Re: [Samba] Unable to change password in windows - SAMBA_LDAP_PDC - SOLVED
Hi Guys. Thanks for your help with this, when I turned up the debugging level to 3, and found: "user cannot change password now, must wait until Sun, 09 Dec 2007" When I setup the server, and was configuring policies, i set the minimum password age to 45 days (3888000) (For the other server, I used the usrmgr.exe for this, while on this one I used pdbedit, cos usrmgr did not work for some reason) So, this is what I changed it to, so users can change passwords immediately: pdbedit -P "minimum password age" -C 0 Now, all I had to do, was reset everyones password (using smbpasswd) for this policy to take effect. Thanks again, to everyone who helped me figure this one out! God bless. So take a look at the "SO USE A PARTIAL" part, it worth for all organizational units suffixes. *>I have set to use partial, restarted samba and slapd, and I still receive: **>"The system cannot change your password now because the domain RIVONINGO.HIVSA is not available" > or "The system cannot change your password at this time" >When I try to change the password >The log entry is: >[2007/11/28 14:44:04, 0] lib/debug.c:reopen_logs(597) > Unable to open new log file /var/log/samba/log.computername: Permission denied **>Is there something else I can try?*** (...) I can't even say that the previous and this error messages has anything to do with your problem (but as the previous message doesn't repeated, the server now is finding whatever it is looking for), or if that its a name resolution problem. Use a log level bigger than 0 to the server spit something useful, use something like 3. But yes, its not normal to the server don't find objects in LDAP as its not normal start to give "permission denied" errors trying to reopen log files. What are the permissions of your log directory? Regards. Edmundo Valle Neto Hi. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba Digest, Vol 59, Issue 28
Hi All, Thanks for the prompt response, please see me notes: jayendren anand maduray escreveu: Hi All. I have a SAMBA PDC that uses LDAP as its back end. The OS, is UBUNTU 6.10 Server. SAMBA Version is 3.022 The problem is, when a client logs onto the Domain, he presses Control+Alt+Del, and chooses Change Password. He types in the old password, then the new one, and confirms this. When he clicks on OK, it thinks for a bit (about 30 seconds) and then says: "The system cannot change your password now because the domain RIVONINGO.HIVSA is not available" This used to work before, and works fine on another server, with the identical settings. The log file for the computer says: [2007/11/27 16:00:11, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2171) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) This says that something wasn't found in LDAP, but doesn't say what or where it was looked for. (...) ldap suffix = dc=rivoningo,dc=hivsa ldap group suffix = ou=smbGroups,ou=soul-calibur,ou=smbServers,dc=rivoningo,dc=hivsa ldap user suffix = ou=smbUsers,ou=soul-calibur,ou=smbServers,dc=rivoningo,dc=hivsa ldap machine suffix = ou=smbComputers,ou=soul-calibur,ou=smbServers,dc=rivoningo,dc=hivsa ldap idmap suffix = ou=smbUsers,ou=soul-calibur,ou=smbServers,dc=rivoningo,dc=hivsa I didn't understood why did you crated your DIT that way, but ... *>I have many servers.* From smb.conf man page: ldap suffix (G) Specifies the base for all ldap suffixes and for storing the sambaDomain object. The ldap suffix will be appended to the values specified for the ldap user suffix, ldap group suffix, ldap machine suffix, and the ldap idmap suffix. Each of these should be given only a DN relative to the ldap suf- fix. Default: ldap suffix = Example: ldap suffix = dc=samba,dc=org ldap user suffix (G) This parameter specifies where users are added to the tree. If this parameter is unset, the value of ldap suf- fix will be used instead. The suffix string is pre-pended to the ldap suffix string SO USE A PARTIAL DN. Default: ldap user suffix = Example: ldap user suffix = ou=people (...) So take a look at the "SO USE A PARTIAL" part, it worth for all organizational units suffixes. *>I have set to use partial, restarted samba and slapd, and I still receive: **>"The system cannot change your password now because the domain RIVONINGO.HIVSA is not available" > or "The system cannot change your password at this time" >When I try to change the password >The log entry is: >[2007/11/28 14:44:04, 0] lib/debug.c:reopen_logs(597) > Unable to open new log file /var/log/samba/log.computername: Permission denied **>Is there something else I can try?*** God bless. mJayendren -- Jayendren Anand Maduray Microsoft Certified Professional Network Plus Senior IT Administrator Perinatal HIV Research Unit Wits Health Consortium University of the Witwatersrand Alternate email address: [EMAIL PROTECTED] Fax Number: 0866857317 ...There are 10 types of people, those who understand binary and those who do not... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Unable to change password in windows - SAMBA_LDAP_PDC
rowsing other peoples' profiles #Jay added: create mode = 0600 directory mode = 0700 #ACL/OPLOCKS #Jay added: nt acl support = yes nt pipe support = yes nt status support = yes inherit permissions = yes inherit acls = yes level2 oplocks = no acl compatibility = auto [wallpaper] path = /srv/samba/file-server/wallpaper ;valid users = %S ;public = yes writeable = no browseable = yes #Jay Added: #Real_Time Antivirus Scanning ;vfs object = vscan-clamav ;vscan-clamav: config-file = /etc/samba/samba-vscan-clamav.conf Any help regarding this will greatly appreciated, as I have set the accounts to expire their passwds after 45 days. All hells gonna break loose in 10 days time! God bless. -- Jayendren Anand Maduray Microsoft Certified Professional Network Plus Senior IT Administrator Perinatal HIV Research Unit Wits Health Consortium University of the Witwatersrand Alternate email address: [EMAIL PROTECTED] Fax Number: 0866857317 ...There are 10 types of people, those who understand binary and those who do not... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Serving MS Access Databases, with ACL
Hi Dale, thanks for the explanation. I understand were you are coming from now. I certainly hope to be of help to you someday. God bless. Dale Schroeder wrote: I have nothing against posix acl's. In fact, I make sure I install the acl package on every Debian system I build. It's just a preference. I like the way things behave with group permissions. I prefer to administer through permissions. If I use posix acl's, it is usually to remove a permission rather than add. If it is your preference to set controls via acl's, then do what is most comfortable for you. Conversely, I use Windows acl's quite a bit to fine tune access on shares _from_ Windows systems. The flexibility is much greater in Windows acl's, and do much more for me than posix acl's. That being said, I still prefer the power of posix systems for servers, and use them whenever feasible. More info here: http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/AccessControls.html#id376593 I am not the world's foremost expert on nix; just someone like you, learning new things, using that which I've experienced to try to help someone else. I hope I've done some of that for you! :-\ Dale jayendren anand maduray wrote: Hi Dale. Thank you for this. I will try some tests. Can you elaborate on why you do not like ACLs? Had some bad experiences? God bless. Dale Schroeder wrote: Jayendren, Rather than acls, my preference (and it's only a preference) would be to create a group for the database users. Add user1 and user2 to that group. Then ==> chown root.database_group /srv/samba/file-server/studies/databases For security, let the permissions of this directory be no greater than 775. (It looks like that is what you already have.) If you go with MySQL, you can customize the access levels on a user-by-user basis on global settings, database settings, table settings, etc. The security options list is quite extensive. If you prefer GUI administration of MySQL (I do), Navicat is the program of choice. http://www.navicat.com/ It's not free, but is an affordable extension to a free database server. The only things I would say need changing in your smb.conf are: create mode = 0775 veto oplock files = /*.mdb/*.MDB*/* #don't forget the trailing slash (/) Good luck to you, Nick, and Nico. Dale jayendren anand maduray wrote: Hi Dale. Thanks for this, would you guys be able to send me a complete example, that would allow read/write access for two users (you can call them user1, and user2) Alternatively, you can comment on this one: -- Creating the directories, and set permissions: #mkdir /srv/samba/file-server/studies/databases #setfacl -R -m u:user1:rwx,u:user2:rwx /srv/samba/file-server/studies/databases #getfacl /srv/samba/file-server/studies/databases # file: # owner: root # group: root user::rwx user:user1:rwx user:user2:rwx group::r-x mask::rwx other::r-x The share entry in smb.conf: [databases] path = /srv/samba/file-server/studies/databases create mode = 0777 writeable = yes browseable = yes valid users = user1 user2 root writelist = user1 user2 root veto oplock files = /*.mdb/*.MDB nt acl support = yes nt pipe support = yes nt status support = yes inherit permissions = yes inherit acls = yes #smbcontrol smbd reload-config Global parameter acl compatibility found in service section! -- Nick/Nico, we must look at moving access databases to SQL/MySQL backends, soon. (See message from Dale/David below) God bless. Dale Schroeder wrote: jayendren anand maduray wrote: Hi All. Greetings from South Africa. I have a Samba LDAP server (v 3.022) running on Ubuntu 6.10 Its serving about 200 users, with profiles, and domain logons. I want to start serving MS Access Databases on it, with the best speed performance as possible. At the moment, the back ends for these databases, are about 200+ MB, and will grow over the next few years. Basically, the share should serve about 4 users, with read/write access. I am using the XFS file system, with ACL support. Has anyone setup such shares in smb.conf? I would really like to see an example. Lastly, I do not think I want to use oplocks. That's a wise choice. In the share, use: veto oplock files = /*.mdb/*.MDB/ David's suggestion about splitting the databases into Access frontend and MySQL backend is also wise. It has been my experience that large Access databases corrupt quite easily. That no longer happens in the setup David mentioned. Dale Any help, will be greatly appreciated. God bless. *Ellison, David* david.ellison at atkinsglobal.com <mailto:samba%40lists.samba.org?Subject=%5BSamba%5D%20Serving%20MS%20Access%20Databases%2C%20with%20ACL&In-Reply-To=47288B56.2010206%40hivsa.com> /Wed Oct 31 15:03:52 GMT 2007/ Greetings, This is a lit
Re: [Samba] Serving MS Access Databases, with ACL
Hi Dale. Thank you for this. I will try some tests. Can you elaborate on why you do not like ACLs? Had some bad experiences? God bless. Dale Schroeder wrote: Jayendren, Rather than acls, my preference (and it's only a preference) would be to create a group for the database users. Add user1 and user2 to that group. Then ==> chown root.database_group /srv/samba/file-server/studies/databases For security, let the permissions of this directory be no greater than 775. (It looks like that is what you already have.) If you go with MySQL, you can customize the access levels on a user-by-user basis on global settings, database settings, table settings, etc. The security options list is quite extensive. If you prefer GUI administration of MySQL (I do), Navicat is the program of choice. http://www.navicat.com/ It's not free, but is an affordable extension to a free database server. The only things I would say need changing in your smb.conf are: create mode = 0775 veto oplock files = /*.mdb/*.MDB*/* #don't forget the trailing slash (/) Good luck to you, Nick, and Nico. Dale jayendren anand maduray wrote: Hi Dale. Thanks for this, would you guys be able to send me a complete example, that would allow read/write access for two users (you can call them user1, and user2) Alternatively, you can comment on this one: -- Creating the directories, and set permissions: #mkdir /srv/samba/file-server/studies/databases #setfacl -R -m u:user1:rwx,u:user2:rwx /srv/samba/file-server/studies/databases #getfacl /srv/samba/file-server/studies/databases # file: # owner: root # group: root user::rwx user:user1:rwx user:user2:rwx group::r-x mask::rwx other::r-x The share entry in smb.conf: [databases] path = /srv/samba/file-server/studies/databases create mode = 0777 writeable = yes browseable = yes valid users = user1 user2 root writelist = user1 user2 root veto oplock files = /*.mdb/*.MDB nt acl support = yes nt pipe support = yes nt status support = yes inherit permissions = yes inherit acls = yes #smbcontrol smbd reload-config Global parameter acl compatibility found in service section! -- Nick/Nico, we must look at moving access databases to SQL/MySQL backends, soon. (See message from Dale/David below) God bless. Dale Schroeder wrote: jayendren anand maduray wrote: Hi All. Greetings from South Africa. I have a Samba LDAP server (v 3.022) running on Ubuntu 6.10 Its serving about 200 users, with profiles, and domain logons. I want to start serving MS Access Databases on it, with the best speed performance as possible. At the moment, the back ends for these databases, are about 200+ MB, and will grow over the next few years. Basically, the share should serve about 4 users, with read/write access. I am using the XFS file system, with ACL support. Has anyone setup such shares in smb.conf? I would really like to see an example. Lastly, I do not think I want to use oplocks. That's a wise choice. In the share, use: veto oplock files = /*.mdb/*.MDB/ David's suggestion about splitting the databases into Access frontend and MySQL backend is also wise. It has been my experience that large Access databases corrupt quite easily. That no longer happens in the setup David mentioned. Dale Any help, will be greatly appreciated. God bless. *Ellison, David* david.ellison at atkinsglobal.com <mailto:samba%40lists.samba.org?Subject=%5BSamba%5D%20Serving%20MS%20Access%20Databases%2C%20with%20ACL&In-Reply-To=47288B56.2010206%40hivsa.com> /Wed Oct 31 15:03:52 GMT 2007/ Greetings, This is a little off topic, but may be usefull to you. If the DB is going to grow much more than that, I would use a real SQL backend to the database. The MS Access DB backend is ok, however starts to suffer when they become huge, by the sounds of things they may. I am sure there are people with 700mb, 900mb etc Access databases, but its best to split the front end from the database and use a SQL database like MySQl for the backend. Just food for thought :) Cheers. Dave -- Jayendren Anand Maduray Microsoft Certified Professional Network Plus Senior IT Administrator Perinatal HIV Research Unit Wits Health Consortium University of the Witwatersrand Alternate email address: [EMAIL PROTECTED] Fax Number: 0866857317 ...There are 10 types of people, those who understand binary and those who do not... No virus found in this incoming message. Checked by AVG. Version: 7.5.503 / Virus Database: 269.15.15/1101 - Release Date: 10/31/2007 10:06 AM -- Jayendren Anand Maduray Microsoft Certified Professional Network Plus Senior IT Administrator Perinatal HIV Research Unit Wits Health Consortium University of the Witwatersrand Alternate email address: [EMAIL PROTECTED] Fax Number: 0866857317 ...Th
Re: [Samba] Serving MS Access Databases, with ACL
Hi Dale. Thanks for this, would you guys be able to send me a complete example, that would allow read/write access for two users (you can call them user1, and user2) Alternatively, you can comment on this one: -- Creating the directories, and set permissions: #mkdir /srv/samba/file-server/studies/databases #setfacl -R -m u:user1:rwx,u:user2:rwx /srv/samba/file-server/studies/databases #getfacl /srv/samba/file-server/studies/databases # file: # owner: root # group: root user::rwx user:user1:rwx user:user2:rwx group::r-x mask::rwx other::r-x The share entry in smb.conf: [databases] path = /srv/samba/file-server/studies/databases create mode = 0777 writeable = yes browseable = yes valid users = user1 user2 root writelist = user1 user2 root veto oplock files = /*.mdb/*.MDB nt acl support = yes nt pipe support = yes nt status support = yes inherit permissions = yes inherit acls = yes #smbcontrol smbd reload-config Global parameter acl compatibility found in service section! -- Nick/Nico, we must look at moving access databases to SQL/MySQL backends, soon. (See message from Dale/David below) God bless. Dale Schroeder wrote: jayendren anand maduray wrote: Hi All. Greetings from South Africa. I have a Samba LDAP server (v 3.022) running on Ubuntu 6.10 Its serving about 200 users, with profiles, and domain logons. I want to start serving MS Access Databases on it, with the best speed performance as possible. At the moment, the back ends for these databases, are about 200+ MB, and will grow over the next few years. Basically, the share should serve about 4 users, with read/write access. I am using the XFS file system, with ACL support. Has anyone setup such shares in smb.conf? I would really like to see an example. Lastly, I do not think I want to use oplocks. That's a wise choice. In the share, use: veto oplock files = /*.mdb/*.MDB/ David's suggestion about splitting the databases into Access frontend and MySQL backend is also wise. It has been my experience that large Access databases corrupt quite easily. That no longer happens in the setup David mentioned. Dale Any help, will be greatly appreciated. God bless. *Ellison, David* david.ellison at atkinsglobal.com <mailto:samba%40lists.samba.org?Subject=%5BSamba%5D%20Serving%20MS%20Access%20Databases%2C%20with%20ACL&In-Reply-To=47288B56.2010206%40hivsa.com> /Wed Oct 31 15:03:52 GMT 2007/ Greetings, This is a little off topic, but may be usefull to you. If the DB is going to grow much more than that, I would use a real SQL backend to the database. The MS Access DB backend is ok, however starts to suffer when they become huge, by the sounds of things they may. I am sure there are people with 700mb, 900mb etc Access databases, but its best to split the front end from the database and use a SQL database like MySQl for the backend. Just food for thought :) Cheers. Dave -- Jayendren Anand Maduray Microsoft Certified Professional Network Plus Senior IT Administrator Perinatal HIV Research Unit Wits Health Consortium University of the Witwatersrand Alternate email address: [EMAIL PROTECTED] Fax Number: 0866857317 ...There are 10 types of people, those who understand binary and those who do not... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Serving MS Access Databases, with ACL
Hi All. Greetings from South Africa. I have a Samba LDAP server (v 3.022) running on Ubuntu 6.10 Its serving about 200 users, with profiles, and domain logons. I want to start server MS Access Databases on it, with the best speed performance as possible. At the moment, the back ends for these databases, are about 200+ MB, and will grow over the next few years. Basically, the share should serve about 4 users, with read/write access. I am using the XFS file system, with ACL support. Has anyone setup such shares in smb.conf? I would really like to see an example. Lastly, I do not think I want to use oplocks. Any help, will be greatly appreciated. God bless. -- Jayendren Anand Maduray Microsoft Certified Professional Network Plus Senior IT Administrator Perinatal HIV Research Unit Wits Health Consortium University of the Witwatersrand Alternate email address: [EMAIL PROTECTED] Fax Number: 0866857317 ...There are 10 types of people, those who understand binary and those who do not... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Serving MS Access Databases, with ACL
Hi All. Greetings from South Africa. I have a Samba LDAP server (v 3.022) running on Ubuntu 6.10 Its serving about 200 users, with profiles, and domain logons. I want to start server MS Access Databases on it, with the best speed performance as possible. At the moment, the back ends for these databases, are about 200+ MB, and will grow over the next few years. Basically, the share should serve about 4 users, with read/write access. I am using the XFS file system, with ACL support. Has anyone setup such shares in smb.conf? I would really like to see an example. Lastly, I do not think I want to use oplocks. Any help, will be greatly appreciated. God bless. -- Jayendren Anand Maduray Microsoft Certified Professional Network Plus Senior IT Administrator Perinatal HIV Research Unit Wits Health Consortium University of the Witwatersrand Alternate email address: [EMAIL PROTECTED] Fax Number: 0866857317 ...There are 10 types of people, those who understand binary and those who do not... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Serving MS Access Databases, with ACL
Hi All. Greetings from South Africa. I have a Samba LDAP server (v 3.022) running on Ubuntu 6.10 Its serving about 200 users, with profiles, and domain logons. I want to start server MS Access Databases on it, with the best speed performance as possible. At the moment, the back ends for these databases, are about 200+ MB, and will grow over the next few years. Basically, the share should serve about 4 users, with read/write access. I am using the XFS file system, with ACL support. Has anyone setup such shares in smb.conf? I would really like to see an example. Lastly, I do not think I want to use oplocks. Any help, will be greatly appreciated. God bless. -- Jayendren Anand Maduray Microsoft Certified Professional Network Plus Senior IT Administrator Perinatal HIV Research Unit Wits Health Consortium University of the Witwatersrand Alternate email address: [EMAIL PROTECTED] Fax Number: 0866857317 ...There are 10 types of people, those who understand binary and those who do not... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba