Re: [Samba] Samba users profiles directory failing to mount in windows client
On Tue, Oct 4, 2011 at 10:57 PM, Harry Jede walk2...@arcor.de wrote: Use netbios name instead of netbios aliases Thanks Harry, that would certainly make sense, although I do have it in my smb.conf.master snip- # grep netbios smb.conf.master netbios name = TEST netbios aliases = TESTSRV snip- It appears that when I do a testparm -s smb.conf.master smb.conf that netbios name is getting stripped but there is no indication as to why, and it looks like it is not getting read if I add it manually to smb.conf: snip- # testparm -s smb.conf.master smb.conf Load smb config files from smb.conf.master rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section [homes] Processing section [netlogon] Global parameter logon script found in service section! Processing section [Profiles] Loaded services file OK. Server role: ROLE_DOMAIN_PDC snip- Some additional information that my be helpful to anyone who might be able to assist in troubleshooting:: output of smbclient -L (same results for both nbname and nbalias) snip- # smbclient -L //TEST Enter root's password: Domain=[TESTDOMAIN] OS=[Unix] Server=[Samba 3.5.8] Sharename Type Comment - --- IPC$IPC IPC Service (Samba 3.5.8) rootDisk Home Directories Domain=[TESTDOMAIN] OS=[Unix] Server=[Samba 3.5.8] Server Comment ---- TEST Samba 3.5.8 WRKSTN TESTSRV Samba 3.5.8 WorkgroupMaster ---- TESTMDOMAIN TEST INTERNAL TESTSRV WORKGROUPUSERNAME snip- Server hostname snip- # more /etc/hosts 127.0.0.1 localhost 10.1.0.10 test.testdomain test snip- both smbd and nmbd are running snip- # ps aux | grep mbd root 2319 0.0 0.0 9132 1056 pts/1S+ 13:24 0:00 grep --color=auto mbd root 21792 0.0 0.1 89776 5296 ?Ss Oct04 0:00 smbd -F root 21796 0.0 0.0 89776 2000 ?SOct04 0:00 smbd -F root 21804 0.0 0.0 61884 2276 ?Ss Oct04 0:04 nmbd -D snip- ~ jan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba users profiles directory failing to mount in windows client
I am having some issues with Samba with roaming profiles running on Ubuntu server. When a user logs in they get prompted with an error: windows error-- Windows cannot locate the server copy of your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you logoff. Possible causes of this error include network problems or insufficient security rights. If this problem persists, contact your network administrator. DETAIL - The network path was not found. windows error-- While trying to figure this out I believe I have found the problem but am unsure how to fix it. It would appear that for the logon path = \\%N\Profiles\%U entry in smb.conf that the %N (or even %L) does not get translated to the netbios name of the server. doing the following command shows the %N still untranslated while the %U is correctly updated to the user name # pdbedit -Lv testuser | grep Path Profile Path: \\%N\profiles\testuser If I manually hard code the %N to the servers name instead of using %N or %L the roaming profile works perfectly. Can anyone point me in the right direction so as to resolve this issue? Server setup: Ubuntu server 11.04 Samba 3.5.8 OpenLDAP 2.4.23 Windows XP SP3 clients smb.conf below: --[ smb.conf [global] workgroup = TESTDOMAIN netbios aliases = TESTSRV obey pam restrictions = Yes passdb backend = ldapsam:ldap://localhost passwd program = /usr/sbin/smbldap-passwd -u %u passwd chat = Changing *\nNew password* %n\n *Retype new password* %n\n passwd chat timeout = 4 log level = 3 syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel %u add group script = /usr/sbin/smbldap-groupadd -p '%g' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/sbin/smbldap-useradd -w '%u' logon path = \\%N\Profiles\%U logon drive = H: domain logons = Yes preferred master = Yes domain master = Yes dns proxy = No wins support = Yes ldap admin dn = cn=admin,dc=testdomain ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Computers ldap passwd sync = yes ldap suffix = dc=testdomain ldap ssl = no ldap user suffix = ou=Users panic action = /usr/share/samba/panic-action %d [homes] comment = Home Directories valid users = %S Read only = No browseable = No [netlogon] comment = Network Logon Service path = /home/samba/netlogon admin users = root guest ok = Yes browseable = No [Profiles] comment = Roaming Profile Share path = /home/samba/profiles read only = No profile acls = Yes browseable = No --[ smb.conf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba users profiles directory failing to mount in windows client
On 23:55:42 wrote greep elem: I am having some issues with Samba with roaming profiles running on Ubuntu server. When a user logs in they get prompted with an error: windows error-- Windows cannot locate the server copy of your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you logoff. Possible causes of this error include network problems or insufficient security rights. If this problem persists, contact your network administrator. DETAIL - The network path was not found. windows error-- While trying to figure this out I believe I have found the problem but am unsure how to fix it. It would appear that for the logon path = \\%N\Profiles\%U entry in smb.conf that the %N (or even %L) does not get translated to the netbios name of the server. doing the following command shows the %N still untranslated while the %U is correctly updated to the user name # pdbedit -Lv testuser | grep Path Profile Path: \\%N\profiles\testuser If I manually hard code the %N to the servers name instead of using %N or %L the roaming profile works perfectly. Can anyone point me in the right direction so as to resolve this issue? Use netbios name instead of netbios aliases -- Regards Harry Jede -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba users can't be seen from client mashine
Hi all, I have an ubuntu server 9.10 and a fedora. I have configured smb.confs such that fedora or any other computer is gonna reach /home of ubuntu server. But the problem is i can not see samba users that i have created on ubuntu I mean fedora can not find or reach or resolve samba users that I have created on ubuntu but only uid numbers. I have mounted /home directory of ubuntu from fedora without any problem I can ping ubuntu or vice versa even this command works smbclient -L ipofubuntu -Umuratcantuna or I can logon as smbclient //ipofubuntu/username but the permissions that I have made don't work, every user can write to every directory even if it doesn't belong them. Here is my two smb.conf files, do you have any idea what is the reason? fedora: Load smb config files from /etc/samba/smb.conf rlimit_max: rlimit_max (1024) below minimum Windows limit (16384) Processing section [homes] Processing section [printers] Processing section [netlogon] Processing section [Profiles] Loaded services file OK. Server role: ROLE_DOMAIN_BDC Press enter to see a dump of your service definitions [global] server string = Samba Server Version %v log file = /var/log/samba/log.%m max log size = 50 add user script = /usr/sbin/useradd %u -n -g users delete user script = /usr/sbin/userdel %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupdel %g delete user from group script = /usr/sbin/userdel %u %g add machine script = /usr/sbin/useradd -n -c Workstation (%u) -M -d /nohome -s /bin/false %u logon path = \\%L\%u domain logons = Yes domain master = No cups options = raw [homes] comment = Home Directories path = /mnt/home3 read only = No create mask = 0600 directory mask = 0700 browseable = No browsable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No browsable = No [netlogon] comment = Network Logon Service path = /mnt/home3 guest ok = Yes [Profiles] path = /mnt/home3 guest ok = Yes browseable = No browsable = No ubuntu: Load smb config files from /etc/samba/smb.conf rlimit_max: rlimit_max (1024) below minimum Windows limit (16384) Processing section [homes] Processing section [netlogon] Processing section [profiles] Processing section [print$] Loaded services file OK. Server role: ROLE_DOMAIN_PDC Press enter to see a dump of your service definitions [global] server string = parkplatz interfaces = 127.0.0.0/8, eth0 bind interfaces only = Yes map to guest = Bad User syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 add user script = /usr/sbin/adduser --quiet --disabled-password --gecos %u add group script = /usr/sbin/addgroup --force-badname %g add machine script = /usr/sbin/useradd -g machines -c %u machine account -d /var/lib/samba -s /bin/false %u logon path = \\%N\%U## logon path = /home/%u logon drive = H: domain logons = Yes usershare allow guests = Yes panic action = /usr/share/samba/panic-action %d idmap uid = 1000-20 idmap gid = 1000-20 [homes] comment = Home Directories path = /home read only = No create mask = 0600 directory mask = 0700 browseable = No browsable = No [netlogon] comment = Network Logon Service path = /home guest ok = Yes [profiles] comment = Users profiles path = /home create mask = 0600 directory mask = 0700 browseable = No browsable = No [print$] comment = Printer Drivers path = /var/lib/samba/printers thanks in advanced Murat Can Tuna -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba users can still login after password change
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Anyone know why a user can still use their old password to login to a samba domain when the sambaNTPassword and sambaLMPassword that are stored in the ldap backend have been changed? -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkpdASAACgkQ5B+8XEnAvqsTtgCdGDWklq0MefW7lPZZm5pNmQGG klgAoIEQOsfHexkzG5RMxIA6U32vW7zj =a2EB -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba users can still login after password change
On Tue, Jul 14, 2009 at 7:05 PM, David Christensendavid.christen...@viveli.com wrote: Anyone know why a user can still use their old password to login to a samba domain when the sambaNTPassword and sambaLMPassword that are stored in the ldap backend have been changed? Weird theory here: clients lost connection with logon server, so they use the cached password (the old one) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [samba-users] Network Pblm with misty (XP Home SP3 )
Ted Hilts wrote: Rubin Bennett wrote: On Fri, 2008-11-14 at 17:17 -0700, Ted Hilts wrote: In short this is the problem. The XP Home machine called misty cannot see any other machines. It cannot see the Linux machines and it cannot see the XP Home machines or the XP Pro machine. In spite of this blindness it can map to all the XP machines and define so-called network places. But misty cannot map through the SAMBA protocal used by the Linux machines to make their shares available. All the other XP machines can access these Linux shares. So this problem is unique to misty. Looking from the Linux side of the LAN the Linux machines can see misty shares as in these following diagnostics generated from the Linux machine called Ubuntu with the same OS name. (misty has the static IP address 192.168.1.20 and MS SP3). The diagnostics indicate that Ubuntu can see the misty shares. The Linux machine Ubuntu has IP address 192.168.1.16. Here are those diagnostics: (disregard the error line allow hosts associated with the smb.config file. [EMAIL PROTECTED]:~$ nmblookup -d 2 '*' params.c:Parameter() - Ignoring badly formed line in configuration file: allow hosts added interface ip=192.168.1.16 bcast=192.168.1.255 nmask=255.255.255.0 querying * on 192.168.1.255 Got a positive name query response from 192.168.1.16 ( 192.168.1.16 ) Got a positive name query response from 192.168.1.20 ( 192.168.1.20 ) Got a positive name query response from 192.168.1.15 ( 192.168.1.15 ) Got a positive name query response from 192.168.1.9 ( 192.168.1.9 ) Got a positive name query response from 192.168.1.70 ( 192.168.1.70 ) 192.168.1.16 *00 192.168.1.20 *00 192.168.1.15 *00 192.168.1.9 *00 192.168.1.70 *00 [EMAIL PROTECTED]:~$ sudo smbclient -L misty -U ted -W peggyted [sudo] password for ted: params.c:Parameter() - Ignoring badly formed line in configuration file: allow hosts Password: Domain=[MISTY] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager] Sharename Type Comment - --- IPC$IPC Remote IPC SharedDocs Disk C Disk D Disk Domain=[MISTY] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager] Server Comment ---- WorkgroupMaster ---- [EMAIL PROTECTED]:~$ In addition I obtained some advice but am not sure what to make of it. All the following is that advice. Look into that XP Home / Samaba. I would do some more research samba xp registry hack I remember having to use the below at one point. Network Sign or Seal Registry Change The following registry entry needs to be changed: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\Netlogon\Parameters] requiresignorseal=dword: signsecurechannel=dword: end of advice. When XP first came out, this was valid advice. It hasn't been for several years now though. Your diagnostics are thorough but flawed - you don't have to have working shares to be able to list them from smbclient. You'd be better off to test them using smbclient -U ted //ubuntu/ShareDocs Once you authenticate successfully, you should be able to do a directory listing in the share. You also should be able to browse from teh XP machine via the Ubuntu server's IP address: Start - Run - \\192.168.1.16 That *should* return a list of shares and you should be able to descend into them if all is working. Re: the error: NEVER disregard error messages, they *always* mean something. I presume that you're only trying to have workgroup browsing, as you already know that XP Home can't do domains? HTH, Rubin Rubin: I think my problem is with misty not with Ubuntu. You said: Start - Run - \\192.168.1.16 (remember 192.168.1.16 is the Ubuntu machine IP address and your XP instructions are applied to misty which has IP address 192.168.1.20. The results follow: Windows Explorer \\192.168.1.16 is not accesible. You might not have permissions to use this network resource. Contact the administrator of this service to find out if you have access permissions. The account is not authorized to log in from this station. Both misty and Ubuntu have the same account name which is ted and ted is me -- the administrator for both. Both misty and Ubuntu use the HOSTS and LMHOSTS files and the proper information is in each of them. Static IP addresses are used for all machines in the LAN. The addresses and names are properly correlated for each machine. Both can ping each other and any other machine in the LAN. The Ubuntu smb file properly shows that misty is an acceptable host and the user ted is an acceptable user. As shown earlier Ubuntu can see the misty shares but cannot do a smbmount on these shares. What has been said of Ubuntu is also true of gateway (not the command) machine which is a Suse Linux distribution. Both Linux
[Samba] [samba-users] Network Pblm with misty (XP Home SP3 )
In short this is the problem. The XP Home machine called misty cannot see any other machines. It cannot see the Linux machines and it cannot see the XP Home machines or the XP Pro machine. In spite of this blindness it can map to all the XP machines and define so-called network places. But misty cannot map through the SAMBA protocal used by the Linux machines to make their shares available. All the other XP machines can access these Linux shares. So this problem is unique to misty. Looking from the Linux side of the LAN the Linux machines can see misty shares as in these following diagnostics generated from the Linux machine called Ubuntu with the same OS name. (misty has the static IP address 192.168.1.20 and MS SP3). The diagnostics indicate that Ubuntu can see the misty shares. The Linux machine Ubuntu has IP address 192.168.1.16. Here are those diagnostics: (disregard the error line allow hosts associated with the smb.config file. [EMAIL PROTECTED]:~$ nmblookup -d 2 '*' params.c:Parameter() - Ignoring badly formed line in configuration file: allow hosts added interface ip=192.168.1.16 bcast=192.168.1.255 nmask=255.255.255.0 querying * on 192.168.1.255 Got a positive name query response from 192.168.1.16 ( 192.168.1.16 ) Got a positive name query response from 192.168.1.20 ( 192.168.1.20 ) Got a positive name query response from 192.168.1.15 ( 192.168.1.15 ) Got a positive name query response from 192.168.1.9 ( 192.168.1.9 ) Got a positive name query response from 192.168.1.70 ( 192.168.1.70 ) 192.168.1.16 *00 192.168.1.20 *00 192.168.1.15 *00 192.168.1.9 *00 192.168.1.70 *00 [EMAIL PROTECTED]:~$ sudo smbclient -L misty -U ted -W peggyted [sudo] password for ted: params.c:Parameter() - Ignoring badly formed line in configuration file: allow hosts Password: Domain=[MISTY] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager] Sharename Type Comment - --- IPC$IPC Remote IPC SharedDocs Disk C Disk D Disk Domain=[MISTY] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager] Server Comment ---- WorkgroupMaster ---- [EMAIL PROTECTED]:~$ In addition I obtained some advice but am not sure what to make of it. All the following is that advice. Look into that XP Home / Samaba. I would do some more research samba xp registry hack I remember having to use the below at one point. Network Sign or Seal Registry Change The following registry entry needs to be changed: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\Netlogon\Parameters] requiresignorseal=dword: signsecurechannel=dword: end of advice. E-mail message checked by Spyware Doctor (6.0.0.386) Database version: 5.0 http://www.pctools.com/en/spyware-doctor-antivirus/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [samba-users] Network Pblm with misty (XP Home SP3 )
Rubin Bennett wrote: On Fri, 2008-11-14 at 17:17 -0700, Ted Hilts wrote: In short this is the problem. The XP Home machine called misty cannot see any other machines. It cannot see the Linux machines and it cannot see the XP Home machines or the XP Pro machine. In spite of this blindness it can map to all the XP machines and define so-called network places. But misty cannot map through the SAMBA protocal used by the Linux machines to make their shares available. All the other XP machines can access these Linux shares. So this problem is unique to misty. Looking from the Linux side of the LAN the Linux machines can see misty shares as in these following diagnostics generated from the Linux machine called Ubuntu with the same OS name. (misty has the static IP address 192.168.1.20 and MS SP3). The diagnostics indicate that Ubuntu can see the misty shares. The Linux machine Ubuntu has IP address 192.168.1.16. Here are those diagnostics: (disregard the error line allow hosts associated with the smb.config file. [EMAIL PROTECTED]:~$ nmblookup -d 2 '*' params.c:Parameter() - Ignoring badly formed line in configuration file: allow hosts added interface ip=192.168.1.16 bcast=192.168.1.255 nmask=255.255.255.0 querying * on 192.168.1.255 Got a positive name query response from 192.168.1.16 ( 192.168.1.16 ) Got a positive name query response from 192.168.1.20 ( 192.168.1.20 ) Got a positive name query response from 192.168.1.15 ( 192.168.1.15 ) Got a positive name query response from 192.168.1.9 ( 192.168.1.9 ) Got a positive name query response from 192.168.1.70 ( 192.168.1.70 ) 192.168.1.16 *00 192.168.1.20 *00 192.168.1.15 *00 192.168.1.9 *00 192.168.1.70 *00 [EMAIL PROTECTED]:~$ sudo smbclient -L misty -U ted -W peggyted [sudo] password for ted: params.c:Parameter() - Ignoring badly formed line in configuration file: allow hosts Password: Domain=[MISTY] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager] Sharename Type Comment - --- IPC$IPC Remote IPC SharedDocs Disk C Disk D Disk Domain=[MISTY] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager] Server Comment ---- WorkgroupMaster ---- [EMAIL PROTECTED]:~$ In addition I obtained some advice but am not sure what to make of it. All the following is that advice. Look into that XP Home / Samaba. I would do some more research samba xp registry hack I remember having to use the below at one point. Network Sign or Seal Registry Change The following registry entry needs to be changed: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\Netlogon\Parameters] requiresignorseal=dword: signsecurechannel=dword: end of advice. When XP first came out, this was valid advice. It hasn't been for several years now though. Your diagnostics are thorough but flawed - you don't have to have working shares to be able to list them from smbclient. You'd be better off to test them using smbclient -U ted //ubuntu/ShareDocs Once you authenticate successfully, you should be able to do a directory listing in the share. You also should be able to browse from teh XP machine via the Ubuntu server's IP address: Start - Run - \\192.168.1.16 That *should* return a list of shares and you should be able to descend into them if all is working. Re: the error: NEVER disregard error messages, they *always* mean something. I presume that you're only trying to have workgroup browsing, as you already know that XP Home can't do domains? HTH, Rubin Rubin: I think my problem is with misty not with Ubuntu. You said: Start - Run - \\192.168.1.16 (remember 192.168.1.16 is the Ubuntu machine IP address and your XP instructions are applied to misty which has IP address 192.168.1.20. The results follow: Windows Explorer \\192.168.1.16 is not accesible. You might not have permissions to use this network resource. Contact the administrator of this service to find out if you have access permissions. The account is not authorized to log in from this station. Both misty and Ubuntu have the same account name which is ted and ted is me -- the administrator for both. Both misty and Ubuntu use the HOSTS and LMHOSTS files and the proper information is in each of them. Static IP addresses are used for all machines in the LAN. The addresses and names are properly correlated for each machine. Both can ping each other and any other machine in the LAN. The Ubuntu smb file properly shows that misty is an acceptable host and the user ted is an acceptable user. As shown earlier Ubuntu can see the misty shares but cannot do a smbmount on these shares. What has been said of Ubuntu is also true of gateway (not the command) machine which is a Suse Linux distribution. Both Linux machines get the same reactions from
[Samba] Samba users as local workstation admins?
Hi All, We have a problem, which is that several of our users are local admins on their own workstations. We'd like to let them retain these rights, but we're switching to a PDC. Is there a way to have them authenticate to the domain, and as a regular user, but on the Windows workstation have full control? What's the best solution for this? I obviously don't want to make them domain Admins. Thanks, Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba users as local workstation admins?
After you set up those users on the PDC, you should be able to add them to the Administrators group on the Windows workstation. I have done that with a few users and it is working properly as far as I can tell. The important thing is that you must add the DOMAIN user to the Administrators group, not the current local user. Hope this helps! Bob We have a problem, which is that several of our users are local admins on their own workstations. We'd like to let them retain these rights, but we're switching to a PDC. Is there a way to have them authenticate to the domain, and as a regular user, but on the Windows workstation have full control? What's the best solution for this? I obviously don't want to make them domain Admins. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba users as local workstation admins?
On Thursday 03 April 2008 15:13, Christopher Perry wrote: We have a problem, which is that several of our users are local admins on their own workstations. We'd like to let them retain these rights, but we're switching to a PDC. Is there a way to have them authenticate to the domain, and as a regular user, but on the Windows workstation have full control? What's the best solution for this? I obviously don't want to make them domain Admins. we had the same requirement and just locally added Domain Users to the local Administrators group on all clients. hth :) -- best rgds, armin walland focus market research IT :: development, administration http://www.focusmr.com maculangasse 8 1220 wien please try not to send me HTML emails! pgpYHmz77UmD9.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba users as local workstation admins?
On 4/3/2008 9:19 AM, armin walland wrote: On Thursday 03 April 2008 15:13, Christopher Perry wrote: We have a problem, which is that several of our users are local admins on their own workstations. We'd like to let them retain these rights, but we're switching to a PDC. Is there a way to have them authenticate to the domain, and as a regular user, but on the Windows workstation have full control? What's the best solution for this? I obviously don't want to make them domain Admins. we had the same requirement and just locally added Domain Users to the local Administrators group on all clients. Gack! I created a new group 'Local Admins', and only added *that* group to the local 'Administrators' group on each workstation... Most people not only don't *need* local admin privs, most people *should* *not* have local admin privs... I do add the 'Domain Users' group to the local 'Power Users' group though, which is almost as bad, but some of our apps just won't work right without Power User privs... :( -- Best regards, Charles -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba users not working
Hello everybody, am newbie in samba, i need some help. I just installed samba into my Ubuntu 7.10 server machine. I can set up shares etc. but only with default user I tried to add new users: sudo useradd user or sudo adduser user then smbpasswd - a user and added user = user in /etc/samba/smbusers added share: [demo] comment = Network user path = /home/user browseable = yes valid users = user writable = yes create mask = 0700 I cannot login, error (not access...) but shares with default user are working.. Here is my smb.conf: #=== Global Settings === [global] ## Browsing/Identification ### workgroup = MSHOME server string = SSK Failu Saugykla # Windows Internet Name Serving Support Section: # WINS Support - Tells the NMBD component of Samba to enable its WINS Server wins support = yes # WINS Server - Tells the NMBD components of Samba to be a WINS Client # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both ; wins server = w.x.y.z # This will prevent nmbd to search for NetBIOS names through DNS. dns proxy = no # What naming service and in what order should we use to resolve host names # to IP addresses ; name resolve order = lmhosts host wins bcast Networking # The specific set of interfaces / networks to bind to # This can be either the interface name or an IP address/netmask; # interface names are normally preferred ; interfaces = 127.0.0.0/8 eth0 # Only bind to the named interfaces and/or networks; you must use the # 'interfaces' option above to use this. # It is recommended that you enable this feature if your Samba machine is # not protected by a firewall or is a firewall itself. However, this # option cannot handle dynamic or non-broadcast interfaces correctly. ; bind interfaces only = true Debugging/Accounting # This tells Samba to use a separate log file for each machine # that connects log file = /var/log/samba/log.%m max log size = 1000 ; syslog only = no syslog = 0 # Do something sensible when Samba crashes: mail the admin a backtrace panic action = /usr/share/samba/panic-action %d ### Authentication ### security = user username map = /etc/samba/smbusers # You may wish to use password encryption. See the section on # 'encrypt passwords' in the smb.conf(5) manpage before enabling. encrypt passwords = true # If you are using encrypted passwords, Samba will need to know what # password database type you are using. passdb backend = tdbsam ; obey pam restrictions = yes ; guest account = nobody invalid users = root # This boolean parameter controls whether Samba attempts to sync the Unix # password with the SMB password when the encrypted SMB password in the # passdb is changed. ; unix password sync = no passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword :* %n\n *passwd:*password\supdated\ssuccessfully* . # This boolean controls whether PAM will be used for password changes # when requested by an SMB client instead of the program listed in # 'passwd program'. The default is 'no'. ; pam password change = no ## Domains ### # Is this machine able to authenticate users. Both PDC and BDC # must have this setting enabled. If you are the BDC you must # change the 'domain master' setting to no # ; domain logons = yes # # The following setting only takes effect if 'domain logons' is set # It specifies the location of the user's profile directory # from the client point of view) # The following required a [profiles] share to be setup on the # samba server (see below) ; logon path = \\%N\profiles\%U # Another common choice is storing the profile in the user's home directory ; logon path = \\%N\%U\profile # The following setting only takes effect if 'domain logons' is set # It specifies the location of a user's home directory (from the client # point of view) ; logon drive = H: ; logon home = \\%N\%U # The following setting only takes effect if 'domain logons' is set # It specifies the script to run during logon. The script must be stored # in the [netlogon] share # NOTE: Must be store in 'DOS' file format convention ; logon script = logon.cmd # This allows Unix users to be created on the domain controller via the SAMR # RPC pipe. The example command creates a user account with a disabled Unix # password; please adapt to your needs ; add user script = /usr/sbin/adduser --quiet --disabled-password --gecos %u Misc # Using the following line enables you to customise your configuration # on a per machine basis. The %m gets replaced with the netbios name # of the machine that is connecting ; include = /home/samba/etc/smb.conf.%m # Most people will find that this option gives better performance. # See smb.conf(5) and
[Samba] samba users and group mapping
HI!, I need to know how Sids numers are generated when I create a user or when I mapped a posix group with a samba group. Could I have a samba group and a samba user with the same SID? Will it bring me problems? Thank you! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba users and group mapping
On Mon, 2007-05-14 at 18:13 -0300, Sebastian Firpo wrote: HI!, I need to know how Sids numers are generated when I create a user or when I mapped a posix group with a samba group. Depending on the version of samba generated algorithmically for the uid/gid or assigned monotonically incrementing an index. Could I have a samba group and a samba user with the same SID? Will it bring me problems? Many, Windows machines will not be able to distinguish between the user and the group, and neither samba. Simo. -- Simo Sorce Samba Team GPL Compliance Officer email: [EMAIL PROTECTED] http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba Users
I am running Samba version 3.0.13-1.1-SUSE. I am a bit new to samba. I am running Samba version 3.0.13-1.1-SUSE with unix users as samba users (no AD). Is there a method of listing enabled samba users other than viewing the /etc/passwd file? Thanks CONFIDENTIAL NOTICE: This e-mail message and any attachment(s) (collectively, this 'Email') are intended only for the confidential use of the recipient(s) named above. If the reader of this message is not the intended recipient named above or an agent responsible for delivering it to the intended recipient named above, you have received this Email in error. Please notify the sender immediately and permanently delete this Email and any copies thereof. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba Users
On Wednesday 19 October 2005 10:19, Van Hoff, Mike wrote: I am running Samba version 3.0.13-1.1-SUSE. I am a bit new to samba. I am running Samba version 3.0.13-1.1-SUSE with unix users as samba users (no AD). Is there a method of listing enabled samba users other than viewing the /etc/passwd file? Suggest you follow the examples in the book Samba-3 by Example. It is available from Amazon.Com in hard copy, or in PDF from: http://www.samba.org/samba/docs/Samba3-ByExample.pdf Enjoy. - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba Users
On Wed, Oct 19, 2005 at 11:37:15AM -0600, John H Terpstra wrote: On Wednesday 19 October 2005 10:19, Van Hoff, Mike wrote: I am running Samba version 3.0.13-1.1-SUSE. I am a bit new to samba. I am running Samba version 3.0.13-1.1-SUSE with unix users as samba users (no AD). Is there a method of listing enabled samba users other than viewing the /etc/passwd file? Suggest you follow the examples in the book Samba-3 by Example. It is available from Amazon.Com in hard copy, or in PDF from: http://www.samba.org/samba/docs/Samba3-ByExample.pdf By the way John, I just wanted to congratulate you publicly on the servies of articles that got linked to on Slashdot yesterday : http://linux.slashdot.org/article.pl?sid=05/10/18/2036220tid=109tid=106 Really well written, very important and incisive work ! Thanks a lot ! Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba users spreading spam (or automated replies)
Hi Some of the samba users are spreading spam or automated replies. Is there any possible way to stop them? I've got the following two messages after my first post which are either spam or automated nonsense replies: Message 1: From: Jim Crippen [EMAIL PROTECTED] To: Behrang Saeedzadeh [EMAIL PROTECTED] Date: Fri, 25 Feb 2005 06:21:37 -0600 Subject: Out of Office AutoReply: [Samba] Samba write permission problem I will be out of the office Thursday and Friday, February 24 and 25. I will be returning to the office on Monday, February 28. If you need immediate assistance please contact one of the following: Molly McDonald - [EMAIL PROTECTED] - 281-775-2264 Mike Carroll - [EMAIL PROTECTED] - 281-775-2129 Jay Coulbourne - [EMAIL PROTECTED] - 281-775-2139 Message 2: From: Bruno Guerreiro [EMAIL PROTECTED] To: Behrang Saeedzadeh [EMAIL PROTECTED] Date: Fri, 25 Feb 2005 12:19:43 - Subject: Resposta 'Fora do escritório' autom.: [Samba] Samba write permission problem Encontro-me de férias até ao dia 7 de Março de 2005 Qualquer assunto profissional deverá ser reencaminhado para Julio Mendes ou Vitor Moreira no caso de NT, ou Jose Carlos Martins ,Joaquim Machado ou João Franco Silva no caso de Linux. Cumprimentos. Bruno Guerreiro Best Regards, -- Behrang Saeedzadeh http://www.jroller.com/page/behrangsa -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba users spreading spam (or automated replies)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Behrang Saeedzadeh wrote: | Hi | | Some of the samba users are spreading | spam or automated replies. Is | there any possible way to stop them? | | I've got the following two messages after | my first post which are either spam or | automated nonsense replies: Please read the mailing list archives. This topic has been discussed many times before. Let's not waste bandwidth covering old territory. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCHy0cIR7qMdg1EfYRAiQoAJwICFtfy6AI5WKdt/nYgXEB2GWmVQCeIUbu 7ioKTT9ORmtohKJh+Zr/6BQ= =9SIg -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba users authorization
Is it possible to set a samba user with write authorization but without delete authorization ? I mean the windows user can create file in the samba network drive but can't delete it. Thank you -- Regards, Frankie -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba users without local unix users
Hello to all: First of all, sorry about my poor english. I am spanish :) I have a debian machine running as a samba file server. The important part of smb.conf is here: security = share encrypt passwords = true passdb backend = smbpasswd:/etc/samba/smbpasswd obey pam restrictions = yes invalid users = root passwd program = /usr/bin/passwd %u passwd chat = Enter\snew\sUNIX\spassword: %n\n Retype\snew\sUNIX\spassword: % n\n . I want to create samba users without local unix account. I've tried the following: smbpasswd -a newuser This command fails if newuser doesn't exist in local machine (in /etc/passwd). If the user exist, the smbpasswd -a command runs well. How can i create samba users without create local unix users? Thanks in advance -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba users without local unix users
On Mon, 2004-03-22 at 05:02, Felipe S. Elich wrote: Hello to all: First of all, sorry about my poor english. I am spanish :) I have a debian machine running as a samba file server. The important part of smb.conf is here: security = share encrypt passwords = true passdb backend = smbpasswd:/etc/samba/smbpasswd obey pam restrictions = yes invalid users = root passwd program = /usr/bin/passwd %u passwd chat = Enter\snew\sUNIX\spassword: %n\n Retype\snew\sUNIX\spassword: % n\n . I want to create samba users without local unix account. I've tried the following: smbpasswd -a newuser This command fails if newuser doesn't exist in local machine (in /etc/passwd). If the user exist, the smbpasswd -a command runs well. How can i create samba users without create local unix users? --- You can't. You can have unix users without a valid shell however. The closest thing to what you are asking is to map users (mapping smbusers to say 1 or more unix users) but that is entirely a manual process. Craig -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba users without local unix users
El Lunes, 22 de Marzo de 2004 13:52, Craig White escribió: How can i create samba users without create local unix users? You can't. You can have unix users without a valid shell however. But... this is applied to all security levels or only when security=shared is enabled? Thanks in advance -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba users without local unix users
On Mon, 2004-03-22 at 06:56, Felipe S. Elich wrote: El Lunes, 22 de Marzo de 2004 13:52, Craig White escribi: How can i create samba users without create local unix users? You can't. You can have unix users without a valid shell however. But... this is applied to all security levels or only when security=shared is enabled? All connections, even security = share have to map to a valid username in some fashion. man smb (security = ) describes the various methods used to try to deduce the user name. Craig -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba users policies
Hi: I've set samba to be a primary domain controller (PDC). That's fine and works. So, anybody knows how to set samba users policies? I mean, passwd expiration times, limited failed logins attempts, and so on... Is this possible? How? Any documentation? Thanks in advance and best regards. pollo --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.487 / Virus Database: 286 - Release Date: 01/06/2003 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Users
Sir, My samba is connecting Linux and MSWin . Can I know how many users(with read and write rights) can access at a time. What is the maximum user limit. Regards, Rajsundar.
Re: [Samba] Samba Users
On Fri, 2003-01-24 at 04:52, [EMAIL PROTECTED] wrote: Sir, My samba is connecting Linux and MSWin . Can I know how many users(with read and write rights) can access at a time. What is the maximum user limit. the number of users is controlled by your hardware... i've heard of 100s of simultaneous users on big hardware. brad -- Bradley W. Langhorst [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Users
At my previous job as a Network Admin for a university, we had around 3000 users connected via Samba at any one time. Because of this, we broke up sections of the campus into zones, and gave each zone it's own Samba PDC that verified logins against a centralized NIS+ user database. I think we had 12 different samba machines to handle the load. I hope this gives you a better idea of how well it can handle a large number of users. -Gabe Bradley W. Langhorst wrote: On Fri, 2003-01-24 at 04:52, [EMAIL PROTECTED] wrote: Sir, My samba is connecting Linux and MSWin . Can I know how many users(with read and write rights) can access at a time. What is the maximum user limit. the number of users is controlled by your hardware... i've heard of 100s of simultaneous users on big hardware. brad -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba users on Windows 2000 server
Hello, We have used successfully Samba suite for 5 years and it's a real pleasure to work with these safe and powerful products. ;-) Thank's to samba team. We have a Solaris Server with Samba 2.2.3a and a list of about 20 running volumes. Each person has a private connection with our data sphere via Samba (directly with PC, NFS with UNIX and Samba + DAVE with Mac). We have also a W2K advanced server with 50 simultaneous users which distributes RDP or ICA sessions to thin client users. This server don't manage any data, users have a samba connection to unix data server. Our problem today is : Only one smbd daemon has been started when user comes from W2k server. Behind this unique unix process, there is a management of about 70 - 100 connections This is a result part of smbstatus : rimuno rimuno genra 5319 gene2 (193.50.63.0) Tue Oct 22 15:00:29 2002 wintowintogenra 5319 gene2 (193.50.63.0) Tue Oct 22 15:01:03 2002 thoyon thoyon sepes 5319 gene2 (193.50.63.0) Tue Oct 22 15:00:25 2002 Prod_Contr kurbel genra 5319 gene2 (193.50.63.0) Tue Oct 22 15:00:22 2002 Temporaire bouc lgmd 5319 gene2 (193.50.63.0) Tue Oct 22 16:00:16 2002 sambasambagenra 5319 gene2 (193.50.63.0) Tue Oct 22 15:14:10 2002 Eval bobatgenra 5319 gene2 (193.50.63.0) Tue Oct 22 15:00:22 2002 Imagerie liploce genra 15612 w-laplace (192.168.100.117) Tue Oct 22 12:03:54 2002 When we are using about 90 connections, new connections become impossible !!! So my question : Is it possible to start any different daemons for each connection from W2K server gene2 ? Thanks by advance. Best regards. ¨¨°ºo.,,.oº°¨¨°º (- - -) º°¨¨°ºo.,,.oº°¨¨ Pascal MARTINEZIT Manager GENETHON (www.genethon.fr)+33 (1) 69.47.28.30 - -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba