Re: [Samba] Newbie looking to move from Netware to Linux/Samba
> I'm looking to move my companies server from an old Netware 5.0 file > server to a Linux/Samba server on new hardware. > > Since my companies' systems are not mission critical (I can afford to be > down for a few hours at a time after a switch-over) I feel I have the > tolerance for some problems in getting it installed. > > Is this something I should be able to handle on my own (I installed the > NW 5.0 box on my own) and can I depend on support from the community in > doing so? > > Thanks in advance, > Boaz > Hi Boaz: I moved our file server from NW5.1 to Samba on Linux, we're about the same size shop as you. I build the samba box on some newer hardware, installed rsync on both machines (there's a netware rsync package, I think I got it on the developer's network), and used that to transfer files for the migration. I had to write a script to change ownership and permissions after the file xfer, that information didn't come across in a usable way after the file sync. Someone else may know a more elegant way of getting the files over. After a few gotcha's, it's all been very stable. I learned not to restart the samba process during the middle of the day when everyone's got files open ;-). I had some legacy printing issues (dos app printing to Netware LPT1: port mapping, worked in Netware) which I could never get to print just so using Linux CUPS, so I just have them print direct. Gotta love that legacy stuff that never, ever goes away... Hope your migration goes well! - Joe -- Joe Mailander [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba + ldap, acounts expiring? but pdbedit says otherwise
Apologies if this is a RTFM issue... My first question is: anyone know of code that can assist in going through samba logfiles (looking for errors, etc.)? I have what appears to be a password expiration problem. User X has been able to mount a shared drive off the samba box using his login/password. Suddenly it doesn't appear to work: he can run "net use Z: \\server\share" from his XP box, it tries to mount the drive, pops up with an invalid user/pw type of error, prompts for credentials. Enter what had been valid credentials, doesn't work. I ssh over to samba box, run pdbedit -L -v, his account expiration stuff looks like this: Logon time: 0 Logoff time: Mon, 18 Jan 2038 19:14:07 GMT Kickoff time: Mon, 18 Jan 2038 19:14:07 GMT Password last set:Wed, 11 Jan 2006 00:11:57 GMT Password can change: 0 Password must change: Fri, 11 Jan 2008 00:11:57 GMT Also, if I slapcat the ldap morass into a file and check the expiration time it's also in the future: sambaPwdMustChange: 1200039117 <- by my calculation the same date as listed above. We tried again, no soap. Reset password on server using the smbldap-password command, drive mounts fine. You could say that he was typing in the wrong password, but for one he administers a bunch of machines and is used to typing in passwords, and for two I had to run through all my users over the course of a couple of days and have them reset their passwords, same type of thing. Is there any other place I should be looking for something that would cause credentials not to work? I thought PAM, but all the account cruft is in LDAP and the data therein looks good (e.g. this user doesn't have an entry in /etc/password or /etc/shadow also). XP weirdness? It's probably worth mentioning that we don't do any kind of policy management on XP, stock xp pro installs from CD. Samba 3.0.20b openldap-2.2.13-4 idealx tools 0.9.1 Red Hat AS4 If that matters. Thanks for any hints or clues where to look! -- Joe Mailander [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] logins fine, then not: NT_STATUS_WRONG_PASSWORD
I've had samba in production for a few weeks, as follows: samba 3.0.20b openldap 2.2.13-4, idealx tools 0.9.1 red hat AS 4 clients: all XP sp2 Samba's the PDC, nothing fancy about the setup other than trying to use LDAP for authentication. So far everything's been mostly fine, then yesterday for some reason a number of my users couldn't authenticate after logging out or rebooting, they'd see an XP error suggesting they "check username and password". At the time, LDAP was up and responding to queries. Looking through the samba logs, when the logins fail I see: [2006/02/01 10:03:29, 5] lib/smbldap.c:smbldap_search_ext(980) smbldap_search_ext: base => [dc=lart,dc=com], filter => [(&(uid=someuser)(objectclass=sambaSamAccount))], scope => [2] [2006/02/01 10:03:29, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499) init_sam_from_ldap: Entry found for user: someuser [2006/02/01 10:03:29, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 [2006/02/01 10:03:29, 3] libsmb/ntlm_check.c:ntlm_password_check(207) ntlm_password_check: Interactive logon: NT password check failed for user someuser then later on: check_ntlm_password: sam authentication for user [someuser] FAILED with error NT_STATUS_WRONG_PASSWORD I can go run, as root, "/usr/sbin/smbldap-passwd someuser", have them enter in the password they normally use, then they can go login fine. Because it happened to nearly all my users at the same day I suspected the sambaPwdMustChange attribute, but it's set pretty far out: 1454167813, nor did anyone see a warning about needing to change their password. Also, running pdbedit shows: Password must change: Sat, 30 Jan 2016 07:30:13 GMT I did add all these folks on the same day weeks ago, and also had most of their XP boxes joined to our domain on the same day, so I suspect some default setting somewhere triggered this. We don't manage policies on the XP workstations (nor do roaming profiles or any of that), pretty much a generic XP pro workstation install. Thanks for any suggestions on the origin of this problem, I don't want it to happen again in two weeks :-) Global config info from smb.conf, if useful: [global] workgroup = LART passdb backend = ldapsam:ldap://ldap.lart.com enable privileges = Yes username map = /etc/samba/smbusers log level = 5 passdb:5 auth:5 winbind:2 log file = /var/log/samba/%m.log unix extensions = No socket options = IPTOS_LOWDELAY TCP_NODELAY SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192 printcap cache time = 600 printcap name = /etc/printcap add user script = /usr/sbin/smbldap-useradd -m "%u" delete user script = /usr/sbin/smbldap-userdel "%u" add group script = /usr/sbin/smbldap-groupadd -p "%g" delete group script = /usr/sbin/smbldap-groupdel "%g" add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" add machine script = /usr/sbin/smbldap-useradd -w "%u" logon script = logon.bat logon path = logon drive = H: logon home = \\%L\%U domain logons = Yes os level = 64 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes ldap admin dn = cn=Manager,dc=lart,dc=com ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap machine suffix = ou=People ldap suffix = dc=lart,dc=com ldap user suffix = ou=People idmap backend = ldap:ldap://ldap.lart.com idmap uid = 1-2 idmap gid = 1-2 map acl inherit = Yes cups options = raw,media=letter -- Joe Mailander [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
