Well, when I have 3 ou 5 machines, I do this by hand... > However, when I have more then 10 machines in a LAN, it's hard work to > setup MMC Console for > all machines... > > Is there some way to automatic this changing via Server Domain? > > Thanks for all response... > > Best regards > > > -- > Atenciosamente > > --- > Gilberto Nunes > MSN: [EMAIL PROTECTED] > Fones: 47-3348-8020 > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > > > Message scanned by ClamAV engine (http://www.clamav.net) > > -- François Legal Message scanned by ClamAV engine (http://www.clamav.net) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] idmap for trusted domain changing over time
I forgot to precise I'm using 3.0.29 > Hello > > I'm experiencing a weird behaviour with idmapping/winbindd. > > I have two samba controlled domains with one trusting the other and using > winbindd to map trusted domain groups and users. > This works quite well, but after some time, I can see the unix uid/gid > allocated for the trusted domain groups/users being changed, and this > keeps on changing approximatively every 2 hours. > At samba/winbindd startup I have the uid/gid allocated starting at the > beginning of the range in "idmap alloc config:range" directive. > > Also, I may have trouble with my configuration, because the trusted domain > uid/gid are not allocated in the range given by the "idmap config > DOMB:range" directive, and at startup, I get the gids allocated to BUILTIN > groups overlapping the gids allocated to the trusted domain. > > Here is the relevant section of my smb.conf : > > idmap domains = DOMB > idmap backend = > idmap alloc backend = tdb > idmap cache time = 900 > idmap negative cache time = 120 > idmap uid = > idmap gid = > template homedir = /home/%D/%U > template shell = /bin/false > winbind separator = \ > winbind cache time = 300 > winbind enum users = Yes > winbind enum groups = Yes > winbind use default domain = No > winbind trusted domains only = No > winbind nested groups = Yes > winbind nss info = template > winbind refresh tickets = No > winbind offline logon = No > winbind normalize names = No > winbind:rpc only = yes > idmap config DOMB:range = 4000-4999 > idmap config DOMB:default = Yes > idmap config DOMB:backend = tdb > idmap alloc config:range = 3000-4999 > > Anybody can help ? > > -- > François Legal > > > Message scanned by ClamAV engine (http://www.clamav.net) > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > > > Message scanned by ClamAV engine (http://www.clamav.net) > > -- François Legal Message scanned by ClamAV engine (http://www.clamav.net) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] idmap for trusted domain changing over time
Hello I'm experiencing a weird behaviour with idmapping/winbindd. I have two samba controlled domains with one trusting the other and using winbindd to map trusted domain groups and users. This works quite well, but after some time, I can see the unix uid/gid allocated for the trusted domain groups/users being changed, and this keeps on changing approximatively every 2 hours. At samba/winbindd startup I have the uid/gid allocated starting at the beginning of the range in "idmap alloc config:range" directive. Also, I may have trouble with my configuration, because the trusted domain uid/gid are not allocated in the range given by the "idmap config DOMB:range" directive, and at startup, I get the gids allocated to BUILTIN groups overlapping the gids allocated to the trusted domain. Here is the relevant section of my smb.conf : idmap domains = DOMB idmap backend = idmap alloc backend = tdb idmap cache time = 900 idmap negative cache time = 120 idmap uid = idmap gid = template homedir = /home/%D/%U template shell = /bin/false winbind separator = \ winbind cache time = 300 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = No winbind trusted domains only = No winbind nested groups = Yes winbind nss info = template winbind refresh tickets = No winbind offline logon = No winbind normalize names = No winbind:rpc only = yes idmap config DOMB:range = 4000-4999 idmap config DOMB:default = Yes idmap config DOMB:backend = tdb idmap alloc config:range = 3000-4999 Anybody can help ? -- François Legal Message scanned by ClamAV engine (http://www.clamav.net) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How to move a samba PDC to a diffrent box
I think there must be some migration guide in samba documentation (read chapter 5 and 36 in Samba official howto). I think the best would be to build up your second machine and add it in your domain as BDC, so that all users/groups/machines/... get propagated to this new machine. Once done, migrate all your data, then you can safely switch off the first one and promote your new machine to PDC (changing OS level, and browsing options domain master/prefered master) > Hello List, > > i have got a samba pdc running based on the smbldap tools and Debian > Sarge. > Now we would like to move everything over to Ubuntu Hardy. > > Can i simply: > - Create the same users and groups with the same id on Hardy > - Move the files and profiles over by keeping their permissions (rsync > -avzp ...) > - Set the samba SID to be the old orginial one (i do not know how this > could be done and if it even works) > > Will i then simply be able to log back in with my Windows clients? > Is there a HowTo explaining this scenario? > > Thanks, > Mario > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > > > Message scanned by ClamAV engine (http://www.clamav.net) > > -- François Legal Message scanned by ClamAV engine (http://www.clamav.net) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] getent not listing ADS users ctdb samba
Did you copy the libnss_winbind.so to /lib and make a libnss_winbind.so.2
link out of it ?
>
>
> Hi,
>
>
>
> I am setting up ctdb samba, and have hit a brick wall trying to solve the
> following issue.
>
>
>
> 1.getent does not retrieve the list of domain users or groups (wbinfo
> works fine)
>
>
>
> I'm not sure what I'm missing but I've almost spent the whole day trying
> to
> resolve this one and haven't made any progress :-(
>
>
>
> Any help or suggestions are appreciated
>
>
>
> My configuration is as follows
>
>
>
> Installed pre-built RHEL binaries from ctdb.samba
>
> ctdb-1.0-41.src.rpm
>
> ctdb-1.0-41.x86_64.rpm
>
> ctdb-debuginfo-1.0-41.x86_64.rpm
>
> samba-3.0.25-ctdb.16.src.rpm
>
> samba-3.0.25-ctdb.16.x86_64.rpm
>
> samba-client-3.0.25-ctdb.16.x86_64.rpm
>
> samba-common-3.0.25-ctdb.16.x86_64.rpm
>
> samba-debuginfo-3.0.25-ctdb.16.x86_64.rpm
>
> samba-doc-3.0.25-ctdb.16.x86_64.rpm
>
> samba-swat-3.0.25-ctdb.16.x86_64.rpm
>
> samba-winbind-32bit-3.0.25-ctdb.16.i386.rpm
>
>
>
>
>
> SMB.CONF
>
> [global]
>
> workgroup = PLANET
>
> realm = PLANET.AD
>
> netbios name = CTDBSAMBA
>
> server string = CTDB Samba Server
>
> security = ADS
>
> private dir = /gpfs/gpfs0/SMBDconfig
>
> log file = /usr/local/samba/var/log.%m
>
> max log size = 50
>
> clustering = Yes
>
> dns proxy = No
>
> ldap ssl = no
>
> idmap backend = tdb2
>
> idmap uid = 1-2
>
> idmap gid = 1-2
>
> winbind separator = +
>
>
>
> [homes]
>
> comment = Home Directories
>
> read only = No
>
> browseable = No
>
>
>
> [printers]
>
> comment = All Printers
>
> path = /usr/spool/samba
>
> printable = Yes
>
> browseable = No
>
>
>
> [GPFSGLOBAL]
>
> comment = "GPFS Global Share"
>
> path = /gpfs/gpfs0/GLOBALSHARE
>
> read only = No
>
> force unknown acl user = Yes
>
> vfs objects = gpfs
>
> nfs4:acedup = merge
>
> nfs4:chown = yes
>
> nfs4:mode = special
>
> gpfs:sharemodes = No
>
> fileid:mapping = fsname
>
>
>
>
>
> KRB5.CONF
>
> [logging]
>
> default = FILE:/var/log/krb5libs.log
>
> kdc = FILE:/var/log/krb5kdc.log
>
> admin_server = FILE:/var/log/kadmind.log
>
>
>
> [libdefaults]
>
> default_realm = PLANET.AD
>
>
>
> [realms]
>
> PLANET.AD = {
>
> kdc = msad2k3.planet.ad
>
> admin_server = msad2k3
>
> }
>
>
>
> [domain_realm]
>
> .msad2k3.planet.ad = PLANET.AD
>
>
>
> [appdefaults]
>
> pam = {
>
>debug = false
>
>ticket_lifetime = 36000
>
>renew_lifetime = 36000
>
>forwardable = true
>
>krb4_convert = false
>
> }
>
>
>
> NSSWITCH.CONF
>
> passwd: files winbind
>
> shadow: files
>
> group: files winbind
>
>
>
>
>
> SYSTEM-AUTH
>
> #%PAM-1.0
>
> # This file is auto-generated.
>
> # User changes will be destroyed the next time authconfig is run.
>
> authrequired pam_env.so
>
>
>
> ### WINBIND AUTH ###
>
> authsufficient /lib/security/pam_winbind.so
>
>
>
> authsufficientpam_unix.so nullok try_first_pass
>
> authrequisite pam_succeed_if.so uid >= 500 quiet
>
> authrequired pam_deny.so
>
>
>
>
>
> ### WINBIND AUTH ###
>
> accountsufficient /lib/security/pam_winbind.so
>
>
>
> account required pam_unix.so
>
> account sufficientpam_succeed_if.so uid < 500 quiet
>
> account required pam_permit.so
>
>
>
> passwordrequisite pam_cracklib.so try_first_pass retry=3
>
> passwordsufficientpam_unix.so md5 shadow nullok try_first_pass
> use_authtok
>
> passwordrequired pam_deny.so
>
>
>
> session optional pam_keyinit.so revoke
>
> session required pam_limits.so
>
> session [success=1 default=ignore] pam_succeed_if.so service in crond
> quiet use_uid
>
> session required pam_unix.so
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
>
> Message scanned by ClamAV engine (http://www.clamav.net)
>
>
--
François Legal
Message scanned by ClamAV engine (http://www.clamav.net)
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Help - Cross-Subnet Browsing with OpenVPN
I have the same kind of setup (except I'm using Linux 2.6 IPSEC with KAME tools, and have two different domains, one on each side), and it almost work. I can join the domain on the other side of the tunnel (I still have a problem where wbinfo -t says it cannot find the DC) and winbindd can map remote domain users. Could you document the errors you get while joining (plus possibly level 2/3 log from smbd/winbind depending on which one raises the the error) In my setup I added lmhosts files on both side (not sure if it helps but at least I could join). Also, I did not include the VPN interfaces (but in my setup, these are the public network interface due to new IPSEC implementation). Also, I may be wrong, but I would make FURNSRV the domain master on his subnet, and add a remote announce on the other subnets. Hope it helps. See my post of May 29, 2008 with subject "Trustdom setup and trusted group management" François > My network topology is changing. One of my network segments that used to > be > hard-wired will now be connecting to the rest of the network through DSL, > with a layer of OpenVPN on top. I am having the hardest time getting any > form of cross-subnet browsing or WINS working. > > My PDC is called CORPSRV. It has the following IPs: > 192.168.1.1 > > 192.168.100.5 (OpenVPN) > > The DMB on the remote subnet is called FURNSRV. It has the following IPs: > 192.168.2.1 > 192.168.100.1 (OpenVPN) > > Here are the relevant parts of CORPSRV's smb.conf: > os level = 255 > wins support = yes > preferred master = yes > domain master = yes > local master = yes > remote announce = '192.168.2.1/CORP' '192.168.4.1/CORP' > remote browse sync = '192.168.2.1' '192.168.4.1' > name resolve order = wins bcast host > interfaces = 127.0.0.1 192.168.1.1 192.168.100.5/255.255.255.0 > bind interfaces only = yes > hosts allow = 192.168.1.0/24 192.168.2.0/24 192.168.4.0/24 192.168.6.0/24 > 192.168.100.0/24 127.0.0.1 > > Here are the relevant parts of FURNSRV's smb.conf: > security = domain > password server = 192.168.1.1 > wins server = 192.168.1.1 > wins support = no > wins proxy = yes > name resolve order = wins bcast lmhosts host > dns proxy = no > local master = yes > domain master = no > preferred master = yes > os level = 65 > remote browse sync = 192.168.1.1 > interfaces = 127.0.0.1 192.168.2.1 192.168.100.1/255.255.255.0 > bind interfaces only = yes > hosts allow = 127.0.0.1 192.168.1.0/24 192.168.2.0/24 192.168.4.0/24 > 192.168.6.0/24 192.168.100.0/24 > > I can ping each server's IP from the other server. The following > nmblookup > commands both work: > > [EMAIL PROTECTED]:/etc/samba# nmblookup -U 192.168.2.1 FURNSRV > params.c:pm_process() - Processing configuration file > "/etc/samba/printers.smb" > added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 > added interface ip=192.168.1.1 bcast=192.168.1.255 nmask=255.255.255.0 > added interface ip=192.168.100.5 bcast=192.168.100.255 nmask=255.255.255.0 > Socket opened. > querying FURNSRV on 192.168.2.1 > Got a positive name query response from 192.168.2.1 ( 192.168.100.1 > 192.168.2.1 ) > 192.168.100.1 FURNSRV<00> > 192.168.2.1 FURNSRV<00> > > [EMAIL PROTECTED]:/etc/samba# nmblookup -U 192.168.1.1 corpsrv > added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 > added interface ip=192.168.2.1 bcast=192.168.2.255 nmask=255.255.255.0 > added interface ip=192.168.100.1 bcast=192.168.100.255 nmask=255.255.255.0 > Socket opened. > querying corpsrv on 192.168.1.1 > Got a positive name query response from 192.168.1.1 ( 192.168.100.5 > 192.168.1.1 ) > 192.168.100.5 corpsrv<00> > 192.168.1.1 corpsrv<00> > > I can mount shares on each server from the other, using IP addresses. But > I > can't make FURNSRV join CORP, and I can't resolve FURNSRV via CORPSRV's > WINS > server. > > I know that part of the problem is that OpenVPN uses interfaces that do > not > allow broadcast traffic. But I thought specifying the WINS server and > using > the 'remote announce' directives would fix that. > > I would appreciate any help at all! Thanks so much, > Misty > > > > No virus found in this outgoing message. > Checked by AVG. > Version: 7.5.524 / Virus Database: 269.24.4/1475 - Release Date: 5/30/2008 > 2:53 PM > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > > > Message scanned by ClamAV engine (http://www.clamav.net) > > -- François Legal Message scanned by ClamAV engine (http://www.clamav.net) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Trustdom setup and trusted group management
Hello, I did join 2 sites using an IPSEC tunnel, and made one domain trust the other (2 small Samba DC based domains with about 10 users in each) I first had resolving issues until I decided to keep only one WINS server for both networks (though this is still an issue to me because if for any reason the tunnel is broken, I have no longer WINS on one side). Finally here is my setup : Network A 1.1.0.0/16 with Samba DC ServA for domain DomA at ip 1.1.254.254 (which also act as IPSEC gateway and firewall). Network B 2.1.0.0/16 with Samba DC ServB for domain DomB at ip 2.1.254.254 (which also act as IPSEC gateway and firewall). Browsing is Ok (I think) : preferred master = Yes local master = Yes domain master = Yes browse list = Yes enhanced browsing = Yes remote announce = 1.1.254.254 (2.1.254.254 for ServA) remote browse sync = 1.1.254.254 (2.1.254.254 for ServA) ServB is the WINS for both networks. name resolve order = wins host lmhosts bcast wins proxy = Yes wins support = Yes All nodes on both networks configured as peer to peer (0x3). All nodes can access any other whatever the network. >From here, I setup the trustdom : DomA is the trusted domain and DomB the trusting one. the net rpc trustdom establish DomA ran on ServB returned Unable to join ServA Successfully joined DomA >From here, I setup winbindd on ServB to be able to play with DomA users. idmap domains = DomA idmap alloc backend = tdb template homedir = /home/home/%D/%U template shell = /bin/false winbind separator = \ winbind enum users = Yes winbind enum groups = Yes winbind use default domain = No winbind trusted domains only = No winbind nested groups = Yes winbind nss info = template winbind:rpc only = yes idmap config DomA:range = 4000-4999 idmap config DomA:default = Yes idmap config DomA:backend = tdb idmap alloc config:range = 3000-3999 And here, I have a strange failure : wbinfo -t returns either "checking the trust secret via RPC calls failed error code was NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND (0xc233) Could not check secret" However nmblookup -R -U 2.1.254.254 DomA#1b gives me 1.1.254.254 DomA#1b, and I can successfully lookup DomA users and groups using both wbinfo -u/g and getent passwd/group But, the ids allocated are not in the range given by idmap config DomA:range = 4000-4999 bu the range in idmap alloc config:range = 3000-3999 This is the first thing I trying to fix. The other thing now, is how to grant DomA users rights to access and modify the files/shares/printers from DomB as DomB was so far only managed using domain groups that were mapped from unix groups. Anybody can help -- François Legal Message scanned by ClamAV engine (http://www.clamav.net) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: [CentOS] SAMBA in CentOS 5, shared level
Hello, After patient, I see that can only use samba if the directory is in the same partition of /. Anyone know if Samba have problems sharing directories in other partitions different of / or problems using home directory in different partition? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] SAMBA in CentOS 5
Hello, After patient, I see that can only use samba if the directory is in the same partition of /. Anyone know if Samba have problems sharing directories in other partitions different of / or problems using home directory in different partition? -- -- Publicidad http://www.pas-world.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Details
Please see the attached file for details.-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
