Re: [Samba] Samba 4 as member server
How does your /etc/krb5.conf file look? On Tue, Aug 6, 2013 at 2:21 PM, Klaus Rörig wrote: > Hi! > > Authentication works when I set 'password server = server01', but then > testparm complains: > WARNING: The setting 'security=ads' should NOT be combined with the > 'password server' parameter. > (by default Samba will discover the correct DC to contact automatically). > > But Samba doesn't. DNS is working: > > host -t srv _kerberos._tcp > _kerberos._tcp.verwaltung.leibniz-remscheid.de has SRV record 0 100 88 > server01.verwaltung.leibniz-remscheid.de. > > host server01 > server01.verwaltung.leibniz-remscheid.de has address 192.168.20.200 > > > Klaus > > > > On Tue, Aug 6, 2013 at 5:13 PM, steve wrote: > > > On Tue, 2013-08-06 at 14:34 +0200, Klaus Rörig wrote: > > > Hi! > > > > > > I set up s3 on the fileserver now but I cannot connect to my share. > > > > > > 'wbinfo -u' lists all user > > > 'wbinfo-g' lists all groups > > > > > > getent also list the queried user. > > > > > > But when I try to connect from Win7 to my s3 share, it asks for creds > > > but does not accept any. I cannot see any log entries. > > > > > > What's wrong now? > > > > Hi > > Too general without knowing a bit more: > > Who is logged in on the Win7 box? > > Is the Win7 box joined to the domain? > > What are the permissions on /srv and /srv/share? > > Can the user access the share if logged in on the file server? > > Can the user access the share using smbclient? > > Does the share appear as a folder in explorer? > > What does the windows security tab give for the share? > > > > Steve > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 as member server
Hi! Authentication works when I set 'password server = server01', but then testparm complains: WARNING: The setting 'security=ads' should NOT be combined with the 'password server' parameter. (by default Samba will discover the correct DC to contact automatically). But Samba doesn't. DNS is working: host -t srv _kerberos._tcp _kerberos._tcp.verwaltung.leibniz-remscheid.de has SRV record 0 100 88 server01.verwaltung.leibniz-remscheid.de. host server01 server01.verwaltung.leibniz-remscheid.de has address 192.168.20.200 Klaus On Tue, Aug 6, 2013 at 5:13 PM, steve wrote: > On Tue, 2013-08-06 at 14:34 +0200, Klaus Rörig wrote: > > Hi! > > > > I set up s3 on the fileserver now but I cannot connect to my share. > > > > 'wbinfo -u' lists all user > > 'wbinfo-g' lists all groups > > > > getent also list the queried user. > > > > But when I try to connect from Win7 to my s3 share, it asks for creds > > but does not accept any. I cannot see any log entries. > > > > What's wrong now? > > Hi > Too general without knowing a bit more: > Who is logged in on the Win7 box? > Is the Win7 box joined to the domain? > What are the permissions on /srv and /srv/share? > Can the user access the share if logged in on the file server? > Can the user access the share using smbclient? > Does the share appear as a folder in explorer? > What does the windows security tab give for the share? > > Steve > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 as member server
On Tue, 2013-08-06 at 14:34 +0200, Klaus Rörig wrote: > Hi! > > I set up s3 on the fileserver now but I cannot connect to my share. > > 'wbinfo -u' lists all user > 'wbinfo-g' lists all groups > > getent also list the queried user. > > But when I try to connect from Win7 to my s3 share, it asks for creds > but does not accept any. I cannot see any log entries. > > What's wrong now? Hi Too general without knowing a bit more: Who is logged in on the Win7 box? Is the Win7 box joined to the domain? What are the permissions on /srv and /srv/share? Can the user access the share if logged in on the file server? Can the user access the share using smbclient? Does the share appear as a folder in explorer? What does the windows security tab give for the share? Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 as member server
Hi! I set up s3 on the fileserver now but I cannot connect to my share. 'wbinfo -u' lists all user 'wbinfo-g' lists all groups getent also list the queried user. But when I try to connect from Win7 to my s3 share, it asks for creds but does not accept any. I cannot see any log entries. What's wrong now? Klaus Am 06.08.2013 12:58, schrieb steve: On Tue, 2013-08-06 at 12:36 +0200, Klaus Rörig wrote: Hi, it seems that the ntvfs module is not working on Ubuntu, I get lots of error messages about this. I don't see Samba4 servers on network neighborhood, so users cannot browses shares but I do see Samba3 servers, so I have to get Samba3 working with Samba4. Or I have to build Samba4 by myself. Klaus Hi I don't think you can have (or would want?) network neighbourhood with AD. It may be best to have real shares and control access using ACL's or smb.conf. If you can, I really would advise building s4 from source: 4.0.8 for both DC and file server and using samba for the DC and smbd for the file server. It takes longer but it's easy to do and you can be sure to have the latest version. If you want to stick with Ubuntu then I see the s4 DC and separate s3 file server the best way to go. Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 as member server
On Tue, 2013-08-06 at 12:36 +0200, Klaus Rörig wrote: > Hi, > > it seems that the ntvfs module is not working on Ubuntu, I get lots of > error messages about this. > I don't see Samba4 servers on network neighborhood, so users cannot > browses shares but I do see Samba3 servers, so I have to get Samba3 > working with Samba4. > > Or I have to build Samba4 by myself. > > Klaus Hi I don't think you can have (or would want?) network neighbourhood with AD. It may be best to have real shares and control access using ACL's or smb.conf. If you can, I really would advise building s4 from source: 4.0.8 for both DC and file server and using samba for the DC and smbd for the file server. It takes longer but it's easy to do and you can be sure to have the latest version. If you want to stick with Ubuntu then I see the s4 DC and separate s3 file server the best way to go. Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 as member server
Hi, it seems that the ntvfs module is not working on Ubuntu, I get lots of error messages about this. I don't see Samba4 servers on network neighborhood, so users cannot browses shares but I do see Samba3 servers, so I have to get Samba3 working with Samba4. Or I have to build Samba4 by myself. Klaus Am 06.08.2013 11:59, schrieb steve: On Tue, 2013-08-06 at 10:57 +0200, Klaus Rörig wrote: OK, than I have to use the Samba 3.6 packages shipped with Ubuntu. Anything special I have to care about? Hi, no, but as you have only a few clients, it may be simpler to use the dc itself as file server, especially as you have specified ntvfs. If you want rfc2307 from winbind though, you'll have to either build samba 4.0.x from source on a separate box and use smbd or use the Ubuntu 3.6 packages, also on a separate box. If you're OK with ntvfs and you only have win7 clients, I'd go with the single DC/fileserver and forget about rfc2307. HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 as member server
On Tue, 2013-08-06 at 10:57 +0200, Klaus Rörig wrote: > OK, than I have to use the Samba 3.6 packages shipped with Ubuntu. > Anything special I have to care about? > Hi, no, but as you have only a few clients, it may be simpler to use the dc itself as file server, especially as you have specified ntvfs. If you want rfc2307 from winbind though, you'll have to either build samba 4.0.x from source on a separate box and use smbd or use the Ubuntu 3.6 packages, also on a separate box. If you're OK with ntvfs and you only have win7 clients, I'd go with the single DC/fileserver and forget about rfc2307. HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 as member server
OK, than I have to use the Samba 3.6 packages shipped with Ubuntu. Anything special I have to care about? Am 06.08.2013 09:33, schrieb steve: On Tue, 2013-08-06 at 09:21 +0200, Klaus Rörig wrote: But there are no smb/nmbd/winbindd binaries. Hi Oh, I see. The Ubuntu packages must only be for AD then. Sorry, I missed that you only wanted ntvfs. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 as member server
On Tue, 2013-08-06 at 09:21 +0200, Klaus Rörig wrote: > > But there are no smb/nmbd/winbindd binaries. Hi Oh, I see. The Ubuntu packages must only be for AD then. Sorry, I missed that you only wanted ntvfs. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 as member server
Hi Steve, when I start samba without the 'server services' optinion I get: "At this time the 'samba' binary should only be used for either: 'server role = active directory domain controller' or to access the ntvfs file server with 'server services= +smb' oder the rpc proxy with 'dcerpc endpoint servers = remote' You should start start smbd/nmbd/winbindd instead for domain member an standalone file server tasks" But there are no smb/nmbd/winbindd binaries. Klaus Am 05.08.2013 23:01, schrieb steve: On Mon, 2013-08-05 at 22:25 +0200, Klaus Rörig wrote: I cannot the member server working. My smb.conf: Hi Leave the domain and remove the .tdb files in /var/lib/smb. Then rejoin with this: [global] workgroup = VERWALTUNG security = ads realm = VERWALTUNG.LEIBNIZ-REMSCHEID.DE encrypt passwords = true idmap config *:backend = tdb idmap config *:range = 70001-8 idmap config VERWALTUNG:backend = ad idmap config VERWALTUNG:schema_mode = rfc2307 idmap config VERWALTUNG:range = 500-4 winbind nss info = rfc2307 winbind trusted domains only = no winbind use default domain = yes winbind enum users = yes winbind enum groups = yes [verwaltung] path = /srv/shares read only = no Start it with: smbd; winbindd Prolly not perfect, but should get you a bit close. hth Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 as member server
On Mon, 2013-08-05 at 22:25 +0200, Klaus Rörig wrote: > I cannot the member server working. > > My smb.conf: > Hi Leave the domain and remove the .tdb files in /var/lib/smb. Then rejoin with this: > [global] > workgroup = VERWALTUNG > security = ads > realm = VERWALTUNG.LEIBNIZ-REMSCHEID.DE > encrypt passwords = true > idmap config *:backend = tdb > idmap config *:range = 70001-8 > idmap config VERWALTUNG:backend = ad > idmap config VERWALTUNG:schema_mode = rfc2307 > idmap config VERWALTUNG:range = 500-4 > > winbind nss info = rfc2307 > winbind trusted domains only = no > winbind use default domain = yes > winbind enum users = yes > winbind enum groups = yes > > [verwaltung] > path = /srv/shares > read only = no Start it with: smbd; winbindd Prolly not perfect, but should get you a bit close. hth Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4 as member server
Hello list, I'm trying to setup a small samba4 domain ( 1 DC, 1 member server, 12 Win7 clients) on Ubuntu with the packages shipped with Ubuntu 13.04 (Samba 4.0.0), I also tried on Ubuntu 13.10 (Samba 4.0.3). DC seems to work fine, I can manage users an gpo, clients can join and logon. But I cannot the member server working. My smb.conf: [global] workgroup = VERWALTUNG security = ads realm = VERWALTUNG.LEIBNIZ-REMSCHEID.DE encrypt passwords = true server services = +smb -s3fs idmap config *:backend = tdb idmap config *:range = 70001-8 idmap config VERWALTUNG:backend = ad idmap config VERWALTUNG:schema_mode = rfc2307 idmap config VERWALTUNG:range = 500-4 winbind nss info = rfc2307 winbind trusted domains only = no winbind use default domain = yes winbind enum users = yes winbind enum groups = yes server role = domain controller dcerpc endpoint servers = -winreg -srvsvc [verwaltung] path = /srv/shares read only = no [sysvol] path = /var/lib/samba/sysvol read only = no [netlogon] path = /var/lib/samba/sysvol/VERWALTUNG.LEIBNIZ-REMSCHEID.DE/scripts read only = no I did 'samba-tool domain join VERWALTUNG -UAdministrator' with success: "Joined domain SID". The server is listet in AD Tools. But 'samba -i -M single -d1' stops working with: samba: /usr/lib/x86_64-linux-gnu/libwbclient.so.0: no version information available (required by /usr/lib/x86_64-linux-gnu/samba/libauth4.so) samba version 4.0.3 started. Copyright Andrew Tridgell and the Samba Team 1992-2012 samba: using 'single' process model task_server_terminate: [ldap_server: no LDAP server required in member server configuration] task_server_terminate: [cldap_server: no CLDAP server required in member server configuration] task_server_terminate: [kdc: no KDC required in member server configuration] task_server_terminate: [dreplsrv: no DSDB replication required in domain member configuration] task_server_terminate: [Cannot start Winbind (domain member): Failed to find record for VERWALTUNG in /var/lib/samba/private/secrets.ldb: No such object: (null): Have you joined the VERWALTUNG domain?] samba_terminate: Cannot start Winbind (domain member): Failed to find record for VERWALTUNG in /var/lib/samba/private/secrets.ldb: No such object: (null): Have you joined the VERWALTUNG domain? root@server04:/var/lib/samba/private# ls -la insgesamt 3784 drwxr-xr-x 3 root root4096 Aug 5 21:50 . drwxr-xr-x 7 root root4096 Aug 5 21:47 .. -rw--- 1 root root 1286144 Aug 5 21:50 privilege.ldb -rw--- 1 root root 696 Aug 5 21:50 randseed.tdb -rw--- 1 root root 1286144 Aug 5 21:50 sam.ldb -rw--- 1 root root 1286144 Aug 5 21:50 secrets.ldb drwxr-xr-x 3 root root4096 Aug 5 21:50 smbd.tmp Please help! Thx, Klaus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba