[Samba] Samba ads member
Hi, I have few Problems with a Samba 3.6.7, The first is if the Windows is shut down over the night they can't autificate on the next day. [2013/04/13 13:03:10.538406, 2] auth/auth.c:319(check_ntlm_password) check_ntlm_password: Authentication for user [jefe] -> [jefe] FAILED with error NT_STATUS_NO_SUCH_USE After I restart winbindd it works up to the next morning. Sometimes we have few Problems with looking our users saying, that every second day can open a document only in read-only-mode then from an another client is the same they have to save the changes in a new name delete the old name and rename the changes file to the old name [global] log level = 2 realm = ed.xxx.de security = ADS encrypt passwords = yes client use spnego = yes workgroup = ED netbios name = DATENSERVER wins support = yes idmap uid = 1-2 idmap gid = 1-2 winbind separator = + winbind enum users = yes winbind enum groups = yes winbind use default domain = yes we use folder redirection with gpo in windows server 2008 r2 and windows 7 clients on \\DATENSERVER\Profiles\username [profiles] path = /var/lib/samba/profiles browsable = no read only = no create mode = 0600 directory mode = 0700 force group = domänen-benutzer veto files = /$RECYCLE.BIN/desktop.ini/ our shares looking like that [Studio] path = /var/lib/samba/studio browsable = yes read only = no create mode = 0660 directory mode = 0770 force create mode = 0060 force directory mode = 0070 force group = domänen-benutzer valid users = administrator @ED+geschaeftsleitung whith posibility have I to set posix acls from the windows clients? Felipe -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba ADS member: using local groups
Hi. I have problems using local groups on a SAMBA ADS member. I encountered the problem when I switched from Fedora Core 4 to Fedora Core 5. I'm using the FC5 samba-3.0.22-1.fc5 package. The SELinux is set to permissive mode (SELINUX=permissive), so this should not cause problems. I'm using same scripts for generating group mapping and add users to groups, as I used on FC4. The problem is I can not access to a newly created share. I'm getting access denied. Details: smb.conf: workgroup = MYAD realm = MYAD.SI security = ads netbios name = SRV use kerberos keytab = True local master = no domain master = no preferred master = no domain logons = no winbind cache time = 150 template shell = /bin/false template homedir = /dev/null idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 enable privileges = no allow trusted domains = yes winbind trusted domains only = no winbind use default domain = no acl group control = no winbind enum groups = yes winbind enum users = yes winbind nested groups = yes [testg] path = /tmp/testg browsable = yes # net groupmap list | grep testg testg (S-1-5-21-36326577-213813108-2479972072-35181) -> testg # net rpc group members testg -U MYAD\\damird%pass MYAD\damird # grep testg /etc/group testg:x:17090:MYAD\damird # getent group testg testg:x:17090:MYAD\damird # getent group SRV\\testg testg:*:16777937:MYAD\damird # chown root:testg /tmp/testg # chmod 770 /tmp/testg # ls -ald /tmp/testg drwxrwx--- 17 root testg 4096 Jun 23 11:26 /tmp/testg # sudo -u MYAD\\damird ls -al /tmp/testg total 16 drwxrwx--- 2 root testg 4096 Jun 23 11:43 . drwxrwxrwt 8 root root 4096 Jun 23 11:39 .. # cat /var/log/samba/10.10.10.100.log [2006/06/23 11:44:25, 1] smbd/service.c:make_connection_snum(693) 10.10.10.100 (10.10.10.100) connect to service testg initially as user MYAD\damird (uid=16777217, gid=16777217) (pid 6509) [2006/06/23 11:44:25, 0] smbd/service.c:set_current_service(49) chdir (/tmp/testg) failed [2006/06/23 11:44:25, 0] smbd/service.c:set_current_service(49) chdir (/tmp/testg) failed [2006/06/23 11:44:26, 0] smbd/service.c:set_current_service(49) chdir (/tmp/testg) failed Any hint will be appreciated :) Thanks and best regards, Dezo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba ADS member.
Hi all, I don't have understand if I have to set PAM module to authenticate my windows users ADS to a share on Samba ADS member. If I'm right only If i have to connect by a linux client, is it alright? Also is posssible to force NTLM authentication by W2K client to W3K ADServer operating in native mode, so escluding kerberos authentication? Is it possible that it cause me some problems related ACL? Thanks. Marco. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba ADS member server confusion.
Hi all, I've been reading docs and am a little confused. I'm in an organization that uses ADS and I am in a remote location. I want to configure a member samba server that can authenticate with ADS, also have local accounts and see shares all the way around. So I want to configure a Samba server that will allow students with accounts on ADS which is remote from our location (we are a satellite campus) to be able to login from Windows workstations in our lab and have access to their shares. I also want to be able to create local student accounts on the Samba server and authenticate locally with local shares. Accounts should be reachable from a Linux as well as Windows workstations. It would be nice to be able to see our Samba server from the remote network that has the ADS server on it and access the shares. >From reading I'm thinking samba should be configured with LDAP, Kerberos and windbind but there is **so* much documentation on the net and it all talks about various different scenarios, it's very confusing. All I nee is a top level view and then I should be able to configure the stuff lower down, I hope:-) All help appreciated. -- George Farris [EMAIL PROTECTED] Malaspina University-College -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba